基于模糊层次分析法的网络信息安全评价研究
|
摘要
本文论述了网络信息安全现状、评价现状,以及网络信息安全评估标准,结合网络评价定性的、不确定性的因素较多的特征,本课题着重介绍了模糊层次分析法,论述了网络信息安全风险的评价步骤与过程,本文构造了一个新的网络信息安全评价指标体系NISEIS(Network Information Security Evaluation Index System),本体系由网络通信安全、安全制度、安全技术措施、物理安全、系统安全五个一级指标和20个二级评判指标作为网络信息安全的影响因子。分析了指标体系权重的建立原则以及权重的归一化处理方法,采用指标隶属函数模型,并且给定性指标各等级赋边界值,通过单因素模糊评价,给出了多级模糊综合评价模型。结合某局域网的实例分析给出了使用评价模型进行网络信息安全评价的步骤,评价结果与实际基本相符。最后,根据该模型,设计一个基于漏洞模拟攻击的网络信息安全评价系统。通过该评价系统,网络安全管理员可以及时发现系统存在的漏洞,并且采取相应的安全防御措施修补系统的漏洞,从而确保网络系统能够安全运行。
Recent year, the computer network is increasingly playing important role in politics, the economy, the military, the social life and so on each field, but because the network has the connection form multiplicity, openness、interconnection so on trait, attack affairs which aim at network system frequently occur and cause network security to become an important aspect which is not allowed to neglect in the network construction.
The history of Fuzzy Mathematics is not long. Fuzzy Mathematics has been used in many fields. It owes to that Fuzzy Mathematics opens out the fuzzy essence of the relations between things. The Security of network information relates to many factors such as information transmission, information storage and information management. The character and degree of all these relationship are fuzzy. So it is reasonable and scientific to use the method of fuzzy synthesis evaluation to analyze the security of network information. This paper constructs evaluation system for network information security. Administrator finds system vulnerability in time from the evaluation system. Some defensive measures are taken to ensure the network system operating safely and stably.
The main contents of this study include the followings:
Chapter1. Introduction. Firstly, the paper discusses the issue of background and significance of the study. Secondly, it reviews the currently domestic and overseas situation of research. Finally, it makes major research, the research methods and overall philosophy.
Chapter2. This chapter introduces related theories on the evaluation of network information security, including the concept, basic requirements, target, evaluation criteria and evaluation method of network information security.
Chapter3. Construction of evaluation index system for network information security. This chapter introduces the feasibility of network information security, analyses design concept and principles of index system of evaluation and constructs of evaluation index system for network information security.
Chapter4. Evaluation Model of network information security based on the fuzzy analytic hierarchy process. This chapter introduces basic steps of AHP, analyses evaluation model of network information security based on fuzzy synthesis evaluation method.
Chapter5. Example analysis of index system of evaluation. This chapter analysis on construction of a unit network based on fuzzy synthesis evaluation method, and also provides some efficient methods to protect network.
Chapter6. Construction of evaluation system for network information security.
This chapter introduces related technology of network information security evaluation. It analysis main architecture of network information security evaluation system. It constructs evaluation system for network information security.
Chapter7. Conclusion and the prospects for future research. Making a study conclusion and giving the further study in the right direction. This paper described the current situation of network security,the current situation of network evaluation and the evaluation standard of the security of network information. Including TCSEC (Trusted Computer System Evaluation Criteria),which is a standard for computer security issued by the US government; ITSEC (the Information Technology Security Evaluation Criteria),which is a standard for computer security that was issued by the Europe,CC (Common Criterion),which is a world standard Computer security; GB/T18336-2001 is classified criteria for security protection of Computer information system in China.
