计算机工程 ›› 2008, Vol. 34 ›› Issue (13): 115-117,.doi: 10.3969/j.issn.1000-3428.2008.13.042

• 安全技术 • 上一篇    下一篇

网络攻击图在自动渗透测试中的应用

陈国栋,杨光临,段晓辉   

  1. (北京大学电子学系信号与信息处理实验室,北京 100871)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-07-05 发布日期:2008-07-05

Application of Network Attack Graph in Automated Penetration Test

CHEN Guo-dong, YANG Guang-lin, DUAN Xiao-hui   

  1. (Signal and Information Processing Lab, Departerment of Electronics, Peking University, Beijing 100871)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-07-05 Published:2008-07-05

摘要: 提出一种新的网络攻击图(NAG)自动生成及优化方法,针对NAG的状态空间爆炸问题,将其分为子攻击图和父攻击图。子攻击图描述从攻击发起主机到目标主机的具体攻击方案,父攻击图描述攻击者在网络主机间的权限转移过程。该方法通过简化NAG的结构减小其复杂度。

关键词: 网络安全, 网络攻击图, 渗透测试, 攻击模型

Abstract: This paper presents a new approach to automatic construction and optimization of the Network Attack Graph(NAG). For solving scalability problem of the NAG, a hierarchy has been adapted for the network structure that can be divided into attack subgraph and attack supergraph. The attack subgraph describes concrete attack scenarios from the source host to the destination host. The attack supergraph described the attacker’s privilege transition processing. This approach reduces the complexity of NAG by simplifying the structure of it.

Key words: network security, Network Attack Graph(NAG), penetration test, attack model

中图分类号: