Author Login Editor-in-Chief Peer Review Editor Work Office Work

Computer Engineering ›› 2011, Vol. 37 ›› Issue (2): 126-128. doi: 10.3969/j.issn.1000-3428.2011.02.043

• Networks and Communications • Previous Articles     Next Articles

Method of Network Attack Graph Generation Based on Greedy Policy

SONG Shun-hong, LU Yu-liang, XIA Yang, YUAN Huan   

  1. (Department of Network Engineering, Electronic Engineering Institute, Hefei 230037, China)
  • Online:2011-01-20 Published:2011-01-25

基于贪心策略的网络攻击图生成方法

宋舜宏,陆余良,夏 阳,袁 桓   

  1. (电子工程学院网络工程系,合肥 230037)
  • 作者简介:宋舜宏(1971-),男,博士研究生,主研方向:网络安全;陆余良,教授、博士生导师;夏 阳,博士;袁 桓,硕士研究生

Abstract:

Network attacker always wishes to penetrate into internal networks, direct access to more important host computers and get higher privilege on victim computers. Based on this assumption, some kinds of greedy policies are analyzed in network attack. The model is constructed and attack graph is limited under such greedy policy. Experimental results show that the attack graph is smaller in size and easier to understand than normal method without losing key attack paths.

Key words: greedy policy, attack graph, network security

摘要:

网络攻击者总是希望更快地渗入网络内部,能够直接访问更加重要的主机,获得更高的主机访问权限。基于这一前提,分析各种网络攻击过程中的贪心策略,并建立相应的模型,应用这些贪心策略约束攻击图的生成过程。实验结果表明,生成的攻击图的规模明显减小,且没有丢失重要的网络攻击路径,同时改善了攻击图的可视化效果。

关键词: 贪心策略, 攻击图, 网络安全

CLC Number: