网络脆弱性建模方法研究

计算机工程与应用 ›› 2007, Vol. 43 ›› Issue (15): 1-5.

网络脆弱性建模方法研究

毛捍东,陈锋,张维明

国防科技大学信息系统与管理学院，长沙 410073

收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-05-21 发布日期:2007-05-21
通讯作者: 毛捍东

Survey of network vulnerability modeling method

MAO Han-dong，CHEN Feng，ZHANG Wei-ming

School of Information System and Management，NUDT，Changsha 410073，China

Received:1900-01-01 Revised:1900-01-01 Online:2007-05-21 Published:2007-05-21
Contact: MAO Han-dong

摘要/Abstract

摘要： 在计算机安全领域，特别是网络安全领域，对网络系统脆弱性进行建模十分重要，其最终目的就是指导安全管理员仿真攻击场景、分析网络脆弱性之间的关联关系以及建立防御机制。阐述了网络脆弱性的概念及其建模方法发展历程，介绍了攻击树、攻击图、渗透图、特权提升图、Petri net、状态图、需求/产出模型等几种典型的脆弱性建模方法，最后总结了今后的发展方向。

Abstract: In the field of computer security，particularly network security，network vulnerability of the model is very important.The ultimate aim is to guide security administrator simulating attack scenarios，analysing the relationships between network vulnerability and building defensive mechanisms.This paper discusses the concept of network vulnerability and modeling development process，introduces some typical vulnerability modeling methods，induding the attack on the tree，plan attacks，infiltration map，privileges upgrade plan，Petri net，the state plans，requires/provides model.In conclusion，the paper summarizes the future direction of development.

毛捍东,陈锋,张维明. 网络脆弱性建模方法研究[J]. 计算机工程与应用, 2007, 43(15): 1-5.

MAO Han-dong，CHEN Feng，ZHANG Wei-ming. Survey of network vulnerability modeling method[J]. Computer Engineering and Applications, 2007, 43(15): 1-5.