计算机应用研究2012,Vol.29Issue(3):1100-1103,1106,5.DOI:10.3969/j.issn.1001-3695.2012.03.082
基于攻击图的网络安全评估方法研究
Novel method of evaluating network security based on attack graphs
摘要
Abstract
In order to improve networks' total security, this paper presented a novel method of assessing network security based on attack graphs. Firstly, it proposed a definition of vulnerability dependence graph based on attack graphs. Secondly, it divided the factors which impact network vulnerability assessment into three parts; the vulnerability character by itself, the network environment and the relationship between vulnerabilities. Finally, according to the size of network topology, using the evaluation policy from bottom to top and from local to global, it gave the vulnerability assessment intuitively in three levels; the vulnerability, the host and the network. Through a large number of repeated laboratory tests, the experimental results show that this method can assess network security efficiently, help network security managers guard the network, which improves networks viability, and improves the ability of responding to sudden attacks. So it has great theoretical value, economic value and social significance.关键词
网络安全/攻击图/脆弱点依赖图/网络脆弱性指数评估Key words
network security/ attack graphs/ vulnerability dependence graph/ network vulnerability assessment分类
信息技术与安全科学引用本文复制引用
马俊春,王勇军,孙继银,陈珊..基于攻击图的网络安全评估方法研究[J].计算机应用研究,2012,29(3):1100-1103,1106,5.基金项目
国家"863"高技术研究发展计划资助项目(2009AA01Z432) (2009AA01Z432)
国家自然科学基金资助项目(60873215) (60873215)
