计算机网络脆弱性评估方法研究
|
摘要
计算机的普及和通信技术的迅速发展,使计算机网络已经渗透到人们的日常生活中。随着用户的增长、需求的增加,计算机网络的规模和应用急剧扩张。计算机网络资源管理分散,用户普遍缺乏安全意识和有效的防护手段,各类软硬件产品和网络信息系统在规划、设计、开发、维护、配置、管理等各环节中普遍存在脆弱性,导致计算机网络面临着严峻的安全形势,已成为严重制约网络发展的因素之一。脆弱性评估技术通过综合分析计算机网络脆弱性的利用路径和可能性,对网络安全状况给出量化评估结果,为网络安全的优化提供依据。目前,计算机网络脆弱性评估已经成为信息安全领域的研究热点之一。
本文在对现有网络脆弱性评估方法调研分析的基础上,提出了一种基于网络脆弱性攻击图的脆弱性评估模型,通过对网络脆弱性攻击路径的概率分析和关键脆弱性的定位,给出网络安全状况的总体评价并明确影响网络安全的关键因素。本文的主要工作如下:
首先,给出了网络脆弱性评估的相关元素定义,并对构成网络的基本元素进行模型化表示,建立网络脆弱性评估模型框架。在此基础上,利用网络脆弱性评估元素的模型化参数作为输入,根据攻击信息中脆弱性利用之间的依赖关系,提出一种脆弱性攻击图生成方法。
其次,针对网络整体脆弱性的评估需求,采用贝叶斯网络对脆弱性攻击图进行分析。将脆弱性攻击图使用贝叶斯网络模型化表示,给出脆弱性攻击图的攻击概率精确推理过程,针对精确推理在处理复杂网络时的时间复杂度缺陷,提出一种基于随机数迭代采样的贝叶斯网络近似推理算法。通过对采样样本的分析统计,获得脆弱性攻击的近似概率。通过实验对精确推理和近似推理结果的比较,验证了近似推理算法的有效性和可行性。
最后,针对网络关键脆弱性的分析需求,提出了基于网络中心性理论的关键脆弱性分析方法。将网络中心性理论引入脆弱性攻击图分析,结合节点度与节点介数的分析方法,提出了节点修正介数的概念。通过节点的修正介数来量化评估攻击图中的关键脆弱性节点,为网络中脆弱性的修复和网络安全的优化提供依据。实验分析表明,这种方法克服了以往单一的网络中心性分析方法使用条件受限的弊端,评估结果更加合理可信。
网络脆弱性评估能够帮助我们明确目标系统存在的关键脆弱性以及各种存在的潜在攻击路径,并通过数学方法对其进行量化评判,指导我们在安全资源有限的情况下,如何选择有效的安全措施,以获取最大的安全回报,为提升网络安全状况提供参考依据。
The popularization of computers and the rapid development of communication technology make computer network can be found anywhere in people's daily-life. With the increasing number of users and requirements, the scale of computers and the applications are expanding extremely year by year. Because of the remediation of network resource management, the weakness of user's security consciousness, the lack of defense means, the vulnerabilities generally exist in various production phases of software、hardware and network information systems, such as planning, design, development, maintenance, configuration and management. Network is facing a critical security situation which has become one of the most severe factors to the network development. By analyzing the attack paths and the exploiting probabilities of vulnerabilities in networks, vulnerability assessment can show us the quantitative result of network security situation, and provide us the evidence for network security optimization. Nowadays, vulnerability assessment has become a hot topic in the field of network security.
On the basis of development and analysis of existing methods, this dissertation proposes a new network vulnerability assessment model based on vulnerability attack graph. By analyzing the probability of vulnerability exploitation paths and pointing out the key vulnerabilities, it can give us the overall evaluation of network security situation and indicate the most important factors which affect the network security. Our work in this dissertation is summarized as follows:
First, we define the elements of vulnerability assessment and model the network components, then build the vulnerability assessment model framework. Then we use the model of network components as input parameters, consider the relationship of vulnerabilities dependency and the exploiting path, and provide a method of the vulnerability attack graph(VAG) generation.
Then, according to the requirement of overall evaluation on network vulnerabilities, we analyze the VAG based on Bayesian network. We map the VAG into the Bayesian network and calculate the attack probability by using exact inference. According to the complexity for exact inference to the large-scale network, we propose a Bayesian-network-approximate-reasoning-based method for vulnerabilities assessment, this method makes the approximate reasoning to the VAG by stochastic sampling, then we can get the attack probability after the samples analysis and statistic. At last we plan an example to compare the result of exact inference with our approximate reasoning method to prove that our method is feasible and useful.
Lastly, according to the requirement of analyzing the key vulnerabilities in network, we propose a method on the key vulnerabilities analysis based on network centrality theory. We introduce the network centrality theory to analyze the VAG and propose a concept of corrected betweenness which combines betweenness with degree-theory to analysis the importance of the vulnerability nodes quantitatively in the attack graph. It will help us to find the key vulnerabilities which will have great effect on network security, then it will provide us the evidence to fix the vulnerability and enhance the network security. The experiment result shows that this method can overcome the drawbacks of the common centrality analysis methods, the evaluation result is reasonable and credible.
Network vulnerability assessment can help us locate the key vulnerability of target system and all potential attack paths. With the quantitative analysis by using the mathematic tools, it can guide us how to choose the effective security measure and get the maximum security return with limited security budget. Network vulnerability assessment can provide us efficient reference to improve network security situation.
本文在对现有网络脆弱性评估方法调研分析的基础上,提出了一种基于网络脆弱性攻击图的脆弱性评估模型,通过对网络脆弱性攻击路径的概率分析和关键脆弱性的定位,给出网络安全状况的总体评价并明确影响网络安全的关键因素。本文的主要工作如下:
首先,给出了网络脆弱性评估的相关元素定义,并对构成网络的基本元素进行模型化表示,建立网络脆弱性评估模型框架。在此基础上,利用网络脆弱性评估元素的模型化参数作为输入,根据攻击信息中脆弱性利用之间的依赖关系,提出一种脆弱性攻击图生成方法。
其次,针对网络整体脆弱性的评估需求,采用贝叶斯网络对脆弱性攻击图进行分析。将脆弱性攻击图使用贝叶斯网络模型化表示,给出脆弱性攻击图的攻击概率精确推理过程,针对精确推理在处理复杂网络时的时间复杂度缺陷,提出一种基于随机数迭代采样的贝叶斯网络近似推理算法。通过对采样样本的分析统计,获得脆弱性攻击的近似概率。通过实验对精确推理和近似推理结果的比较,验证了近似推理算法的有效性和可行性。
最后,针对网络关键脆弱性的分析需求,提出了基于网络中心性理论的关键脆弱性分析方法。将网络中心性理论引入脆弱性攻击图分析,结合节点度与节点介数的分析方法,提出了节点修正介数的概念。通过节点的修正介数来量化评估攻击图中的关键脆弱性节点,为网络中脆弱性的修复和网络安全的优化提供依据。实验分析表明,这种方法克服了以往单一的网络中心性分析方法使用条件受限的弊端,评估结果更加合理可信。
网络脆弱性评估能够帮助我们明确目标系统存在的关键脆弱性以及各种存在的潜在攻击路径,并通过数学方法对其进行量化评判,指导我们在安全资源有限的情况下,如何选择有效的安全措施,以获取最大的安全回报,为提升网络安全状况提供参考依据。
The popularization of computers and the rapid development of communication technology make computer network can be found anywhere in people's daily-life. With the increasing number of users and requirements, the scale of computers and the applications are expanding extremely year by year. Because of the remediation of network resource management, the weakness of user's security consciousness, the lack of defense means, the vulnerabilities generally exist in various production phases of software、hardware and network information systems, such as planning, design, development, maintenance, configuration and management. Network is facing a critical security situation which has become one of the most severe factors to the network development. By analyzing the attack paths and the exploiting probabilities of vulnerabilities in networks, vulnerability assessment can show us the quantitative result of network security situation, and provide us the evidence for network security optimization. Nowadays, vulnerability assessment has become a hot topic in the field of network security.
On the basis of development and analysis of existing methods, this dissertation proposes a new network vulnerability assessment model based on vulnerability attack graph. By analyzing the probability of vulnerability exploitation paths and pointing out the key vulnerabilities, it can give us the overall evaluation of network security situation and indicate the most important factors which affect the network security. Our work in this dissertation is summarized as follows:
First, we define the elements of vulnerability assessment and model the network components, then build the vulnerability assessment model framework. Then we use the model of network components as input parameters, consider the relationship of vulnerabilities dependency and the exploiting path, and provide a method of the vulnerability attack graph(VAG) generation.
Then, according to the requirement of overall evaluation on network vulnerabilities, we analyze the VAG based on Bayesian network. We map the VAG into the Bayesian network and calculate the attack probability by using exact inference. According to the complexity for exact inference to the large-scale network, we propose a Bayesian-network-approximate-reasoning-based method for vulnerabilities assessment, this method makes the approximate reasoning to the VAG by stochastic sampling, then we can get the attack probability after the samples analysis and statistic. At last we plan an example to compare the result of exact inference with our approximate reasoning method to prove that our method is feasible and useful.
Lastly, according to the requirement of analyzing the key vulnerabilities in network, we propose a method on the key vulnerabilities analysis based on network centrality theory. We introduce the network centrality theory to analyze the VAG and propose a concept of corrected betweenness which combines betweenness with degree-theory to analysis the importance of the vulnerability nodes quantitatively in the attack graph. It will help us to find the key vulnerabilities which will have great effect on network security, then it will provide us the evidence to fix the vulnerability and enhance the network security. The experiment result shows that this method can overcome the drawbacks of the common centrality analysis methods, the evaluation result is reasonable and credible.
Network vulnerability assessment can help us locate the key vulnerability of target system and all potential attack paths. With the quantitative analysis by using the mathematic tools, it can guide us how to choose the effective security measure and get the maximum security return with limited security budget. Network vulnerability assessment can provide us efficient reference to improve network security situation.
引文
[1]The ISC Domain Survey[EB/OL].[2012-03-10]. http://www.isc.org/solutions/survey
[2]中国互联网络信息中心. 中国互联网络发展状况统计报告(2012/1)[EB/OL]. [2012-03-10]. http://www.cnnic.net.cn/dtygg/dtgg/201201/W020120116337628870651.pdf
[3]NVD. National Vulnerability Database[EB/OL]. [2012-03-10]. http://nvd.nist.gov/
[4]国家互联网应急中心.2011年我国互联网网络安全态势综述(2012/3) [EB/OL].[2012-04-10].http://www.cert.org.cn/publish/main/12/2012/20120330183919343905632/20120330183919 343905632_.html
[5]ISO/IEC13335.1-2004《信息技术安全技术信息和通信技术管理第1部分:信息和通信技术安全管理的概念和模型》[S].
[6]史忠植.高级计算机网络[M].北京:电子工业出版社,2002,230-235.
[7]张然,钱德沛,过晓兵.防火墙与入侵检测技术[J].计算机应用研究.2001,18(1),4-7
[8]冯登国.计算机通信网络安全[M].第一版.北京:清华大学出版社,2001,195-204.
[9]蒋建春,马恒太,任党恩,等.网络安全入侵检测:研究综述[J].软件学报.2000,11(11):1460-1466
[10]Fuchsberger A. Intrusion Detection Systems and Intrusion Prevention Systems[R]. Information Security Technical Report. (2005) 10,134-139
[11]田畅,郑少仁.计算机病毒计算模型的研究[J].计算机学报.2001,24(2):158-163
[12]王维,张鹏涛,谭营,等.一种基于人工免疫和代码相关性的计算机病毒特征提取方法[J].计算机学报.2011,34(2):204-215
[13]1SS:Internet Security System [EB/OL]. [2012-03-10]. http://www.iss.net/
[14]SATAN:Security Administrator Tool for Analyzing Networks[EB/OL]. [2012-03-10]. http://www.porcupine.org/satan/
[15]COPS:Computer Oracle and Password System[EB/OL]. [2012-03-10]. ftp://ftp.cert.org/pub/tools/cops
[16]Nmap:Network Mapper[EB/OL]. [2012-03-10]. http://www.nmap.org/
[17]Cybercop Scanner[EB/OL]. [2012-03-10]. http://www.nai.com
[18]Nessus[EB/OL]. [2012-03-10]. http://www.nessus.org/
[19]Common Vulnerabilities and Exposures[EB/OL]. [2012-03-10]. http://cve.mitre.org/
[20]Security Focus, Bugtraq Vulnerabilities[EB/OL]. [2012-03-10]. http://www.securityfocus.com/vulnerabilities,.
[21]X-Force[EB/OL]. [2012-03-10]. http://xforce.iss.net/
[22]United States Computer Emergency Readiness Team (US-CERT). Vulnerability Notes Database[EB/OL]. [2012-03-10]. http://www.kb.cert.org/vuls/
[23]Vigna G, Valeur F, Zhou JY, et al. Composable Tools For Network Discovery and Security Analysis[C]. In Proceedings of 18th Annual Computer Security Applications Conference.2002
[24]Swarup V, Jajodia S, Pamula J. Rule-based topological vulnerability analysis[C]. In: Computer Network Security, selected papers from the 3rd International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security (2005)
[25]Schnerier B. Attack trees-modeling security threats[J]. Dr Dobb'S Journal,1999, 12(24):21-29.
[26]Andrew M. Attack Modeling for Information Security and Survivability[R].Carnegie Mellon University:Technical Note CMV/SEI-2001-TH-001,2001.
[27]林闯,汪洋,李泉林.网络安全的随机模型方法与评价技术[J].计算机学报,2005,28(12):1943-1956.
[28]Dewri R, Ray I, Poolsappasit N, et al. Optimal security hardening on attack tree models of networks:a cost-benefit analysis[J]. International Journal of Information Security, Springer, 2012
[29]Dewri R, Poolsappasit N, Ray I, et al. Optimal security hardening using multi-objective optimization on attack tree models of networks[C]. In:Proceedings of the 14th Conference on Computer and Communications Security,2007.204-213
[30]Dacier M, Deswarte Y. The privilege graph:An extension to the typed access matrix model[C]. In European Symposium in Computer Security (ESORICS'94),(D. Gollman, Ed.), Lecture Notes in Computer Science, Springer-Verlag, Brighton, UK,1994,875:319-334.
[31]Dacier M. Towards quantitative evaluation of computer security[D]:[Ph.D.]. Institut National Polytechnique de Toulouse, December 1994.
[32]Dacier M, Deswarte Y, M. Kaaniche. Quantitative assessment of operational security models and tools[R]. Technical Report Research Report 96493, LAAS, May 1996:177-186.
[33]Ortalo R, Deswarte Y. Information systems security:Specification and quantitative evaluation[R]. In DeVa ESPRIT Long Term Research Project No.20072-2nd Year Report, 1997:561-584.
[34]Ortalo R, Deswarte Y, Kaaniche M. Experimenting with quantitative evaluation tools for monitoring operational security[J]. IEEE Trans, on Software Engineering,1999,25(5) 633-650.
[35]Ammann P, Wijesekera D, Kaushik S. Scalable, Graph-Based Network Vulnerability Analysis[C]. In Proceedings of 9th ACM Conference on Computer and Communications Security, Washington, DC,2002.
[36]Ingols K, Lippmann R, Piwowarski K. Practical Attack Graph Generation for Network Defense[C]. In 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida.2006
[37]Noel S, Jajodia S, O'Berry B, et al. Efficient Minimum-Cost Network Hardening via Exploit Dependency Graphs[C]. In 19th Annual Computer Security Applications Conference (ACSAC).2003
[38]Ou XM, Boyer WF, McQueen MA. A scalable approach to attack graph generation[C]. In 13th ACM Conference on Computer and Communications Security (CCS),2006, pp. 336-345.
[39]Phillips C, Swiler L. A graph-based system for network-vulnerability analysis[C]. In NSPW '98:Proceedings of the 1998 workshop on New security paradigms, pp.71-79, ACM Press. 1998
[40]Sheyner O, Haines J, Jha S, et al. Automated generation and analysis of attack graphs[C]. In Proceedings of the 2002 IEEE Symposium on Security and Privacy,2002 pp.254-265.
[41]Phillips C, Swiler L. A Graph-Based System for Network-Vulnerability Analysis[C]. In Proceedings of the New Security Paradigms Workshop, Charlottesville, VA,1998.
[42]Swiler L, Phillips C, Ellis D, et al. Computer-Attack Graph Generation Tool[C]. In Proceedings of DARPA Information Survivability Conference & Exposition, June 2001.
[43]Sheyner O. Scenario Graphs and Attack Graphs[D]:[Ph.D.]. Carnegie Mellon.2004
[44]Noel S, Jajodia S. Managing attack graph complexity through visual hierarchical aggregation[C]. In VizSEC/DMSEC'04:Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp.109-118, New York, NY, USA: ACM Press.2004
[45]SMV:a symbolic model checker. [EB/OL]. [2012-03-10]. http://www.cs.cmu.edu/-modelcheck/.
[46]Ritchey R, Ammann P. Using Model Checking to Analyze Network Vulnerabilities[C]. In Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA,2000
[47]Jha S, Sheyner O, Wing J. Two formal analyses of attack graphs[C]. In Proceedings of the 2002 Computer Security Foundations Workshop, Nova Scotia, June 2002:45-59.
[48]Jha S, Sheyner O, Wing J. Minimization and reliability analyses of attack graphs[R]. Technical Report CMU-CS-02-109, Carnegie Mellon University, February 2002.
[49]NuSMV:a new symbolic model checker. [EB/OL]. [2012-03-10]. http://nusmv.irst.itc.it/.
[50]Hewett R, Kijsanayothin P. Host-centric model checking for network vulnerability analysis[C]. In ACSAC'08:Proceedings of the 2008 Annual Computer Security Applications Conference. Washington, DC, USA:IEEE Computer Society,2008, pp.225-234.
[51]Xie A, Cai Z, Tang C, et al. Evaluating network security with two-layer attack graphs[C]. Computer Security Applications Conference, Annual, vol.0, pp.127-136,2009.
[52]Ou XM, Govindavajhala S, Appel A. MulVAL:A Logic-Based Network Security Analyzer[C]. In Proceedings of the 14th USENIX Security Symposium, pages 113-128, 2005.
[53]Singhal A, Ou XM. Security Risk Analysis of Computer Networks:Techniques and Challenges[C]. Proceedings of the 16th ACM Computer and Communications Security(CCS). Chicago, USA,2009
[54]陈峰,张怡,苏金树,等.攻击图的两种形式化分析[J].软件学报Vol32,No.4838-848 2010
[55]Homer J, Ou XM, Schmidt D. A Sound and Practical Approach to Quantifying Security Risk in Enterprise Networks[R]. Technical report. Kansas State University. August 2009.
[56]叶云,徐锡山,贾焰,等.基于攻击图的网络安全概率计算方法[J].计算机学报,2010,vol.33 No.10:1987-1996.
[57]FIRST. A Complete Guide to the Common Vulnerability Scoring System Version 2.0. [EB/OL]. [2012-03-10]. http://www.first.org/cvss/cvss-guide.html
[58]Wang LY, Noel S, Jajodia S. Minimum-Cost Network Hardening Using Attack Graphs[J]. Computer Communications,2006,29(18):3812-3824
[59]Jajodia S, Noel S. Topological Vulnerability Analysis:A Powerful New Approach for Network Attack Prevention, Detection, and Response[C]. In Algorithms, Architectures and Information Systems Security (Indian Statistical Institute Platinum Jubilee Series), B. B. Bhattacharya, S. Sur-Kolay, S. C. Nandy, A. Bagchi, eds.,World Scientific, New Jersey,2009, pages 285-305.
[60]Sawilla R, Ou XM. Identifying critical attack assets in dependency attack graphs[C]. In 13th European Symposium on Research in Computer Security. (ESORICS),Malaga, Spain, 2008.10.
[61]Page L, Brin S, Motwani R, et al. The PageRank Citation Ranking:Bringing Order to the Web[R]. Technical Report Stanford Digital Library Technologies Project.1998
[62]吴金宇,金舒原,杨智,等.基于网络流的攻击图分析方法[J].计算机研究与发展,2011,48(8):1497-1505.
[63]Frigault M, Wang LY, Singhal A, et al. Measuring network security using dynamic Bayesian network[C]. In Proc.4th ACM Workshop on Quality of Protection (QoP'08), pages 23-30. ACM Press,2008.
[64]Xie P, Li H, Ou XM, et al. Using Bayesian Networks for cyber security analysis[C]. The 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2010), Chicago, USA, June 2010
[65]姜伟,方滨兴,田志宏,等.基于攻防博弈模型的网络安全测评和最优主动防御[J].计算机学报,Vol.32 No.4 2009
[66]王元卓,林闯,程学旗,等.基于随机博弈模型的网络攻防量化分析方法[J].计算机学报,Vol.33 No.9 2010
[67]Lye K, Wing JM. Game strategies in network security[C]. In Proceedings of 15th IEEE Computer Security Foundations Workshop,2002.
[68]Hespanha JP, Bohacek S. Preliminary results in routing games[C]. In Proceedings of the 2001 American Control Conference.Arlington, VA,2001.
[69]Browne R. C41 defensive infrastructure for survivability against multi-modeattacks[C]. In Proceedings of 21st Century Military Communications Conference.Los Angeles, CA,2000.
[70]Liu P, Zang WY. Incentive-based modeling and inference of attacker intent, objectives, and strategies[C]. ACM Conference on Computer and Communications Security 2003:179-189
[71]GB/T 20984-2007《信息安全技术信息安全风险评估规范》[S].2007
[72]张海霞.基于环境因素与攻击能力的网络脆弱性评估模型[D]:[博士].北京:中国科学院软件研究所,2008.
[73]冯萍慧,连一峰,戴英侠,等.基于可靠性理论的分布式系统脆弱性模型[J].软件学报2006,17(7):1633-1640.
[74]Murphy KP. A Brief Introduction to Graphical Models and Bayesian Networks[EB/OL]. [2012-03-10]. http://www.cs.ubc.ca/~murphyk/Bayes/bayes.html
[75]Pearl J. Probabilistic reasoning in intelligent systems[M]. Los Altos, CA:Morgan Kaufmann, 1989.6
[76]Weidl G, Madsen AL, Israelsson S. Object-Oriented Bayesian Networks for Condition Monitoring, Root Cause Analysis and Decision Support on Operation of Complex Continuous Processes[J]. Computers and Chemical Engineering,2005,29; 1996-2009
[77]Paszek E. Probabilistic Boolean and Bayesian Networks Version 1.5:October 9,2007, Produced by The Connexions Projects.
[78]Wang JA, Guo MZ. Vulnerability Categorization Using Bayesian Networks[C]. CSIIRW'10, April 21-23,2010, Oak Ridge, TN, USA.
[79]National Vulnerability Database. CWE Cross Section Mapped into by NVD[EB/OL]. [2012-03-10]. http://nvd.nist.gov/cwe.cfm.
[80]Bobbio A, Portinale L, Miniehino M. Improving the analysis of dependable systems by mapping fault trees into Bayesian networks[J]. Reliability Engineering and System Safety, 2001,71(3):24-260
[81]Liu Y, Man H. Network vulnerability assessment using Bayesian networks[C]. Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005. Edited by Dasarathy, Belur V. Proceedings of the SPIE, Volume 5812, pp.61-71.
[82]Frigault M, Wang LY. Measuring Network Security Using Bayesian Network-Based Attack Graphs [C]. Proc. The 3rd IEEE International Workshop on Security, Trust, and Privacy for Software Applications (STPSA 2008), July 28-August 1,2008, pages 698-703.
[83]拉塞尔,诺文.人工智能——一种现代方法[M].姜哲,译.第2版.北京:人民邮电出版社2004
[84]Cooper GF. Computational complexity of probability inference using Bayesian belief networks[J]. Artificial Intelligence,1993,15:246-255
[85]Bavelas A. A mathematical model for group structures[J]. Human Organization 7:16-30. 1948
[86]Bavelas A. Communication patterns in task oriented groups[J]. Journal of the Acoustical Society of America 22:271-282.1950
[87]Freeman LC. A Set of measures of centrality based upon betweenness[J]. Sociometry,1977, 40(1):35-41.
[88]Sabidussi G. The centrality index of a graph[J]. Psychometrika,1966,31(4)
[89]Estrada E, Rodriguez-Velazquez JA. Subgraph Centrality in Complex Networks [J]. Phys Rev E,2005,71(55):56-103.
[90]Barthelemy M. Betweenness centrality in large complex networks[J]. Eurpean Physical Journal B,2004,38(1434):163-168.
[91]MIT Lincoln Lab.2000 DARPA intrusion detection scenario specific datasets[EB/OL]. [2012-03-10]. http://www.ll.mit.edu/IST/ideval/data/2000/2000_ data_index.html,2003-7.
[92]Security Focus, Bugtraq Vulnerabilities [EB/OL]. [2012-03-10]. http://www.securityfocus.com/vulnerabilities
[2]中国互联网络信息中心. 中国互联网络发展状况统计报告(2012/1)[EB/OL]. [2012-03-10]. http://www.cnnic.net.cn/dtygg/dtgg/201201/W020120116337628870651.pdf
[3]NVD. National Vulnerability Database[EB/OL]. [2012-03-10]. http://nvd.nist.gov/
[4]国家互联网应急中心.2011年我国互联网网络安全态势综述(2012/3) [EB/OL].[2012-04-10].http://www.cert.org.cn/publish/main/12/2012/20120330183919343905632/20120330183919 343905632_.html
[5]ISO/IEC13335.1-2004《信息技术安全技术信息和通信技术管理第1部分:信息和通信技术安全管理的概念和模型》[S].
[6]史忠植.高级计算机网络[M].北京:电子工业出版社,2002,230-235.
[7]张然,钱德沛,过晓兵.防火墙与入侵检测技术[J].计算机应用研究.2001,18(1),4-7
[8]冯登国.计算机通信网络安全[M].第一版.北京:清华大学出版社,2001,195-204.
[9]蒋建春,马恒太,任党恩,等.网络安全入侵检测:研究综述[J].软件学报.2000,11(11):1460-1466
[10]Fuchsberger A. Intrusion Detection Systems and Intrusion Prevention Systems[R]. Information Security Technical Report. (2005) 10,134-139
[11]田畅,郑少仁.计算机病毒计算模型的研究[J].计算机学报.2001,24(2):158-163
[12]王维,张鹏涛,谭营,等.一种基于人工免疫和代码相关性的计算机病毒特征提取方法[J].计算机学报.2011,34(2):204-215
[13]1SS:Internet Security System [EB/OL]. [2012-03-10]. http://www.iss.net/
[14]SATAN:Security Administrator Tool for Analyzing Networks[EB/OL]. [2012-03-10]. http://www.porcupine.org/satan/
[15]COPS:Computer Oracle and Password System[EB/OL]. [2012-03-10]. ftp://ftp.cert.org/pub/tools/cops
[16]Nmap:Network Mapper[EB/OL]. [2012-03-10]. http://www.nmap.org/
[17]Cybercop Scanner[EB/OL]. [2012-03-10]. http://www.nai.com
[18]Nessus[EB/OL]. [2012-03-10]. http://www.nessus.org/
[19]Common Vulnerabilities and Exposures[EB/OL]. [2012-03-10]. http://cve.mitre.org/
[20]Security Focus, Bugtraq Vulnerabilities[EB/OL]. [2012-03-10]. http://www.securityfocus.com/vulnerabilities,.
[21]X-Force[EB/OL]. [2012-03-10]. http://xforce.iss.net/
[22]United States Computer Emergency Readiness Team (US-CERT). Vulnerability Notes Database[EB/OL]. [2012-03-10]. http://www.kb.cert.org/vuls/
[23]Vigna G, Valeur F, Zhou JY, et al. Composable Tools For Network Discovery and Security Analysis[C]. In Proceedings of 18th Annual Computer Security Applications Conference.2002
[24]Swarup V, Jajodia S, Pamula J. Rule-based topological vulnerability analysis[C]. In: Computer Network Security, selected papers from the 3rd International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security (2005)
[25]Schnerier B. Attack trees-modeling security threats[J]. Dr Dobb'S Journal,1999, 12(24):21-29.
[26]Andrew M. Attack Modeling for Information Security and Survivability[R].Carnegie Mellon University:Technical Note CMV/SEI-2001-TH-001,2001.
[27]林闯,汪洋,李泉林.网络安全的随机模型方法与评价技术[J].计算机学报,2005,28(12):1943-1956.
[28]Dewri R, Ray I, Poolsappasit N, et al. Optimal security hardening on attack tree models of networks:a cost-benefit analysis[J]. International Journal of Information Security, Springer, 2012
[29]Dewri R, Poolsappasit N, Ray I, et al. Optimal security hardening using multi-objective optimization on attack tree models of networks[C]. In:Proceedings of the 14th Conference on Computer and Communications Security,2007.204-213
[30]Dacier M, Deswarte Y. The privilege graph:An extension to the typed access matrix model[C]. In European Symposium in Computer Security (ESORICS'94),(D. Gollman, Ed.), Lecture Notes in Computer Science, Springer-Verlag, Brighton, UK,1994,875:319-334.
[31]Dacier M. Towards quantitative evaluation of computer security[D]:[Ph.D.]. Institut National Polytechnique de Toulouse, December 1994.
[32]Dacier M, Deswarte Y, M. Kaaniche. Quantitative assessment of operational security models and tools[R]. Technical Report Research Report 96493, LAAS, May 1996:177-186.
[33]Ortalo R, Deswarte Y. Information systems security:Specification and quantitative evaluation[R]. In DeVa ESPRIT Long Term Research Project No.20072-2nd Year Report, 1997:561-584.
[34]Ortalo R, Deswarte Y, Kaaniche M. Experimenting with quantitative evaluation tools for monitoring operational security[J]. IEEE Trans, on Software Engineering,1999,25(5) 633-650.
[35]Ammann P, Wijesekera D, Kaushik S. Scalable, Graph-Based Network Vulnerability Analysis[C]. In Proceedings of 9th ACM Conference on Computer and Communications Security, Washington, DC,2002.
[36]Ingols K, Lippmann R, Piwowarski K. Practical Attack Graph Generation for Network Defense[C]. In 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida.2006
[37]Noel S, Jajodia S, O'Berry B, et al. Efficient Minimum-Cost Network Hardening via Exploit Dependency Graphs[C]. In 19th Annual Computer Security Applications Conference (ACSAC).2003
[38]Ou XM, Boyer WF, McQueen MA. A scalable approach to attack graph generation[C]. In 13th ACM Conference on Computer and Communications Security (CCS),2006, pp. 336-345.
[39]Phillips C, Swiler L. A graph-based system for network-vulnerability analysis[C]. In NSPW '98:Proceedings of the 1998 workshop on New security paradigms, pp.71-79, ACM Press. 1998
[40]Sheyner O, Haines J, Jha S, et al. Automated generation and analysis of attack graphs[C]. In Proceedings of the 2002 IEEE Symposium on Security and Privacy,2002 pp.254-265.
[41]Phillips C, Swiler L. A Graph-Based System for Network-Vulnerability Analysis[C]. In Proceedings of the New Security Paradigms Workshop, Charlottesville, VA,1998.
[42]Swiler L, Phillips C, Ellis D, et al. Computer-Attack Graph Generation Tool[C]. In Proceedings of DARPA Information Survivability Conference & Exposition, June 2001.
[43]Sheyner O. Scenario Graphs and Attack Graphs[D]:[Ph.D.]. Carnegie Mellon.2004
[44]Noel S, Jajodia S. Managing attack graph complexity through visual hierarchical aggregation[C]. In VizSEC/DMSEC'04:Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp.109-118, New York, NY, USA: ACM Press.2004
[45]SMV:a symbolic model checker. [EB/OL]. [2012-03-10]. http://www.cs.cmu.edu/-modelcheck/.
[46]Ritchey R, Ammann P. Using Model Checking to Analyze Network Vulnerabilities[C]. In Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA,2000
[47]Jha S, Sheyner O, Wing J. Two formal analyses of attack graphs[C]. In Proceedings of the 2002 Computer Security Foundations Workshop, Nova Scotia, June 2002:45-59.
[48]Jha S, Sheyner O, Wing J. Minimization and reliability analyses of attack graphs[R]. Technical Report CMU-CS-02-109, Carnegie Mellon University, February 2002.
[49]NuSMV:a new symbolic model checker. [EB/OL]. [2012-03-10]. http://nusmv.irst.itc.it/.
[50]Hewett R, Kijsanayothin P. Host-centric model checking for network vulnerability analysis[C]. In ACSAC'08:Proceedings of the 2008 Annual Computer Security Applications Conference. Washington, DC, USA:IEEE Computer Society,2008, pp.225-234.
[51]Xie A, Cai Z, Tang C, et al. Evaluating network security with two-layer attack graphs[C]. Computer Security Applications Conference, Annual, vol.0, pp.127-136,2009.
[52]Ou XM, Govindavajhala S, Appel A. MulVAL:A Logic-Based Network Security Analyzer[C]. In Proceedings of the 14th USENIX Security Symposium, pages 113-128, 2005.
[53]Singhal A, Ou XM. Security Risk Analysis of Computer Networks:Techniques and Challenges[C]. Proceedings of the 16th ACM Computer and Communications Security(CCS). Chicago, USA,2009
[54]陈峰,张怡,苏金树,等.攻击图的两种形式化分析[J].软件学报Vol32,No.4838-848 2010
[55]Homer J, Ou XM, Schmidt D. A Sound and Practical Approach to Quantifying Security Risk in Enterprise Networks[R]. Technical report. Kansas State University. August 2009.
[56]叶云,徐锡山,贾焰,等.基于攻击图的网络安全概率计算方法[J].计算机学报,2010,vol.33 No.10:1987-1996.
[57]FIRST. A Complete Guide to the Common Vulnerability Scoring System Version 2.0. [EB/OL]. [2012-03-10]. http://www.first.org/cvss/cvss-guide.html
[58]Wang LY, Noel S, Jajodia S. Minimum-Cost Network Hardening Using Attack Graphs[J]. Computer Communications,2006,29(18):3812-3824
[59]Jajodia S, Noel S. Topological Vulnerability Analysis:A Powerful New Approach for Network Attack Prevention, Detection, and Response[C]. In Algorithms, Architectures and Information Systems Security (Indian Statistical Institute Platinum Jubilee Series), B. B. Bhattacharya, S. Sur-Kolay, S. C. Nandy, A. Bagchi, eds.,World Scientific, New Jersey,2009, pages 285-305.
[60]Sawilla R, Ou XM. Identifying critical attack assets in dependency attack graphs[C]. In 13th European Symposium on Research in Computer Security. (ESORICS),Malaga, Spain, 2008.10.
[61]Page L, Brin S, Motwani R, et al. The PageRank Citation Ranking:Bringing Order to the Web[R]. Technical Report Stanford Digital Library Technologies Project.1998
[62]吴金宇,金舒原,杨智,等.基于网络流的攻击图分析方法[J].计算机研究与发展,2011,48(8):1497-1505.
[63]Frigault M, Wang LY, Singhal A, et al. Measuring network security using dynamic Bayesian network[C]. In Proc.4th ACM Workshop on Quality of Protection (QoP'08), pages 23-30. ACM Press,2008.
[64]Xie P, Li H, Ou XM, et al. Using Bayesian Networks for cyber security analysis[C]. The 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2010), Chicago, USA, June 2010
[65]姜伟,方滨兴,田志宏,等.基于攻防博弈模型的网络安全测评和最优主动防御[J].计算机学报,Vol.32 No.4 2009
[66]王元卓,林闯,程学旗,等.基于随机博弈模型的网络攻防量化分析方法[J].计算机学报,Vol.33 No.9 2010
[67]Lye K, Wing JM. Game strategies in network security[C]. In Proceedings of 15th IEEE Computer Security Foundations Workshop,2002.
[68]Hespanha JP, Bohacek S. Preliminary results in routing games[C]. In Proceedings of the 2001 American Control Conference.Arlington, VA,2001.
[69]Browne R. C41 defensive infrastructure for survivability against multi-modeattacks[C]. In Proceedings of 21st Century Military Communications Conference.Los Angeles, CA,2000.
[70]Liu P, Zang WY. Incentive-based modeling and inference of attacker intent, objectives, and strategies[C]. ACM Conference on Computer and Communications Security 2003:179-189
[71]GB/T 20984-2007《信息安全技术信息安全风险评估规范》[S].2007
[72]张海霞.基于环境因素与攻击能力的网络脆弱性评估模型[D]:[博士].北京:中国科学院软件研究所,2008.
[73]冯萍慧,连一峰,戴英侠,等.基于可靠性理论的分布式系统脆弱性模型[J].软件学报2006,17(7):1633-1640.
[74]Murphy KP. A Brief Introduction to Graphical Models and Bayesian Networks[EB/OL]. [2012-03-10]. http://www.cs.ubc.ca/~murphyk/Bayes/bayes.html
[75]Pearl J. Probabilistic reasoning in intelligent systems[M]. Los Altos, CA:Morgan Kaufmann, 1989.6
[76]Weidl G, Madsen AL, Israelsson S. Object-Oriented Bayesian Networks for Condition Monitoring, Root Cause Analysis and Decision Support on Operation of Complex Continuous Processes[J]. Computers and Chemical Engineering,2005,29; 1996-2009
[77]Paszek E. Probabilistic Boolean and Bayesian Networks Version 1.5:October 9,2007, Produced by The Connexions Projects.
[78]Wang JA, Guo MZ. Vulnerability Categorization Using Bayesian Networks[C]. CSIIRW'10, April 21-23,2010, Oak Ridge, TN, USA.
[79]National Vulnerability Database. CWE Cross Section Mapped into by NVD[EB/OL]. [2012-03-10]. http://nvd.nist.gov/cwe.cfm.
[80]Bobbio A, Portinale L, Miniehino M. Improving the analysis of dependable systems by mapping fault trees into Bayesian networks[J]. Reliability Engineering and System Safety, 2001,71(3):24-260
[81]Liu Y, Man H. Network vulnerability assessment using Bayesian networks[C]. Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005. Edited by Dasarathy, Belur V. Proceedings of the SPIE, Volume 5812, pp.61-71.
[82]Frigault M, Wang LY. Measuring Network Security Using Bayesian Network-Based Attack Graphs [C]. Proc. The 3rd IEEE International Workshop on Security, Trust, and Privacy for Software Applications (STPSA 2008), July 28-August 1,2008, pages 698-703.
[83]拉塞尔,诺文.人工智能——一种现代方法[M].姜哲,译.第2版.北京:人民邮电出版社2004
[84]Cooper GF. Computational complexity of probability inference using Bayesian belief networks[J]. Artificial Intelligence,1993,15:246-255
[85]Bavelas A. A mathematical model for group structures[J]. Human Organization 7:16-30. 1948
[86]Bavelas A. Communication patterns in task oriented groups[J]. Journal of the Acoustical Society of America 22:271-282.1950
[87]Freeman LC. A Set of measures of centrality based upon betweenness[J]. Sociometry,1977, 40(1):35-41.
[88]Sabidussi G. The centrality index of a graph[J]. Psychometrika,1966,31(4)
[89]Estrada E, Rodriguez-Velazquez JA. Subgraph Centrality in Complex Networks [J]. Phys Rev E,2005,71(55):56-103.
[90]Barthelemy M. Betweenness centrality in large complex networks[J]. Eurpean Physical Journal B,2004,38(1434):163-168.
[91]MIT Lincoln Lab.2000 DARPA intrusion detection scenario specific datasets[EB/OL]. [2012-03-10]. http://www.ll.mit.edu/IST/ideval/data/2000/2000_ data_index.html,2003-7.
[92]Security Focus, Bugtraq Vulnerabilities [EB/OL]. [2012-03-10]. http://www.securityfocus.com/vulnerabilities