Research On Survivability Assessment And Analysis Of Network System

Recently, with the development of the size and application of the internet, its fundamental and overall positions and roles are increasingly strengthened. However, the fact that network structure is becoming more and more complex and immense puts pressure on the traditional network security technology. Traditional network security protection and study couldn't have met the demands of internet development, therefore, a new basic principles and methodology is urgently in demand, which is the new trend in network security—the research on survivability. Network survivability includes survivability analysis stage and survivability design realization stage. Network system survivability analysis can explain well the safety state of the system and can provide guidance to the survivability design realization. It stands in the key status, and is the preliminary stage of establishing survivability network system. In order to establish a survivability network system well, it is a necessity to have a further research on network system survivability analysis.At present, all sorts of quantitative analysis and qualitative analysis to network system survivability have become an extremely important challenging subject. Studies in recent years show that qualitative analysis methods of network system survivability applied in engineering have made their appearance. Although by qualitative analysis an overall understanding of the system can be obtained, and a detailed improvement suggestion can be provided for developers, it can not give the specific metric value of survivability or accurate mathematical expressions, and a direct message reflection and feedback can not be provided, and as a result a clear judgment can not be made. While by quantitative assessment some study results can be obtained, but mostly they are the assessment frame obtained by researchers'subjective understanding and thoughts, lack of unified and generally-accepted standard, and what is more, it is orientated to parts of the system or specified system, and a set of systematical methods are still yet to be made.On the basis of the study results by absorbing network system survivability in and abroad, this thesis compares the security, fault-tolerant, dependability, risk-assess and QoS of network system survivability, and confirm survivability's definition. A study is made to measurement standards and main attributes which influence network system survivability. Afterwards, two parts are made.The first part, which combines the advantages of SNA qualitative analysis and quantitative analysis, introduces network attack and fault graph into survivability analysis, and raises a network system survivability analysis frame.According to the specific information of network system, modeling of network system is made. Based on the requirements of survivability analysis, network system is modeled into network system vulnerability and rules of using it, network system resources, network connections, network system threat and network system manager, and these five parts describe network system. After the study on the merits and demerits of the main representation methods of attack graph both in and abroad, an appropriate representation method of attack and fault graph are presented. In this thesis, based on the established network model, realizes a forward and depth-first attack route generation algorithm, which is used to attack and fault graphs to describe changes of events, therefore, to describe the changes of the situation of network system. After the generation of attack and fault graphs, the thesis use Markov process to analyze the state change probability of attack and fault graphs and accessibility from initial state to each node. Based on the transfer probability and accessibility, the thesis proposes calculation functions four indexes (3R1A) and the survivability value of network system is obtained. The thesis adopts an experiment to realize the prototype system of network survivability quantitative analysis, giving the main method description and data structure used in the program. Through an experimental analysis and quantitative calculation, the rationality and validity of the frame presented are shown.The presentation of this frame makes up for the defects that SNA analysis frame can not give a reliable integrated property evaluation of mathematical model.The second part, after the analysis and study of network system survivability comprehensive evaluation model in and abroad, analyzes the fuzziness of network system survivability and draws lesson from the effectiveness of BP neutral network to function approximation, presenting a survivability comprehensive evaluation model based on fuzzy neutral network.The four key attributes of network system are defined as elements of network survivability capability assessment factor set, and are divided in terms of index set in order to establish hierarchical structure of network system survivability assessment index, and then to have a fuzzy quantitative calculation of every network system index's value. To establish a BP neural network in terms of the actual situation, and to divide the quantitative- calculated index set value into training samples and testing samples to train and test BP neural network. Through the iterative algorithm of neural network to make the error between the neural network's output and the actual survivability assessment value is lower to a satisfying degree. Therefore, stable neural network structure and connection weight values are obtained. Through the study and train of samples, integrated neural network with multilevel fuzzy judgment realizes the adaptation of network system survivability analysis and assessment, therefore, to realize the survivability analysis and assessment to the untrained data. Afterwards, the simulation in MATLAB was made, extracting validexperiment data, and the specific structure of BP neural network was given. The simulation results show that the survivability comprehensive assessment based on neural network which is described by the thesis is feasible and valid.In the survivability quantitative calculation process of network system, the introduction of neural network intelligent control algorithm promotes validity of survivability assessment of the system and improves practical maneuverability.