检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:高妮[1,2] 高岭[1] 贺毅岳[1,3] 王帆[1]
机构地区:[1]西北大学信息科学与技术学院,西安710127 [2]西安财经学院信息学院,西安710100 [3]西北大学经济管理学院,西安710127
出 处:《计算机工程与应用》2016年第11期125-130,共6页Computer Engineering and Applications
基 金:国家自然科学基金(No.61373176);国家科技支撑计划课题(No.2013BAK01B02);陕西省自然科学基金(No.2015JQ7278)
摘 要:目前基于攻击图的网络安全主动防御技术在计算最优防护策略时,很少考虑网络攻击中存在的不确定性因素。为此,提出一种基于贝叶斯攻击图的最优防护策略选择(Optimal Hardening Measures Selection based on Bayesian Attack Graphs,HMSBAG)模型。该模型通过漏洞利用成功概率和攻击成功概率描述攻击行为的不确定性;结合贝叶斯信念网络建立用于描述攻击行为中多步原子攻击间因果关系的概率攻击图,进而评估当前网络风险;构建防护成本和攻击收益的经济学指标及指标量化方法,运用成本-收益分析方法,提出了基于粒子群的最优安全防护策略选择算法。实验验证了该模型在防护策略决策方面的可行性和有效性,有效降低网络安全风险。An active defense technology based on attack graph has been applied on network security very well. However,the uncertainty about attacker actions is rarely considered in calculating the optimal countermeasure. Based on the above,an Optimal Hardening Measures Selection model based on Bayesian Attack Graphs(HMSBAG)is presented in this paper.This model describes the uncertainty of attack action by using the probability of successful exploits and the probability of successful attacks. Then, a probability attack graph, which describes the cause-consequence relationships among multi-step atomic attack in one attack progress, is built by using Bayesian belief networks to assess the current network risk. By using cost-benefit analysis method, the economics index of hardening-cost and attack-benefit are built and the optimal hardening measures selection algorithm based on particle swarm optimization is presented. Experimental results validate the feasibility and effectiveness of the model in the decision of optimal hardening measures to reduce the network security risk.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.249