网络系统安全度量综述

吴晨思; 谢卫强; 姬逸潇; 杨粟; 贾紫艺; 赵松; 张玉清

doi:10.11959/j.issn.1000-436x.2019148

您当前的位置：

首页 >

文章列表页 >

网络系统安全度量综述

专题：网络攻防与安全度量 | 更新时间：2024-06-05

- 网络系统安全度量综述
- Survey on network system security metrics
- 通信学报 2019年40卷第6期页码：14-31
- 作者机构：
  
  1. 中国科学院大学国家计算机网络入侵防范中心，北京 101408
  2. 西安电子科技大学网络与信息安全学院，陕西西安 710071
- 作者简介：
  
  [ "吴晨思（1990- ），男，黑龙江大庆人，中国科学院大学博士生，主要研究方向为网络攻防与安全度量。" ]
  [ "谢卫强（1992- ），男，河南周口人，西安电子科技大学硕士生，主要研究方向为网络攻防与安全度量。" ]
  [ "姬逸潇（1994- ），男，河北衡水人，西安电子科技大学硕士生，主要研究方向为信息安全。" ]
  [ "杨粟（1993- ），男，山东临沂人，中国科学院大学博士生，主要研究方向为信息安全与深度学习。" ]
  [ "贾紫艺（1994- ），男，河北石家庄人，中国科学院大学硕士生，主要研究方向为网络攻防。" ]
  [ "赵松（1994- ），男，陕西西安人，西安电子科技大学硕士生，主要研究方向为信息安全与网络攻防。" ]
  [ "张玉清（1966- ），男，陕西宝鸡人，博士，中国科学院大学教授、博士生导师，主要研究方向为网络与信息系统安全。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2016YFB0800700);国家自然科学基金资助项目(U1836210);国家自然科学基金资助项目(61572460);信息安全国家重点实验室的开放课题基金资助项目(2017-ZD-01);国家发展改革委员会信息安全专项基金资助项目((2012)1424)
- DOI：10.11959/j.issn.1000-436x.2019148
  中图分类号： TP393
- 网络出版日期：2019-06，
  
  纸质出版日期：2019-06-25
- 稿件说明：
移动端阅览
吴晨思, 谢卫强, 姬逸潇, 等. 网络系统安全度量综述[J]. 通信学报, 2019,40(6):14-31.

Chensi WU, Weiqiang XIE, Yixiao JI, et al. Survey on network system security metrics[J]. Journal on communications, 2019, 40(6): 14-31.
吴晨思, 谢卫强, 姬逸潇, 等. 网络系统安全度量综述[J]. 通信学报, 2019,40(6):14-31. DOI： 10.11959/j.issn.1000-436x.2019148.

Chensi WU, Weiqiang XIE, Yixiao JI, et al. Survey on network system security metrics[J]. Journal on communications, 2019, 40(6): 14-31. DOI： 10.11959/j.issn.1000-436x.2019148.

摘要

随着人们对网络系统全面和客观认识的不断提高，网络系统安全度量（NSSM）正在得到更多的研究和应用。目前，网络系统安全量化评价正朝着精确化和客观化发展。NSSM可以为攻防对抗以及应急响应决策提供客观和科学的依据，其中网络系统安全全局度量是安全度量领域的重点。从全局度量的角度，分析总结了全局度量在网络系统安全中的地位和作用，归纳总结了度量的3个发展阶段（感知、认识、深化）及其特点，给出了全局度量的工作过程，梳理了度量模型、度量体系、度量工具等方法，并指出了各自的特点及其在安全度量中的作用和相互关系。同时详尽地分析了网络系统全局度量面临的技术挑战，并以表格方式总结了十大机遇与挑战。最后展望了网络系统安全度量研究的下一步方向与发展趋势。分析表明，NSSM在网络安全中具有良好的应用前景。

Abstract

With the improvement for comprehensive and objective understanding of the network system

the research and application of network system security metrics (NSSM) are noticed more.The quantitative evaluation of network system security is developing towards precision and objectification.NSSM can provide the objective and scientific basis for the confrontation of attack-defense and decision of emergency response.The global metrics of network system security is a crucial point in the field of security metrics.From the perspective of global metrics

the status and role of global metrics in security evaluation were pointed out.Three development stages of metrics (perceiving

cognizing and deepening) and their characteristics were analyzed and summarized.The process of global metrics was described.The metrics models

metrics systems and metrics tools were analyzed

and their functions

interrelations

and features in security metrics were pointed out.Then the technical challenges of global metrics of network systems were explained in detail

and ten opportunities and challenges were summarized in tabular form.Finally

the next direction and development trend of network system security metrics research were forecasted.The survey shows that NSSM has a good application prospect in network security.

关键词

Keywords

references

KRAUTSEVICH L , MARTINELLI F , YAUTSIUKHIN A . Formal analysis of security metrics and risk [C ] // IFIP WG 112 International Conference on Information Security Theory ＆ Practice:Security ＆Privacy of Mobile Devices in Wireless Communication . Springer-Verlag , 2011 : 304 - 319 .

冯登国 , 张阳 , 张玉清 . 信息安全风险评估综述 [J ] . 通信学报 , 2004 , 25 ( 7 ): 10 - 18 .

FENG D G , ZHANG Y , ZHANG Y Q . Survey of information security risk assessment [J ] . Journal of Communications , 2004 , 25 ( 7 ): 10 - 18 .

赵文 . 基于“风险熵”的信息系统风险评估数量化模型研究 [D ] . 西安:陕西师范大学 , 2012 .

ZHAO W . Research on quantitative model of risk assessment of in-formation system based on risk entropy [D ] . Xi’an:Shanxi Normal University , 2012 .

MARTIN R A , . Making security measurable and manageable [C ] // Military Communications Conference . IEEE , 2009 : 1 - 9 .

BREIER J , HUDEC L . Towards a security evaluation model based on security metrics [C ] // International Conference on Computer Systems＆ Technologies . ACM , 2012 : 87 - 94 .

CHEW E , SWANSON M M , STINE K M . Performance measurement guide for information security [R ] . 2008 .

STANDARD I . IEEE standard glossary of software engineering terminology [S ] . IEEE Std 610.12-1990 , 2002 : 1 - 84 .

HAYDEN L . IT security metrics:a practical framework for measuring security ＆ protecting data [M ] . McGraw-Hill Education Group , 2010 .

HENNING R . Information system security attribute quantification or ordering (commonly but improp—erly known as “security metrics”) [R ] . 2002 .

吕欣 . 信息系统安全度量理论和方法研究 [J ] . 计算机科学 , 2008 , 35 ( 11 ): 42 - 44 .

LYU X . Information system security metrics:theoretics and methodology [J ] . Computer Science , 2008 , 35 ( 11 ): 42 - 44 .

JAQUITH A . Security metrics [M ] . Addison Wesley , 2007 .

CHEW E . Performance measurement guide for information security (DRAFT) [J ] . National Institute for Standards ＆ Technology , 2008 :265.

JHA S , SHEYNER O , WING J . Two formal analyses of attack graphs [C ] // 15th IEEE Computer Security Foundation Workshop . 2002 : 49 - 63 .

VILLARRUBIA C , FERNANDEZ-MEDINA E , PIATTINI M . Towards a classification of security metrics [C ] // The International Workshop on Security in Information Systems . 2004 : 342 - 350 .

CHEW E , SWANSON M , STINE K M . Performance measurement guide for information security [R ] .2008-07-16. 2008

ZHANG B , CHEN Z , WANG S , et al . Network security situation assessment based on HMM [M ] // Advanced Intelligent Computing Theories and Applications with Aspects of Artificial Intelligence . Berlin Heidelberg:Springer , 2011 : 509 - 516 .

LI L , . Security evaluation methods of computer networks based on BP neural network [C ] // Advances in Intelligent Systems and Computing . Berlin Heidelberg:Springer , 2013 :181.

PENDLETON M , GARCIA R , CHO J , et al . A survey on systems security metrics [J ] . ACM Computing Surveys , 2016 , 49 ( 4 ):62.

HU C . Calculation of the behavior utility of a network system:conception and principle [J ] . Engineering , 2018 , 4 ( 1 ): 78 - 84 .

IM S Y , SHIN S H , RYU K Y , et al . Performance evaluation of network scanning tools with operation of firewall [C ] // Eighth International Conference on Ubiquitous ＆ Future Networks . IEEE , 2016 : 876 - 881 .

FREISS M . Protecting (telecommunication) networks with SATAN (security analysis tool for analyzing networks) [J ] . EDPACS , 1999 , 27 ( 1 ): 16 - 17 .

BEALE J , DERAISON R , MEER H . Nessus network auditing [M ] . Syngress , 2004 .

BREIER J , HUDEC L . Towards a security evaluation model based on security metrics [C ] // International Conference on Computer Systems＆ Technologies . ACM , 2012 : 87 - 94 .

Information technology -security techniques -information security management measurements [S ] . ISO/IEC 27004 , 2009 .

PFLEEGER S , CUNNINGHAM R . Why measuring security is hard [J ] . IEEE Security ＆ Privacy , 2010 , 8 ( 4 ): 46 - 54 .

STOLFO S , BELLOVIN S M , EVANS D . Measuring security [J ] . IEEE Security and Privacy Magazine , 2011 , 9 ( 3 ): 60 - 65 .

MENG M , . The research and application of the risk evaluation and management of information security based on AHP method and PDCA method [C ] // International Conference on Information Management . IEEE , 2014 : 379 - 383 .

FU J , HUANG L , YAO Y . Application of BP neural network in wireless network security evaluation [C ] // International Conference on Wireless Communications . IEEE , 2010 : 592 - 596 .

JING X Y , YAN Z , WITOLD P . Security data collection and data analytics in the Internet:asurvey [J ] . IEEE Communications Surveys ＆Tutorials , 2019 , 21 ( 1 ): 568 - 618 .

BASILI V R , CALDIERA G , ROMBACH R H . The goal question metric approach [J ] . Encyclopedia of Software Engineering , 1994 ( 1 ): 578 - 583 .

YAHYA F , WALTERS R J , WILLS G B . Using goal-question-metric(GQM) approach to assess security in cloud storage [M ] . Enterprise Security . 2017 .

张漪墁 , 赵小林 . 网络安全度量与评估的分析与研究 [J ] . 中国科技论文在线 , 2018 , 11 ( 4 ): 328 - 338 .

ZHANG Y M , ZHAO X L . Analysis and research on network security measurement and evaluation [J ] . Highlights of Sciencepaper Online , 2018 , 11 ( 4 ): 328 - 338 .

YUSUF S E , HONG J B , GE M , et al . Composite metrics for network security analysis [J ] . Journal of Software Networking.2018 , 2017 ( 1 ): 137 - 160 .

WAGNER I , ECKHOFF D . Technical privacy metrics:a systematic survey [J ] . Computer Science , 2015 , 51 ( 3 ).

ZHANG Q , LIU C X , LU G Q . Active defense technology and its developing trend [J ] . Computer Modelling ＆New Technologies , 2014 , 18 ( 12B ): 383 - 390 .

MAZIKU H , SHETTY S , JIN D , et al . Diversity modeling to evaluate security of multiple SDN controllers [C ] // 2018 International Conference on Computing,Networking and Communications (ICNC) . IEEE Computer Society , 2018 : 344 - 348 .

RAMOS A , LAZAR M , FILHO R H , et al . Model based quantitative network security metrics:asurvey [J ] . IEEE Communications Surveys＆ Tutorials , 2017 , 19 ( 4 ): 2704 - 2734 .

KAVOUSI F , AKBARI B . Automatic learning of attack behavior patterns using Bayesian networks [C ] // 2012 Sixth International Symposium on Telecommunications (IST) . IEEE , 2012 : 999 - 1004 .

YI Z , KAI Z , LAI B . Alert correlation graph:a novel method for quantitative vulnerability assessment [J ] . Journal of National University of Defense Technology , 2012 , 34 ( 3 ): 109 - 112 .

葛海慧 , 肖达 , 陈天平 , 等 . 基于动态关联分析的网络安全风险评估方法 [J ] . 电子与信息学报 , 2013 , 35 ( 11 ): 2630 - 2636 .

GE H H , XIAO D , CHEN T P , et al . Quantitative evaluation approach for real-time riskbased on attack event correlating [J ] . Journal of Elec-tronics ＆ Information Technology , 2013 , 35 ( 11 ): 2630 - 2636 .

陈秀真 , 郑庆华 , 管晓宏 , 等 . 层次化网络安全威胁态势量化评估方法 [J ] . 软件学报 , 2006 , 17 ( 4 ): 885 - 897 .

CHEN X Z , ZHENG Q H , GUAN X H , et al . Quantitative hierarchical threat evaluation model for network security [J ] . Journal of Software , 2006 , 17 ( 4 ): 885 - 897 .

FENG X , WANG D , MA G , et al . Security situation assessment based on the DS theory [C ] // International Workshop on Education Technology ＆ Computer Science . IEEE Computer Society , 2010 : 352 - 356 .

QU Z Y , LI Y , LI P . A network security situation evaluation method based on DS evidence theory [C ] // Environmental Science and Information Application Technology (ESIAT) . 2010 : 496 - 499 .

HU H , LIU Y , ZHANG H . Security metric methods for network multistep attacks using AMC and big data correlation analysis [J ] . Security and Communication Networks , 2018 , 2018 : 1 - 14 .

GLADSTONE P J S , KIRBY A J , TRUELOVE J M , et al . >Security risk management:U.S.Patent 9438615 [P ] .2016-09-06.

ÅRNES A , VALEUR F , VIGNA G . Using hidden Markov models to evaluate the risks of intrusions [J ] . Lecture Notes in Computer Science , 2006 , 4219 : 145 - 164 .

RNES A , VALEUR F , VIGNA G , et al . Using hidden Markov models to evaluate the risks of intrusions [M ] // Recent Advances in Intrusion Detection . Berlin Heidelberg:Springer , 2006 : 145 - 164 .

ALMASIZADEH J , AZGOMI M A . A stochastic model of attack process for the evaluation of security metrics [J ] . Computer Networks , 2013 , 57 ( 10 ): 2159 - 2180 .

DA G , XU M , XU S . New approach to modeling and analyzing security of networked systems [C ] // The Symposium and Bootcamp on the Science of Security . ACM , 2014 : 1 - 12 .

CIARLET P G . An introduction to differential geometry with applications to elasticity [J ] . Journal of Elasticity , 2005 , 78-79 ( 1-3 ): 1 - 215 .

刘刚 , 李千目 , 张宏 . 信度向量正交投影分解的网络安全风险评估方法 [J ] . 电子与信息学报 , 2012 , 34 ( 8 ): 1934 - 1938 .

LIU G , LI Q M , ZHANG H . Reliability vector orthogonal projection decomposition method of network security risk assessment [J ] . Journal of Electronics ＆ Information Technology , 2012 , 34 ( 8 ): 1934 - 1938 .

JÖRG D , GABRIEL J . What is a Petri net? [C ] // Unifying Petri Nets,Advances in Petri Nets . Springer-Verlag , 2001 : 1 - 25 .

HENRY M H , LAYER R M , ZARET D R . Coupled Petri nets for computer network risk analysis [J ] . International Journal of Critical Infrastructure Protection , 2010 , 3 ( 2 ): 67 - 75 .

YAN Q . A security evaluation approach for information systems in telecommunication enterprises [J ] . Enterprise Information Systems , 2008 , 2 ( 3 ): 309 - 324 .

SWILER L D , PHILLIPS C , GAYLOR T . A graph based network vulnerability analysis system [R ] . Albuquerque,USA:Sandia National Laboratories , 1998 .

KUNDU A , GHOSH N , CHOKSHI I . Analysis of attack graph-based metrics for quantification of network security [C ] // India Conference . IEEE , 2012 : 530 - 535 .

SHEYNER O , HAINE S , JHA S , et al . Automated generation and analysis of attack graphs [C ] // Symposium on Security and Privacy . IEEE , 2002 : 273 - 284 .

BHATTACHARYA P , GHOSH S K . Analytical framework for measuring network security using exploit dependency graph [J ] . IET Information Security , 2012 , 6 ( 4 ): 264 - 270 .

IDIKA N , BHARGAVA B . Extending attack graph-based security metrics and aggregating their application [J ] . IEEE Transactions on Dependable and Secure Computing , 2012 , 9 ( 1 ): 0 - 85 .

张鸣天 . 基于贝叶斯网络的信息安全风险评估研究 [D ] . 北京:北京化工大学 , 2016 .

ZHANG M T . Research on information security risk assessment based on Bayesian network [D ] . Beijing:Beijing University of Chemical Technology , 2016 .

FRIGAULT M , WANG L . Measuring network security using Bayesian network-based attack graphs [C ] // IEEE International Computer Software and Applications . IEEE , 2008 : 698 - 703 .

POOLSAPPASIT N , DEWRI R , RAY I . Dynamic security risk management using Bayesian attack graphs [J ] . IEEE Transactions on Dependable and Secure Computing , 2012 , 9 ( 1 ): 61 - 74 .

王元卓 , 林闯 , 程学旗 , 等 . 基于随机博弈模型的网络攻防量化分析方法 [J ] . 计算机学报 , 2010 , 33 ( 9 ): 1748 - 1762 .

WANG Y Z , LIN C , CHENG X Q , et al . Analysis for network at-tack-defense based on stochastic game model [J ] . Chinese Journal of Computers , 2010 , 33 ( 9 ): 1748 - 1762 .

LI X , LU Y , LIU S . Network security situation assessment method based on Markov game model [J ] . Ksii Transactions on Internet ＆ Information Systems , 2018 , 12 ( 5 ): 2414 - 2428 .

ZHANG H , HAN J , ZHANG J . Security risk evaluation of information systems based on game theory [C ] // International Conference on Intelligent Human-machine Systems ＆ Cybernetics . IEEE , 2013 : 46 - 49 .

FU S , ZHOU H . The information security risk assessment based on AHP and fuzzy comprehensive evaluation [C ] // IEEE International Conference on Communication Software ＆ Networks . IEEE , 2011 : 124 - 128 .

GENG W , HU Y . Information security management model based on AHP [C ] // International Conference on Measurement . 2012 : 352 - 355 .

YAN C , QIAO B . Study and application of risk evaluation on network security based on AHP [J ] . Journal of Huangshi Institute of Technology , 2012 , 289 : 198 - 205 .

LI J H , LI G Z . Study on the evaluation model for network security [J ] . Advanced Materials Research , 2011 , 317-319 : 1745 - 1748 .

TUTEJA A , THALIA S . Towards quantification of information system security [M ] // Computational Intelligence and Information Technology . Springer Berlin Heidelberg , 2011 .

李景智 , 殷肖川 , 胡图 . 基于可拓理论的网络安全评估研究 [J ] . 计算机工程与应用 , 2012 , 48 ( 21 ): 79 - 82 .

LI J Z,YIN X C , HU T , et al . Network security evaluation algorithm based on extension theory [J ] . Computer Engineering and Applications , 2012 , 48 ( 21 ): 79 - 82 .

FU Y , WU X P , YE Q , et al . An approach for information systems security risk assessment on fuzzy set and entropy weight [J ] . Acta Electronica Sinica , 2010 , 38 ( 7 ): 1489 - 1494 .

KONG L , . Risk evaluation scheme for accounting information system based on Analytic Hierarchy Process [C ] // 2017 International Conference on Smart Grid and Electrical Automation (ICSGEA) . IEEE Computer Society , 2017 .

TEMAM O , . The rebirth of neural networks [C ] // International Symposium on Computer Architecture . 2010 :349.

顾兆军 , 辛倩 . 熵权神经网络的信息系统安全评估 [J ] . 计算机工程与设计 , 2018 , 39 ( 7 ): 1856 - 1860 .

GU Z J , XIN Q . Information system security evaluation based in entropy weight method and neural network [J ] . Computer Engineering and Design , 2018 , 39 ( 7 ): 1856 - 1860 .

Standards Press of China . Information security technology system security level protection evaluation requirements [S ] . GB/T 28448-2012 . 2012 .

MA L , PAN D , WU Z . ANN RBF approach of risk assessment for aviation ATM network [J ] . Sensors ＆ Transducers Journal , 2013 , 159 ( 11 ): 132 - 137 .

JIANG Y P , CAO C , MEI X , et al . A quantitative risk evaluation model for network security based on body temperature [J ] . Journal of Computer Networks ＆ Communications , 2016 ( 4 ):3.

ZHANG M , WANG L , JAJODIA S . Network diversity:asecurity metric for evaluating the resilience of networks against zero-day attacks [J ] . IEEE Transactions on Information Forensics and Security , 2016 :1.

CARLO B , MARCO C , GIANLUIGI V . Digital information asset evaluation [J ] . ACM SIGMIS Database:the DATABASE for Advances in Information Systems , 2018 , 49 ( 3 ): 19 - 33 .

LEWIS M J , . Characterizing risk [C ] // Eighth Cyber Security ＆ Information Intelligence Research Workshop . 2013 : 1 - 4 .

CHEN C X . Innovation and development of China’s information security level protection system [J ] . Cyberspace Security , 2016 , 7 ( 2 ): 5 - 6 .

Common criteria for information technology security evaluation V3.1 [R ] . 2017 .

ALCARAZ C , MELTEM SÖNMEZ TURAN . PDR:A Prevention,Detection and Response mechanism for anomalies in energy control systems [J ] . American Geophysical Union , 2012 , 90 ( 17 ): 22 - 33 .

LIU G C . BS7799 criterion and its application in meso-information systems audit [J ] . Journal of Audit ＆ Economics , 2012 ( 3 ): 1 - 2 .

WEIK M H . Federal information processing standard publication [R ] . 2002 .

NIKOLOPOULOU A . The directive on security of network and information systems (NIS directive)from a practional view [R ] . 2019 .

National Institute of Standards and Technology . Framework for improving critical infrastructure cyber security [R ] . 2014 .

Standards Press of China . Information security technology-baseline for classified protection of cyber security [S ] . GB/T 22239-2019 , 2019 .

姚传军 . WPDRRC 信息安全模型在安全等级保护中的应用 [J ] . 光通信研究 , 2010 ( 5 ): 27 - 29 .

YAO C J . Application of WPDRRC information security model in multi-level security protection [J ] . Study on Optical Communications , 2010 ( 5 ): 27 - 29 .

KOROTKA M S , ROGER YIN L , BASU S C . Information assurance technical framework and end user information ownership:a critical analysis [J ] . Journal of Information Privacy and Security , 2005 , 1 ( 1 ): 10 - 26 .

HECKMAN M , SCHELL R . Using proven reference monitor patterns for security evaluation [J ] . Information , 2016 , 7 ( 2 ):23.

HOUMB S H , RAY I . Trust-based security level evaluation using Bayesian belief networks [C ] // Transactions on Computational Science X . 2010 : 154 - 186 .

CHEN Y J , LIAO G Y , CHENG T C . Risk assessment on instrumentation and control network security management system for nuclear power plants [C ] // International Carnahan Conference on Security Technology . IEEE , 2009 : 216 - 264 .

GUAN B C , LO C , WANG P . Evaluation of information security related risks of an organization:the application of the multicriteria decision-making method [C ] // IEEE International Carnahan Conference on Security Technology . IEEE , 2003 : 168 - 175 .

TAO H , LIANG C , CHI W . The research of information security risk assessment method based on fault tree [C ] // Sixth International Conference on Networked Computing ＆ Advanced Information Management . IEEE , 2010 : 370 - 375 .

Standards Press of China . Classified criteria for security protection of computer information system [S ] . GB17859-1999 , 1999 .

Aryasec . Aryasec.Measurement of information security effectiveness [EB/OL ] . 2019 2019 .

SIPONEN M , WILLISON R . Information security management standards:Problems and solutions [J ] . Information ＆ Management , 2009 , 46 ( 5 ): 267 - 270 .

GB/T 31495.Information security technology―Indicator system of information security assurance and evaluation methods [EB/OL ] . 2015 .

FRAY I E , . A comparative study of risk assessment methods,mehari ＆cramm with a new formal model of risk assessment (fomra) in information systems [M ] // Computer Information Systems and Industrial Management . Berlin Heidelberg:Springer , 2012 .

SARKHEYLI A , ITHNIN N B . Improving the current risk analysis technologies by study of their process and using the human body’s immune system [C ] // The 5th International Symposium on Telecommunications . IEEE , 2010 : 651 - 656 .

NSFOCUS , . Industrial control system information security assurance framework [R ] . 2019 .

王卫东 . 安全度量及其面临的挑战 [J ] . 保密科学技术 , 2011 ( 3 ): 54 - 58 .

WANG W D . Security metrics and challenges [J ] . Secrecy Science and Technology , 2011 ( 3 ): 54 - 58 .

KOTT A , WANG C , ERBACHER R F . Cyber defense and situational awareness [M ] . Berlin Heidelberg : SpringerPress , 2014 .

CHENG Y , DENG J , LI J , et al . Metrics of security [J ] . Advances in Information Security , 2014 , 62 : 263 - 295 .

KOVACICH G . Information systems security metrics management [J ] . Computers ＆ Security , 1997 , 16 ( 7 ): 610 - 618 .

HERRERA S O S , . Information security management metrics development [C ] // International Carnahan Conference on Security Technology . IEEE , 2005 .

龚俭 , 臧小东 , 苏琪 . 网络安全态势感知综述 [J ] . 软件学报 , 2017 , 28 ( 4 ): 1010 - 1026 .

GONG J , ZANG X D , SU Q . Network security situation awareness [J ] . Journal of Software , 2017 , 28 ( 4 ): 1010 - 1026 .

KOTENKO I , NOVIKOVA E . Visualization of security metrics for cyber situation awareness [C ] // 2014 Ninth International Conference on Availability,Reliability and Security (ARES) . 2014 : 506 - 513 .

Security Score Card . Analysis of cyber risk exposure for US and European political parties report [R ] .2019-03-14.

UPGUAR D . A beginner’s guide to cyber security insurance [M ] . Gov . uk Press , 2017 .

LUNA J , GHANI H , GERMANUS D , et al . A security metrics framework for the cloud [C ] // The International Conference on Security and Cryptography . IEEE , 2011 : 245 - 250 .

浏览量

1832

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于三维球体模型的XML通信协议安全评估方法