网络与信息安全学报 ›› 2017, Vol. 3 ›› Issue (2): 39-45.doi: 10.11959/j.issn.2096-109x.2017.00131

• 学术论文 • 上一篇    下一篇

基于本体模型的网络系统安全参数采集过程

李涛1,林九川2(),胡爱群1   

  1. 1 东南大学信息科学与工程学院,江苏 南京 210096
    2 公安部第三研究所,上海 200031
  • 修回日期:2016-11-25 出版日期:2017-02-01 发布日期:2017-02-10
  • 作者简介:李涛(1984-),男,江苏镇江人,博士,东南大学讲师,主要研究方向为安全评估、移动终端防护。|林九川(1980-),男,江苏盐城人,公安部第三研究所副研究员,主要研究方向为系统安全评估、漏洞挖掘。|胡爱群(1964-),男,江苏如皋人,博士,东南大学教授、博士生导师,主要研究方向为网络与信息安全、物理层安全技术。
  • 基金资助:
    国家自然科学基金资助项目(61601113);国家重点基础研究发展计划基金资助项目(2103CB338003);公安部第三研究所开放课题基金资助项目(C15606)

Ontology model based on security parameters capturing process for network systems

Tao LI1,NJiu-chuan LI2(),Ai-qun HU1   

  1. 1 School of Information Science and Engineering, Southeast University, Nanjing 210096, China
    2 The Third Research Institute of Ministry of Public Security, Shanghai 200031, China
  • Revised:2016-11-25 Online:2017-02-01 Published:2017-02-10
  • Supported by:
    The National Natural Science Foundation of China(61601113);The National Key Basic Research De-velopment Program(2103CB338003);Fund from the Third Research Institute of Ministry of Public Se-curity(C15606)

摘要:

提出一种通用的网络系统安全参数采集过程,将层次化的安全参数采集框架和本体化采集模型融入到整体网络架构中,根据实际网络环境对安全数据进行属性分类和关联性描述,对安全参数进行了多维度扩展,抽象出信源、层级等多种属性,有利于对参数进行进一步的分析。在此基础上,描述了在实际系统中应用本框架进行参数采集的步骤,能够有效地为整体网络安全评估提供指导和基础参数的支撑。

关键词: 安全评估, 安全参数采集, 本体论, 系统安全

Abstract:

A general security data capturing process for network system was proposed, which combined hierarchical capturing framework and ontology model to whole network architecture. Attributes of security parameter were di-vided and relationships of parameter were descripted. Security parameters were extended to multiple dimensions. Multiple attributes such as information source and hierarchy were abstracted, which were benefit for analysis of se-curity parameters. Based on the proposed framework, the process of application in real systems were described. The whole processes and framework efficiently provided guidance for network security evaluation and supporting of ba-sic parameters.

Key words: security evaluation, security parameter capture, ontology theory, system security

中图分类号: 

No Suggested Reading articles found!