基于攻击图的分布式网络风险评估方法 |
| |
引用本文: | 方 明,徐开勇,杨天池,孟繁蔚,禹 聪. 基于攻击图的分布式网络风险评估方法[J]. 计算机科学, 2013, 40(2): 139-144 |
| |
作者姓名: | 方 明 徐开勇 杨天池 孟繁蔚 禹 聪 |
| |
作者单位: | (信息工程大学电子技术学院 郑州450004) |
| |
摘 要: | 对信息系统进行有效的风险评估,选择有效的防范措施,主动防御信息威胁,是解决信息系统安全问题的关键所在。将攻击图模型应用于信息安全的风险评佑。首先针对信息安全风险评佑的不确定性和复杂性,将脆弱点关联技术用于风险评估。其次,针对攻击图所描述的攻击路径对于定量指标的分析缺乏相应的处理能力,而风险因素的指标值具有很大的不确定性等问题,采用攻击路径形成概率对信息安全的风险因素的指标进行量化,对原子攻击成功概率进行预处理,提出了基于攻击图模型的分布式风险评佑方法。该方法充分利用网络系统中各个主机的计算能力,极大地缩短了攻击图生成时间。
|
关 键 词: | 安全风险概率,网络安全风险评估,攻击图 |
Distributed Network Risk Assessment Method Based on Attack Graph |
| |
Abstract: | Evaluating risk effectively, selecting effective defence measures and defending information threats actively are the key points of resolving security problems of information system. Based on the actual requirements and status of risk assessment of information security, we integrated attack graph to apply it in studying risk assessment of information security. Firstly, focused on the uncertainty and complexity of risk assessment of information security, we integrated the technology of vulnerabilities associated with to apply it in studying risk assessment. On the other hand,since the attack path described by attack graph model is suited for the quantity data processing, and poor to the qualitative analysis, and risk is uncertain, we quantized the risk factors by the probability of attack path forming proposed in this dissertation,pre-treated the probability of atom attack, and proposed a risk assessment method based on attack graph model. The method takes full advantage of computing power of each host in the network,greatly shortens the attack graph generation time. |
| |
Keywords: | Network security risk assessment Security risk probability Attack graph |
|
|
点击此处可从《计算机科学》下载全文 |
|