[1]苘大鹏,杨武,杨永田,等.基于攻击图的网络脆弱性分析方法[J].南京理工大学学报(自然科学版),2008,(04):416-419.
 MAN Da-peng,YANG Wu,YANG Yong-tian.Method Based on Attack Graph for Network Vulnerability Analysis[J].Journal of Nanjing University of Science and Technology,2008,(04):416-419.
点击复制

基于攻击图的网络脆弱性分析方法
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
期数:
2008年04期
页码:
416-419
栏目:
出版日期:
2008-08-30

文章信息/Info

Title:
Method Based on Attack Graph for Network Vulnerability Analysis
作者:
苘大鹏;杨武;杨永田;
哈尔滨工程大学信息安全研究中心, 黑龙江哈尔滨150001
Author(s):
MAN Da-pengYANG WuYANG Yong-tian
Information Security Research Center,Harbin Engineering University,Harbin 150001,China
关键词:
网络安全 安全评估 脆弱性分析 攻击图
Keywords:
network security security assessment vulnerability analysis attack graphs
分类号:
TP393.08
摘要:
传统的攻击图分析方法在计算攻击目标可达概率时没有考虑攻击者的行为特征,降低了分析结果的准确性。为了解决这个问题,首先对全局攻击图模型进行了介绍,然后提出了一种基于全局攻击图的网络脆弱性分析方法。该方法利用网络状态间的转移概率描述攻击者的行为特征。在此基础上,计算攻击目标的可达概率。实验结果表明:安全管理人员利用该方法能够从全局角度分析网络的脆弱性,获得的分析结果更加客观、准确。
Abstract:
Because the behavior characteristics of attackers are not considered in the traditional attack graph analysis,the accuracy of the analysis results is decreased.To solve this problem,a global attack graph model is presented,and a method for analyzing network vulnerabilities based on global attack graphs is proposed.The transition probability of network states is used to describe the behavior characteristics of attackers.The reachablity of attack targets is calculated.The experimental results show that the proposed method can analyze the overall vulnerabilities of networks,and the analysis results are more objective and accurate.

参考文献/References:

[1] SheynerO, H aines J, Jha S. Automated generation and ana lysis o f attack graphs [ A]. Proceed ings of the 2002 IEEE Symposium on Secur ity and Pr ivacy [ C ]. Oakland: IEEE Com puter Soc iety Press, 2002. 254- 265.
[2] Ou X, Boyer W F, M cQueen M A. A sca lable approach to attack g raph generation [ A]. Proceedings o f the 13th ACM Conference on Compu ter and Comm un-i cations Secu rity [ C ]. A lex andria, V irg in ia, USA: ACM Press, 2006. 336- 345.
[3] 王永杰, 鲜明, 刘进, 等. 基于攻击图模型的网络安 全评估研究[ J]. 通信学报, 2007, 28( 3) : 29- 34.
[4] Ammann P, W ijesekera D, Kaushik S. Scalable, graphbased netw ork vulnerability ana lysis [ A]. Proceedings o f the 9th ACM Conference on Computer and Communications Secur ity [ C ]. Washing ton, D. C. , USA: ACM Press, 2002. 217- 224.
[5] 张涛, 胡铭曾, 云晓春, 等. 网络攻击图生成方法研 究[ J] . 高技术通讯, 2006, 16( 4): 349- 352.
[6] 孙亮, 李东, 张涛. 网络攻击图的自动生成[ J] . 计 算机应用研究, 2006( 3) : 119- 122.
[7] W ang L Y, Singhal A, Jajod ia A. Measuring the overa ll security o f network configurations using attack g raphs [A]. Proceedings of Data and App lications Secur ity 2007 [ C]. Berlin: Springer-Verlag, 2007. 98- 112.
[8] 张永铮, 云晓春, 胡铭曾. 基于特权提升的多维量 化属性弱点分类法的研究[ J]. 通信学报, 2004, 25 ( 7): 107- 114.
[9] 汪立东. 操作系统安全评估和审计增强[ D]. 哈尔 滨: 哈尔滨工业大学计算机科学与技术学院, 2002.
[10] M an Dapeng, Zhang B ing, Y angW u, et a.l A m ethod for g lobal attack g raph generation [ A]. Proceedings o f 2008 IEEE Interna tiona l Con ference on N etw orking, Sensing and Con tro l [ C ]. Sanya, Ch ina: IEEE Computer Soc ie ty Press, 2008. 236- 241.

相似文献/References:

[1]钱玉文,王飞,孔建寿,等.基于模糊Petri网的协同入侵检测系统[J].南京理工大学学报(自然科学版),2008,(06):738.
 QIAN Yu-wen,WANG Fei,KONG Jian-shou,et al.Synergetic Intrusion Detection System Based on Fuzzy Petri Net[J].Journal of Nanjing University of Science and Technology,2008,(04):738.
[2]戴江山,肖军模.一种基于可控网络的攻击源定位方法[J].南京理工大学学报(自然科学版),2005,(03):356.
 DAI Jiang-shan,XIAO Jun-mo.Method of Tracing Attacks Based on Controllable Network[J].Journal of Nanjing University of Science and Technology,2005,(04):356.
[3]吴永森.高保密性能的LAN-PABX局部网络研究[J].南京理工大学学报(自然科学版),1995,(04):343.
 Wu Yongseng.The Design of High Securty LAN-PABX Local Network[J].Journal of Nanjing University of Science and Technology,1995,(04):343.
[4]刘 刚,张 宏,李千目.基于博弈模型的网络安全最优攻防决策方法[J].南京理工大学学报(自然科学版),2014,38(01):12.
 Liu Gang,Zhang Hong,Li Qianmu.Network security optimal attack and defense decision-making method based on game model[J].Journal of Nanjing University of Science and Technology,2014,38(04):12.

备注/Memo

备注/Memo:
基金项目: 国家/ 2420信息安全计划( 2007B31); 国家/ 8630计划( 2007AA01Z473) 作者简介: 苘大鹏( 1980 - ) , 男, 辽宁抚顺人, 博士生, 主要研究方向: 网络风险评估, E-mail: m andapeng@ hotmail. com。
更新日期/Last Update: 2012-12-19