基于知识图谱的网络系统安全风险评估方法  

NETWORK SYSTEM SECURITY ASSESSMENT METHODBASED ON KNOWLEDGE GRAPH

在线阅读下载全文

作  者:王一凡 孙治 和达 董贵山[1] 陈剑锋 Wang Yifan;Sun Zhi;He Da;Dong Guishan;Chen Jianfeng(The 30th Research Institute of China Electronic Technology Group Corporation,Chengdu 610000,Sichuan,China;China Electronic Technology Corporation Research Institute Co.,Ltd.,Baoding 071800,Hebei,China)

机构地区:[1]中国电子科技集团公司第三十研究所,四川成都610000 [2]中电科网络空间安全研究院有限公司,河北保定071800

出  处:《计算机应用与软件》2023年第11期312-320,共9页Computer Applications and Software

基  金:四川省科技厅重大专项(2017GZDZX0002);四川省杰出青年基金项目(2019JDJQ0058);四川省青年科技创新研究团队(2020JDTD0034)。

摘  要:随着网络安全问题日益严重,对网络系统进行准确的安全风险量化评估的需求与日俱增。针对现有评估方法忽略节点在整体中的位置、主观性强、无定量分析等不足,提出一种基于知识图谱和攻击图模型的网络安全评估方法。该方法以知识图谱为核心,利用CVSS对单个漏洞的量化指标,结合攻击者可能的攻击路径和转移概率计算出网络系统风险评分。实验结果表明该方法在解决现有方法不足的基础上能够评估网络和节点的安全风险值,并可横向比较不同网络与节点之间的安全性差异,能够为实施安全防护策略提供依据。With the increasingly serious problem of network security,there is a growing demand for accurate assessment of security risks for network system quantitatively.Aimed at the shortcomings of existing evaluation methods which ignore the position of nodes in the whole graph,depend on the subjective experiences and lack of nonquantitative analysis,a new network security assessment method based on knowledge graph and attack graph model was proposed.This method took the knowledge graph as a core,used the CVSS indicators to evaluate a single vulnerability,and combined the attacker's possible attack path and transition probability to calculate the network system risks score.The results of simulation show that this method can overcome the shortcomings of existing methods and evaluate the security risks scores of network system accurately,and can compare the security differences between different networks and nodes,which provides a basis for implementing security protection strategies.

关 键 词:网络安全评估 知识图谱 攻击图模型 通用漏洞评估 攻击路径 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象