北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2008, Vol. 31 ›› Issue (4): 58-61.doi: 10.13190/jbupt.200804.58.wangyl

• 论文 • 上一篇    下一篇

基于模型的网络脆弱性定量分析方法

王玉龙, 杨放春, 孙其博   

  1. 北京邮电大学 网络与交换技术国家重点实验室, 北京 100876
  • 收稿日期:2008-01-08 修回日期:1900-01-01 出版日期:2008-08-30 发布日期:2008-08-30
  • 通讯作者: 王玉龙

Model-Based Quantitative Method of Network Vulnerability Analysis

WANG Yu-long, YANG Fang-chun, SUN Qi-bo   

  1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China)
  • Received:2008-01-08 Revised:1900-01-01 Online:2008-08-30 Published:2008-08-30
  • Contact: WANG Yu-long

摘要:

将网络抽象为分层节点和同层连接的二元组。以各层协议实体的变量值组合表示网络状态,分为安全状态、错误状态和失败状态。阐述了脆弱点导致网络进入失败状态的原理。分析了脆弱点识别、验证和关联的依赖关系。提出定量的脆弱性计算方法,对脆弱性的性质进行了理论分析,提出3种安全风险削减方案。

关键词: 网络, 脆弱性, 定量分析, 安全风险

Abstract:

Abstracts network into a two-tuple containing hierarchical nodes and horizontal links. Variables of protocol entities from each layer are combined to represent three types of network states: Secure, Error and Fail-ure. The causality between vulnerabilities and network failures are described, and the dependency relationship between the finding, verifying and correlating of vulnerabilities is analyzed. A quantitative method for measuring network vulnerability is proposed and vulnerability from a theoretical perspective is as well analyzed. Finally, three solutions to lower security risks are presented.

Key words: network, vulnerability, quantitative analysis, security risk

中图分类号: