网络安全态势分析与可生存性评估研究
|
摘要
态势感知(Situation Awareness)这一概念源于航天飞行的人因(Human Factors)研究,此后在军事战场、核反应控制、空中交通监管(Air Traffic Control,ATC)以及医疗应急调度等领域被广泛地研究。态势感知之所以越来越成为一项热门研究课题,是因为在动态复杂的环境中,决策者需要借助态势感知工具显示当前环境的连续变化状况,才能准确地做出决策。近年来态势感知也被用于网络安全的研究领域,称为网络安全态势感知(Network Security Situation Awareness,NSSA)。
当前,网络安全管理人员为获得计算机网络中攻击的高级描述,需要处理来自IDS、防火墙、防病毒软件,以及漏洞扫描器等安全工具所产生的大量报警信息。报警量大、不相关报警多,使得安全管理人员面对大量报警信息很难了解系统的安全威胁状况,不能及时采取合适的响应措施,NSSA可有效地解决此问题。本文在态势感知三级模型的基础上提出了基于多源数据融合的网络安全态势功能模型,接着沿着一条主线展开:多源报警信息输入→报警提炼→网络安全态势输出→攻击发生之后网络可生存性评估研究。从而完成了从报警的产生到攻击分析,到态势输出,再到网络的可生存性评估,给安全管理人员提供了一个高层次的,可理解的当前网络状态的一个完整的结果。为达到此目的,主要从三个方面进行研究:
第一,多源数据报警相关性方法的研究。对CPN(Colored Petri Net)进行扩充,增加了反映安全工具报警信息的观测集,形成了ECPN(Extended Colored Petri Net),并对它进行形式化的描述与图形建模;提出了基于ECPN攻击场景的构建关联算法ECPN-Scenario-Constructor以及攻击动作提取算法Multistep-Abstract;通过对DARPA 2000入侵场景关联评测数据集进行实验,可以对报警进行有效的关联,及早的发现攻击者的攻击策略。
第二,基于数据融合的网络安全态势感知的研究。本文分析安全态势在风险评估中的作用,通过形式化的方法从三个层次描述了安全态势:态势特征的提取、当前态势的理解、下一步态势行为的预测。应用D-S证据从横向和纵向两个方面对网络安全态势元素进行融合。横向融合主要解决不同安全工具针对同一攻击事件的报警,从而可以减少攻击的报警数量,增加攻击的可信度。横向融合的结果作为纵向融合的输入,纵向融和研究多传感器相关性算法对多步复杂攻击行为进行相关,并用Petri网描述攻击发生时系统状态的改变,根据攻击事件的到达分析网络当前的安全态势。
第三,攻击发生之后网络可生存性的研究。网络可生存性被作为评价参数对网络将来的态势进行预测,用对象Petri网对网络系统进行了形式化的描述与建模,接着构建了系统的攻击失效模型,用模糊推理方法对系统在攻击发生时状态的变化进行了描述,然后在此基础上对攻击行为的严重程度和服务等级进行了有效量化,提出了分布式系统可生存的评价参数,最后用PCTL(Probabilistic real timeComputation Tree Logic)描述了系统的可生存公式,并用模型检测方法来判断网络系统的可生存能力。
The concept of Situation Awareness (SA) came from the research of human factors of aviation. After that, it was widely used in the military fields, nuclear reaction control, air traffic control and medical emergency scheduling. SA is becoming the research hotspot, for more rational decisions-making the decision-maker needs to show the continuous change in the dynamic and complex situation by using SA tools. Recently, SA was used in the area of network security that is called Network Security Situation Awareness (NSSA).
Currently, network security administrators manually arranged alerts from intrusion detection systems, firewall, anti-virus software and scanner to attain a high level description of cyber attacks. Because of the large amount and unrelated alerts, security administrators cannot know the security threat situation of the system and so adopt appropriate measures in time. NSSA can resolve the problem effectively. Network security situation function model was presented based on the SA three level models. The dissertation was stated according to the following line: input of multi-source alerts information→alerts refinement→the output of network security situation→survivability assessment after attacks. This work provides a high and comprehensible result of the current network station for the administrators from alerts occurrence to attack analysis, from situation output to survivability assessment. To realize the model, the dissertation made three aspects researches.
At the first step, multi-source data correlation is studied. ECPN (Extended Colored Petri Net) was described formally and figured modeled which was formed through adding observed set to CPN for describing alerts information from security tools. Then, ECPN-Scenario-Constructor and Multistep-Abstract algorithms were proposed based on ECPN. At last, the experimental results show that alerts are correlated effectively, attack policy of attacker can be found early, and false positive and negative alerts can be reduced through the data set of DARPA 2000 intrusion scenario correlation benchmark.
Then, NSSA based on data fusion is discussed. Network security situation analysis and its roles in the security risk assessment were described, and formal description of cyberspace situational awareness was presented from the refinement of situation character, comprehension of current situation and projection of the next behavior. The evidence of D-S theory is used for the fusion of network security situation elements from landscape orientation and portrait. Landscape orientation fusion resolves the problem of the alert overload and adds the reliability of attack. The result of landscape orientation fusion is the input of portrait fusion which correlates the multi-step complex attack through correlated algorithm. Petri net was used for describing transfer of the system at the time of attack occurrence. The current security situation was analyzed by the occurrence the attack events.
Finally, network survivability after attack was assessed. Network survivability was used for projection of next security situation. Object-oriented Petri net was used for formal description and modeling of network system. Then attack failure model was established and the transformation of system state in the presence of attack was described by the method of fuzzy inference. In succession, the value parameters were presented based on the quantification of attack severity level and service level. At last, PCTL (Probabilistic real time Computation Tree Logic) was used for describing survivability formula, and model checking algorithm was used for estimating the survivability.
当前,网络安全管理人员为获得计算机网络中攻击的高级描述,需要处理来自IDS、防火墙、防病毒软件,以及漏洞扫描器等安全工具所产生的大量报警信息。报警量大、不相关报警多,使得安全管理人员面对大量报警信息很难了解系统的安全威胁状况,不能及时采取合适的响应措施,NSSA可有效地解决此问题。本文在态势感知三级模型的基础上提出了基于多源数据融合的网络安全态势功能模型,接着沿着一条主线展开:多源报警信息输入→报警提炼→网络安全态势输出→攻击发生之后网络可生存性评估研究。从而完成了从报警的产生到攻击分析,到态势输出,再到网络的可生存性评估,给安全管理人员提供了一个高层次的,可理解的当前网络状态的一个完整的结果。为达到此目的,主要从三个方面进行研究:
第一,多源数据报警相关性方法的研究。对CPN(Colored Petri Net)进行扩充,增加了反映安全工具报警信息的观测集,形成了ECPN(Extended Colored Petri Net),并对它进行形式化的描述与图形建模;提出了基于ECPN攻击场景的构建关联算法ECPN-Scenario-Constructor以及攻击动作提取算法Multistep-Abstract;通过对DARPA 2000入侵场景关联评测数据集进行实验,可以对报警进行有效的关联,及早的发现攻击者的攻击策略。
第二,基于数据融合的网络安全态势感知的研究。本文分析安全态势在风险评估中的作用,通过形式化的方法从三个层次描述了安全态势:态势特征的提取、当前态势的理解、下一步态势行为的预测。应用D-S证据从横向和纵向两个方面对网络安全态势元素进行融合。横向融合主要解决不同安全工具针对同一攻击事件的报警,从而可以减少攻击的报警数量,增加攻击的可信度。横向融合的结果作为纵向融合的输入,纵向融和研究多传感器相关性算法对多步复杂攻击行为进行相关,并用Petri网描述攻击发生时系统状态的改变,根据攻击事件的到达分析网络当前的安全态势。
第三,攻击发生之后网络可生存性的研究。网络可生存性被作为评价参数对网络将来的态势进行预测,用对象Petri网对网络系统进行了形式化的描述与建模,接着构建了系统的攻击失效模型,用模糊推理方法对系统在攻击发生时状态的变化进行了描述,然后在此基础上对攻击行为的严重程度和服务等级进行了有效量化,提出了分布式系统可生存的评价参数,最后用PCTL(Probabilistic real timeComputation Tree Logic)描述了系统的可生存公式,并用模型检测方法来判断网络系统的可生存能力。
The concept of Situation Awareness (SA) came from the research of human factors of aviation. After that, it was widely used in the military fields, nuclear reaction control, air traffic control and medical emergency scheduling. SA is becoming the research hotspot, for more rational decisions-making the decision-maker needs to show the continuous change in the dynamic and complex situation by using SA tools. Recently, SA was used in the area of network security that is called Network Security Situation Awareness (NSSA).
Currently, network security administrators manually arranged alerts from intrusion detection systems, firewall, anti-virus software and scanner to attain a high level description of cyber attacks. Because of the large amount and unrelated alerts, security administrators cannot know the security threat situation of the system and so adopt appropriate measures in time. NSSA can resolve the problem effectively. Network security situation function model was presented based on the SA three level models. The dissertation was stated according to the following line: input of multi-source alerts information→alerts refinement→the output of network security situation→survivability assessment after attacks. This work provides a high and comprehensible result of the current network station for the administrators from alerts occurrence to attack analysis, from situation output to survivability assessment. To realize the model, the dissertation made three aspects researches.
At the first step, multi-source data correlation is studied. ECPN (Extended Colored Petri Net) was described formally and figured modeled which was formed through adding observed set to CPN for describing alerts information from security tools. Then, ECPN-Scenario-Constructor and Multistep-Abstract algorithms were proposed based on ECPN. At last, the experimental results show that alerts are correlated effectively, attack policy of attacker can be found early, and false positive and negative alerts can be reduced through the data set of DARPA 2000 intrusion scenario correlation benchmark.
Then, NSSA based on data fusion is discussed. Network security situation analysis and its roles in the security risk assessment were described, and formal description of cyberspace situational awareness was presented from the refinement of situation character, comprehension of current situation and projection of the next behavior. The evidence of D-S theory is used for the fusion of network security situation elements from landscape orientation and portrait. Landscape orientation fusion resolves the problem of the alert overload and adds the reliability of attack. The result of landscape orientation fusion is the input of portrait fusion which correlates the multi-step complex attack through correlated algorithm. Petri net was used for describing transfer of the system at the time of attack occurrence. The current security situation was analyzed by the occurrence the attack events.
Finally, network survivability after attack was assessed. Network survivability was used for projection of next security situation. Object-oriented Petri net was used for formal description and modeling of network system. Then attack failure model was established and the transformation of system state in the presence of attack was described by the method of fuzzy inference. In succession, the value parameters were presented based on the quantification of attack severity level and service level. At last, PCTL (Probabilistic real time Computation Tree Logic) was used for describing survivability formula, and model checking algorithm was used for estimating the survivability.
引文
[1]CERT/CC Statistics,http://www.cert.org/stats/,2008.7
[2]William S著,孟庆树,王丽娜等译.密码编码学与网络安全--原理与实践(第四版)2007:5-7
[3]A note on distributed coordinated attacks[EB/OL],http://www.all.net /books/ dca/background.html.
[4]Ning P,Xu D.Learning attack strategies from intrusion alerts.In:Proceedings of the 10~(th) ACM Conference on Computer and Communications Security(CCS'03),Washington D.C.,October 2003:200-209
[5]Intrusion prevention systems:the next step in the evolution of IDS [EB/OL].http://www.securityfocus.com/infocus/1670.
[6]DARPA summary power point[EB/OL],http://www.securedecisions.com /dar pa.htm.
[7]Intrusion detection exchange format[EB/OL],http://www.ietf.org/htm l.charte rs/ idwg-charter.html.
[8]Software[EB/OL].http://www.silicondefense.com/idwg/.
[9]Debar H,Dacier M,Wespi A,et al.An Experimentation Workbench for Intrusion Detection Systems[R].IBM Zurich Research Laboratory,1998.
[10]Cohen F.50 ways to defeat your intrusion detection system[EB/OL].http://all.net/
[11]Anti-IDS tools and tactics[EB/OL],http://www.sans.org/rr/intrusion /anti-id s.php.
[12]Ptacek T,Newsham T.Secure networks insertion,evasion,and denial of service:eluding network intrusion detection[EB/OL].http://citeseer.nj.nec.com/ptacek98insertion.html.
