Computer Science

Computer Science ›› 2014, Vol. 41 ›› Issue (7): 119-121.doi: 10.11896/j.issn.1002-137X.2014.07.024

Previous Articles     Next Articles

Analysis for Network Security by Stochastic Petri-net

JIAO Jian and CHEN Xin   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

563

Abstract: Network attack graph is an important means of network security.The traditional attack graph and the attack path solution are difficult to describe in terms of probability the influence degree of the attack probability and Defense Technology on the whole scheme.Using stochastic Petri-net theory,this paper presented conversion algorithm which can make attack graph to Petri network defense scheme.Using stochastic Petri-net model generated by the algorithm can implement parallel analysis of attack and defense process.Experimental results show that the method can quantify probability of attack process effectively,also can help to analyze the effect of different defense technology on the overall system security.

Key words: Attack graph,Stochastic Petri-net,Network defense

[1] Schneier B.Secrets and Lies:Digital Security in a NetworkedWorld [M].New York,USA:John Wiley & Sons,2000
[2] Man Da-peng,Zhang Bing,Yang Wu,et al.A method for global attack graph generation [C]∥Proceedings of 2008IEEE International Conference on Networking,Sensing and Control.Sanya,China:IEEE Computer Society Press,2008:236-241
[3] Phillips C,Laura S P.A graph-based syatem for network vulnerability analysis[C]∥Proceedings of the 1998Workshop on New Securityparadigms.VA,USA:ACM,1998:71-79
[4] Wang Da-zhi,Bharat B M,Kishor S.Security analysis of SITAR intrusi on tolerance system [C]∥Proceedings of the 2003Workshop on Survivable and Self-Regenerative Systems,in Association with 10th ACM Conference on Computer and Communications Security 2003.New York,USA:Association for Computing Machinery,2003:23-32
[5] Wang Fei-yi,Jou F,Gong Feng-min,et al.SITAR:Scalable in trusion tolerance architecture for distributed services [C]∥Proceedings of the IEEE Second SMCInform at ion Assurance Workshop.West Point,New York,USA:IEEE Press,2001:38-45
[6] Singh S,Cukier M,Sanders W H.Probabilistic validation of an intrusion tolerant replication system [C]∥Proceedings of the International Conference on Dependable Systems and Networks.San Francisco,USA:IEEE Press,2003:616-624
[7] 杨宏宇,江华.基于攻击图的多Agent网络安全风险评估模型[J].计算机科学,2013,40(2):148-152
[8] Swiler L P,Phillips C,Gaylor T.A Graph-Based Network-Vulnerability Analysis System[C]∥Technical Report SAND97-3010/1,Sandia National Laboratories.Albuquerque,New Mexico and Livermore,California,1998
[9] Ammann P,Wijesekera D,Kaushik S.Scalable Graph-BasedNetwork Vulnerability Analysis[C]∥Proceedings of the 9th ACM Conference on Computer and Communications Security.New York:ACM Press,2002:217-224
[10] 张冬艳,陈红松.基于随机Petri网的容灾系统安全性分析[J].清华大学学报:自然科学版,2011,1(10):1281-1286
[11] Cynthia P,Laura P S.A graph-based system for network-vulnerability analysis system[C]∥ACM New Security Paradigms Workshop.1998
[12] Jha S,Sheyner O,Wing J M.Minimization and reliability analyses of attack graphs [R].Technical Report CMUCS-02-109.Carnegie Mellon University,February 2002
[13] Jajodia S,Noel S,O’Berry B.Topological analysis of networkattack vulnerability[C]∥Managing Cyber Threats:Issues,Approaches and Challenges.Springer-Verlag,2005:248-266
[14] Ou Xin-ming,Boyer W F,McQueen M A.A Scalable Approach to Attack Graph Generation[C]∥CCS’06.Alexandria,Virginia,USA,2007:336-345
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.