入侵检测系统运行安全度量研究
|
摘要
信息安全度量是信息安全相关质量的量化和客观描述,反映系统在特定运行环境下的安全程度,是衡量信息系统或产品安全状态和运行能力的工具。安全产品的安全度量是改进安全管理过程,保证产品安全服务质量的必要手段,是信息安全度量研究的难点。
论文探讨了IDS运行安全的度量开发技术与实践问题。首先,在对现有信息安全度量理论与实践的研究基础上,总结了安全度量的基本问题,给出了安全度量原理,明确了度量开发、度量执行以及度量结果评价三个阶段的度量过程。其次,从分析IDS运行安全因素入手,给出了IDS运行安全要素,针对度量开发这一基础性的问题,给出了开发模型,提出了基于故障树分析的IDS安全控制措施的确定方法,并分析了IDS安全控制措施类型和IDS运行安全的度量信息需求。然后,阐述了度量指标及其测量方法的开发与设计,对于知识库特性,提出一种通过以CVE为中介比较IDS知识库和安全策略的符合性的方法来度量;对于检测能力,采用基于信息熵理论的方法来综合分析入侵率、误报率以及漏报率对检测能力的影响;对于安全机制,通过分析其提供的保护质量来度量;对于安全加固,通过基于漏洞扫描的渗透测试方法来度量,同时结合园区网实际环境进行了初步验证。最后,针对安全度量过程中的数据处理和管理需求,描述了基于数据库系统的度量辅助系统的设计和实现。
Information Security Metrics is a quantitative and objective description of the Information Security related quality. It represents the security level of a system operation in specific environment, is a tool to assess the security of a system and the capability of a product. The Security Management Measurement of Security Product is a necessary mean to improve security management process and its quality of service. The Security Management Measurement of Security Product is a nodus in the research on Information Security Metrics.
This dissertation discussed the measurement development and practice problem of IDS operations security. Firstly, based on the research of the concept and the practice issues of Information Security Metrics, summarized the fundamental problem of security metrics and proposed the security metrics theory, and defined to three procedures of metrics: measures development, measurement implement and measurement outcome evaluation. Then, through researching from IDS operations security propose the element of IDS operations security. Contrapose this fundamental problem of metrics development,a model of metrics development is given. In measures development process, the Fault Tree Analysis method is used for confirm IDS security countermeasures.Analysed the types of IDS security countermeasures and metrics information requirement of IDS operations security.And then,introduced the emploder and designing of metric indicators and its measurement methods. As to the character of repository,a CVE based measurement method is designed for measuring policy compliance and an Information-Theoretic. As to detection capability,base on the information entropy method synthetically analysis the impact of detection capability through intrusion rate、False-Positive rate and False-Negative rate.As to Security Mechanisms,measured by analysising the protect quality.As to security reinforcement,measured based on penetration test method of vulnerability scan,and initially verificated in the real campus network entironment.Finally, a database based measurement assistant system is designed in the need of data processing and management in the measurement process.
论文探讨了IDS运行安全的度量开发技术与实践问题。首先,在对现有信息安全度量理论与实践的研究基础上,总结了安全度量的基本问题,给出了安全度量原理,明确了度量开发、度量执行以及度量结果评价三个阶段的度量过程。其次,从分析IDS运行安全因素入手,给出了IDS运行安全要素,针对度量开发这一基础性的问题,给出了开发模型,提出了基于故障树分析的IDS安全控制措施的确定方法,并分析了IDS安全控制措施类型和IDS运行安全的度量信息需求。然后,阐述了度量指标及其测量方法的开发与设计,对于知识库特性,提出一种通过以CVE为中介比较IDS知识库和安全策略的符合性的方法来度量;对于检测能力,采用基于信息熵理论的方法来综合分析入侵率、误报率以及漏报率对检测能力的影响;对于安全机制,通过分析其提供的保护质量来度量;对于安全加固,通过基于漏洞扫描的渗透测试方法来度量,同时结合园区网实际环境进行了初步验证。最后,针对安全度量过程中的数据处理和管理需求,描述了基于数据库系统的度量辅助系统的设计和实现。
Information Security Metrics is a quantitative and objective description of the Information Security related quality. It represents the security level of a system operation in specific environment, is a tool to assess the security of a system and the capability of a product. The Security Management Measurement of Security Product is a necessary mean to improve security management process and its quality of service. The Security Management Measurement of Security Product is a nodus in the research on Information Security Metrics.
This dissertation discussed the measurement development and practice problem of IDS operations security. Firstly, based on the research of the concept and the practice issues of Information Security Metrics, summarized the fundamental problem of security metrics and proposed the security metrics theory, and defined to three procedures of metrics: measures development, measurement implement and measurement outcome evaluation. Then, through researching from IDS operations security propose the element of IDS operations security. Contrapose this fundamental problem of metrics development,a model of metrics development is given. In measures development process, the Fault Tree Analysis method is used for confirm IDS security countermeasures.Analysed the types of IDS security countermeasures and metrics information requirement of IDS operations security.And then,introduced the emploder and designing of metric indicators and its measurement methods. As to the character of repository,a CVE based measurement method is designed for measuring policy compliance and an Information-Theoretic. As to detection capability,base on the information entropy method synthetically analysis the impact of detection capability through intrusion rate、False-Positive rate and False-Negative rate.As to Security Mechanisms,measured by analysising the protect quality.As to security reinforcement,measured based on penetration test method of vulnerability scan,and initially verificated in the real campus network entironment.Finally, a database based measurement assistant system is designed in the need of data processing and management in the measurement process.
引文
[1]王代潮,曾德超,刘岩.信息安全管理平台理论与实践[M].北京:电子工业出版社,2007.
[2]吕欣.信息系统安全保障理论与评价指标体系[J].微电子学与计算机,2006, 10: 10-12.
[3]吕欣.信息系统安全度量理论和方法研究[J].计算机科学,2008, 11: 42-44.
[4]胡昌振.网络入侵检测原理与技术[M].北京:北京理工大学出版社,2006: 211-214.
[5] Karen Scarfone, Peter Mell.Guide to Intrusion Detection and Prevention Systems[R/OL].NIST Special Publication 800-94: http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf, 2007,2.
[6] Nancy G. Leveson. A Systems-Theoretic Approach to Safety in Software-Intensive Systems[J]. IEEE Transactions on Dependable and Secure Computing, 2004,1-3:66-86.
[7] Ronda Hennning, Rayford B. Vaughn, Ambarren Siraj. Information Assurance Measures and Metrids-State of Practice and Proposed Taxonomy[J]. Proceedings of the 36th Hawaii International Conference on System Sciences(HICSS’03). IEEE Computer Society, 2002.
[8] Marianne Swanson, et al. Security Metrics Guide for Information Technology Systems[R/OL]. NIST Special Publication 800-55: http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf, 2003,7.
[9] Elizabeth Chew, Marianne Swanson, Kevin Stine, et al. Performance Measurement Guide for Information Security (DRAFT)[R/OL]. NIST Special Publication 800-55 Revision 1 (DRAFT): http://csrc.nist.gov/ publications/PubsDrafts.html#SP-800-55-Rev.%201, 2007,9.
[10] CISWG(USA). Report of the Best Practices and Metrics Teams[R/OL]: http://www.cisecurity.org/ Documents/BPMetricsTeamReportFinal111704Rev11005.pdf, 2004,7.
[11] ISSEA. ISSEA Metrcs[R/OL]. http://www.incits.org/tc_home/CS1/2005docs/cs1050045. pdf, 2005.
[12]中国认证认可信息网.ISMS标准体系-ISO/IEC 27000族简介[EB/OL]. http://www.cnca. gov.cn/ caitbbs/forum.jsp?forumID=81, 2007.
[13] Metricon3.0. Metricon3.0 Agenda [EB/OL]. http://www.securitymetrics.org/content/Wiki.jsp?page= Metricon3.0, 2008,8.
[14] Andrew Jaquith(著),李冬冬,韦荣(译).安全度量——量化、分析与确定企业信息安全效能[M].北京:电子工业出版社,2007.
[15] John Murdoch. PSM Security Measurement White Paper V3.0[R/OL]. http://www.psmsc.com/ Downloads/TechnologyPapers/SecurityWhitePaper_v3.0.pdf, 2006,1.
[16] Nadya Bartol, BoozAllen Hamilton, et al. Practical Measurement framework for Software Assurance and Information Security(Draft) [R/OL]. http://www.psmsc.com/Downloads/TechnologyPapers/Security WhitePaper_v3.0.pdf. 2008.10.
[17]马芳.基于计量学的信息安全测量模型探讨[J].信息安全与通信保密,2008.6:27-30.
[18]江常青.信息系统安全测度[J].国家信息安全测评认证,2008,3:17-20.
[19]刘学忠,刘增良,余达太.基于AHP度量模型的安全管理度量方法[J].微计算机信息,2007,23:33-34.
[20]李婕娜,陈德运.基于证据理论的信息安全管理度量[J].哈尔滨理工大学学报,2008,2:29-31.
[21]崔宝灵,张洁,杨昌.系统安全工程能力成熟模型安全度量研究[J].哈尔滨工业大学学报,2003,3:293-297.
[22]闫强.信息系统安全评估研究[D].北京大学,2003,5.
[23] N.Puketza, Mandy C, Ronald A O.A Software Platform for Testing Intrusion Detection Systems [J]. IEEE Software, 1997, 14:43-51.
[24] Lippmann R, Fried D, Graf I.Evaluating Intrusion Detection System: the 1998 DARPA Off-Line Intruion Detection Evaluation[C].In: Proceedings of the2000 DARPA Information Survivabililty Conforence, Hilton Head: IEEE.2000, 2:1012-1035.
[25] Lippmann R,Haines J,Fried D.The 1999 DARPA Off-Line Intrusion Detection Evaluation[J].Computer Networks,2000,34(4):579-595.
[26] Frederic Massicotte, Francois Gagnon, Yvan Labiche Automatic Evaluation of Intrusion Detection Systems[C]. Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC'06), IEEE Computer Society, 2006
[27] Jacob W.Ulvila, John E.Gaffney. Evaluation of intrusion detection systems [J]. Journal of Research of the National Institute of Standards and Technology, 2003, Vol.108, No.6.
[28] Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee and Boris Skoric. Measuring intrusion detection capability: an information-theoretic approach[C]. In Proceedings of the 2006 ACM Symposium on information, Computer and Communications Security, 90-101.
[29] Fink, G.A., Chappell, B.L., Turner, T.G., O'Donoghue, K.F. A Metrics-Based Approach to Intrusion Detection System Evaluation for Distributed Real-Time Systems[C]: Parallel and Distributed Processing Symposium International, http://people.cs.vt.edu/~finkga/published/WPDRTS-paper-Jan02.pdf 2002.
[30] Junfend Tian, Tao Liu, Hongqiang Jiao. Entropy Weight Coefficient Method for Evaluating Intrusion Detection Systems[C]. International Symposium on Electronic Commerce and Security, IEEE Computer Society, 2008, 592-598.
[31]江常青.一种基于系统安全性差距分析的风险评估尺度和方法[J].电子学报,2006,12A:2556-2559
[32]杨涛,黄健柏.基于AHP算法和SPC的软件过程度量方法的研究[J].计算机应用,2006, 26(10):2476-2479.
[33] ISO/IEC 15939:2007(E), Systems and software engineering—Measurement process[S]. Switzerland, ISO:3, 20.
[34]赵文.信息安全保障度量及综合评价研究[D].四川大学数学学院,2006.
[35] Ron Ross, Stu Katzke, Arnold Johnson, et al. Recommended Security Controls for Federal Information Systems[R/OL]. NIST Special Publication 800-55: http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2- final.pdf, 2007, 12.
[36] Peter Mell, Karen Scarfone, Sasha Romanosky. A Complete Guide to the Common Vulnerability Scoring System Version 2.0[EB/OL]: http://www.first.org/cvss/cvss-guide.html, 2007.
[37] Karen Scarfone, Peter Mell. The Common Configuration Scoring System (CCSS) (DRAFT)[R/OL]. NIST Interagency Report 7502 (Draft): http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-7502, 2008, 5.
[38] Algirdas Aviaienis, Jean-Claude Laprie, Brian Randell, Carl Landwehr. Basic Concepts and Taxonomy of Dependable and Secure Computing [J]. IEEE Transactions on Dependable and Secure Computing, 2004, 1(1): 11-33.
[39] GB/T 20275—2006.信息安全技术入侵检测系统技术要求和测试评价方法[S].北京:中华人民共和国国家质量监督检验检疫总局,中国国家标准化管理委员会, 2006.
[40]吴世忠.信息安全测评认证理论与实践[M].北京:中电电子出版社, 2006.06:
[41] George A. Hazelrigg(著),代振宇,王松(译).系统工程——基于信息的设计方法[M].北京:清华大学出版社, 2003: 3.
[42] E. Kuiper, P. llaneza. Draft Text for ISO/IEC 3rd WD 27004, Information technology—Security techniques—Information security management measurements[R/OL]: http://www.ni.din.de/sc27, 2006.
