计算机科学 ›› 2014, Vol. 41 ›› Issue (7): 119-121.doi: 10.11896/j.issn.1002-137X.2014.07.024

• 2013'Petri 网 • 上一篇    下一篇

使用随机Petri网的网络安全系统分析

焦健,陈昕   

  1. 北京信息科技大学计算机学院 北京100101;北京信息科技大学计算机学院 北京100101
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受北京市教委科技面上项目(KM201211232010)资助

Analysis for Network Security by Stochastic Petri-net

JIAO Jian and CHEN Xin   

  • Online:2018-11-14 Published:2018-11-14

摘要: 网络攻击图一直是网络安全研究的重要手段,传统的攻击图和针对攻击路径的防御方案很难从概率的角度描述和分析攻击几率与防御技术对整体方案的影响程度。使用随机Petri网理论,给出了一种建立在攻击图之上的Petri网防御方案转换算法,使用该算法生成的随机Petri网模型可以实现对攻击和防御过程的并行分析。实验验证表明,该方法可以有效地量化攻击过程的发生几率,还可以协助分析不同防御技术对系统整体安全性的影响。

关键词: 攻击图,随机Petri网,网络防御 中图法分类号TP393.8文献标识码A

Abstract: Network attack graph is an important means of network security.The traditional attack graph and the attack path solution are difficult to describe in terms of probability the influence degree of the attack probability and Defense Technology on the whole scheme.Using stochastic Petri-net theory,this paper presented conversion algorithm which can make attack graph to Petri network defense scheme.Using stochastic Petri-net model generated by the algorithm can implement parallel analysis of attack and defense process.Experimental results show that the method can quantify probability of attack process effectively,also can help to analyze the effect of different defense technology on the overall system security.

Key words: Attack graph,Stochastic Petri-net,Network defense

[1] Schneier B.Secrets and Lies:Digital Security in a NetworkedWorld [M].New York,USA:John Wiley & Sons,2000
[2] Man Da-peng,Zhang Bing,Yang Wu,et al.A method for global attack graph generation [C]∥Proceedings of 2008IEEE International Conference on Networking,Sensing and Control.Sanya,China:IEEE Computer Society Press,2008:236-241
[3] Phillips C,Laura S P.A graph-based syatem for network vulnerability analysis[C]∥Proceedings of the 1998Workshop on New Securityparadigms.VA,USA:ACM,1998:71-79
[4] Wang Da-zhi,Bharat B M,Kishor S.Security analysis of SITAR intrusi on tolerance system [C]∥Proceedings of the 2003Workshop on Survivable and Self-Regenerative Systems,in Association with 10th ACM Conference on Computer and Communications Security 2003.New York,USA:Association for Computing Machinery,2003:23-32
[5] Wang Fei-yi,Jou F,Gong Feng-min,et al.SITAR:Scalable in trusion tolerance architecture for distributed services [C]∥Proceedings of the IEEE Second SMCInform at ion Assurance Workshop.West Point,New York,USA:IEEE Press,2001:38-45
[6] Singh S,Cukier M,Sanders W H.Probabilistic validation of an intrusion tolerant replication system [C]∥Proceedings of the International Conference on Dependable Systems and Networks.San Francisco,USA:IEEE Press,2003:616-624
[7] 杨宏宇,江华.基于攻击图的多Agent网络安全风险评估模型[J].计算机科学,2013,40(2):148-152
[8] Swiler L P,Phillips C,Gaylor T.A Graph-Based Network-Vulnerability Analysis System[C]∥Technical Report SAND97-3010/1,Sandia National Laboratories.Albuquerque,New Mexico and Livermore,California,1998
[9] Ammann P,Wijesekera D,Kaushik S.Scalable Graph-BasedNetwork Vulnerability Analysis[C]∥Proceedings of the 9th ACM Conference on Computer and Communications Security.New York:ACM Press,2002:217-224
[10] 张冬艳,陈红松.基于随机Petri网的容灾系统安全性分析[J].清华大学学报:自然科学版,2011,1(10):1281-1286
[11] Cynthia P,Laura P S.A graph-based system for network-vulnerability analysis system[C]∥ACM New Security Paradigms Workshop.1998
[12] Jha S,Sheyner O,Wing J M.Minimization and reliability analyses of attack graphs [R].Technical Report CMUCS-02-109.Carnegie Mellon University,February 2002
[13] Jajodia S,Noel S,O’Berry B.Topological analysis of networkattack vulnerability[C]∥Managing Cyber Threats:Issues,Approaches and Challenges.Springer-Verlag,2005:248-266
[14] Ou Xin-ming,Boyer W F,McQueen M A.A Scalable Approach to Attack Graph Generation[C]∥CCS’06.Alexandria,Virginia,USA,2007:336-345

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!