摘要
准确评估网络系统脆弱性对于网络安全规划和风险管理至关重要.现有网络脆弱性分析方法大多利用单一特性识别脆弱元素,随着网络系统复杂化进程加快,多元化的脆弱性识别显得尤为重要.从攻击者的角度出发,提出一种面向网络连通性的关键元素脆弱性分析方法,识别网络中具有多重重要身份且破坏代价小的网络元素,利用局部分析措施确定网络关键元素并将网络连通性作为脆弱性衡量指标,以识别出关键元素中可致使网络连通性特定降级的最小代价集合.仿真结果表明,所提出方案对脆弱元素的定位更加准确,可为网络安全防护措施的制定提供有效且可靠的参考.
Accurately assessing the vulnerability of network systems is vital for network security planning and risk management. Existing network vulnerability analysis methods mostly focus on identifying vulnerable elements with a single feature. With the quickening of network system complexity process, the diversified vulnerability identification is particularly important. This paper innovatively proposes a vulnerability analysis method for critical elements based on network connectivity from the perspective of attackers, identifying network elements with multiple important identities and low-disruption-cost. Critical elements are identified by using local analysis measures, network connectivity is used as the measure of vulnerability to identify the minimum-cost set of critical elements that can cause a particular degradation of network connectivity. The simulation results show that the proposed scheme is more accurate in locating vulnerable elements and can provide an effective and reliable reference for the development of protection measures.
作者
刘树美
于尧
郭磊
LIU Shu-mei;YU Yao;GUO Lei(College of Computer Science and Engineering,Northeastern University,Shenyang 110169,China)
出处
《控制与决策》
EI
CSCD
北大核心
2020年第6期1421-1426,共6页
Control and Decision
基金
国家自然科学基金项目(61771120)
中央高校基本科研业务费项目(N171602002.N181613003).
关键词
网络安全
网络脆弱性分析
连通性
关键元素
破坏代价
network security
network vulnerability analysis
connectivity
critical element
disruption cost