[43]张凤景,任爱华.一种目标与信息共同驱动的度量模型[J].计算机应用, 2007, 27(2): 389-393.
[44] Shirley.A Guide to Security Metrics[J].SANS Institute 2007.
[45] Joyce Statz. Measurement Guidance for Process Improvement V1.0 [R/OL]: http://www.psmsc.com/ Downloads/TechnologyPapers/PI_Measurement_v1.0.pdf, 2005.
[46] Peter Mell, Tim Grance. Use of the Common Vulnerabilities and Exposures(CVE)Vulnerability Naming Scheme[R/OL]. NIST Special Publication 800-51: http://csrc.nist.gov/publications/nistpubs/800-51/ sp800-51.pdf, 2002.
[47]陈旭晔.计算机公共弱点/风险(cve)体系结构的研究[J].哈尔滨理工大学学报, 2003, (4): 67-70.
[48] Matt Bishop(著),王立斌,黄征,等(译).计算机安全学——安全的艺术与科学[M].北京:电子工业出版社, 2005: 6.
[49]杨晓彦.网络安全漏洞信息系统的研究[D].西安:西安电子科技大学, 2007.
[50]杨涛.基于规避的IDS测试技术研究[D].郑州:解放军信息工程大学, 2008.
[51]杨望,龚俭,吴雄.基于同步点的IDS评估评分方法[J].通信学报, 2008, 29(9): 1-9.
[52]林闯,肖岩平,王元卓,曾荣飞.网络保护质量研究[J].计算机学报, 2008, 31(10): 1667-1678.
[53] Chui Sian Ong, Klara Nahrstedt and wanghong Yuan. Quality of Protection for Mobile Multimedia Applications [J]. IEEE, 2003: 137-140.
[54] Ear Carter(编),周兴围,张宜春,孙兆欣(译).CCSP自学指南: Cisco安全入侵检测系统(CSIDS)(第二版)[M].北京:人民邮电出版社, 2005.
[55]许正强.网络信息安全渗透测试平台研究[D].广东工业大学, 2008.
[56]肖晖,张玉清.Nessus插件开发及实例[J].计算机工程, 2007, 33(2): 241-243.
[57] SEBUG Security Database [EB/OL]: http://www.sebug.net/, 2009.
[58] NIST (USA). National Vulnerability Database [EB/OL]: http://nvd.nist.gov/home.cfm, 2009.
[59]王明兰,叶东升.测试用例描述语言研究[J].计算机工程与设计, 2006, 27(22): 4281-4284.
[60]赵阔,胡亮,李博,等.基于CASL的入侵检测系统测试[J].吉林大学学报(信息科学版), 2005, 23(1): 50-58.
[61]萨师煊,王珊.数据库系统概论(第三版)[M].北京:高等教育出版社, 2000: 85.
[2]吕欣.信息系统安全保障理论与评价指标体系[J].微电子学与计算机,2006, 10: 10-12.
[3]吕欣.信息系统安全度量理论和方法研究[J].计算机科学,2008, 11: 42-44.
[4]胡昌振.网络入侵检测原理与技术[M].北京:北京理工大学出版社,2006: 211-214.
[5] Karen Scarfone, Peter Mell.Guide to Intrusion Detection and Prevention Systems[R/OL].NIST Special Publication 800-94: http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf, 2007,2.
[6] Nancy G. Leveson. A Systems-Theoretic Approach to Safety in Software-Intensive Systems[J]. IEEE Transactions on Dependable and Secure Computing, 2004,1-3:66-86.
[7] Ronda Hennning, Rayford B. Vaughn, Ambarren Siraj. Information Assurance Measures and Metrids-State of Practice and Proposed Taxonomy[J]. Proceedings of the 36th Hawaii International Conference on System Sciences(HICSS’03). IEEE Computer Society, 2002.
[8] Marianne Swanson, et al. Security Metrics Guide for Information Technology Systems[R/OL]. NIST Special Publication 800-55: http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf, 2003,7.
[9] Elizabeth Chew, Marianne Swanson, Kevin Stine, et al. Performance Measurement Guide for Information Security (DRAFT)[R/OL]. NIST Special Publication 800-55 Revision 1 (DRAFT): http://csrc.nist.gov/ publications/PubsDrafts.html#SP-800-55-Rev.%201, 2007,9.
[10] CISWG(USA). Report of the Best Practices and Metrics Teams[R/OL]: http://www.cisecurity.org/ Documents/BPMetricsTeamReportFinal111704Rev11005.pdf, 2004,7.
[11] ISSEA. ISSEA Metrcs[R/OL]. http://www.incits.org/tc_home/CS1/2005docs/cs1050045. pdf, 2005.
[12]中国认证认可信息网.ISMS标准体系-ISO/IEC 27000族简介[EB/OL]. http://www.cnca. gov.cn/ caitbbs/forum.jsp?forumID=81, 2007.
[13] Metricon3.0. Metricon3.0 Agenda [EB/OL]. http://www.securitymetrics.org/content/Wiki.jsp?page= Metricon3.0, 2008,8.
[14] Andrew Jaquith(著),李冬冬,韦荣(译).安全度量——量化、分析与确定企业信息安全效能[M].北京:电子工业出版社,2007.
[15] John Murdoch. PSM Security Measurement White Paper V3.0[R/OL]. http://www.psmsc.com/ Downloads/TechnologyPapers/SecurityWhitePaper_v3.0.pdf, 2006,1.
[16] Nadya Bartol, BoozAllen Hamilton, et al. Practical Measurement framework for Software Assurance and Information Security(Draft) [R/OL]. http://www.psmsc.com/Downloads/TechnologyPapers/Security WhitePaper_v3.0.pdf. 2008.10.
[17]马芳.基于计量学的信息安全测量模型探讨[J].信息安全与通信保密,2008.6:27-30.
[18]江常青.信息系统安全测度[J].国家信息安全测评认证,2008,3:17-20.
[19]刘学忠,刘增良,余达太.基于AHP度量模型的安全管理度量方法[J].微计算机信息,2007,23:33-34.
[20]李婕娜,陈德运.基于证据理论的信息安全管理度量[J].哈尔滨理工大学学报,2008,2:29-31.
[21]崔宝灵,张洁,杨昌.系统安全工程能力成熟模型安全度量研究[J].哈尔滨工业大学学报,2003,3:293-297.
[22]闫强.信息系统安全评估研究[D].北京大学,2003,5.
[23] N.Puketza, Mandy C, Ronald A O.A Software Platform for Testing Intrusion Detection Systems [J]. IEEE Software, 1997, 14:43-51.
[24] Lippmann R, Fried D, Graf I.Evaluating Intrusion Detection System: the 1998 DARPA Off-Line Intruion Detection Evaluation[C].In: Proceedings of the2000 DARPA Information Survivabililty Conforence, Hilton Head: IEEE.2000, 2:1012-1035.
[25] Lippmann R,Haines J,Fried D.The 1999 DARPA Off-Line Intrusion Detection Evaluation[J].Computer Networks,2000,34(4):579-595.
[26] Frederic Massicotte, Francois Gagnon, Yvan Labiche Automatic Evaluation of Intrusion Detection Systems[C]. Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC'06), IEEE Computer Society, 2006
[27] Jacob W.Ulvila, John E.Gaffney. Evaluation of intrusion detection systems [J]. Journal of Research of the National Institute of Standards and Technology, 2003, Vol.108, No.6.
[28] Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee and Boris Skoric. Measuring intrusion detection capability: an information-theoretic approach[C]. In Proceedings of the 2006 ACM Symposium on information, Computer and Communications Security, 90-101.
[29] Fink, G.A., Chappell, B.L., Turner, T.G., O'Donoghue, K.F. A Metrics-Based Approach to Intrusion Detection System Evaluation for Distributed Real-Time Systems[C]: Parallel and Distributed Processing Symposium International, http://people.cs.vt.edu/~finkga/published/WPDRTS-paper-Jan02.pdf 2002.
[30] Junfend Tian, Tao Liu, Hongqiang Jiao. Entropy Weight Coefficient Method for Evaluating Intrusion Detection Systems[C]. International Symposium on Electronic Commerce and Security, IEEE Computer Society, 2008, 592-598.
[31]江常青.一种基于系统安全性差距分析的风险评估尺度和方法[J].电子学报,2006,12A:2556-2559
[32]杨涛,黄健柏.基于AHP算法和SPC的软件过程度量方法的研究[J].计算机应用,2006, 26(10):2476-2479.
[33] ISO/IEC 15939:2007(E), Systems and software engineering—Measurement process[S]. Switzerland, ISO:3, 20.
[34]赵文.信息安全保障度量及综合评价研究[D].四川大学数学学院,2006.
