期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于攻击图的网络脆弱性分析方法 被引量:14

Method Based on Attack Graph for Network Vulnerability Analysis
下载PDF
导出
摘要 传统的攻击图分析方法在计算攻击目标可达概率时没有考虑攻击者的行为特征,降低了分析结果的准确性。为了解决这个问题,首先对全局攻击图模型进行了介绍,然后提出了一种基于全局攻击图的网络脆弱性分析方法。该方法利用网络状态间的转移概率描述攻击者的行为特征。在此基础上,计算攻击目标的可达概率。实验结果表明:安全管理人员利用该方法能够从全局角度分析网络的脆弱性,获得的分析结果更加客观、准确。 Because the behavior characteristics of attackers are not considered in the traditional attack graph analysis, the accuracy of the analysis results is decreased. To solve this problem, a global attack graph model is presented, and a method for analyzing network vulnerabilities based on global attack graphs is proposed. The transition probability of network states is used to describe the behavior characteristics of attackers. The reachablity of attack targets is calculated. The experimental results show that the proposed method can analyze the overall vulnerabilities of networks, and the analysis results are more objective and accurate.
作者 苘大鹏 杨武 杨永田
机构地区 哈尔滨工程大学信息安全研究中心
出处 《南京理工大学学报》 EI CAS CSCD 北大核心 2008年第4期416-419,共4页 Journal of Nanjing University of Science and Technology
基金 国家"242"信息安全计划(2007B31) 国家"863"计划(2007AA01Z473)
关键词 网络安全 安全评估 脆弱性分析 攻击图 network security security assessment vulnerability analysis attack graphs
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献9

  • 1Sheyner O, Haines J, Jha S. Automated generation and analysis of attack graphs [ A ]. Proceedings of the 2002 IEEE Symposium on Security and Privacy [ C ]. Oakland : IEEE Computer Society Press, 2002. 254 - 265.
  • 2Ou X, Boyer W F, McQueen M A. A scalable approach to attack graph generation [ A]. Proceedings of the 13th ACM Conference on Computer and Communications Security [ C ]. Alexandria, Virginia, USA: ACM Press, 2006. 336 -345.
  • 3王永杰,鲜明,刘进,王国玉.基于攻击图模型的网络安全评估研究[J].通信学报,2007,28(3):29-34. 被引量:56
  • 4Ammann P, Wijesekera D, Kaushik S. Scalable, graphbased network vulnerability analysis [A]. Proceedings of the 9th ACM Conference on Computer and Communications Security [ C ]. Washington, D. C., USA: ACM Press, 2002. 217-224.
  • 5张涛,胡铭曾,云晓春,李东,孙亮.网络攻击图生成方法研究[J].高技术通讯,2006,16(4):348-352. 被引量:7
  • 6孙亮,李东,张涛.网络攻击图的自动生成[J].计算机应用研究,2006,23(3):119-122. 被引量:13
  • 7Wang L Y, Singhal A, Jajodia A. Measuring the overall security of network configurations using attack graphs [ A ]. Proceedings of Data and Applications Security 2007 [C]. Berlin: Springer-Verlag, 2007. 98 - 112.
  • 8张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114. 被引量:35
  • 9Man Dapeng, Zhang Bing, Yang Wu, et al. A method for global attack graph generation [ A ]. Proceedings of 2008 IEEE International Conference on Networking, Sensing and Control [ C ]. Sanya, China: IEEE Computer Society Press, 2008. 236 - 241.

二级参考文献57

  • 1张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114. 被引量:35
  • 2R Ritchey,P Ammann.Using Model Checking to Analyze Network Vulnerabilities[C].Proceedings of the IEEE Symposium on Security and Privacy,2001.156-165.
  • 3O Sheyner,J Haines,S Jha,et al.Automated Generation and Analysis of Attack Graphs[C].Proceedings of IEEE Symposium on Security and Privacy,2002.273-284.
  • 4O Sheyner.Scenario Graphs and Attack Graphs[D].Carnegie Mellon University,2004.
  • 5C Ramakrishnan,R Sekar.Model-based Vulnerability Analysis of Computer Systems[C].Proceedings of the 2nd International Workshop on Verification,Model Checking and Abstract Interpretation,1998.
  • 6V Kumar,J Srivastava,A Lazarevic.Managing Cyber Threats:Issues,Approaches and Challenges[M].Kluwer Academic Publishers,2003.247-266.
  • 7P Ammann,D Wijesekera,S Kaushik.Scalable,Graph-based Network Vulnerability Analysis[C].Proc.of the 9th ACM Conference on Computer and Communications Security,2002.217-224.
  • 8C Phillips,L Swiler.A Graph-based System for Network Vulnerability Analysis[C].Proceedings of the 1998 Workshop on New Security Paradigms Table of Contents,1998.71-79.
  • 9L Swiler,C Philips,D Ellis,et al.Computer-Attack Graph Generation Tool[C].Proc.of DARPA Information Survivability Conference and Exposition,2001.146-161.
  • 10S Templeton,K levitt.A Requires/Provides Model for Computer Attacks[C].Proceedings of the 2000 Workshop on New Security Paradigms Table of Contents,2001.31-38.

共引文献101

同被引文献140

引证文献14

二级引证文献55

南京理工大学学报
2008年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部