基于流量攻击判定的网络安全评估模型.pdfVIP

36 4 ( ) Vol. 36 No.4 2008 4 J. Huazhong Univ. of Sci. T ech. (Natural Science dition) Apr. 2008 王 一 胡汉平 王祖喜 陈江航 ( 华中科技大学 图像识别与人工智能研究所, 湖北武汉430073) : . Hurst ,, . ,, . , , . : ; ; ; : T P393 : A :2008) Measurement model for network security based on traf fic attack determination Wang Yi H u H anp ing Wang Zux i Chen J ianghang (Institute for Pattern Recognition and Artificial Intelligence, Huazhong University of Science and T echnology, Wuhan 430073, China) Abstract: Measurement model for network data transmission security is proposed based on traffic at tack determination. Hurst parameters that could be described by the selfsimilarity of network traffic and fuzzy decisionmaking were used. Compared with the properties of known attacking network traf fics, the category of unknown attacks could be determined. On this basis, we propose an approach of security measurement of the network data transmission. According to the number of times that the routers on the transmission path are attacked, corresponding attack properties and the damageweight value of each attack which suggests the attack!s destructivity, quantitative analysis of the security of network transmission can be accomplished. T he results show that this model not only helps determine the network attack category accurately and efficiently, but also guarantees the security of policymak ing as well as the network data transmission. For the whole of the decisionmaking and management system to provide an effective basis. Key words: security measurement; selfsimilarity; fuzzy decisionmaking; DOS (denial of service) at tack