摘要
网络安全风险分析,是计算机网络管理领域中最具挑战的研究课题之一。网络安全风险分析过程通常是由网络安全专家完成。对于网络安全风险分析,人们可以利用很多工具,比如扫描仪和分析仪,但是对于关键风险分析过程,人们还是不可避免的需要网络安全专家的指导。现提出了一种UML网络安全威胁模型,利用该模型,可以有效降低网络风险评估人员的专业知识水平,UML模型可以有效的替代网络安全专家的安全建议。基于网络安全风险分析过程中所必须考虑的风险类,我们提出了UML类图表。UML类图表中所包含的风险类是评估安全威胁发生概率及安全威胁影响范围的基础。为了使UML模型适用于任何网络,UML类图表中所包含的类必须进行实例化,实例化的UML类组成了待分析网络的安全模型,为了对UML类进行实例化,我们需要必要的待分析网络的相关信息,这些必要的信息通常包含在一些网络文件中,或者可以通过一些自动化的网络扫描仪获取。最后,我们通过一个测试网络来对UML风险评估模型进行实践,实践结果表明,UML模型评估结果中不但包含了网络安全威胁对象,还包含了威胁对象所产生的风险值。
Network security risk analysis is one of the most challenging research topics in the field of computer network management. The cybersecurity risk analysis process is usually done by a network security expert. For the network security risk analysis, people may use many tools, such as scanners and analyzers, but for the critical risk analysis process, people still inevitably need the guidance from network security experts. A UML network security threat model is proposed. With this model, the requirement of professional knowledge level for network risk assessment personnel can be effectively reduced, and this model can even replace the security suggestions put forward by network security experts. Based on the risk categories that must be considered in the network security risk analysis process, a UML class diagram is proposed. The risk categories included in the UML class diagram are the basis for assessing the probability and scope of security threat. In order to make the UML model applicable to any network, the classes contained in the UML class diagram must be instantiated, and the instantiated UML class constitutes the security model of the network to be analyzed. In order to instantiate the UML class, the necessary information about the network to be analyzed is needed. This necessary information is usually contained in some network files or can be obtained through some automated network scanners. Finally, a test network is used to practice the UML risk assessment model, and the practice results indicate that the evaluation results of UML model include both the network security threat object and the risk value generated by the threat object.
作者
方明
FANG Ming(Unit 91977 of PLA,Beijing 100841,China)
出处
《通信技术》
2019年第5期1234-1241,共8页
Communications Technology
