作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2006, Vol. 32 ›› Issue (17): 200-202,. doi: 10.3969/j.issn.1000-3428.2006.17.070

• 安全技术 • 上一篇    下一篇

一种计算机网络脆弱性评估系统的设计

王永杰;刘 进;陈志杰;鲜 明;王国玉   

  1. 国防科技大学电子科学与工程学院,长沙 410073
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2006-09-05 发布日期:2006-09-05

Design of a Computer Network Vulnerability Evaluation System

WANG Yongjie;LIU Jin; CHEN Zhijie;XIAN Ming; WANG Guoyu   

  1. School of Electronic Science and Engineering, National University of Defence Technology, Changsha 410073
  • Received:1900-01-01 Revised:1900-01-01 Online:2006-09-05 Published:2006-09-05

摘要: 以攻击图建模方法为基础,提出了一种综合利用网络安全评估工具、模型检验工具的计算机网络脆弱性评估系统的设计方案。给出了脆弱性评估系统的总体框架结构,分析了各模块的功能特点和结构组成。该脆弱性评估系统可以分析计算机网络系统的最薄弱环节、最隐蔽被攻击路径、最易被攻击路径和最常被攻击路径,可以有效指导计算机网络系统安全措施制定与改进。

关键词: 网络安全, 脆弱性评估, 攻击图

Abstract: A computer network vulnerability evaluation system is designed based on attack graph modeling method. The computer network security evaluation tools and model check tools are integrated in the system. The block scheme of the computer network vulnerability evaluation system is proposed. The function and structure of all modules are analyzed in detail. The vulnerability evaluation system is able to analyze the weakest node, the most covert attack path, the most possible attack path, and the most frequent attack path. The vulnerability evaluation system can be used to establish and improve security measures of computer network systems effectively.

Key words: Network security, Vulnerability evaluation, Attack graph