国防科技大学学报2012,Vol.34Issue(3):109-112,4.
警报关联图:一种网络脆弱性量化评估的新方法
Alert correlation graph:a novel method for quantitative vulnerability assessment
摘要
Abstract
As a model-based vulnerability analysis technology, attack graphs can identify network vulnerabilities and their interactions; they can also reveal all possible attack paths and potential threats. Based on the attack graphs, alert correlation graphs are proposed in the paper. An alert correlation graph maps real-time IDS alerts into attack paths using prior knowledge encoded in attack graph, and reveals attack progresses and attackere' intention dynamically. A novel quantitative network vulnerability assessment method is presented based on the alert correlation graph, which analyzes network vulnerabilities by dynamically computing the weight of alert correlation edges. The research also demonstrates, by examples, that the proposed method combines static prior knowledge about network vulnerabilities with dynamic attackers' intentions, and reveals the change of network vulnerability under real-time attacks.关键词
攻击图/警报关联图/脆弱性评估Key words
attack graph/ alert correlation graph/ vulnerability assessment分类
信息技术与安全科学引用本文复制引用
张怡,赵凯,来犇..警报关联图:一种网络脆弱性量化评估的新方法[J].国防科技大学学报,2012,34(3):109-112,4.基金项目
国家863计划资助项目 ()
