首页 | 本学科首页   官方微博 | 高级检索  
     

攻击图技术研究进展
引用本文:陈锋,毛捍东,张维明,雷长海. 攻击图技术研究进展[J]. 计算机科学, 2011, 38(11): 12-18
作者姓名:陈锋  毛捍东  张维明  雷长海
作者单位:1. 第二军医大学网络信息中心 上海200433;国防科学技术大学信息系统与管理学院 长沙410073
2. 第二军医大学网络信息中心 上海200433
3. 国防科学技术大学信息系统与管理学院 长沙410073
基金项目:本文受国家自然科学基金(912024006)资助。
摘    要:目前网络攻击技术逐步多样化和智能化,攻击者对目标网络内存在的脆弱性会采取多步骤的组合攻击方式进行逐步渗透。攻击图是一种新型的网络脆弱性分析技术,它在对目标网络和攻击者建模的基础上,根据二者之间的相互作用关系计算产生攻击图,展示攻击者利用目标网络脆弱性实施网络攻击的各种可能攻击路径。该技术能够自动发现未知的系统脆弱性以及脆弱性之间的关系,因此是目前研究的热点之一。攻击图技术经历了从面向小型网络的手工分析到自动分析的发展,目前正在向面向大规模网络的自动分析发展。总结了攻击图技术的发展现状,阐述了它的巨大应用前景,最后分析了该技术目前所面临的主要挑战。

关 键 词:脆弱性分析  攻击图  网络建模  攻击者建模

Survey of Attack Graph Technique
CHEN Feng,MAO Han-dong,ZHANG Wei-ming,LEI Chang-hai. Survey of Attack Graph Technique[J]. Computer Science, 2011, 38(11): 12-18
Authors:CHEN Feng  MAO Han-dong  ZHANG Wei-ming  LEI Chang-hai
Affiliation:(Network Information Center, The Second Military Medical University, Shanghai 200433 , China) (School of Information System and Management, National University of Defense Technology, Changsha 410073 , China)
Abstract:The network attack techniques arc being more diversified, and intelligent, an attacker can often infiltrate a seemingly well-guarded network system using multi-step attacks by exploiting sequences of related vulnerabilities. As the novel vulnerability assessment technique, the attack graph technique analyzes the interaction between the target network and the attacker through the models of these two agents, generates attack graph to show possible attack paths. Because this technology has the capacity to automatically discover the unknown system vulnerabilities and the relationship between vulnerabilities, it is currently a hot subject of research. "l}he attack graph technique has experienced the stage of manual analysis and the stage of the automatic analysis of small-scale network, and is currently in the way of the automatic analysis of large-scale network. In this paper, the development of attack graph technique was summarized and challenges arising from the current research were discussed and some suggestions for the future research work were put forward.
Keywords:Vulnerability assessment  Attack graphs  Modeling networks  Modeling attackers
本文献已被 CNKI 万方数据 等数据库收录!
点击此处可从《计算机科学》浏览原始摘要信息
点击此处可从《计算机科学》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号