基于攻防对抗的网络安全动态评估方法

计算机科学 ›› 2013, Vol. 40 ›› Issue (Z11): 214-218.

基于攻防对抗的网络安全动态评估方法

连礼泉,彭武,王冬海

中国电子科技集团公司电子科学研究院北京100041;中国电子科技集团公司电子科学研究院北京100041;中国电子科技集团公司电子科学研究院北京100041

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受国防基础科研项目(A0420110006)资助

Method of Network Security Dynamic Assessment Based on Attack-defense Confrontation

LIAN Li-quan,PENG Wu and WANG Dong-hai

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 根据网络攻防对抗实时变化的特点,提出了一种网络安全状态的动态评估方法。首先,根据敌我双方攻防特点,建立基于脆弱性状态迁移的网络安全模型；然后,在此基础上量化攻击成功的可能性和产生的后果,并分析攻防对抗行为对关键资产保密性、完整性、可用性等安全属性的影响,并通过实验验证了该方法的可行性及有效性。

关键词: 攻击图,安全评估,可视化,攻防对抗

Abstract: According to the characteristic of the network attack-defense real-time variation,a dynamic assessment method of network security state was presented．Firstly,a network security model based on vulnerability state transition was built,according to the characteristics of attack and defense both sides．Then the success probability and the consequences of attack success were quantitated,and the effects of attack-defense confrontation behaviors on the key asset security attributes such as confidentiality,integrity and availability were analyzed．Finally,the feasibility and validity of this method were proved through an experiment.

Key words: Attack graph,Security assessment,Visualization,Attack-defense confrontation

连礼泉,彭武,王冬海. 基于攻防对抗的网络安全动态评估方法[J]. 计算机科学, 2013, 40(Z11): 214-218. https://doi.org/

LIAN Li-quan,PENG Wu and WANG Dong-hai. Method of Network Security Dynamic Assessment Based on Attack-defense Confrontation[J]. Computer Science, 2013, 40(Z11): 214-218. https://doi.org/

参考文献

[1] 韦勇,连一峰.基于日志审计与性能修正算法的网络安全态势评估模型[J].计算机学报,2009,32(4):763-772
[2] Lau S．The spinning cube of potential doom[J]．Communications of the ACM,2004,47(6):25-26
[3] 徐玮晟,张保稳,李生红．网络安全评估方法研究进展[J].信息安全与通信保密,2009,0(4)
[4] 马俊春,王勇军,孙继银,等．基于攻击图的网络安全评估方法研究[J]．计算机应用研究,2012,9(3)
[5] Yu D,Frincke D．Improving the quality of alerts and predicting intruder’s next goal with hidden colored Petri-net[J].Computer Networks,2007,1(3):632-654
[6] Aven T．A unified framework for risk and vulnerability analysis covering both safety and security[J].Reliability Engineering and System Safety,2007,2(6):745-754
[7] 廖年冬,易禹,胡琦.动态实时网络安全风险评估研究[J].计算机工程与应用,2011,7(36)
[8] 陈锋,刘德辉,张怡,等．基于威胁传播模型的层次化网络安全评估方法[J]．计算机研究与发展,2011,8(6):945-954

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed