虚拟网络测评环境构建方法研究
文献类型:学位论文
| 作者 | 王佳宾 |
| 学位类别 | 硕士 |
| 答辩日期 | 2012-05-25 |
| 授予单位 | 中国科学院研究生院 |
| 授予地点 | 北京 |
| 导师 | 连一峰 |
| 关键词 | 分组自适应 节点部署 激活扩散 节点模拟 虚拟网络测评环境 |
| 学位专业 | 信息安全 |
| 中文摘要 | 随着计算机应用和网络的普及,网络安全事件不断发生。作为计算机安全相关工作的重要环节,网络安全测评工作也为越来越多的安全工作者所重视。当测评目标为重要的系统和网络时,为保证其安全性和可用性,我们需要构建一个独立的测评环境对测评目标进行测试评估。虚拟网络测评环境是一种以虚拟化技术和模拟仿真技术为基础的网络测评环境,该环境提高了硬件利用率,同时也增强了测试过程的可控性,是当前测评环境研究的趋势,也是本文研究的重点。 |
| 英文摘要 | With the popularity of computer and network, network security incidents continue to occur. As an important part of computer security field, network security assessment is more and more well-known. When evaluated system and network is important, we need to construct an undependent network environment for testing and evaluation to maintain its security and availability. Virtual network evaluation environment is a network evaluation environment based on virtualization and simulation, which not only improves hardware utilization, but also enhances the controllability of assessment process. As a result, virtual network evaluation environment is the trend of current evaluation studies and the focus of this paper. Existing virtual based network evaluation environment construction methods include direct deployment methods and completely cloned methods, which have the drawbacks of low efficiency and lack of type. Besides, there is also a problem of low hardware utilization. The disadvantage of simulation based network evaluation environment is the deviation between the simulated state and the true state. This paper presents a virtual network evaluation environment construction method using grouping adaptive based network node deployment method to deploy physical nodes and using spreading activation based simulation method to calculate the state of simulation nodes, including the following: 1)This paper proposes an grouping adaptive based network node deployment method. Analyzing the strengths and weaknesses of existing network node deployment methods , this method deploys the common software and uncommon software in different ways and the grouping uses priority grouping algorithm and non-priority grouping algorithm based on time entropy. 2) This paper proposes a node simulation method based on spreading activation. This method uses spreading activation model to calculate topological similarity between nodes and uses software vector to calculate system similarity between nodes. Based on topological similarity and system similarity, node similarity is calculated and finally the analog state of the node is calculated according to the state value of physical nodes and the similarity between simulated nodes and physical nodes. 3) In the detailed design, this paper develops a virtual network evaluation prototype system, using B/S structure and the virtualization environment xen which has been modified. In the experiment, grouping adaptive based network node deployment method is compared with direct deployment method, complete cloning development method and other network node deployment methods proposed in this paper. Besides, the state value simulated by the spreading activation model based method is compared with the actual value. The results indicates the reasonable and effective of the method proposed by this paper. |
| 学科主题 | 数据安全与计算机安全 |
| 语种 | 中文 |
| 公开日期 | 2012-05-30 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/14410]  |
| 专题 | 软件研究所_信息安全国家重点实验室_学位论文 |
| 推荐引用方式 GB/T 7714 | 王佳宾. 虚拟网络测评环境构建方法研究[D]. 北京. 中国科学院研究生院. 2012. |
入库方式: OAI收割
来源:软件研究所
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。