摘要
将基于攻击图的评估与依赖标准的评估相结合,提出了一种基于安全状态域(security state region,简称SSR)的网络安全评估模型(security-state-region-based evaluation model,简称SSREM).该模型将攻击的影响分为攻击能力改变和环境改变,通过两者之间的因果关系建立数学模型,提出了安全状态域趋向指数的概念,借助Matlab进行攻击趋势的曲面拟合,进而进行安全状态域的划分和网络的安全性评估.实验结果表明,依据SSREM进行的评估能够通过安全状态城和安全状态域趋向指数反映网络进入不同状态的难易程度,对网络安全性量化评估具有借鉴意义.
A security-state-region-based (SSR-based) model called security-state-region-based evaluation model (SSREM) is proposed, which integrates the assessment based on the attack graph and the evaluation according to criteria together. In the model, the attack result is divided into the change in the attack ability and environment. The cause and effect relationship among them lays a foundation for building mathematic equations. After that, the definition of SSR is proposed, and also curve and surface fitting recurring to Matlab is used to analyze the attack trend, the result of which provides a theoretical basis for the division of SSR and the network security assessment based on SSR. Experiments in the posterior part of the paper show that, the evaluation according to SSREM can reflect how difficult it is to enter into different states through SSR and the tendency coefficient of security state region (TC_SSR), which can be used for reference by quantitative evaluation of network security.
出处
《软件学报》
EI
CSCD
北大核心
2009年第2期451-461,共11页
Journal of Software
基金
国家自然科学基金
国家重点基础研究发展计划(973)
国家高技术研究发展计划(863)~~
关键词
安全状态城
基于安全状态域的评估模型
安全状态域趋向指数
攻击图
脆弱性
security state region (SSR)
security-state-region-based evaluation model (SSREM)
tendency coefficient of security state region (TC_SSR)
attack graph
vulnerability