计算机工程 ›› 2019, Vol. 45 ›› Issue (9): 128-135,142.doi: 10.19678/j.issn.1000-3428.0052317

• 安全技术 • 上一篇    下一篇

基于BNAG模型的脆弱性评估算法

王辉, 娄亚龙, 戴田旺, 茹鑫鑫, 刘琨   

  1. 河南理工大学 计算机科学与技术学院, 河南 焦作 454000
  • 收稿日期:2018-08-06 修回日期:2018-09-26 出版日期:2019-09-15 发布日期:2019-09-03
  • 作者简介:王辉(1975-),男,副教授、博士,主研方向为网络安全;娄亚龙、戴田旺、茹鑫鑫,硕士研究生;刘琨(通信作者),副教授
  • 基金项目:
    国家自然科学基金(61300216)。

Vulnerability Evaluation Algorithm Based on BNAG Model

WANG Hui, LOU Yalong, DAI Tianwang, RU Xinxin, LIU Kun   

  1. School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, Henan 454000, China
  • Received:2018-08-06 Revised:2018-09-26 Online:2019-09-15 Published:2019-09-03
  • Supported by:
    This work is supported by Beijing Municipal Science and Technology Project (No.Z151100002115045).

摘要: 为准确评估计算机网络的脆弱性,结合贝叶斯网络与攻击图提出一种新的评估算法。构建攻击图模型RSAG,在消除攻击图中环路的基础上,将模型转换成贝叶斯网络攻击图模型BNAG,引入节点攻击难度和节点状态变迁度量指标计算节点可达概率。实例分析结果表明,该算法对网络脆弱性的评估结果真实有效,能够体现每个节点被攻击的差异性,并且对于混合结构攻击图的计算量较少,可准确凸显混乱关系下漏洞的危害程度。

关键词: 攻击图, 贝叶斯网络, 状态变迁, 可达概率, 脆弱性

Abstract: In order to accurately evaluate the vulnerability of computer network,a new evaluation algorithm is proposed by combining Bayesian network with attack graph.An attack graph model is constructed,which is named RSAG.On the basis of eliminating the loop in the attack graph,the model is transformed into a Bayesian network attack graph model,which is named BNAG,and the node accessibility probability is calculated by introducing the node attack difficulty and node state transition measurement index.The analysis results of an example show that the evaluation results of network vulnerability by this algorithm are true and effective,which can fully reflect the difference between attacked node.Meanwhile,the calculation of attack graph with mixed structure is less,which can accurately highlight the harm degree of vulnerability in the chaotic relationship.

Key words: attack graph, Bayesian network, state accessdibility, accessibility probability, vulnerability

中图分类号: