Institutional Repository
| 虚拟网络测评环境构建方法研究 | |
| 王佳宾 | |
| Major | 信息安全 |
| Supervisor | 连一峰 |
| 2012-05-25 | |
| Degree Grantor | 中国科学院研究生院 |
| Degree Level | 硕士 |
| Place of Degree Grantor | 北京 |
| Keyword | 分组自适应 节点部署 激活扩散 节点模拟 虚拟网络测评环境 |
| Abstract | 随着计算机应用和网络的普及,网络安全事件不断发生。作为计算机安全相关工作的重要环节,网络安全测评工作也为越来越多的安全工作者所重视。当测评目标为重要的系统和网络时,为保证其安全性和可用性,我们需要构建一个独立的测评环境对测评目标进行测试评估。虚拟网络测评环境是一种以虚拟化技术和模拟仿真技术为基础的网络测评环境,该环境提高了硬件利用率,同时也增强了测试过程的可控性,是当前测评环境研究的趋势,也是本文研究的重点。 Existing virtual based network evaluation environment construction methods include direct deployment methods and completely cloned methods, which have the drawbacks of low efficiency and lack of type. Besides, there is also a problem of low hardware utilization. The disadvantage of simulation based network evaluation environment is the deviation between the simulated state and the true state. This paper presents a virtual network evaluation environment construction method using grouping adaptive based network node deployment method to deploy physical nodes and using spreading activation based simulation method to calculate the state of simulation nodes, including the following: 1)This paper proposes an grouping adaptive based network node deployment method. Analyzing the strengths and weaknesses of existing network node deployment methods , this method deploys the common software and uncommon software in different ways and the grouping uses priority grouping algorithm and non-priority grouping algorithm based on time entropy. 2) This paper proposes a node simulation method based on spreading activation. This method uses spreading activation model to calculate topological similarity between nodes and uses software vector to calculate system similarity between nodes. Based on topological similarity and system similarity, node similarity is calculated and finally the analog state of the node is calculated according to the state value of physical nodes and the similarity between simulated nodes and physical nodes. 3) In the detailed design, this paper develops a virtual network evaluation prototype system, using B/S structure and the virtualization environment xen which has been modified. In the experiment, grouping adaptive based network node deployment method is compared with direct deployment method, complete cloning development method and other network node deployment methods proposed in this paper. Besides, the state value simulated by the spreading activation model based method is compared with the actual value. The results indicates the reasonable and effective of the method proposed by this paper. |
| Subject | 数据安全与计算机安全 |
| Language | 中文 |
| Content Type | 学位论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/14410 |
| Collection | 信息安全国家重点实验室 |
| Recommended Citation GB/T 7714 | 王佳宾. 虚拟网络测评环境构建方法研究[D]. 北京. 中国科学院研究生院,2012. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| 王佳宾_毕业论文.pdf(1582KB) | 开放获取 | License | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment