通信学报 ›› 2019, Vol. 40 ›› Issue (6): 14-31.doi: 10.11959/j.issn.1000-436x.2019148
吴晨思1,谢卫强1,2,姬逸潇1,2,杨粟1,贾紫艺1,赵松1,2,张玉清1,2()
修回日期:
2019-06-04
出版日期:
2019-06-25
发布日期:
2019-07-04
作者简介:
吴晨思(1990- ),男,黑龙江大庆人,中国科学院大学博士生,主要研究方向为网络攻防与安全度量。|谢卫强(1992- ),男,河南周口人,西安电子科技大学硕士生,主要研究方向为网络攻防与安全度量。|姬逸潇(1994- ),男,河北衡水人,西安电子科技大学硕士生,主要研究方向为信息安全。|杨粟(1993- ),男,山东临沂人,中国科学院大学博士生,主要研究方向为信息安全与深度学习。|贾紫艺(1994- ),男,河北石家庄人,中国科学院大学硕士生,主要研究方向为网络攻防。|赵松(1994- ),男,陕西西安人,西安电子科技大学硕士生,主要研究方向为信息安全与网络攻防。|张玉清(1966- ),男,陕西宝鸡人,博士,中国科学院大学教授、博士生导师,主要研究方向为网络与信息系统安全。
基金资助:
WU Chensi1,XIE Weiqiang1,2,JI Yixiao1,2,YANG Su1,JIA Ziyi1,ZHAO Song1,2,ZHANG Yuqing1,2()
Revised:
2019-06-04
Online:
2019-06-25
Published:
2019-07-04
Supported by:
摘要:
随着人们对网络系统全面和客观认识的不断提高,网络系统安全度量(NSSM)正在得到更多的研究和应用。目前,网络系统安全量化评价正朝着精确化和客观化发展。NSSM可以为攻防对抗以及应急响应决策提供客观和科学的依据,其中网络系统安全全局度量是安全度量领域的重点。从全局度量的角度,分析总结了全局度量在网络系统安全中的地位和作用,归纳总结了度量的3个发展阶段(感知、认识、深化)及其特点,给出了全局度量的工作过程,梳理了度量模型、度量体系、度量工具等方法,并指出了各自的特点及其在安全度量中的作用和相互关系。同时详尽地分析了网络系统全局度量面临的技术挑战,并以表格方式总结了十大机遇与挑战。最后展望了网络系统安全度量研究的下一步方向与发展趋势。分析表明,NSSM在网络安全中具有良好的应用前景。
中图分类号:
吴晨思,谢卫强,姬逸潇,杨粟,贾紫艺,赵松,张玉清. 网络系统安全度量综述[J]. 通信学报, 2019, 40(6): 14-31.
WU Chensi,XIE Weiqiang,JI Yixiao,YANG Su,JIA Ziyi,ZHAO Song,ZHANG Yuqing. Survey on network system security metrics[J]. Journal on Communications, 2019, 40(6): 14-31.
表2
部分度量模型对比"
模型 | 结合方法 | 优点 | 缺点 | 度量类别 | ||||
攻防度量 | 脆弱性度量 | 风险度量 | ||||||
关联分析 | 数据挖掘、D-S证据 | 较客观,方便量化指标 | 不成熟,需要大量数据 | — | 文献[ | 文献[ | ||
随机模型 | 马尔可夫链、隐马尔可夫 | 精确刻画系统随机行为,实时性 | 基于假设,难以验证 | 文献[ | — | 文献[ | ||
数学原理 | 微分流形、形式化、Petri网 | 精准度量 | 处于发展阶段 | 文献[ | 文献[ | 文献[ | ||
攻击图 | 属性图、状态图、贝叶斯网络 | 攻击度量成熟,全局度量偏攻击化 | 客观性弱,受算法效率影响 | 文献[ | 文献[ | 文献[ | ||
博弈论 | 马尔可夫 | 刻画攻防本质,易拓展 | 全局度量函数难设计 | 文献[ | — | 文献[ | ||
层次分析 | 模糊数学、可拓理论、信息熵 | 有层次性,灵活简单 | 有主观性,不适用复杂系统 | — | — | 文献[ | ||
神经网络 | 专家系统、熵权法 | 度量效率高 | 训练数据量不足 | — | — | 文献[ |
表3
部分指标体系对比"
名称 | 可量化情况 | 适用性 | 优点 | 缺点 |
TCSEC | 主观量化 | 为度量指标体系研究提供基础指导方向 | 技术层面详细,逻辑清晰 | 强调控制用户,没有关注物理等安全,不再修订 |
CC | 主观量化 | 适用于一切网络系统,具有普适性 | 系统刻画了安全的全部内涵,消除重复度量,促进通用性 | 半形式化语言较难理解,涉及度量体系成本较高,主观性强 |
BS7799 | 主客观结合 | 有法律标准支撑,适用于工商业网络系统 | 内容详尽,认可度高,度量方法自由选择 | 每个指标的权重分析不足,测度精度不足 |
网络安全等级保护基本要求 | 主客观结合 | 指标全面细致,实用范围广 | 范围界定清晰,已上升至法律层面,具有高灵活性 | 没有衡量攻防过程中的动态变化,缺乏动态指标 |
[35] | ZHANG Q , LIU C X , LU G Q . Active defense technology and its developing trend[J]. Computer Modelling &New Technologies, 2014,18(12B): 383-390. |
[36] | MAZIKU H , SHETTY S , JIN D ,et al. Diversity modeling to evaluate security of multiple SDN controllers[C]// 2018 International Conference on Computing,Networking and Communications (ICNC). IEEE Computer Society, 2018: 344-348. |
[37] | RAMOS A , LAZAR M , FILHO R H ,et al. Model based quantitative network security metrics:asurvey[J]. IEEE Communications Surveys& Tutorials, 2017,19(4): 2704-2734. |
[38] | KAVOUSI F , AKBARI B . Automatic learning of attack behavior patterns using Bayesian networks[C]// 2012 Sixth International Symposium on Telecommunications (IST). IEEE, 2012: 999-1004. |
[39] | YI Z , KAI Z , LAI B . Alert correlation graph:a novel method for quantitative vulnerability assessment[J]. Journal of National University of Defense Technology, 2012,34(3): 109-112. |
[40] | 葛海慧, 肖达, 陈天平 ,等. 基于动态关联分析的网络安全风险评估方法[J]. 电子与信息学报, 2013,35(11): 2630-2636. |
GE H H , XIAO D , CHEN T P ,et al. Quantitative evaluation approach for real-time riskbased on attack event correlating[J]. Journal of Elec-tronics & Information Technology, 2013,35(11): 2630-2636. | |
[41] | 陈秀真, 郑庆华, 管晓宏 ,等. 层次化网络安全威胁态势量化评估方法[J]. 软件学报, 2006,17(4): 885-897. |
CHEN X Z , ZHENG Q H , GUAN X H ,et al. Quantitative hierarchical threat evaluation model for network security[J]. Journal of Software, 2006,17(4): 885-897. | |
[42] | FENG X , WANG D , MA G ,et al. Security situation assessment based on the DS theory[C]// International Workshop on Education Technology & Computer Science. IEEE Computer Society, 2010: 352-356. |
[43] | QU Z Y , LI Y , LI P . A network security situation evaluation method based on DS evidence theory[C]// Environmental Science and Information Application Technology (ESIAT). 2010: 496-499. |
[44] | HU H , LIU Y , ZHANG H . Security metric methods for network multistep attacks using AMC and big data correlation analysis[J]. Security and Communication Networks, 2018,2018: 1-14. |
[45] | GLADSTONE P J S , KIRBY A J , TRUELOVE J M ,et al. >Security risk management:U.S.Patent 9438615[P].2016-09-06. |
[46] | ?RNES A , VALEUR F , VIGNA G . Using hidden Markov models to evaluate the risks of intrusions[J]. Lecture Notes in Computer Science, 2006,4219: 145-164. |
[1] | KRAUTSEVICH L , MARTINELLI F , YAUTSIUKHIN A . Formal analysis of security metrics and risk[C]// IFIP WG 112 International Conference on Information Security Theory & Practice:Security &Privacy of Mobile Devices in Wireless Communication. Springer-Verlag, 2011: 304-319. |
[2] | 冯登国, 张阳, 张玉清 . 信息安全风险评估综述[J]. 通信学报, 2004,25(7): 10-18. |
[47] | RNES A , VALEUR F , VIGNA G ,et al. Using hidden Markov models to evaluate the risks of intrusions[M]// Recent Advances in Intrusion Detection. Berlin Heidelberg:Springer, 2006: 145-164. |
[48] | ALMASIZADEH J , AZGOMI M A . A stochastic model of attack process for the evaluation of security metrics[J]. Computer Networks, 2013,57(10): 2159-2180. |
[49] | DA G , XU M , XU S . New approach to modeling and analyzing security of networked systems[C]// The Symposium and Bootcamp on the Science of Security. ACM, 2014: 1-12. |
[50] | CIARLET P G . An introduction to differential geometry with applications to elasticity[J]. Journal of Elasticity, 2005,78-79(1-3): 1-215. |
[2] | FENG D G , ZHANG Y , ZHANG Y Q . Survey of information security risk assessment[J]. Journal of Communications, 2004,25(7): 10-18. |
[3] | 赵文 . 基于“风险熵”的信息系统风险评估数量化模型研究[D]. 西安:陕西师范大学, 2012. |
[51] | 刘刚, 李千目, 张宏 . 信度向量正交投影分解的网络安全风险评估方法[J]. 电子与信息学报, 2012,34(8): 1934-1938. |
LIU G , LI Q M , ZHANG H . Reliability vector orthogonal projection decomposition method of network security risk assessment[J]. Journal of Electronics & Information Technology, 2012,34(8): 1934-1938. | |
[52] | J?RG D , GABRIEL J . What is a Petri net?[C]// Unifying Petri Nets,Advances in Petri Nets. Springer-Verlag, 2001: 1-25. |
[53] | HENRY M H , LAYER R M , ZARET D R . Coupled Petri nets for computer network risk analysis[J]. International Journal of Critical Infrastructure Protection, 2010,3(2): 67-75. |
[54] | YAN Q . A security evaluation approach for information systems in telecommunication enterprises[J]. Enterprise Information Systems, 2008,2(3): 309-324. |
[55] | SWILER L D , PHILLIPS C , GAYLOR T . A graph based network vulnerability analysis system[R]. Albuquerque,USA:Sandia National Laboratories, 1998. |
[3] | ZHAO W . Research on quantitative model of risk assessment of in-formation system based on risk entropy[D]. Xi’an:Shanxi Normal University, 2012. |
[4] | MARTIN R A , . Making security measurable and manageable[C]// Military Communications Conference. IEEE, 2009: 1-9. |
[56] | KUNDU A , GHOSH N , CHOKSHI I . Analysis of attack graph-based metrics for quantification of network security[C]// India Conference. IEEE, 2012: 530-535. |
[57] | SHEYNER O , HAINE S , JHA S ,et al. Automated generation and analysis of attack graphs[C]// Symposium on Security and Privacy. IEEE, 2002: 273-284. |
[5] | BREIER J , HUDEC L . Towards a security evaluation model based on security metrics[C]// International Conference on Computer Systems& Technologies. ACM, 2012: 87-94. |
[6] | CHEW E , SWANSON M M , STINE K M . Performance measurement guide for information security[R]. 2008. |
[58] | BHATTACHARYA P , GHOSH S K . Analytical framework for measuring network security using exploit dependency graph[J]. IET Information Security, 2012,6(4): 264-270. |
[59] | IDIKA N , BHARGAVA B . Extending attack graph-based security metrics and aggregating their application[J]. IEEE Transactions on Dependable and Secure Computing, 2012,9(1): 0-85. |
[7] | STANDARD I . IEEE standard glossary of software engineering terminology[S]. IEEE Std 610.12-1990, 2002: 1-84. |
[8] | HAYDEN L . IT security metrics:a practical framework for measuring security & protecting data[M]. McGraw-Hill Education Group, 2010. |
[60] | 张鸣天 . 基于贝叶斯网络的信息安全风险评估研究[D]. 北京:北京化工大学, 2016. |
ZHANG M T . Research on information security risk assessment based on Bayesian network[D]. Beijing:Beijing University of Chemical Technology, 2016. | |
[9] | HENNING R . Information system security attribute quantification or ordering (commonly but improp—erly known as “security metrics”)[R]. 2002. |
[10] | 吕欣 . 信息系统安全度量理论和方法研究[J]. 计算机科学, 2008,35(11): 42-44. |
[61] | FRIGAULT M , WANG L . Measuring network security using Bayesian network-based attack graphs[C]// IEEE International Computer Software and Applications. IEEE, 2008: 698-703. |
[62] | POOLSAPPASIT N , DEWRI R , RAY I . Dynamic security risk management using Bayesian attack graphs[J]. IEEE Transactions on Dependable and Secure Computing, 2012,9(1): 61-74. |
[10] | LYU X . Information system security metrics:theoretics and methodology[J]. Computer Science, 2008,35(11): 42-44. |
[11] | JAQUITH A . Security metrics[M]. Addison Wesley, 2007. |
[63] | 王元卓, 林闯, 程学旗 ,等. 基于随机博弈模型的网络攻防量化分析方法[J]. 计算机学报, 2010,33(9): 1748-1762. |
WANG Y Z , LIN C , CHENG X Q ,et al. Analysis for network at-tack-defense based on stochastic game model[J]. Chinese Journal of Computers, 2010,33(9): 1748-1762. | |
[12] | CHEW E . Performance measurement guide for information security (DRAFT)[J]. National Institute for Standards & Technology, 2008:265. |
[13] | JHA S , SHEYNER O , WING J . Two formal analyses of attack graphs[C]// 15th IEEE Computer Security Foundation Workshop. 2002: 49-63. |
[64] | LI X , LU Y , LIU S . Network security situation assessment method based on Markov game model[J]. Ksii Transactions on Internet & Information Systems, 2018,12(5): 2414-2428. |
[65] | ZHANG H , HAN J , ZHANG J . Security risk evaluation of information systems based on game theory[C]// International Conference on Intelligent Human-machine Systems & Cybernetics. IEEE, 2013: 46-49. |
[14] | VILLARRUBIA C , FERNANDEZ-MEDINA E , PIATTINI M . Towards a classification of security metrics[C]// The International Workshop on Security in Information Systems. 2004: 342-350. |
[15] | CHEW E , SWANSON M , STINE K M . Performance measurement guide for information security[R].2008-07-16. 2008 |
[66] | FU S , ZHOU H . The information security risk assessment based on AHP and fuzzy comprehensive evaluation[C]// IEEE International Conference on Communication Software & Networks. IEEE, 2011: 124-128. |
[67] | GENG W , HU Y . Information security management model based on AHP[C]// International Conference on Measurement. 2012: 352-355. |
[16] | ZHANG B , CHEN Z , WANG S ,et al. Network security situation assessment based on HMM[M]// Advanced Intelligent Computing Theories and Applications with Aspects of Artificial Intelligence. Berlin Heidelberg:Springer, 2011: 509-516. |
[17] | LI L , . Security evaluation methods of computer networks based on BP neural network[C]// Advances in Intelligent Systems and Computing. Berlin Heidelberg:Springer, 2013:181. |
[68] | YAN C , QIAO B . Study and application of risk evaluation on network security based on AHP[J]. Journal of Huangshi Institute of Technology, 2012,289: 198-205. |
[69] | LI J H , LI G Z . Study on the evaluation model for network security[J]. Advanced Materials Research, 2011,317-319: 1745-1748. |
[18] | PENDLETON M , GARCIA R , CHO J ,et al. A survey on systems security metrics[J]. ACM Computing Surveys, 2016,49(4):62. |
[19] | HU C . Calculation of the behavior utility of a network system:conception and principle[J]. Engineering, 2018,4(1): 78-84. |
[70] | TUTEJA A , THALIA S . Towards quantification of information system security[M]// Computational Intelligence and Information Technology. Springer Berlin Heidelberg, 2011. |
[71] | 李景智, 殷肖川, 胡图 . 基于可拓理论的网络安全评估研究[J]. 计算机工程与应用, 2012,48(21): 79-82. |
[20] | IM S Y , SHIN S H , RYU K Y ,et al. Performance evaluation of network scanning tools with operation of firewall[C]// Eighth International Conference on Ubiquitous & Future Networks. IEEE, 2016: 876-881. |
[21] | FREISS M . Protecting (telecommunication) networks with SATAN (security analysis tool for analyzing networks)[J]. EDPACS, 1999,27(1): 16-17. |
[71] | LI J Z,YIN X C , HU T ,et al. Network security evaluation algorithm based on extension theory[J]. Computer Engineering and Applications, 2012,48(21): 79-82. |
[72] | FU Y , WU X P , YE Q ,et al. An approach for information systems security risk assessment on fuzzy set and entropy weight[J]. Acta Electronica Sinica, 2010,38(7): 1489-1494. |
[22] | BEALE J , DERAISON R , MEER H . Nessus network auditing[M]. Syngress, 2004. |
[23] | BREIER J , HUDEC L . Towards a security evaluation model based on security metrics[C]// International Conference on Computer Systems& Technologies. ACM, 2012: 87-94. |
[73] | KONG L , . Risk evaluation scheme for accounting information system based on Analytic Hierarchy Process[C]// 2017 International Conference on Smart Grid and Electrical Automation (ICSGEA). IEEE Computer Society, 2017. |
[74] | TEMAM O , . The rebirth of neural networks[C]// International Symposium on Computer Architecture. 2010:349. |
[75] | 顾兆军, 辛倩 . 熵权神经网络的信息系统安全评估[J]. 计算机工程与设计, 2018,39(7): 1856-1860. |
GU Z J , XIN Q . Information system security evaluation based in entropy weight method and neural network[J]. Computer Engineering and Design, 2018,39(7): 1856-1860. | |
[76] | Standards Press of China. Information security technology system security level protection evaluation requirements[S]. GB/T 28448-2012. 2012. |
[77] | MA L , PAN D , WU Z . ANN RBF approach of risk assessment for aviation ATM network[J]. Sensors & Transducers Journal, 2013,159(11): 132-137. |
[78] | JIANG Y P , CAO C , MEI X ,et al. A quantitative risk evaluation model for network security based on body temperature[J]. Journal of Computer Networks & Communications, 2016(4):3. |
[79] | ZHANG M , WANG L , JAJODIA S . Network diversity:asecurity metric for evaluating the resilience of networks against zero-day attacks[J]. IEEE Transactions on Information Forensics and Security, 2016:1. |
[24] | Information technology -security techniques -information security management measurements[S]. ISO/IEC 27004, 2009. |
[25] | PFLEEGER S , CUNNINGHAM R . Why measuring security is hard[J]. IEEE Security & Privacy, 2010,8(4): 46-54. |
[80] | CARLO B , MARCO C , GIANLUIGI V . Digital information asset evaluation[J]. ACM SIGMIS Database:the DATABASE for Advances in Information Systems, 2018,49(3): 19-33. |
[81] | LEWIS M J , . Characterizing risk[C]// Eighth Cyber Security & Information Intelligence Research Workshop. 2013: 1-4. |
[26] | STOLFO S , BELLOVIN S M , EVANS D . Measuring security[J]. IEEE Security and Privacy Magazine, 2011,9(3): 60-65. |
[27] | MENG M , . The research and application of the risk evaluation and management of information security based on AHP method and PDCA method[C]// International Conference on Information Management. IEEE, 2014: 379-383. |
[82] | CHEN C X . Innovation and development of China’s information security level protection system[J]. Cyberspace Security, 2016,7(2): 5-6. |
[83] | Common criteria for information technology security evaluation V3.1[R]. 2017. |
[28] | FU J , HUANG L , YAO Y . Application of BP neural network in wireless network security evaluation[C]// International Conference on Wireless Communications. IEEE, 2010: 592-596. |
[29] | JING X Y , YAN Z , WITOLD P . Security data collection and data analytics in the Internet:asurvey[J]. IEEE Communications Surveys &Tutorials, 2019,21(1): 568-618. |
[84] | ALCARAZ C , MELTEM S?NMEZ TURAN . PDR:A Prevention,Detection and Response mechanism for anomalies in energy control systems[J]. American Geophysical Union, 2012,90(17): 22-33. |
[85] | LIU G C . BS7799 criterion and its application in meso-information systems audit[J]. Journal of Audit & Economics, 2012(3): 1-2. |
[30] | BASILI V R , CALDIERA G , ROMBACH R H . The goal question metric approach[J]. Encyclopedia of Software Engineering, 1994(1): 578-583. |
[31] | YAHYA F , WALTERS R J , WILLS G B . Using goal-question-metric(GQM) approach to assess security in cloud storage[M]. Enterprise Security. 2017. |
[86] | WEIK M H . Federal information processing standard publication[R]. 2002. |
[87] | NIKOLOPOULOU A . The directive on security of network and information systems (NIS directive)from a practional view[R]. 2019. |
[32] | 张漪墁, 赵小林 . 网络安全度量与评估的分析与研究[J]. 中国科技论文在线, 2018,11(4): 328-338. |
ZHANG Y M , ZHAO X L . Analysis and research on network security measurement and evaluation[J]. Highlights of Sciencepaper Online, 2018,11(4): 328-338. | |
[88] | National Institute of Standards and Technology. Framework for improving critical infrastructure cyber security[R]. 2014. |
[89] | Standards Press of China. Information security technology-baseline for classified protection of cyber security[S]. GB/T 22239-2019, 2019. |
[33] | YUSUF S E , HONG J B , GE M ,et al. Composite metrics for network security analysis[J]. Journal of Software Networking.2018, 2017(1): 137-160. |
[34] | WAGNER I , ECKHOFF D . Technical privacy metrics:a systematic survey[J]. Computer Science, 2015,51(3). |
[90] | 姚传军 . WPDRRC 信息安全模型在安全等级保护中的应用[J]. 光通信研究, 2010(5): 27-29. |
YAO C J . Application of WPDRRC information security model in multi-level security protection[J]. Study on Optical Communications, 2010(5): 27-29. | |
[91] | KOROTKA M S , ROGER YIN L , BASU S C . Information assurance technical framework and end user information ownership:a critical analysis[J]. Journal of Information Privacy and Security, 2005,1(1): 10-26. |
[92] | HECKMAN M , SCHELL R . Using proven reference monitor patterns for security evaluation[J]. Information, 2016,7(2):23. |
[93] | HOUMB S H , RAY I . Trust-based security level evaluation using Bayesian belief networks[C]// Transactions on Computational Science X. 2010: 154-186. |
[94] | CHEN Y J , LIAO G Y , CHENG T C . Risk assessment on instrumentation and control network security management system for nuclear power plants[C]// International Carnahan Conference on Security Technology. IEEE, 2009: 216-264. |
[95] | GUAN B C , LO C , WANG P . Evaluation of information security related risks of an organization:the application of the multicriteria decision-making method[C]// IEEE International Carnahan Conference on Security Technology. IEEE, 2003: 168-175. |
