层次化网络安全威胁态势量化评估方法论述.pdf

ISSN 1000-9825, CODEN RUXUEW E-mail: jos@ Journal of Software, Vol.17, No.4, April 2006, pp.885?897 DOI: 10.1360/jos170885 Tel/Fax: +86-10 ? 2006 by Journal of Software. All rights reserved. 层次化网络安全威胁态势量化评估方法 ? 陈秀真 1+, 郑庆华 1, 管晓宏 1,2, 林晨光 1 1(西安交通大学 网络化系统与信息安全研究中心 制造系统工程国家重点实验室,陕西 西安 710049) 2(清华大学 智能与网络化系统研究中心,北京 100084) Quantitative Hierarchical Threat Evaluation Model for Network Security CHEN Xiu-Zhen1+, ZHENG Qing-Hua1, GUAN Xiao-Hong1,2, LIN Chen-Guang1 1(State Key Laboratory of Manufacturing System, Center for Networked Systems and Information Security, Xi’an Jiaotong University, Xi’an 710049, China) 2(Center for Intelligent and Networked Systems, Tsinghua University, Beijing 100084, China) + Corresponding author: Phn: +86-29 Fax: +86-29 E-mail: chenxz@ Chen XZ, Zheng QH, Guan XH, Lin CG. Quantitative hierarchical threat evaluation model for network security. Journal of Software, 2006,17(4):885?897. /1000-9825/17/885.htm Abstract: Evaluating security threat status is very important in network security management and analysis. A quantitative hierarchical threat evaluation model is developed in this paper to evaluate security threat status of a computer network system and the computational method is developed based on the structure of the network and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The threat indexes of services, hosts and local networks are calculated by weighting the importance of services and hosts based on attack frequency, severity and network bandwidth consumption, and the security threat status is then evaluated. The experiment results show that this model can provide the intuitive security threat status in three hierarchies: services, hosts and local networks so that system administrators are freed from tedious analysis tasks based on the alarm datasets to have overall security status of the