Abstract: This paper studies computer network security vulnerability assessment in network security field, and presents an approach for network vulnerability evaluation based on attack graph and security metric. The vulnerability analysis is made with comprehensive simulation of malefactor’s actions and construction of attack graphs. A series of security metrics are computed, with risk assessment techniques to realize the qualitative and quantitative evaluation of network vulnerability.

Key words: vulnerability evaluation, attack graph, security metric, risk assessment

摘要： 研究计算机网络安全领域的网络脆弱性评价，提出一种基于攻击图和安全度量的网络脆弱性评价方法。该方法对可能存在的网络攻击行为建模并构造攻击图，并以此为分析模型，借助风险评估技术确定安全度量的指标和计算方法，实现对网络脆弱性的评价。

关键词: 脆弱性评价, 攻击图, 安全度量, 风险评估

CLC Number: 

• TP309