期刊文献+

面向攻击图构建的网络连通性分析 被引量:1

Analysis of Network Connectivity for Attack Graph Construction
下载PDF
导出
摘要 针对目前网络攻击图构建系统的需求,设计网络连通性分析算法。通过对网络拓扑及防火墙规则进行离线分析,可以判断网络中由若干台过滤设备分隔的任意2台主机间的连通性。引入关键实体集的概念,结合经典的Apriori算法提出一种快速有效的获取关键实体集的方法。分析对比表明,关键实体集可以在连通性分析过程中为网络中各节点的重要性评估提供有力依据。 This paper designs a network connectivity analysis algorithm according to the present techniques and the need of attack graph construction system. By using connectivity analysis, network topology and firewall rule analysis can be performed offline, which determines the connectivity between two hosts, It introduces a conception of Critical Entity Collection(CEC). An effective way of CEC detection is presented on the basis of classic Apriori algorithm. Deep analysis and comparison show that CEC provides effective information for the assessment of the importance of nodes in the network in the process of connectivity analysis.
出处 《计算机工程》 CAS CSCD 北大核心 2009年第18期116-118,共3页 Computer Engineering
基金 国家自然科学基金资助项目(60605019) 国家"863"计划基金资助项目(2007AA01Z473) 教育部博士点基金资助项目(20070248002)
关键词 网络连通性 攻击图 关键实体集 network connectivity attack graph Critical Entity Collection(CEC)
  • 相关文献

参考文献5

  • 1Ritchey R, Ammann E Using Model Checking to Analyze Network Vulnerabilities[C]//Proc. of IEEE Symposium on Security and Privacy. Oakland, California, USA: [s. n.], 2000.
  • 2Ritchey R, O'Berry B, Noel S. Representing TCP/IP Connectivity for Topological Analysis of Network Security[C]//Proc. of the 18th Annual Computer Security Applications Conference. Las Vegas, Nevada, USA: [s. n.], 2002.
  • 3Jajodia S, Noel S, O'Berry B. Topological Analysis of Network Attack Vulnerability[C]//Proc. of ASIACCS'07. Singapore: [s. n.], 2007.
  • 4Mayer A, Wool A, Elisha Z. Fang: A Firewall Analysis Engine[C]// Proc. of IEEE Symposium on Security and Privacy. Berkeley, California, USA: [s. n.], 2000.
  • 5Han Jiawei,Kamber M.数据挖掘:概念与技术[M].北京:机械工业出版社,2001.

共引文献40

同被引文献2

引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部