Network Security Metric Based On Index System

With the continuous development of network information technology,the dependence of various industries on cyberspace has become stronger and stronger,and cyberspace security has become an integral part of the national strategy.However,the threat caused from cyber attacks is gradually increasing,the network environment is becoming more and more complex,and network security faces unprecedented challenges.The traditional security measures against certain types of attacks are no longer able to meet security requirements.Even if some temporary threats are alleviated,the level of network security is still unknown.In order to better understand the network security status and strengthen network security management,network security metrics have received more and more attention as a key basic research of the network.Network security metrics are the basis for discovering network security issues,assessing network security postures,proposing security countermeasures,and protecting any network.Network security metrics can help security researchers make the best decisions about choosing a security architecture,designing security countermeasures,and modifying device security configurations.The traditional security efforts mainly study the security measurement of information technology or products and the network security risk assessment,and the corresponding standards and norms have been formed,such as the Common Criteria for Information Technology Security Assessment(CC),the National Institute of Standards and Technology.(NIST)Network Security Framework,Common Vulnerability Assessment Method(CVSS)and Policy Protection Detection Response Model(PPDR).These models or standards provide a reference for network security metrics,but only focus on an object or a certain aspect of security metrics.For example,network risk assessment only measures the potential security risks of the network and does not fully reflect the security status of the network.In addition,the metrics given by many standards or frameworks are difficult to measure and quantify,which makes it difficult to evaluate the security of the system.Therefore,in order to better measure the network security status and improve the network security level,it is necessary to propose a comprehensive,dynamic,quantifiable and comparable index system by scientific qualitative and quantitative analysis methods.Based on the network attack and defense confrontation process,we propose a more comprehensive hierarchical index system from the perspective of network attack and defense,considering both the network system's own protection capabilities and the changes of the external security environment,such as changes in attack strength.At the same time,the measurement error of the unknown or zero-day attack is compensated to some extent by the measurement of the network performance index.Compared with other security standards and frameworks,our indicators in the index system are quantifiable,and we all give corresponding calculation formulas.These indicators are measured and the calculation can accurately measure the network security status in real time.Based on the indicator system,we propose a security measurement model,describe the process of security measurement for the network system,and select the appropriate measurement method according to the indicator system,and finally integrate all the quantified indicators into the values that represent the network security status.In order to verify the rationality and correctness of the proposed security index system,we simulated a medium-sized enterprise network in the NS3 simulator.Under the premise of implementing various network attack and defense modules,the network security indicators are measured,calculated,and integrated into network security state values in real time by adjusting the protection capabilities of the enterprise network and the attack strength of the enterprise network.The measurement results show the dynamic impact process of different attack strengths and defense capabilities on the network security status reasonably and accurately,so that security personnel can better understand the factors affecting network security and provide decision support for further enhancing network security protection.