网络安全态势评估模型研究
|
摘要
随着计算机技术和通信技术的迅速发展,用户需求不断增加,计算机网络的应用越来越广泛,其规模也越来越庞大;但另一方面网络安全事件层出不穷,传统的单一防御设备或检测设备已经无法满足安全需求,计算机网络面临着严峻的信息安全形势。网络安全态势评估技术能够综合各种安全要素,从整体上动态反映网络安全状况,并对其发展趋势进行预测和预警。因此,网络安全态势评估模型及关键技术已经成为目前网络安全领域的研究热点。
论文在对现有的网络安全态势评估方法和技术进行调研分析的基础上,提出了一种基于期望威胁与性能修正算法的网络安全态势评估模型。首先给出了期望威胁和性能修正等网络安全核心元素及相关概念的定义,并进行了形式化表示,在此基础上提出了网络安全态势评估模型及其框架;然后给出了网络安全态势量化评估算法,利用期望状态图、信息融合、日志审计这三种分别适用于不同场景的方法计算网络节点期望威胁,通过性能修正算法修正期望威胁得到节点安全态势,再利用节点权重经过综合计算得到网络安全态势,并绘制网络安全态势曲线图:接下来给出了网络安全态势预测算法,采用多种预测模型对网络安全态势进行预测,并绘制态势预测曲线图;最后,论文给出了网络安全态势评估系统的设计方案和实现框架,并且通过四个实例网络的安全态势评估分析,对所提出的评估模型、量化评估算法和预测算法进行了验证。
网络安全态势评估模型能够帮助网络安全管理人员从整体上掌握网络一段时间内的综合安全状况和未来发展趋势,为管理员采取相应防护措施,提高网络安全性提供参考依据。
With the rapid development of computer technology and communication technology,users' demands have continuously increased,the application of computer network is more and more popular and its scale is larger and larger.On the other hand,due to the massive network security events,the traditional security defence systems or detection systems are unable to meet the security requirements and computer network is facing a serious situation of information security.Network security situational awareness technology can fuse multi security elements, dynamically reflect the network security situational as a whole and predict its development trend for early warning.As a result,network security situational awareness model and the key technology has become a hot area of network security research.
Based on the analysis of existing methods and technology,this dissertation proposes a network security situational awareness model based on expectant threat and performance correction.First of all,it defines core factors of network security, which including expectant threat and performance correction,gives the related definitions and the formal specifications,and proposes the network security situational awareness model and its framework.After that,it gives the quantitative algorithm of network security situational awareness,computes nodes expectant threat using three methods-expectant state graph,information fusion and log audit which fit different situations,gets nodes security situational by performance correction algorithm,finally computes network security situational by general computing using nodes weights,and draws the network security situational graph. Then it gives the predicting algorithm of network security situational awareness, predicts the future threat by several predicting models,and draws the predicting network security situational graph.At last,this dissertation gives the framework of design and realization of network security situational awareness system,and validates the quantitative algorithm and the predicting algorithm of the network security situational awareness model by analysis of four examples.
Network security situational awareness model can help administrators to know the security situational of network as a whole for a period of time and its development trend in the future,which will give good reference for the making of security defence policy to improve network security.
论文在对现有的网络安全态势评估方法和技术进行调研分析的基础上,提出了一种基于期望威胁与性能修正算法的网络安全态势评估模型。首先给出了期望威胁和性能修正等网络安全核心元素及相关概念的定义,并进行了形式化表示,在此基础上提出了网络安全态势评估模型及其框架;然后给出了网络安全态势量化评估算法,利用期望状态图、信息融合、日志审计这三种分别适用于不同场景的方法计算网络节点期望威胁,通过性能修正算法修正期望威胁得到节点安全态势,再利用节点权重经过综合计算得到网络安全态势,并绘制网络安全态势曲线图:接下来给出了网络安全态势预测算法,采用多种预测模型对网络安全态势进行预测,并绘制态势预测曲线图;最后,论文给出了网络安全态势评估系统的设计方案和实现框架,并且通过四个实例网络的安全态势评估分析,对所提出的评估模型、量化评估算法和预测算法进行了验证。
网络安全态势评估模型能够帮助网络安全管理人员从整体上掌握网络一段时间内的综合安全状况和未来发展趋势,为管理员采取相应防护措施,提高网络安全性提供参考依据。
With the rapid development of computer technology and communication technology,users' demands have continuously increased,the application of computer network is more and more popular and its scale is larger and larger.On the other hand,due to the massive network security events,the traditional security defence systems or detection systems are unable to meet the security requirements and computer network is facing a serious situation of information security.Network security situational awareness technology can fuse multi security elements, dynamically reflect the network security situational as a whole and predict its development trend for early warning.As a result,network security situational awareness model and the key technology has become a hot area of network security research.
Based on the analysis of existing methods and technology,this dissertation proposes a network security situational awareness model based on expectant threat and performance correction.First of all,it defines core factors of network security, which including expectant threat and performance correction,gives the related definitions and the formal specifications,and proposes the network security situational awareness model and its framework.After that,it gives the quantitative algorithm of network security situational awareness,computes nodes expectant threat using three methods-expectant state graph,information fusion and log audit which fit different situations,gets nodes security situational by performance correction algorithm,finally computes network security situational by general computing using nodes weights,and draws the network security situational graph. Then it gives the predicting algorithm of network security situational awareness, predicts the future threat by several predicting models,and draws the predicting network security situational graph.At last,this dissertation gives the framework of design and realization of network security situational awareness system,and validates the quantitative algorithm and the predicting algorithm of the network security situational awareness model by analysis of four examples.
Network security situational awareness model can help administrators to know the security situational of network as a whole for a period of time and its development trend in the future,which will give good reference for the making of security defence policy to improve network security.
引文
[1]张海霞.基于环境因素与攻击能力的网络脆弱性评估模型[D]:[博士].北京:中国科学院软件研究所,2008.
[2]中国互联网络信息中心.中国互联网络发展状况统计报告(2008/7)[EB/OL].[2009-02-09].http://www.cnnic.net.cn/uploadfiles/doc/2008/7/23/170424.doc
[3]CERT/CC.Vulnerability Remediation Statistics 2000-2008[EB/OL].[2009-02-09].http://www.cert.org/stats/vulnerability_remediation.html
[4]CERT/CC.Historical Statistics 1995-2003[EB/OL].[2009-02-09].http://www.cert.org/stats/historical.html
[5]百度百科.防火墙[EB/OL].[2009-02-10].http://baike.baidu.com/view/543347.htm
[6]百度百科.入侵检测[EB/OL].[2009-02-10].http://baike.baidu.com/view/16487.htm
[7]Anderson J P.Computer security threat monitoring and surveillance[Technical Report].Fort Washington,Pennsylvania,1980.
[8]Denning D E and Neumann P G.Requirements and model for IDES--A real-time intrusion detection system[Technical Report].Computer Science Laboratory,SRI International,Menlo Park,CA,1985.
[9]Heberlein L T,Dias G V,Levitt K N,et al.A network security monitor[C].In:Proceedings of the IEEE Symposium on Security and Privacy,IEEE Press,1990:296-304.
[10]蒋建春,马恒太,任党恩,等.网络安全入侵检测:研究综述[J].软件学报,2000,11(11):1460-1466.
[11]Kumar,Spafford E.A pattern matching model for misuse intrusion detection[C].In:Proceedings of the 17~(th) National Computer Security Conference,1994:11-21.
[12]D'haeseleer P.A distributed approach to anomaly detection[C].In:Proceedings of ACM Transactions on Information System Security,1997.
[13]Lindqvist U,Porras P A.Expert-BSM:A host-based intrusion detection solution for sun solaris[C].In:Proceedings of the 17~(th) Annual Computer Security Applications Conference,New Orleans,2001:240-251.
[14]Vigna G,Kemmerer R.NetSTAT:A Network-based intrusion detection approach[C].In:Proceedings of Computer Security Application Conference,1998:25-34.
[15]冯登国.计算机通信网络安全.第一版.北京:清华大学出版社,2001,195-204.
[16]周才学.计算机病毒与反病毒检测技术[J].九江学院学报:自然科学版,2005(2):38-40.
[17]百度百科.计算机病毒[EB/OL].[2009-02-10].http://baike.baidu.com/view/5339.htm
[18]ISS:Internet Security System[EB/OL].[2009-02-10].http://www.iss.net/
[19]COPS:Computer Oracle and Password System[EB/OL].[2009-02-10].ftp://ftp.cert.org/pub/tools/cops
[20]Tcp_wrapper:Security Tool[EB/OL].[2009-02-10].ftp://ftp.porcupine.org/pub/security/index.html
[21]SATAN:Security Administrator Tool for Analyzing Networks[EB/OL].[2009-02-10].http://www.porcupine.org/satan/
[22]Axent NetRecon:Automated Security Probe[EB/OL].[2009-02-10].http://www.c2000.com/products/sec_recn.htm
[23]Cybercop Scanner[EB/OL].[2009-02-10].http://www.nai.com
[24]Whisker[EB/OL].[2009-02-10].http://www.wiretrip.net/rfp/
[25]Nessus[EB/OL].[2009-02-10].http://www.nessus.org/
[26]Baldwin R.Kuang:Rule based security checking[Technical Report].MIT Lab for Computer Science,1994.
[27]Zerkle D,Levitt K.Netkuang--A multi-host configuration vulnerability checker[C].In:Proceedings of the 6~(th) USENIX Unix Security Symposium,San Jose,CA,1996:195-204.
[28]Schnerier B.Attack trees-modeling security threats[J].Dr Dobb's Journal,1999,12(24):21-29.
[29]Andrew M.Attack modeling for information security and survivability[Technical Report].Carnegie Mellon University,Technical Note CMV/SEI-2001-TH-001,2001.
[30]Mauw S,Oostdijk M.Foundations of attack trees[C].In:Proceedings of the 8~(th) Annual International Conference on Information Security and Cryptology,2005:186-198.
[31]Dacier M,Deswarte Y.The privilege graph:An extension to the typed access matrix model[C].In:Proceedings of the European Symposium in Computer Security (ESORICS'94),Lecture Notes in Computer Science,Springer-Verlag,Brighton,UK,1994,875:319-334.
[32]Dacier M.Towards quantitative evaluation of computer security[D]:[Ph.D.].Institut National Polytechnique de Toulouse,1994.
[33]Dacier M,Deswartes Y,Kaaniche M.Quantitative assessment of operational security models and tools[Technical Report].Research Report 96493,LAAS,May 1996:177-186.
[34]Ortalo R,Deswarte Y.Information systems security:Specification and quantitative evaluation[Technical Report].In DeVa ESPRIT Long Term Research Project No.20072 -2nd Year Report,1997:561-584.
[35]Ortalo R,Deswarte Y,Kaaniche M.Experimenting with quantitative evaluation tools for monitoring operational security[J].IEEE Trans,on Software Engineering,1999,25(5):633-650.
[36]Porras P A,Kemmerer R A.Penetration state transition analysis:A rule-based intrusion detection approach[C].In:Proceedings of the 8th Annual Computer Security Applications Conference,1992:220-229.
[37]Phillips C,Swiler L.A graph-based system for network-vulnerability analysis[C].In:Proceedings of the New Security Paradigms Workshop,Charlottesville,VA,1998:71-79.
[38]Swiler L,Phillips C,Ellis D,et al.Computer-attack graph generation tool[C].In:Proceedings of DARPA Information Survivability Conference & Exposition,2001:307-321.
[39]Noel Steven,Jajodia Sushil,O'Berry Brian,et al.Efficient minimum-cost network hardening via exploit dependency graphs[C].In:Proceedings of the 19~(th)Annual Computer Security Applications Conference,Las Vegas,Nevada,2003:86-95.
[40]Ritchey R,Ammann P.Using model checking to analyze network vulnerabilities[C].In:Proceedings of IEEE Symposium on Security and Privacy,Oakland,CA,2000:156-165.
[41]SMV:a symbolic model checker[EB/OL].[2009-02-10].http://www.cs.crnu.edu/~modelcheck/
[42]Jha S,Sheyner O,Wing J.Two formal analyses of attack graphs[C].In:Proceedings of the 2002 Computer Security Foundations Workshop,Nova Scotia,2002:45-59.
[43]Jha S,Sheyner O,Wing J.Minimization and reliability analyses of attack graphs[Technical Report].CMU-CS-02-109,Carnegie Mellon University,February 2002.
[44]Sheyner O,Haines J,Jha S,et al.Automated generation and analysis of attack graphs[C].In:Proceedings of IEEE Symposium on Security and Privacy,Oakland,CA,2002:254-265.
[45]Sheyner O.Scenario graphs and attack graphs[D]:[Ph.D.].Carnegie Mellon University,2004.
[46]NuSMV:a new symbolic model checker[EB/OL].[2009-02-10].http://nusmv.irst.itc.it/
[47]Templeton S J,Levitt K.A requires/provides model for computer attacks[C].In:Proceedings of the New Security Paradigms Workshop,Cork,Ireland,2000:31-38.
[48]Ammann P,.Wijesekera D,Kaushik S.Scalable,graph-based network vulnerability analysis[C].In:Proceedings of the 9~(th)ACM Conference on Computer and Communications Security,Washington,DC,2002:217-224.
[49]Syverson P F.A different look at secure distributed computation[C].In:Proceedings of the 10~(th)Computer Security Foundations Workshop,1997:109-115.
[50]Lye K,Wing J M.Game strategies in network security[C].In:Proceedings of the 15~(th) IEEE Computer Security Foundations Workshop,2002:71-86.
[51]Browne R.C4I defensive infrastructure for survivability against multi-modeattacks[C].In:Proceedings of 21~(st) Century Military Communications Conference,Los Angeles,CA,2000:417-424.
[52]Burke D.Towards a game theory model of information warfare[D]:[Master].USA:Air force Institute of Technology.1999.
[53]Hespanha J P,Bohacek S.Preliminary results in routing games[C].In:Proceedings of the 2001 American Control Conference,Arlington,VA,2001:1904-1909.
[54]Xu J,Lee W.Sustaining availability of web services under distributed denial of service attacks[J].IEEE Transactions on Computers,2003,52(2):195-208.
[55]Liu Peng,Zang Wanyu.Incentive-based modeling and inference of attacker intent,objectives,and strategies[C].In:Proceedings of the ACM Conference on Computer and Communications Security,2003:179-189.
[56]Lau Stephen.The spinning cube of potential doom[J].Communications of the ACM,2004,47(6):25-26.
[57]朱亮,王慧强,郑丽君.网络安全态势可视化研究评述[EB/OL].[2009-02-12].http://www.paper.edu.cn/downloadpaper.php?serial_number=200607-36
[58]Lakkaraju K,Yurcik W,Lee A J.NVisionIP:NetFlow visualizations of system state for security situational awareness[C].In:Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security,Washington,DC,2004:65-72.
[59]Yin Xiaoxin,Yurcik William,Treaster Michael.VisFlowConnect:NetFlow visualizations of link relationships for security situational awareness[C].In:Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security,Washington,DC,2004:26-34.
[60]Brad Huffaker,AS Internet Graph[EB/OL].[2009-02-12].http://www.caida.org/analysis/topology/as_core_network/A S_Network.xml
[61]Bass T.Intrusion detection systems & multisensor data fusion:Creating cyberspace situational awareness[J].Communications of the ACM,2000,43(4):99-105.
[62]D'Ambrosio Bruce.Security situation assessment and response evaluation(SSARE)[C].In:Proceedings of the DARPA Information Survivability Conference & Exposition Ⅱ,Anaheim,2001:387-394.
[63]Yegneswaran V,Barford P,Paxson V.Using honeynets for internet situational awareness[C].In:Proceedings of the 4~(th) Workshop on Hot Topics in Networks,Maryland,2005.
[64]The Honeynet Project[EB/OL].[2009-02-12].http://project.honeynet.org/
[65]Abad Cristina,Yurcik William.UCLog+:A security situational awareness system for incident storage,querying,and correlation[C].In:Proceedings of the 14~(th) International Conference on Telecommunication Systems Modeling and Analysis(ICTSM),2006:316-322.
[66]陈秀真,郑庆华,管晓宏,等.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897.
[67]Gorodetsky Vladimir,Karsaev Oleg,Samoilov Vladimir.On-line update of situation assessment based on asynchronous data streams[C].In:Proceedings of the Knowledge-Based Intelligent Information and Engineering Systems,Berlin/Heidelberg,SPRINGER-VERLAG,2004:1136-1142.
[68]闫怀志,胡昌振,谭惠民.基于模糊矩阵博弈的网络安全威胁评估[J].计算机工程与应用,2002(13):4-5.
[69]百度百科.博弈论[EB/OL].[2009-02-12].http://baike.baidu.com/view/355795.htm
[70]赵国生,王慧强,王健.基于灰色关联分析的网络可生存性态势评估研究[J].小型微型计算机系统,2006,27(10):1861-1864.
[71]Ellison R J,Linger R C,Longstaff T,et al.A case study in survivable network system analysis[Technical Report].Software Engineering Institute Technical Report No.CMU/SEI-98-TR-014,1998.
[72]Valdes A,Skinner K.Probabilistic alert correlation[C].In:Proceedings of the 4~(th)International Symposium on Recent Advances in Intrusion Detection(RAID),2001:54-68.
[73]Debar H,Wespi A.Aggregation and correlation of intrusion-detection alerts[C].In:Proceedings of the 4~(th) International Symposium on Recent Advances in Intrusion Detection (RAID),2001:85-103.
[74]Porras P,Fong M,Valdes A.A mission-impact-based approach to INFOSEC alarm correlation[C].In:Proceedings of the 5~(th) International Symposium on Recent Advances in Intrusion Detection(RAID),2002:95-114.
[75]Dempster A P.Upper and lower probabilities induced by a multi-valued mapping[J].Annals of Mathematical Statistics,1967,38(2):325-339.
[76]Shafer G.A mathematical theory of evidence[M].Princeton:Princeton University Press,1976.
[77]李弼程,王波,魏俊.一种有效的证据理论合成公式[J].数据采集与处理,2002,17(1):34-36.
[78]邓聚龙.灰色预测与决策.武汉:华中科技大学出版社,1986.
[79]Box G E P,Jenkins G M.Time series analysis:forecasting and control.San Francisco:Holden-Day Inc.,1976.
[80]童明容,薛恒新,林琳.基于Holt-Winter模型的铁路货运量预测研究.铁道运输与经济,2007,29(1):79-81.
[81]Fall Kevin,Varadhan Kannan.The ns manual(formerly ns notes and documentation).California:UC Berkeley,LBL,USC/ISI,and Xerox PARC,2007.
[82]2000 DARPA Intrusion Detection Scenario Specific Data Sets[EB/OL].[2009-03-06].http://www.11.mit.edu/mission/communications/ist/corpora/ideval/data/2000dat a.html
[2]中国互联网络信息中心.中国互联网络发展状况统计报告(2008/7)[EB/OL].[2009-02-09].http://www.cnnic.net.cn/uploadfiles/doc/2008/7/23/170424.doc
[3]CERT/CC.Vulnerability Remediation Statistics 2000-2008[EB/OL].[2009-02-09].http://www.cert.org/stats/vulnerability_remediation.html
[4]CERT/CC.Historical Statistics 1995-2003[EB/OL].[2009-02-09].http://www.cert.org/stats/historical.html
[5]百度百科.防火墙[EB/OL].[2009-02-10].http://baike.baidu.com/view/543347.htm
[6]百度百科.入侵检测[EB/OL].[2009-02-10].http://baike.baidu.com/view/16487.htm
[7]Anderson J P.Computer security threat monitoring and surveillance[Technical Report].Fort Washington,Pennsylvania,1980.
[8]Denning D E and Neumann P G.Requirements and model for IDES--A real-time intrusion detection system[Technical Report].Computer Science Laboratory,SRI International,Menlo Park,CA,1985.
[9]Heberlein L T,Dias G V,Levitt K N,et al.A network security monitor[C].In:Proceedings of the IEEE Symposium on Security and Privacy,IEEE Press,1990:296-304.
[10]蒋建春,马恒太,任党恩,等.网络安全入侵检测:研究综述[J].软件学报,2000,11(11):1460-1466.
[11]Kumar,Spafford E.A pattern matching model for misuse intrusion detection[C].In:Proceedings of the 17~(th) National Computer Security Conference,1994:11-21.
[12]D'haeseleer P.A distributed approach to anomaly detection[C].In:Proceedings of ACM Transactions on Information System Security,1997.
[13]Lindqvist U,Porras P A.Expert-BSM:A host-based intrusion detection solution for sun solaris[C].In:Proceedings of the 17~(th) Annual Computer Security Applications Conference,New Orleans,2001:240-251.
[14]Vigna G,Kemmerer R.NetSTAT:A Network-based intrusion detection approach[C].In:Proceedings of Computer Security Application Conference,1998:25-34.
[15]冯登国.计算机通信网络安全.第一版.北京:清华大学出版社,2001,195-204.
[16]周才学.计算机病毒与反病毒检测技术[J].九江学院学报:自然科学版,2005(2):38-40.
[17]百度百科.计算机病毒[EB/OL].[2009-02-10].http://baike.baidu.com/view/5339.htm
[18]ISS:Internet Security System[EB/OL].[2009-02-10].http://www.iss.net/
[19]COPS:Computer Oracle and Password System[EB/OL].[2009-02-10].ftp://ftp.cert.org/pub/tools/cops
[20]Tcp_wrapper:Security Tool[EB/OL].[2009-02-10].ftp://ftp.porcupine.org/pub/security/index.html
[21]SATAN:Security Administrator Tool for Analyzing Networks[EB/OL].[2009-02-10].http://www.porcupine.org/satan/
[22]Axent NetRecon:Automated Security Probe[EB/OL].[2009-02-10].http://www.c2000.com/products/sec_recn.htm
[23]Cybercop Scanner[EB/OL].[2009-02-10].http://www.nai.com
[24]Whisker[EB/OL].[2009-02-10].http://www.wiretrip.net/rfp/
[25]Nessus[EB/OL].[2009-02-10].http://www.nessus.org/
[26]Baldwin R.Kuang:Rule based security checking[Technical Report].MIT Lab for Computer Science,1994.
[27]Zerkle D,Levitt K.Netkuang--A multi-host configuration vulnerability checker[C].In:Proceedings of the 6~(th) USENIX Unix Security Symposium,San Jose,CA,1996:195-204.
[28]Schnerier B.Attack trees-modeling security threats[J].Dr Dobb's Journal,1999,12(24):21-29.
[29]Andrew M.Attack modeling for information security and survivability[Technical Report].Carnegie Mellon University,Technical Note CMV/SEI-2001-TH-001,2001.
[30]Mauw S,Oostdijk M.Foundations of attack trees[C].In:Proceedings of the 8~(th) Annual International Conference on Information Security and Cryptology,2005:186-198.
[31]Dacier M,Deswarte Y.The privilege graph:An extension to the typed access matrix model[C].In:Proceedings of the European Symposium in Computer Security (ESORICS'94),Lecture Notes in Computer Science,Springer-Verlag,Brighton,UK,1994,875:319-334.
[32]Dacier M.Towards quantitative evaluation of computer security[D]:[Ph.D.].Institut National Polytechnique de Toulouse,1994.
[33]Dacier M,Deswartes Y,Kaaniche M.Quantitative assessment of operational security models and tools[Technical Report].Research Report 96493,LAAS,May 1996:177-186.
[34]Ortalo R,Deswarte Y.Information systems security:Specification and quantitative evaluation[Technical Report].In DeVa ESPRIT Long Term Research Project No.20072 -2nd Year Report,1997:561-584.
[35]Ortalo R,Deswarte Y,Kaaniche M.Experimenting with quantitative evaluation tools for monitoring operational security[J].IEEE Trans,on Software Engineering,1999,25(5):633-650.
