基于攻击图的网络安全风险评估技术研究
|
摘要
随着网络技术的飞速发展,网络攻击事件的不断增多,网络安全问题越发引起人们的关注。网络安全风险评估是一种发现和处理网络安全问题的有效方法。传统的网络安全风险评估方法大都针对主机的孤立脆弱性的评估,没有考虑脆弱性间的依赖关系给网络的安全风险带来的影响。独立脆弱性可能不会对网络造成严重危害,但多个脆弱性被有效的组合起来却可能对网络造成巨大伤害。
本文提出基于攻击图的网络安全风险评估方法,将攻击图技术应用到网络安全风险评估中,通过攻击图展示攻击者利用网络中脆弱性及脆弱性间依赖关系综合入侵目标网络的攻击场景,并在此基础上计算网络的安全风险和寻找最小代价的网络加固措施。本文给出了基于攻击图的网络安全风险评估框架,它包括网络信息模型化表示、攻击图生成、风险计算及安全加固四个模块。
在攻击图的构建中,文章首先提出了构建全局攻击图。全局攻击图从攻击者最大限度获得网络安全要素的角度,描绘一切可被攻击者的采用的攻击路径。为了构建全局攻击图,本文提出全局攻击图的构建框架,并给出全局攻击图的构建算法。由于全局攻击图描述了任意两个节点间的攻击路径,因此可能存在环路,这给基于攻击图的安全分析带来困难。为此,本文对攻击图中可能存在的三类环路进行讨论,给出消除环路的办法,并提出逆向搜索算法生成关于攻击目标的不含环路的最优攻击子图。在目标最优攻击子图基础上,本文对到达目标的攻击路径进行分析,并给出了获取攻击路径的算法及判断攻击路径是否为最简攻击路径的判定算法。
由于攻击图的各节点间相依赖,为了准确计算各节点的发生概率,本文提出基于贝叶斯网络的精确概率计算方法。该方法分别给出攻击节点间的串联、并联及考虑攻击经验情况下,节点发生概率精确计算办法,并通过实例验证了方法的正确性。但是,由于贝叶斯网络本身是无环图,基于贝叶斯网络概率计算方法也只能适用于无环的攻击图,且计算繁杂度为指数级,不适合大规模网络使用。
为了在含环的大规模攻击图中计算节点发生概率,根据“木桶原理”,本文提出了基于邻接矩阵的最大风险概率计算方法。该方法通过矩阵相乘运算推导出多步最大风险邻接矩阵,并将1步到n步最大风险邻接矩阵叠加,生成全局最大风险邻接矩阵,计算出全部节点的风险概率。该方法由于只采用矩阵相乘运算,因此计算繁杂度为多项式级,适用于大规模网络。该方法另外一个优势是能够正确识别和处理环路,对节点在环路内部及节点虽然在环路外部,但是经过若干步攻击会进入环路内部情况分别讨论,给出相应的识别和处理办法。
通过风险计算得了到各节点的风险值,对超出接受程度的风险,必须采用安全加固措施消除风险。为了保证目标节点的安全,所采用安全加固措施必须能够切断所有到达目标节点的攻击路径。为此,本文描述关键攻击集及最小关键攻击集的概念,阐述了求解最小关键攻击集等价于碰集问题。由于攻击图中攻击节点依赖于前提属性节点,因此无法直接通过消除关键攻击集中的攻击节点阻止攻击,只能通过消除攻击节点所依赖的初始属性节点来阻止攻击。以前的研究文献中都假设初始属性可以独立消除,初始属性节点与加固措施一一对应,求解最小代价网络加固问题就是求解最优弥补集问题。但是,这种假设在很多情况下是不成立的,一个加固措施往往可同时消除多个初始属性节点。因此,本文放弃了这种假设,阐述了求解最小代价加固措施集问题,可转化为数学中的加权集合覆盖问题。本文还给出最小代价网络加固问题形式化描述。
为了求解最小代价网络加固问题,本文首先提出基于弥补集的计算方法。该方法采用了传统的基于弥补集的计算思想,但放弃了初始属性节可以独立消除的假设,并且引入加固措施及加固措施集等思想,所以更能精确求解。但是,基于弥补集的计算方法的两个步骤都是NP完全问题,所以对应算法的复杂度必然很高。为了提高计算效率,本文提出基于转换的最小代价加固措施集计算方法,证明了最小代价网络加固问题与加权碰集问题的等价性,给出了将最小代价网络加固问题转化为加权碰集问题的办法,讨论了最小代价网络加固问题的扩展问题。
由于最小代价网络加固问题与加权碰集问题等价,而加权碰集问题是已被证明的NP完全问题,因此精确求解最小代价网络加固问题的算法的时间复杂度必然为指数级,不适合大规模攻击图。为此,本文针对碰集问题提出近似算法,并将其应用基于弥补集的计算方法和基于转换的计算方法中。本文对基于弥补集计算方法和基于转换的计算方法进行对比分析,并通过五个不同规模的攻击图实例进行实验对比,结果表明基于转换的计算方法在计算效率和接近全局最优解的近似度上都优于基于弥补集计算方法。
With the rapid development of network technology and increasing networkattacks, more and more attention is paid to the network security. Network security riskassessment is an effective method to discover and handle the network securityproblems. Most methods of traditional network security risk assessment are forindependent vulnerabilities of hosts and ignore the interrelation among vulnerabilities.The individual vulnerabilities are not serious for network security, but the effectivecombined vulnerabilities will seriously damage network security condition.
