基于攻击图的网络安全度量研究综述

网络安全度量面临的主要挑战之一，即如何准确地识别目标网络系统中入侵者利用脆弱性之间的依赖关系进行威胁传播，量化对网络系统的潜在影响。攻击图由于具备优越的可视化展示能力，是解决该问题的有效途径之一。首先，介绍了安全度量的概念、发展历程和通用测度模型；然后，阐述攻击图构建、分类和应用的相关研究；其次，提出一种基于攻击图的层次化安全度量框架，从关键“点”、攻击“线”和态势“面”3个层次总结归纳了现有网络安全度量方法；最后，阐述了目前研究面临的难点问题与发展趋势。

Survey of attack graph based network security metric

One of the main challenges of network security metrics is how to accurately identify the intrusion of the intruders exploiting the dependence between the vulnerabilities for threat propagation in the target network system as well as to quantify the potential impact on the network system.Because of its superior performance of visual display,the attack graph becomes one of the effective ways to solve the problem.Firstly,the concept,development and general metric models of security metrics were introduced.Secondly,the related researches with respect to attack graph construction,classification and application were discussed.Thirdly,a hierarchical framework for security metric using attack graph was proposed,and then existing methods of network security metric were summarized from three levels (key “point”,attack “line” and situation “plane”).Finally,the difficult issues and development trends for the current research were discussed.