摘要
针对目前主机安全评估方法中无法准确计算主机安全值,忽略攻击图中主机关联性等问题,提出一种基于攻击图的主机安全评估方法。首先,生成主机攻击图,从漏洞自身、时间、环境和操作系统可利用性4个角度量化原子攻击概率并计算主机攻击概率。然后,根据专家先验评估和相关性定权法计算主机资产重要性,依据攻击图中主机间的关联关系计算主机的拓扑结构重要性。最后,依据主机漏洞影响值、主机重要性和主机攻击概率计算主机安全值。实验结果表明,所提方法得到的主机重要性和安全值符合真实网络情况,能够更全面准确地反映主机的安全状况;所提方法得到的主机安全值标准差为0.078,大于其他方法得到的安全值标准差,表明所提方法得到的安全值离散程度更大,更易于区分安全等级和后续的风险处置优先级。
In order to solve the problems of inaccurate calculation of host security value and ignoring host correlation in attack graph, a host security assessment method based on attack graph was proposed. First, the host attack graph was generated to quantify the atomic attack probability and the attack probability of the host was calculated from four perspectives, such as vulnerability itself, time, environment and operational system availability. Then, the host assets importance was calculated according to expert transcendental evaluation and correlation weighting method, and the topology importance of host was calculated according to the association relationship between hosts in attack graph. Finally, the host security value was calculated according to the impact value of host vulnerability, host importance and host attack probability. The experimental results show that the importance and security value of the proposed method accord with the real network situation and can reflect the security condition of the host more completely and accurately. The standard deviation of host safety value obtained by the proposed method is 0.078, which is larger than that obtained by other methods, indicating that the safety value obtained by the proposed method is more discrete and easier to distinguish the safety level from the subsequent risk disposal priority.
作者
杨宏宇
袁海航
张良
YANG Hongyu;YUAN Haihang;ZHANG Liang(College of Safety Science and Engineering,Civil Aviation University of China,Tianjin 300300,China;College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;College of Information,University of Arizona,Tucson,AZ 85721,USA)
出处
《通信学报》
EI
CSCD
北大核心
2022年第2期89-99,共11页
Journal on Communications
基金
国家自然科学基金资助项目(No.U1833107)。
关键词
主机安全
攻击图
原子攻击概率
资产重要性
拓扑结构重要性
安全评估
host security
attack graph
atomic attack probability
asset importance
topology importance
security assessment