The dissertation presents a new method of network security risk assessmentbased on attack graphs which show the attack scenario the attacker exploitsvulnerabilities and dependency relationship among vulnerabilities to attack targetnetwork. We measure the amount of security risk and search the minimum costnetwork hardening measures based on attack graphs. The dissertation presents anetwork security risk framework based on attack graphs, which consists of fourmodules: information model representation, attack graph generation, risk computation andsecurity hardening.
In the course of building attack graph, the dissertation firstly proposes the globalattack graph which represents all attack paths the attacker maybe exploit. Aframework for building the global attack graph is developed and the correspondingbuilding algorithm is presented. Because loop paths maybe exist in the global attackgraph, it is difficult to analyze the network security based on the global attack graph.The dissertation discusses three kinds of loop paths existed in attack graphs andproposes the methods of elimination loops. Then the dissertation provides a reversalsearching algorithm to generate the optimal subgraph of the global attack graph. Theoptimal subgraph eliminates all loops and is suitable for security analysis. We propose the acquisition algorithm of attack paths and decision algorithm whether an attackpath is the simplest or no in the subgrph.
Because of the dependency among vulnerabilities, the dissertation proposes theaccurate calculation method based on Bayesian network for calculating nodeoccurrence probability. This method provides the accurate calculation approaches onthe condition of the parallel attack nodes, series attack nodes and attack experienceconsidered. We prove the correctness of the method by experiments. Because theBayesian network is only suitable for acyclic graph, the calculation method based onBayesian network is only for acyclic attack graphs and is exponential on algorithmcomplexity. So the method can not apply to large scale network.
In order to calculate the node occurrence probability in large and cyclic attackgraphs, the dissertation proposes a maximum risk probability calculation methodbased on bucket principle. The method applies matrix multiplication to deducemultistep maximum risk adjacency matrix. Then the global maximum risk adjacencymatrix is generated by superimposing these multistep maximum risk adjacencymatrices, which presents risk probabilities of all nodes. Because the method onlyadopts the operation of matrix multiplication, the time complexity is polynomial andis suitable for large scale network. Another advantage of the method is to correctlydiscover and dispose loop in attack graphs. The dissertation discusses the conditionsthat the node is inside loop and the node is outside loop but it can be inside loop by aseries of attacks, then methods are proposed to discover and dispose in differentconditions.
When the risk value of the node is beyond acceptance, security measures must beapplied. In order to ensure target node safety, security measures must cut off all attackpaths to target node. The dissertation represents the concepts of critical attack set andminimum critical set, and discusses that the problems of minimum critical set areequivalence of hitting set problem. Because the attack node depends on itsprecondition attribute nodes, the attack node can not disable without disabling itsprecondition attribute nodes. Only the initial node in attribute nodes can be disableddirectly. Previous work is assumption that the initial node can be independently disabled and there is one-to-one correspondence between the initial node and thehardening measure. This assumption is not true in most conditions. A hardeningmeasure can be applied to disable several initial attribute nodes. So the dissertationdrops this assumption and explains that the problem of the minimum cost hardeningmeasures set calculation can be converted to the weighted set cover problem. Thedissertation provides formal description of the minimum cost network hardeningproblem.
