基于威胁传播的多节点网络安全态势量化评估方法
|
摘要
传统的安全态势评估方法主要面向小规模网信息系统,忽略了网络节点间风险的关联性.针对能源互联网中复杂的网络结构,提出基于威胁传播的多节点网络安全态势量化评估方法,1)该方法提出能源互联网网络节点的概念和相关定义,并利用图理论对能源互联网的网络结构进行建模;2)提出基于威胁传播概率的安全态势量化方法,计算网络节点安全态势,并提出多节点网络的权重计算方法 LR-NodeRank,进而评估整个网络的融合安全态势;3)提出一种基于最简威胁图的安全态势改进方法,计算需要开展安全加固的网络边界.实验结果表明:该方法能够准确评估多节点网络的安全态势,能够有效计算边界连接关系.
The traditional security situation assessment mainly focuses on the small scale network system,which has neglected the risk correlation among network nodes.In view of the complex network structure in the energy Internet,aquantitative assessment for multi-node network security situation based on threat propagation is proposed.This method firstly gives concept and definition of network nodes in energy Internet,and models the energy Internet network structure by using graph theory;secondly,quantitative method is proposed based on threat propagation probability to calculate the node security situation,also a multi-node weighting method called LR-NodeRank is put forward to evaluate fusion network security situation.Finally,a security situation improvement based on the simplest threat graph is proposed to calculate the network border needed to reinforce.Experimental results show that the proposed method can accurately assess the security situation of multi-node network,and can also effectively carry out the border connections.
The traditional security situation assessment mainly focuses on the small scale network system,which has neglected the risk correlation among network nodes.In view of the complex network structure in the energy Internet,aquantitative assessment for multi-node network security situation based on threat propagation is proposed.This method firstly gives concept and definition of network nodes in energy Internet,and models the energy Internet network structure by using graph theory;secondly,quantitative method is proposed based on threat propagation probability to calculate the node security situation,also a multi-node weighting method called LR-NodeRank is put forward to evaluate fusion network security situation.Finally,a security situation improvement based on the simplest threat graph is proposed to calculate the network border needed to reinforce.Experimental results show that the proposed method can accurately assess the security situation of multi-node network,and can also effectively carry out the border connections.
引文
[1]Liu Zhenya.Global Energy Internet[M].Beijing:China Electric Power Press,2015(in Chinese)(刘振亚.全球能源互联网[M].北京:中国电力出版社,2015)
[2]Liu Zhenya.Electricity Power and Energy in China[M].Beijing:China Electric Power Press,2013(in Chinese)(刘振亚.中国电力与能源[M].北京:中国电力出版社,2013)
[3]Rifkin J.The third industrial revolution:How lateral power is transforming energy,the economy,and the world[J].Survival,2012,2(2):67-68
[4]Wang Jiye,Meng Kun,Cao Junwei,et al.Research on information technology for energy Internet:A survey[J].Journal of Computer Research and Development,2015,52(3):1-18(in Chinese)(王继业,孟坤,曹军威,等.能源互联网信息技术研究综述[J].计算机研究与发展,2015,52(3):1-18)
[5]Cao Junwei,WanYuxin,Tu Guoyu,et al.Information system architecture for smart grids[J].Chinese Journal of Computers,2013,36(1):143-167(in Chinese)(曹军威,万宇鑫,涂国煜,等.智能电网信息系统体系结构研究[J].计算机学报,2013,36(1):143-167)
[6]Cao Junwei,Meng Kun,Wang Jiye,et al.An energy Internet and energy routers[J].SCIENCE CHINAInformation Sciences,2014,44(6):714-727(in Chinese)(曹军威,孟坤,王继业,等.能源互联网与能源路由器[J].中国科学:信息科学,2014,44(6):714-727)
[7]Wang Jiye,Guo Jinghong,Cao Junwei,et al.Review on information and communication key technologies of energy Internet[J].Smart Grid,2015,3(6):473-485(in Chinese)(王继业,郭经红,曹军威,等.能源互联网信息通信关键技术综述[J].智能电网,2015,3(6):473-485)
