期刊文献+

基于GSCPN模型的网络安全加固措施制定方法 被引量:2

Method for Network Security Reinforcement Based on GSCPN Model
原文传递
导出
摘要 为了从整体上提高网络安全性,提出了一种基于广义随机着色Petri网模型的网络安全加固措施制定方法。该方法引入主机节点利用率指数和主机节点关键度等概念,通过计算主机节点的关键度对网络中需要修补的脆弱节点进行排序,在此基础上根据最大节点关键度优先的原则逐步消除网络中存在的脆弱性。针对网络实例的分析进一步验证了所提出方法的有效性。与传统方法相比,具有可操作性强的特点,可以指导网络管理人员制定安全加固措施对目标网络进行安全加固。 In order to improve the security of networks in whole, a method of making strategies for the network security reinforcement based on Generalized Stochastic Colored Petri Net was proposed. The concepts of host node utilization index and host node key degree were introduced, which enabled the vulnerable nodes that needed repairing sorted by the value of host node key degree. On this basis, security level of the target network was increased by the reinforcement according to the principle of maximum node key degree first. The network instance further validates that the proposed method for network security reinforcement is effective, and the operability is better than traditional methods.
出处 《系统仿真学报》 CAS CSCD 北大核心 2016年第5期1009-1016,共8页 Journal of System Simulation
基金 国家自然科学基金(61403401 61374179 61174156 61273189 61174035 71401168) 军民共用重大研究计划联合基金(U1435218) 全军军事科学研究计划课题(13QJ003-063)
关键词 安全评估 GSCPN模型 建模 安全加固 security assessment GSCPN modeling security reinforcement
  • 相关文献

参考文献12

  • 1R Dewri, I Ray, N Poolsappasit, et al. Optimal security hardening on attack tree models of networks: a cost-benefit analysis [J]. International Journal of Information Security (S1615-5262), 2012, 11(3): 167-188.
  • 2吴金宇,金舒原,杨智.基于网络流的攻击图分析方法[J].计算机研究与发展,2011,48(8):1497-1505. 被引量:14
  • 3S Z Wang, Z H Zhang, Y Kadobayashi. Exploring attack graph for cost-benefit security hardening: A probabilistic approach [J]. Computers & Security (S0167-4048), 2013, 32(2): 158-169.
  • 4吴迪,冯登国,连一峰,陈恺.一种给定脆弱性环境下的安全措施效用评估模型[J].软件学报,2012,23(7):1880-1898. 被引量:18
  • 5Wang Ling yu, S Noel, S Jajodia. Minimum-cost network hardening using attack graphs [J]. Computer Communications (S0140-3664), 2006, 29(18): 3812-3824.
  • 6S Jajodia, S Noel. Topological Vulnerability Analysis: A Powerful New Approach for Network Attack Prevention, Detection, and Response [M]. New Jersey, USA: World Scientific, 2009: 285-305.
  • 7Ma Jun-chun, Wang Yong-jun, Sun Ji-yin, et al. A Minimum Cost of Network Hardening Model Based on Attack Graphs [J]. Procedia Engineering (S 1877-7058), 2011, 15: 3227-3233.
  • 8M Albanese, S Jajodia, S Noel. Time-Efficient and Cost-Effective Network Hardening Using Attack Graphs [C]// Proceedings of IEEE/IFIP International Conference on Dependable Systems and Networks, Boston, USA. USA: IEEE, 2012: 1-12.
  • 9高翔,祝跃飞,刘胜利.一种基于广义随机着色Petri网的网络攻击组合模型[J].电子与信息学报,2013,35(11):2608-2614. 被引量:11
  • 10司加全,张冰,苘大鹏,杨武.基于攻击图的网络安全性增强策略制定方法[J].通信学报,2009,30(2):123-128. 被引量:13

二级参考文献42

  • 1张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114. 被引量:35
  • 2冯萍慧,连一峰,戴英侠,李闻,张颖君.面向网络系统的脆弱性利用成本估算模型[J].计算机学报,2006,29(8):1375-1382. 被引量:28
  • 3王永杰,鲜明,刘进,王国玉.基于攻击图模型的网络安全评估研究[J].通信学报,2007,28(3):29-34. 被引量:56
  • 4QU X, BOYER W E MCQUEEN M A. A scalable approach to attack graph generation[A]. Proc the 13th ACM Conference on Computer and Communications Security(CCS'06)[C]. Alexandria, Virginia, USA, 2006.336-345.
  • 5AMMANN P, WIJESEKERA D, KAUSHIK S. Scalable, graph-based network vulnerability analysis[A]. Proc the 9th ACM Conference on Computer and Communications Security[C]. Washington, DC, USA, 2002.217 -224.
  • 6SHAHRIARI H R, JALILI R. Vulnerability take grant (VTG): an efficient approach to analyze network vulnerabilities[J]. Computers & Security, 2007, 26: 349-360.
  • 7JHA S, SHEYNER O, WING J. Two formal analyses of attack graphs[A]. Proc the 15th Computer Security Foundations Workshop[C]. Nova, Scotia, 2002.49-63.
  • 8SHEYNER O, HAINES J, JHA S. Automated generation and analysis of attack graphs[A]. Proc 2002 IEEE Symposium on Security and Privacy[C]. Oakland, California, USA, 2002.254-265.
  • 9PAMULA J, AMMANN P. A weakest-adversary security metric for network configuration security analysis[A]. Proc of the 2nd ACM Workshop on Quality of Protection[C]. Alexandria, Virginia, USA, 2006. 31-38.
  • 10WANG L Y, NOEL S, JAJODIA S. Minimum-cost network hardening using attack graphs[J]. Computer Communications, 2006, 29: 3812- 3824.

共引文献51

同被引文献22

引证文献2

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部