To solve the minimum cost network hardening problem, the dissertation firstlypresents the method based on traditional security measures. Because we drops theassumption that initial attribute nodes can be independently disabled and the conceptof hardening measures is introduced, this method is more exactly. The two solvingsteps of this method are both NP-complete problem. Thus the time complexity of thismethod must be high. In order to improve the calculation efficiency, the calculationmethod of the minimum cost network hardening measure set based on conversion ispresented. We prove the equivalence of the minimum cost network hardening problemand the weighted hitting set problem and present the method of converting theminimum cost network hardening problem to the weighted hitting set problem. Thenwe discuss the expand problem of the minimum cost network hardening problem.
Because the equivalence of the minimum cost network hardening problem andthe weighted hitting set problem and the weighted hitting set problem has been provedto be NP-complete, the algorithm complexity of exactly solving the minimum costnetwork hardening problem is exponential and is not suitable for large scale network.The dissertation provides approximation algorithm for the weighted hitting setproblem, and applies it to the calculation method based on traditional securitymeasures and the calculation method based on conversion. Then comparative analysisof the two methods is presented and comparative experiments on five different scaleattack graphs are presented. The result showed that the calculation method based onconversion has better computational efficiency and approximation ratio than thecalculation method based on traditional security measures.
本文提出基于攻击图的网络安全风险评估方法,将攻击图技术应用到网络安全风险评估中,通过攻击图展示攻击者利用网络中脆弱性及脆弱性间依赖关系综合入侵目标网络的攻击场景,并在此基础上计算网络的安全风险和寻找最小代价的网络加固措施。本文给出了基于攻击图的网络安全风险评估框架,它包括网络信息模型化表示、攻击图生成、风险计算及安全加固四个模块。
在攻击图的构建中,文章首先提出了构建全局攻击图。全局攻击图从攻击者最大限度获得网络安全要素的角度,描绘一切可被攻击者的采用的攻击路径。为了构建全局攻击图,本文提出全局攻击图的构建框架,并给出全局攻击图的构建算法。由于全局攻击图描述了任意两个节点间的攻击路径,因此可能存在环路,这给基于攻击图的安全分析带来困难。为此,本文对攻击图中可能存在的三类环路进行讨论,给出消除环路的办法,并提出逆向搜索算法生成关于攻击目标的不含环路的最优攻击子图。在目标最优攻击子图基础上,本文对到达目标的攻击路径进行分析,并给出了获取攻击路径的算法及判断攻击路径是否为最简攻击路径的判定算法。
由于攻击图的各节点间相依赖,为了准确计算各节点的发生概率,本文提出基于贝叶斯网络的精确概率计算方法。该方法分别给出攻击节点间的串联、并联及考虑攻击经验情况下,节点发生概率精确计算办法,并通过实例验证了方法的正确性。但是,由于贝叶斯网络本身是无环图,基于贝叶斯网络概率计算方法也只能适用于无环的攻击图,且计算繁杂度为指数级,不适合大规模网络使用。
为了在含环的大规模攻击图中计算节点发生概率,根据“木桶原理”,本文提出了基于邻接矩阵的最大风险概率计算方法。该方法通过矩阵相乘运算推导出多步最大风险邻接矩阵,并将1步到n步最大风险邻接矩阵叠加,生成全局最大风险邻接矩阵,计算出全部节点的风险概率。该方法由于只采用矩阵相乘运算,因此计算繁杂度为多项式级,适用于大规模网络。该方法另外一个优势是能够正确识别和处理环路,对节点在环路内部及节点虽然在环路外部,但是经过若干步攻击会进入环路内部情况分别讨论,给出相应的识别和处理办法。
通过风险计算得了到各节点的风险值,对超出接受程度的风险,必须采用安全加固措施消除风险。为了保证目标节点的安全,所采用安全加固措施必须能够切断所有到达目标节点的攻击路径。为此,本文描述关键攻击集及最小关键攻击集的概念,阐述了求解最小关键攻击集等价于碰集问题。由于攻击图中攻击节点依赖于前提属性节点,因此无法直接通过消除关键攻击集中的攻击节点阻止攻击,只能通过消除攻击节点所依赖的初始属性节点来阻止攻击。以前的研究文献中都假设初始属性可以独立消除,初始属性节点与加固措施一一对应,求解最小代价网络加固问题就是求解最优弥补集问题。但是,这种假设在很多情况下是不成立的,一个加固措施往往可同时消除多个初始属性节点。因此,本文放弃了这种假设,阐述了求解最小代价加固措施集问题,可转化为数学中的加权集合覆盖问题。本文还给出最小代价网络加固问题形式化描述。
为了求解最小代价网络加固问题,本文首先提出基于弥补集的计算方法。该方法采用了传统的基于弥补集的计算思想,但放弃了初始属性节可以独立消除的假设,并且引入加固措施及加固措施集等思想,所以更能精确求解。但是,基于弥补集的计算方法的两个步骤都是NP完全问题,所以对应算法的复杂度必然很高。为了提高计算效率,本文提出基于转换的最小代价加固措施集计算方法,证明了最小代价网络加固问题与加权碰集问题的等价性,给出了将最小代价网络加固问题转化为加权碰集问题的办法,讨论了最小代价网络加固问题的扩展问题。
由于最小代价网络加固问题与加权碰集问题等价,而加权碰集问题是已被证明的NP完全问题,因此精确求解最小代价网络加固问题的算法的时间复杂度必然为指数级,不适合大规模攻击图。为此,本文针对碰集问题提出近似算法,并将其应用基于弥补集的计算方法和基于转换的计算方法中。本文对基于弥补集计算方法和基于转换的计算方法进行对比分析,并通过五个不同规模的攻击图实例进行实验对比,结果表明基于转换的计算方法在计算效率和接近全局最优解的近似度上都优于基于弥补集计算方法。
With the rapid development of network technology and increasing networkattacks, more and more attention is paid to the network security. Network security riskassessment is an effective method to discover and handle the network securityproblems. Most methods of traditional network security risk assessment are forindependent vulnerabilities of hosts and ignore the interrelation among vulnerabilities.The individual vulnerabilities are not serious for network security, but the effectivecombined vulnerabilities will seriously damage network security condition.
The dissertation presents a new method of network security risk assessmentbased on attack graphs which show the attack scenario the attacker exploitsvulnerabilities and dependency relationship among vulnerabilities to attack targetnetwork. We measure the amount of security risk and search the minimum costnetwork hardening measures based on attack graphs. The dissertation presents anetwork security risk framework based on attack graphs, which consists of fourmodules: information model representation, attack graph generation, risk computation andsecurity hardening.
In the course of building attack graph, the dissertation firstly proposes the globalattack graph which represents all attack paths the attacker maybe exploit. Aframework for building the global attack graph is developed and the correspondingbuilding algorithm is presented. Because loop paths maybe exist in the global attackgraph, it is difficult to analyze the network security based on the global attack graph.The dissertation discusses three kinds of loop paths existed in attack graphs andproposes the methods of elimination loops. Then the dissertation provides a reversalsearching algorithm to generate the optimal subgraph of the global attack graph. Theoptimal subgraph eliminates all loops and is suitable for security analysis. We propose the acquisition algorithm of attack paths and decision algorithm whether an attackpath is the simplest or no in the subgrph.
Because of the dependency among vulnerabilities, the dissertation proposes theaccurate calculation method based on Bayesian network for calculating nodeoccurrence probability. This method provides the accurate calculation approaches onthe condition of the parallel attack nodes, series attack nodes and attack experienceconsidered. We prove the correctness of the method by experiments. Because theBayesian network is only suitable for acyclic graph, the calculation method based onBayesian network is only for acyclic attack graphs and is exponential on algorithmcomplexity. So the method can not apply to large scale network.
In order to calculate the node occurrence probability in large and cyclic attackgraphs, the dissertation proposes a maximum risk probability calculation methodbased on bucket principle. The method applies matrix multiplication to deducemultistep maximum risk adjacency matrix. Then the global maximum risk adjacencymatrix is generated by superimposing these multistep maximum risk adjacencymatrices, which presents risk probabilities of all nodes. Because the method onlyadopts the operation of matrix multiplication, the time complexity is polynomial andis suitable for large scale network. Another advantage of the method is to correctlydiscover and dispose loop in attack graphs. The dissertation discusses the conditionsthat the node is inside loop and the node is outside loop but it can be inside loop by aseries of attacks, then methods are proposed to discover and dispose in differentconditions.
When the risk value of the node is beyond acceptance, security measures must beapplied. In order to ensure target node safety, security measures must cut off all attackpaths to target node. The dissertation represents the concepts of critical attack set andminimum critical set, and discusses that the problems of minimum critical set areequivalence of hitting set problem. Because the attack node depends on itsprecondition attribute nodes, the attack node can not disable without disabling itsprecondition attribute nodes. Only the initial node in attribute nodes can be disableddirectly. Previous work is assumption that the initial node can be independently disabled and there is one-to-one correspondence between the initial node and thehardening measure. This assumption is not true in most conditions. A hardeningmeasure can be applied to disable several initial attribute nodes. So the dissertationdrops this assumption and explains that the problem of the minimum cost hardeningmeasures set calculation can be converted to the weighted set cover problem. Thedissertation provides formal description of the minimum cost network hardeningproblem.
To solve the minimum cost network hardening problem, the dissertation firstlypresents the method based on traditional security measures. Because we drops theassumption that initial attribute nodes can be independently disabled and the conceptof hardening measures is introduced, this method is more exactly. The two solvingsteps of this method are both NP-complete problem. Thus the time complexity of thismethod must be high. In order to improve the calculation efficiency, the calculationmethod of the minimum cost network hardening measure set based on conversion ispresented. We prove the equivalence of the minimum cost network hardening problemand the weighted hitting set problem and present the method of converting theminimum cost network hardening problem to the weighted hitting set problem. Thenwe discuss the expand problem of the minimum cost network hardening problem.
Because the equivalence of the minimum cost network hardening problem andthe weighted hitting set problem and the weighted hitting set problem has been provedto be NP-complete, the algorithm complexity of exactly solving the minimum costnetwork hardening problem is exponential and is not suitable for large scale network.The dissertation provides approximation algorithm for the weighted hitting setproblem, and applies it to the calculation method based on traditional securitymeasures and the calculation method based on conversion. Then comparative analysisof the two methods is presented and comparative experiments on five different scaleattack graphs are presented. The result showed that the calculation method based onconversion has better computational efficiency and approximation ratio than thecalculation method based on traditional security measures.
引文
[1]麦克劳尔,撒哈,等.黑客攻击与防御[M].北京:清华大学出版社,2004.
[2]张耀疆.聚焦黑客—攻击手段与防护策略[M].北京:人民邮电出版社,2002.
[3] John Chirillo.黑客攻击防范篇[M].北京:机械工业出版社,2003.
[4]谭毓安.网络攻击防护编码设计[M].北京:北京希望电子出版社,2002.
[5]欧迪尔.黑客札记: Windows安全手册[M].北京:清华大学出版社,2005.
[6]哈茨,李著. LINUX黑客大曝光[M].北京:清华大学出版社,2003.
[7]连一峰,王航.网络攻击原理与技术[M].北京:科学出版社,2004.
[8]刘欣然.网络攻击分类技术综述[J].通信学报,2004,25(7):30-36.
[9]杨义先,钮心忻.网络安全理论与技术[M].北京:人民邮电出版社,2003.
[10]冯登国.网络安全原理与技术[M].北京:科学出版社,2003.
[11]史忠植.高级计算机网络[M].北京:电子业出版社,2002,230-235.
[12]张然,钱德沛,过晓兵.防火墙与入侵检测技术[J].计算机应用研究,2001,18⑴,4-7
[13]冯登国.计算机通信网络安全[M].北京:清华大学出版社,2001.
[14]蒋建春,马恒太,任党恩,等.网络安全入侵检测:研究综述[J].软件学报,2000,11(11):1460-1466.
[15]田畅,郑少仁.计算机病毒计算模型的研究[J].计算机学报,2007,24(2):158-163.
[16]王维,张鹏涛,谭营,等.一种基子人工免疫和代码相关性的计算机病毒特征提取方法[J].计算机学报,2011,34(2):204-215.
[17]吴晓平,付钰.信息安全风险评估教程[M].武汉:武汉大学出版社,2011.
[18]范红.信息安全风险评估规范国家标准理解与实施[M].北京:中国标准出版社,2008.
[19]张泽虹,赵冬梅.信息安全管理与风险评估[M].北京:电子工业出版社,2010.
