基于分布并行处理的攻击图构建方法研究  被引量:3

Study of Attack Graph Construction Based on Distributed Parallel Processing

在线阅读下载全文

作  者:马俊春[1,2] 孙继银[2] 王勇军[1] 赵宝康[1] 陈珊[3] 

机构地区:[1]国防科学技术大学计算机学院 [2]第二炮兵工程学院 [3]中国人民解放军96617部队

出  处:《兵工学报》2012年第1期109-115,共7页Acta Armamentarii

基  金:国家863项目(2009AA01Z432);国家自然科学基金项目(60873215)

摘  要:针对大规模复杂网络系统安全性分析中存在的问题,提出一种基于分布并行处理的攻击图构建方法。首先,该方法站在防御者的角度,将所有具有脆弱性的主机作为攻击目标,采用正向、广度优先搜索的策略构建攻击图,解决了已有方法中的攻击目标固定、单一的问题;其次,重点研究了脆弱性分析优化处理技术,从分布并行处理的角度将不同区域的目标网络进行脆弱性分析任务划分,通过多网络脆弱性分析引擎的分布并行处理技术来满足扩展性的要求,解决了已有方法存在的复杂度高、扩展性能低,难以适用于大规模复杂网络系统的问题;最后,采用限制攻击步骤数的优化策略,解决了攻击图生成过程中存在的状态爆炸问题。实验结果表明,该方法可以提高攻击图生成的效率,并且能大大降低攻击图生成时的系统资源消耗,而且本文所提方法对于大规模复杂网络系统的整体安全性具有应用价值。In order to resolve the existed problems when analyzing large and complex network systems, a novel attack graph construction method is proposed which is based on distributed parallel processing tech- nology. Firstly, from the defender's point of view, all the vulnerable hosts are considered as attack tar- gets, using positive, breadth-first search strategy to construct attack graph, which resolves the problem of which the attack target is defined and single in the existed methods. Secondly, the optimization technolo- gy is researched, and the total network is divided into different areas, through multi-engine parallel pro- cessing technology, to meet the distribution scalability requirements, the problem of existed methods with high complexity and low scalability is resolved, and which is difficult for large-scale complex network. Fi- nally, the optimization strategy, limited number of attack steps is used, which resolves the existing state explosion problem when constructing the attack graph. Experimental results show that this method can im- prove the efficiency of attack graph' s generation, and reduce the system resource consumption greatly, and it has value for assessing the security of large-scale complex network.

关 键 词:计算机系统结构 大规模网络 网络安全 攻击图 分布并行处理 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象