基于融合决策的网络安全态势感知技术研究
|
摘要
随着网络的日益复杂,安全威胁也趋于多元化,面对大量格式不一、形式各异的日志和警报,传统的处理方法早已不堪重负,从而衍生出网络安全态势感知,对来自监管设施的多源安全信息进行过滤、融合与抽象,继而预测未来的变化趋势,使管理者对网络的安全状况和演化趋势有一个全面的了解,对复杂多变的安全威胁做出快速响应,以减轻认知与响应压力。接下来剖析现存的问题,介绍本文的工作。
同一攻击往往会体现在多种日志或警报中,借助融合决策各检测系统能互相弥补不足、抑制虚警。大多数融合决策方法对训练样本的种类和数量要求过高,未考虑辅助决策的措施,引入了很难被满足的约束条件,当攻击种类较多时存储开销太高。针对这些问题,本文提出了一种基于统计空间映射的多源告警融合决策模型:将警报向量映射至表决模式,以缩小统计空间,降低对训练样本的要求,仅需小规模训练便可达到较好的融合决策效果;依据统计特征的差异动态推断待检测流量的构成情况,持续地跟踪、预测、适应其变化,自主选择抑制漏报或虚警,能达到较好的折中效果;未引入任何违反检测系统相关性的约束条件;支持在线增量训练乃至对先前某些训练的撤销,能通过持续改进来应对初期训练的不足或片面;空间复杂度仅与检测系统的数量有关,而与攻击种类的数量无关,适用于本领域用少数系统检测众多攻击的情况。
传统的评估方法大多孤立地看待网络中部署的各种服务,忽略了由弱点或攻击引发、沿依赖关系传递的间接风险或威胁。若攻击者窃取了服务读写数据的权限,就有能力导致数据泄密或损毁,多数方法未予考虑。针对这些问题,本文提出了一种基于扩散分析的态势评估方法:将服务、数据、弱点、攻击等安全要素纳入评估体系,从多个侧面评估安全态势;依据操作系统的管理信息和网络通信的监测记录辨识服务间的依赖关系;从控制权限表和对象权限表中查询服务被授予的读写数据的权限,剖析了权限集被弱点暴露或被攻击窃取后对数据安全性的影响;引入非线性增量叠加方法,合成源自多个弱点或攻击、经由多条路径的风险或威胁,依据资源安全性的价值及其面临的风险或威胁计算出安全态势。本方法将各种服务和数据视为一个高度关联的有机整体,能深入地揭示网络安全状况以及依赖关系、授权关系的影响,得出更为全面、完整、精准、可信的评估结论。
针对态势预测的专项研究很少,大多是沿用现有的预测方法,存在以下欠缺:态势序列中蕴含着大量复杂多变的演化趋势,不是靠某个公式、函数或某次训练就能表达及预测的;难以消解训练样本间的冲突,强烈依赖数据预处理和人工介入;不支持增量学习,一旦态势序列发生变化就要重新构建模型。鉴于此,本文提出了一种基于场景拟合的态势预测方法:从形态及精度上度量序列子图间的相似度,使用多阶差分运算辨析趋势差异;从录制的历史态势序列中查找相似的迹象,衡量事发迹象对延续效应的支配强度,依据当前迹象推测某种效应重现的可能性;辅以进化算法,计量预测的偏差,通过逐步微调持续提升适应性。本方法最大限度地保留了序列中蕴含的规律,无需数据预处理,能持续地跟踪、适应态势序列的变化。
本文将沿着融合决策、态势评估、态势预测的脉落展开研究,融合决策旨在获得高质量的入侵检测结果,为态势评估奠定基础,而态势评估则为态势预测提供安全态势序列,这三方面将按前后衔接的方式贯穿为一个整体。
With the complication of network, security threats tend to diversification, which leads tomassive logs and alerts of various formats and forms, beyond the processing capability oftraditional methods. Accordingly, network security situational awareness derives, whichfilters, fuses and abstracts multiple source security information that origins from supervisionfacilities, predicts future tendency, lets administrators apperceive network security situationand evolution tendency comprehensively and response quickly towards complex andinconstant security threats, so as to lessen the stress of cognition and response. Currentproblems are analyzed and author's main work is introduced as follows.
An attack is often reflected in various logs or alerts, so detection systems can remedydeficiencies each other and inhibit false positive via fusion decision. Most fusion decisionmethods depend on the kinds and quantity of training samples significantly, lack the measuresfor aiding decision, introduce the constraint conditions that are difficult to meet, and costmemory heavily when there are more attack kinds. Regarding of these problems, a fusiondecision model of multiple alerts based on statistic space mapping is proposed. The modelreduces statistical space via the mapping from alert vector to voting pattern, which lessens thedependence on training samples, and can achieve excellent fusion decision performance onlyvia small scale training. It infers the composition of the traffic being detected dynamicallyaccording to the variation of statistical characteristics, and can track, predict and adapt to itsvariation continuously, inhibit false negative or false positive autonomously with wellbalance. The model introduces no constraint condition that violates the correlation amongdetection systems, supports online incremental training and even the partial revocation ofprevious training, can cope with the insufficient or unilateral initial training via continuousimprovements. Whose space complexity is dominated only by the amount of detectionsystems, unrelated to the amount of attack kinds, and is much suitable to detect massiveattacks via a few systems in the field.
Most traditional evaluation methods consider the services deployed in network asisolated individuals, ignored the indirect risks or threats caused by vulnerabilities or attacksand propagate along dependency relationships. Once attackers have stolen the authorities thatare granted to services for reading or writing data, they can cause data revealed or damaged,which has not been considered in most evaluation methods. Regarding of these problems, a situation assessment method that based on spreading analysis is presented. The methodintegrates the security factors of service, data, vulnerability and attack into evaluationarchitecture, assesses security situation from multiple aspects. It identifies the dependencyrelationships between services from the management information of operating system and themonitor records of network communication, finds the authorities granted to services forreading and/or writing data from access and object control list, and the influence upon thesecurity of data when authorities are exposed by vulnerabilities or stolen by attackers isanalyzed. The risks or threats that come from multiple vulnerabilities or attacks and passmultiple paths are composed via nonlinear incremental overlapping method, and the securitysituation is computed according to the value of resource security and faced risks or threats.The method regards various services and data as a highly correlated organic entity, can revealnetwork security situation and the effects of dependency and authority relationshipsthoroughly, and obtain more comprehensive, complete, precise and credible evaluationresults.
