北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2012, Vol. 35 ›› Issue (1): 19-23.doi: 10.13190/jbupt.201201.19.zhongshq

• 论文 • 上一篇    下一篇

基于主机安全组划分的网络安全性分析

钟尚勤,徐国胜,姚文斌,杨义先   

  1. 1.北京邮电大学 信息安全中心,北京 100876; 2.北京邮电大学 灾备技术国家工程实验室,北京 100876
  • 收稿日期:2011-04-16 修回日期:2011-07-07 出版日期:2012-02-28 发布日期:2012-01-05
  • 通讯作者: 钟尚勤 E-mail:zhongshangqin2003@yahoo.com.cn
  • 作者简介:钟尚勤(1983-),男,博士生,E-mail:zhongshangqin2003@yahoo.com.cn 姚文斌(1972-),男,教授,博士生导师
  • 基金资助:

    国家发改委信息安全专项项目;国家自然科学基金项目(61003285);中央高校基本科研业务费专项项目(BUPT2011RC0209)

Network Security Analysis Based on Host-Security-Group

ZHONG Shang-qin, XU Guo-sheng, YAO Wen-bin,YANG Yi-xian
  

  1. 1.Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;2. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2011-04-16 Revised:2011-07-07 Online:2012-02-28 Published:2012-01-05

摘要:

针对目前网络安全分析方法中攻击图规模庞大、生成算法效率低等问题,提出了主机攻击图的生成模型和算法.基于该生成算法,进一步提出了主机安全组的概念及其划分算法.通过对网络中的主机划分安全组,实现对网络安全性的分析.实验结果证明,该分析方法能描述网络整体的安全状况,方便安全管理员找出网络中的关键主机,具有直观、高效和准确等特点.

关键词: 网络安全, 安全性分析, 主机攻击图, 主机安全组, 风险评估

Abstract:

A simple, flexible, and efficient method is proposed to generate hostbased attack graph. Based on this generating algorithm, the concept of ‘host-security-group’ is put forward, and according with its partitioning algorithm, an approach of analyzing network security by using theory of host-security-group is described. It is proved to be intuitive, efficient and accurate, as it describes the overall security situation of network and facilitates network security administrator to identify the key hosts.

Key words: network security, security analysis, hostbased attack graph, host-security-group, risk assessment

中图分类号: