Research on the Key Technology of the Risk Evaluation of the Network Security Based on the D-S Evidence

In order to carry out real-time evaluation on the network or information system, this paper proposes the D-S evidence attack graph model and its derivative method of incremental real-time evaluation. Based on this, it raises the incremental real-time evaluation method on the basis of the D-S evidence attack graph model, which can be divided into four layers in space of detection, attack, host and the network, and into two phases in time of initialization and real-time updating. This method well restrains the failed and false alarm in the security alarm by using the D-S evidence attack graph model. With perfect functions, it will blend and associate the attack alarm and then carry out credibility calculations of attack and prediction in three layers of node, host and the network in order to further accurately restore the attack scene and predict the attack behavior. Additionally, it can calculate the values of corresponding threats and the final trend of the network security to further identify the situations of security threats in three layers of node, host and the network. Because it is a kind of incremental evaluation method with the same complexity as a linear algorithm and high real-time performance, it can be utilized for a real-time assessment of large-scale network security. In the end, this thesis verifies the accuracy and effectiveness of this method and its features of high performance and expandability.