Computer Network Vulnerability Assessment Based on Bayesian Attribute Network

doi:10.13190/j.jbupt.2015.04.022

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2015, Vol. 38 ›› Issue (4): 110-116.doi: 10.13190/j.jbupt.2015.04.022

• Reports • Previous Articles Next Articles

Computer Network Vulnerability Assessment Based on Bayesian Attribute Network

WANG Xiu-juan, SUN Bo, LIAO Yan-wen, XIANG Cong-bin

Computer Institute, Beijing University of Technology, Beijing 100124, China

Received:2015-07-03 Online:2015-08-28 Published:2015-08-28

Abstract

Abstract:

For assessing the vulnerability of computer network accurately and comprehensively, the problem of attack loops, the state explosion and analyzing qualitatively were researched. The method of converting attribute attack graph to the Bayesian network and the new loop elimination algorithm was also proposed. By using these two algorithms, a new Bayesian attribute attack graph model was build. The formula of assessing indicators was derived by Bayesian formula. The data of common vulnerability scoring system was used to compute the probability of attribute nodes and indicators to conduct network vulnerability assessment. Experiments analysis proves the feasibility and effectiveness of the model. Compared with other methods of vulnerability assessment, this model has simple calculation which is suitable for dynamic quantitative assessment.

Key words: attack graph, Bayesian network, vulnerability analysis, quantitative analysis

CLC Number:

TP393.08

WANG Xiu-juan, SUN Bo, LIAO Yan-wen, XIANG Cong-bin. Computer Network Vulnerability Assessment Based on Bayesian Attribute Network[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(4): 110-116.

References

[1] 钟尚勤, 徐国胜, 姚文斌, 等. 基于主机安全组划分的网络安全性分析[J]. 北京邮电大学学报, 2012, 35(1): 19-23. Zhong Shangqin, Xu Guosheng, Yao Wenbin et al. Network security analysis based on host-security-group [J]. Journal of Beijing University of Posts and Telecommunications, 2012, 35(1): 19-23.

[2] Sheyner O, Haines J, Jha S, et al. Automated generation and analysis of attack graphs [C]//Proceedings 2002 IEEE Symposium on Security and privacy, 2002: 273-284.

[3] 龙门, 夏靖波, 张子阳, 等. 节点相关的隐马尔可夫模型的网络安全评估[J]. 北京邮电大学学报, 2011, 33(6): 121-124. Long Men, Xia Jingbo, Zhang Ziyang, et al. Network security assessment based on node correlated HMM [J]. Journal of Beijing University of Posts and Telecommunications, 2011, 33(6): 121-124.

[4] 陈锋, 张怡. 基于攻击图的网络脆弱性量化评估研究[J]. 计算机工程与科学, 2010, 32(10): 8-11. Chen Feng, Zhang Yi. Research of quantitative vulnerability assessment based on attack graphs [J]. Computer Engineering & Science, 2010, 32(10): 8-11.

[5] 陈思思, 连一峰, 贾炜. 基于贝叶斯网络的脆弱性状态评估方法[J]. 中国科学院研究生院学报, 2008, 25(5): 639-648. Chen Sisi, Lian Yifeng, Jia Wei. A network vulnerability evaluation method based on Bayesian networks [J]. Journal of the Graduate School of the Chinese Academy of Sciences, 2008, 25(5): 639-648.

[6] 方研, 殷肖川, 李景志. 基于贝叶斯攻击图的网络安全量化评估研究[J]. 计算机应用研究, 2013, 30(9): 2763-2766. Fang Yan, Yin Xiaochuan, Li Jingzhi. Research of quantitative network security assessment based on Bayesian-attack graphs [J]. Application Research of Computers, 2013, 30(9): 2763-2766.

[7] Wang Lingyu, Yao Chao, Singhal A, et al. Interactive analysis of attack graphs using relational queries [M]. Data and Applications Security XX: Springer Berlin Heidelberg, 2006: 119-132.

[8] 贾炜. 计算机网络脆弱性评估方法研究[D]. 合肥: 中国科学技术大学, 2012. Jia Wei. The research on computer network vulnerabilities assessment methods [D]. Hefei: University of Science and Technology of China, 2012.

[9] Poolsappasit N, Dewri R, Ray I. Dynamic security risk management using Bayesian attack graphs[J]. Dependable and Secure Computing, IEEE Transactions on, 2012, 9(1): 61-74.

[10] 叶云, 徐锡山. 基于攻击图的网络安全概率计算方法[J]. 计算机学报, 2010 (10): 1987- 1996. Ye Yun, Xu Xishan. An attack graph based probabilistic computing approach of network security [J]. Chinese Journal of computers, 2010 (10): 1987-1996.

Computer Network Vulnerability Assessment Based on Bayesian Attribute Network

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 8

Recommended Articles

Metrics

Comments

[1]	YANG Hongyu, YUAN Haihang, ZHANG Liang. A Risk Assessment Method of Network Host Node with Host Importance [J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(2): 16-21.
[2]	LI Yong-cheng, LIU Shu-mei, YU Yao, LI Shuang. Road Network Vulnerability Identification Considering the Impact of Road Sections and Intersections Congestion [J]. Journal of Beijing University of Posts and Telecommunications, 2020, 43(1): 14-20.
[3]	LIU Wei-xin, ZHENG Kang-feng, HU Ying, WU Bin. Approach of Goal-Oriented Attack Graph-Based Threat Evaluation for Network Security [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(1): 82-86.
[4]	. Network Security Analysis Based on Host-Security-Group [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2012, 35(1): 19-23.
[5]	WANG Zhong-Feng, WANG Zhi-Hai. Equivalent Classed of TAN Classifier Structure and Their Application on Learning Algorithm [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2012, 35(1): 72-76.
[6]	WU Huan, PAN Lin, WANG Xiao-zhen, XU Rong-sheng. A Risk Assessment Model Using Incomplete Attack Graphs Analysis [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(3): 57-61.
[7]	QIAO Yan,MENG Luo-ming, CHENG Lu,WU Li,YUAN Yi-guo. An Efficient Approach to Multi-Fault Diagnosis in Dynamic Networks [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 1-4.
[8]	WANG Yu-long, YANG Fang-chun, SUN Qi-bo . Model-Based Quantitative Method of Network Vulnerability Analysis [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(4): 58-61.