摘要
对网络安全性的量化评估问题是目前网络安全领域的研究热点之一.通过对现有的网络安全模型及量化分析方法的研究和比较,针对影响网络安全性的各项因素的全面脆弱性评估,提出了网络可靠度、脆弱点关键度、脆弱性状态图最低阶最小路集和最低阶最小割集4个具体的评估指标,将基于贝叶斯网络的计算方法引入脆弱性评估中,提出了量化评估计算方法.在此基础上构建了网络实例,使用SPIN验证工具对网络攻击进行模拟并对提出的评估指标及算法进行了分析验证.实验结果表明,提出的算法和评估指标集能够正确地量化反映网络的安全状态.
Network vulnerability evaluation is a hot topic of network security research. In this paper we analyze and compare the existing network security model and quantitative assessment methods. Considering all the securityrelated factors of network in vulnerability evaluation, we propose a set of evaluation metrics that includes reliability parameters of network, criticality parameters of network, lowest degree of minimal path set and lowest degree of minimal cut set. We also propose a new method of quantitative assessment based on Bayesian network. Finally we give an example to simulate the net-attack using SPIN and validate vulnerability evaluation indices and methods. The result shows that the method and the evaluation indices could evaluate and reflect the security state of network successfully.
出处
《中国科学院研究生院学报》
CAS
CSCD
2008年第5期639-648,共10页
Journal of the Graduate School of the Chinese Academy of Sciences
基金
国家高技术研究发展计划(863)项目(2006AA01Z437)资助
关键词
脆弱性评估
评估指标
贝叶斯网络
量化评估
vulnerability evaluation, evaluation indices, Bayesian networks, quantitative assessment
