Research on the Technologies of Security Detection for Information System Based on Comprehensive Decision Analysis
|School||Beijing University of Posts and Telecommunications|
|Course||Signal and Information Processing|
|Keywords||classified protection security detection comprehensivedecision analysis k-core decomposition threat modeling matrix method fuzzy comprehensive evaluation approach Dempster-Shafer theory|
Along with the rapid development of Internet technology, information systems have been the basic units of the stable development of national information. However, there are more and more destructive activities such as viruses, trojans, malware, denial of service attacks and so on. These seriously affect the normal running of information systems. In order to protect the security and stability of information systems, our country proposes the concept of information security classified protection and makes it as a basic strategy of construction of national information. Hence, the construction of information system classified protection has been the focus at present.To evaluate whether the construction of classified protection reaches the standard, it is need to take systematic security detection in order to obtain the compliance result with security requirements. Therefore, we should take method to analyze the detection objects with proper detection items for different systems in order to ensure the original data and following rules of comprehensive decision. On this basis, we can take an efficient decision algorithm to calculate the final detection result. The research on ascertaining method of detection objects and items and comprehensive decision algorithm is needed in detection process. At present, the correlational research in this field is very limited so this paper further explores the problem based on the investigation of classified protection criterions and security requirments. The main research contents and results are shown as follows:(1) Study the hierarchical structure and topology characteristics of system based on k-core decomposition to ascertain the source of original data in comprehensive decision. Study the k-core decomposition method in complex network to analyze the characteristics of system. Apply it to analyze the structure of software system in application layer and router system in network layer. Explain the property of constitutive and hierarchy of the relationship between every nodes of system. Obtain the key nodes which are the focus of security detection in system.(2) Study deeply on threat modeling, analyze the threats which information system may face and establish a detection index system in order to obtain the data collection rules to be followed in comprehensive decision. Analyze the threats of system by threat trees and threat information sheets. Classify the threats of system by STREAD model and calculate the risk value of every threat by DREAD model. Design specific detection items according to the determined threat and establish a hierarchical multi-level security detection index system.(3) Study the comprehensive decision algorithms of security detection based on three models of matrix method, fuzzy comprehensive evaluation approach and Dempster-Shafer theory. Study various kinds of quantitative models in the field of decision analysis clearly and fully and analyze the security requirements of every layer. Introduce three models to make up for the gap of decision method in security detection. Give the principles and operation steps of the three different quantitative models and propose the detection algorithms based on every model. According to the different results, summarize the advantages, disadvantages and application conditions of three methods.(4) Design a novel combination rule of D-S theory and establish a modified algorithm of comprehensive decision based on the rule. In the process of studying Dempster’s rule of combination, find that the original rule isn’t very effective in handling the evidence with high degree of conflict. There have been several improvement methods but their effects aren’t very ideal. Therefore, this paper proposes the concept of average of conflict’s volatility between evidence. Design a novel combination rule of D-S theory based on it and establish a modified algorithm of comprehensive decision. This algorithm can solve the problem of the high degree conflict between evidence and reduce the affection of uncertainty factors more effectively than others so that it can obtain a better compliance decision result.(5) Design and implement a platform of information system classified protection compliance security detection and detection toolset which are helpful for the integral implementation of security detection. The platform takes every security detection task as the core object and manages its flow by the detection object analysis engine, detection scheme generation engine, detection tool selection engine and comprehensive decision analysis engine. The toolset includes many kinds of detection tools for different security functions. The platform combines the original data on the basis of modified algorithm of comprehensive decision and it can receive the final security detection compliance result of target system. This platform is already carried out on test run in the actual work of security detection and it has achieved good results.