| With the fast development of network technology, information spreads rapidly by the aid of network and the security of information system suffers from various threats. Thus, how to ensure the security of information systems is increasingly on the agenda. In recent years, the network technologies have been applied to many areas, such as electronic commerce, electronic bank, electronic voting, and so on. These application services consist of the network devices and the computer hosts. It is very important to protect these application services and network devices. To guard against the malicious attackers, some commercial hardware and software are designed, such as the firewall systems, the intrusion detection systems, the virus protection software, the vulnerability scanning software, and so on. All these protection measures can potentially help organizations to reduce security risks. However, before any protection decision, it is essential that an organization first possess a clear understanding of their security risks. Risk assessment of network security helps to achieve this goal. The main activities of risk assessment involve identifying and classifying organizational IT security risks, and adopting appropriate strategies to mitigate the risks.Research of risk assessment has traditionally focused on the development of methods, tools and standards for manual risk assessment. However, the methods of traditional risk assessment are almost static, which can only make a rough estimate of the security risk, and cannot real-time evaluate the security risk when the network is encountering the attacks. Therefore, when some hosts suffer from network intrusions, they cannot real-time adjust their defense strategies to decrease the losses minimally. In order to solve the problems of static network risk assessment, real-time dynamic network risk assessment has been bringed forward and become a hot spot in the research of network security currently. Generally speaking, a real-time dynamic network risk assessment relies on a good risk assessment model. Currently, there are still some problems in dynamic network risk assessment model, such as insufficient knowledge representation and processing capabilities, lack of certain learning mechanism, and so on.In this paper, we study the related technologies of current network risk assessment, especially analyze the existing problems of current dynamic network risk assessment model, and propose a novel real-time dynamic network risk assessment model based on Color Petri Nets. Our model has sloved above some problems of current dynamic network risk assessment model.The main contents and contributions of this paper are as follows:(1) We summarize systematically the main network security threats, the basic requirement and goal of network security, and the domestic and international development of methods and technologies for network risk assessment.(2) In the risk analysis phase, we propose a new dynamic rule generation algorithm for intrusion detection system. The algorithm is different from the traditional mining methods. It does not need to build frequent itemsets and can real-time, dynamic and efficient handling of large data sets. We can real-time extract the valid detection rules from network attack streams by applying this algorithm. Moreover, this algorithm can improve the detection abilities of anomaly and novel attacks by applying new mining detection rules into the intrusion detection system. This algorithm also establishes the foundation for automatic production of our forensic expert knowledge base.(3) In the risk assessment phase, we propose a novel dynamic network risk assessment model based on Color Petri Nets. This model mainly has the following characteristics: firstly, our model can real-time analyze and assess the network security risks; secondly, our model decreases the data of risk anlysis by alert aggregation and attack scenarios generation; thirdly, our model establishes the causal analysis of the attacks, and can real-time generate the attack Petri Nets. We can easily acquire the risk source and the attack process from the attack Petri Nets; fourthly, our model overcomes some shortcomings of traditional network risk assessment, such as low detection, slow analysis and processing capacity, poor readility and comprehension and etc.; finally, our model provides a risk forcast method that can find the potential risks of network systems in time.(4) In the risk forensic phase, we propose a novel and valid network security forensic model based on the multiple criterias forensics, fuzzy logic and expert system. This model mainly has the following characteristics: firstly, our forensic method guarantees the evidence reliability as far as possible by colleting different forensic information of different forensic data sources; secondly, our forensic method can analyze computer crimes in networked environment and make electronic evidences automatically. Our forensic method has established the solid foundation for the auditing, tracing and judgment of our risk assessment results, and consummated the entire process of our risk assessment.
|
PDF Full Text Request