期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

利用迭代矩阵寻找网络中的关键主机

Finding Key Host of Network through Iterative Matrix
下载PDF
导出
摘要 网络中的关键主机对网络的整体安全性有重大影响,但目前缺少有效方法在网络中寻找关键主机.该文对网络关键主机进行定义和分类,提出一种关键主机的寻找方法.将主机攻击图生成算法与迭代矩阵相结合,计算网络中各主机的相关安全属性并排序,使网络安全管理员能方便而有效地找出网络中的3类关键主机及对应的关键临界条件,从而采取相应措施保护关键主机.实验表明该方法可用于网络安全性分析,对提升网络整体安全性有重要意义. Security of the key host is of prime importance to the overall network, but locating the key host di^cult. This paper gives a definition of key hosts, provides their classification, and propose an approach to finding the key hosts. The method uses the host-based attack graph and the theory of iterative matrix. By computing and sorting the security properties of each host, the network security administrator can identify key hosts and the corresponding key critical-conditions. Appropriate measures can then be taken to protect the key hosts and enhance the overall network security. Experiment shows that this approach can be applied to the analysis of network security, and is useful for the enhancement of network security.
作者 钟尚勤 刘福强 徐国胜 杨榆 姚文斌
机构地区 北京邮电大学信息安全中心 北京邮电大学灾备技术国家工程实验室 海军装备研究院
出处 《应用科学学报》 EI CAS CSCD 北大核心 2012年第4期374-378,共5页 Journal of Applied Sciences
基金 国家自然科学基金(No.61003285) 国家发改委信息安全专项基金 教育部科学技术研究重点项目基金 中央高校基本科研业务费专项资金(No.BUPT2009RC0215)资助
关键词 关键主机 主机攻击图 迭代矩阵 网络安全 key host host-based attack graph iterative matrix network security
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1ORTALO R, DESWARTE Y, KAANICHE M. Experiment- ing with quantitative evaluation tools for monitoring operational security [J]. IEEE Transactions on Soft- ware Engineering, 1999, 25(5): 633-650.
  • 2SWILER L P, PHILLIPS C, ELLIS D. Computer attack graph generation tool [Cl//Proceedings of the Sec- ond DARPA Information Survivability Conference &: Exposition, 2001: 307-321.
  • 3AMMANN P, WIJESEKERA D, KAUSHIK S. Scal- able, graph-based network vulnerability analysis [C]//Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002: 217- 224.
  • 4NOEL S, JAJODIA S. Managing attack graph complexity through visual hierarchical aggregation [C]//Proceedings of the 2004 ACM workshop on Vi- sualization and Data Mining for Computer Security, 2004: 109-118.
  • 5LI W, VAUGHN R B. An approach to graph-based modeling of network exploitations [D]. Mississippi: Mississippi State University, 2005.
  • 6苘大鹏,周渊,杨武,杨永田.用于评估网络整体安全性的攻击图生成方法[J].通信学报,2009,30(3):1-5. 被引量:21
  • 7张海霞,苏璞睿,冯登国.基于攻击能力增长的网络安全分析模型[J].计算机研究与发展,2007,44(12):2012-2019. 被引量:27
  • 8GHOSH N, GHOSH S K. A planner-based approach to generate and analyze minimal attack graph [J]. International Journal of Applied Intelligence, 2010.
  • 9BIRKHOLZ H, EDELKAMP S, JUNGE F, SOHR K. Effi- cient automated generation of attack trees from vul- nerability databases [J]. Working Notes for the 2010 AAAI Workshop on Intelligent Security (SecArt), 2010: 47-55.
  • 10陈锋,张怡,苏金树,韩文报.攻击图的两种形式化分析[J].软件学报,2010,21(4):838-848. 被引量:51

二级参考文献40

  • 1张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114. 被引量:35
  • 2蒋屹新,林闯,曲扬,尹浩.基于Petri网的模型检测研究[J].软件学报,2004,15(9):1265-1276. 被引量:20
  • 3冯萍慧,连一峰,戴英侠,鲍旭华.基于可靠性理论的分布式系统脆弱性模型[J].软件学报,2006,17(7):1633-1640. 被引量:30
  • 4PHILLIPS C, SWILER L E A graph-based system for network vulnerability analysis[A]. Proc 1998 Workshop on New Security Paradigms[C]. Virginia, USA, 1998.71-79.
  • 5RITCHEY R W, AMMANN E Using model checking to analyze network vulnerabilities[A]. Proc 2001 IEEE Symposium on Security and Privacy[C]. Oakland, California, USA, 2001.156-165.
  • 6SHEYNER O, HAINES J, JHA S. Automated generation and analysis of attack graphs[A]. Proc 2002 IEEE Symposium on Security and Privacy[C]. Oakland, California, USA, 2002.254-265
  • 7AMMANN P, WIJESEKERA D, KAUSHIK S. Scalable, graph-based network vulnerability analysis[A]. Proc the 9th ACM Conference on Computer and Communications Security[C]. Washington, DC, USA, 2002.217-224.
  • 8SHAHRIARI H R, JALILI R. Modeling and analyzing network vulnerabilities via a logic-based approach[A]. Proc the 2nd International Symposium of Telecommunications (IST2005)[C]. Shiraz, Iran, 2005.13-21.
  • 9Qu X, BOYER W F, MCQUEEN M A. A scalable approach to attack graph generation[A]. Proc the 13th ACM Conference on Computer and Communications Security(CCS'06)[C]. Alexandria, Virginia, USA, 2006.336-345.
  • 10NOEL S, JACOBS M, KALAPA P. Multiple coordinated views for network attack graphs[A]. Proc 2005 Workshop on Visualization for Computer Security[C]. Minneapolis, USA, 2005.99-106.

共引文献88

应用科学学报
2012年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部