摘要
网络安全评估有助于清楚掌握其网络信息系统目前与未来的风险所在,并给出相应的安全建议和对策。网络安全评估与分析模型是其中重要的研究方向和内容,当前尚无对此进行全面总结和分析的综述文章。对常用的网络安全评估与分析模型进行综述,首先介绍了以攻击为中心的模型,如攻击树、攻击图、攻击链等;然后阐述以防御或攻防交互为中心的模型,如攻击面、网络传染病、Petri网、自动机等,对这些模型,分别介绍了其基本概念、适用领域、建模分析过程以及优势和不足,同时给出数个典型案例说明模型在网络防御技术评估分析中的应用。
Network security assessment helps to grasp the current and future risks of the network information system clearly, and gives corresponding security suggestions and countermeasures. Model of network security assessment and analysis is an important research direction and content, for which there is no review to give a comprehensive summary or analysis. A review of common network security evaluation and analysis model was given. The model that focus on attack was introduced, such as the attack tree, attack graph and kill chain, then the model that focus on network defense or offensive and defensive interaction was explained, such as attack surface, cyber epidemic model, Petri nets and automation machine, giving introduction to the basic concept, application field, modeling analysis process, advantages and disadvantages of the models. Then, typical examples were given to illustrate the application of the models in network defense technology evaluation and analysis.
作者
刘文彦
霍树民
仝青
张淼
齐超
LIU Wenyan;HUO Shumin;TONG Qing;ZHANG Miao;QI Chao(National Digital Switching Engineering & Technological R&D Center, Zhengzhou 450002, Chin)
出处
《网络与信息安全学报》
2018年第4期1-11,共11页
Chinese Journal of Network and Information Security
基金
国家自然科学基金资助项目(No.61602509)
国家自然科学创新群体基金资助项目(No.61521003)
国家重点研发计划基金资助项目(No.2016YFB0800100
No.2016YFB0800101)~~
关键词
网络安全
模型
有效性
评估与分析
network security
model
effectiveness
assessment and analysis