Vulnerability Evaluation Algorithm Based on BNAG Model

doi:10.19678/j.issn.1000-3428.0052317

Computer Engineering ›› 2019, Vol. 45 ›› Issue (9): 128-135,142. doi: 10.19678/j.issn.1000-3428.0052317

Previous Articles Next Articles

Vulnerability Evaluation Algorithm Based on BNAG Model

WANG Hui, LOU Yalong, DAI Tianwang, RU Xinxin, LIU Kun

School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, Henan 454000, China

Received:2018-08-06 Revised:2018-09-26 Online:2019-09-15 Published:2019-09-03
Supported by:
This work is supported by Beijing Municipal Science and Technology Project (No.Z151100002115045).

基于BNAG模型的脆弱性评估算法

王辉, 娄亚龙, 戴田旺, 茹鑫鑫, 刘琨

河南理工大学计算机科学与技术学院, 河南焦作 454000

作者简介:王辉(1975-),男,副教授、博士,主研方向为网络安全;娄亚龙、戴田旺、茹鑫鑫,硕士研究生;刘琨(通信作者),副教授
基金资助:
国家自然科学基金（61300216）。

Abstract

Abstract: In order to accurately evaluate the vulnerability of computer network,a new evaluation algorithm is proposed by combining Bayesian network with attack graph.An attack graph model is constructed,which is named RSAG.On the basis of eliminating the loop in the attack graph,the model is transformed into a Bayesian network attack graph model,which is named BNAG,and the node accessibility probability is calculated by introducing the node attack difficulty and node state transition measurement index.The analysis results of an example show that the evaluation results of network vulnerability by this algorithm are true and effective,which can fully reflect the difference between attacked node.Meanwhile,the calculation of attack graph with mixed structure is less,which can accurately highlight the harm degree of vulnerability in the chaotic relationship.

Key words: attack graph, Bayesian network, state accessdibility, accessibility probability, vulnerability

摘要： 为准确评估计算机网络的脆弱性，结合贝叶斯网络与攻击图提出一种新的评估算法。构建攻击图模型RSAG，在消除攻击图中环路的基础上，将模型转换成贝叶斯网络攻击图模型BNAG，引入节点攻击难度和节点状态变迁度量指标计算节点可达概率。实例分析结果表明，该算法对网络脆弱性的评估结果真实有效，能够体现每个节点被攻击的差异性，并且对于混合结构攻击图的计算量较少，可准确凸显混乱关系下漏洞的危害程度。

关键词: 攻击图, 贝叶斯网络, 状态变迁, 可达概率, 脆弱性

CLC Number:

TP309

WANG Hui, LOU Yalong, DAI Tianwang, RU Xinxin, LIU Kun. Vulnerability Evaluation Algorithm Based on BNAG Model[J]. Computer Engineering, 2019, 45(9): 128-135,142.

王辉, 娄亚龙, 戴田旺, 茹鑫鑫, 刘琨. 基于BNAG模型的脆弱性评估算法[J]. 计算机工程, 2019, 45(9): 128-135,142.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0052317

http://www.ecice06.com/EN/Y2019/V45/I9/128

Figures/Tables 16

References

[1] 穆雪峰.网络型病毒传播与计算机网络安全[J].信息与电脑(理论版),2017(12):200-202.
[2] 中国互联网站发展状况及其安全报告(2017)[EB/OL].[2018-07-05].http://www.isc.org.cn/zxzx/xhdt/listi nfo-35526.html.
[3] 李艳,黄光球.动态攻击网络演化分析模型[J].计算机应用研究,2016,33(1):266-270.
[4] POOLSAPPASIT N,DEWRI R,RAY I.Dynamic security risk management using Bayesian attack graphs[M].Washington D.C.,USA:IEEE Computer Society Press,2012.
[5] 吴迪,连一峰,陈恺,等.一种基于攻击图的安全威胁识别和分析方法[J].计算机学报,2012,35(9):1938-1950.
[6] 余洋,夏春和,胡潇云.采用混和路径攻击图的防御方案生成方法[J].浙江大学学报(工学版),2017,51(9):1745-1759.
[7] 叶子维,郭渊博,王宸东,等.攻击图技术应用研究综述[J].通信学报,2017,38(11):121-132.
[8] 高妮,高岭,贺毅岳,等.基于贝叶斯攻击图的动态安全风险评估模型[J].四川大学学报(工程科学报),2016,48(1):111-118.
[9] KRAUTSEVICH L.Parametric attack graph construction and analysis[J].Organometallics,2015,30(12):98-101.
[10] 陈小军,方滨兴,谭庆丰,等.基于概率攻击图的内部攻击意图推断算法研究[J].计算机学报,2014,37(1):62-72.
[11] DAI Fangfang,HU Ying,ZHENG Kangfeng,et al.Exploring risk flow attack graph for security risk assessment[J].IET Information Security,2015,9(6):344-353.
[12] 王辉,亢凯航,刘淑芬.基于贝叶斯推理的PASG计算模型[J].计算机工程,2016,42(11):158-164.
[13] 胡浩,叶润国,张红旗.基于攻击预测的网络安全态势量化方法[J].通信学报,2017,38(10):122-134.
[14] 戴方芳.基于攻击图理论的网络安全风险评估技术研究[D].北京:北京邮电大学,2015.
[15] TRIPATHI A,SINGH U K.Analyzing trends in vulnerability classes across CVSS metrics[J].International Journal of Computer Applications,2011(3):38-40.

Please choose a citation manager

Content to export