检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:王金芳 郭渊博[1] WANG Jinfang;GUO Yuanbo(Department of Cryptogram Engineering,Information Engineering University,Zhengzhou 450001,China)
出 处:《小型微型计算机系统》2024年第2期381-387,共7页Journal of Chinese Computer Systems
基 金:国家自然科学基金项目(61501515,61601515)资助。
摘 要:物理信息系统包含类型多样的物理设备,现有的攻击图生成技术不适用于物理信息系统.传统的漏洞扫描技术难以检测到物理设备的漏洞,并且随着系统规模的增加,攻击图的计算会出现状态空间爆炸问题.为此,本文提出了一种面向物理信息系统的分布式攻击图生成算法.首先,针对物理设备漏洞识别较难的问题,提出了一种基于属性标记实体的方法扩展实体漏洞信息,并据此对物理信息系统进行攻击建模;其次,针对状态空间爆炸问题,提出了一种分布式攻击图生成算法,并且利用消息传递机制消除图部分的重复遍历,进一步提高了生成效率.实验结果表明,与其他相关技术相比,本文技术具有更高的生成效率.Physical information systems contain various types of physical devices,and the existing attack graph generation techniques are not suitable for physical information systems.The traditional vulnerability scanning technology is difficult to detect the vulnerabilities of physical devices,and with the increase of the system scale,the calculation of the attack graph will have the problem of state space explosion.To this end,this paper proposes a distributed attack graph generation algorithm for physical information systems.Firstly,in view of the difficulty in identifying physical equipment vulnerabilities,a method based on attribute tagging entities is proposed to expand entity vulnerability information,and then attack modeling of physical information systems is carried out.Secondly,for the problem of state space explosion,a method is proposed.A distributed attack graph generation algorithm,and the message passing mechanism is used to eliminate the repeated traversal of the graph part,thereby further improving the generation efficiency.The experimental results show that the proposed technique has higher generation efficiency than other related techniques.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.179