The Research And Design For Network Security Risk Assessment Technology Based On Plug-in

With the development of network technology, the network system has been widely used in the industrial, commercial, government and defense sector, the community's dependence on computer networks is also growing. Network security issues bearing on social stability and economic development. In the study of network security, security experts have a profound understanding:traditional network security assessment technology has been unable to meet current security requirements; the face of a complex network environment, any single security measure can not provide comprehensive security.At present, the domestic and international research on network security risk assessment is in the independent state, without a unified security standards and algorithms to quantify, they are in their groping. It is unable to fully enhance the security assessment technology.First, this paper has deep studied network security risk assessment method and process. Based on fuzzy matrix, this paper has established network security risk assessment model. Under the new model, it can carry out more rapid and comprehensive network security risk assessment. The more focused and more accurate assessment results will be got considering the other risk factors.Second, this paper compares the two methods of network vulnerability scanning, and then the plug-in technology and the current mainstream network resources monitoring technology are analyzed.Third, the easily expandable network security risk assessment system is designed and implemented. The information database, plug-in database and security policy database are given. The vulnerability is reclassified based on the related of vulnerability. And then vulnerability category scanning plug-in and plug-in library are developed, executing specific security vulnerability scanning according to the actual demands. The complexity of the attacks, the dangerous of vulnerability, the timeliness of vulnerability, the difficult to fix the vulnerability are used to determine the level of risk, providing a reference for the entire network security risk assessment. Network security risk assessment system based on plug-in including: asset identification module, the threat identification module, vulnerability classification scanning module, vulnerability identification module, risk assessment module, the assessment report module, security policy module, the user management module.Finally, test the network security risk assessment system based on plug-in, and evaluation results are analyzed and compared.The innovations of this thesis are as follows:1. The network security risk assessment model based on fuzzy matrix comprehensive analysis is designed. Using the matrix to calculate risk values and get a more objective assessment results. Based on the assessment report, a solution is proposed to ensure network security.2. According to the vulnerability correlation, the vulnerabilities are re-classed. A vulnerability risk assessment model which based on the complexity of the attacks, the dangerous of vulnerability, the timeliness of vulnerability, the difficulty to fix the vulnerability is defined. The risk values are calculated more accurately, which provides the basis for network security risk assessment.3. The network security risk assessment system based on plug-in is designed and implemented. The plug-in library is given which provides the function of more targeted vulnerability classification and saves more time for the network security risk assessment, then the fast and accurate risk assessment services will be given.