检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]中国民航大学计算机科学与技术学院,天津300300 [2]中国信息安全测评中心系统评估处,北京100085
出 处:《计算机应用》2012年第3期679-682,共4页journal of Computer Applications
基 金:国家自然科学基金资助项目(60776807;61179045);天津市科技计划重点项目(09JCZDJC16800);中国民航科技项目(MHRD201009;MHRD201021)
摘 要:针对目前网络安全评估方法不能有效解决漏洞的关联性评价问题,提出一种基于漏洞间关联性的网络漏洞威胁评估方法。以攻击图为评估数据源,兼顾前序节点和后序节点的多样性,融合从前向后入(FI)方法和从后向前出(BO)方法,采用优化贝叶斯网络方法和加权平均法计算路径漏洞与主机漏洞的威胁值,得到关联环境下的漏洞量化评估结果。实验结果表明,该方法能有效弥补传统方法孤立评估漏洞的不足,能够更为有效地表达出系统的安全特性。Since the present network security assessment methods cannot evaluate vulnerability relevance effectively,a vulnerability threat assessment method based on relevance was presented.Firstly,an attack graph must be created as the source data.Secondly,by taking both pre-nodes and post-nodes diversity into consideration,integrating the methods of Forward In(FI) and Backward Out(BO),the authors calculated the probability of vulnerability being used on multiple attack routes through optimizing calculation formulas originating from Bayesian network,then the weighted average method was utilized to evaluate the risk of certain vulnerability on a particular host,and finally the quantitative results were achieved.The experimental results show that this method can clearly and effectively describe the security features of systems.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.17.6.12
