CAJ | 학술논문

为了解决传统网络安全风险评估不能有效评价网络安全风险动态变化的缺点，根据网络安全的特性，提出了攻击图和隐马尔可夫模型（HMM）相结合的网络安全风险评估方法。采用攻击图生成网络攻击路径，从复杂度和防御能力等方面量化攻击威胁等级，利用隐马尔可夫模型计算攻击路径的攻击成功率，结合网络资产的重要程度确定网络安全风险值。通过实例分析表明，该方法能够提高网络安全风险评估的准确性，能够有效地对网络安全状况进行分析，具有较高的实用性。
위료해결전통망락안전풍험평고불능유효평개망락안전풍험동태변화적결점，근거망락안전적특성，제출료공격도화은마이가부모형（HMM）상결합적망락안전풍험평고방법。채용공격도생성망락공격로경，종복잡도화방어능력등방면양화공격위협등급，이용은마이가부모형계산공격로경적공격성공솔，결합망락자산적중요정도학정망락안전풍험치。통과실례분석표명，해방법능구제고망락안전풍험평고적준학성，능구유효지대망락안전상황진행분석，구유교고적실용성。
In order to solve the shortcomings that traditional network security risk assessment can not evaluate the network security risk effectively and dynamically , according to the characteristics of network security , the network se-curity risk assessment method combined with attack graph and hidden Markov model was proposed .The attack graph generated the network attack path ,the attack threat level was quantified from the aspects of complexity and defense abil -ity, the attack success rate of the attack path was calculated using a hidden Markov model , the network security risk value was determined with the importance of network assets .The research example showed that the method can improve the accuracy of network security risk assessment , analyze effectively the network security situation , and has higher practicability .