Computer Engineering and Applications ›› 2010, Vol. 46 ›› Issue (17): 85-87.DOI: 10.3778/j.issn.1002-8331.2010.17.024

• 网络、通信、安全 • Previous Articles     Next Articles

Algorithm design of network risk assessment based on exploit graph

SU Ji-bin1,2,XIAO Zong-shui1,XIAO Ying-jie1   

  1. 1.College of Computer Science and Technology,Shandong University,Jinan 250101,China
    2.Headquarters of Unit No.71391,China
  • Received:2008-11-26 Revised:2009-03-09 Online:2010-06-11 Published:2010-06-11
  • Contact: SU Ji-bin

网络风险评估渗透图生成算法的设计

苏继斌1,2,肖宗水1,肖迎杰1   

  1. 1.山东大学 计算机科学与技术学院,济南 250101
    2.71391部队 司令部
  • 通讯作者: 苏继斌

Abstract: Most network vulnerability risk assessment models based on graph theory has“state explosion” phenomenon.The paper presents the Network Vulnerability Assessment Model based on the Exploit Graph(EG_NVAM).It collects the network vulnerability,analyses the vulnerability relation,refers to network configuration and topology,simulates the produce of the exploitation state change,builds exploit graph,analyses the key exploit queue and then constructs assessment of network vulnerability.This paper focuses on the model set up and exploit graph generation algorithm.The EG_NVAM can effectively resolve the “state explosion” of the others,and visually display the vulnerability of each relationship.Finally a simulation verifies its feasibility and effectiveness.

Key words: risk assessment, exploit graph, semantics fusion, state explosion

摘要: 基于图论的网络弱点风险评估模型大多有“状态爆炸”现象,提出一种基于渗透图网络弱点分析模型(EG_NVAM),从网络弱点采集、弱点关联分析出发,参考网络环境配置与拓扑结构,模拟渗透状态改变的过程,构建渗透图,通过对关键渗透序列的量化分析进行网络弱点评估。重点探讨模型的建立和渗透图生成算法。利用EG_NVAM能够有效改善“状态爆炸”的问题并直观显示各弱点相互潜在关联关系。最后通过一个典型仿真环境,验证该方法的可行性和有效性。

关键词: 风险评估, 渗透图, 语义聚合, 状态爆炸

CLC Number: