期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于全局权限图的网络风险评估模型 被引量:6

A Network Risk Assessment Model Based on Network Global Privilege Graph
下载PDF
导出
摘要 提出一种全局网络权限图的概念和生成方法,基于网络权限图建立了一种新的网络风险评估模型,结合虚构的网络环境,对上述生成算法和网络评估模型加以验证.结果表明:与常规评估方法相比,由于引入了漏洞的量化数据等网络安全配置信息,该方法的评估结果更为精确. A concept of global network privilege graph and its generation method were proposed.Then a novel network risk assessment model based on privilege graph was proposed.The algorithm and model were verified using a demonstrative network.The results show that the assessment achieved by the model is more exact than common methods because the model considers the quantitative data of vulnerabilities and other security configuration information.
作者 张保稳 罗铮 薛质 银鹰
机构地区 上海交通大学信息安全工程学院 公安部第三研究所
出处 《上海交通大学学报》 EI CAS CSCD 北大核心 2010年第9期1197-1200,共4页 Journal of Shanghai Jiaotong University
基金 国家高技术研究发展计划(863)项目(2006AA01Z450) 国防"十一五"规划项目(C1420061353) 公安部信息网络安全重点实验室开放课题(C09603)
关键词 网络安全 风险评估 权限图 network security risk assessment privilege graph
分类号 TP309.09 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献6

  • 1Man Dapeng,Zhang Bing,Yang Wu,et al.A method for global attack graph generation[C]//Networking,Sensing and Control.Washington: IEEE Computer Society,2008: 236-241.
  • 2Liu Yu,Man Hong.Network vulnerability assessment using Bayesian networks[C]//Proceedings of SPIEVolume 5812,Data Mining,Intrusion Detection,Information Assurance,and Data Networks Security.Bellingham WA: SPIE,2005: 61-71.
  • 3Igor Kotenko,Mikhail Stepashkin.Attack graph based evaluation of network security[C]//Lecture Notes in Computer Science.Berlin: SPRINGERVERLAG,2006:216227.
  • 4王永杰,鲜明,刘进,王国玉.基于攻击图模型的网络安全评估研究[J].通信学报,2007,28(3):29-34. 被引量:56
  • 5ZHANG Baowen,Zhu Willam,Xue Zhi.Mining privilege escalation paths for network vulnerability analysis[C]//Joint of International Conference on Natural Computation and International Conference on Fuzzy Systems and Knowledge Discovery.Washington: IEEE Computer Society,2007: 56-60.
  • 6Mell P,Scarfone K,Romanosky S.A complete guide to the common vulnerability scoring system version 2.0[C/OL].Forum of Incident Response and Security Teams.USA:IEEE,2007.http://www.first.org/cvss/cvssguide.html.

二级参考文献25

  • 1SCHNEIER B.Secrets and Lies[M].John Wiley and Sons,2000.318-333.
  • 2SCHNEIER B.Attack trees:modeling security threats[J].Dr Dobb's Journal,1999,12(24):21-29.
  • 3TIDWELL T,LARSON R,FITCH K,et al.Modeling Internet attacks[A].Proceedings of the 2001 IEEE Workshop on Information Assurance and Security[C].2001.54-59.
  • 4庄朝辉.基于攻击树的多层次入侵检测及其在Linux上的原型[D].厦门:厦门大学硕士论文,2002.
  • 5ANDREW P,MOOR E.Attack Modeling for Information Security and Survivability[R].Technical Notes,Carnegie Mellon University,2001.
  • 6FREDRIK M.Security Analysis of an Information System Using an Attack Tree-based Methodology[D].Chalmers University of Technology,2000.
  • 7JOHN S,MABEN R.Intrusion Detection with Support Vector Machines and Generative Models[R].Technical Research Report,University of Maryland,2002.
  • 8Creating Secure Systems through Attack Tree Modeling[R].Resources Red Teaming Articles and Papers,Amenaza Technologies Limited.2003.
  • 9SHEYNER O.Automated generation and analysis of attack graphs[A].Proceeding of the 2002 IEEE Symposium on Security and Privacy[C].2002.
  • 10RONALD W R,PAUL A.Using model checking to analyze network vulnerability[A].Proceedings of IEEE Symposium on Security and Privacy[C].2001.

共引文献55

同被引文献53

引证文献6

二级引证文献17

上海交通大学学报
2010年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部