[96] | TAO H , LIANG C , CHI W . The research of information security risk assessment method based on fault tree[C]// Sixth International Conference on Networked Computing & Advanced Information Management. IEEE, 2010: 370-375. |
[97] | Standards Press of China. Classified criteria for security protection of computer information system[S]. GB17859-1999, 1999. |
[98] | Aryasec. Aryasec.Measurement of information security effectiveness[EB/OL]. . |
[99] | SIPONEN M , WILLISON R . Information security management standards:Problems and solutions[J]. Information & Management, 2009,46(5): 267-270. |
[100] | GB/T 31495.Information security technology―Indicator system of information security assurance and evaluation methods[EB/OL]. 2015. |
[101] | FRAY I E , . A comparative study of risk assessment methods,mehari &cramm with a new formal model of risk assessment (fomra) in information systems[M]// Computer Information Systems and Industrial Management. Berlin Heidelberg:Springer, 2012. |
[102] | SARKHEYLI A , ITHNIN N B . Improving the current risk analysis technologies by study of their process and using the human body’s immune system[C]// The 5th International Symposium on Telecommunications. IEEE, 2010: 651-656. |
[103] | NSFOCUS , .Industrial control system information security assurance framework[R]. 2019. |
[104] | 王卫东 . 安全度量及其面临的挑战[J]. 保密科学技术, 2011(3): 54-58. |
WANG W D . Security metrics and challenges[J]. Secrecy Science and Technology, 2011(3): 54-58. | |
[105] | KOTT A , WANG C , ERBACHER R F . Cyber defense and situational awareness[M]. Berlin Heidelberg: SpringerPress, 2014. |
[106] | CHENG Y , DENG J , LI J ,et al. Metrics of security[J]. Advances in Information Security, 2014,62: 263-295. |
[107] | KOVACICH G . Information systems security metrics management[J]. Computers & Security, 1997,16(7): 610-618. |
[108] | HERRERA S O S , . Information security management metrics development[C]// International Carnahan Conference on Security Technology. IEEE, 2005. |
[109] | 龚俭, 臧小东, 苏琪 . 网络安全态势感知综述[J]. 软件学报, 2017,28(4): 1010-1026. |
GONG J , ZANG X D , SU Q . Network security situation awareness[J]. Journal of Software, 2017,28(4): 1010-1026. | |
[110] | KOTENKO I , NOVIKOVA E . Visualization of security metrics for cyber situation awareness[C]// 2014 Ninth International Conference on Availability,Reliability and Security (ARES). 2014: 506-513. |
[111] | Security Score Card. Analysis of cyber risk exposure for US and European political parties report[R].2019-03-14. |
[112] | UPGUAR D . A beginner’s guide to cyber security insurance[M]. Gov. uk Press, 2017. |
[113] | LUNA J , GHANI H , GERMANUS D ,et al. A security metrics framework for the cloud[C]// The International Conference on Security and Cryptography. IEEE, 2011: 245-250. |
[1] | 杨宏宇, 袁海航, 张良. 基于攻击图的主机安全评估方法[J]. 通信学报, 2022, 43(2): 89-99. |
[2] | 杨宏宇,于巾博,谢丽霞. 基于三维球体模型的XML通信协议安全评估方法[J]. 通信学报, 2013, 34(3): 183-191. |
[3] | 吴志军,王璐,史荣. 基于改进BP神经网络的ATM系统信息安全评估方法[J]. 通信学报, 2011, 32(2): 150-158. |
[4] | 苘大鹏,周渊,杨武,杨永田. 用于评估网络整体安全性的攻击图生成方法[J]. 通信学报, 2009, 30(3): 1-5. |
[5] | 司加全,张冰,苘大鹏,杨武. 基于攻击图的网络安全性增强策略制定方法[J]. 通信学报, 2009, 30(2): 125-130. |
[6] | 王爱宝,张光昭. 面向新一代通信服务的沟通网络系统模型研究[J]. 通信学报, 2008, 29(5): 72-80. |
[7] | 庞明,谭庆平,李海燕. 基于内容分发网络技术的远程教育系统的研究与实现[J]. 通信学报, 2006, 27(11): 144-147. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|