| 贝叶斯属性攻击图网络脆弱性评估 |
| |
| 引用本文: | 王秀娟,孙博,廖彦文,相从斌.贝叶斯属性攻击图网络脆弱性评估[J].北京邮电大学学报,2015(4):106-112. |
| |
| 作者姓名: | 王秀娟 孙博 廖彦文 相从斌 |
| |
| 作者单位: | 北京工业大学 计算机学院,北京,100124 |
| |
| 摘 要: | 为了准确全面地评估计算机网络脆弱性,对攻击图中存在的攻击环路、状态爆炸、难以量化分析等问题进行了研究,提出了属性攻击图向贝叶斯网络转化的方法和新的环路消除算法,并利用这2个算法建立贝叶斯属性攻击图模型。在该模型中,利用贝叶斯公式进行推导,得到评估指标的计算公式。利用通用漏洞评分系统数据计算节点的发生概率和评估指标,进行计算机网络脆弱性评估。通过进行实验分析,证明了该模型的可行性和有效性。与其他的脆弱性评估方法相比,该模型具有评估准确、计算简洁、动态量化评估的特点。
|
| 关 键 词: | 攻击图 贝叶斯网络 脆弱性分析 量化分析 |
Computer Network Vulnerability Assessment Based on Bayesian Attribute Network |
| |
| Abstract: | For assessing the vulnerability of computer network accurately and comprehensively, the prob-lem of attack loops, the state explosion and analyzing qualitatively were researched. The method of con-verting attribute attack graph to the Bayesian network and the new loop elimination algorithm was also pro-posed. By using these two algorithms, a new Bayesian attribute attack graph model was build. The for-mula of assessing indicators was derived by Bayesian formula. The data of common vulnerability scoring system was used to compute the probability of attribute nodes and indicators to conduct network vulnera-bility assessment. Experiments analysis proves the feasibility and effectiveness of the model. Compared with other methods of vulnerability assessment, this model has simple calculation which is suitable for dy-namic quantitative assessment. |
| |
| Keywords: | attack graph Bayesian network vulnerability analysis quantitative analysis |
| 本文献已被 万方数据 等数据库收录! |
|
