通信学报 ›› 2019, Vol. 40 ›› Issue (6): 14-31.doi: 10.11959/j.issn.1000-436x.2019148

• 专题:网络攻防与安全度量 • 上一篇    

网络系统安全度量综述

吴晨思1,谢卫强1,2,姬逸潇1,2,杨粟1,贾紫艺1,赵松1,2,张玉清1,2()   

  1. 1 中国科学院大学国家计算机网络入侵防范中心,北京 101408
    2 西安电子科技大学网络与信息安全学院,陕西 西安 710071
  • 修回日期:2019-06-04 出版日期:2019-06-01 发布日期:2019-07-04
  • 作者简介:吴晨思(1990- ),男,黑龙江大庆人,中国科学院大学博士生,主要研究方向为网络攻防与安全度量。|谢卫强(1992- ),男,河南周口人,西安电子科技大学硕士生,主要研究方向为网络攻防与安全度量。|姬逸潇(1994- ),男,河北衡水人,西安电子科技大学硕士生,主要研究方向为信息安全。|杨粟(1993- ),男,山东临沂人,中国科学院大学博士生,主要研究方向为信息安全与深度学习。|贾紫艺(1994- ),男,河北石家庄人,中国科学院大学硕士生,主要研究方向为网络攻防。|赵松(1994- ),男,陕西西安人,西安电子科技大学硕士生,主要研究方向为信息安全与网络攻防。|张玉清(1966- ),男,陕西宝鸡人,博士,中国科学院大学教授、博士生导师,主要研究方向为网络与信息系统安全。
  • 基金资助:
    国家重点研发计划基金资助项目(2016YFB0800700);国家自然科学基金资助项目(U1836210);国家自然科学基金资助项目(61572460);信息安全国家重点实验室开放课题基金资助项目(2017-ZD-01);国家发改委信息安全专项基金资助项目((2012)1424)

Survey on network system security metrics

WU Chensi1,XIE Weiqiang1,2,JI Yixiao1,2,YANG Su1,JIA Ziyi1,ZHAO Song1,2,ZHANG Yuqing1,2()   

  1. 1 National Computer Network Intrusion Protection Center,University of Chinese Academy of Sciences,Beijing 101408,China
    2 School of Cyber Engineering,Xidian University,Xi’an 710071,China
  • Revised:2019-06-04 Online:2019-06-01 Published:2019-07-04
  • Supported by:
    The National Key R & D Program of China(2016YFB0800700);The National Natural Science Foundation of China(U1836210);The National Natural Science Foundation of China(61572460);The Open Project Program of the State Key Laboratory of Information Security(2017-ZD-01);The National Information Security Special Projects of National Development and Reform Commission of China((2012)1424)

摘要:

随着人们对网络系统全面和客观认识的不断提高,网络系统安全度量(NSSM)正在得到更多的研究和应用。目前,网络系统安全量化评价正朝着精确化和客观化发展。NSSM可以为攻防对抗以及应急响应决策提供客观和科学的依据,其中网络系统安全全局度量是安全度量领域的重点。从全局度量的角度,分析总结了全局度量在网络系统安全中的地位和作用,归纳总结了度量的3个发展阶段(感知、认识、深化)及其特点,给出了全局度量的工作过程,梳理了度量模型、度量体系、度量工具等方法,并指出了各自的特点及其在安全度量中的作用和相互关系。同时详尽地分析了网络系统全局度量面临的技术挑战,并以表格方式总结了十大机遇与挑战。最后展望了网络系统安全度量研究的下一步方向与发展趋势。分析表明,NSSM在网络安全中具有良好的应用前景。

关键词: 网络系统, 安全度量, 安全评估, 全局度量

Abstract:

With the improvement for comprehensive and objective understanding of the network system,the research and application of network system security metrics (NSSM) are noticed more.The quantitative evaluation of network system security is developing towards precision and objectification.NSSM can provide the objective and scientific basis for the confrontation of attack-defense and decision of emergency response.The global metrics of network system security is a crucial point in the field of security metrics.From the perspective of global metrics,the status and role of global metrics in security evaluation were pointed out.Three development stages of metrics (perceiving,cognizing and deepening) and their characteristics were analyzed and summarized.The process of global metrics was described.The metrics models,metrics systems and metrics tools were analyzed,and their functions,interrelations,and features in security metrics were pointed out.Then the technical challenges of global metrics of network systems were explained in detail,and ten opportunities and challenges were summarized in tabular form.Finally,the next direction and development trend of network system security metrics research were forecasted.The survey shows that NSSM has a good application prospect in network security.

Key words: network system, security metrics, security evaluation, global metrics

中图分类号: 

  • TP393