CAJ | 학술논문

网络安全态势评估是目前网络安全领域的研究热点之一。对国内外已有的网络安全态势评估方法进行了分析和比较，提出一种融合多源数据的网络安全态势定量评估模型。同时考虑主机和链路对网络安全态势的影响，将网络安全态势指标归纳为主机安全指标和链路安全指标。采用改进D-S证据理论融合日志记录、告警信息和其他探针数据，得到精简的主机安全事件集合和链路安全事件集合。依据相应的服务信息分别计算主机安全态势和链路安全态势，实现网络安全态势定量评估。通过网络仿真软件构建网络实例，对所提出的网络安全态势评估模型进行了验证，实验结果表明该模型可以准确地对网络安全态势进行定量评估，评估结果能够客观地反映网络安全态势的变化趋势。
망락안전태세평고시목전망락안전영역적연구열점지일。대국내외이유적망락안전태세평고방법진행료분석화비교，제출일충융합다원수거적망락안전태세정량평고모형。동시고필주궤화련로대망락안전태세적영향，장망락안전태세지표귀납위주궤안전지표화련로안전지표。채용개진D-S증거이론융합일지기록、고경신식화기타탐침수거，득도정간적주궤안전사건집합화련로안전사건집합。의거상응적복무신식분별계산주궤안전태세화련로안전태세，실현망락안전태세정량평고。통과망락방진연건구건망락실례，대소제출적망락안전태세평고모형진행료험증，실험결과표명해모형가이준학지대망락안전태세진행정량평고，평고결과능구객관지반영망락안전태세적변화추세。
Network security situation assessment is one of the hottest topics in the field of network security. After analyz-ing and comparing the existing network security situation assessment methods at home and abroad, it proposes a network security situation quantitative assessment model fusing multi-source data. Considering the affection that the hosts and links have on the network security situation, network security situation indicators are grouped into host security indicators and link safety indicators. The streamlined host security event set and link security event set are gotten by using the im-proved D-S evidence theory to fuse logging, alarm, and other probe data. Network security situation quantitative assess-ment is implemented by computing the host security situation and the link security situation based on the corresponding service information. An instance is given to validate the proposed network security situation assessment model by network simulation software. Experimental results show that the model can accurately achieve the network security situation quan-titative evaluation, and the assessment results can objectively reflect the trend of network security situation.