共查询到19条相似文献,搜索用时 140 毫秒
1.
2.
一种高效的攻击图生成方法研究 总被引:1,自引:0,他引:1
提出了一种适用于大规模复杂网络系统的攻击图生成算法,从主机间可达性、安全防护系统、主机系统和网络服务四个层面对目标网络进行建模,提出了主机间可达性参数的自动获取技术,从而有效支持了大规模目标网络建模的自动化,通过实验分析证明,本算法能够适合全面分析网络安全性和攻击者可能采取的行为方式. 相似文献
3.
4.
5.
考虑到以往装备体系的研究方法忽略了装备之间的配合关系,基于网络科学思想,建立反导作战网络模型。阐明了反导作战能力生成机制,并基于此提出了反导装备体系作战网络能力评估方法,最后通过示例对所提出的建模和评估方法进行展示,证明了该方法的可行性和有效性。 相似文献
6.
一种基于攻击图模型的网络安全评估方法 总被引:1,自引:0,他引:1
随着网络的深入和快速发展,网络安全问题日益严峻,研究网络安全的评估方法,具有重要的现实意义。安全漏洞的大量存在是安全问题的总体形势趋于严峻的重要原因之一。详细介绍了攻击图建模方法,给出了攻击图自动生成算法,提出了一种利用数学模型分析攻击图,并对网络系统进行安全评估的方法,最后通过一个虚拟网络环境对网络安全评估方法进行了验证。该方法对攻击图的研究具有现实意义。 相似文献
7.
网络漏洞攻击分类研究对于系统地分析计算机系统脆弱性和攻击利用的技术方法有着重要的意义,这有助于构造高效的入侵检测方法。通过对现有漏洞攻击分类方法的分析和研究,提出了一种面向检测的漏洞攻击分类方法-ESTQ方法,并对其进行了形式化描述和分析。 相似文献
8.
9.
攻击和防御是对抗的两个基本方面。文章首先阐述了C^4ISR的概念,然后对信息网络的对抗技术进行了归纳分类,讨论了各种信息网络防御机制,重点分析了不同防御机制中所存在的脆弱性,并提出了相应的攻击措施。最后,对C^4ISR网络对抗机制间的攻防关系进行了总结。 相似文献
10.
11.
Attack graph technology was a measure to predict the pattern and process used by attacker to compromise the target network,so as to guide defender to take defensive measures and improve network security.The basic component,types of attack graphs and respective advantages and disadvantages of each type were reviewed.The application status of attack graph technology in risk assessment and network hardening,intrusion detection and alarm correlation,and other aspects were introduced.Several kinds of existing attack graph generation and analysis tools were also presented.At last a survey of some challenges and research trends in future research work was provided. 相似文献
12.
基于专家知识的攻击图生成方法 总被引:1,自引:0,他引:1
由于网络规模的不断扩大,独立的漏洞分析已经不能满足安全防护需求。攻击图作为一个新的工具能够清晰表述网络结构,使网络安全人员分析漏洞的相互关联,从而更好地了解网络的漏洞并加以有效的补救,但是传统的攻击图生成方法生成的攻击图会随着网络规模的扩大而复杂度急剧上升。从安全管理者的角度可以采用一种新的生成方法来生成较为简洁的攻击图,这种方法从网络的关键节点出发生成攻击图,可以有效地减少攻击图的规模。 相似文献
13.
14.
针对误用检测方法和异常检测方法缺少对网络风险因素分析,导致网络漏洞检出率较低的问题,提出了基于大数据H adoop技术检测网络安全漏洞研究.构建标准化直接关系矩阵、生成总关系矩阵确定网络风险元素属性,由此分析网络风险.构建Hadoop框架,采集入侵行为漏洞信息,搭建核心装置,处理网络漏洞.避免外力干扰情况下,评估网络漏... 相似文献
15.
A performance assessment approach based on change-point detection for network moving target defence was proposed.Directed to the problem of network resource graph not being able to present the effect of network resource vulnerabilities to network nodes,a conversion relationship between resource vulnerability changes and node security states was established by defining the concept of a hierarchical network resource graph and the efficiency of resource graph construction and updating were improved.Furthermore,directed to the problem of static detection algorithm not being able to precisely measure the dynamic change of network moving target defense,a change-point detection algorithm and standard degree measurement algorithm was designed.The security cost and benefit of network moving target defense in real-time and dynamically on the basis of unified metrics were defected and measured,which improved the evaluation accuracy.The analysis result of typical examples has proved the feasibility and the effectiveness of the proposed approach. 相似文献
16.
Aiming at the problem of ignoring the impact of attack cost and intrusion intention on network security in the current network risk assessment model,in order to accurately assess the target network risk,a method of network intrusion intention analysis based on Bayesian attack graph was proposed.Based on the atomic attack probability calculated by vulnerability value,attack cost and attack benefit,the static risk assessment model was established in combination with the quantitative attack graph of Bayesian belief network,and the dynamic update model of intrusion intention was used to realize the dynamic assessment of network risk,which provided the basis for the dynamic defense measures of attack surface.Experiments show that the model is not only effective in evaluating the overall security of the network,but also feasible in predicting attack paths. 相似文献
17.
18.