| With the development of the Internet and the popularity of intelligent terminals,WebService technology has been more widely used.WebService technical specifications are based on XML,have the advantage of loose coupling,platform independence,language independence,and can be used to realize the cross-platform system integration.The initial WebService does not provide the corresponding security mechanism.Although the relevant safety standard organizations put forward some safety standards,many limitations and shortcomings still exist,so security is the important obstacle to WebService's development and application.Further,with the rise of the Internet “+”,the higher requirement for the security of WebService has been put forward.The existing security holes of WebService make it vulnerable to all kinds of network attack;the common forms include the denial of service attack and the escalation of privilege attack.Therefore,it is necessary to research the evaluation technology of network attack effect to evaluate the effect of network attack and give a correct assessment result.The evaluation of network attack is of great significance and is one of the hot issues in recent years.Based on the study of WebService's core technology and the purposes,classification methods,development tendency of network attack,the existing holes of WebService and all kinds of network attacks aimed to WebService are analysed and the basic principle of the recursive load attack and buffer overflow attack are studied.On the basis of the analysis of attack effect,the appropriate effect evaluation index of network attack is chosen.Further,the pretreatment method of attack effect evaluation index is studied.The network attack effect evaluation indexes are divided into two kinds,one is cost type,and another is benefit type.For different kinds of evaluation indexes,the formula of index pretreatment should be chosen properly.Besides,the index weight calculation method,the subjective judgment matrix to calculate the subjective weight,the entropy law method to calculate the objective weight,the comprehensive weight method to calculate the actual weight are studied deeply.Based on the analysis of the fuzzy,small sample data issues in the process of actual evaluation,the fuzzy comprehensive evaluation method and gray comprehensive evaluation method are usedto evaluate the effect of network attack.Finally,a network attack system is set up,sample data is collected,the index weight is calculated,the final results of attack effect evaluation is obtained using the evaluation model,the differences of results obtained by the two evaluation methods are compared,and the advantages and shortcomings of the two methods are analyzed. |
PDF Full Text Request