【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 8518次   下载 9962 本文二维码信息
码上扫一扫!
基于攻击图的网络安全度量研究
赵松,吴晨思,谢卫强,贾紫艺,王鹤,张玉清
分享到: 微信 更多
(西安电子科技大学 网络与信息安全学院 西安 中国 710071;中国科学院大学 国家计算机网络入侵防范中心 北京 中国 101408)
摘要:
随着现代社会对网络系统依赖程度的日益增强,网络安全问题受到普遍关注。网络安全度量是指在理解网络环境的基础之上,建立合适指标体系和度量方法,评估网络的安全性。本文采用攻击图这种网络脆弱性分析技术,在对目标网络和攻击者建模的基础之上,根据两者之间的相互关系生成攻击图模型,分析不同的攻击路径。借鉴CVSS对单一漏洞的量化指标,以及节点间概率转换关系,提出攻击伸缩性机理。结合CVSS指标和攻击图,计算攻击伸缩性数值,并以此作为网络安全度量的方法,最后总结了当前网络安全度量的发展现状以及面临的挑战。
关键词:  攻击图模型  安全度量  攻击伸缩性  安全评估
DOI:10.19363/J.cnki.cn10-1380/tn.2019.01.05
投稿时间:2018-09-30修订日期:2018-11-27
基金项目:本课题得到国家重点研发计划项目(No.2016YFB0800700);国家自然科学基金项目(No.61572460,No.61272481);信息安全国家重点实验室的开放课题(No.2017-ZD-01);国家发改委信息安全专项项目[No.(2012)1424];国家111项目(No.B16037)资助
Research on network security measurement based on attack graph
ZHAO Song,WU Chensi,XIE Weiqiang,JIA Ziyi,WANG He,ZHANG Yuqing
School of Network and Information Security, Xidian University, Xi'an 710071, China;National Computer Network Intrusion Prevention Center, University of Chinese Academy of Sciences, Beijing 101408, China
Abstract:
With the increasing dependence of modern society on network systems, network security issues have received widespread attention. Network security metrics are based on understanding the network environment, establishing appropriate indicator systems and metrics, and assessing network security. In this paper, using the network vulnerability analysis technology of attack graph, based on the modeling of the target network and the attacker, the attack graph model is generated based on the relationship between the two, and various possible attack paths are analyzed. This paper draws on CVSS's quantitative index of single vulnerability, and proposes the mechanism of attack scalability. Combine the CVSS indicator and the attack graph to calculate the attack scalability value and use it as a method of network security metrics. Finally, it summarizes the current development status of network security metrics and analyzes the main challenges.
Key words:  attack graph model  security metrics  attack scalability  security assessment