Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.13682/j.issn.2095-6533.2015.05.003

2015-01-01

Abstract:By analyzing the process of security protocols,the definition of driving module (DM) is introduced,and then regular and penetrator DMs are formed according to the Strand Space Model (SSM).Based on this,a DM-based model checking method is proposed.Theoretical analysis indicates that this method is prefect in terms of searching breadth and depth,and can avoid the state space explosion problem.Therefore,this method can be used not only to get the attack scenarios of a flawed security protocol,but also to prove that an unflawed security protocol is secure.Moreover,the Otway-Rees protocol and the TLS protocol are analyzed based on this method.As a result,various attack scenarios of the Otway-Rees protocol are discovered and two secure improved Otway-Rees protocols are put forward,and therefore the TLS protocol is proved to be secure.

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

Gao Jian,Yu Huadong,Wang Hongmian,Bai Huifeng,Huo Chao,Zhang Ganghong

DOI: https://doi.org/10.1051/itmconf/20224703015

2022-01-01

ITM Web of Conferences

Abstract:Along with the computer, communication, control, the rapid development of automation technology, based on the analysis of the information security requirements, combined with the trusted computing provide security solution, the communication control information security interaction model and the key technology to realize information security interaction, put forward a real-time evaluation model based on credible global terminal entities. By introducing penalty factor and time factor, the evaluation method is improved from single evaluation to global evaluation. Taking the user information collection system as an example, the information security communication model of behavior trust measurement mechanism is simulated. The simulation results show that this model has the ability of continuous trust measurement in dynamic uncertain network environment, and can accurately determine the trust of terminal entities in real time, and it is more realistic, which lays a good foundation for the research of trust connection, trust management and trust decision based on trust measurement.

Yong-jie WANG,Ming XIAN,Guo-yu WANG,Shun-ping XIAO

DOI: https://doi.org/10.16208/j.issn1000-7024.2005.11.002

2005-01-01

Abstract:Effectiveness evaluation study of computer network attack is an important and urgent task in the field of computer network at-tack and defensecountermine.Status quo,main problem and newestdirection of weapon system effectivenessevaluation were introduced.A method based on mechanism,rule and index were studied to set up index system of computer network attack effectiveness evaluation.Specialties of computernetwork attack effectiveness evaluation were analyzed.Network entropy evaluation model,index analyses evalu-ation model and fuzzy estimating evaluation model were brought forward.

Zhen Cao,Zhi Guan,Zhong Chen,Jian-Bin Hu,Li-Yong Tang

DOI: https://doi.org/10.1007/s11390-010-9330-4

2010-01-01

Abstract:Denial-of-Service (DoS) attacks are virulent to both computer and networked systems. Modeling and evaluating DoS attacks are very important issues to networked systems; they provide both mathematical foundations and theoretic guidelines to security system design. As defense against DoS has been built more and more into security protocols, this paper studies how to evaluate the risk of DoS in security protocols. First, we build a formal framework to model protocol operations and attacker capabilities. Then we propose an economic model for the risk evaluation. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the “Value-at-Risk” (VaR) for the security protocols. The “Value-at-Risk” represents how much computing resources are expected to lose with a given level of confidence. The proposed model can help users to have a better understanding of the protocols they are using, and in the meantime help designers to examine their designs and get clues of improvement. Finally we apply the proposed model to analyze a key agreement protocol used in sensor networks and identify a DoS flaw there, and we also validate the applicability and effectiveness of our risk evaluation model by applying it to analyze and compare two public key authentication protocols.

Cuixia Gao,Zhitang Li,Lin Chen

DOI: https://doi.org/10.1109/EBISS.2009.5138070

2009-01-01

Abstract:Malicious behavior will lead to abnormal network traffic patterns. This paper presents a network traffic based method to evaluate the security situation of hosts. A group of variables that can reflect the network traffic feature in a fixed time window are selected as the evaluation metrics. Based on the large samples, we report on a preliminary proof-of-concept approach, that's logistic regression Analysis, to evaluate the probability of host that run into insecure status. The evaluation results are regarded as the normalized abnormality value to evaluate the network traffic of hosts. Experiments and testing show that this method can reasonably evaluate the host network abnormal traffic.

Tingting Yao,Qinghua Zheng,Xiaohong Guan,Xiuzhen Chen

DOI: https://doi.org/10.3321/j.issn:0253-987X.2006.04.011

2006-01-01

Abstract:After analyzing malicious attacks against network that affect the service availability and would lead to the abnormal change of the network traffic, a method to evaluate the security situation of real-time traffic of hosts is presented. A group of statistic that can reflect the network traffic features in a fixed time window are selected as the evaluation metrics. Based on the large samples, the information entropy gain method is applied to determine the importance of evaluation results for different metrics. Then, using hierarchical weighted method, the evaluation results are regarded as the normalized abnormality value to evaluate the real time traffic of host networks. Experiments and testing show that this method can reasonably evaluate the host network abnormal flows caused by the DDoS, DoS worm and other attacks, and has good evaluation results for new attacks that cause abnormal change of network traffic.

Yudong Zhao,Ke Xu,Rashid Mijumbi,Meng Shen

DOI: https://doi.org/10.1007/978-3-319-22047-5_15

2015-01-01

Abstract:In recent years, the world has been shocked by the increasing number of network attacks that take advantage of router vulnerabilities to perform data interceptions. Such attacks are generally based on low cost, unidirectional, concealed mechanisms, and are very difficult to recognize let alone restrain. This is especially so, because the most affected parties - the users and Internet Service Providers (ISPs) - have very little control, if any, on router vulnerabilities. In this paper, we design, implement and evaluate a policy-based security system aimed at stopping such attacks from both the routing and switching network functions, by detecting any violations in the set policies. We prove the system's security completeness to data interception attacks. Based on simulations, we show that 100% of normal packets can pass through the policy-based system, and about 99.92% of intercepting ones would be caught. In addition, the performance of the proposed system is acceptable with regard to current TCP/IP networks.

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan,Chenguang Lin

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.04.019

2004-01-01

Abstract:Aiming at the deficiency that is unable to provide useful security situation information encountered in the cur2 rent security evaluation systems , a hierarchical and quantitative model , which is used to evaluate security situation of net2 worked systems , and its corresponding computation method are proposed based on the importance of service , host , and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global , calculates the risk indexes of service , host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity , and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels : service , host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.

MA Jun,LIU Fang,DAI Kui,WANG Zhi-ying

DOI: https://doi.org/10.3969/j.issn.1007-130x.2008.01.005

2008-01-01

Abstract:Scientific methods of security evaluation play a basic role in the security evaluation of information systems.This paper proposes an operational security evaluation method.A sensitivity analysis is made to confirm its reliability and stability.The security evaluation assistance system based on the proposed method is implemented.This paper gives the key technologies of this method,and some positive experimental results.

Yulu Qi,Rong Jiang,Yan Jia,Aiping Li

DOI: https://doi.org/10.1109/dsc.2018.00152

2018-01-01

Abstract:With the development of Internet, the network security situation becomes more and more serious. Network security is a hot topic between the scholars all around the world. And it is facing more and more serious threats and challenges. Composite attack is the most popular form of attack, which usually cause serious damage to the target network. Understanding the detection technology and evaluation technology of composite attack is significant to maintenance network security. The detection technology of composite attack can detect suspicious information according to abnormal behavior or abnormal traffic before the attack occurs. The evaluation technique of composite attack can do the work by calculating the consequences of composite attack. At present, the detecting technology includes traditional security detection technology, APT detection technology and some detection frameworks, the evaluation technique includes evaluation models, evaluation algorithms and related indicators and indicator systems. This paper introduces the research status of related research and technologies in the view of detection and effect evaluation.

Zhang Hengwei,Yang Haopu,Wang Jindong,Li Tao

DOI: https://doi.org/10.14257/ijsia.2017.11.1.17

2017-01-01

International Journal of Security and Its Applications

Abstract:In order to correctly analyze the multi-step attack and comprehensively assess the network security situation, a multistep attack-oriented assessing method of network security situation is proposed. The security events are clustered into different attack scenarios for identifying attackers. Based on the causal correlation between every attack scenario, the attack traces and attack phase can be distinguished. Finally, the quantitative criterion is established to realize the assessment of network security situation. Two network attack and defense experiments are used to verify the correctness and effectiveness, and the result shows the proposed method can truly depict the actual attack.

MA Tao,SHAN Hong

DOI: https://doi.org/10.3724/sp.j.1087.2008.00412

2008-01-01

Abstract:The rapid development of the Wireless Network makes the quantitative evaluation of its security become more and more important.From unauthorized access' angle,this paper set up the 802.11b WLAN experiment environment and security evaluation model,and thoroughly analyzed the WLAN security quantitative evaluation.In this paper,WLAN security quantitative evaluation was divided into two parts:network intrusion extent evaluation after unauthorized access and based on its security evaluation of all computers in the network.This paper gave methods and process of quantitative evaluation,and introduced the flow of system implementation.Finally,the example of security quantitative evaluation was analyzed to validate the given method.

蔡忠闽,孙国基,卫军胡,管晓宏

DOI: https://doi.org/10.3969/j.issn.1004-731x.2002.03.030

2002-01-01

Abstract:Intrusion Detection System (IDS) plays a key role in defense-in-depth computer security architecture and is an important complement to the peripheral defense elements such as firewalls and authentication mechanisms. But due to the complexity in both its design and interactions with the deploying environment, an objective testing of IDS is very difficult. In this paper, we first propose a set of performance indexes for IDS evaluation. Then we present the architecture of a simulation environment to test intrusion detection systems automatically. Next, under the framework of this architecture, we discuss three key issues in the realization of such a testing environment: network traffic simulation, computer usage simulation and computer attack simulation. At the end, we give some testing results of an IDS developed by ourselves in a basic testing environment we built.

Qiang YAN,Hua-ying SHU,Zhong CHEN,Yun-suo DUAN

DOI: https://doi.org/10.3969/j.issn.1007-5321.2005.04.017

2005-01-01

Abstract:Security evaluation is an important approach for the security risk management of the information system. But there are lack of effective methods and tools for security evaluation. To resolve the problem, an object model of security evaluation is established based on the object oriented technology. The concepts of correlation test and dependency test are introduced and a set of tools is also developed according to the model. The practical application indicates that the object oriented technology can improve the efficiency of security evaluation, and the correlation test and dependency test also improve the penetration testing effects.

jin songchang,jin songhe,zhao hui,yang shuqiang

2012-01-01

Abstract:Large scale network attacks, for instance worm, DDoS, Trojan will have serious impacts on network service and network infrastructure. Large scale complex network requires amount of money to support a large number of servers, switches, routers and other physical devices, and the network topology is not easy to change to support flexible network structure, so researches on test and evaluation of large scale network attack are less. Emulab provides researchers worldwide with a network testbed that is ideally suited for network attacks and defense and operating systems research. This paper designs and implements a system to present metrics and indices of effectiveness evaluation of large scale network attacks based on Emulab.

夏阳,陆余良,蒋凡

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.02.028

2003-01-01

Computer Science

Abstract:The rapid development of the Network makes the comprehensive analysis as well as the quantitative evaluation of its security become more and mere important. This paper illustrates the major realization process of a Network Security Quantitative Evaluation System,which,from an intruder's angle ,established a Hierarchy Intrusion Relationship Graph by analyzing the credit degree fusion and relevancy of the secure information of the target network and by combining with powerful database information. At last, by applying some relative mathematics model and arithmetic, the paper analyzes and evaluates the security of this Network Hierarchy Intrusion Relationship Graph comprehensively and quantitatively.

Jing-ju Liu,Yong-jie Wang

DOI: https://doi.org/10.1109/imccc.2013.80

2013-01-01

Abstract:It is very important to study computer network intrusion effect evaluation on studying security of computer network information system and harmfulness of computer network intrusion behavior. This is a concise overview paper about main research results and development foreground of computer network intrusion effect evaluation. In this paper we focus on the research results of the follow aspects: formal analysis of computer network intrusion behavior, taxonomy and analysis of security vulnerability and intrusion behavior, modeling and simulation of computer network intrusion behavior, evaluation model and method of computer network intrusion effect. In this paper we have given a full analysis of the main research work on computer network intrusion effect evaluation. At the end of this paper we summarize computer network intrusion effect evaluation and open up prospects for this area.

Ting Wang,Min Lei,Jingjie Chen,Shiqi Deng,Yu Yang

DOI: https://doi.org/10.1007/978-3-319-68542-7_71

2017-01-01

Abstract:Current intelligent devices in Home Internet, such as routers and cameras, have suffered malicious attacks from hackers. Therefore, security for Home Internet appears particularly significant. In order to have a quantitative evaluation of security defense ability of Home Internet system, this paper proposes an improved vulnerability scoring method on Home Internet based on Information Security Technology Security Vulnerability Classification Guide. Compared to original scoring method which is mainly based on Internet, this improved scoring performs differently. It's aimed to have a quantitative evaluation on security defense effectiveness of Home Internet system: higher vulnerability score indicates higher threaten degree and relatively weak defense ability. In this paper, the Home Internet system takes dynamically-enabled defense technology (randomly changes system status) to make defense. Through calculating vulnerability scores before and after random changes of system status, this paper succeeds in making a quantitative evaluation on security defense ability of Home Internet system.

Yi-xian LIU,De-jun MU

DOI: https://doi.org/10.3969/j.issn.1673-629X.2018.04.029

2018-01-01

Abstract:With the development of network technology,security events continually emerge,so how to achieve the overall security protec-tion is an important issue.As an effective protection method to information system,the security assessment can provide the comprehensive support of security technology for information system compared with traditional security protection methods.By analyzing the impacts on the system's asset vulnerability to its confidentiality,integrity and availability,the scores are assigned by CVSS (common vulnerability scoring system),and then the assessment of network information system is achieved with the weight of the attributes.A simple network information system is constructed in the experiment and the scanner is used in the system equipment to find the vulnerability information of assets.The basic score data is obtained from the NVD for the calculation of risk assets value which is transformed for qualitative assess-ment.The experiment verifies the feasibility and the effectiveness of the proposed method.