基於D-S證據理論之階層式網路安全情境察覺系統

情境察覺(Situation Awareness, SA)簡單來說就是知道現在發生什麼事並能知道如何回應，其由最初之飛航安全領域被引申用於其他動態、複雜且需要人力介入之領域中，如資訊安全領域，所以近年來網路安全情境察覺(Network Security Situation Awareness)之研究議題也逐漸受到重視。然而目前提出的網路安全情境察覺模型，仍無法提供足夠量化的安全情境或風險評估數據來幫助管理者依據當下網路狀態即時做出對的決策。因此在本論文中我們提出了階層式網路安全情境察覺系統(HNSSAS)，目的則是為了協助網管人員迅速找出網路中最弱環節，並給予合適的對策。我們首先使用D-S證據理論(D-S Evidence Theory)融合各異質網路感應器所回報警訊(Alert)之信賴值(Belief)，接著結合服務(Service)、主機(Host)本身的重要性參數，以及網路拓樸(Network Topology)，由下而上、先局部後整體去評估每個階層的安全情境。本論文最後以模擬案例的方式進行系統推演，實驗結果除了提供宏觀的系統安全情況，還提供了三種不同層次直觀的安全情境評估數值，有助於管理者適切地調整系統安全策略，而提高網路整體安全性能。

關鍵字

D-S證據理論；情境察覺；網路安全；階層式風險評估

並列摘要

Situation Awareness is simply “knowing what is going on so you can figure out what to do”. The term was first used by U.S. Air Force (USAF) fighter aircrew and was considered to be essential for those who are responsible for being in control of complex, dynamic systems and high-risk situations. In recent years, Network Security Situation Awareness is a hot research in the domain of information security. However, present-day cyberspace situation awareness model is unable to provide useful security situation or risk estimation for administrators, or to help administrators to make right and timely decisions based on current state of the network security. A Hierarchical Network Security Situation Awareness System in this paper helps administrator to find out the Achilles'' heel fast and deal with by suitable way. First using D-S Evidence Theory to fuse alert believes from multi-sensors. According to the network topology and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The simulation results show that this model can provide the intuitive security threat status in three hierarchies, so that system administrators are freed from tedious analysis tasks to have overall security status of the entire system. It is possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security.

並列關鍵字

Network Security ； Hierarchical Risk Assessment ； Situation Awareness ； D-S Evidence Theory

參考文獻

[2] Cuppens, F. and Miège, A., “Alert correlation in a cooperative intrusion detection framework,” IEEE Symp. on Security and Privacy. Oakland, Dec. 2002.

[4] Bass, T., “Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems,” Invited Paper 1999 IRIS National Symposium on Sensor and Data Fusion, pp.24-27, May 1999.

[6] Bass, T. and Robichaux, R., “Defense-in-depth revisited: qualitative risk analysis methodology for complex network-centric operations,” Proceedings of IEEE Military Communications Conference, vol.1, pp.64-70, 2001.

[7] Hu Wei, Li Jianhua and Shi Jianjun, “A Novel Approach to Cyberspace Security Situation Based on the Vulnerabilities Analysis,” Proceedings of the 6th World Congress on Intelligent Control and Automation, June 2006.

[8] Zhang Yong, Tan Xiaobin and Xi Hongsheng, “A Novel Approach to Network Security Situation Awareness Based on Multi-perspective Analysis,” IEEE 2007 International Conference on Computational Intelligence and Security, 2007.

被引用紀錄

林樹禮（2008）。結合證據理論的層級分析法於多準則決策之研究〔碩士論文，國立屏東科技大學〕。華藝線上圖書館。https://doi.org/10.6346/NPUST.2008.00054

國際替代計量

基於D-S證據理論之階層式網路安全情境察覺系統

未授權

主題瀏覽