作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (23): 155-157,. doi: 10.3969/j.issn.1000-3428.2009.23.054

• 安全技术 • 上一篇    下一篇

基于渗透图的网络弱点分析与研究

苏继斌,肖宗水,肖迎杰   

  1. (山东大学计算机科学与技术学院,济南 250101)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-12-05 发布日期:2009-12-05

Analysis and Research on Network Vulnerability Based on Exploit Graph

SU Ji-bin, XIAO Zong-shui, XIAO Ying-jie   

  1. (College of Computer Science and Technology, Shandong University, Jinan 250101)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-12-05 Published:2009-12-05

摘要: 提出一种基于渗透图的网络弱点评估模型(EG_NVM),从网络弱点采集、弱点关联分析出发,参考网络环境配置与拓扑结构、模拟渗透状态改变的过程,构建渗透图,通过对关键渗透序列的量化分析进行网络弱点评估。利用EG_NVM能够有效解决生成图“状态爆炸”的问题并直观显示各弱点相互潜在的关联关系。通过一个典型仿真环境,验证了该方法的可行性和有效性。

关键词: 网络安全, 渗透图, 网络弱点, 关联关系

Abstract: This paper presents the Network Vulnerability Model based on the Exploit Graph(EG_NVM). The model collects the network vulnerability, analyzes the vulnerability relation, references network configuration and topology, simulates the produce of the exploitation state change, builds exploit graph, analyzes the key exploit queue and constructs assessment of network vulnerability, which provides a useful evidence and guidance for making risk decision. The EG_NVM can effectively resolve the “state explosion” of the others’, and visually display the vulnerability of each relationship. Typical simulation verifies its feasibility and effectiveness.

Key words: network security, exploit graph, network vulnerability, association relation

中图分类号: