| With the development of Internet technology, the problems of network security are on the rise. The traditional network security technologies such as firewall, intrusion detection, to some extent, provide the ability to ensure the safety of network. But because of mutual coordination, various problems exist in traditional network security technology, unable to effectively evaluate the whole safe state of the network; such as higher rates of false positives and non-response; monophyletic data; incomprehensive evaluation and statistical quantitative evaluation of alarm information depending on security sensor, etc. As a result, this thesis adopts the method based on quantitative research on network security situation of data confusion technology. Chiefly:(1) Aiming at the shortcomings of the D-S evidence theory, put forward improvement method based on the analysis of the basic theory and method of data fusion.(2) Put forward a Bayesian-PCA model based on the intrusion detection technology and vulnerability scanning technique, and verify the model by experiments.(3) Put forward a framework model of network security situation assessment based on the detection of multi-source sensors. First of all, the data fusion technology will be used to fuse the detection results of multiple sensors and determine the possibility of attack. Then in combination with network vulnerabilities, judge the possibility of a successful attack. Finally suggest a quantitative network security situation according to the harmful threats and the value of network assets.(4) Verify the validity of the network security situation assessment framework model by experiment. The experiment shows, compared with the traditional network security situation assessment, the framework model of this thesis considers more factors and it can evaluate very well the current network security status. |
PDF Full Text Request