一种基于主机重要度的网络主机节点风险评估方法  被引量：4

作　　者：杨宏宇 袁海航[2] 张良 YANG Hongyu;YUAN Haihang;ZHANG Liang(College of Safety Science and Engineering,Civil Aviation University of China,Tianjin 300300,China;College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;College of Information,University of Arizona,Tucson AZ85721,USA)

机构地区：[1]中国民航大学安全科学与工程学院,天津300300 [2]中国民航大学计算机科学与技术学院,天津300300 [3]亚利桑那大学信息学院,图森AZ85721

出　　处：《北京邮电大学学报》2022年第2期16-21,共6页Journal of Beijing University of Posts and Telecommunications

基　　金：国家自然科学基金民航联合研究基金项目(U1833107)。

摘　　要：现有依据攻击图评估网络主机节点方法中的原子攻击概率和资产保护价值计算时,未考虑主机节点间关联关系对主机节点风险值的影响。对此,提出了以网络中主机重要程度为基础的风险评估方案。首先,依据网络信息构建主机攻击图,利用漏洞可利用性、代码可用性和防御强度计算原子攻击概率并依据攻击图计算路径攻击概率;然后,从攻击图结构和资产保护价值2个角度表征主机重要度,利用原子攻击概率的倒数对主机攻击图加权并计算主机节点的改进加权介数指标,利用熵权法对主机节点资产保护价值指标赋权并计算资产保护价值;最后,根据主机节点最大路径攻击概率和主机重要度计算网络主机节点的风险值。实验结果表明,所提方法能够更全面地评估网络环境中的主机节点风险,得到的风险值更加合理。The existing network host node assessment methods based on attack graph have unreasonable calculation of atomic attack probability and asset protection value, and ignore the impact of the association relationship between host nodes on host node risk value. To solve these problems, a risk assessment scheme based on the importance of hosts in the network is proposed. Firstly, a host-based attack graph based on network information is build, and then the probability of atomic attack is calculated by vulnerability exploitability, code availability and defense intensity. After that, the attack probability of path is calculated based on the attack graph. Furthermore, the host importance is characterized from the attack graph structure and asset protection value. The reciprocal of atomic attack probability is used to weigh the host-based attack graph, and the improved weighted betweenness index is calculated. Moreover, the entropy weight method is used to weigh the asset protection value index of the host nodes and calculate the asset protection value. Finally, the risk value of the network host node is calculated according to the maximum path attack probability and host importance. The experimental results show that the host node risk in the network environmentand the obtained risk value results are more rational.

关 键 词：网络安全 主机攻击图 主机重要度 熵权法 风险评估 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]