摘要
针对当前基于攻击图的网络安全风险评估方法在评估过程中考虑网络实际运行情况不全面的问题,提出了一种基于贝叶斯攻击图的网络安全风险评估方法。首先,基于贝叶斯攻击图对目标网络进行了建模;其次,结合攻击意图和原子攻击的特性,利用先验概率对属性节点的静态风险进行了评估;最后,运用贝叶斯推理方法中的后验概率对静态风险评估攻击图进行了动态更新,实现了对目标网络的动态风险评估。通过试验分析验证了该方法的可行性,可为实施网络安全防护策略提供依据。
Aiming at the problems that the current network security risk assessment method based on attack graph considers the actual network operation incompletely during the process of assessment,a network security risk assessment method based on Bayesian attack graph is proposed. Firstly,the network attack behavior is modeled based on the Bayesian attack graph. Secondly,the prior probability is used to evaluate the static risk of attribute nodes combining the characteristics of attack intention and atomic attack. Finally,the static risk assessment attack graph is dynamically updated by using the posterior probability of Bayesian inference method to realize the dynamic risk assessment of the target network. The method is proved to be feasible by the experimental analysis,which can provide a basis for implementing network security protection strategy.
作者
王增光
卢昱
李进东
WANG Zeng-guang;LU Yu;LI Jin-dong(Equipment Command and Administration Department,Shijiazhuang Campus of Army Engineering University,Shijiazhuang 050003,China;Troop No.69225 of PLA,Hejing 841300,China)
出处
《装甲兵工程学院学报》
2018年第3期81-86,共6页
Journal of Academy of Armored Force Engineering
关键词
风险评估
贝叶斯攻击图
攻击意图
动态评估
risk assessment
Bayesian attack graph
attack intention
dynamic assessment
