| 基于专家知识的攻击图生成方法 |
| |
| 引用本文: | 是灏,王轶骏,薛质.基于专家知识的攻击图生成方法[J].信息安全与通信保密,2011(5):88-90. |
| |
| 作者姓名: | 是灏 王轶骏 薛质 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海,200240 |
| |
| 摘 要: | 由于网络规模的不断扩大,独立的漏洞分析已经不能满足安全防护需求。攻击图作为一个新的工具能够清晰表述网络结构,使网络安全人员分析漏洞的相互关联,从而更好地了解网络的漏洞并加以有效的补救,但是传统的攻击图生成方法生成的攻击图会随着网络规模的扩大而复杂度急剧上升。从安全管理者的角度可以采用一种新的生成方法来生成较为简洁的攻击图,这种方法从网络的关键节点出发生成攻击图,可以有效地减少攻击图的规模。
|
| 关 键 词: | 攻击图 网络安全 漏洞检测 可扩展性 |
Attack Graph Generation based on Security Administrator Information |
| |
| SHI Hao,WANG Yi-jun,XUE Zhi.Attack Graph Generation based on Security Administrator Information[J].China Information Security,2011(5):88-90. |
| |
| Authors: | SHI Hao WANG Yi-jun XUE Zhi |
| |
| Affiliation: | SHI Hao,WANG Yi-jun,XUE Zhi(School of Information Security Engineering,SJTU,Shanghai 200240,China) |
| |
| Abstract: | Due to the continuous growth of network size,the independent vulnerability analysis could not satisfy the requirement of security protection.Attack graph,as a new tool,could show the network structure clearly.Taking into account the interaction among the vulnerabilities,the people can identify overall risk of the network better and adopt proper a measures.However,the complexity of attack graphs generated by traditional generation methods would grow rapidly with the expansion of network scale.A fairly simple... |
| |
| Keywords: | attack graph network security vulnerability detection scalability |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
