摘要
针对大规模计算机网络的脆弱性评估,提出了一种基于贝叶斯网络近似推理的评估方法,对网络各组件和影响网络安全的因素进行建模,采用模型检测工具生成攻击状态转移图,描述网络脆弱性的利用过程,通过采用随机采样的方法对网络的攻击状态转移图进行近似推理,经过对采样样本的统计分析得到网络脆弱性评估的量化结果,为提升网络的安全性能提供理论依据。
To evaluate the large-scale computer networks, a Bayesian-network-approximate-reasoning-based method for vulnerabilities evaluation was proposed. First, it models the elements which compose the network and the factors which affect the network security. Second, it builds the attack state graph (ASG) of the computer network to describe the process of vulnerability exploitation. Then, it makes the approximate reasoning to the ASG by stochastic sampling. At last, after the samples analysis and statistic, it achieves the quantitative evaluation result and will provide the theoretical evidence to imorove the network security.
出处
《通信学报》
EI
CSCD
北大核心
2008年第10期191-198,共8页
Journal on Communications
基金
国家高技术研究发展计划("863"计划)基金资助项目(2006AA01Z437
2006AA01Z412
2006AA01Z433)~~
关键词
计算机网络
贝叶斯网络近似推理
随机采样
攻击状态转移图
脆弱性
computer network
Bayesian network approximate reasoning
stochastic sampling
attack state graph
vul-nerabilities