| The Internet has brought great changes to people's lives. It makes people's lives more convenient. It has also brought far-reaching impact to the development of the national and society. However, while it brings progress to human society, it also brings a lot of sufferings and disaster to the nation, the society, companies and individuals.According to relevant statistics, network security problems have caused billions of dollars in economic losses globally every year. They have a great influence on the national security, social stability and people's lives. Nevertheless, most of them are artificial network attacks. Therefore, network security situation evaluation has become one of the hot research domains in information security in recent years.Form the perspective of TCP layer, this paper researched the abnormal network behavior's affect on the fields of TCP layer. By backward reasoning, abnormal network behavior is inferred from the changes of protocol fields. Thus network security situation is evaluated. Given the fact that 90% of the network data stream is TCP flow, TCP protocol is mainly studied in this paper, and it will provide support for future research. The followings are the research results.Firstly, based on the subject's background and significance, this paper researched the generation and development of the network security evaluation, and the study status in domestic and abroad. Moreover, SOA technology and the development of the network evaluation software were also introduced in this paper.Secondly, technologies related to the network situation evaluation are introduced, including the related concepts, their development prospects, common means, principle and implementations of attack in TCP layer, and the concepts related to situation awareness and evaluation. The subject topic is elaborated.Thirdly, the network abnormal behavior is deeply analyzed, including the correlation coefficient, the coefficient matrix and the integrity and characteristics of TCP flows. The TCP flows and the choice of observer message are analyzed based on correlation coefficient matrix. Thus, it paved the way to analyze the factors of network security situation.Fourthly, how the abnormal behaviors of TCP flow affect the correlation coefficient was researched in this paper. How to get the network security situation index is also researched. And how the analytic hierarchy process applies is introduced.Finally, the design and implementation of the system and the verification experiment are finished, including the technologies of packet capture and analysis of protocol and so on. The verification experiment also proves the real-time feature and accuracy of this system. In addition, improvement scheme is given according to the shortcomings of the system. |
PDF Full Text Request