| 基于关联性的漏洞评估方法 |
| |
| 引用本文: | 张凤荔,冯 波. 基于关联性的漏洞评估方法[J]. 计算机应用研究, 2014, 31(3): 811-814 |
| |
| 作者姓名: | 张凤荔 冯 波 |
| |
| 作者单位: | 1. 电子科技大学 计算机科学与工程学院, 成都 611731; 2. 网络与数据安全四川省重点实验室, 成都 611731 |
| |
| 基金项目: | 国家自然科学基金资助项目(61133016); 工信部科技重大专项基金资助项目(2011ZX03002-002-03) |
| |
| 摘 要: | 为了更加有效地评估漏洞威胁, 在原有的基于关联性漏洞评估方法的基础上, 从漏洞的可利用性出发, 分析了通用漏洞评估系统(CVSS)作为漏洞可利用性评价指标的缺点。在改进CVSS评价指标的基础上, 提出了更为合理的漏洞可利用性评估体系, 并改进了原有的漏洞评估方法。该方法能够有效地挖掘漏洞自身特点, 科学地进行漏洞评估, 并通过实验验证了该方法的合理性和有效性。
|
| 关 键 词: | 关联性 攻击图 漏洞 通用漏洞评估系统 |
Vulnerability assessment based on correlation |
| |
| ZHANG Feng-li,FENG Bo. Vulnerability assessment based on correlation[J]. Application Research of Computers, 2014, 31(3): 811-814 |
| |
| Authors: | ZHANG Feng-li FENG Bo |
| |
| Affiliation: | 1. School of Computer Science & Engineering, University of Electronic Science & Technology of China, Chengdu 611731, China; 2. Sichuan Province Key Laboratory of Network & Data Security, Chengdu 611731, China |
| |
| Abstract: | For the purpose of assessing vulnerabilities more effectively, from the vulnerability availability, this paper analyzed the shortcomings of common vulnerability scoring system(CVSS) as the evaluation indicators based on the vulnerability correlation assessment method. Meanwhile, on the basis of the improved CVSS evaluation indicators, this paper put forward a more sensible vulnerability availability evaluation system and promoted the original vulnerability assessment method. This method also mines its own characteristics of vulnerability effectively, assesses vulnerability scientifically and verifies its rationality and validity by experiments. |
| |
| Keywords: | correlation attack graph vulnerability common vulnerability scoring system |
|
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
