Key Technologies For Quantitative Evaluation Of Network Security Defense System Effectiveness

With the rapid development of information technology,the responsibility of the Internet in society has become more and more important,and the situation facing cyberspace security has become more and more severe.Emerging security threats are constantly emerging,and the situation of offensive and defensive confrontation is becoming more and more intense.In order to enhance the security of information systems,governments and organizations in various countries promote enterprises to build security defense systems,and propose a series of information system security assessment standards.However,the current evaluation methods mainly focus on the vulnerability of information systems,ignoring the role of the security defense system in threat confrontation,and cannot meet the growing demand for quantitative evaluation of the effectiveness of network security defense systems.Aiming at the problems caused by the complex functions of basic components in the information system,the changeable network topology,and the various forms of security functions,this paper establishes an information system network model based on the characteristics of the network security defense system.Access control security functions and other technical principles,establish a threat defense model,use a threat defense matrix to represent the threat defense results,and design quantitative evaluation indicators for defense effectiveness.Aiming at the problem that the defense capability of the security equipment in the actual deployment is lower than the model expected,and the testing and verification resources are limited,this paper proposes a continuous testing-oriented performance evaluation scheme by studying the similarity of the security characteristics of the test cases,which can be achieved within an acceptable error range.Phased defense effectiveness evaluation.The main work description is as follows:(1)This paper proposes a defense effectiveness evaluation scheme based on model derivation,including a formal description of information system data flow and network model;then a security defense model is designed,which formally describes the process of security function defense against threats,and through threat defense The matrix associates the security elements with the network model,and realizes the deduction and observation of the defense process of the security equipment nodes against the attack data flow in the model space.The ability of the defense system of the type of equipment to conduct multidimensional effectiveness evaluation.(2)This paper proposes a defense system effectiveness evaluation scheme for continuous testing.First,the test cases and their defect detection rate indicators are defined;The use case clustering algorithm and the similarity-based test result prediction algorithm complement the threat defense matrix based on historical test information combined with the prediction results,and realize phased defense effectiveness evaluation.In addition,a test case adaptive test case sorting algorithm is proposed,which can improve the test case defect detection rate index and find more weak links in the defense system under the condition of limited test resources.(3)This paper designs and implements a quantitative evaluation system for defense effectiveness.First,it uses XML language to design a parameter input module according to the definition of the network model;There are four levels of data persistence interface,which improves the scalability of the system through modularization.Finally,the related functions of the system are verified through experiments in multiple scenarios for a simulation system instance.