基于攻击图的网络安全评估方法研究  被引量:5

Novel method of evaluating network security based on attack graphs

在线阅读下载全文

作  者:马俊春[1,2] 王勇军[1] 孙继银[2] 陈珊[3] 

机构地区:[1]国防科学技术大学计算机学院 [2]第二炮兵工程学院402教研室 [3]中国人民解放军96337部队

出  处:《计算机应用研究》2012年第3期1100-1103,1106,共5页Application Research of Computers

基  金:国家"863"高技术研究发展计划资助项目(2009AA01Z432);国家自然科学基金资助项目(60873215)

摘  要:为了提高网络的整体安全性,提出了基于攻击图的网络安全评估方法。首先,在攻击图的基础上提出了脆弱点依赖图的定义;其次,将影响评估的因素分为脆弱性自身特点、网络环境因素和脆弱性关联关系三部分;最后,按照网络拓扑的规模,采用自下向上、先局部后整体的思想,直观地给出了漏洞、主机和整个网络系统三个层次的脆弱性指数评估值。通过大量反复的实验测试,该方法可以对网络系统存在的脆弱性进行定期的、全面的量化评估,及时发现并弥补网络系统中存在的安全隐患,有效地提升网络系统的生存能力,从而提高网络系统应对各种突发攻击事件的能力,具有重大的理论价值、经济效益和社会意义。In order to improve networks' total security, this paper presented a novel method of assessing network security based on attack graphs. Firstly, it proposed a definition of vulnerability dependence graph based on attack graphs. Secondly, it divided the factors which impact network vulnerability assessment into three parts: the vulnerability character by itself, the network environment and the relationship between vulnerabilities. Finally, according to the size of network topology, using the evaluation policy from bottom to top and from local to global, it gave the vu!nerability assessment intuitively in three levels : the vulnerability, the host and the network. Through a large number of repeated laboratory tests, the experimental results show that this method can assess network security efficiently, help network security managers guard the network, which improves networks viability, and improves the ability of responding to sudden attacks. So it has great theoretical value, economic value and social significance.

关 键 词:网络安全 攻击图 脆弱点依赖图 网络脆弱性指数评估 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象