作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (9): 147-149,. doi: 10.3969/j.issn.1000-3428.2009.09.051

• 安全技术 • 上一篇    下一篇

基于逻辑渗透图的网络安全分析模型

钱 猛,毛捍东,姚 莉,张维明   

  1. (国防科技大学信息系统与管理学院,长沙 410073)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-05-05 发布日期:2009-05-05

Network Security Analysis Model Based on Logic Exploitation Graph

QIAN Meng, MAO Han-dong, YAO Li, ZHANG Wei-ming   

  1. (School of Information System & Management, National University of Defense Technology, Changsha 410073)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-05-05 Published:2009-05-05

摘要: 基于图论的方法被引入来进行分析多阶段、多主机之间的网络渗透行为,但非形式化的数据描述及状态爆炸等问题难以适应中大规模网络系统。通过分析多种网络渗透行为,提出一种基于逻辑渗透图的网络安全分析模型(LEG-NSAM)。通过分析对比看出,LEG-NSAM的形式化描述和推理机制有助于更加准确、清晰地评估安全风险。采用LEG及其简化算法能够对大规模网络进行有效安全分析。

关键词: 安全分析, 逻辑渗透图, 逻辑推理, 网络渗透

Abstract: Recent work in network security focuses on the fact that combinations of exploits are the typical means by which an attacker breaks into a network. This paper describes a new approach to represent and analyze network vulnerability. It proposes logic exploitation graph, which directly illustrates logical dependencies among exploitation goals and network configure. The logic exploitation graph generation tool builds upon LEG-NSA, a network security analyzer based on prolog logic programming, and demonstrates how to reason all exploitation paths using bottom-up and top-down evaluation algorithms in the prolog logic-programming engine. Experimental evidence show that the logic exploitation graph generation algorithm is very efficient.

Key words: security analysis, logic exploitation graph, logic reasoning, network exploitation

中图分类号: