摘要
提出一种基于网络中心性的计算机网络脆弱性评估方法.首先基于通用脆弱性评分系统,对攻击者利用脆弱性攻击所花费的代价进行量化评估,根据评估结果对脆弱性攻击图进行最小攻击代价路径分析.引入网络中心性理论,采用攻击图节点的介数和节点连通度相结合的方法,对攻击图的节点关键程度进行量化分析,判断对网络安全产生关键影响的脆弱性,为计算机网络的安全优化提供依据.
We propose a method based on network centrality to evaluate the vulnerabilities of computer networks.We evaluate the attack costs based on CVSS and analyze the minimum attack cost routes by using the quantitative results.Then,we present a new network centrality method which combines betweenness with degree-theory to analyze the importance of the nodes in attack graph.The method helps us to find the key vulnerabilities which have great effect on network security and to enhance the network security.
出处
《中国科学院研究生院学报》
CAS
CSCD
北大核心
2012年第4期529-535,共7页
Journal of the Graduate School of the Chinese Academy of Sciences
基金
国家高技术研究发展计划(863)(2009AA01Z439)资助
关键词
脆弱性
脆弱性攻击图
网络中心性
介数
攻击代价
vulnerability
vulnerabilities attack graph
network centrality
betweenness
attack cost