The Security Monitoring And Risk Assessment Of Information System Based On The Supervisory Control Theory

In computer and network system environment, as the real-time reflection of the system status, events come out when an isolate entity is running or an interactive entity is communicating with others. The International Organization for Standardization has added a significant means of security management in ISO 17799:2005, which is the management of the information security events, compared to its former standards. However, the large scale and complex architecture of today's computer networks, the variant network attacks and the exploit of the individual application software, operating systems and network protocols, they all increase the difficulties of event-based information security management. The large amount of the events and complicate relationship between them as well as the variance of the event format are the main problems.Discrete Event Dynamical System (DEDS) is a kind of system whose states are driven by a series of related events. These so-called events happen not continuously but on discrete time points. As a branch of the DEDS, the Supervisory Control Theory (SCT), which is represented by formal language and automata, is pioneered by Ramadge and Wonham from University of Toronto in 1987. They transplanted the main concepts of the modern control theory to form a unique theory system which offered a good method to study the discrete event system at a logic level. So far, the theory has been successfully implemented on Computer Aided Manufacturing (CAM), network communication, and database management etc.This thesis applies the SCT to the management of the information security events. The author first defines the Meta-event of information system. Then he brings forward some SCT-based security monitoring and risk assessing procedures. He also uses a simple example of user logging in to explain and validate the procedures. At last, a discrete event-based security monitoring and risk assessing model is designed, and also some implementation and test issues are given.The thesis is based on the project whose name is'version 2 of Security Operation Console (SOC) intelligent management and control system', and the methods mentioned in the thesis are applied to the management and control of the security events of the computer and network system.