| 基于网络中心性的计算机网络脆弱性评估方法 |
| |
| 作者姓名: | 贾炜 冯登国 连一峰 |
| |
| 作者单位: | 1. 中国科学技术大学电子工程与信息科学系, 合肥 230026;2. 中国科学院软件研究所信息安全 国家重点实验室, 北京 100190;3. 信息安全共性技术国家工程研究中心, 北京 100080 |
| |
| 基金项目: | 国家高技术研究发展计划(863) (2009AA01Z439)资助 |
| |
| 摘 要: | 提出一种基于网络中心性的计算机网络脆弱性评估方法. 首先基于通用脆弱性评分系统,对攻击者利用脆弱性攻击所花费的代价进行量化评估,根据评估结果对脆弱性攻击图进行最小攻击代价路径分析. 引入网络中心性理论,采用攻击图节点的介数和节点连通度相结合的方法,对攻击图的节点关键程度进行量化分析,判断对网络安全产生关键影响的脆弱性,为计算机网络的安全优化提供依据.
|
| 关 键 词: | 脆弱性 脆弱性攻击图 网络中心性 介数 攻击代价 |
| 收稿时间: | 2011-04-15 |
| 修稿时间: | 2011-06-07 |
Network-vulnerability evaluation method based on network centrality |
| |
| Authors: | JIA Wei FENG Deng-Guo LIAN Yi-Feng |
| |
| Institution: | 1. Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230026, China;2. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;3. National Engineering Research Center for Information Security, Beijing 100080, China |
| |
| Abstract: | We propose a method based on network centrality to evaluate the vulnerabilities of computer networks. We evaluate the attack costs based on CVSS and analyze the minimum attack cost routes by using the quantitative results. Then, we present a new network centrality method which combines betweenness with degree-theory to analyze the importance of the nodes in attack graph. The method helps us to find the key vulnerabilities which have great effect on network security and to enhance the network security. |
| |
| Keywords: | vulnerability vulnerabilities attack graph network centrality betweenness attack cost |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|
