基于信息度量和损耗的网络安全系统综合效能分析研究

doi:10.3969/j.issn.1671-1122.2020.08.010

摘要/Abstract

摘要：

在信息化进程中,网络安全的重要意义和关键作用与日俱增。为了应对日益严峻的网络安全威胁,大量的网络安全系统被部署在网络中以保障应用系统不受攻击,如何评估网络安全系统在实际应用场景中的效果成为必须面对的问题。利用对网络安全系统的效能分析,可以为网络安全方案的设计和网络安全系统的选择提供必要的量化参考。但是,目前一般意义上的网络安全效能分析往往只关注防护效果,而忽视了网络安全系统部署后对被防护系统服务能力的负面影响。文章构建了一种以信息度量为基础的网络安全综合效能分析方法,将网络安全系统的防护效果和对被防护系统服务能力的负面影响同时纳入评估框架,为网络安全系统的效能分析研究提供了新的思路。

关键词: 网络安全, 效能分析, 信息度量

Abstract:

In the process of informationization, network security is more important and pivotal. In order to deal with the increasingly serious security risk, a large number of security systems are deployed in the network to protect the application system. How to evaluate the effect of security systems in actual environment has been a problem to be faced. The effectiveness analyses of security system provide necessary quantitative indicators for security scheme design and systems selection. However, the current analyses in a general sense just focus on the protection effect that ignores the security system’s negative effect on the protected system. This paper constructs a comprehensive effectiveness analysis method of security system based on information metrics and loss. The method considers the protection effect and negative effect and provides a new idea for the research on effectiveness analysis on security systems.

Key words: network security, effectiveness analysis, information metrics

中图分类号:

TP309

来疆亮, 侯一凡, 卢旭明. 基于信息度量和损耗的网络安全系统综合效能分析研究[J]. 信息网络安全, 2020, 20(8): 81-88.

LAI Jiangliang, HOU Yifan, LU Xuming. Research on Comprehensive Effectiveness Analysis of Network Security System Based on Information Metrics and Loss[J]. Netinfo Security, 2020, 20(8): 81-88.

图/表 6

表1

图1

图2

图3

图4

图5

参考文献 16

[1]	LIU Peng, CHEN Houwu, MA Lin. Effectiveness and Its Evaluation of Network Security System[J]. Information Security and Communications Privacy, 2015(11):110-113.
	刘鹏, 陈厚武, 马琳. 网络安全系统的效能及其评估方法研究[J]. 信息安全与通信保密, 2015(11):110-113.
[2]	LU Langru, XIE Zunhua, HONG Zeqin. Security Effectiveness Evaluation Model for IT Security System[J]. Chinese Journal of Management, 2005,002(0z1):90-91.
	陆浪如, 谢尊花, 洪泽勤. IT安全系统安全效能评估模型[J]. 管理学报, 2005,002(0z1):90-91.
[3]	LI Xinying, DENG Qizheng, LIU Jingxu. Effectiveness Evaluation Method of Cyberspace Defense Operations of Special Operations Forces[J]. Command Control & Simulation, 2016(2):52-59.
	李新颖, 邓启正, 刘靖旭. 特种作战力量网络空间防御作战效能评估方法[J]. 指挥控制与仿真, 2016(2):52-59.
[4]	JIN Xiao, GE Hui, MA Rui. Construction and Effectiveness Evaluation of New Cyber Defense System[J]. Computer Science, 2018,045(0z2):377-381.
	靳骁, 葛慧, 马锐. 新型网络空间防御体系的构建及效能评估[J]. 计算机科学, 2018,045(0z2):377-381.
[5]	JAWAD A, FAWAD A. Efficiency Analysis and Security Evaluation of Image Encryption Schemes[J]. International Journal of Video & Image Processing and Network Security, 2012(12):18-31.
[6]	DAI Jingjing, HU Huimin, CAI Qing. Effectiveness Evaluation of Security System Based on Entropy Theory[J]. Applied Mechanics and Materials, 2010(40-41):806-811.
[7]	BOS J W, COSTELLO C, LONGA P, et al. Selecting Elliptic Curves for Cryptography: An Efficiency and Security Analysis[J]. Journal of Cryptographic Engineering, 2014(6):1-28.
[8]	WOLPERT D H, MACREADY W G. No Free Lunch Theorems for Optimization[J]. IEEE Transactions on Evolutionary Computation, 1997,1(1):67-82. doi: 10.1109/4235.585893 URL
[9]	ZHANG Jie, TANG Hong, SU Kai, et al. Research on Effectiveness Evaluation Method[M]. Beijing: National Defense Industry Press, 2009.
	张杰, 唐宏, 苏凯, 等. 效能评估方法研究[M]. 北京: 国防工业出版社, 2009.
[10]	BAI Songhao. Conceptual Framework and Measurement of System Effectiveness[J]. Journal of System Simulation, 2010(9):2177-2181.
	白松浩. 系统效能的概念框架及度量[J]. 系统仿真学报, 2010(9):2177-2181.
[11]	GUO Qisheng, ZHANG Lei. Research Summary of Weapons Equipment Systems Effectiveness Evaluation Methods[J]. Computer Simulation, 2013(8):1-4.
	郭齐胜, 张磊. 武器装备系统效能评估方法研究综述[J]. 计算机仿真, 2013(8):1-4.
[12]	WEI Hailong, LI Qing, HUANG Shisheng, et al. Model-driven MOE Method for Weapon Systems[J]. Journal of Tsinghua University(Science and Technology), 2019(11):925-933.
	魏海龙, 李清, 黄诗晟, 等. 模型驱动的武器装备系统效能评估方法[J]. 清华大学学报(自然科学版), 2019(11):925-933.
[13]	WANG Juhua, WU Xiaoping, TIAN Shuxin, et al. Effectiveness Evaluation of Communications Security Equipment based on Improved ADC Model[J]. Fire Controland Command Control, 2010,35(5):36-39.
	王菊花, 吴晓平, 田树新, 等. 基于改进ADC模型的通信安全设备效能评估[J]. 火力与指挥控制, 2010,35(5):36-39.
[14]	LI Dong, SONG Lihong, WANG Lu, et al. Analyzing the Effectiveness of Battlefield Network Attacking[J]. Network Security Technologyand Application, 2007, (3):78-79.
	李冬, 宋里宏, 王璐, 等. 战场网络攻击效能分析[J]. 网络安全技术与应用, 2007,(3):78-79.
[15]	GUO Qisheng, YUAN Yimin, ZHI Zhigang, On Effectiveness of Military Equipment and Its Assessing Methods[J]. Journal of Academyof Armored Force Engineering, 2004,18(1):1-5, 9.
	郭齐胜, 袁益民, 郅志刚. 军事装备效能及其评估方法研究[J]. 装甲兵工程学院学报, 2004,18(1):1-5,9.
[16]	XU Jianfeng, TANG Jun, MA Xuefeng, et al. Research on Metrics and Models for Objective Information[J]. Science in China(Information Sciences), 2015,45(3):336-353.
	许建峰, 汤俊, 马雪峰, 等. 客观信息的模型和度量研究[J]. 中国科学:信息科学, 2015,45(3):336-353.

序号	度量类型	度量公式
1	广阔性度量	$\text{scop}{{\text{e}}_{\mu }}\left( I \right)=\mu \left( o \right)$
2	细致性度量	$\text{granularit}{{\text{y}}_{\mu }}\left( I \right)=\text{ma}{{\text{x}}_{\lambda \in \text{ }\!\!\Lambda\!\!\text{ }}}\left\{ \mu \left( {{o}_{\lambda }} \right) \right\}$
3	持续性度量	$\text{sustainabilit}{{\text{y}}_{\tau }}\left( I \right)=\tau \left( {{T}_{h}} \right)$
4	丰富性度量	$\text{richnes}{{\text{s}}_{\rho }}\left( I \right)=\rho \left( f\left( o,{{T}_{h}} \right) \right)$
5	包容性度量	$\text{volum}{{\text{e}}_{\sigma }}\left( I \right)=\sigma \left( c \right)$
6	延迟性度量	$\text{delay}\left( I \right)=\text{ma}{{\text{x}}_{\lambda \in \text{ }\!\!\Lambda\!\!\text{ }}}\left\{ \text{inf}{{T}_{m\lambda }}-\text{sup}{{T}_{h\lambda }} \right\}$
7	遍及性度量	$\text{coverag}{{\text{e}}_{{{I}_{0}}}}\left( I \right)=\frac{\left\| {{\bigcup }_{\lambda \in \text{ }\!\!\Lambda\!\!\text{ }}}{{c}_{\lambda }} \right\|}{\left\| c \right\|}$
8	真实性度量	$\text{validit}{{\text{y}}_{J}}\left( I \right)=d\left( f,\tilde{f} \right)$
9	适配性度量	$\text{suitabilit}{{\text{y}}_{{{I}_{{{\lambda }_{0}}}}}}\left( I \right)=d\left( I,{{I}_{{{\lambda }_{0}}}} \right)$