期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于贝叶斯攻击图的网络安全量化评估研究 被引量:16

Research of quantitative network security assessment based on Bayesian-attack graphs
下载PDF
导出
摘要 针对攻击图在评估网络安全时节点关系复杂、存在含圈攻击路径、只能反映网络静态风险等问题,将攻击图与贝叶斯理论结合,提出贝叶斯攻击图的概念,简化了攻击图并通过优化算法避免了含圈路径的产生;通过引入攻击证据与CVSS评分系统,提出了一种新的面向脆弱点的网络安全量化评估方法,基于贝叶斯攻击图对网络整体及局部的安全状况进行实时动态评估。通过在实际网络中的实验验证了该方法的可行性及有效性,与传统评估方法相比,该方法能够动态地反映网络安全的态势变化情况。 Aiming at solving the problems of attack graphs that the complicated relationships between nodes, the existing of cyclic attack paths and reflecting merely the static risk when evaluating the network security, this paper put forward the con- cept of Bayesian-attack graphs which simplified attack graphs and avoided the appearing of the cyclic paths by an optimized al- gorithm, combining attack graphs and Bayesian theory. By importing attack evidence and CVSS, this paper proposed a new method against to the vulnerability which could dynamically evaluate the whole and partial network security based on Bayesian- attack graphs. Experimental results in the real network show its veracity and validity, and the method can dynamically reflect the changes of the network security situation comparing to traditional assessment methods.
作者 方研 殷肖川 李景志
机构地区 空军工程大学信息与导航学院指挥系统技术教研部 西安通信学院
出处 《计算机应用研究》 CSCD 北大核心 2013年第9期2763-2766,共4页 Application Research of Computers
基金 国家自然科学基金资助项目(61272486)
关键词 贝叶斯攻击图 脆弱点 动态评估 攻击证据 Bayesian-attack graphs vulnerability dynamic assessment attack evidence
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

  • 1SHEYNER O, HAINES J, JHA S,et al. Automated generation and a- nalysis of attack graphs [ C ]///Proc of IEEE Symposium on Security and Privacy. Washington DC :IEEE Computer Sciety,2002:273-284. 被引量:1
  • 2WANG Ling-yu, YAO Chao, SINGHAL A, et al. Interactive analysis of attack graphs using relational queries [ C ]//Proc of the 20th Annual IFIP Working Conference on Data & Applications Security. 2006:119- 132. 被引量:1
  • 3WANG Ling-yu, ISLAM T, LONG Tao, et al. An attack graph-based probabilistic security metric [ C ]//Proc of the 22nd International Fede-ration for Information Processing. Berlin:Springer-Verlag,2008: 283-296. 被引量:1
  • 4陈锋,张怡,苏金树,韩文报.攻击图的两种形式化分析[J].软件学报,2010,21(4):838-848. 被引量:51
  • 5FRIGAULT M, WANG Ling-yu. Measuring network security using dynamic Bayesian network [ C ]//Proc of the 4th Conference on Com- puter and Communications Security ACM Workshop on Quality of Pro- tection. New York : ACM Press ,2008:23- 30. 被引量:1
  • 6POOLSAPPASIT N, DEWRI R, RAY I. Dynamic security risk mana- gement using Bayesian attack graphs[ J]. IEEE Trans on Dependa- ble and Secure Computing ,2012,9 ( l ) :61-74. 被引量:1
  • 7叶云,徐锡山,贾焰,齐治昌.基于攻击图的网络安全概率计算方法[J].计算机学报,2010,33(10):1987-1996. 被引量:44
  • 8张玺,黄曙光,夏阳,宋舜宏.一种基于攻击图的漏洞风险评估方法[J].计算机应用研究,2010,27(1):278-280. 被引量:18
  • 9AMMANN P, WIJESEKERA D, KAUSHIK S. Scalable, graph- based network vulnerability analysis[ C ]//Proc of the 9th ACM Con- ference on Computer and Communications Security. New York:ACM Press, 2002 : 217 - 224. 被引量:1
  • 10GB/T20984,信息安全技术一信息安全风险评估规范[s].北京:中国标准出版社,2007. 被引量:1

二级参考文献38

  • 1张涛,胡铭曾,李东,郑明.一种量化的软件弱点评估方法[J].计算机工程与应用,2005,41(27):7-9. 被引量:5
  • 2孙亮,李东,张涛.网络攻击图的自动生成[J].计算机应用研究,2006,23(3):119-122. 被引量:13
  • 3冯萍慧,连一峰,戴英侠,鲍旭华.基于可靠性理论的分布式系统脆弱性模型[J].软件学报,2006,17(7):1633-1640. 被引量:30
  • 4张永铮,方滨兴,迟悦.计算机弱点数据库综述与评价[J].计算机科学,2006,33(8):19-21. 被引量:8
  • 5GB征求意见稿,信息安全风险评估指南[S].北京:国务院信息化工作办公室,2005. 被引量:1
  • 6MELL P, SCARFONE K, ROMANOSKY S. A complete guide to the common vulnerability scoring system version 2.0[ EB/OL]. [ 2008 ]. http ://www, first, org/cvss/. 被引量:1
  • 7OU Xin-ming,BOYER W F,McQUEEN M A. A scalable approach to attack graph generation [ C ]//Proc of the 13th ACM Conference on Computer and Communications Security. 2006:336- 345,. 被引量:1
  • 8AMMANN P, WUESEKERA D,KAUSHIK S. Scalable, graph-based network vulnerability analysis[ C ]//Proc of the 9th ACM Conference on Computer and Communications Security. New York: ACM Press, 2002:217-224. 被引量:1
  • 9SHEYNER O, HAINES J, JHA S, et al. Automated generation and analysis of attack graphs[ C]//Proc of IEEE Symposium on Security and Privacy. Oakland, California : IEEE Press ,2002:254-265. 被引量:1
  • 10WANG Ling-yu, NOEl. S ,JAJODIA S. Minimum-cost network hardening using attack graphs [ J ]. Computer Communications, 2006,29 ( 18 ) :3812-3824. 被引量:1

共引文献103

同被引文献107

引证文献16

二级引证文献113

计算机应用研究
2013年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部