基于弱点相关性的网络安全性分析方法被引量：5

A Network Security Analysis Method Based on Vulnerability Correlation

下载PDF

导出

摘要当前网络安全性分析不但要考虑单个弱点的利用攻击,而且还需要考虑多个弱点的组合利用攻击。其常用分析方法是攻击图方法,但是攻击图方法通常存在指数级状态爆炸问题。为此,引入了弱点相关矩阵和弱点相关图的概念,给出了弱点相关图生成算法并举例说明其在网络系统安全性分析中的应用。结果表明,弱点相关图具有网络系统弱点数的多项式状态,可以用于分析复杂网络系统,便于系统管理员使用,有助于改善网络系统的安全。 Recently in-depth analysis of network security vulnerability must consider attacker exploits not just in isolation, but also in combination. The general approach to this problem is to compute attack graphs using a variety of graph-based algorithms. However, such methods generally suffer from the exponential state space problem. Therefore, two conceptions of vulnerability correlation matrix and vulnerability correlation graph （VCG） were introduced into network security analysis. An algorithm based on vulnerability correlation matrix was proposed to generate VCGs. An example was given to illustrate the application and effect of the algorithm in network security analysis. Deep analysis shows that VCGs have polynomial complexity of the number of network vulnerabilities, scale well for large networks, are convenient for network managemer and helpful to improving network security.

作者谢朝海陶然蔡学军毕马宁

机构地区北京理工大学信息科学技术学院深圳职业技术学院公安部信息安全等级保护评估中心

出处《兵工学报》 EI CAS CSCD 北大核心 2009年第4期486-490,共5页 Acta Armamentarii

基金国防基础科研项目(C1120060497-06)

关键词计算机科学技术基础学科网络安全弱点相关性攻击图弱点相关图 basic subject of science and technology for computer network security vulnerability correlation attack graph vulnerability correlation graph

分类号 TP393 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献10

1Laura P Swiler,Cynthia Phillips.A graph-based system for network-vulnerability analysis[C]∥Proceedings of the New Security Paradigms Workshop.Charlottesville,Virginia:ACM SIGSAC,1998:71-79. 被引量：1
2Ramakrishnan C R,Sekar R.Model-based analysis of configuration vulnerabilities[J].Journal of Computer Security,2002,10(1-2):189-209. 被引量：1
3Ritchey R,Ammann P.Using model checking to analyze network vulnerabilities[C]∥Proceedings of the IEEE Symposium on Security and Privacy.Berkeley,CA:IEEE Computer Society,2001:156-165. 被引量：1
4Ritchey R,Berry B O,Noel S.Representing TCP/IP connectivity for topological analysis of network security[C]∥Proceedings of the 18th Annual Computer Security Applications Conference.Las Vegas,Nevada:IEEE Computer Society,2002:25-31. 被引量：1
5Lippmann R,Ingols K.An annotated review of past papers on attack graphs,technical report ESC-TR-2005-054[R].US:MIT Lincoln Laboratory,2005. 被引量：1
6Ulf Lindqvist,Erland Jonsson.How to systematically classify computer security intrusions[C]∥IEEE Symposium on Security and Privacy.Oakland,CA:IEEE,1997:154-163. 被引量：1
7Frank Piessens.A taxonomy of causes of software vulnerabilities in internet software[C]∥Supplementary Proceedings of the 13th International Symposium on Software Reliability Engineering.Annapolis,Maryland:IEEE,2002:47-52. 被引量：1
8Zhang Y Z,Yun X C,Fang B X,et al.A mining method for computer vulnerability correlation[J].International Journal of Innovative Computing,Information and Control,2005,1(1):43-51. 被引量：1
9Ammann P,Wijesekera D,Kaushik S.Scalable graph-based network vulnerability analysis[C]∥Proceedings of 9th ACM Conference on Computer and Communications Security.Washington,DC:ACM SIGSAC,2002:217-224. 被引量：1
10Jajodia S,Noel S,Berry B O.Topological analysis of network attack vulnerability[C]∥Kumar V,Srivastava J,Lazarevi A.Managing cyber threats:issues,approaches and challenges.US:Springer,2005:248-266. 被引量：1