摘要
为解决5G网络的安全风险评估问题,提出基于攻击图的评估框架,包括攻击图构造和风险评估两部分。给出5G网络拓扑模型和攻击模版的通用定义,可以适应网络的不同部署方式,具有灵活性。将其作为攻击图生成算法的输入条件,设定攻击者初始位置后,采用广度优先算法构造属性攻击图。该攻击图生成算法可以减少图中节点数量,来限制图的规模,防止空间爆炸。在风险评估过程中,提出漏洞关联性评估思路,以单一评估CVSS 3.0版本为基础,引入漏洞间的关联概率,量化攻击行为间的相互影响。实验结果表明,该方法能有效地评估5G网络面临的安全威胁和风险等级,有助于部署合理的安全防护措施。
model and attack template were defined,which could flexibly adapt to different network deployment modes.The above models were taken as the input conditions of attack graph generation algorithm.After setting the attacker s initial position,a breadth-first algorithm was used to construct the attribute attack graph.The algorithm could reduce the number of nodes to limit the size of the graph and prevent space explosion.During the evaluation process,based on the single assessment of CVSS 3.0,a vulnerability correlation assessment method was proposed and the correlation probability between vulnerabilities was introduced to quantify the interaction between attack behaviors.The experimental results show that the method is effective in assessing the security threats and risk level of 5G network and helpful to deploy reasonable security measures.
作者
王赛娥
刘彩霞
刘树新
Wang Saie;Liu Caixia;Liu Shuxin(People s Liberation Army Strategic Support Force Information Engineering University,Zhengzhou 450001,Henan,China)
出处
《计算机应用与软件》
北大核心
2023年第4期289-296,335,共9页
Computer Applications and Software
基金
国家自然科学基金青年科学基金项目(61803384,61801515)。