There are few special researches on situation prediction, and existing prediction methodsare utilized in most cases, with many defects. Situation sequence contains massive complexand inconstant evolution tendencies, beyond the expression and prediction capability oftraditional methods only by some formulas, functions or via some training. Most traditionalmethods suffer from the confliction among training samples, rely on data preprocessing andartificial intervention heavily, do not support incremental training, and need to rebuild modelonce situation sequence changes. Therefore, a situation prediction method based on scenefitness is presented. The method measures the similarity between historical subgraphs fromthe aspects of morphology and precision, utilizes multiple step difference operation todiscriminate tendencies. It searches similar indications from recorded historical situationsequence, measures the domination strength of occurred indication upon subsequent effect,infers the recurrence possibilities of some effects according to current indication. Anevolution algorithm is introduced to measure prediction deviation and improve theadaptability of prediction algorithm continuously via gradual adjustment. The methodpreserves the rules in sequence at its best, does not need data preprocessing, and can track andadapt to the variation of situation sequence continuously.
The research will develop along the clue of fusion decision, situation evaluation andsituation prediction. Fusion decision aims at obtaining intrusion detection results of highquality, so as to lay a foundation for situation evaluation, furthermore, situation evaluationwill provide security situation sequences for situation prediction. These research fields will be integrated into an entity according to cohesion.
同一攻击往往会体现在多种日志或警报中,借助融合决策各检测系统能互相弥补不足、抑制虚警。大多数融合决策方法对训练样本的种类和数量要求过高,未考虑辅助决策的措施,引入了很难被满足的约束条件,当攻击种类较多时存储开销太高。针对这些问题,本文提出了一种基于统计空间映射的多源告警融合决策模型:将警报向量映射至表决模式,以缩小统计空间,降低对训练样本的要求,仅需小规模训练便可达到较好的融合决策效果;依据统计特征的差异动态推断待检测流量的构成情况,持续地跟踪、预测、适应其变化,自主选择抑制漏报或虚警,能达到较好的折中效果;未引入任何违反检测系统相关性的约束条件;支持在线增量训练乃至对先前某些训练的撤销,能通过持续改进来应对初期训练的不足或片面;空间复杂度仅与检测系统的数量有关,而与攻击种类的数量无关,适用于本领域用少数系统检测众多攻击的情况。
传统的评估方法大多孤立地看待网络中部署的各种服务,忽略了由弱点或攻击引发、沿依赖关系传递的间接风险或威胁。若攻击者窃取了服务读写数据的权限,就有能力导致数据泄密或损毁,多数方法未予考虑。针对这些问题,本文提出了一种基于扩散分析的态势评估方法:将服务、数据、弱点、攻击等安全要素纳入评估体系,从多个侧面评估安全态势;依据操作系统的管理信息和网络通信的监测记录辨识服务间的依赖关系;从控制权限表和对象权限表中查询服务被授予的读写数据的权限,剖析了权限集被弱点暴露或被攻击窃取后对数据安全性的影响;引入非线性增量叠加方法,合成源自多个弱点或攻击、经由多条路径的风险或威胁,依据资源安全性的价值及其面临的风险或威胁计算出安全态势。本方法将各种服务和数据视为一个高度关联的有机整体,能深入地揭示网络安全状况以及依赖关系、授权关系的影响,得出更为全面、完整、精准、可信的评估结论。
针对态势预测的专项研究很少,大多是沿用现有的预测方法,存在以下欠缺:态势序列中蕴含着大量复杂多变的演化趋势,不是靠某个公式、函数或某次训练就能表达及预测的;难以消解训练样本间的冲突,强烈依赖数据预处理和人工介入;不支持增量学习,一旦态势序列发生变化就要重新构建模型。鉴于此,本文提出了一种基于场景拟合的态势预测方法:从形态及精度上度量序列子图间的相似度,使用多阶差分运算辨析趋势差异;从录制的历史态势序列中查找相似的迹象,衡量事发迹象对延续效应的支配强度,依据当前迹象推测某种效应重现的可能性;辅以进化算法,计量预测的偏差,通过逐步微调持续提升适应性。本方法最大限度地保留了序列中蕴含的规律,无需数据预处理,能持续地跟踪、适应态势序列的变化。
本文将沿着融合决策、态势评估、态势预测的脉落展开研究,融合决策旨在获得高质量的入侵检测结果,为态势评估奠定基础,而态势评估则为态势预测提供安全态势序列,这三方面将按前后衔接的方式贯穿为一个整体。
With the complication of network, security threats tend to diversification, which leads tomassive logs and alerts of various formats and forms, beyond the processing capability oftraditional methods. Accordingly, network security situational awareness derives, whichfilters, fuses and abstracts multiple source security information that origins from supervisionfacilities, predicts future tendency, lets administrators apperceive network security situationand evolution tendency comprehensively and response quickly towards complex andinconstant security threats, so as to lessen the stress of cognition and response. Currentproblems are analyzed and author's main work is introduced as follows.
An attack is often reflected in various logs or alerts, so detection systems can remedydeficiencies each other and inhibit false positive via fusion decision. Most fusion decisionmethods depend on the kinds and quantity of training samples significantly, lack the measuresfor aiding decision, introduce the constraint conditions that are difficult to meet, and costmemory heavily when there are more attack kinds. Regarding of these problems, a fusiondecision model of multiple alerts based on statistic space mapping is proposed. The modelreduces statistical space via the mapping from alert vector to voting pattern, which lessens thedependence on training samples, and can achieve excellent fusion decision performance onlyvia small scale training. It infers the composition of the traffic being detected dynamicallyaccording to the variation of statistical characteristics, and can track, predict and adapt to itsvariation continuously, inhibit false negative or false positive autonomously with wellbalance. The model introduces no constraint condition that violates the correlation amongdetection systems, supports online incremental training and even the partial revocation ofprevious training, can cope with the insufficient or unilateral initial training via continuousimprovements. Whose space complexity is dominated only by the amount of detectionsystems, unrelated to the amount of attack kinds, and is much suitable to detect massiveattacks via a few systems in the field.
Most traditional evaluation methods consider the services deployed in network asisolated individuals, ignored the indirect risks or threats caused by vulnerabilities or attacksand propagate along dependency relationships. Once attackers have stolen the authorities thatare granted to services for reading or writing data, they can cause data revealed or damaged,which has not been considered in most evaluation methods. Regarding of these problems, a situation assessment method that based on spreading analysis is presented. The methodintegrates the security factors of service, data, vulnerability and attack into evaluationarchitecture, assesses security situation from multiple aspects. It identifies the dependencyrelationships between services from the management information of operating system and themonitor records of network communication, finds the authorities granted to services forreading and/or writing data from access and object control list, and the influence upon thesecurity of data when authorities are exposed by vulnerabilities or stolen by attackers isanalyzed. The risks or threats that come from multiple vulnerabilities or attacks and passmultiple paths are composed via nonlinear incremental overlapping method, and the securitysituation is computed according to the value of resource security and faced risks or threats.The method regards various services and data as a highly correlated organic entity, can revealnetwork security situation and the effects of dependency and authority relationshipsthoroughly, and obtain more comprehensive, complete, precise and credible evaluationresults.
There are few special researches on situation prediction, and existing prediction methodsare utilized in most cases, with many defects. Situation sequence contains massive complexand inconstant evolution tendencies, beyond the expression and prediction capability oftraditional methods only by some formulas, functions or via some training. Most traditionalmethods suffer from the confliction among training samples, rely on data preprocessing andartificial intervention heavily, do not support incremental training, and need to rebuild modelonce situation sequence changes. Therefore, a situation prediction method based on scenefitness is presented. The method measures the similarity between historical subgraphs fromthe aspects of morphology and precision, utilizes multiple step difference operation todiscriminate tendencies. It searches similar indications from recorded historical situationsequence, measures the domination strength of occurred indication upon subsequent effect,infers the recurrence possibilities of some effects according to current indication. Anevolution algorithm is introduced to measure prediction deviation and improve theadaptability of prediction algorithm continuously via gradual adjustment. The methodpreserves the rules in sequence at its best, does not need data preprocessing, and can track andadapt to the variation of situation sequence continuously.
The research will develop along the clue of fusion decision, situation evaluation andsituation prediction. Fusion decision aims at obtaining intrusion detection results of highquality, so as to lay a foundation for situation evaluation, furthermore, situation evaluationwill provide security situation sequences for situation prediction. These research fields will be integrated into an entity according to cohesion.
引文
[1] Hansman S, Hunt R. A taxonomy of network and computer attacks. Computers&Security.2005,24(1):3143.
[2] D’Ambrosio B, Takikawa M, Upper D, Fitzgerald J, Mahoney S. Security situationassessment and response evaluation (SSARE). Proceedings of the DARPA InformationSurvivability Conference&Exposition II,2001.387394.
[3] Foresti S, Agutter J, Livnat Y, Moon S, Erbacher R. Visual correlation of network alerts.Computer Graphics and Applications.2006,26(2):4859.
[4] Bearavolu R, Lakkaraju K, Yurcik W, Raje H. A visualization tool for situationalawareness of tactical and strategic security events on large and complex computernetworks. Military Communications Conference,2003,2:850855.
[5] Lakkaraju K, Yurcik W, Lee A J. NVisionIP: netflow visualizations of system state forsecurity situational awareness. Proceedings of the2004ACM Workshop onVisualization and Data Mining for Computer Security,2004.6572.
[6] Yin X X, Yurcik W, Treaster M, Li Y F, Lakkaraju K. VisFlowConnect: netflowvisualizations of link relationships for security situational awareness. Proceedings of the2004ACM Workshop on Visualization and Data Mining for Computer Security,2004.2634.
[7] Itoh T, Takakura H, Sawada A, Koyamada K. Hierarchical visualization of networkintrusion detection data. Computer Graphics and Applications.2006,26(2):4047.
[8] Hideshima Y, Koike H. STARMINE: a visualization system for cyber attacks.Proceedings of the2006Asia-Pacific Symposium on Information Visualisation,2006,60:131138.
[9] Shabtai A, Klimov D, Shahar Y, Elovici Y. An intelligent, interactive tool forexploration and visualization of time-oriented security data. Proceedings of the3rdInternational Workshop on Visualization for Computer Security,2006.1522.
[10] Giacobe N A. Application of the JDL data fusion process model for cyber security.Multisensor, Multisource Information Fusion: Architectures, Algorithms, andApplications.2010.110.
[11] Endsley M R. Situation awareness global assessment technique (SAGAT). IEEENational Aerospace and Electronics Conference,1988.789795.
[12] Hu W, Li J H, Chen X Z, Jiang X H, Zuo M. A scalable model for network situationalawareness based on Endsley's situation model. High Technology Letters.2007,13(4):395401.
[13] Bass T. Intrusion detection systems and multisensor data fusion. Communications of theACM.2000,43(4):99105.
[14] Tripathi A, Singh U K. Towards standardization of vulnerability taxonomy. The2ndInternational Conference on Computer Technology and Development,2010.379384.
[15]张永铮,方滨兴,迟悦.计算机弱点数据库综述与评价.计算机科学.2006,33(8):1921.
[16] Liu Q X, Zhang Y Q. VRSS: A new system for rating and scoring vulnerabilities.Computer Communications.2011,34(3):264273.
[17]张永铮.计算机安全弱点及其对应关键技术研究.黑龙江:哈尔滨工业大学博士学位论文.2006.838.
[18] Ammann P, Wijesekera D, Kaushik S. Scalable, graph-based network vulnerabilityanalysis. Proceedings of the9th ACM Conference on Computer and CommunicationsSecurity,2002:217224.
[19] Jajodia S, Noel S, O'Berry B. Topological analysis of network attack vulnerability.Managing Cyber Threats: Issues, Approaches and Challenges.2005.247266.
[20] Shahriari H R, Jalili R. Vulnerability Take Grant (VTG): An efficient approach toanalyze network vulnerabilities. Computers&Security.2007,26(5):349360.
[21] Lai Y P, Hsia P L. Using the vulnerability information of computer systems to improvethe network security. Computer Communications.2007,30(9):20322047.
[22]韦勇.网络安全态势评估模型研究.安徽:中国科学技术大学博士学位论文.2009.89.
[23]余秦勇.构建基于Nessus的安全扫描系统.通信技术.2008,41(1):9698.
[24]刘欣然.网络攻击分类技术综述.通信学报.2004,25(7):3036.
[25]章丽娟,王清贤.基于多视图的攻击分类体系.计算机应用研究.2010,27(1):255258.
[26] Debar H, Dacier M, Wespi A. Towards a taxonomy of intrusion-detection systems.Computer Networks.1999,31(8):805822.
[27]赵玲.基于入侵检测技术的网络安全分析.西安邮电学院学报.2006,11(5):9295.
[28] Wang H Q, Lai J B, Liang Y, Liu X W. The classification, design and placement ofsecurity sensor for network security situational awareness system. InternationalConference on Internet Computing in Science and Engineering,2008.321324.
[29]韩崇昭,朱洪艳,段战胜.多源信息融合.北京:清华大学出版社,2006:213.
[30]王凤朝,黄树采,韩朝超.多传感器信息融合及其新技术研究.航空计算技术.2009,39(1):102106.
[31]田俊峰,赵卫东,杜瑞忠,蔡红云.新的入侵检测数据融合模型——IDSFP.通信学报.2006,27(6):115120.
[32] Chen X Z, Zheng Q H, Guan X H, Lin C G, Sun J. Multiple behavior information fusionbased quantitative threat evaluation. Computers&Security.2005,24(3):218231.
[33]韦勇,连一峰,冯登国.基于信息融合的网络安全态势评估模型.计算机研究与发展.2009,46(3):353362.
[34]王黎.基于融合决策的多分类器系统研究.陕西:西安理工大学硕士学位论文.2008.520.
[35] Giacinto G, Roli F, Didaci L. Fusion of multiple classifiers for intrusion detection incomputer networks. Pattern Recognition Letters.2003,24(12):17951803.
[36]寇忠宝,张长水.基于Multi-Agent的分类器融合.计算机学报.2003,26(2):16.
[37]王永庆.人工智能原理与方法.陕西:西安交通大学出版社,1998:31235.
[38]林志贵,徐立中,严锡君,黄凤辰,刘英平.基于距离测度的D S证据融合决策方法.计算机研究与发展.2006,43(1):169175.
[39] Huang Y S, Suen C Y. A method of combining multiple experts for the recognition ofunconstrained handwritten numerals. IEEE Transactions on Pattern Analysis andMachine Intelligence.1995,17(1):9094.
[40]龚正虎,卓莹.网络态势感知研究.软件学报.2010,21(7):16051619.
[41] Qu Z Y, Li Y Y, Li P. A network security situation evaluation method based on D Sevidence theory. The2nd International Conference on Environmental Science andInformation Application Technology,2010,2:496499.
[42]汪楚娇,林果园.网络安全风险的模糊层次综合评估模型.武汉大学学报(理学版).2006,52(5):622626.
[43] Zhu J D, Liu L. University network security risk assessment based On fuzzy analytichierarchy process. International Conference on Computer Application and SystemModeling,2010,9:213217.
[44] Li R, Yang Y. Network security assessment based on fuzzy sets and rough sets. The5thInternational Conference on Wireless Communications, Networking and MobileComputing,2009.14.
[45]李伟明,雷杰,董静,李之棠.一种优化的实时网络安全风险量化方法.计算机学报.2009,32(4):793804.
[46] Guo X, Hu R M. The effectiveness evaluation for security system based on risk entropymodel and Bayesian network theory. IEEE International Carnahan Conference onSecurity Technology.2010.5765.
[47] Sheyner O, Haines J, Jha S, Lippmann R, Wing J M. Automated generation and analysisof attack graphs. Proceedings of the2002IEEE Symposium on Security and Privacy,2002.273284.
[48] Wang L, Singhal A, Jajodia S. Toward measuring network security using attack graphs.Proceedings of the2007ACM Workshop on Quality of Protection,2007.4954.
[49] Ge H H, Gu L Z, Yang Y X, Liu K W. An attack graph based network securityevaluation model for hierarchical network. IEEE International Conference onInformation Theory and Information Security,2010.208211.
[50]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报.2006,17(4):885897.
[51] Wang Z H, Zeng H W. Study on the risk assessment quantitative method of informationsecurity. The3rd International Conference on Advanced Computer Theory andEngineering,2010,6:529533.
[52] Ji X H, Pattinson C. AHP implemented security assessment and security weightverification. IEEE International Conference on Social Computing,2010.10261031.
[53]张连文,郭海鹏.贝叶斯网引论.北京:科学出版社,2006:3481.
[54] Frigault M, Wang L Y, Singhal A, Jajodia S. Measuring network security using dynamicBayesian network. Proceedings of the4th ACM workshop on Quality of protection,2008.2330.
[55] Wang L J, Wang B, Peng Y J. Research the information security risk assessmenttechnique based on Bayesian network. The3rd International Conference on AdvancedComputer Theory and Engineering,2010,3:600604.
[56] Liang Y, Wang H Q, Pang Y G. A kind of formal modelling for network securitysituational awareness based on HMM. The9th International Conference on Web AgeInformation Management,2008.598605.
[57]茼大鹏,杨武,杨永田,周渊.网络安全威胁态势评估方法研究.沈阳建筑大学学报(自然科学版).2008,24(4):708711.
[58]张永铮,田志宏,方滨兴,云晓春.求解网络风险传播问题的近似算法及其性能分析.中国科学E辑:信息科学.2008,38(8):11571168.
[59]张永铮,方滨兴,迟悦,云晓春.用于评估网络信息系统的风险传播模型.软件学报.2007,18(1):137145.
[60]张永铮,方滨兴,迟悦,云晓春.网络风险评估中网络节点关联性的研究.计算机学报.2007,30(2):234240.
[61] Ran J X, Xiao B. Risk evaluation of network security based on NLPCA RBF neuralnetwork. International Conference Multimedia Information Networking and Security,2010.398402.
[62] Liang Y, Wang H Q, Lai J B. Quantification of network security situational awarenessbased on evolutionary neural network. The6th International Conference on MachineLearning and Cybernetics,2007,6:32673272.
[63] Liao Y T, Ma C B, Zhang C. A new fuzzy risk assessment method for the networksecurity based on fuzzy similarity measure. The6th World Congress on IntelligentControl and Automation,2006,2:84868490.
[64]陈天平,张新源,郑连清.基于模糊综合评判的网络安全风险评估.海军工程大学学报.2009,21(3):3841.
[65]张文修,吴伟志,梁吉业,李德玉.粗糙集理论与方法.北京:科学出版社,2001:126.
[66] Zhao L, Xue Z. Synthetic security assessment based on variable consistencydominance-based rough set approach. High Technology Letters.2010,16(4):413421.
[67] Kong L S, Ren X F, Fan Y J. Study on assessment method for computer networksecurity based on rough set. IEEE International Conference on Intelligent Computingand Intelligent Systems,2009,3:617621.
[68]陈志杰,王永杰,鲜明.一种基于粗糙集的网络安全评估模型.计算机科学.2007,34(8):98100.
[69]姜伟,方滨兴,田志宏,张宏莉.基于攻防博弈模型的网络安全测评和最优主动防御.计算机学报.2009,32(4):817827.
[70]张勇,谭小彬,崔孝林,奚宏生.基于Markov博弈模型的网络安全态势感知方法.软件学报.2011,22(3):495508.
[71] Shen D, Chen G S, Haynes L, Kruger M, Blasch E. Strategies comparison for gametheoretic cyber situational awareness and impact assessment. The10th InternationalConference on Information Fusion,2007.18.
[72]李光久.博弈论基础教程.北京:化学工业出版社,2005:4143.
[73] Liu N, Wang D G, Huang X M, Liu S J, Zhao K. Research on network security situationawareness technology based on artificial immunity system. International Forum onInformation Technology and Applications,2009,1:472475.
[74] Sun F X. Artificial immune danger theory based model for network security evaluation.Journal of Networks.2011,6(2):255262.
[75]李涛.基于免疫的网络安全风险检测.中国科学E辑:信息科学.2005,35(8):798816.
[76]徐国祥.统计预测和决策.上海:上海财经大学出版社,2005:3379.
[77]张翔,胡昌振,刘胜航,唐成华.基于支持向量机的网络攻击态势预测技术研究.计算机工程,2007,33(11):1012.
[78]郑小平,高金吉,刘梦婷.事故预测理论与方法.北京:清华大学出版社,2009:103267.
[79] Li J, Li T, Liang G. A network security dynamic situation forecasting method.International Forum on Information Technology and Applications,2009,1:115118.
[80] Shi Y Q, Li T, Chen W, Zhang R R. An immune-based combination predication modelfor network security situation. The2nd International Conference on Power Electronicsand Intelligent Transportation System,2009,3:238242.
[81] Man D P, Wang Y, Yang W, Wang W. A combined prediction method for networksecurity situation. International Conference on Computational Intelligence and SoftwareEngineering,2010.14.
[82] Bhattacharya S, Ghosh S K. Security threat prediction in a local area network usingstatistical model. IEEE International Conference on Parallel and Distributed ProcessingSymposium,2007.18.
[83] Fu Y M, Shi Y Q, Mu A L, Chen W. A forecast approach of network security situationbase on optimal fuzzy grey. International Conference on Multimedia Communications,2010.218221.
[84]赵国生,王慧强,王健.基于灰色Verhulst的网络安全态势感知模型.哈尔滨工业大学学报.2008,40(5):798801.
[85]韦勇,连一峰.基于日志审计与性能修正算法的网络安全态势评估模型.计算机学报.2009,32(4):763772.
[86]任伟,蒋兴浩,孙锬锋.基于RBF神经网络的网络安全态势预测方法.计算机工程与应用.2006,42(31):136139.
[87] Wang J, Qin Z G, Ye L. Research on prediction technique of network situationawareness. IEEE International Conference on Cybernetics and Intelligent Systems,2008.570574.
[88] Lai J B, Wang H Q, Liu X W, Liang Y, Zheng R J, Zhao G S. WNN—based networksecurity situation quantitative prediction method and its optimization. Journal ofComputer Science and Technology.2008,23(2):222230.
[89]傅祖芸.信息论基础理论与应用.北京:电子工业出版社,2005:2734.
[90] Morin B, Mé L, Debar H, Ducassé M. A logic-based model to support alert correlationin intrusion detection. Information Fusion.2009,10(4):285299.
[91] Lee S, Chung B, Kim H, Lee Y, Park C, Yoon H. Real-time analysis of intrusiondetection alerts via correlation. Computers&Security.2006,25(3):169183.
[92] Maggi F, Matteucci M, Zanero S. Reducing false positives in anomaly detectors throughfuzzy alert aggregation. Information Fusion.2009,10(4):300311.
[93] Sadoddin R, Ghorbani A A. An incremental frequent structure mining framework forreal-time alert correlation. Computers&Security.2009,28(34):153173.
[94]何肖慧.分布式入侵检测系统中的报警融合.北京:北京交通大学硕士学位论文.2007.1719.
[95] Perdisci R, Giacinto G, Roli F. Alarm clustering for intrusion detection systems incomputer networks. Engineering Applications of Artificial Intelligence.2006,19(4):429438.
[96] Zhang S J, Li J H, Chen X Z, Fan L. Building network attack graph for alert causalcorrelation. Computers&Security.2008,27(56):188196.
[97] Ning P, Cui Y, Reeves D S, Xu D B. Techniques and tools for analyzing intrusion alerts.ACM Transactions on Information and System Security,2004,7(2):274318.
[98] Wang L Y, Liu A Y, Jajodia S. Using attack graphs for correlating, hypothesizing, andpredicting intrusion alerts. Computer Communications.2006,29(15):29172933.
[99] Peng W, Wang Z G, Chen J H. Research on attack intention recognition based ongraphical model. The5th International Conference on Information Assurance andSecurity,2009,1:360363.
[100] Peng W, Yao S P, Chen J H. Recognizing intrusive intention and assessing threat basedon attack path analysis. International Conference on Multimedia InformationNetworking and Security,2009,2:450453.
[101]张松红,王亚弟,韩继红.基于隐马尔可夫模型的复合攻击预测方法.计算机工程.2008,34(6):131133.
[102] Zan X, Gao F, Han J Q, Sun Y. A hidden Markov model based framework for trackingand predicting of attack intention. International Conference on Multimedia InformationNetworking and Security,2009,2:498501.
[103] Zhang Q, Man D P, Yang W. Using HMM for intent recognition in cyber securitysituation awareness. The2nd International Symposium on Knowledge Acquisition andModeling,2009,2:166169.
[104] Yu D, Frincke D. Improving the quality of alerts and predicting intruder's next goal withHidden Colored Petri-Net. Computer Networks.2007,51(3):632654.
[105]田志宏,张伟哲,张永铮,张宏莉,李洋,姜伟.基于权能转换模型的攻击场景推理、假设与预测.通信学报.2007,28(12):7884.
[106] Viinikka J, Debar H, Mé L, Lehikoinen A, Tarvainen M. Processing intrusion detectionalert aggregates with time series modeling. Information Fusion.2009,10(4):312324.
