| With the continuous growth in the scale and complexity of computer systems, thenetwork security issues become the focus in the field of network security. At thebeginning of the computer network security is focusing on the integrity of theinformation, now it takes more attention on the integrity, availability, controllabilityand non-repudiation of information. And the main theory and technology are attacks,prevention, detection, control, and management and evaluation et.al. The networkevent detection and the security risk assessment are the basis and means of theprotection of network information security and normal operation. The traditionalprotection methods analysis and processes the operation status after the appearance ofattracts and threats. Thus, the network administrator difficult to really grasp thesecurity condition of the system. Therefore, to guarantee the security of the networksystem security and grasp the whole network security condition, the research on thedetection and evaluation of network security of the network security events is verynecessary. And autonomic computing is able to overcome the heterogeneity andcomplexity of the computing system. It deem to be a new and effective means torealize a system with the self-perception and self-evaluation.The existing network security events perception and network security evaluationtechnology were discussed in this paper. Concentrate on the deficiency in securitymanagement and the lack of adaptability of the network security event perception, theautonomic computing was introduced into the state perception. Besides, we used cloudmodel for network security risk assessment. And the main research work includes thethree aspects:(1) The basic theory and related methods of perception and evaluation wascomprehensively and systematically elaborated. Through the analysis of existingtechnology and method of system security assessment research, we introduced the necessity of establishing the network system with autonomic characteristics.(2) Focus on the current network events perceptual system lack of autonomy, weintroduce the autonomic computing and put forward a network security eventperceptual model. This model surrounds with self-managers and manages theresources by using the perception of policy. By fusing the engine to achieve self-learning, perception system security events, independent processing attacksinformation to achieve autonomy for the attack in response to aggressive behavior. Inthe perception of security incidents process, using principal component analysis toreduce the number of security elements characteristic spatial dimensions, using datafusion engine machine learning classification is inherently linked, to determine themembership of aggressive behavior data, achieved through self-response method basedon the danger theory independent responses to attacks, is a comprehensive assessmentof network security status quickly lay the foundation.(3) Focusing on the fuzziness and randomness of network security event. Cloudmodel can effectively integrate them together. To effectively assess the networksecurity risks, we introduce the cloud model into the research of network security riskassessment. Evaluation are combined with qualitative and quantitative methods. Weproposed an evaluation method of network security risk based on cloud model. Thismodel is built on the network security essentials, by generalizing the single attributesafety factor of the one dimension cloud model to conduct a multi-dimension attributecloud. Furthermore, through matching the network security reviews and theestablished multidimensional evaluation cloud, we can conclude the results of theevaluation of the security state by setting the evaluation rules and calculating thesimilarity of the two kinds cloud models. |
PDF Full Text Request