[35] Ron Ross, Stu Katzke, Arnold Johnson, et al. Recommended Security Controls for Federal Information Systems[R/OL]. NIST Special Publication 800-55: http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2- final.pdf, 2007, 12.
[36] Peter Mell, Karen Scarfone, Sasha Romanosky. A Complete Guide to the Common Vulnerability Scoring System Version 2.0[EB/OL]: http://www.first.org/cvss/cvss-guide.html, 2007.
[37] Karen Scarfone, Peter Mell. The Common Configuration Scoring System (CCSS) (DRAFT)[R/OL]. NIST Interagency Report 7502 (Draft): http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-7502, 2008, 5.
[38] Algirdas Aviaienis, Jean-Claude Laprie, Brian Randell, Carl Landwehr. Basic Concepts and Taxonomy of Dependable and Secure Computing [J]. IEEE Transactions on Dependable and Secure Computing, 2004, 1(1): 11-33.
[39] GB/T 20275—2006.信息安全技术入侵检测系统技术要求和测试评价方法[S].北京:中华人民共和国国家质量监督检验检疫总局,中国国家标准化管理委员会, 2006.
[40]吴世忠.信息安全测评认证理论与实践[M].北京:中电电子出版社, 2006.06:
[41] George A. Hazelrigg(著),代振宇,王松(译).系统工程——基于信息的设计方法[M].北京:清华大学出版社, 2003: 3.
[42] E. Kuiper, P. llaneza. Draft Text for ISO/IEC 3rd WD 27004, Information technology—Security techniques—Information security management measurements[R/OL]: http://www.ni.din.de/sc27, 2006.
[43]张凤景,任爱华.一种目标与信息共同驱动的度量模型[J].计算机应用, 2007, 27(2): 389-393.
[44] Shirley.A Guide to Security Metrics[J].SANS Institute 2007.
[45] Joyce Statz. Measurement Guidance for Process Improvement V1.0 [R/OL]: http://www.psmsc.com/ Downloads/TechnologyPapers/PI_Measurement_v1.0.pdf, 2005.
[46] Peter Mell, Tim Grance. Use of the Common Vulnerabilities and Exposures(CVE)Vulnerability Naming Scheme[R/OL]. NIST Special Publication 800-51: http://csrc.nist.gov/publications/nistpubs/800-51/ sp800-51.pdf, 2002.
[47]陈旭晔.计算机公共弱点/风险(cve)体系结构的研究[J].哈尔滨理工大学学报, 2003, (4): 67-70.
[48] Matt Bishop(著),王立斌,黄征,等(译).计算机安全学——安全的艺术与科学[M].北京:电子工业出版社, 2005: 6.
[49]杨晓彦.网络安全漏洞信息系统的研究[D].西安:西安电子科技大学, 2007.
[50]杨涛.基于规避的IDS测试技术研究[D].郑州:解放军信息工程大学, 2008.
[51]杨望,龚俭,吴雄.基于同步点的IDS评估评分方法[J].通信学报, 2008, 29(9): 1-9.
[52]林闯,肖岩平,王元卓,曾荣飞.网络保护质量研究[J].计算机学报, 2008, 31(10): 1667-1678.
[53] Chui Sian Ong, Klara Nahrstedt and wanghong Yuan. Quality of Protection for Mobile Multimedia Applications [J]. IEEE, 2003: 137-140.
[54] Ear Carter(编),周兴围,张宜春,孙兆欣(译).CCSP自学指南: Cisco安全入侵检测系统(CSIDS)(第二版)[M].北京:人民邮电出版社, 2005.
[55]许正强.网络信息安全渗透测试平台研究[D].广东工业大学, 2008.
[56]肖晖,张玉清.Nessus插件开发及实例[J].计算机工程, 2007, 33(2): 241-243.
[57] SEBUG Security Database [EB/OL]: http://www.sebug.net/, 2009.
[58] NIST (USA). National Vulnerability Database [EB/OL]: http://nvd.nist.gov/home.cfm, 2009.
[59]王明兰,叶东升.测试用例描述语言研究[J].计算机工程与设计, 2006, 27(22): 4281-4284.
[60]赵阔,胡亮,李博,等.基于CASL的入侵检测系统测试[J].吉林大学学报(信息科学版), 2005, 23(1): 50-58.
[61]萨师煊,王珊.数据库系统概论(第三版)[M].北京:高等教育出版社, 2000: 85.