Research On Attack Damage Detection Techniques Based On Host

With the rapid progress in computer networks and information technology, Internet has become an important part of our daily life and information security becomes a serious problem. Information security evaluation guides system security that protects system. System anti-attack test is one of the important means that evaluate system security and it is testing capacity of a system anti-attack, estimating security level. This is one popular and new field of network security currently. Attack damage detection technique based on host research effective damage of host system after being attacked, while attack damage detection is important part of it.There is little research on attack damage detection at home and overseas and content of research often is attack damage detection of a certain aspect or rest on theory layer, defficult implementation. Evaluation of having bought forward Information security rules is not mature in theory and not strong at maneuverability. The technique research on attack damage detection can provide necessary and reliable information, then evaluates system capacity of anti-attack. On basis of summarizing, analyzing fussy AHP algorithm, the paper conducts such research and main contributes include several aspects as follows:(1) The establishment of one multi-factor fussy hierarchy evaluation module by fussy AHP, analyzes and detects host damage, finally quantifies degree of systematic damage.(2) By common rules of establishing factors, it brings forward factors of attack damage detection, by AHP educes weight matrix and hiberarchy of damage, and by combination rules of qualitative and quantitative methods gains the quantitative value of weight and evaluation matrix.(3) It recounts detection of integrity damage using md5 algorithm in detail; Information collection of host system, especially real-time state of memory and CPU application is source of availability damage detection; Systematic log and audit analysis is base of confidentiality damage detection.(4) It presents detection policy for the efficiency of integrity damage detection and measures availability damage detection by using sample mean and sample variance and common principles of confidentiality damage detection.As for above research, the innovation of this paper: it analyzes damage degree from integrity, availability and confidentiality. It presents concrete factors of three aspects and compute quantitative value by combination of fussy AHP, It applies sample mean and sample variance in probability for availability which make detection result plain and easy to implement.