摘要: 提出一种基于渗透图的网络弱点评估模型(EG_NVM),从网络弱点采集、弱点关联分析出发,参考网络环境配置与拓扑结构、模拟渗透状态改变的过程,构建渗透图,通过对关键渗透序列的量化分析进行网络弱点评估。利用EG_NVM能够有效解决生成图“状态爆炸”的问题并直观显示各弱点相互潜在的关联关系。通过一个典型仿真环境,验证了该方法的可行性和有效性。
关键词:
网络安全,
渗透图,
网络弱点,
关联关系
Abstract: This paper presents the Network Vulnerability Model based on the Exploit Graph(EG_NVM). The model collects the network vulnerability, analyzes the vulnerability relation, references network configuration and topology, simulates the produce of the exploitation state change, builds exploit graph, analyzes the key exploit queue and constructs assessment of network vulnerability, which provides a useful evidence and guidance for making risk decision. The EG_NVM can effectively resolve the “state explosion” of the others’, and visually display the vulnerability of each relationship. Typical simulation verifies its feasibility and effectiveness.
Key words:
network security,
exploit graph,
network vulnerability,
association relation
中图分类号:
苏继斌;肖宗水;肖迎杰. 基于渗透图的网络弱点分析与研究[J]. 计算机工程, 2009, 35(23): 155-157,.
SU Ji-bin; XIAO Zong-shui; XIAO Ying-jie. Analysis and Research on Network Vulnerability Based on Exploit Graph[J]. Computer Engineering, 2009, 35(23): 155-157,.