摘要
贝叶斯网络因能够对事件进行建模并给出紧凑的概率表示,被广泛地用在风险分析上。针对XSS攻击,基于STRIDE威胁模型构建贝叶斯网络结构模型,并通过专家经验和排序节点获取节点先验概率,在此基础上采用拒绝性采样算法得到数据集,进而学习贝叶斯网络参数。利用贝叶斯网络推理计算Web系统遭受XSS攻击的风险,找到弱点以加强相应的防护措施,实现积极防御。
Bayesian network is widely used in risk analysis because it can model events and give a compact probability representation.According to XSS attacks,and a Bayesian network structure model based on the STRIDE threat model is built,the prior probability of the nodes through expert experience and the ranking nodes is obtained.On this basis,a rejection sampling algorithm is used to obtain the data set,and then the parameters of Bayesian network are learnt.Then Bayesian network inference is used to calculate the risk of XSS attacks on the Web system,so as to find the weaknesses to strengthen the corresponding protection measures and to realize the active defense.
作者
周鋆
符鹏涛
ZHOU Yun;FU Pengtao(National Key Laboratory of Information Systems Engineering,National University of Defense Technology,Changsha 410000,China)
出处
《指挥与控制学报》
CSCD
北大核心
2024年第1期38-46,共9页
Journal of Command and Control
基金
国家自然科学基金(62276272)
湖南省科技创新计划-湖湘青年英才(2021RC3076)
长沙市杰出创新青年培养计划基金(KQ2009009)资助。