[13]于明,陈卫东,周希元.网络纵深防御与入侵防护系统.网络安全技术与应用,2007,1:15-17
[14]游靖芬.应用于网络安全情景察觉系统之警讯冲突解析模型.国立中央大学硕士论文,http://thesis.lib.ncu.edu.tw/,2007
[15]Harrald J,Jefferson T.Shared Situational Awareness in Emergency Management Mitigation and Response.In Proceedings of the 40th Hawaii International Conference on System Sciences,2007
[16]Theureau J.Use of Nuclear Reactor Control Room Simulators In Research & Development.In:7th IFAC/IFIP/IFORS/IEA Symposium on Analysis,Design and Evaluation of MAN-MACHINE SYSTEMS,Kyoto,1998:425-430
[17]Endsley M R.Design and evaluation for situation awareness enhancement.In Proceedings of the Human Factors Society 32nd Annual Meeting,pages 97-101,Santa Monica,CA,1988
[18]Bass T.Multisensor data fusion for next generation distributed intrusion detection systems[C].In:1999 IRIS National Symp.on Sensor and Data Fusion.Laurel,1999,24-27
[19]王慧强,赖积保,朱亮等.网络态势感知系统研究综述.计算机科学,2006,33(10):5-10
[20]Bass T.Intrusion systems and multisensor data fusion:Creating cyberspace situational awareness[J],Communications of the ACM,2000,43(4):99-105
[21]Batsell S G.,Rao N S,Shankar M.Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security.http://www.ioc.ornl.gov/projects/documents/containment.pdf,2005
[22]Shifflet J.A Technique Independent Fusion Model for Network Intrusion Detection.Proc.of the Midstates Conference on Undergraduate Research in Computer Science and Mathematics,2005,3(1):13-19
[23]Montigny-Leboeuf D A,Massicotte F.Passive network discovery for real time situation awareness.NATO/ RTO Adaptive Defence in Unclassified Networks,Toulouse,France,April 2004
[24]Yurcik W.Two visual computer network security monitoring tools incorporating operator interface requirements.ACM CHI Workshop on Human-Computer Interaction and Security Systems(HCISEC),2003
[25]Lau S.The spinning cube of potential doom.Communications of the ACM,2004,47(6):25-26
[26]Carnegie Mellon's SEI.System for Internet Level Knowledge(SILK).http.V/silktools.source forge.net,2005
[27]Yurcik W.Visualizing Netflows for Security at Line Speed:The SIFT Tools Suite.In:19th Usenix Large Installation System Administration Conference(LISA),San Diego,CA USA,Dec.2005
[28]Bearavolu R,Lakkaraju K,Yurcik W.NVisionIP:An Animate State Analysis Tool for Visualizing NetFlows[C].FLOCON Network Flow Analysis Workshop(Network Flow Analysis for Security Situational Awareness),Sept.2005
[29]Yin X X,Yurcik W,Slagell A.The Design of VisFlowConnect -IP:a Link Analysis System for IP Security Situational Awareness[C].In:Third IEEE International Work shop on Informa tion Assurance(IWIA),2005
[30]Li Z M,Taylor J,Partridge E,et al.UCLog:A Unified,Correlated Logging Architecture for Intrusion Detection.In:12th International Conference on Telecommunication Systems Modeling and Analysis(ICTSM),2004
[31]冯毅.《中国信息战》我军信息与网络安全的思考.http://www.laocanmou.net/html/20056194115.html,2005.6
[32]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报,2006,17(4):885-897
[33]北京理工大学信息安全与对抗技术研究中心.网络安全态势评估系统技术白皮书.http://www.thinkor.com/product/download/网络安全态势评估系统技术白皮书2.doc,2005
[34]胡华平.面向大规模网络的入侵检测与预警系统研究.国防科技大学学报,2003,25(1)
[35]Lai J B,Wang H Q,Zhu L.Study of network security situation awareness model based on simple additive weight and grey theory.International Conference on Computational-Intelligence and Security,NOV 03-06,2006
[36]Hu W,Li J H,Shi J J.A novel approach to cyberspace security situation based on the vulnerabilities analysis.Proceedings of the 6th World Congress on Intelligent Control and Automation,June,2006,Dalian,China
[37]韩崇昭 朱洪艳 段战胜等著 多源信息融合 北京:清华大学出版社,2006
[38]White F E.Data fusion lexicon.Joint directors of laboratories,Technical Panel for C~3,Data fusion sub-panel,naval ocean systems center,San Diego,CA,USA,1987
[39]White F E.A model for data fusion.In:Proc.1~(st) National Symposium on Sensor Fusion.Orlando,FL,vol.2,Apr.5-8,1998
[40]Steinberg A N,Bowman C L,White F E.Revisions to the JDL Data Fusion Model.In Sensor Fusion:Architectures,Algorithms,and Applications,Proceedings of the SPIE.Orlando:Florida,1999:430-441
[41]Mead R N,Ellison R,Linger C R,et al.Life-cycle models for survivable systems[C].Proceedings of the Third Information Survivability workshop(ISW-2000),2000:24- 26
[42]Frank H.Survivability analysis of command and control commun ications networks-part Ⅰ,Ⅱ.IEEE Transactions on Communications,22(5):589-605,May 1974
[43]Hollway B A,Neumman P G.Survivable computer communication system:The problem and working group recommendations[R].Washington:US Army Research Laboratory,1993
[44]http://www.cert.org/research/isw.html
[45]Zhao G S,Wang H Q,Wang J.A Novel Formal Analysis Method of Network Survivability Based on Stochastic Process Algebra.Tsinghua Science and Technology,2007,12(s1):175-179
[46]Wang J,Wang H Q,Zhao G S.Novel Quantitative Analysis Model for Information System Survivability Based on Conflict Analysis.Tsinghua Science And Technology,2007,12(s1):217-222
[47]袁丹,张玉清.网络可生存性定义研究[J].计算机研究与发展,2007,43:525-529
[48]林雪纲,朱淼良,许榕生.信息系统生存性的层次化计算.浙江大学学报(工学版),2006,40(11):1960-1965
[49]Westmark R.A Definition for Information System Survivability.Proceedings of the 37th Hawaii International Conference on System Sciences,2004:2086-2096
[50]Ellison R J,Fisher D A,Linger R C,et al.Survivable Network System:An Emerging Discipline Technical Report,CMU/SEI-97-TR-013,ESC-TR-97-013,1999
[51]Knight C J,Strunk A E,Sullivan J K.Towards a Rigorous Definition of Information System Survivability.DARPA.Information Survivability Conference and Exposition,2003,(1):78-89
[52]Al-Kuwaiti M,Kyriakopoulos N,Hussein S.Network Dependability,Fault-tolerance,Reliability,Security,Survivability:A Framework for Comparative Analysis.2006 International Conference on Computer Engineering and Systems,2006,Page(s):282-287
[53]林闯,王元卓,杨扬,曲扬.基于随机Petri网的网络可信赖性分析方法研究.电子学报,2006,34(2):322-332
[54]张慧敏,古天龙.网络可生存性的建模与分析技术.桂林电子科技大学学报,2006,26(5):370-374
[55]Louca S,Pitsillides A,Samaras G.On network survivability algorithms based on trellis graph transformations[A].Proceedings of the Fourth IEEE Symposium on Computers and Cornmunications[C],1999:235-243
[56]Jha S,Wing J,Linger R,et al.Survivability Analysis of Network Specifications.Proceedings International Conference,2000:613-622
[57]Jha S,Wing J.Survivability analysis of networked system.Proceedings of the 23rd International Conference,2001:307-317
[58]Dong S K,Khaja M S,Jong S P.A Framework of Survivability Model for Wireless Sensor Network.Proceedings of the First International Conference on Availability,Reliability and Security,2006:515-522
[59]McDermott J.Attack-Potential-Based Survivability Modeling For High-Consequence Systems.Proceedings of the 3rd IEEE International Workshop on Information Assurance(IWIA' 05)[C].College Park,Marylan d,2005.119-130
[60]Zhang L J,Wang W,Guo L,et al.A Survivability Quantitative Analysis Model for Network System Based on Attack Graph.International Conference on Machine Learning and Cybernetics,2007:3211-3216
[61]Cloth L,Haverkort B R.Model Checking for Survivability.Proceedings of the Second International Conference on the Quantitative Evaluation of Systems,2005:145-154
[62]Zolfaghari A,Kaudel F J.Framework for Network Survivability Performance.IEEE Journal on Selected Areas in Communication,1994,12(1):46-51
[63]Liu Y,Trivadi K S.A General Framework for Network Survivability Quantification.12th GI/ITG Conference on Measuring,Modeling and Evaluation of Computer and Communication System,2004
[64]Julisch K,Dacier M,Mining Intrusion Detection Alarms For Actionable Knowledge[C],in:Proceedings of the 8th ACM International Conference on Knowledge Discovery and Data Mining,July 2002,pp.366-375
[65]穆成坡,黄厚宽,田盛丰.入侵检测系统报警信息聚合与关联技术研究综述[J].计算机研究与发展,2006,43(1):1-8
[66]Perdisci R,Giacinto G,Roli F.Alarm clustering for intrusion detection systems in computer networks[J].Engineering Applications of Artificial Intelligence,2006,19:429-438
[67]Debar H,Wespi A.Aggregation and Correlation of Intrusion Detection Alerts[C].In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection 2001.Springer-Verlag Lecture Notes in Computer Science,2001,85-103
[68]Valdes A,Skinner K.Probabilistic alert correlation[C].In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection.Lecture Notes in Computer Science 2212.Springer Verlag,2001,54-68
[69]诸葛建伟,韩心慧,叶志远,邹维.基于扩展目标规划图的网络攻击规划识别算法[J].计算机学报,2006,29(8):1356-1366
[70]Geib C W,Goldman R P.Plan Recognition in Intrusion Detection System[C].In:Proceedings of the DARPA Information Survivalility Conference and Exposition(DISCEX Ⅱ'01),2001
[71]Xu H,Feng J W,Pan A.A Novel Temporal Scenario Recognition Algorithm and Its Application in Intrusion Detection Alert Fusion[J].Journal of Peking University,2005(41),448-460
[72]Cuppens F,Miege A.Alert correlation in a cooperative intrusion detection framework.In:IEEE Symp.on Security and Privacy.Oakland,2002.12-15
[73]Ning P,Cui Y,Reeves D S.Constructing attack scenarios through correlation of intrusion alerts[A].Proceedings of the 9th ACM Conference on Computer & Communications Security[C].Washington,USA:ACM Press,2002.245-254.
[74]Ning P,Xu D,Healey C,et al.Building attack scenarios through integration of complementary alert correlation methods[C].In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS '04),pages 97-111,February 2004
[75]Yu D,Frincke D.Improving The Quality of Alerts and Predicting Intruder'S Next Goal with Hidden Colored Petri-Net[J].Computer Networks 51,2007:632-654
[76]Zhai Y,Ning P,Iyer P,et al.Reasoning About Complementary Intrusion Evidence[C],in:Proceedings of 20th Annual Computer Security Applications Conference,December 2004,pp.39-48.
[77]Morin B,Me L,Debar H,et al.M2D2:A formal data model for IDS alert correlation[C].In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection(RAID 2002),pages 115-137,2002.
[78]Porras P A,Fong M W,Valdes A.A mission-impact-based approach to INFOSEC alarm correlation[C].In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection(RAID 2002),pages 95-114,2002.
[79]Amico D A.Cyber defense situational awareness[C].Brookhaven National Laboratory Conference on Computer Security in a Collaborative Science Environment,2000
[80]冯光升,王慧强,王增全.基于混合关联的警报处理方法研究.大连海事大学学报,2008,34(3):93-101
[81]Huang Y,Lee W.Attack Analysis and Detection for Ad Hoc Routing Protocols.In:Proc.Of The 7~(th) International Symposium on Recent Advances in Intrusion Detection(RAID 2004),Sophia Antipolis,France,Sept.2004
[82]Qin X Z,Lee W.Discovering Novel Attack Strategies from INFOSEC Alert.In:Proceedings of The 9~(th) European Symposium on Research in Computer Security(ESORICS 2004),Sophia Antipolis,France,Sept.2004
[83]Kautz H,Allen J F.Generalized plan recognition.In:Proc.Of the Fifth National Conference on Artificial lnelligence,1992.34-44
[84]Kumar S,Spafford E H.A Pattern Matching Model for Misuse Intrusion Detection[C].In:Proceedings of The 17th National Computer Security Conference,Baltimore,Maryland,1994
[85]严芬,黄皓,殷新春.基于CTPN的复合攻击检测方法研究[J].计算机学报,2006,29(8):1383-1391
[86]Templeton S,Levitt K.A requires/provides model for computer attacks.In:Proc.of New Security Paradigms Workshop,Sept.2000,31-38
[87]Ning P,Xu D B.Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems.ACM Transactions on Information and System Security(TISSEC),2004,7(4):591-627
[88]Takata T,Koike H.Mielog:A highly interactive visual log browser using information visualization and statistical analysis.In:Proceedings of LISA XVI Sixteenth Systems Administration Conference,2002.11
[89]Koike H,Ohro K.Snort View:Visualization systems of snort logs.ACM,VizSEC/DMSEC'04,Washington DC.,U S A,2004.10
[90]Danyliw R.ACID:Analysis Console for Intrusion Database.http://acidlab.sourceforge.net,2001
[91]Erbacher R.Intrusion behavior detection through visualization.In:Proceedings of the IEEE systems,Man and Cybernetics Conference,Crystal City,Virginia,U S A,2003.10
[92]Conti G.,Abdullah K.Passive visual fingerprinting of network attack tools.VizSEC/DMSEC'04.In:Proceedings of 2004 ACM workshop on Visualization and Data Mining for Computer Security.New York,U S A,2004
[93]Krasser S,Conti G.,Grizzard J,et al.Real-time and forensic network data analysis using animated and coordinated visualization.2005 IEEE Workshop on Information Assurance.IEEE Press,2005
[94]Fink G A,Muessig P,North C.Visual correlation of host processes and network traffic[C].In Proc.of VizSec 2005,pages 11-19
[95]Livnat Y,Agutter J,Moon S,et al.Visual correlation for situational awareness[C]Proceedings-IEEE Symposium on Information Visualization,INFO VIS,2005,pp.95-102
[96]Foresti S,Agutter J,Livnat Y,et al.Visual correlation of network alerts[J].IEEE Computer Graphics and Applications,2006,26(2):48-59
[97]Siaterlis C.,Maglaris B.Towards Multisensor Data Fusion for DoS detection[C].Proceedings of the 2004 ACM Symposium on Applied Computing.Nicosia,Cyprus:Association for Computing Mchinery,2004:439-446
[98]MIT LINCOLN LAB 2000.2000 DARPA Intrusion Detection Scenario-Specific Datasets[EB/OL].Available at http://www.ll.mit.edu/ IST/ideval/data/2000/2000 data index.html.
[99]Haines J,Ryder D K,Tinnel L,et al.Validation of Sensor Alert Correlators[J].IEEE SECURITY & PRIVACY,2003:46-56
[100]Haines J A,Rossey L M,Lippmann R P,et al.Extending the DARPA Off-Line Intrusion Detection Evaluation.In:Darpa Information Survivability Conference and Exposition(DISCEX) Ⅱ,2001,1:77-88
[101]Athanasiades N,Abler R,Levine J,et al.Intrusion Detection Testing and Benchmarking Methodologies.In:Proc.of the 1st IEEE International Workshop on Information Assurance(IWlA'03),Washington DC,USA,2003:63-73
[102]http://www.honeynet.org/scans/index.html
[103]http://cctf.shmoo.com
[104]史美林 钱俊 许超.入侵检测系统数据集评测研究[J].计算机科学,2006 33(8):1-8
[105]Ortalo R,Deswarte Y,Ka(?)niche M.Experimenting with quantitative evaluation tools for monitoring operational security.IEEE Trans.on Software Engineering,1999,25(5):633-651
[106]肖道举,杨素娟,周开锋等.网络安全评估模型研究.华中科技大学学报(自然科学版),2002,30(4):37-39
[107]冯登国,张阳,张玉清.信息安全风险评估综述.通信学报,2004,25(7):10-18
[108]Ambrosio D B,Takikawa M,Upper D,et al.Security situation assessment and response evaluation.In:DARPA Information Survivability Conf.& Exposition Ⅱ.Anaheirn,2001.387-394
[109]Hariri S,Qu G Z,Dharmagadda T,et al.Impact analysis of faults and attacks in large-scale networks.IEEE Security & Privacy,2003,1(5):49-54
[110]Blyth A.Footprinting for intrusion detection and threat assessment.Information Security Technical Report,1999,4(3):43-53
[111]Xiao H D,Li J H.Knowledge base based analysis of security situational awareness.Proceedings of the International Conference on Networking,ICN/ICONS/MCL'06,2006
[112]任伟.网络安全态势评估智能化研究.上海交通大学硕士学位论文,2007
[113]McPherson M,Ma L K,Krystosk P,et al.Portvis:A tool for port-based detection of security events.In CCS Workshop on Visualization and Data Mining for Computer Security,October 2004
[114]Teoh S,Ma K,and Wu S.Visual exploration process for the analysis of internet routing data.In IEEE Conference on Visualization 2003,pages 523 - 530
[115]Wood A.Intrusion detection:Visualizing attacks in ids data.Giac gcia practical,SANS Institute,February 2003
[116]田俊峰,赵卫东,杜瑞忠等.新的入侵检测数据融合模型--IDSFP.通信学报,2006,27(6):115-120
[117]薛静峰,曹元大.Petri网在IDS中的应用研究.计算机工程,2004,30(15):117-119
[118]梁毅,周建国,晏蒲柳.基于有色Petri网的移动Agent的网络入侵检测系统.计算机工程,2003,29(16):106-108
[119]Endsley M R,Garland D J.Situation Awareness Analysis and Measurement.Lawrence Erlbaum Associates,Mahawah,New Jersey,USA,2000:45-188
[120]李伟生,王宝树.基于模糊逻辑和D-S证据理论的一种态势估计方法.系统工程与电子技术,2003,25(10):1278-1280
[121]Lippmann R P,Haines J W,Fried D J,et al.The 1999 DARPA Off-Line Intrusion Detection Evaluation,submitted to Proceedings of 3rd International Workshop on Recent Advances in Intrusion Detection(RAID 2000)
[122]Dempster A.Upper and lower probabilities induced by multivalued mapping.Annals of Mathematical Statistics,1967,38(2):325-339
[123]诸葛建伟,王大为,陈昱等.基于D-S证据理论的网络异常检测方法[J].软件学报,2006,17(3):463-471
[124]Moitra S D,Konda S L.The Survivability of Network Systems:An Empirical Analysis[R].CMU/SEI-2000-TR-021
[125]Sheldon F,Potok T,Krings A.Critical Energy Infrastructure Survivability,Inherent Limitations,Obstacles,And Mitigation Strategies[J],International Journal of Power and Energy Systems,2004,2:86-92
[126]Garsva E.Computer system survivability modeling by using stochastic activity network[J].In:Lecture Notes in Computer Science:Computer Safety,Reliability,and Security,2006,4166:71-84
[127]Lee Y K,Park S J.OPNets:An Object-oriented high-level Petri net Model for Real-time System Modeling[J].Journal of System Software,1993,20:69-86
[128]Chen S M,Ke J S,Chang J F.Knowledge Representation Using Fuzzy Petri Nets[J].IEEE Transactions on Knowledge and Data Engineering,1990, 2(3):311-319
[2]William S著,孟庆树,王丽娜等译.密码编码学与网络安全--原理与实践(第四版)2007:5-7
[3]A note on distributed coordinated attacks[EB/OL],http://www.all.net /books/ dca/background.html.
[4]Ning P,Xu D.Learning attack strategies from intrusion alerts.In:Proceedings of the 10~(th) ACM Conference on Computer and Communications Security(CCS'03),Washington D.C.,October 2003:200-209
[5]Intrusion prevention systems:the next step in the evolution of IDS [EB/OL].http://www.securityfocus.com/infocus/1670.
[6]DARPA summary power point[EB/OL],http://www.securedecisions.com /dar pa.htm.
[7]Intrusion detection exchange format[EB/OL],http://www.ietf.org/htm l.charte rs/ idwg-charter.html.
[8]Software[EB/OL].http://www.silicondefense.com/idwg/.
[9]Debar H,Dacier M,Wespi A,et al.An Experimentation Workbench for Intrusion Detection Systems[R].IBM Zurich Research Laboratory,1998.
[10]Cohen F.50 ways to defeat your intrusion detection system[EB/OL].http://all.net/
[11]Anti-IDS tools and tactics[EB/OL],http://www.sans.org/rr/intrusion /anti-id s.php.
[12]Ptacek T,Newsham T.Secure networks insertion,evasion,and denial of service:eluding network intrusion detection[EB/OL].http://citeseer.nj.nec.com/ptacek98insertion.html.
[13]于明,陈卫东,周希元.网络纵深防御与入侵防护系统.网络安全技术与应用,2007,1:15-17
[14]游靖芬.应用于网络安全情景察觉系统之警讯冲突解析模型.国立中央大学硕士论文,http://thesis.lib.ncu.edu.tw/,2007
[15]Harrald J,Jefferson T.Shared Situational Awareness in Emergency Management Mitigation and Response.In Proceedings of the 40th Hawaii International Conference on System Sciences,2007
[16]Theureau J.Use of Nuclear Reactor Control Room Simulators In Research & Development.In:7th IFAC/IFIP/IFORS/IEA Symposium on Analysis,Design and Evaluation of MAN-MACHINE SYSTEMS,Kyoto,1998:425-430
[17]Endsley M R.Design and evaluation for situation awareness enhancement.In Proceedings of the Human Factors Society 32nd Annual Meeting,pages 97-101,Santa Monica,CA,1988
[18]Bass T.Multisensor data fusion for next generation distributed intrusion detection systems[C].In:1999 IRIS National Symp.on Sensor and Data Fusion.Laurel,1999,24-27
[19]王慧强,赖积保,朱亮等.网络态势感知系统研究综述.计算机科学,2006,33(10):5-10
[20]Bass T.Intrusion systems and multisensor data fusion:Creating cyberspace situational awareness[J],Communications of the ACM,2000,43(4):99-105
[21]Batsell S G.,Rao N S,Shankar M.Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security.http://www.ioc.ornl.gov/projects/documents/containment.pdf,2005
[22]Shifflet J.A Technique Independent Fusion Model for Network Intrusion Detection.Proc.of the Midstates Conference on Undergraduate Research in Computer Science and Mathematics,2005,3(1):13-19
[23]Montigny-Leboeuf D A,Massicotte F.Passive network discovery for real time situation awareness.NATO/ RTO Adaptive Defence in Unclassified Networks,Toulouse,France,April 2004
[24]Yurcik W.Two visual computer network security monitoring tools incorporating operator interface requirements.ACM CHI Workshop on Human-Computer Interaction and Security Systems(HCISEC),2003
[25]Lau S.The spinning cube of potential doom.Communications of the ACM,2004,47(6):25-26
[26]Carnegie Mellon's SEI.System for Internet Level Knowledge(SILK).http.V/silktools.source forge.net,2005
[27]Yurcik W.Visualizing Netflows for Security at Line Speed:The SIFT Tools Suite.In:19th Usenix Large Installation System Administration Conference(LISA),San Diego,CA USA,Dec.2005
[28]Bearavolu R,Lakkaraju K,Yurcik W.NVisionIP:An Animate State Analysis Tool for Visualizing NetFlows[C].FLOCON Network Flow Analysis Workshop(Network Flow Analysis for Security Situational Awareness),Sept.2005
[29]Yin X X,Yurcik W,Slagell A.The Design of VisFlowConnect -IP:a Link Analysis System for IP Security Situational Awareness[C].In:Third IEEE International Work shop on Informa tion Assurance(IWIA),2005
[30]Li Z M,Taylor J,Partridge E,et al.UCLog:A Unified,Correlated Logging Architecture for Intrusion Detection.In:12th International Conference on Telecommunication Systems Modeling and Analysis(ICTSM),2004
[31]冯毅.《中国信息战》我军信息与网络安全的思考.http://www.laocanmou.net/html/20056194115.html,2005.6
[32]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报,2006,17(4):885-897
[33]北京理工大学信息安全与对抗技术研究中心.网络安全态势评估系统技术白皮书.http://www.thinkor.com/product/download/网络安全态势评估系统技术白皮书2.doc,2005
[34]胡华平.面向大规模网络的入侵检测与预警系统研究.国防科技大学学报,2003,25(1)
[35]Lai J B,Wang H Q,Zhu L.Study of network security situation awareness model based on simple additive weight and grey theory.International Conference on Computational-Intelligence and Security,NOV 03-06,2006
[36]Hu W,Li J H,Shi J J.A novel approach to cyberspace security situation based on the vulnerabilities analysis.Proceedings of the 6th World Congress on Intelligent Control and Automation,June,2006,Dalian,China
[37]韩崇昭 朱洪艳 段战胜等著 多源信息融合 北京:清华大学出版社,2006
[38]White F E.Data fusion lexicon.Joint directors of laboratories,Technical Panel for C~3,Data fusion sub-panel,naval ocean systems center,San Diego,CA,USA,1987
[39]White F E.A model for data fusion.In:Proc.1~(st) National Symposium on Sensor Fusion.Orlando,FL,vol.2,Apr.5-8,1998
[40]Steinberg A N,Bowman C L,White F E.Revisions to the JDL Data Fusion Model.In Sensor Fusion:Architectures,Algorithms,and Applications,Proceedings of the SPIE.Orlando:Florida,1999:430-441
[41]Mead R N,Ellison R,Linger C R,et al.Life-cycle models for survivable systems[C].Proceedings of the Third Information Survivability workshop(ISW-2000),2000:24- 26
[42]Frank H.Survivability analysis of command and control commun ications networks-part Ⅰ,Ⅱ.IEEE Transactions on Communications,22(5):589-605,May 1974
[43]Hollway B A,Neumman P G.Survivable computer communication system:The problem and working group recommendations[R].Washington:US Army Research Laboratory,1993
[44]http://www.cert.org/research/isw.html
[45]Zhao G S,Wang H Q,Wang J.A Novel Formal Analysis Method of Network Survivability Based on Stochastic Process Algebra.Tsinghua Science and Technology,2007,12(s1):175-179
[46]Wang J,Wang H Q,Zhao G S.Novel Quantitative Analysis Model for Information System Survivability Based on Conflict Analysis.Tsinghua Science And Technology,2007,12(s1):217-222
[47]袁丹,张玉清.网络可生存性定义研究[J].计算机研究与发展,2007,43:525-529
[48]林雪纲,朱淼良,许榕生.信息系统生存性的层次化计算.浙江大学学报(工学版),2006,40(11):1960-1965
[49]Westmark R.A Definition for Information System Survivability.Proceedings of the 37th Hawaii International Conference on System Sciences,2004:2086-2096
[50]Ellison R J,Fisher D A,Linger R C,et al.Survivable Network System:An Emerging Discipline Technical Report,CMU/SEI-97-TR-013,ESC-TR-97-013,1999
[51]Knight C J,Strunk A E,Sullivan J K.Towards a Rigorous Definition of Information System Survivability.DARPA.Information Survivability Conference and Exposition,2003,(1):78-89
[52]Al-Kuwaiti M,Kyriakopoulos N,Hussein S.Network Dependability,Fault-tolerance,Reliability,Security,Survivability:A Framework for Comparative Analysis.2006 International Conference on Computer Engineering and Systems,2006,Page(s):282-287
[53]林闯,王元卓,杨扬,曲扬.基于随机Petri网的网络可信赖性分析方法研究.电子学报,2006,34(2):322-332
[54]张慧敏,古天龙.网络可生存性的建模与分析技术.桂林电子科技大学学报,2006,26(5):370-374
[55]Louca S,Pitsillides A,Samaras G.On network survivability algorithms based on trellis graph transformations[A].Proceedings of the Fourth IEEE Symposium on Computers and Cornmunications[C],1999:235-243
[56]Jha S,Wing J,Linger R,et al.Survivability Analysis of Network Specifications.Proceedings International Conference,2000:613-622
[57]Jha S,Wing J.Survivability analysis of networked system.Proceedings of the 23rd International Conference,2001:307-317
[58]Dong S K,Khaja M S,Jong S P.A Framework of Survivability Model for Wireless Sensor Network.Proceedings of the First International Conference on Availability,Reliability and Security,2006:515-522
[59]McDermott J.Attack-Potential-Based Survivability Modeling For High-Consequence Systems.Proceedings of the 3rd IEEE International Workshop on Information Assurance(IWIA' 05)[C].College Park,Marylan d,2005.119-130
[60]Zhang L J,Wang W,Guo L,et al.A Survivability Quantitative Analysis Model for Network System Based on Attack Graph.International Conference on Machine Learning and Cybernetics,2007:3211-3216
[61]Cloth L,Haverkort B R.Model Checking for Survivability.Proceedings of the Second International Conference on the Quantitative Evaluation of Systems,2005:145-154
[62]Zolfaghari A,Kaudel F J.Framework for Network Survivability Performance.IEEE Journal on Selected Areas in Communication,1994,12(1):46-51
[63]Liu Y,Trivadi K S.A General Framework for Network Survivability Quantification.12th GI/ITG Conference on Measuring,Modeling and Evaluation of Computer and Communication System,2004
[64]Julisch K,Dacier M,Mining Intrusion Detection Alarms For Actionable Knowledge[C],in:Proceedings of the 8th ACM International Conference on Knowledge Discovery and Data Mining,July 2002,pp.366-375
[65]穆成坡,黄厚宽,田盛丰.入侵检测系统报警信息聚合与关联技术研究综述[J].计算机研究与发展,2006,43(1):1-8
[66]Perdisci R,Giacinto G,Roli F.Alarm clustering for intrusion detection systems in computer networks[J].Engineering Applications of Artificial Intelligence,2006,19:429-438
[67]Debar H,Wespi A.Aggregation and Correlation of Intrusion Detection Alerts[C].In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection 2001.Springer-Verlag Lecture Notes in Computer Science,2001,85-103
[68]Valdes A,Skinner K.Probabilistic alert correlation[C].In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection.Lecture Notes in Computer Science 2212.Springer Verlag,2001,54-68
[69]诸葛建伟,韩心慧,叶志远,邹维.基于扩展目标规划图的网络攻击规划识别算法[J].计算机学报,2006,29(8):1356-1366
[70]Geib C W,Goldman R P.Plan Recognition in Intrusion Detection System[C].In:Proceedings of the DARPA Information Survivalility Conference and Exposition(DISCEX Ⅱ'01),2001
[71]Xu H,Feng J W,Pan A.A Novel Temporal Scenario Recognition Algorithm and Its Application in Intrusion Detection Alert Fusion[J].Journal of Peking University,2005(41),448-460
[72]Cuppens F,Miege A.Alert correlation in a cooperative intrusion detection framework.In:IEEE Symp.on Security and Privacy.Oakland,2002.12-15
[73]Ning P,Cui Y,Reeves D S.Constructing attack scenarios through correlation of intrusion alerts[A].Proceedings of the 9th ACM Conference on Computer & Communications Security[C].Washington,USA:ACM Press,2002.245-254.
[74]Ning P,Xu D,Healey C,et al.Building attack scenarios through integration of complementary alert correlation methods[C].In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS '04),pages 97-111,February 2004
[75]Yu D,Frincke D.Improving The Quality of Alerts and Predicting Intruder'S Next Goal with Hidden Colored Petri-Net[J].Computer Networks 51,2007:632-654
[76]Zhai Y,Ning P,Iyer P,et al.Reasoning About Complementary Intrusion Evidence[C],in:Proceedings of 20th Annual Computer Security Applications Conference,December 2004,pp.39-48.
[77]Morin B,Me L,Debar H,et al.M2D2:A formal data model for IDS alert correlation[C].In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection(RAID 2002),pages 115-137,2002.
[78]Porras P A,Fong M W,Valdes A.A mission-impact-based approach to INFOSEC alarm correlation[C].In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection(RAID 2002),pages 95-114,2002.
[79]Amico D A.Cyber defense situational awareness[C].Brookhaven National Laboratory Conference on Computer Security in a Collaborative Science Environment,2000
[80]冯光升,王慧强,王增全.基于混合关联的警报处理方法研究.大连海事大学学报,2008,34(3):93-101
[81]Huang Y,Lee W.Attack Analysis and Detection for Ad Hoc Routing Protocols.In:Proc.Of The 7~(th) International Symposium on Recent Advances in Intrusion Detection(RAID 2004),Sophia Antipolis,France,Sept.2004
[82]Qin X Z,Lee W.Discovering Novel Attack Strategies from INFOSEC Alert.In:Proceedings of The 9~(th) European Symposium on Research in Computer Security(ESORICS 2004),Sophia Antipolis,France,Sept.2004
[83]Kautz H,Allen J F.Generalized plan recognition.In:Proc.Of the Fifth National Conference on Artificial lnelligence,1992.34-44
[84]Kumar S,Spafford E H.A Pattern Matching Model for Misuse Intrusion Detection[C].In:Proceedings of The 17th National Computer Security Conference,Baltimore,Maryland,1994
[85]严芬,黄皓,殷新春.基于CTPN的复合攻击检测方法研究[J].计算机学报,2006,29(8):1383-1391
[86]Templeton S,Levitt K.A requires/provides model for computer attacks.In:Proc.of New Security Paradigms Workshop,Sept.2000,31-38
[87]Ning P,Xu D B.Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems.ACM Transactions on Information and System Security(TISSEC),2004,7(4):591-627
[88]Takata T,Koike H.Mielog:A highly interactive visual log browser using information visualization and statistical analysis.In:Proceedings of LISA XVI Sixteenth Systems Administration Conference,2002.11
[89]Koike H,Ohro K.Snort View:Visualization systems of snort logs.ACM,VizSEC/DMSEC'04,Washington DC.,U S A,2004.10
[90]Danyliw R.ACID:Analysis Console for Intrusion Database.http://acidlab.sourceforge.net,2001
[91]Erbacher R.Intrusion behavior detection through visualization.In:Proceedings of the IEEE systems,Man and Cybernetics Conference,Crystal City,Virginia,U S A,2003.10
[92]Conti G.,Abdullah K.Passive visual fingerprinting of network attack tools.VizSEC/DMSEC'04.In:Proceedings of 2004 ACM workshop on Visualization and Data Mining for Computer Security.New York,U S A,2004
[93]Krasser S,Conti G.,Grizzard J,et al.Real-time and forensic network data analysis using animated and coordinated visualization.2005 IEEE Workshop on Information Assurance.IEEE Press,2005
[94]Fink G A,Muessig P,North C.Visual correlation of host processes and network traffic[C].In Proc.of VizSec 2005,pages 11-19
[95]Livnat Y,Agutter J,Moon S,et al.Visual correlation for situational awareness[C]Proceedings-IEEE Symposium on Information Visualization,INFO VIS,2005,pp.95-102
[96]Foresti S,Agutter J,Livnat Y,et al.Visual correlation of network alerts[J].IEEE Computer Graphics and Applications,2006,26(2):48-59
[97]Siaterlis C.,Maglaris B.Towards Multisensor Data Fusion for DoS detection[C].Proceedings of the 2004 ACM Symposium on Applied Computing.Nicosia,Cyprus:Association for Computing Mchinery,2004:439-446
[98]MIT LINCOLN LAB 2000.2000 DARPA Intrusion Detection Scenario-Specific Datasets[EB/OL].Available at http://www.ll.mit.edu/ IST/ideval/data/2000/2000 data index.html.
[99]Haines J,Ryder D K,Tinnel L,et al.Validation of Sensor Alert Correlators[J].IEEE SECURITY & PRIVACY,2003:46-56
[100]Haines J A,Rossey L M,Lippmann R P,et al.Extending the DARPA Off-Line Intrusion Detection Evaluation.In:Darpa Information Survivability Conference and Exposition(DISCEX) Ⅱ,2001,1:77-88
[101]Athanasiades N,Abler R,Levine J,et al.Intrusion Detection Testing and Benchmarking Methodologies.In:Proc.of the 1st IEEE International Workshop on Information Assurance(IWlA'03),Washington DC,USA,2003:63-73
[102]http://www.honeynet.org/scans/index.html
[103]http://cctf.shmoo.com
[104]史美林 钱俊 许超.入侵检测系统数据集评测研究[J].计算机科学,2006 33(8):1-8
[105]Ortalo R,Deswarte Y,Ka(?)niche M.Experimenting with quantitative evaluation tools for monitoring operational security.IEEE Trans.on Software Engineering,1999,25(5):633-651
[106]肖道举,杨素娟,周开锋等.网络安全评估模型研究.华中科技大学学报(自然科学版),2002,30(4):37-39
[107]冯登国,张阳,张玉清.信息安全风险评估综述.通信学报,2004,25(7):10-18
[108]Ambrosio D B,Takikawa M,Upper D,et al.Security situation assessment and response evaluation.In:DARPA Information Survivability Conf.& Exposition Ⅱ.Anaheirn,2001.387-394
[109]Hariri S,Qu G Z,Dharmagadda T,et al.Impact analysis of faults and attacks in large-scale networks.IEEE Security & Privacy,2003,1(5):49-54
[110]Blyth A.Footprinting for intrusion detection and threat assessment.Information Security Technical Report,1999,4(3):43-53
[111]Xiao H D,Li J H.Knowledge base based analysis of security situational awareness.Proceedings of the International Conference on Networking,ICN/ICONS/MCL'06,2006
[112]任伟.网络安全态势评估智能化研究.上海交通大学硕士学位论文,2007
[113]McPherson M,Ma L K,Krystosk P,et al.Portvis:A tool for port-based detection of security events.In CCS Workshop on Visualization and Data Mining for Computer Security,October 2004
[114]Teoh S,Ma K,and Wu S.Visual exploration process for the analysis of internet routing data.In IEEE Conference on Visualization 2003,pages 523 - 530
[115]Wood A.Intrusion detection:Visualizing attacks in ids data.Giac gcia practical,SANS Institute,February 2003
[116]田俊峰,赵卫东,杜瑞忠等.新的入侵检测数据融合模型--IDSFP.通信学报,2006,27(6):115-120
[117]薛静峰,曹元大.Petri网在IDS中的应用研究.计算机工程,2004,30(15):117-119
[118]梁毅,周建国,晏蒲柳.基于有色Petri网的移动Agent的网络入侵检测系统.计算机工程,2003,29(16):106-108
[119]Endsley M R,Garland D J.Situation Awareness Analysis and Measurement.Lawrence Erlbaum Associates,Mahawah,New Jersey,USA,2000:45-188
[120]李伟生,王宝树.基于模糊逻辑和D-S证据理论的一种态势估计方法.系统工程与电子技术,2003,25(10):1278-1280
[121]Lippmann R P,Haines J W,Fried D J,et al.The 1999 DARPA Off-Line Intrusion Detection Evaluation,submitted to Proceedings of 3rd International Workshop on Recent Advances in Intrusion Detection(RAID 2000)
[122]Dempster A.Upper and lower probabilities induced by multivalued mapping.Annals of Mathematical Statistics,1967,38(2):325-339
[123]诸葛建伟,王大为,陈昱等.基于D-S证据理论的网络异常检测方法[J].软件学报,2006,17(3):463-471
[124]Moitra S D,Konda S L.The Survivability of Network Systems:An Empirical Analysis[R].CMU/SEI-2000-TR-021
[125]Sheldon F,Potok T,Krings A.Critical Energy Infrastructure Survivability,Inherent Limitations,Obstacles,And Mitigation Strategies[J],International Journal of Power and Energy Systems,2004,2:86-92
[126]Garsva E.Computer system survivability modeling by using stochastic activity network[J].In:Lecture Notes in Computer Science:Computer Safety,Reliability,and Security,2006,4166:71-84
[127]Lee Y K,Park S J.OPNets:An Object-oriented high-level Petri net Model for Real-time System Modeling[J].Journal of System Software,1993,20:69-86
[128]Chen S M,Ke J S,Chang J F.Knowledge Representation Using Fuzzy Petri Nets[J].IEEE Transactions on Knowledge and Data Engineering,1990, 2(3):311-319
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |