| 马俊春,王勇军,孙继银.基于攻击图的网络安全策略制定方法研究[J].高技术通讯(中文),2012,22(4):374~381 |
| 基于攻击图的网络安全策略制定方法研究 |
| A novel method of constituting network security policy based on attack graphs |
| 修订日期:2010-11-29 |
| DOI: |
| 中文关键词: 大规模网络, 网络安全, 攻击图, 分布并行, 安全策略 |
| 英文关键词: large scale network, network security, attack graph, distributed paralleled processing, security policy |
| 基金项目:863计划(2009AA01Z432)资助项目 |
| 作者 | 单位 | | 马俊春 | 国防科技大学计算机学院;第二炮兵工程学院西安 | | 王勇军 | 国防科技大学计算机学院 | | 孙继银 | 第二炮兵工程学院西安 |
|
| 摘要点击次数: 2525 |
| 全文下载次数: 1934 |
| 中文摘要: |
| 为了提高网络的整体安全性,提出了基于攻击图的网络安全策略制定方法。该方法首先从分布并行处理角度将不同区域的目标网络进行脆弱性分析任务划分,采用分布并行处理技术进行攻击图构建;其次,利用生成的全局攻击图识别目标网络中存在的脆弱性之间的关系,以及由此产生的潜在威胁;最后,将攻击图与遗传算法相结合,建立相应的数学模型,把安全策略的制定问题转化为带有惩罚的非约束优化问题,以最小的成本保证目标网络的安全。实验结果表明,该方法具有较高的攻击图生成效率,并且降低了攻击图生成时的系统资源消耗。该方法可以帮助网络安全管理人员有针对性地进行安全防护,能够适用于评估大规模复杂网络系统的整体安全性。 |
| 英文摘要: |
| In order to improve a network’s total security, a novel method of constituting security policy based on attack graphs is presented. Firstly, it divides the total network into different areas, and uses the parallel and processing technology to constitute attack graphs; Secondly, it uses the overall attack graph to identify the network vulnerabilities’ dependencies and the resulting potential threat; Finally, it combines the attack graph with the genetic algorithm to establish the corresponding mathematical model, so as to transform the constitution of a security policy into a non restraint optimization problem with penalty to guarantee the network security with the least cost. The experimental results show that this method can improve the efficiency of attack graphs’ generation and reduce the system’s resource consumption greatly. The proposed method can help network security managers guard networks and can be used to assess large scale networks’ overall security. |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |
|
|
|
