| 基于生命周期理论的安全漏洞时间风险研究 |
| |
| 引用本文: | 宋明秋,王磊磊,于博.基于生命周期理论的安全漏洞时间风险研究[J].计算机工程,2011,37(1):131-133,136. |
| |
| 作者姓名: | 宋明秋 王磊磊 于博 |
| |
| 作者单位: | 大连理工大学管理学院,辽宁大连,116023 |
| |
| 摘 要: | 为合理、科学地识别信息安全风险评估中安全漏洞的真实危害程度,引入安全漏洞生命周期概念,提出安全漏洞的时间风险模型。该模型利用早期报道的攻击事件统计量对安全漏洞进行攻击预测估计,根据结果计算出安全漏洞的攻击热度,结合漏洞攻击技术发展水平对安全漏洞时间维度上的风险进行评估。以Phf漏洞为例进行分析,结果表明,该风险评估模型可以真实、动态地反映出安全漏洞时间 风险。
|
| 关 键 词: | 安全漏洞 生命周期 攻击热度 时间风险 评估 |
Research on Time Risk of Security Vulnerability Based on Lifecycle Theory |
| |
| SONG Ming-qiu,WANG Lei-lei,YU Bo.Research on Time Risk of Security Vulnerability Based on Lifecycle Theory[J].Computer Engineering,2011,37(1):131-133,136. |
| |
| Authors: | SONG Ming-qiu WANG Lei-lei YU Bo |
| |
| Affiliation: | (School of Management, Dalian University of Technology, Dalian 116023, China) |
| |
| Abstract: | The time risk model is proposed to identify the real damage degree of security vulnerability in information security risk evaluation reasonably and scientifically, combining with vulnerability lifecycle. The subsequent exploitation of the vulnerability is predicted by using Gompertz model based on the incident report data, and attack heat is calculated. Based on the attack heat and the attack technology development, the evaluation can be drawn on the time dimension. An example of Phf vulnerability is given to demonstrate the validity of this method, and the result indicates that it can reflect time risk truly and dynamically. |
| |
| Keywords: | security vulnerability lifecycle attack heat time risk evaluation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
