Algorithm design of network risk assessment based on exploit graph

doi:10.3778/j.issn.1002-8331.2010.17.024

Computer Engineering and Applications ›› 2010, Vol. 46 ›› Issue (17): 85-87.DOI: 10.3778/j.issn.1002-8331.2010.17.024

• 网络、通信、安全 • Previous Articles Next Articles

Algorithm design of network risk assessment based on exploit graph

SU Ji-bin^1，2，XIAO Zong-shui¹，XIAO Ying-jie¹

1.College of Computer Science and Technology，Shandong University，Jinan 250101，China
2.Headquarters of Unit No.71391，China

Received:2008-11-26 Revised:2009-03-09 Online:2010-06-11 Published:2010-06-11
Contact: SU Ji-bin

网络风险评估渗透图生成算法的设计

苏继斌^1，2，肖宗水¹，肖迎杰¹

1.山东大学计算机科学与技术学院，济南 250101
2.71391部队司令部

通讯作者: 苏继斌

Abstract

Abstract: Most network vulnerability risk assessment models based on graph theory has“state explosion” phenomenon.The paper presents the Network Vulnerability Assessment Model based on the Exploit Graph（EG_NVAM）.It collects the network vulnerability，analyses the vulnerability relation，refers to network configuration and topology，simulates the produce of the exploitation state change，builds exploit graph，analyses the key exploit queue and then constructs assessment of network vulnerability.This paper focuses on the model set up and exploit graph generation algorithm.The EG_NVAM can effectively resolve the “state explosion” of the others，and visually display the vulnerability of each relationship.Finally a simulation verifies its feasibility and effectiveness.

Key words: risk assessment, exploit graph, semantics fusion, state explosion

摘要： 基于图论的网络弱点风险评估模型大多有“状态爆炸”现象，提出一种基于渗透图网络弱点分析模型（EG_NVAM），从网络弱点采集、弱点关联分析出发，参考网络环境配置与拓扑结构，模拟渗透状态改变的过程，构建渗透图，通过对关键渗透序列的量化分析进行网络弱点评估。重点探讨模型的建立和渗透图生成算法。利用EG_NVAM能够有效改善“状态爆炸”的问题并直观显示各弱点相互潜在关联关系。最后通过一个典型仿真环境，验证该方法的可行性和有效性。

关键词: 风险评估, 渗透图, 语义聚合, 状态爆炸

CLC Number:

TP393.08

SU Ji-bin^1，2，XIAO Zong-shui¹，XIAO Ying-jie¹. Algorithm design of network risk assessment based on exploit graph[J]. Computer Engineering and Applications, 2010, 46(17): 85-87.

苏继斌^1，2，肖宗水¹，肖迎杰¹. 网络风险评估渗透图生成算法的设计[J]. 计算机工程与应用, 2010, 46(17): 85-87.

[1]	GAO Zhifang, SHENG Guanshuai, PENG Dinghong. Information security risk assessment method based on compromise rate method [J]. Computer Engineering and Applications, 2017, 53(23): 82-87.
[2]	CHEN Yun1，2, SHI Song1，2, PAN Yan1，2, YU Li2. Hybrid ensemble approach for credit risk assessment based on SVM [J]. Computer Engineering and Applications, 2016, 52(4): 115-120.
[3]	WANG Xueli1, ZHANG Xuan1，3, LI Tong1，3, WANG Xu2. Method of risk assessment oriented to trustworthy software [J]. Computer Engineering and Applications, 2016, 52(19): 97-101.
[4]	CHEN Yu, WANG Yadi, WANG Jindong, WANG Kun. Method for information system risk management based on Markov logic networks [J]. Computer Engineering and Applications, 2016, 52(18): 104-110.
[5]	ZHOU Wei1, XIE Wenbin2, LI Lei3. A kind of Cyberspace security framework design and risk assessment method [J]. Computer Engineering and Applications, 2016, 52(18): 122-126.
[6]	ZHANG Yongzheng, GENG Xiuli. Risk assessment of service outsourcing based on DEMATEL and VIKOR [J]. Computer Engineering and Applications, 2016, 52(18): 240-245.
[7]	ZHANG Xuan1，2, LIN Yifeng1, BAI Chuan1, WANG Xu3, MA Muting1, YU Qian1，2. Risk assessment model for mobile payment based on Bayesian network [J]. Computer Engineering and Applications, 2014, 50(5): 60-64.
[8]	CHEN Fan1, XIE Hongtao2. Risk analysis of construction technology innovation by Bayesian networks model [J]. Computer Engineering and Applications, 2014, 50(18): 33-38.
[9]	CHE Yulong, SU Hongsheng. Risk assessment method on train control system using Bayesian network [J]. Computer Engineering and Applications, 2013, 49(24): 238-242.
[10]	LI Weixia1, ZHANG Hao2, ZHANG Chengyi3. Drag use risk evaluation problem of comprehensive hospital based on intuitionistic fuzzy analytic hierarchy process [J]. Computer Engineering and Applications, 2013, 49(18): 242-244.
[11]	ZHANG Shuang, KONG Deqi, LI Xiaodong. Security risk assessment methodology for airborne system [J]. Computer Engineering and Applications, 2013, 49(16): 232-235.
[12]	CHEN Xuegang1, CHENG Jieren2. Research on application of risk assessment approach for multi-factor hierarchical fuzzy comprehensive evaluation [J]. Computer Engineering and Applications, 2012, 48(30): 128-131.
[13]	YAO Jianbo1, ZHANG Tao2. Side channel risk qualitative evaluation model based on hierarchy [J]. Computer Engineering and Applications, 2012, 48(26): 84-87.
[14]	WEN Guofeng^1，2，CHEN Liwen¹. Building and application of data warehouse of completed construction projects [J]. Computer Engineering and Applications, 2011, 47(4): 245-248.
[15]	LIAO Niandong1，YI Yu1，HU Qi2. Research on dynamical real-time risk assessment of network security [J]. Computer Engineering and Applications, 2011, 47(36): 12-15.

Algorithm design of network risk assessment based on exploit graph

网络风险评估渗透图生成算法的设计

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics