|Table of Contents|

Method Based on Attack Graph for Network Vulnerability Analysis

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

Issue:
2008年04期
Page:
416-419
Research Field:
Publishing date:

Info

Title:
Method Based on Attack Graph for Network Vulnerability Analysis
Author(s):
MAN Da-pengYANG WuYANG Yong-tian
Information Security Research Center,Harbin Engineering University,Harbin 150001,China
Keywords:
network security security assessment vulnerability analysis attack graphs
PACS:
TP393.08
DOI:
-
Abstract:
Because the behavior characteristics of attackers are not considered in the traditional attack graph analysis,the accuracy of the analysis results is decreased.To solve this problem,a global attack graph model is presented,and a method for analyzing network vulnerabilities based on global attack graphs is proposed.The transition probability of network states is used to describe the behavior characteristics of attackers.The reachablity of attack targets is calculated.The experimental results show that the proposed method can analyze the overall vulnerabilities of networks,and the analysis results are more objective and accurate.

References:

[1] SheynerO, H aines J, Jha S. Automated generation and ana lysis o f attack graphs [ A]. Proceed ings of the 2002 IEEE Symposium on Secur ity and Pr ivacy [ C ]. Oakland: IEEE Com puter Soc iety Press, 2002. 254- 265.
[2] Ou X, Boyer W F, M cQueen M A. A sca lable approach to attack g raph generation [ A]. Proceedings o f the 13th ACM Conference on Compu ter and Comm un-i cations Secu rity [ C ]. A lex andria, V irg in ia, USA: ACM Press, 2006. 336- 345.
[3] 王永杰, 鲜明, 刘进, 等. 基于攻击图模型的网络安 全评估研究[ J]. 通信学报, 2007, 28( 3) : 29- 34.
[4] Ammann P, W ijesekera D, Kaushik S. Scalable, graphbased netw ork vulnerability ana lysis [ A]. Proceedings o f the 9th ACM Conference on Computer and Communications Secur ity [ C ]. Washing ton, D. C. , USA: ACM Press, 2002. 217- 224.
[5] 张涛, 胡铭曾, 云晓春, 等. 网络攻击图生成方法研 究[ J] . 高技术通讯, 2006, 16( 4): 349- 352.
[6] 孙亮, 李东, 张涛. 网络攻击图的自动生成[ J] . 计 算机应用研究, 2006( 3) : 119- 122.
[7] W ang L Y, Singhal A, Jajod ia A. Measuring the overa ll security o f network configurations using attack g raphs [A]. Proceedings of Data and App lications Secur ity 2007 [ C]. Berlin: Springer-Verlag, 2007. 98- 112.
[8] 张永铮, 云晓春, 胡铭曾. 基于特权提升的多维量 化属性弱点分类法的研究[ J]. 通信学报, 2004, 25 ( 7): 107- 114.
[9] 汪立东. 操作系统安全评估和审计增强[ D]. 哈尔 滨: 哈尔滨工业大学计算机科学与技术学院, 2002.
[10] M an Dapeng, Zhang B ing, Y angW u, et a.l A m ethod for g lobal attack g raph generation [ A]. Proceedings o f 2008 IEEE Interna tiona l Con ference on N etw orking, Sensing and Con tro l [ C ]. Sanya, Ch ina: IEEE Computer Soc ie ty Press, 2008. 236- 241.

Memo

Memo:
-
Last Update: 2012-12-19