[36]Porras P A,Kemmerer R A.Penetration state transition analysis:A rule-based intrusion detection approach[C].In:Proceedings of the 8th Annual Computer Security Applications Conference,1992:220-229.
[37]Phillips C,Swiler L.A graph-based system for network-vulnerability analysis[C].In:Proceedings of the New Security Paradigms Workshop,Charlottesville,VA,1998:71-79.
[38]Swiler L,Phillips C,Ellis D,et al.Computer-attack graph generation tool[C].In:Proceedings of DARPA Information Survivability Conference & Exposition,2001:307-321.
[39]Noel Steven,Jajodia Sushil,O'Berry Brian,et al.Efficient minimum-cost network hardening via exploit dependency graphs[C].In:Proceedings of the 19~(th)Annual Computer Security Applications Conference,Las Vegas,Nevada,2003:86-95.
[40]Ritchey R,Ammann P.Using model checking to analyze network vulnerabilities[C].In:Proceedings of IEEE Symposium on Security and Privacy,Oakland,CA,2000:156-165.
[41]SMV:a symbolic model checker[EB/OL].[2009-02-10].http://www.cs.crnu.edu/~modelcheck/
[42]Jha S,Sheyner O,Wing J.Two formal analyses of attack graphs[C].In:Proceedings of the 2002 Computer Security Foundations Workshop,Nova Scotia,2002:45-59.
[43]Jha S,Sheyner O,Wing J.Minimization and reliability analyses of attack graphs[Technical Report].CMU-CS-02-109,Carnegie Mellon University,February 2002.
[44]Sheyner O,Haines J,Jha S,et al.Automated generation and analysis of attack graphs[C].In:Proceedings of IEEE Symposium on Security and Privacy,Oakland,CA,2002:254-265.
[45]Sheyner O.Scenario graphs and attack graphs[D]:[Ph.D.].Carnegie Mellon University,2004.
[46]NuSMV:a new symbolic model checker[EB/OL].[2009-02-10].http://nusmv.irst.itc.it/
[47]Templeton S J,Levitt K.A requires/provides model for computer attacks[C].In:Proceedings of the New Security Paradigms Workshop,Cork,Ireland,2000:31-38.
[48]Ammann P,.Wijesekera D,Kaushik S.Scalable,graph-based network vulnerability analysis[C].In:Proceedings of the 9~(th)ACM Conference on Computer and Communications Security,Washington,DC,2002:217-224.
[49]Syverson P F.A different look at secure distributed computation[C].In:Proceedings of the 10~(th)Computer Security Foundations Workshop,1997:109-115.
[50]Lye K,Wing J M.Game strategies in network security[C].In:Proceedings of the 15~(th) IEEE Computer Security Foundations Workshop,2002:71-86.
[51]Browne R.C4I defensive infrastructure for survivability against multi-modeattacks[C].In:Proceedings of 21~(st) Century Military Communications Conference,Los Angeles,CA,2000:417-424.
[52]Burke D.Towards a game theory model of information warfare[D]:[Master].USA:Air force Institute of Technology.1999.
[53]Hespanha J P,Bohacek S.Preliminary results in routing games[C].In:Proceedings of the 2001 American Control Conference,Arlington,VA,2001:1904-1909.
[54]Xu J,Lee W.Sustaining availability of web services under distributed denial of service attacks[J].IEEE Transactions on Computers,2003,52(2):195-208.
[55]Liu Peng,Zang Wanyu.Incentive-based modeling and inference of attacker intent,objectives,and strategies[C].In:Proceedings of the ACM Conference on Computer and Communications Security,2003:179-189.
[56]Lau Stephen.The spinning cube of potential doom[J].Communications of the ACM,2004,47(6):25-26.
[57]朱亮,王慧强,郑丽君.网络安全态势可视化研究评述[EB/OL].[2009-02-12].http://www.paper.edu.cn/downloadpaper.php?serial_number=200607-36
[58]Lakkaraju K,Yurcik W,Lee A J.NVisionIP:NetFlow visualizations of system state for security situational awareness[C].In:Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security,Washington,DC,2004:65-72.
[59]Yin Xiaoxin,Yurcik William,Treaster Michael.VisFlowConnect:NetFlow visualizations of link relationships for security situational awareness[C].In:Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security,Washington,DC,2004:26-34.
[60]Brad Huffaker,AS Internet Graph[EB/OL].[2009-02-12].http://www.caida.org/analysis/topology/as_core_network/A S_Network.xml
[61]Bass T.Intrusion detection systems & multisensor data fusion:Creating cyberspace situational awareness[J].Communications of the ACM,2000,43(4):99-105.
[62]D'Ambrosio Bruce.Security situation assessment and response evaluation(SSARE)[C].In:Proceedings of the DARPA Information Survivability Conference & Exposition Ⅱ,Anaheim,2001:387-394.
[63]Yegneswaran V,Barford P,Paxson V.Using honeynets for internet situational awareness[C].In:Proceedings of the 4~(th) Workshop on Hot Topics in Networks,Maryland,2005.
[64]The Honeynet Project[EB/OL].[2009-02-12].http://project.honeynet.org/
[65]Abad Cristina,Yurcik William.UCLog+:A security situational awareness system for incident storage,querying,and correlation[C].In:Proceedings of the 14~(th) International Conference on Telecommunication Systems Modeling and Analysis(ICTSM),2006:316-322.
[66]陈秀真,郑庆华,管晓宏,等.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897.
[67]Gorodetsky Vladimir,Karsaev Oleg,Samoilov Vladimir.On-line update of situation assessment based on asynchronous data streams[C].In:Proceedings of the Knowledge-Based Intelligent Information and Engineering Systems,Berlin/Heidelberg,SPRINGER-VERLAG,2004:1136-1142.
[68]闫怀志,胡昌振,谭惠民.基于模糊矩阵博弈的网络安全威胁评估[J].计算机工程与应用,2002(13):4-5.
[69]百度百科.博弈论[EB/OL].[2009-02-12].http://baike.baidu.com/view/355795.htm
[70]赵国生,王慧强,王健.基于灰色关联分析的网络可生存性态势评估研究[J].小型微型计算机系统,2006,27(10):1861-1864.
[71]Ellison R J,Linger R C,Longstaff T,et al.A case study in survivable network system analysis[Technical Report].Software Engineering Institute Technical Report No.CMU/SEI-98-TR-014,1998.
[72]Valdes A,Skinner K.Probabilistic alert correlation[C].In:Proceedings of the 4~(th)International Symposium on Recent Advances in Intrusion Detection(RAID),2001:54-68.
[73]Debar H,Wespi A.Aggregation and correlation of intrusion-detection alerts[C].In:Proceedings of the 4~(th) International Symposium on Recent Advances in Intrusion Detection (RAID),2001:85-103.
[74]Porras P,Fong M,Valdes A.A mission-impact-based approach to INFOSEC alarm correlation[C].In:Proceedings of the 5~(th) International Symposium on Recent Advances in Intrusion Detection(RAID),2002:95-114.
[75]Dempster A P.Upper and lower probabilities induced by a multi-valued mapping[J].Annals of Mathematical Statistics,1967,38(2):325-339.
[76]Shafer G.A mathematical theory of evidence[M].Princeton:Princeton University Press,1976.
[77]李弼程,王波,魏俊.一种有效的证据理论合成公式[J].数据采集与处理,2002,17(1):34-36.
[78]邓聚龙.灰色预测与决策.武汉:华中科技大学出版社,1986.
[79]Box G E P,Jenkins G M.Time series analysis:forecasting and control.San Francisco:Holden-Day Inc.,1976.
[80]童明容,薛恒新,林琳.基于Holt-Winter模型的铁路货运量预测研究.铁道运输与经济,2007,29(1):79-81.
[81]Fall Kevin,Varadhan Kannan.The ns manual(formerly ns notes and documentation).California:UC Berkeley,LBL,USC/ISI,and Xerox PARC,2007.
[82]2000 DARPA Intrusion Detection Scenario Specific Data Sets[EB/OL].[2009-03-06].http://www.11.mit.edu/mission/communications/ist/corpora/ideval/data/2000dat a.html