[20]中华人民共和国国家标准. GB/T17859-1999计算机信息系统安全保护等级划分准则[S].北京:中国标准出版社,1999.
[21]中华人民共和国国家标准. GB/T9361-2011计算机场地安全要求[S].北京:中国标准出版社,2011.
[22]中华人民共和国国家标准. GB/T18336.3-2008信息技术安全技术信息技术安全性评估准则第3部分:安全保证要求[S].北京:中国标准出版社,2008.
[23]中华人民共和国国家标准. GB/T18336.2-2008信息技术安全技术信息技术安全性评估准则第2部分:安全功能要求[S].北京:中国标准出版社,2008.
[24]中华人民共和国国家标准. GB/T18336.1-2008信息技术安全技术信息技术安全性评估准则第1部分:简介和一般模型[S].北京:中国标准出版社,2008.
[25]中华人民共和国国家标准. GB/T22081-2008信息技术安全技术信息安全管理实用规则[S].北京:中国标准出版社,2008.
[26]中华人民共和国国国家标. GB/T19715.1-2005信息技术信息技术安全管理指南第1部分:信息技术安全概念和模型[S].北京:中国标准出版社,2005.
[27]中华人民共和国国家标准. GB/T19715.2-2005信息技术信息技术安全管理指南第2部分:管理和规划信息技术安全[S].北京:中国标准出版社,2005.
[28]中华人民共和国国家标准. GB/T20984-2007信息安全技术信息安全风险评估规范[S].北京:中国标准出版社,2007.
[29]范红,冯登国,吴亚非.信息安全风险评估方法与应用[M].北京:清华大学出版社,2006.
[30]张建军.信息安全风险评估探索与实践[M].北京:中国标准出版社,2005.
[31] John P Kindinger,John L Darby. Risk Factor Analysis-A New QualitativeRisk Management Tool[C]. Proeeedings of the Project ManagementInstitute Annual Seminars&SymPosium, Houston, Texas, USA,2000.
[32] Jack A Jones.An Introduction to Factor Analysis of InformationRisk(FAIR):A framework for understanding,analyzing,and measuring information risk[J]. Norwich University Journal of lnformationAssurance,2006.
[33] M BMiles,A M Huberman.Qualitative data analysis[M]. Cal:Sage,1994.
[34]张义荣,鲜明,王国玉.一种基于网络熵的计算机网络攻击效果定量评估方法[J].通信学报,2004,25(11):158-165.
[35]许福永,申健,李剑英.基于Delphi和ANN的网络安全综合评价方法研究[J].微机发展,2005,15(10):11-15.
[36] T L Saaty. The Analytic Hierarchy Process:Planning,Priority Seting,Resource Allocation[M]. NewYork:MeGraw-HIll,1980.
[37] Tim Bedford,Roger Cooke. probabilistic Risk Analysis-Foundationsand Methods[M]. Cambridge:Cambridge University Press,2005.
[38]刘强,殷建平,蔡志平,程杰仁.基于不确定图的网络漏洞分析方法[J].软件学报,2011,22(6):13981412.
[39]司加全,张冰,苘大鹏,杨武.基于攻击图的网络安全性增强策略制定方法[J].通信学报,2009,30(2):123-128.
[40]陈秀真,郑庆华,管晓宏,林展光,层次化网络安全威胁态势量化评估方法.软件学报,2006,17(4):885一897.
[41]王永杰,鲜明,刘进,王国玉.基于攻击图模型的网络安全评估研究.通信学报,2007,28(3):2934.
[42] Aagedal,Braber,Dimitrakos. Model-Based Risk Assessment to ImproveEnterprise Security[C]. Proceedings Sixth International InEnterprise Distributed Object Computing Conference,2002:51-62.
[43] Denning D. Cryptography and Data Security[M]. MA,USA:Addison-Wesley,1982.
[44] Bishop M,Bailey D. A Critical Analysis of vulnerabilityTaxonomies[R]. Davis,USA:Department of Computer Science at theUniversity of California at Davis,1996.
[45] Longley D, Shain M, Caell W. Information Security: Dictionary ofConcepts, Standards and Terms[M]. New York, USA: MacMillan,1992.
[46] Bisbey R, Hollingworth D. Protection analysis:final report[R].University of southern California,1978.
[47] Abbott R, