计算机应用与软件2011,Vol.28Issue(11):25-29,5.
一种基于网络安全梯度的攻击图生成并行化方法
A NETWORK SECURITY GRADE BASED ATTACK GRAPH GENERATION PARALLEL APPROACH
摘要
Abstract
Attack graph is becoming a key technology for network security analysis. The paper introduces the concept of network security grade to reflect the direction of network attacks and the hierarchy of network defense. Therefore the paper improves its monotony assumption to reduce the attack graph scale, depending on the concept of network security grade, executes sub-task division on attack graph generation; then designs a parallel attack graph generation algorithm. Compared to previous algorithms, experiment results show that the parallel algorithm effectively improves the attack graph generation efficiency; on a 8-cored server with 32GB of memory, the parallel algorithm can generate an attack graph with a network size of 400 within 20 seconds. Moreover the efforts by the paper may help attack graph analysis and network remedy technology with large size network applications.关键词
并行/攻击图生成/网络安全梯度Key words
Parallel Attack graph generation Network security grade分类
信息技术与安全科学引用本文复制引用
胡欣,孙永林,王勇军..一种基于网络安全梯度的攻击图生成并行化方法[J].计算机应用与软件,2011,28(11):25-29,5.基金项目
2011中国计算机大会论文.国家自然科学基金项目(60873215) (60873215)
国家高技术研究发展计划(2009AA01Z432). (2009AA01Z432)
