首页 | 本学科首页   官方微博 | 高级检索  
     

基于依赖关系图和通用漏洞评分系统的网络安全度量
引用本文:王佳欣,冯毅,由睿. 基于依赖关系图和通用漏洞评分系统的网络安全度量[J]. 计算机应用, 2019, 39(6): 1719-1727. DOI: 10.11772/j.issn.1001-9081.2018102199
作者姓名:王佳欣  冯毅  由睿
作者单位:信息工程大学,郑州,450000;信息工程大学,郑州,450000;信息工程大学,郑州,450000
基金项目:国家自然科学基金资助项目(61309018)。
摘    要:管理人员通常使用一些网络安全指标作为度量网络安全的重要依据。通用漏洞评分系统(CVSS)是目前人们普遍认同的网络度量方式之一。针对现有的基于CVSS的网络安全度量无法精确测量网络受到攻击的概率和影响两方面得分的问题,提出一种基于依赖关系图和CVSS的改进基础度量算法。首先发掘攻击图中漏洞节点的依赖关系,构建依赖关系图;然后根据依赖关系修改CVSS中漏洞的基础度量算法;最后聚合整个攻击图中的漏洞得分,得到网络受到攻击的概率及影响两方面的得分。采用模拟攻击者进行仿真实验,结果表明,该算法在算法精确度和可信度方面明显优于汇总CVSS分数算法,更加接近实际仿真结果。

关 键 词:网络安全  通用漏洞评分系统(CVSS)  攻击成功率  基础度量  依赖关系
收稿时间:2018-11-01
修稿时间:2018-12-21

Network security measurment based on dependency relationship graph and common vulnerability scoring system
WANG Jiaxin,FENG Yi,YOU Rui. Network security measurment based on dependency relationship graph and common vulnerability scoring system[J]. Journal of Computer Applications, 2019, 39(6): 1719-1727. DOI: 10.11772/j.issn.1001-9081.2018102199
Authors:WANG Jiaxin  FENG Yi  YOU Rui
Affiliation:Information Engineering University, Zhengzhou Henan 450000, China
Abstract:Administrators usually take some network security metrics as important bases to measure network security. Common Vulnerability Scoring System (CVSS) is one of the generally accepted network measurement method. Aiming at the problem that the existing network security measurement based on CVSS could not accurately measure the probability and the impact of network attack at the same time, an improved base metric algorithm based on dependency relationship graph and CVSS was proposed. Firstly, the dependency relationship of the vulnerability nodes in an attack graph was explored to build the dependency relationship graph. Then, the base metric algorithm of the vulnerability in CVSS was modified according to the dependency relationship. Finally, the vulnerability scores in the whole attack graph were aggregated to obtain the probability and the impact of network attack. The results of simulation with simulated attacker show that the proposed algorithm is superior to the algorithm of aggregating CVSS scores in terms of accuracy and credibility, and can get measurement results closer to the actual simulation results.
Keywords:network security   Common Vulnerability Scoring System (CVSS)   attack success rate   base metric   dependency relationship
本文献已被 维普 万方数据 等数据库收录!
点击此处可从《计算机应用》浏览原始摘要信息
点击此处可从《计算机应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号