Many qualitative and uncertain factors of network evaluation considered,this paper introduces emphatically about Fuzzy Synthesis Evaluation Modeling Method of network. The evaluation step about network information security has been described. Synthesis Evaluation Index system can be established. Set up five first level indexes, such as communication security of the network, security system, safety technical measures, physical security, and system security. Corresponding to each first level index and set up second index. This paper analyzed the setting-up principle of the system weight of the index and weight normalization treatment method. I develop a network evaluation system according to the Fuzzy Synthesis Evaluation Method of network security. According to the one-level Fuzzy Evaluation Model, Multilevel Fuzzy Synthesis Evaluation Model of network security has been provided. Combining with the instance of network, the evaluation step of network information security by seeing of evaluating model, the result of evaluation is in conformity with reality. Finally, this paper constructs evaluation system for network information security. Administrator finds system vulnerability in time from the evaluation system. Some defensive measures are taken to ensure the network system operating safely and stably.
Recent year, the computer network is increasingly playing important role in politics, the economy, the military, the social life and so on each field, but because the network has the connection form multiplicity, openness、interconnection so on trait, attack affairs which aim at network system frequently occur and cause network security to become an important aspect which is not allowed to neglect in the network construction.
The history of Fuzzy Mathematics is not long. Fuzzy Mathematics has been used in many fields. It owes to that Fuzzy Mathematics opens out the fuzzy essence of the relations between things. The Security of network information relates to many factors such as information transmission, information storage and information management. The character and degree of all these relationship are fuzzy. So it is reasonable and scientific to use the method of fuzzy synthesis evaluation to analyze the security of network information. This paper constructs evaluation system for network information security. Administrator finds system vulnerability in time from the evaluation system. Some defensive measures are taken to ensure the network system operating safely and stably.
The main contents of this study include the followings:
Chapter1. Introduction. Firstly, the paper discusses the issue of background and significance of the study. Secondly, it reviews the currently domestic and overseas situation of research. Finally, it makes major research, the research methods and overall philosophy.
Chapter2. This chapter introduces related theories on the evaluation of network information security, including the concept, basic requirements, target, evaluation criteria and evaluation method of network information security.
Chapter3. Construction of evaluation index system for network information security. This chapter introduces the feasibility of network information security, analyses design concept and principles of index system of evaluation and constructs of evaluation index system for network information security.
Chapter4. Evaluation Model of network information security based on the fuzzy analytic hierarchy process. This chapter introduces basic steps of AHP, analyses evaluation model of network information security based on fuzzy synthesis evaluation method.
Chapter5. Example analysis of index system of evaluation. This chapter analysis on construction of a unit network based on fuzzy synthesis evaluation method, and also provides some efficient methods to protect network.
Chapter6. Construction of evaluation system for network information security.
This chapter introduces related technology of network information security evaluation. It analysis main architecture of network information security evaluation system. It constructs evaluation system for network information security.
Chapter7. Conclusion and the prospects for future research. Making a study conclusion and giving the further study in the right direction. This paper described the current situation of network security,the current situation of network evaluation and the evaluation standard of the security of network information. Including TCSEC (Trusted Computer System Evaluation Criteria),which is a standard for computer security issued by the US government; ITSEC (the Information Technology Security Evaluation Criteria),which is a standard for computer security that was issued by the Europe,CC (Common Criterion),which is a world standard Computer security; GB/T18336-2001 is classified criteria for security protection of Computer information system in China.
Many qualitative and uncertain factors of network evaluation considered,this paper introduces emphatically about Fuzzy Synthesis Evaluation Modeling Method of network. The evaluation step about network information security has been described. Synthesis Evaluation Index system can be established. Set up five first level indexes, such as communication security of the network, security system, safety technical measures, physical security, and system security. Corresponding to each first level index and set up second index. This paper analyzed the setting-up principle of the system weight of the index and weight normalization treatment method. I develop a network evaluation system according to the Fuzzy Synthesis Evaluation Method of network security. According to the one-level Fuzzy Evaluation Model, Multilevel Fuzzy Synthesis Evaluation Model of network security has been provided. Combining with the instance of network, the evaluation step of network information security by seeing of evaluating model, the result of evaluation is in conformity with reality. Finally, this paper constructs evaluation system for network information security. Administrator finds system vulnerability in time from the evaluation system. Some defensive measures are taken to ensure the network system operating safely and stably.
引文
[1] 靖继鹏.信息经济学.北京:清华大学出版社.2004 年 8 月第 1 版.
[2] United States General Accounting Office, Accounting and Information Management Division Information Security Risk Assessment. August, 2002.
[3] National Computer Security Center. Department of Defense Trusted Computer System Evaluation Criteria 5200.28-STD, 2002.
[4] Davis, Beth. How secure is security. Computers&Security.2001.
[5] Gordon, Sarah, Ford, Richard. Real world anti-virus product reviews and evaluations-Part 1. NetworkSeeurity.2002.
[6] Iheagwara Charles, Blyth Andrew. Evaluation of the performance of ID systems in switched and distributed environment: the Real Secure case study. Computer Network.2002.
[7] Golic J D. Linear models for keystream generators. Computers, IEEE Transactions on, 2003.
[8] Schneier B.Cryptographic design vulner abilities.Computer,2003.
[9] Joshi J, Ghafoor A, Aref W Getal. Digital government security in fastructure design challenges. Computer, 2001.
[10] Gordon Sarah, Ford Richard. Real world anti-virus product reviews and Evaluations-Part 2. Network Security.2003.
[11] Buzzard K. Computer security-what should you spend your money on?. Computers&Security.2002.
[12] BS7799-2:2002, Information Security Management-Part2: Specification for Information Security Management Systems[S], BSI 2002.
[13] Campbell AT, Kounavis ME, Villela D Aetal. Spawning networks. IEE Network, 2002.
[14] Nishio, Shuichi. Standardization of evaluation criteria for IT security. NTT Review. 2002.
[15] Rudolf K. Bock. Factor Analysis. http://rkb.home.cern.ch/rkb/AN16pp.html.
[16] Cluster Analysis, http://www.statsoft.com/textbook/stcluan.html#joining.
[17] Gerard E. Dallal. Introduction to Regression Models. http://www.tufts.edu /modell.html.
[18] Modiri N. The ISO reference model entities. IEEE Network, 1999.
[19] Gray Stoneburner, Alice Goguen, and Alexis Feringa. Risk Management Guide for Information Technology Security,NIST Special Publication,2003.
[20] ITSEC (The Information Technology Security Evaluation Criteria version 1.2)1999.
[21] 李秀森等.基于因素分析 AHP 和聚类评价的综合评价系统.上海:上海理工大学学报,2003.
[22] 杨萍. AHP 法在评价教师课堂教学中的应用[J].数学的实践与认识.2004.
[23] 王筠,网络信息检索系统的模糊综合评判[J].情报杂志,2003 年第 8 期
[24] 张吉军.模糊层次分析法[J].模糊系统与数学,2000.
[25] 谢季坚,刘承平.模糊数学方法及其应用,武汉:华中理工人学出版社,2000.
[26] 赵玮.AHP 的检验方法及其比较分析[J].运筹与管理,1999.
[27] 李发泽,胡钢墩.基于层次分析和模糊数学的网络安全评价模型,宁夏工程技术,2006.
[28] 应力,郭松柏.信息系统(网络)安全分析方法与评价模型,计算机工程与应用 2002.
[29] 肖琼,汪春华,肖君.基于模糊层次分析法的网络信息资源综合评价.情报杂志,2006.3.
[30] 钱钢.信息系统安全管理.南京:东南大学出版社.2004.
[31] 赵洪彪,信息安全策略.北京:清华大学出版社.2004.
[32] 钟诚,赵跃华.信息安全概论.武汉:武汉理工大学出版社.2003.
[33] 卿斯汉,冯登国.信息系统的安全.北京:科学出版社.2003.
[34] Dieter Gollmann 著.华蓓,蒋凡,史杏荣等译.计算机安全.北京:人民邮电出版社.2003.
[35] 黄成哲.信息安全风险评估工具综述.黑龙江工程学院学报(自然科学版).2006.
[36] 何全胜,姚国祥.网络安全需求分析及安全策略研究计算机工程.2000.
[37] 黄肠,胡伟栋,陈克非.网络攻击与安全防护的分类研究.计算机工程.2001.
[38] 冷德辉.网络安全测评和风险评估.广东通信技术.2001.
[39] 成卫青.网络安全评估.计算机工程.2003.
[40] 张义荣.计算机网络攻击效果评估技术研究.国防科技大学学报.2002.
[41] 冯登国,张阳.信息安全风险评估综述.通信学报.2004.
[42] 陈晓苏,朱国胜,肖道举.TCP/IP 协议的安全架构.华中科技大学学报,2001.
[43] [美]Thomas A Wadlow. 网络安全实施方法.潇湘工作室译.北京:人民邮电出版社,2000.
[44] 韩全印,张玉清.信息安全保障与 FISMA 计划.全国信息联会特邀报告集.湖南.张家界.2004.6.
[45] 戴红,王海泉,黄坚编著.计算机网络安全.北京:电子工业出版社,2005.9
[46] 张千里,陈光英编著.网路安全新技术.北京:人民邮电出版社,2003.
[47] 王育民,刘建伟.通信网的安全理论与技术.西安:西安电子科技大学出版社,2003.1.
[48][美]Stallings W.网络安全要素与应用标准[M].北京:人民邮电出版社,2000.
[49] 闰强,陈钟.信息安全评估标准、技术及其进展闭.计算机工程.2003.6.
[50] 朴英花.企业局域网的网络安全问题分析[J].长春工程学院学报.2002.
[51] 成卫青,龚俭.网络安全评估[J].2003.
[52] 道举,杨素娟.网络安全评估模型[J].华中科技大学学报.2002.
[53] 郭振民,胡学龙.网络与信息系统安全性评估及其指标体系的研究[J].现代电子技术.2003.9.
[2] United States General Accounting Office, Accounting and Information Management Division Information Security Risk Assessment. August, 2002.
[3] National Computer Security Center. Department of Defense Trusted Computer System Evaluation Criteria 5200.28-STD, 2002.
[4] Davis, Beth. How secure is security. Computers&Security.2001.
[5] Gordon, Sarah, Ford, Richard. Real world anti-virus product reviews and evaluations-Part 1. NetworkSeeurity.2002.
[6] Iheagwara Charles, Blyth Andrew. Evaluation of the performance of ID systems in switched and distributed environment: the Real Secure case study. Computer Network.2002.
[7] Golic J D. Linear models for keystream generators. Computers, IEEE Transactions on, 2003.
[8] Schneier B.Cryptographic design vulner abilities.Computer,2003.
[9] Joshi J, Ghafoor A, Aref W Getal. Digital government security in fastructure design challenges. Computer, 2001.
[10] Gordon Sarah, Ford Richard. Real world anti-virus product reviews and Evaluations-Part 2. Network Security.2003.
[11] Buzzard K. Computer security-what should you spend your money on?. Computers&Security.2002.
[12] BS7799-2:2002, Information Security Management-Part2: Specification for Information Security Management Systems[S], BSI 2002.
[13] Campbell AT, Kounavis ME, Villela D Aetal. Spawning networks. IEE Network, 2002.
[14] Nishio, Shuichi. Standardization of evaluation criteria for IT security. NTT Review. 2002.
[15] Rudolf K. Bock. Factor Analysis. http://rkb.home.cern.ch/rkb/AN16pp.html.
[16] Cluster Analysis, http://www.statsoft.com/textbook/stcluan.html#joining.
[17] Gerard E. Dallal. Introduction to Regression Models. http://www.tufts.edu /modell.html.
[18] Modiri N. The ISO reference model entities. IEEE Network, 1999.
[19] Gray Stoneburner, Alice Goguen, and Alexis Feringa. Risk Management Guide for Information Technology Security,NIST Special Publication,2003.
[20] ITSEC (The Information Technology Security Evaluation Criteria version 1.2)1999.
[21] 李秀森等.基于因素分析 AHP 和聚类评价的综合评价系统.上海:上海理工大学学报,2003.
[22] 杨萍. AHP 法在评价教师课堂教学中的应用[J].数学的实践与认识.2004.
[23] 王筠,网络信息检索系统的模糊综合评判[J].情报杂志,2003 年第 8 期
[24] 张吉军.模糊层次分析法[J].模糊系统与数学,2000.
[25] 谢季坚,刘承平.模糊数学方法及其应用,武汉:华中理工人学出版社,2000.
[26] 赵玮.AHP 的检验方法及其比较分析[J].运筹与管理,1999.
[27] 李发泽,胡钢墩.基于层次分析和模糊数学的网络安全评价模型,宁夏工程技术,2006.
[28] 应力,郭松柏.信息系统(网络)安全分析方法与评价模型,计算机工程与应用 2002.
[29] 肖琼,汪春华,肖君.基于模糊层次分析法的网络信息资源综合评价.情报杂志,2006.3.
[30] 钱钢.信息系统安全管理.南京:东南大学出版社.2004.
[31] 赵洪彪,信息安全策略.北京:清华大学出版社.2004.
[32] 钟诚,赵跃华.信息安全概论.武汉:武汉理工大学出版社.2003.
[33] 卿斯汉,冯登国.信息系统的安全.北京:科学出版社.2003.
[34] Dieter Gollmann 著.华蓓,蒋凡,史杏荣等译.计算机安全.北京:人民邮电出版社.2003.
[35] 黄成哲.信息安全风险评估工具综述.黑龙江工程学院学报(自然科学版).2006.
[36] 何全胜,姚国祥.网络安全需求分析及安全策略研究计算机工程.2000.
[37] 黄肠,胡伟栋,陈克非.网络攻击与安全防护的分类研究.计算机工程.2001.
[38] 冷德辉.网络安全测评和风险评估.广东通信技术.2001.
[39] 成卫青.网络安全评估.计算机工程.2003.
[40] 张义荣.计算机网络攻击效果评估技术研究.国防科技大学学报.2002.
[41] 冯登国,张阳.信息安全风险评估综述.通信学报.2004.
[42] 陈晓苏,朱国胜,肖道举.TCP/IP 协议的安全架构.华中科技大学学报,2001.
[43] [美]Thomas A Wadlow. 网络安全实施方法.潇湘工作室译.北京:人民邮电出版社,2000.
[44] 韩全印,张玉清.信息安全保障与 FISMA 计划.全国信息联会特邀报告集.湖南.张家界.2004.6.
[45] 戴红,王海泉,黄坚编著.计算机网络安全.北京:电子工业出版社,2005.9
[46] 张千里,陈光英编著.网路安全新技术.北京:人民邮电出版社,2003.
[47] 王育民,刘建伟.通信网的安全理论与技术.西安:西安电子科技大学出版社,2003.1.
[48][美]Stallings W.网络安全要素与应用标准[M].北京:人民邮电出版社,2000.
[49] 闰强,陈钟.信息安全评估标准、技术及其进展闭.计算机工程.2003.6.
[50] 朴英花.企业局域网的网络安全问题分析[J].长春工程学院学报.2002.
[51] 成卫青,龚俭.网络安全评估[J].2003.
[52] 道举,杨素娟.网络安全评估模型[J].华中科技大学学报.2002.
[53] 郭振民,胡学龙.网络与信息系统安全性评估及其指标体系的研究[J].现代电子技术.2003.9.