期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于专家知识的攻击图生成方法 被引量:2

Attack Graph Generation based on Security Administrator Information
原文传递
导出
摘要 由于网络规模的不断扩大,独立的漏洞分析已经不能满足安全防护需求。攻击图作为一个新的工具能够清晰表述网络结构,使网络安全人员分析漏洞的相互关联,从而更好地了解网络的漏洞并加以有效的补救,但是传统的攻击图生成方法生成的攻击图会随着网络规模的扩大而复杂度急剧上升。从安全管理者的角度可以采用一种新的生成方法来生成较为简洁的攻击图,这种方法从网络的关键节点出发生成攻击图,可以有效地减少攻击图的规模。 Due to the continuous growth of network size,the independent vulnerability analysis could not satisfy the requirement of security protection.Attack graph,as a new tool,could show the network structure clearly.Taking into account the interaction among the vulnerabilities,the people can identify overall risk of the network better and adopt proper a measures.However,the complexity of attack graphs generated by traditional generation methods would grow rapidly with the expansion of network scale.A fairly simple attack graph could be generated by a new method based on the knowledge of the administrator.This method generates attack graph from the key node of the network,and thus could reduce the scale of the attack graph effectively.
作者 是灏 王轶骏 薛质
机构地区 上海交通大学信息安全工程学院
出处 《信息安全与通信保密》 2011年第5期88-90,共3页 Information Security and Communications Privacy
关键词 攻击图 网络安全 漏洞检测 可扩展性 attack graph network security vulnerability detection scalability
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献5

二级参考文献48

  • 1苘大鹏,张冰,周渊,杨武,杨永田.一种深度优先的攻击图生成方法[J].吉林大学学报(工学版),2009,39(2):446-452. 被引量:23
  • 2张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114. 被引量:35
  • 3张涛,胡铭曾,云晓春,李东,孙亮.网络攻击图生成方法研究[J].高技术通讯,2006,16(4):348-352. 被引量:7
  • 4Sheyner O, Wing J M. Tools for Generating and Analyzing Attack Graphs[C]//Proceedings of Workshop on Formal Methods for Components and Objects. Tehran, Iran: [s. n.], 2004.
  • 5Ammann P, Wijesekera D, Kaushik S. Scalable, Graph-based Network Vulnerability Analysis[C]//Proceedings of the 9th ACM Conference on Computer and Communications Security. New York, USA: ACM Press, 2002.
  • 6Ou Xinming, Govindavajhala S, Appel A W. A Logic-based Network Security Analyzer[C]//Proc. of the 14th USENIX Security Symposium. Berkeley, USA: USENIX Association, 2005.
  • 7Ritchey R, O'Berry B, Noel S. Representing TCP/IP Connectivity for Topological Analysis of Network Security[C]//Proceedings of the 18th Annual Computer Security Applications Conference. Washington, USA: IEEE Computer Society, 2002.
  • 8[2]Sheyner O,Haines J,Jha S,et al.Automated Generation and Analysis of Attack Graphs[A].Proceedjngs of IEEE Symposium on Security and Privacy[C].2002,2732284.
  • 9[3]NuSMV website,http://nusmv.irst.itc.it/.
  • 10[4]Ammann P,Wijesekera D,Kaushik S.Scalable,Graph based Network Vulnerability Analysis[C].Proc.of the 9th ACM Conference on Computer and Communications Security,2002,217~224.

共引文献26

同被引文献13

引证文献2

二级引证文献3

信息安全与通信保密
2011年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部