首页 | 本学科首页   官方微博 | 高级检索  
     

警报关联图:一种网络脆弱性量化评估的新方法
引用本文:张 怡,赵 凯,来 犇. 警报关联图:一种网络脆弱性量化评估的新方法[J]. 国防科技大学学报, 2012, 34(3): 109-112
作者姓名:张 怡  赵 凯  来 犇
作者单位:国防科技大学计算机学院,湖南长沙,410073
基金项目:国家863计划资助项目
摘    要:作为一种基于模型的脆弱性分析技术,攻击图能够识别网络中存在的脆弱性和它们之间的相互关系,分析出可能的攻击路径和潜在威胁.论文在攻击图的基础上提出了警报关联图的概念,利用攻击图中蕴含的脆弱性先验知识,将实时IDS警报信息映射到攻击路径,动态反映攻击进程和攻击者意图.在此基础上提出了一种基于警报关联图的网络脆弱性量化评估方法,通过计算警报关联边的权值对网络脆弱性进行动态分析,这种方法结合了静态的网络脆弱性先验知识和动态变化的攻击者意图,能有效反映网络脆弱性在动态攻击情况下的变化.

关 键 词:攻击图  警报关联图  脆弱性评估
收稿时间:2011-09-20

Alert correlation graph:a novel method for quantitative vulnerability assessment
ZHANG Yi,ZHAO Kai and LAI Ben. Alert correlation graph:a novel method for quantitative vulnerability assessment[J]. Journal of National University of Defense Technology, 2012, 34(3): 109-112
Authors:ZHANG Yi  ZHAO Kai  LAI Ben
Affiliation:Ben(College of Computer,National University of Defense Technology,Changsha 410073,China)
Abstract:As a model-based vulnerability analysis technology,attack graphs can identify network vulnerabilities and their interactions;they can also reveal all possible attack paths and potential threats.Based on the attack graphs,alert correlation graphs are proposed in the paper.An alert correlation graph maps real-time IDS alerts into attack paths using prior knowledge encoded in attack graph,and reveals attack progresses and attackers’ intention dynamically.A novel quantitative network vulnerability assessment method is presented based on the alert correlation graph,which analyzes network vulnerabilities by dynamically computing the weight of alert correlation edges.The research also demonstrates,by examples,that the proposed method combines static prior knowledge about network vulnerabilities with dynamic attackers’ intentions,and reveals the change of network vulnerability under real-time attacks.
Keywords:attack graph  alert correlation graph  vulnerability assessment
本文献已被 CNKI 万方数据 等数据库收录!
点击此处可从《国防科技大学学报》浏览原始摘要信息
点击此处可从《国防科技大学学报》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号