期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于主机安全组划分的网络安全性分析 被引量:10

Network Security Analysis Based on Host-Security-Group
原文传递
导出
摘要 针对目前网络安全分析方法中攻击图规模庞大、生成算法效率低等问题,提出了主机攻击图的生成模型和算法.基于该生成算法,进一步提出了主机安全组的概念及其划分算法.通过对网络中的主机划分安全组,实现对网络安全性的分析.实验结果证明,该分析方法能描述网络整体的安全状况,方便安全管理员找出网络中的关键主机,具有直观、高效和准确等特点. A simple,flexible,and efficient method is proposed to generate host-based attack graph.Based on this generating algorithm,the concept of 'host-security-group' is put forward,and according with its partitioning algorithm,an approach of analyzing network security by using theory of host-security-group is described.It is proved to be intuitive,efficient and accurate,as it describes the overall security situation of network and facilitates network security administrator to identify the key hosts.
作者 钟尚勤 徐国胜 姚文斌 杨义先
机构地区 北京邮电大学信息安全中心 北京邮电大学灾备技术国家工程实验室
出处 《北京邮电大学学报》 EI CAS CSCD 北大核心 2012年第1期19-23,共5页 Journal of Beijing University of Posts and Telecommunications
基金 国家发改委信息安全专项项目 国家自然科学基金项目(61003285) 中央高校基本科研业务费专项项目(BUPT2011RC0209)
关键词 网络安全 安全性分析 主机攻击图 主机安全组 风险评估 network security security analysis host-based attack graph host-security-group risk assessment
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1Ortalo R,Deswarte Y,Kaaniche M.Experimenting withquantitative evaluation tools for monitoring operational se-curity[J].IEEE Transactions on Software Engineering,1999,25(05):633-650.
  • 2Swiler L P,Phillips C,Ellis D.Computer attack graphgeneration tool[C] ∥Proc of the Second DARPA Informa-tion Survivability Conference&Exposition(DISCEX II).Anaheim:[s.n.] ,2001:307-321.
  • 3Ammann P,Wijesekera D,Kaushik S.Scalable graph-based network vulnerability analysis[C] ∥Proc of the 9thACM Conference on Computer and Communications Secu-rity.New York:[s.n.] ,2002:217-224.
  • 4Noel S,Jajodia S.Managing attack graph complexitythrough visual hierarchical aggregation[C] ∥Proc of the2004 ACM Workshop on Visualization and Data Miningfor Computer Security.Washington DC:[s.n.] ,2004:109-118.
  • 5Zhang Tao,Hu Mingzeng,Li Dong.An effective methodto generate attack graph[C] ∥Proc of International Con-ference on Machine Learning and Cybernetics.Guang-zhou:[s.n.] ,2005:3926-3931.
  • 6苘大鹏,周渊,杨武,杨永田.用于评估网络整体安全性的攻击图生成方法[J].通信学报,2009,30(3):1-5. 被引量:21
  • 7The MITRE Corporation.Common attack pattern enumer-ation and classification[EB/OL].2011.http:∥capec.mitre.org/data/dictionary.html.

二级参考文献10

  • 1张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114. 被引量:35
  • 2PHILLIPS C, SWILER L E A graph-based system for network vulnerability analysis[A]. Proc 1998 Workshop on New Security Paradigms[C]. Virginia, USA, 1998.71-79.
  • 3RITCHEY R W, AMMANN E Using model checking to analyze network vulnerabilities[A]. Proc 2001 IEEE Symposium on Security and Privacy[C]. Oakland, California, USA, 2001.156-165.
  • 4SHEYNER O, HAINES J, JHA S. Automated generation and analysis of attack graphs[A]. Proc 2002 IEEE Symposium on Security and Privacy[C]. Oakland, California, USA, 2002.254-265
  • 5AMMANN P, WIJESEKERA D, KAUSHIK S. Scalable, graph-based network vulnerability analysis[A]. Proc the 9th ACM Conference on Computer and Communications Security[C]. Washington, DC, USA, 2002.217-224.
  • 6SHAHRIARI H R, JALILI R. Modeling and analyzing network vulnerabilities via a logic-based approach[A]. Proc the 2nd International Symposium of Telecommunications (IST2005)[C]. Shiraz, Iran, 2005.13-21.
  • 7Qu X, BOYER W F, MCQUEEN M A. A scalable approach to attack graph generation[A]. Proc the 13th ACM Conference on Computer and Communications Security(CCS'06)[C]. Alexandria, Virginia, USA, 2006.336-345.
  • 8NOEL S, JACOBS M, KALAPA P. Multiple coordinated views for network attack graphs[A]. Proc 2005 Workshop on Visualization for Computer Security[C]. Minneapolis, USA, 2005.99-106.
  • 9LI W, VAUGHN R B. Cluster security research involving the modeling of network exploitations using exploitation graphs[A]. Proc of the 6th IEEE International Symposium on Cluster Computing and the Grid Workshops(CCGRIDW'06)[C]. Singapore, 2006.26-37.
  • 10DAWKINS J, HALE J. A systematic approach to multi-stage network attack analysis[A]. Proc of the Second IEEE International Information Assurance Workshop (IWIA'04)[C]. Charlotte, NC, USA, 2004.48-54.

共引文献20

同被引文献55

引证文献10

二级引证文献16

北京邮电大学学报
2012年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部