| In the research of the network, usually the network is defined as information infrastructure which can not only meets people's practical application demands but also provides high-performance, high efficiency and flexible network services. Therefore, how to supply fast, flexible and efficient network services is becoming hot spot of the next generation network research. However, according to some statistics an increasing number of attacks which using network services or protocols'vulnerability attack on the network system and lead to offset or failure, causing a serious security problem. Introducing service-oriented thinking into the research field of network security situation assessment is a relatively new research direction.This paper carries out a qualitative description and quantitative analysis of service-level network security situation from a service-oriented perspective.The study content in the paper will contribute to making an accurate assessment of the global network system security as while as providing theoretical basis and technical support for follow-up security posture prediction or trend visualization. It will be facilitating for the network administrator to do timely adjustment of the security policies. The main contents of this paper are as follows: Firstly, the paper conducts a comprehensive study about the network security situation assessment and service-oriented technology in the field of security which including concepts description, research status and future development direction, and introduces several common network security situation assessment methodologies.Secondly, lacking of effective assessment method of service-level network security situation, event injection technique is introduced to select some important factors which affect service availability and performance, a three-level index system of service-level network security situation is also established.Thirdly, an service-level network security situation assessment method based on fuzzy analytic hierarchy process (FAHP) is presented, through calculates fuzzy maximum membership degree vector, a quantitative analysis on service-level network security situation is finally got. Experimental results illustrate the validity of the approach.Fourthly, the paper gives a detail description about the design of service-oriented network security assessment system (HYS system) and gives a specific realization.It describes the overall design concept, frame structure, workflow and key information features of the HYS system, shows the detailed design of the two main functional blocks: the HYS systems monitoring platform and the collecting agent, illustrates the extension functions in brief.Finally, comparative experiment shows that the HYS system is effective in the assessment of network security situation. Moreover, according to the inadequacies of the HYS system the paper proposes improvements in future. |
PDF Full Text Request