期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于攻击能力增长的网络安全分析模型 被引量:27

A Network Security Analysis Model Based on the Increase in Attack Ability
下载PDF
导出
摘要 网络脆弱性分析是近年来国内外研究的热点问题之一.基于攻击能力增长的网络安全性分析模型以攻击者的能力增长为主导,参考网络环境配置,模拟黑客攻击自动生成攻击图.使用攻击能力增长表示攻击者的最终目标使得攻击图的表示更为准确.最小攻击代价分析第1次考虑了相似攻击对攻击代价的影响,以便对各条路径的攻击代价进行计算;最小环境改变分析考虑入侵检测的因素对最可能的攻击路径进行分析,对于入侵检测系统的处理更加科学合理;两种分析都为改善网络配置提供了依据.与已有成果相比,模型提出的算法和方法更为实际可行. In recent years, network vulnerability analysis, which is attracting more and more domestic researchers and foreign researchers, has become a hotspot in the field of information security. A new model of network security analysis based on the increase in attack ability is proposed. It takes into account the .network environment and simulates the attacker' s behavior, and considers improving the attack ability as attacker's ultimate target to generate attack graph. The method used to represent attack graph make the attack target more clear, because it uses the attack ability' s increment to describe a goal, which is more accurate than the attack ability itself. The minimum attack cost analysis considers the influence of similar attacks to compute the cost of each path for the first time, which conforms to the actual process of attack execution. The minimum environment change analysis can help people find out which attack path is most likely to be adopted by the attacker, which deals with IDS in a more reasonable way. These two analysis methods are helpful for improving the network configuration. The algorithm of attack graph generation and the method to analyze the attack graph proposed by the network security analysis model is more feasible than the existing ones.
作者 张海霞 苏璞睿 冯登国
机构地区 中国科学院软件研究所信息安全国家重点实验室
出处 《计算机研究与发展》 EI CSCD 北大核心 2007年第12期2012-2019,共8页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60403006) 国家"八六三"高技术研究发展计划基金项目(2006AA01Z437 2006AA01Z412 2006AA01Z433)~~
关键词 网络安全 网络安全分析 攻击模型 攻击图 攻击能力 network security network security analysis attack model attack graph attack ability
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献17

  • 1Dan Farmer, Wietse Venema. Improving the security of your site by breaking into it [R]. USENET Newsgroup Comp. Security Unix, Tech Rep: ITSTD-721-FR-90-21, 1993.
  • 2Internet Scanner. Internet Security Systems [OL]. http:// www. iss. net/, 2002.
  • 3Nesssus Homepage [OL]. http : // www. nessus. org/, 2002.
  • 4C A Phillips, L P Swiler. A graph-based system for network vulnerability analysis [C]. New Security Paradigms Workshop, Charlotte sville, VA, 1998.
  • 5L P Swiler, C Phillips, D Ellis, et al. Computer-attack graph generation tool [C]. The DARPA Information Survivability Conference and Exposition, Los Alamitos, CA, 2000.
  • 6P Ammann, D Wijesekera, S Kaushik. Scalable graph-based vulnerability analysis [C]. The 9th ACM Conf on Computer and Commuincations Security, Washington, DC, 2002.
  • 7R Ritchey, P Ammann. Using model checking to analyze network vulnerabilities [C]. IEEE Symp on Security and Privacy, Oakland, CA, 2001.
  • 8O Sheyner, J Haines, S Jha, et al. Automated generation and analysis of attack graphs [C]. IEEE Symp on Security and Privacy, Oakland, CA, 2002.
  • 9O Sheyner, J M Wing. Tools for generating and analyzing attack graphs [C]. Workshop on Formal Methods for Components and Objects, Tehran, Iran, 2004.
  • 10S Jha, O Sheyener, J M Wing. Two formal analyses of attack graphs [C]. Workshop on Computer Security Foundations, Nova Scotia, Canada, 2002.

二级参考文献55

  • 1[1]Clarke EM, Grumberg O, Peled D. Model Checking. Cambridge: MIT Press, 2001.35~49.
  • 2[2]Sistla AP, Clarke EM. The complexity of propositional linear temporal logics. Journal of the ACM, 1985,32(3):733~749.
  • 3[3]Clarke EM, Emerson EA, Sistla AP. Automatic verification of finite state concurrent system using temporal logical specification.ACM Trans. on Programming Language and Systems, 1986,8(2):244~263.
  • 4[4]Lin C. Computer Network and Computer System Performance Eyaluation. Beijing: Tsinghua University Press, 2001 (in Chinese).
  • 5[5]Emerson EA, Halpern JY. Sometimes and Not Never revisited: On branching versus linear time. Journal of the ACM, 1986,33(1):151~178.
  • 6[6]Girault C, Valk R. Petri Nets for System Engineering: A Guide to Modeling, Verification and Application. Springer-Verlag, 2003.
  • 7[7]Vardi MY. Linear vs. Banching tme-A complexity-theoretic perspective. In: Proc. of the 13th Annual IEEE Symp. on Logic in Computer Science. IEEE Computer Society Press, 1998.94~405.
  • 8[8]Bhat G, Cleaveland R, Grumberg O. Efficient on-the-fly model checking for CTL. In: Proc. of the 10th Annual IEEE Symp. on Logic in Computer Science. IEEE Computer Society Press, 1995. 388~397.
  • 9[9]Bryant RE. Graph-Based algorithms for boolean function manipulation. IEEE Trans. on Computers, 1986,35(8):667~691.
  • 10[10]Burch JR, Clarke EM, McMillan KL, Dill DL, Hwang LJ. Symbolic model checking: 1020 states and beyond. Information and Computation, 1998,2:141~170.

共引文献47

同被引文献242

引证文献27

二级引证文献342

计算机研究与发展
2007年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部