摘要： 在网络攻击过程中脆弱性存在于节点的部件主体上，针对该问题，将攻击描述细化到网络部件级，在原权限控制模型中增加对部件间权限、连接关系、属性的描述及脆弱性重写规则，构造NCVTG模型，提出复杂度为多项式时间的NCVTG模型图权限转移闭包生成算法用以评估网络的动态变化，给出当前脆弱性状态下的所有攻击路径。实验结果证明，该模型可对网络安全性进行综合分析，预测所有可能的攻击。

关键词: 网络安全分析模型, 攻击图, 权限获取-授予模型, 重写规则

Abstract: Because vulnerabilities exist in the components of the network nodes during attacking, this paper proposes Network Component Vulnerability Take-Grant(NCVTG) model to describe the network attack on the network components level. The model adds the precise description for the privilege, connection relation and attributes among the network components, and adds the vulnerabilities rewriting rules. A graph privilege transitive closure generation algorithm whose time complexity is polynomial time for NCVTG model is proposed. The algorithm can make dynamic security analysis when the network is changing, and give all attack paths in present vulnerability states. Experimental results prove that the model can make a comprehensive analysis on network security and predict all possible attacks.

Key words: network security analysis model, attack graph, privilege Take-Grant model, rewriting rule

中图分类号: 

• TP393.08