北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2015, Vol. 38 ›› Issue (4): 110-116.doi: 10.13190/j.jbupt.2015.04.022

• 研究报告 • 上一篇    下一篇

贝叶斯属性攻击图网络脆弱性评估

王秀娟, 孙博, 廖彦文, 相从斌   

  1. 北京工业大学 计算机学院, 北京 100124
  • 收稿日期:2015-07-03 出版日期:2015-08-28 发布日期:2015-08-28
  • 作者简介:王秀娟(1979-),女,博士,研究生导师,E-mail:xjwang@bjut.edu.cn.

Computer Network Vulnerability Assessment Based on Bayesian Attribute Network

WANG Xiu-juan, SUN Bo, LIAO Yan-wen, XIANG Cong-bin   

  1. Computer Institute, Beijing University of Technology, Beijing 100124, China
  • Received:2015-07-03 Online:2015-08-28 Published:2015-08-28

摘要:

为了准确全面地评估计算机网络脆弱性,对攻击图中存在的攻击环路、状态爆炸、难以量化分析等问题进行了研究,提出了属性攻击图向贝叶斯网络转化的方法和新的环路消除算法,并利用这两个算法建立贝叶斯属性攻击图模型.在该模型中,利用贝叶斯公式进行推导,得到评估指标的计算公式.利用通用漏洞评分系统数据计算节点的发生概率和评估指标,进行计算机网络脆弱性评估.通过进行实验分析,证明了该模型的可行性和有效性.与其他的脆弱性评估方法相比,该模型具有评估准确、计算简洁、动态量化评估的特点.

关键词: 攻击图, 贝叶斯网络, 脆弱性分析, 量化分析

Abstract:

For assessing the vulnerability of computer network accurately and comprehensively, the problem of attack loops, the state explosion and analyzing qualitatively were researched. The method of converting attribute attack graph to the Bayesian network and the new loop elimination algorithm was also proposed. By using these two algorithms, a new Bayesian attribute attack graph model was build. The formula of assessing indicators was derived by Bayesian formula. The data of common vulnerability scoring system was used to compute the probability of attribute nodes and indicators to conduct network vulnerability assessment. Experiments analysis proves the feasibility and effectiveness of the model. Compared with other methods of vulnerability assessment, this model has simple calculation which is suitable for dynamic quantitative assessment.

Key words: attack graph, Bayesian network, vulnerability analysis, quantitative analysis

中图分类号: