摘要
针对目前网络风险评估模型中忽略攻击代价和入侵意图对网络安全产生影响的问题,为了准确评估目标网络风险,提出一种基于贝叶斯攻击图的网络入侵意图分析方法。利用由漏洞价值、攻击成本和攻击收益计算出的原子攻击概率,结合贝叶斯信念网络量化攻击图,建立静态风险评估模型,并利用入侵意图动态更新模型,实现对网络风险的动态评估,为攻击面动态防御措施提供了依据。实验表明,所提模型不但可以有效地评估网络整体的安全性,而且在预测攻击路径方面也具有可行性。
Aiming at the problem of ignoring the impact of attack cost and intrusion intention on network security in the current network risk assessment model,in order to accurately assess the target network risk,a method of network intrusion intention analysis based on Bayesian attack graph was proposed.Based on the atomic attack probability calculated by vulnerability value,attack cost and attack benefit,the static risk assessment model was established in combination with the quantitative attack graph of Bayesian belief network,and the dynamic update model of intrusion intention was used to realize the dynamic assessment of network risk,which provided the basis for the dynamic defense measures of attack surface.Experiments show that the model is not only effective in evaluating the overall security of the network,but also feasible in predicting attack paths.
作者
罗智勇
杨旭
刘嘉辉
许瑞
LUO Zhiyong;YANG Xu;LIU Jiahui;XU Rui(School of Computer Science and Technology,Harbin University of Science and Technology,Harbin 150080,China)
出处
《通信学报》
EI
CSCD
北大核心
2020年第9期160-169,共10页
Journal on Communications
基金
国家自然科学基金资助项目(No.61403109)。
关键词
贝叶斯信念网络
攻击图
网络安全
入侵意图
风险评估
Bayesian belief network
attack graph
network security
intrusion intention
risk assessment
