通信学报
通信學報
통신학보
JOURNAL OF CHINA INSTITUTE OF COMMUNICATIONS
2013年
11期
59-70
,共12页
杨君刚%梁礼%刘故箐%张倩%张长青
楊君剛%樑禮%劉故箐%張倩%張長青
양군강%량례%류고정%장천%장장청
路由器安全%威胁态势%在线监测%风险评估
路由器安全%威脅態勢%在線鑑測%風險評估
로유기안전%위협태세%재선감측%풍험평고
router security%threat situation%online monitoring%risk assessment
在对路由器安全问题本质分析基础上提出路由器安全效能的概念并对路由器攻击进行分类,提出一种在线监测的路由器安全威胁态势量化评估的计算方法。该方法在对路由器攻击分类的基础上,以路由器带宽占用率和 CPU 平均使用率计算服务下降型威胁安全风险因子,以威胁发生可能性和威胁严重程度计算权限提升型安全风险因子,结合路由器本身的重要性计算其安全风险,进而分析路由器的安全威胁态势。实验表明:所提方法能够很好地反映路由器的安全风险,为网络管理员提供直观的安全威胁态势,以便调整路由器安全策略,更好地提高其安全性能。
在對路由器安全問題本質分析基礎上提齣路由器安全效能的概唸併對路由器攻擊進行分類,提齣一種在線鑑測的路由器安全威脅態勢量化評估的計算方法。該方法在對路由器攻擊分類的基礎上,以路由器帶寬佔用率和 CPU 平均使用率計算服務下降型威脅安全風險因子,以威脅髮生可能性和威脅嚴重程度計算權限提升型安全風險因子,結閤路由器本身的重要性計算其安全風險,進而分析路由器的安全威脅態勢。實驗錶明:所提方法能夠很好地反映路由器的安全風險,為網絡管理員提供直觀的安全威脅態勢,以便調整路由器安全策略,更好地提高其安全性能。
재대로유기안전문제본질분석기출상제출로유기안전효능적개념병대로유기공격진행분류,제출일충재선감측적로유기안전위협태세양화평고적계산방법。해방법재대로유기공격분류적기출상,이로유기대관점용솔화 CPU 평균사용솔계산복무하강형위협안전풍험인자,이위협발생가능성화위협엄중정도계산권한제승형안전풍험인자,결합로유기본신적중요성계산기안전풍험,진이분석로유기적안전위협태세。실험표명:소제방법능구흔호지반영로유기적안전풍험,위망락관리원제공직관적안전위협태세,이편조정로유기안전책략,경호지제고기안전성능。
The concept of router safety performance was proposed based on the nature of router security issues and router attacks were classified. Then a method for router online security risk assessment quantification was also presented. The security risk factor of service decline was calculated by router bandwidth consumption and average CPU usage and the security risk factor of privilege escalation was calculated by the possibility of threat occurrence and severity based on the router attack classification. The router security threat status was evaluated combining weighting the importance of router and the security risk factor. The experiment results show the method is effective in calculating the quantitive risk of the router and helpful for administrators to assess security risks.
