北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2022, Vol. 45 ›› Issue (2): 16-21.doi: 10.13190/j.jbupt.2021-166

• 论文 • 上一篇    下一篇

一种基于主机重要度的网络主机节点风险评估方法

杨宏宇1,2, 袁海航2, 张良3   

  1. 1. 中国民航大学 安全科学与工程学院, 天津 300300;
    2. 中国民航大学 计算机科学与技术学院, 天津 300300;
    3. 亚利桑那大学 信息学院, 图森 AZ85721
  • 收稿日期:2021-08-06 发布日期:2021-12-16
  • 作者简介:杨宏宇(1969—),男,教授,邮箱:yhyxlx@hotmail.com。
  • 基金资助:
    国家自然科学基金民航联合研究基金项目(U1833107)

A Risk Assessment Method of Network Host Node with Host Importance

YANG Hongyu1,2, YUAN Haihang2, ZHANG Liang3   

  1. 1. College of Safety Science and Engineering, Civil Aviation University of China, Tianjin 300300, China;
    2. College of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China;
    3. College of Information, University of Arizona, Tucson AZ85721, USA
  • Received:2021-08-06 Published:2021-12-16

摘要: 现有依据攻击图评估网络主机节点方法中的原子攻击概率和资产保护价值计算时,未考虑主机节点间关联关系对主机节点风险值的影响。对此,提出了以网络中主机重要程度为基础的风险评估方案。首先,依据网络信息构建主机攻击图,利用漏洞可利用性、代码可用性和防御强度计算原子攻击概率并依据攻击图计算路径攻击概率;然后,从攻击图结构和资产保护价值2个角度表征主机重要度,利用原子攻击概率的倒数对主机攻击图加权并计算主机节点的改进加权介数指标,利用熵权法对主机节点资产保护价值指标赋权并计算资产保护价值;最后,根据主机节点最大路径攻击概率和主机重要度计算网络主机节点的风险值。实验结果表明,所提方法能够更全面地评估网络环境中的主机节点风险,得到的风险值更加合理。

关键词: 网络安全, 主机攻击图, 主机重要度, 熵权法, 风险评估

Abstract: The existing network host node assessment methods based on attack graph have unreasonable calculation of atomic attack probability and asset protection value, and ignore the impact of the association relationship between host nodes on host node risk value. To solve these problems, a risk assessment scheme based on the importance of hosts in the network is proposed. Firstly, a host-based attack graph based on network information is build, and then the probability of atomic attack is calculated by vulnerability exploitability, code availability and defense intensity. After that, the attack probability of path is calculated based on the attack graph. Furthermore, the host importance is characterized from the attack graph structure and asset protection value. The reciprocal of atomic attack probability is used to weigh the host-based attack graph, and the improved weighted betweenness index is calculated. Moreover, the entropy weight method is used to weigh the asset protection value index of the host nodes and calculate the asset protection value. Finally, the risk value of the network host node is calculated according to the maximum path attack probability and host importance. The experimental results show that the host node risk in the network environmentand the obtained risk value results are more rational.

Key words: network security, host-based attack graph, host importance, entropy weight method, risk assessment

中图分类号: