基于动态攻击图的网络安全实时评估

计算机科学 ›› 2013, Vol. 40 ›› Issue (2): 133-138.

基于动态攻击图的网络安全实时评估

陈靖，王冬海，彭武

(中国电子科技集团公司电子科学研究院北京100041)

出版日期:2018-11-16 发布日期:2018-11-16

Real-time Network Security Assessment Based on Dynamic Attack Graph

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 针对网络安全评估对实时性及可视化的需求，提出了一种基于动态攻击图的实时评佑方法。首先通过采集网络的脆弱性、网络拓扑、资产价值等安全属性信息，同时提取入侵检测系统的报警信息、防火墙策略、安全管理等动态攻防对抗信息，生成动态攻击图，并实时调整防御手段对网络进行及时、有效的保护，实时地对网络系统的安全状态进行评估，并采用可视化的方法展现评估结果，在此基础上给出整体安全策略调整建议。最后通过实验证明了本方法的可行性和有效性。

关键词: 动态攻击图，实时评估，攻防对抗信息

Abstract: In order to evaluate the network security, a real-time security assessment method based on dynamic attack graph was presented. At first, network security related information such as network vulnerabilities, topology information,asset value,IDS alerts,and firewall rules was fused into attack graph. Then network security situation was evaluated and results were shown through visualization method, on this basis, some corresponding suggests were given to improve security. Finally, the feasibility and validity of this method were proved through some experiments.

Key words: Dynamic attack graph, Rcal-time assessment, Confront information of attack and defense

陈靖，王冬海，彭武. 基于动态攻击图的网络安全实时评估[J]. 计算机科学, 2013, 40(2): 133-138. https://doi.org/

参考文献

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed