情境察覺(Situation Awareness, SA)簡單來說就是知道現在發生什麼事並能知道如何回應,其由最初之飛航安全領域被引申用於其他動態、複雜且需要人力介入之領域中,如資訊安全領域,所以近年來網路安全情境察覺(Network Security Situation Awareness)之研究議題也逐漸受到重視。然而目前提出的網路安全情境察覺模型,仍無法提供足夠量化的安全情境或風險評估數據來幫助管理者依據當下網路狀態即時做出對的決策。因此在本論文中我們提出了階層式網路安全情境察覺系統(HNSSAS),目的則是為了協助網管人員迅速找出網路中最弱環節,並給予合適的對策。我們首先使用D-S證據理論(D-S Evidence Theory)融合各異質網路感應器所回報警訊(Alert)之信賴值(Belief),接著結合服務(Service)、主機(Host)本身的重要性參數,以及網路拓樸(Network Topology),由下而上、先局部後整體去評估每個階層的安全情境。本論文最後以模擬案例的方式進行系統推演,實驗結果除了提供宏觀的系統安全情況,還提供了三種不同層次直觀的安全情境評估數值,有助於管理者適切地調整系統安全策略,而提高網路整體安全性能。 Situation Awareness is simply “knowing what is going on so you can figure out what to do”. The term was first used by U.S. Air Force (USAF) fighter aircrew and was considered to be essential for those who are responsible for being in control of complex, dynamic systems and high-risk situations. In recent years, Network Security Situation Awareness is a hot research in the domain of information security. However, present-day cyberspace situation awareness model is unable to provide useful security situation or risk estimation for administrators, or to help administrators to make right and timely decisions based on current state of the network security. A Hierarchical Network Security Situation Awareness System in this paper helps administrator to find out the Achilles' heel fast and deal with by suitable way. First using D-S Evidence Theory to fuse alert believes from multi-sensors. According to the network topology and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The simulation results show that this model can provide the intuitive security threat status in three hierarchies, so that system administrators are freed from tedious analysis tasks to have overall security status of the entire system. It is possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security.
