基于贝叶斯网络的攻击图方法在网络安全评估中的应用
기우패협사망락적공격도방법재망락안전평고중적응용
Application of attack graph method based on bayesian network in network security assessment
  • 万方数据
    现代电子技术 현대전자기술
    MODERN ELECTRONICS TECHNIQUE
    2013年 9期 84-87 ,共4页

    刘胜娃%高翔%王敏

    류성왜%고상%왕민

    网络安全%攻击图%贝叶斯网络%通用漏洞评分系统 網絡安全%攻擊圖%貝葉斯網絡%通用漏洞評分繫統
    망락안전%공격도%패협사망락%통용루동평분계통
    network security%attack graph%Bayesian network%common vulnerability scoring system
    随着网络的发展,网络安全评估成为网络维护中不可或缺的组成部分,尽管攻击图、攻击树和其他技术已被广泛地用于预测所有漏洞,但仍然缺少一个有效的手段来量化地分析网络安全.介绍一个新方法构建一个带标记的攻击图,图中的每个节点都被标注了一个概率值用来说明该漏洞被成功利用的可能性,每条边都代表了漏洞间的关联.采用通用漏洞评分系统(CVSS)作为基础计算每个漏洞被利用的概率,采用贝叶斯网络计算累积的概率,并用一些典型场景评估了该方法的有效性和准确性.
    수착망락적발전,망락안전평고성위망락유호중불가혹결적조성부분,진관공격도、공격수화기타기술이피엄범지용우예측소유루동,단잉연결소일개유효적수단래양화지분석망락안전.개소일개신방법구건일개대표기적공격도,도중적매개절점도피표주료일개개솔치용래설명해루동피성공이용적가능성,매조변도대표료루동간적관련.채용통용루동평분계통(CVSS)작위기출계산매개루동피이용적개솔,채용패협사망락계산루적적개솔,병용일사전형장경평고료해방법적유효성화준학성.
    With the development of network,Network security assessment becomes a vital process that needs to be executed to maintain network. Although attack graph,attack tree and other technologies have been proposed to predict all vulnerabilities, there is still lack an efficient way to quantitatively analyze the network security. In this paper,a new method is proposed to construct a marked attack graph,in which each node in the attack graph is marked with a probability value to explain the likelihood of a successful exploit,and each edge represents the relationship between vulnerabilities. The common vulnerability scoring system (CVSS)was adopted as a foundation to compute the probability of each vulnerability. Bayesian Network was employed to compute the accumulated probability. The efficiency and accuracy of this method are assessed with some typical cases.
    원문보기 원문다운로드 사이트로이동
저자의 최근 논문