摘要
网络安全态势感知是有效实施网络安全监管的重要途径,对网络做出准确、全面的描述,是进行网络安全态势感知的前提,但目前缺乏对网络安全态势知识的有效表示;本体论是知识表示的重要方法,但信息安全领域引入本体论的相关研究,主要集中在构建基本的安全本体、通用的方法,或针对特定子领域构建安全本体,缺乏推理规则,不能直接应用于网络安全态势感知。针对上述问题,本文提出使用本体论方法建立网络安全态势要素知识库,从而实现海量安全数据的有效融合和协同管理。
Network security situation awareness(NSSA) is an important way for network security supervision. Accurate and comprehensive description of network is a prerequisite for NSSA. However, it lacks effective representation of network security situation knowledge. Ontology is an important method of knowledge representation. But the related research on the ontology in the field of information security, mainly focuses on constructing basic security ontology and general methods, or constructing security ontology for specific sub-domains, lacking inference rules, and cannot directly apply to NSSA. In view of the above problems, this paper proposes to use ontologies to establish a knowledge base of network security situation elements, and achieve effective integration and collaborative management of massive security data.
引文
[1]Bass T.Intrusion systems and multisensor data fusion[J].Communications of the ACM,2000,43(4):99-105.
[2]龚正虎,卓莹.网络态势感知研究[J].软件学报,2010,21(7):1605-1619.
[3]Donner M.Toward a security ontology[J].IEEE Security and Privacy,2003,1(3):6-7.
[4]陈秀真,郑庆华,管晓宏,等.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897.
[5]rnes A,Valeur F,Vigna G,et al.Using Hidden Markov Models to Evaluate the Risks of Intrusions[C]//International Workshop on Recent Advances in Intrusion Detection.Springer Berlin Heidelberg,2006:145-164.
[6]席荣荣,云晓春,张永铮等.一种改进的网络安全态势量化评估方法[J].计算机学报,2015,38(4):749-758.
[7]Tsoumas B,Dritsas S,Gritzalis D.An Ontology-Based Approach to Information Systems Security Management[C]//International Conference on Mathematical Methods,Models,and Architectures for Computer Network Security.Springer-Verlag,2005:151-164.
[8]Fenz S,Goluch G,Ekelhart A,et al.Information Security Fortification by Ontological Mapping of the ISO/IEC 27001Standard[C]//Pacific Rim International Symposium on Dependable Computing.IEEE,2007:381-388.
[9]Hung S,Liu D.A user-oriented ontology-based approach for network intrusion detection[J].Computer Standards&Interfaces,2008,(30):78-88.
[10]Vorobiev A.An ontology-driven approach applied to information security[J].Journal of Research and Practice in Information Technology,2010,42(1):61-76.
[11]Blanco C,Lasheras J,Fernandez-Medina E,et al.Basis for an integrated security ontology according to a systematic review of existing proposals[J].Computer Standards&Interfaces,2011,(33):372-388.
[12]张连华,张洁,白英彩.基于ontology的安全漏洞分析模型[J].计算机应用与软件,2006,23(5):121-123.
[13]张雪芹,徐金瑜,顾春华.基于本体的信息安全漏洞关联分析[J].华东理工大学学报(自然科学版),2014,40(1):125-131.
[14]吴林锦,武东英,刘胜利等.基于本体的网络入侵知识库模型研究[J].计算机科学,2013,40(9):120-124.
[15]王前,冯亚军,杨兆民等.基于本体的网络攻击模型及其应用[J].计算机科学,2010,37(6):114-117.