[107] Zhou J M, Heckman M, Reynolds B, Carlson A, Bishop M. Modeling network intrusiondetection alerts for correlation. ACM Transactions on Information and System Security.2007,10(1):131.
[108]叶义成,柯丽华,黄德育.系统综合评价技术及其应用.北京:冶金工业出版社,2006:11237.
[109] Fu Y, Wu X P, Zhu T T. Index reduction for information systems security riskassessment based on rough set theory and hierarchic analysis. The3rd InternationalSymposium on Intelligent Information Technology Application,2009,3:370374.
[110]王娟,张凤荔,傅翀,陈丽莎.网络态势感知中的指标体系研究.计算机应用.2007,27(8):19071909.
[111] Wang H Q, Liang Y, Ye H Z. An extraction method of situational factors for networksecurity situational awareness. International Conference on Internet Computing inScience and Engineering,2008.317320.
[112]寿志勤,陶建平,周健,邓林.基于可拓层次分析法的校园网络安全评估指标体系研究.合肥工业大学学报(自然科学版).2010,33(11):16431647.
[2] D’Ambrosio B, Takikawa M, Upper D, Fitzgerald J, Mahoney S. Security situationassessment and response evaluation (SSARE). Proceedings of the DARPA InformationSurvivability Conference&Exposition II,2001.387394.
[3] Foresti S, Agutter J, Livnat Y, Moon S, Erbacher R. Visual correlation of network alerts.Computer Graphics and Applications.2006,26(2):4859.
[4] Bearavolu R, Lakkaraju K, Yurcik W, Raje H. A visualization tool for situationalawareness of tactical and strategic security events on large and complex computernetworks. Military Communications Conference,2003,2:850855.
[5] Lakkaraju K, Yurcik W, Lee A J. NVisionIP: netflow visualizations of system state forsecurity situational awareness. Proceedings of the2004ACM Workshop onVisualization and Data Mining for Computer Security,2004.6572.
[6] Yin X X, Yurcik W, Treaster M, Li Y F, Lakkaraju K. VisFlowConnect: netflowvisualizations of link relationships for security situational awareness. Proceedings of the2004ACM Workshop on Visualization and Data Mining for Computer Security,2004.2634.
[7] Itoh T, Takakura H, Sawada A, Koyamada K. Hierarchical visualization of networkintrusion detection data. Computer Graphics and Applications.2006,26(2):4047.
[8] Hideshima Y, Koike H. STARMINE: a visualization system for cyber attacks.Proceedings of the2006Asia-Pacific Symposium on Information Visualisation,2006,60:131138.
[9] Shabtai A, Klimov D, Shahar Y, Elovici Y. An intelligent, interactive tool forexploration and visualization of time-oriented security data. Proceedings of the3rdInternational Workshop on Visualization for Computer Security,2006.1522.
[10] Giacobe N A. Application of the JDL data fusion process model for cyber security.Multisensor, Multisource Information Fusion: Architectures, Algorithms, andApplications.2010.110.
[11] Endsley M R. Situation awareness global assessment technique (SAGAT). IEEENational Aerospace and Electronics Conference,1988.789795.
[12] Hu W, Li J H, Chen X Z, Jiang X H, Zuo M. A scalable model for network situationalawareness based on Endsley's situation model. High Technology Letters.2007,13(4):395401.
[13] Bass T. Intrusion detection systems and multisensor data fusion. Communications of theACM.2000,43(4):99105.
[14] Tripathi A, Singh U K. Towards standardization of vulnerability taxonomy. The2ndInternational Conference on Computer Technology and Development,2010.379384.
[15]张永铮,方滨兴,迟悦.计算机弱点数据库综述与评价.计算机科学.2006,33(8):1921.
[16] Liu Q X, Zhang Y Q. VRSS: A new system for rating and scoring vulnerabilities.Computer Communications.2011,34(3):264273.
[17]张永铮.计算机安全弱点及其对应关键技术研究.黑龙江:哈尔滨工业大学博士学位论文.2006.838.
[18] Ammann P, Wijesekera D, Kaushik S. Scalable, graph-based network vulnerabilityanalysis. Proceedings of the9th ACM Conference on Computer and CommunicationsSecurity,2002:217224.
[19] Jajodia S, Noel S, O'Berry B. Topological analysis of network attack vulnerability.Managing Cyber Threats: Issues, Approaches and Challenges.2005.247266.
[20] Shahriari H R, Jalili R. Vulnerability Take Grant (VTG): An efficient approach toanalyze network vulnerabilities. Computers&Security.2007,26(5):349360.
[21] Lai Y P, Hsia P L. Using the vulnerability information of computer systems to improvethe network security. Computer Communications.2007,30(9):20322047.
[22]韦勇.网络安全态势评估模型研究.安徽:中国科学技术大学博士学位论文.2009.89.
[23]余秦勇.构建基于Nessus的安全扫描系统.通信技术.2008,41(1):9698.
[24]刘欣然.网络攻击分类技术综述.通信学报.2004,25(7):3036.
[25]章丽娟,王清贤.基于多视图的攻击分类体系.计算机应用研究.2010,27(1):255258.
[26] Debar H, Dacier M, Wespi A. Towards a taxonomy of intrusion-detection systems.Computer Networks.1999,31(8):805822.
[27]赵玲.基于入侵检测技术的网络安全分析.西安邮电学院学报.2006,11(5):9295.
[28] Wang H Q, Lai J B, Liang Y, Liu X W. The classification, design and placement ofsecurity sensor for network security situational awareness system. InternationalConference on Internet Computing in Science and Engineering,2008.321324.
[29]韩崇昭,朱洪艳,段战胜.多源信息融合.北京:清华大学出版社,2006:213.
[30]王凤朝,黄树采,韩朝超.多传感器信息融合及其新技术研究.航空计算技术.2009,39(1):102106.
[31]田俊峰,赵卫东,杜瑞忠,蔡红云.新的入侵检测数据融合模型——IDSFP.通信学报.2006,27(6):115120.
[32] Chen X Z, Zheng Q H, Guan X H, Lin C G, Sun J. Multiple behavior information fusionbased quantitative threat evaluation. Computers&Security.2005,24(3):218231.
[33]韦勇,连一峰,冯登国.基于信息融合的网络安全态势评估模型.计算机研究与发展.2009,46(3):353362.
[34]王黎.基于融合决策的多分类器系统研究.陕西:西安理工大学硕士学位论文.2008.520.
[35] Giacinto G, Roli F, Didaci L. Fusion of multiple classifiers for intrusion detection incomputer networks. Pattern Recognition Letters.2003,24(12):17951803.
[36]寇忠宝,张长水.基于Multi-Agent的分类器融合.计算机学报.2003,26(2):16.
[37]王永庆.人工智能原理与方法.陕西:西安交通大学出版社,1998:31235.
[38]林志贵,徐立中,严锡君,黄凤辰,刘英平.基于距离测度的D S证据融合决策方法.计算机研究与发展.2006,43(1):169175.
[39] Huang Y S, Suen C Y. A method of combining multiple experts for the recognition ofunconstrained handwritten numerals. IEEE Transactions on Pattern Analysis andMachine Intelligence.1995,17(1):9094.
[40]龚正虎,卓莹.网络态势感知研究.软件学报.2010,21(7):16051619.
[41] Qu Z Y, Li Y Y, Li P. A network security situation evaluation method based on D Sevidence theory. The2nd International Conference on Environmental Science andInformation Application Technology,2010,2:496499.
[42]汪楚娇,林果园.网络安全风险的模糊层次综合评估模型.武汉大学学报(理学版).2006,52(5):622626.
[43] Zhu J D, Liu L. University network security risk assessment based On fuzzy analytichierarchy process. International Conference on Computer Application and SystemModeling,2010,9:213217.
[44] Li R, Yang Y. Network security assessment based on fuzzy sets and rough sets. The5thInternational Conference on Wireless Communications, Networking and MobileComputing,2009.14.
[45]李伟明,雷杰,董静,李之棠.一种优化的实时网络安全风险量化方法.计算机学报.2009,32(4):793804.
[46] Guo X, Hu R M. The effectiveness evaluation for security system based on risk entropymodel and Bayesian network theory. IEEE International Carnahan Conference onSecurity Technology.2010.5765.
[47] Sheyner O, Haines J, Jha S, Lippmann R, Wing J M. Automated generation and analysisof attack graphs. Proceedings of the2002IEEE Symposium on Security and Privacy,2002.273284.
[48] Wang L, Singhal A, Jajodia S. Toward measuring network security using attack graphs.Proceedings of the2007ACM Workshop on Quality of Protection,2007.4954.
[49] Ge H H, Gu L Z, Yang Y X, Liu K W. An attack graph based network securityevaluation model for hierarchical network. IEEE International Conference onInformation Theory and Information Security,2010.208211.
[50]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报.2006,17(4):885897.
[51] Wang Z H, Zeng H W. Study on the risk assessment quantitative method of informationsecurity. The3rd International Conference on Advanced Computer Theory andEngineering,2010,6:529533.
[52] Ji X H, Pattinson C. AHP implemented security assessment and security weightverification. IEEE International Conference on Social Computing,2010.10261031.
[53]张连文,郭海鹏.贝叶斯网引论.北京:科学出版社,2006:3481.
[54] Frigault M, Wang L Y, Singhal A, Jajodia S. Measuring network security using dynamicBayesian network. Proceedings of the4th ACM workshop on Quality of protection,2008.2330.
[55] Wang L J, Wang B, Peng Y J. Research the information security risk assessmenttechnique based on Bayesian network. The3rd International Conference on AdvancedComputer Theory and Engineering,2010,3:600604.
[56] Liang Y, Wang H Q, Pang Y G. A kind of formal modelling for network securitysituational awareness based on HMM. The9th International Conference on Web AgeInformation Management,2008.598605.
[57]茼大鹏,杨武,杨永田,周渊.网络安全威胁态势评估方法研究.沈阳建筑大学学报(自然科学版).2008,24(4):708711.
[58]张永铮,田志宏,方滨兴,云晓春.求解网络风险传播问题的近似算法及其性能分析.中国科学E辑:信息科学.2008,38(8):11571168.
[59]张永铮,方滨兴,迟悦,云晓春.用于评估网络信息系统的风险传播模型.软件学报.2007,18(1):137145.
[60]张永铮,方滨兴,迟悦,云晓春.网络风险评估中网络节点关联性的研究.计算机学报.2007,30(2):234240.
[61] Ran J X, Xiao B. Risk evaluation of network security based on NLPCA RBF neuralnetwork. International Conference Multimedia Information Networking and Security,2010.398402.
[62] Liang Y, Wang H Q, Lai J B. Quantification of network security situational awarenessbased on evolutionary neural network. The6th International Conference on MachineLearning and Cybernetics,2007,6:32673272.
[63] Liao Y T, Ma C B, Zhang C. A new fuzzy risk assessment method for the networksecurity based on fuzzy similarity measure. The6th World Congress on IntelligentControl and Automation,2006,2:84868490.
[64]陈天平,张新源,郑连清.基于模糊综合评判的网络安全风险评估.海军工程大学学报.2009,21(3):3841.
[65]张文修,吴伟志,梁吉业,李德玉.粗糙集理论与方法.北京:科学出版社,2001:126.
[66] Zhao L, Xue Z. Synthetic security assessment based on variable consistencydominance-based rough set approach. High Technology Letters.2010,16(4):413421.
[67] Kong L S, Ren X F, Fan Y J. Study on assessment method for computer networksecurity based on rough set. IEEE International Conference on Intelligent Computingand Intelligent Systems,2009,3:617621.
[68]陈志杰,王永杰,鲜明.一种基于粗糙集的网络安全评估模型.计算机科学.2007,34(8):98100.
[69]姜伟,方滨兴,田志宏,张宏莉.基于攻防博弈模型的网络安全测评和最优主动防御.计算机学报.2009,32(4):817827.
[70]张勇,谭小彬,崔孝林,奚宏生.基于Markov博弈模型的网络安全态势感知方法.软件学报.2011,22(3):495508.
[71] Shen D, Chen G S, Haynes L, Kruger M, Blasch E. Strategies comparison for gametheoretic cyber situational awareness and impact assessment. The10th InternationalConference on Information Fusion,2007.18.
[72]李光久.博弈论基础教程.北京:化学工业出版社,2005:4143.
[73] Liu N, Wang D G, Huang X M, Liu S J, Zhao K. Research on network security situationawareness technology based on artificial immunity system. International Forum onInformation Technology and Applications,2009,1:472475.
[74] Sun F X. Artificial immune danger theory based model for network security evaluation.Journal of Networks.2011,6(2):255262.
[75]李涛.基于免疫的网络安全风险检测.中国科学E辑:信息科学.2005,35(8):798816.
[76]徐国祥.统计预测和决策.上海:上海财经大学出版社,2005:3379.
[77]张翔,胡昌振,刘胜航,唐成华.基于支持向量机的网络攻击态势预测技术研究.计算机工程,2007,33(11):1012.
[78]郑小平,高金吉,刘梦婷.事故预测理论与方法.北京:清华大学出版社,2009:103267.
[79] Li J, Li T, Liang G. A network security dynamic situation forecasting method.International Forum on Information Technology and Applications,2009,1:115118.
[80] Shi Y Q, Li T, Chen W, Zhang R R. An immune-based combination predication modelfor network security situation. The2nd International Conference on Power Electronicsand Intelligent Transportation System,2009,3:238242.
[81] Man D P, Wang Y, Yang W, Wang W. A combined prediction method for networksecurity situation. International Conference on Computational Intelligence and SoftwareEngineering,2010.14.
[82] Bhattacharya S, Ghosh S K. Security threat prediction in a local area network usingstatistical model. IEEE International Conference on Parallel and Distributed ProcessingSymposium,2007.18.
[83] Fu Y M, Shi Y Q, Mu A L, Chen W. A forecast approach of network security situationbase on optimal fuzzy grey. International Conference on Multimedia Communications,2010.218221.
[84]赵国生,王慧强,王健.基于灰色Verhulst的网络安全态势感知模型.哈尔滨工业大学学报.2008,40(5):798801.
[85]韦勇,连一峰.基于日志审计与性能修正算法的网络安全态势评估模型.计算机学报.2009,32(4):763772.
[86]任伟,蒋兴浩,孙锬锋.基于RBF神经网络的网络安全态势预测方法.计算机工程与应用.2006,42(31):136139.
[87] Wang J, Qin Z G, Ye L. Research on prediction technique of network situationawareness. IEEE International Conference on Cybernetics and Intelligent Systems,2008.570574.
[88] Lai J B, Wang H Q, Liu X W, Liang Y, Zheng R J, Zhao G S. WNN—based networksecurity situation quantitative prediction method and its optimization. Journal ofComputer Science and Technology.2008,23(2):222230.
[89]傅祖芸.信息论基础理论与应用.北京:电子工业出版社,2005:2734.
[90] Morin B, Mé L, Debar H, Ducassé M. A logic-based model to support alert correlationin intrusion detection. Information Fusion.2009,10(4):285299.
[91] Lee S, Chung B, Kim H, Lee Y, Park C, Yoon H. Real-time analysis of intrusiondetection alerts via correlation. Computers&Security.2006,25(3):169183.
[92] Maggi F, Matteucci M, Zanero S. Reducing false positives in anomaly detectors throughfuzzy alert aggregation. Information Fusion.2009,10(4):300311.
[93] Sadoddin R, Ghorbani A A. An incremental frequent structure mining framework forreal-time alert correlation. Computers&Security.2009,28(34):153173.
[94]何肖慧.分布式入侵检测系统中的报警融合.北京:北京交通大学硕士学位论文.2007.1719.
[95] Perdisci R, Giacinto G, Roli F. Alarm clustering for intrusion detection systems incomputer networks. Engineering Applications of Artificial Intelligence.2006,19(4):429438.
[96] Zhang S J, Li J H, Chen X Z, Fan L. Building network attack graph for alert causalcorrelation. Computers&Security.2008,27(56):188196.
[97] Ning P, Cui Y, Reeves D S, Xu D B. Techniques and tools for analyzing intrusion alerts.ACM Transactions on Information and System Security,2004,7(2):274318.
[98] Wang L Y, Liu A Y, Jajodia S. Using attack graphs for correlating, hypothesizing, andpredicting intrusion alerts. Computer Communications.2006,29(15):29172933.
[99] Peng W, Wang Z G, Chen J H. Research on attack intention recognition based ongraphical model. The5th International Conference on Information Assurance andSecurity,2009,1:360363.
[100] Peng W, Yao S P, Chen J H. Recognizing intrusive intention and assessing threat basedon attack path analysis. International Conference on Multimedia InformationNetworking and Security,2009,2:450453.
[101]张松红,王亚弟,韩继红.基于隐马尔可夫模型的复合攻击预测方法.计算机工程.2008,34(6):131133.
[102] Zan X, Gao F, Han J Q, Sun Y. A hidden Markov model based framework for trackingand predicting of attack intention. International Conference on Multimedia InformationNetworking and Security,2009,2:498501.
[103] Zhang Q, Man D P, Yang W. Using HMM for intent recognition in cyber securitysituation awareness. The2nd International Symposium on Knowledge Acquisition andModeling,2009,2:166169.
[104] Yu D, Frincke D. Improving the quality of alerts and predicting intruder's next goal withHidden Colored Petri-Net. Computer Networks.2007,51(3):632654.
[105]田志宏,张伟哲,张永铮,张宏莉,李洋,姜伟.基于权能转换模型的攻击场景推理、假设与预测.通信学报.2007,28(12):7884.
[106] Viinikka J, Debar H, Mé L, Lehikoinen A, Tarvainen M. Processing intrusion detectionalert aggregates with time series modeling. Information Fusion.2009,10(4):312324.
[107] Zhou J M, Heckman M, Reynolds B, Carlson A, Bishop M. Modeling network intrusiondetection alerts for correlation. ACM Transactions on Information and System Security.2007,10(1):131.
[108]叶义成,柯丽华,黄德育.系统综合评价技术及其应用.北京:冶金工业出版社,2006:11237.
[109] Fu Y, Wu X P, Zhu T T. Index reduction for information systems security riskassessment based on rough set theory and hierarchic analysis. The3rd InternationalSymposium on Intelligent Information Technology Application,2009,3:370374.
[110]王娟,张凤荔,傅翀,陈丽莎.网络态势感知中的指标体系研究.计算机应用.2007,27(8):19071909.
[111] Wang H Q, Liang Y, Ye H Z. An extraction method of situational factors for networksecurity situational awareness. International Conference on Internet Computing inScience and Engineering,2008.317320.
[112]寿志勤,陶建平,周健,邓林.基于可拓层次分析法的校园网络安全评估指标体系研究.合肥工业大学学报(自然科学版).2010,33(11):16431647.