[8]Liu Yuling,Feng Dengguo,Lian Yifeng,et al.Network situation prediction method based on spatial-time dimension analysis[J].Journal of Computer Research and Development,2014,51(8):1681-1694(in Chinese)(刘玉岭,冯登国,连一峰,等.基于时空维度分析的网络安全态势预测方法[J].计算机研究与发展,2014,51(8):1681-1694)
[9]Zhang Haixia,Su Purui,Feng Dengguo.Network security analysis model based on the increase in attack ability[J].Journal of Computer Research and Development,2007,44(12):2012-2019(in Chinese)(张海霞,苏璞睿,冯登国.基于攻击能力增长的网络安全分析模型[J].计算机研究与发展,2007,44(12):2012-2019)
[10]Tian Zhihong,Wang Bailing,Zhang Weizhe,et al.Network intrusion detection method based on context verification[J].Journal of Computer Research and Development,2013,50(3):498-508(in Chinese)(田志宏,王佰玲,张伟哲,等.上下文验证的网络入侵检测模型[J].计算机研究与发展,2013,50(3):498-508)
[11]Wei Yong,Lian Yifeng,Feng Dengguo.A network security situational awareness model based on information fusion[J].Journal of Computer Research and Development,2009,46(3):353-362(in Chinese)(韦勇,连一峰,冯登国.基于信息融合的网络安全态势评估模型[J].计算机研究与发展,2009,46(3):353-362)
[12]Mohamed A B,Idris N B,Shanmugum B.Alert correlation framework using a novel clustering approach[J].Proceedings of the 2012Int Conf on Computer&Information Science(ICCIS).Piscataway,NJ:IEEE,2012:403-408
[13]Bateni M,Baraani A,Ghorbani A.Using artificial immune system and fuzzy logic for alert correlation[J].Journal in Network Security,2013,15(3):190-204
[14]Brynielsson J,Arnborg S.Bayesian games for threat prediction and situation analysis[C/OL]//Proc of the 7th Int Conf on Information Fusion(FUSION2004).2004:1125-1132.[2017-02-28].http://ftp1.nada.kth.se/pub/Theory/Joel-Brynielsson/IF04-1125.pdf
[15]Zha Yabing,Zhang Tao,Huang Zhuo,et al.Analysis of energy Internet key technologies[J].SCIENCE CHINAInformation Sciences,2014,44(6):702-713(in Chinese)(查亚兵,张涛,黄卓,等.能源互联网关键技术分析[J].中国科学:信息科学,2014,44(6):702-713)
[16]Quan Nan,Zhang Yaping,Si Jinxin,et al.The information top-level architecture of global energy interconnection[J].Electric Power Information&Communication Technology,2016,14(3):60-65(in Chinese)(权楠,张亚平,司晋新,等.全球能源互联网的信息顶层架构[J].电力信息与通信技术,2016,14(3):60-65)
[17]Zhang Yongzheng,Fang Binxing,Chi Yue,et al.Research on network node correlation in network riskassessment[J].Chinese Journal of Computers,2007,30(2):234-240(in Chinese)(张永铮,方滨兴,迟悦,等.网络风险评估中网络节点关联性的研究[J].计算机学报,2007,30(2):234-240)
[18]Li Weiming,Lei Jie,Dong Jing,et al.An optimized method for real time network security quantification[J].Chinese Journal of Computers,2009,32(4):793-804(in Chinese)(李伟明,雷杰,董静,等.一种优化的实时网络安全风险量化方法[J].计算机学报,2009,32(4):793-804)
[19]Xi Rongrong,Yun Xiaochun,Zhang Yongzheng.Quantitative threat situational assessment based on contextual information[J].Journal of software,2015(7):1638-1649(in Chinese)(席荣荣,云晓春,张永铮.基于环境属性的网络威胁态势量化评估方法[J].软件学报,2015(7):1638-1649)
[20]Mell P,Scarfone K,Romanosky S.Common vulnerability scoring system[J].IEEE Security&Privacy Magazine,2006,4(6):85-89
[21]Yau S S,Zhang X Y.Computer network intrusion detection,assessment and prevention based on security dependency relation[C]//Proc of the 23rd Annual Int Computer Software&Applications Conf.Phoenix,Arizona:DBLP,1999:86-91
[22]Page L,Brin S,Motwani R,et al.The PageRank citation ranking:Bringing order to the Web,422[R].Stanford,CA:Stanford InfoLab,1999
[2]Liu Zhenya.Electricity Power and Energy in China[M].Beijing:China Electric Power Press,2013(in Chinese)(刘振亚.中国电力与能源[M].北京:中国电力出版社,2013)
[3]Rifkin J.The third industrial revolution:How lateral power is transforming energy,the economy,and the world[J].Survival,2012,2(2):67-68
[4]Wang Jiye,Meng Kun,Cao Junwei,et al.Research on information technology for energy Internet:A survey[J].Journal of Computer Research and Development,2015,52(3):1-18(in Chinese)(王继业,孟坤,曹军威,等.能源互联网信息技术研究综述[J].计算机研究与发展,2015,52(3):1-18)
[5]Cao Junwei,WanYuxin,Tu Guoyu,et al.Information system architecture for smart grids[J].Chinese Journal of Computers,2013,36(1):143-167(in Chinese)(曹军威,万宇鑫,涂国煜,等.智能电网信息系统体系结构研究[J].计算机学报,2013,36(1):143-167)
[6]Cao Junwei,Meng Kun,Wang Jiye,et al.An energy Internet and energy routers[J].SCIENCE CHINAInformation Sciences,2014,44(6):714-727(in Chinese)(曹军威,孟坤,王继业,等.能源互联网与能源路由器[J].中国科学:信息科学,2014,44(6):714-727)
[7]Wang Jiye,Guo Jinghong,Cao Junwei,et al.Review on information and communication key technologies of energy Internet[J].Smart Grid,2015,3(6):473-485(in Chinese)(王继业,郭经红,曹军威,等.能源互联网信息通信关键技术综述[J].智能电网,2015,3(6):473-485)
[8]Liu Yuling,Feng Dengguo,Lian Yifeng,et al.Network situation prediction method based on spatial-time dimension analysis[J].Journal of Computer Research and Development,2014,51(8):1681-1694(in Chinese)(刘玉岭,冯登国,连一峰,等.基于时空维度分析的网络安全态势预测方法[J].计算机研究与发展,2014,51(8):1681-1694)
[9]Zhang Haixia,Su Purui,Feng Dengguo.Network security analysis model based on the increase in attack ability[J].Journal of Computer Research and Development,2007,44(12):2012-2019(in Chinese)(张海霞,苏璞睿,冯登国.基于攻击能力增长的网络安全分析模型[J].计算机研究与发展,2007,44(12):2012-2019)
[10]Tian Zhihong,Wang Bailing,Zhang Weizhe,et al.Network intrusion detection method based on context verification[J].Journal of Computer Research and Development,2013,50(3):498-508(in Chinese)(田志宏,王佰玲,张伟哲,等.上下文验证的网络入侵检测模型[J].计算机研究与发展,2013,50(3):498-508)
[11]Wei Yong,Lian Yifeng,Feng Dengguo.A network security situational awareness model based on information fusion[J].Journal of Computer Research and Development,2009,46(3):353-362(in Chinese)(韦勇,连一峰,冯登国.基于信息融合的网络安全态势评估模型[J].计算机研究与发展,2009,46(3):353-362)
[12]Mohamed A B,Idris N B,Shanmugum B.Alert correlation framework using a novel clustering approach[J].Proceedings of the 2012Int Conf on Computer&Information Science(ICCIS).Piscataway,NJ:IEEE,2012:403-408
[13]Bateni M,Baraani A,Ghorbani A.Using artificial immune system and fuzzy logic for alert correlation[J].Journal in Network Security,2013,15(3):190-204
[14]Brynielsson J,Arnborg S.Bayesian games for threat prediction and situation analysis[C/OL]//Proc of the 7th Int Conf on Information Fusion(FUSION2004).2004:1125-1132.[2017-02-28].http://ftp1.nada.kth.se/pub/Theory/Joel-Brynielsson/IF04-1125.pdf
[15]Zha Yabing,Zhang Tao,Huang Zhuo,et al.Analysis of energy Internet key technologies[J].SCIENCE CHINAInformation Sciences,2014,44(6):702-713(in Chinese)(查亚兵,张涛,黄卓,等.能源互联网关键技术分析[J].中国科学:信息科学,2014,44(6):702-713)
[16]Quan Nan,Zhang Yaping,Si Jinxin,et al.The information top-level architecture of global energy interconnection[J].Electric Power Information&Communication Technology,2016,14(3):60-65(in Chinese)(权楠,张亚平,司晋新,等.全球能源互联网的信息顶层架构[J].电力信息与通信技术,2016,14(3):60-65)
[17]Zhang Yongzheng,Fang Binxing,Chi Yue,et al.Research on network node correlation in network riskassessment[J].Chinese Journal of Computers,2007,30(2):234-240(in Chinese)(张永铮,方滨兴,迟悦,等.网络风险评估中网络节点关联性的研究[J].计算机学报,2007,30(2):234-240)
[18]Li Weiming,Lei Jie,Dong Jing,et al.An optimized method for real time network security quantification[J].Chinese Journal of Computers,2009,32(4):793-804(in Chinese)(李伟明,雷杰,董静,等.一种优化的实时网络安全风险量化方法[J].计算机学报,2009,32(4):793-804)
[19]Xi Rongrong,Yun Xiaochun,Zhang Yongzheng.Quantitative threat situational assessment based on contextual information[J].Journal of software,2015(7):1638-1649(in Chinese)(席荣荣,云晓春,张永铮.基于环境属性的网络威胁态势量化评估方法[J].软件学报,2015(7):1638-1649)
[20]Mell P,Scarfone K,Romanosky S.Common vulnerability scoring system[J].IEEE Security&Privacy Magazine,2006,4(6):85-89
[21]Yau S S,Zhang X Y.Computer network intrusion detection,assessment and prevention based on security dependency relation[C]//Proc of the 23rd Annual Int Computer Software&Applications Conf.Phoenix,Arizona:DBLP,1999:86-91
[22]Page L,Brin S,Motwani R,et al.The PageRank citation ranking:Bringing order to the Web,422[R].Stanford,CA:Stanford InfoLab,1999