共查询到18条相似文献,搜索用时 140 毫秒
1.
2.
3.
一种基于攻击图模型的网络安全评估方法 总被引:1,自引:0,他引:1
随着网络的深入和快速发展,网络安全问题日益严峻,研究网络安全的评估方法,具有重要的现实意义。安全漏洞的大量存在是安全问题的总体形势趋于严峻的重要原因之一。详细介绍了攻击图建模方法,给出了攻击图自动生成算法,提出了一种利用数学模型分析攻击图,并对网络系统进行安全评估的方法,最后通过一个虚拟网络环境对网络安全评估方法进行了验证。该方法对攻击图的研究具有现实意义。 相似文献
4.
提出一种基于攻击图的多智能代理(Agent)的网络安全风险评估模型.首先,提出了基于多Agent的风险评估架构并给出了主Agent和子Agent的主要模块的功能设计,以网络中主机上的组件为基本节点,采用多Agent协同工作的方式构建攻击图.其次,定义五种风险指数并给出网络安全风险指数的计算方法.最后,基于Java的Agent开发框架(Java Agent Development Framework,JADE)实现了该评估模型,通过对仿真网络的风险评估验证了此模型的可行性和有效性. 相似文献
5.
6.
航迹关联是分布式传感器信息融合的关键问题之一,其主要问题在于多目标平飞航迹难以关联,而实际工程应用中无法实时获取方差数据又增加了关联难度。将同一传感器获取的平飞航迹抽象为图论中无分辨的点,应用综合B型关联理论计算各点间距,进而构造反映航迹间关联关系的双向连通图,并用邻接矩阵描述其关联拓扑关系。不同节点的公共观测连通图对应的邻接矩阵必然是相似的,继而将图二分为单点图及其对应补图,利用辩证的思想将补图所对应的邻接矩阵的特征值抽象为对应点的特征向量,最终将平飞航迹关联落脚至多维分配问题。实验仿真表明,该方法具有较好的关联效果。 相似文献
7.
8.
9.
针对复杂多步攻击检测问题,研究面向云计算环境的攻击场景构建方法。首先,构建了动态概率攻击图模型,设计了概率攻击图更新算法,使之能够随着时空的推移而周期性更新,从而适应弹性、动态性的云计算环境。其次,设计了攻击意图推断算法和最大概率攻击路径推断算法,解决了误报、漏报导致的攻击场景错误、断裂等不确定性问题,保证了攻击场景的准确性。同时将攻击场景随动态概率攻击图动态演化,保证了攻击场景的完备性和新鲜性。实验结果表明,所提方法能够适应弹性、动态的云计算环境,还原出攻击者完整的攻击渗透过程,重构出高层次的攻击场景,为构建可监管可追责的云环境提供了一定的依据和参考。 相似文献
10.
11.
12.
Aiming at the problem of ignoring the impact of attack cost and intrusion intention on network security in the current network risk assessment model,in order to accurately assess the target network risk,a method of network intrusion intention analysis based on Bayesian attack graph was proposed.Based on the atomic attack probability calculated by vulnerability value,attack cost and attack benefit,the static risk assessment model was established in combination with the quantitative attack graph of Bayesian belief network,and the dynamic update model of intrusion intention was used to realize the dynamic assessment of network risk,which provided the basis for the dynamic defense measures of attack surface.Experiments show that the model is not only effective in evaluating the overall security of the network,but also feasible in predicting attack paths. 相似文献
13.
Aiming at the problems that traditional dynamic migration methods have many migration nodes,high migration frequency,and long service function chain (SFC) link path after migration when dealing with side channel attack,a dynamic migration method of critical virtual network function (VNF) based on risk awareness was proposed.In order to reduce the number of migrated nodes,only the key VNF with private information was migrated.Combined with the side channel attack detection system,the triggering migration was performed on the critical VNF which were under attack,and the key VNF was also periodically migrated according to the side channel information leakage model.Finally,a multi-attribute node sorting method base on the technique for order preference by similarity to ideal solution was used to select the migration destination server to avoid the path being too long after migration.Experiments show that the proposed method has a lower number of migration nodes and migration frequency when achieving the same side channel attack defense performance,and effectively avoids the problem that the SFC path is too long after migration. 相似文献
14.
A novel method of fault attack based on round reduction against SM4 algorithm was proposed.Faults were in-jected into the last four rounds of the SM4 encryption algorithm,so that the number of the algorithm's rounds can be re-duced.In known-ciphertext scenario,four traces are enough to recover the total 128 bit master key by screening these faults easily.The proposed attack is made to an unprotected SM4 smart card.Experiment shows that this attack method is efficient,and which not only simplifies the existing differential fault attack,but also improves the feasibility of the attack. 相似文献
15.
Liu J.Z. Ma K. Cham W.K. Chang M.M.Y. 《Vision, Image and Signal Processing, IEE Proceedings -》2000,147(1):47-54
A method of stroke order and number-free online recognition of Chinese characters is proposed. Both input characters and model characters are represented with complete relational graphs (CRGs). Classification of an input character can be implemented by matching its CRG against every CRG of the model base. However, efficient algorithms for graph matching are not available. Therefore, the graph-matching problem is transformed into a two-layer assignment problem and is solved with the Hungarian method. Two complexity reduction schemes are presented to save computational time. Tests demonstrate the efficiency of the proposed method 相似文献
16.
17.
In the post quantum era, public key cryptographic scheme based on lattice is considered to be the most promising cryptosystem that can resist quantum computer attacks. However, there are still few efficient key agreement protocols based on lattice up to now. To solve this issue, an improved key agreement protocol with post quantum security is proposed. Firstly, by analyzing the Wess-Zumino model + ( WZM + ) key agreement protocol based on small integer solution (SIS) hard problem, it is found that there are fatal defects in the protocol that cannot resist man-in-the-middle attack. Then based on the bilateral inhomogeneous small integer solution (Bi-ISIS) problem, a mutual authenticated key agreement (AKA) protocol with key confirmation is proposed and designed. Compared with Diffie-Hellman (DH) protocol, WZM + key agreement protocol, and the AKA agreement based on the ideal lattice protocol, the improved protocol satisfies the provable security under the extend Canetti-Krawczyk (eCK) model and can resist man-in-the-middle attack, replay attack and quantum computing attack. 相似文献