期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于攻击图的漏洞风险评估方法 被引量:18

Attack graph-based method for vulnerability risk evaluation
在线阅读 下载PDF
导出
摘要 传统的安全漏洞评估方法只是孤立地对单个漏洞进行评估,评估结果不能反映出漏洞对整个网络的影响程度。针对这个问题,提出了一种新的漏洞风险评估方法。该方法根据攻击图中漏洞间的依赖关系与漏洞的CVSS评分,首先计算出漏洞被利用的可能性与被利用后对整个网络的危害程度,并在此基础上计算出漏洞具有的风险值。由该方法计算出的漏洞风险能够准确地反映出漏洞对整个网络的影响程度,并通过实验证明了该方法的准确性与有效性。 The conventional methods for vulnerability risk evaluation just concentrate on individual vulnerability, which can' t reveal impact on the whole network. For this problem, this paper put forward a new method for vulnerability risk evaluation. Based on casual relationship between vulnerabilities in attack graph and CVSS score of vulnerabilities, this method first computed the probabilities of exploits and the impact on the whole network after exploits, and then computed vulnerability risk. The vulnerability risk can exactly reveal its impact on the whole network. Experiment validates its veracity and validity.
作者 张玺 黄曙光 夏阳 宋舜宏
机构地区 电子工程学院网络系
出处 《计算机应用研究》 CSCD 北大核心 2010年第1期278-280,共3页 Application Research of Computers
关键词 安全漏洞 攻击图 渗透 vulnerability attack-graph exploit
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1GB征求意见稿,信息安全风险评估指南[S].北京:国务院信息化工作办公室,2005.
  • 2张永铮,方滨兴,迟悦.计算机弱点数据库综述与评价[J].计算机科学,2006,33(8):19-21. 被引量:8
  • 3张涛,胡铭曾,李东,郑明.一种量化的软件弱点评估方法[J].计算机工程与应用,2005,41(27):7-9. 被引量:5
  • 4MELL P, SCARFONE K, ROMANOSKY S. A complete guide to the common vulnerability scoring system version 2.0[ EB/OL]. [ 2008 ]. http ://www, first, org/cvss/.
  • 5OU Xin-ming,BOYER W F,McQUEEN M A. A scalable approach to attack graph generation [ C ]//Proc of the 13th ACM Conference on Computer and Communications Security. 2006:336- 345,.
  • 6AMMANN P, WUESEKERA D,KAUSHIK S. Scalable, graph-based network vulnerability analysis[ C ]//Proc of the 9th ACM Conference on Computer and Communications Security. New York: ACM Press, 2002:217-224.
  • 7SHEYNER O, HAINES J, JHA S, et al. Automated generation and analysis of attack graphs[ C]//Proc of IEEE Symposium on Security and Privacy. Oakland, California : IEEE Press ,2002:254-265.
  • 8孙亮,李东,张涛.网络攻击图的自动生成[J].计算机应用研究,2006,23(3):119-122. 被引量:13
  • 9WANG Ling-yu, NOEl. S ,JAJODIA S. Minimum-cost network hardening using attack graphs [ J ]. Computer Communications, 2006,29 ( 18 ) :3812-3824.
  • 10LIPPMANN R P, INGOLS K W, SCOTF C, et al. Evaluating and strengthening enterprise network security using attack graphs, ESCTR-2005-064 [ R ]. [ S. l. ] : MIT Lincoln Laboratory,2005.

二级参考文献64

  • 1张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114. 被引量:35
  • 2杨洪路,刘海燕,贺振中.脆弱性数据库系统的设计及构建[J].计算机工程,2004,30(9):195-196. 被引量:3
  • 3R Ritchey,P Ammann.Using Model Checking to Analyze Network Vulnerabilities[C].Proceedings of the IEEE Symposium on Security and Privacy,2001.156-165.
  • 4O Sheyner,J Haines,S Jha,et al.Automated Generation and Analysis of Attack Graphs[C].Proceedings of IEEE Symposium on Security and Privacy,2002.273-284.
  • 5O Sheyner.Scenario Graphs and Attack Graphs[D].Carnegie Mellon University,2004.
  • 6C Ramakrishnan,R Sekar.Model-based Vulnerability Analysis of Computer Systems[C].Proceedings of the 2nd International Workshop on Verification,Model Checking and Abstract Interpretation,1998.
  • 7V Kumar,J Srivastava,A Lazarevic.Managing Cyber Threats:Issues,Approaches and Challenges[M].Kluwer Academic Publishers,2003.247-266.
  • 8P Ammann,D Wijesekera,S Kaushik.Scalable,Graph-based Network Vulnerability Analysis[C].Proc.of the 9th ACM Conference on Computer and Communications Security,2002.217-224.
  • 9C Phillips,L Swiler.A Graph-based System for Network Vulnerability Analysis[C].Proceedings of the 1998 Workshop on New Security Paradigms Table of Contents,1998.71-79.
  • 10L Swiler,C Philips,D Ellis,et al.Computer-Attack Graph Generation Tool[C].Proc.of DARPA Information Survivability Conference and Exposition,2001.146-161.

共引文献22

同被引文献140

引证文献18

二级引证文献76

计算机应用研究
2010年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部