期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于攻击图的网络脆弱性量化评估研究 被引量:6

Research of Quantitative Vulnerability Assessment Based on Attack Graphs
在线阅读 下载PDF
导出
摘要 目前,网络脆弱性量化评估面临的主要挑战之一是识别网络中存在的脆弱性和它们之间的相互关系以及由此产生的潜在威胁,本文提出了一种基于属性攻击图的网络脆弱性量化评估方法。首先对属性攻击图和有效攻击路径进行了形式化定义,在此基础上提出了采用"最大可达概率"指标来度量目标网络中关键属性集合的脆弱性,并设计了最大可达概率计算算法,该算法解决了属性攻击图的含圈路径问题;为解决实际评估中原始数据缺失的问题,提出了"可信度"的概念,它能有效反映缺失数据对评估结果的影响。 Attack graph is a modelbased vulnerability analysis technology. It may automatically analyze the interrelation among vulnerabilities in the network and the potential threat resulting from the vulnerabilities,which is one of problems the quantitative vulnerability assessment must solve. This paper proposes a novel quantitative vulnerability assessment method based on attributebased attack graphs. First attributebased attack graphs and valid attack paths are formally described, and maximal reachable probability is adopted to measure the vulnerability of the key attribute set of the target network. An algorithm for computing maximal reachable probability is presented to solve the problem of loop attack paths. Finally, because some data may not be obtained in practical assessment,the conception of creditability is introduced to measure the impact of absent data on the result.
作者 陈锋 张怡 鲍爱华 苏金树
机构地区 国防科学技术大学计算机学院 国防科学技术大学信息系统与管理学院
出处 《计算机工程与科学》 CSCD 北大核心 2010年第10期8-11,19,共5页 Computer Engineering & Science
基金 国家自然科学基金资助项目(90604006)
关键词 攻击图 有效攻击路径 最大可达概率 可信度 attack graph;valid attack path;maximal reachable probability;creditability
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Schneier B. Attack Trees: Modeling Security Threats[J]. Dr Dobb's Journal, 1999,12(24) : 21-29.
  • 2Ortalo R, Deswarte Y, Kaaniche M. Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security[J]. IEEE Trans on Software Engineering, 1999, 25 (5) :633-650.
  • 3张永铮,方滨兴,迟悦,云晓春.用于评估网络信息系统的风险传播模型[J].软件学报,2007,18(1):137-145. 被引量:76
  • 4Jha S, Sheyner O, Wing J. Two Formal Analyses of Attack Graphs[C]//Proc of the 15th IEEE Computer Security Foundations Workshop, 2002 : 49-63.
  • 5Ammann P, Wijesekera D, Kaushik S. Scalable, Graph-Based Network Vulnerability Analysis[C]//Proc of the 9th ACM Conf on Computer and Communications Security,2002:217-224.
  • 6Jajodia S,Noel S, O'Berry B. Topological Analysis of Network Attack Vulnerability[ M]//Kumar V, Srivastava J, Lazarevic A, eds. Managing Cyber Threats: Issues, Approaches and Challenges. Springer-Verlag, 2005 : 248-266.
  • 7Ou Xinming, Boyer W F, McQueen M A. A Sealable Approach to Attack Graph Generation [C] //Proc of the 13th ACM Conf on Computer and Communications Security, 2006 : 336-345.
  • 8Wang Lingyu,Singhal A,Jajodia S. Toward Measuring Network Security Using Attack Graphs[C] //Proc of the 3rd Int'l Workshop on Quality of Protection, 2007: 49-54.
  • 9Sawilla R, Ou Xinming. Googling Attack Graphs[R]. Technical Report,Ottawa TM 2007-205,Defence R &D Canada,2007.
  • 10Ciechanowicz Z. Risk Analysis: Requirements, Conflicts and Problems[J]. Computers & Security, 1997,16 (3) : 223-232.

二级参考文献2

共引文献75

同被引文献44

引证文献6

二级引证文献25

计算机工程与科学
2010年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部