通信学报2017,Vol.38Issue(1):187-198,12.DOI:10.11959/j.issn.1000-436x.2017021
面向多步攻击的网络安全态势评估方法
Network security situation evaluation method for multi-step attack
摘要
Abstract
Aiming at analyzing the influence of multi-step attack, as well as reflecting the system's security situation ac-curately and comprehensively, a network security situation evaluation method for multi-step attack was proposed. This method firstly clustered security events into several attack scenes, which was used to identify the attacker. Then the attack path and the attack phase were identified by causal correlation of every scene. Finally, combined with the attack phase as well as the threat index, the quantitative standard was established to evaluate the network security situation. The proposed method is assessed by two network attack-defense experiments, and the results illustrate accuracy and effectiveness of the method.关键词
场景聚类/多步攻击/安全态势/量化分析Key words
scene clustering/multi-step attack/security situation/quantification analysis分类
信息技术与安全科学引用本文复制引用
杨豪璞,邱辉,王坤..面向多步攻击的网络安全态势评估方法[J].通信学报,2017,38(1):187-198,12.基金项目
国家自然科学基金资助项目(No.61303074, No.61309013) (No.61303074, No.61309013)
国家重点基础研究发展计划("973"计划)基金资助项目(No.2012CB315900) The National Natural Science Foundation of China (No.61303074, No.61309013), The National Basic Research Program of China (973 Program)(No.2012CB315900) ("973"计划)
