| 利用攻防树实现网络安全风险分析及成本/效益控制 |
| |
| 引用本文: | 王宇,卢昱. 利用攻防树实现网络安全风险分析及成本/效益控制[J]. 计算机应用与软件, 2006, 23(4): 11-12,47 |
| |
| 作者姓名: | 王宇 卢昱 |
| |
| 作者单位: | 装备指挥技术学院网络安全实验室,北京,101400;装备指挥技术学院网络安全实验室,北京,101400 |
| |
| 基金项目: | 国家863计划项目(2004AA712030). |
| |
| 摘 要: | 攻击树建模是一种传统的网络安全风险分析方法。在此基础上,提出了防御树建模方法,它能从防御的角度对安全防御措施、成本和可靠度等诸多因素进行逻辑分析,弥补了单从攻击角度评估网络安全风险的不足。在防御树建模的基础上,提出了优化安全防御措施的两种成本/效益控制算法,对算法的复杂度进行了分析。这两种算法能分别从成本优先和防御可靠度优先这两个角度对防御村进行裁剪。
|
| 关 键 词: | 攻击树 防御树 网络安全 风险评估 成本/效益 控制 |
| 收稿时间: | 2005-06-15 |
| 修稿时间: | 2005-06-15 |
USING ATTACK & DEFENCE TREE TO ANALYZE NETWORK SECURITY RISK AND TO PERFORM CONTROL OF COST-EFFICIENCY |
| |
| Wang Yu,Lu Yu. USING ATTACK & DEFENCE TREE TO ANALYZE NETWORK SECURITY RISK AND TO PERFORM CONTROL OF COST-EFFICIENCY[J]. Computer Applications and Software, 2006, 23(4): 11-12,47 |
| |
| Authors: | Wang Yu Lu Yu |
| |
| Affiliation: | Lab of Network Security, Academy of Equipment Command and Technology,Beijing 101400, China |
| |
| Abstract: | Attack tree modeling is a traditional ,nethod to analyze network security risk. Based on this method, defence tree modeling is proposed. It can logically parse out many factors, such as security protection measures, costs, degree of defence reliability from the view of protection, which makes up the deficiency of evaluation on network security risk only from the point of attack. On the ground of defence tree modeling, two cost -efficiency optimizing control algorithms are introduced, their complexity is analyzed. These two algorithms can help to trim defence tree according to the cost first or the degree of defence reliability first respectively. |
| |
| Keywords: | Attack tree Defence tree Network security Risk evaluation Cost-efficiency Control |
| 本文献已被 维普 万方数据 等数据库收录! |
|
