Computer Science ›› 2014, Vol. 41 ›› Issue (9): 169-173.doi: 10.11896/j.issn.1002-137X.2014.09.032

Previous Articles     Next Articles

Network Risk Analysis Method Based on Node-Game Vulnerability Attack Graph

ZHANG Jian,WANG Jin-dong,ZHANG Heng-wei and WANG Na   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Due to the lack of considerations of mutual constraints between offensive and defensive vulnerability in the current risk analysis methods,this paper attempted to introduce game theory into the nodes analysis process,and the Risk Analysis Model based on node game Vulnerability Attack Graph was proposed.On this basis,a vulnerability risk analysis algorithm based on connection matrix was proposed.The algorithm builds connection matrixes of the attack graph,and evaluates the overall risk based on the analysis of self risk and transmission risk of information system vulnerabilities.The evaluation result can help the manager to determine the critical vulnerability.The example analysis proves the effectiveness of the model and algorithm.

Key words: Node game,Vulnerability attack graph,Vulnerability risk,Transmission risk

[1] Cunningham W H.Optimal attack and reinforcement of a network [J].Journal of the ACM,1985,32(3):549-561
[2] 张友春,魏强,等.信息系统漏洞挖掘技术体系研究[J].通信学报,2011,32(2):42-47
[3] 王永杰,鲜明等.基于攻击图模型的网络安全评估研究[J].通信学报,2007,28(3):29-34
[4] 马俊春,王勇军,等.基于攻击图的网络安全策略制定方法研究[J].高技术通讯,2012,22(4):374-381
[5] 何江湖,潘晓中.基于漏洞关联攻击代价的攻击图生成算法[J].计算机应用研究,2012,29(5):1907-1909
[6] 王会梅,鲜明,等.基于扩展网络攻击图的网络攻击策略生成算法[J].电子与信息学报,2011,33(12):3015-3021
[7] 姜伟,方滨兴,等.基于攻防博弈模型的网络安全测评和最优主动防御[J].计算机学报,2009,32(4):817-825
[8] 林旺群,等.基于非合作动态博弈的网络安全主动防御技术研究[J].计算机研究与发展,2011,48(2):306-313
[9] 张永铮,方滨兴,等.网络风险评估中网络节点关联性的研究[J].计算机学报,2007,30(2):234-240
[10] 周亮,李俊娥,等.信息系统漏洞风险定量评估模型研究[J].通信学报,2009,30(2):71-76
[11] 叶云,徐锡山,等.基于攻击图的风险邻接矩阵研究[J].通信学报,2011,32(5):112-120
[12] 潘晓中,何江湖,等.攻击图在风险评估中的矩阵可视化[J].小型微型计算机系统,2013,34(3):553-556
[13] 张永铮,方滨兴,等.用于评估网络信息系统的风险传播模型[J].软件学报,2007,18(1):137-145

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!