| 方玲,仲伟俊,梅姝娥.脆弱性水平对信息系统安全技术策略影响研究[J].,2015,55(3):332-338 |
| 脆弱性水平对信息系统安全技术策略影响研究 |
| Study of influence of vulnerability level on information system security technology strategy |
| |
| DOI:10.7511/dllgxb201503016 |
| 中文关键词: 脆弱性水平 入侵检测系统配置 人工调查 信息系统安全 黑客成功率 |
| 英文关键词: vulnerability level intrusion detection system configuration manual investigation information system security hacker′s success probability |
| 基金项目:国家自然科学基金资助项目(71071033);江苏省普通高校研究生科研创新计划资助项目(CXLX13_124). |
|
| 摘要点击次数: 1346 |
| 全文下载次数: 1288 |
| 中文摘要: |
| 利用博弈论研究了基于脆弱性水平的组织信息系统安全技术策略,发现信息系统脆弱性水平对组织信息系统安全技术的选择与配置具有重要影响.脆弱性水平较低时组织只需对一部分IDS警报事件发起人工调查,无须对未警报事件发起调查;脆弱性水平较高时组织需对所有IDS警报事件发起调查,同时还需对部分未警报事件发起调查.与此同时,人工调查率还将随着脆弱性水平的提高而提高.此外,当信息系统脆弱性水平比较高时,黑客入侵率不一定高,这主要是因为组织配置了入侵检测率较高的IDS. |
| 英文摘要: |
| Game theory was used to learn organizations′ information system security technology strategies based on the vulnerability level. It is found that the vulnerability level of an information system has important influence on the selection and configuration of an organization′s information system security technologies. When the vulnerability level is comparatively low, the organization should only investigate some IDS alarms manually and ignore no-alarms. When the vulnerability level is comparatively high, the organization should investigate all IDS alarms and some no-alarms manually. Meanwhile, the manual investigation probability would increase with the improvement of the vulnerability level. Apart from these facts, when the vulnerability level of an information system is comparatively high, the probability of hacker intrusion is not always high because the organization has deployed an IDS with comparatively high intrusion detection rate. |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |