Research On Technologies In Quantitative Risk Assessment And Prediction Of Network Security

Nowadays, the Internet has become an important information infrastructure for our society. Security problems on the Internet have also become strategic challenges for national security. Therefore, studies on the theories and key technologies of risk assessment for network security have great theoretical significance and practical values.Due to the complex nonlinear system properties of the Internet, this dissertation makes attempts to study quantitative risk assessment for network security by making use of nonlinear system analysis and prediction techniques. It aims at exploring the complexity and uncertainty relationships among the elements in risk assessment and to establish a framework and method for quantitative risk assessment. Three aspects of research works are mainly conducted in this dissertation. One aspect is to introduce nonlinear system theories on chaos and fractal for complexity analysis of network threat frequencies and to reveal the essential characters in the network threat time series. The second aspect is to study nonlinear chaotic prediction methods for network threat frequencies. The third aspect is to design a prototype system for dynamic quantitative risk assessment of network security.The main results and contributions in this dissertation are as follows:(1) A design project of Dynamic quaNtitative network Security risk Assessment and Prediction (DN-SAP) engine was proposed, which can be integrated into the network infrastructure as a security component. Therefore, the ability of quantitative risk assessment of network security and early warning can be improved. In DN-SAP, a data collection system for network threat was designed and implemented. The data collection system was used in a local area network and a public network for half a year and for one month, respectively, and three real threat data sets were constructed for the research on network threat frequencies.(2) A fractal self-similarity analysis method for network threat time series based on the R/S (Rescaled range) analysis was proposed. Using this method, the Hurst exponent of the representative samples from the three data sets of network threat were computed and tested. It is verified that there exist statistic self-similarities in continuous and non-sparse discrete time series of network threat so that it will be feasible to predict. On the other hand, there is no statistic self-similarity in sparse discrete threat time series and it will be very difficult to predict.(3) A hybrid determination method of chaos for time series of network threat named Chaotic Model Sieve (CMS) was proposed based on metasynthesis many nonlinearity test methods such as reconstruction of phase space, power spectrum, maximum Lyapunov exponent, correlation dimension and phase randomization. It was shown that the proposed method can determine the properties of network threat time series effectively. The model selection problem for prediction of threats frequencies was also studied and a criterion for selecting random, deterministic and chaotic models was provided. The experimental results of testing the samples from network threat data sets by CMS show that the time series of network threat are chaotic.(4) A prediction method based on the divergence exponent of the best neighbor was proposed, which was aimed at improving the method based on the largest Lyapunov exponent. It is validated that the accuracy of the proposed method was higher than the primary method by contrast experiment of predicting the time series samples of the network threat frequencies. The experimental results of predicting the samples also show that the accuracy of chaotic prediction method exceeds the traditional statistical prediction method.(5) Based on the above works, architecture of Multilayer Cooperative dynamic Network Security quantitative Risk Assessment (MC-NSRA) was designed. The construction of the system is conformed to the self-similarity in the topology and traffic models of the Internet. In order to eliminate the "pseudo attack" caused by vulnerability scan in risk assessment system, a new concept of scan authority was proposed. The scan authority certificate and its management mechanism were designed based on the Attribute Certificate. It gives a new way to manage the vulnerability scan.The research work in this dissertation can be used to provide timely, quantitative prediction data of network threat for dynamic network security risk assessment, which provides valuable forecasting data for decision maker, and aid to establish effective defense strategy. It can be expected that the applications of the methods proposed in this dissertation will contribute to avoid economic losses from information damaged and high investments for unnecessary defense actions.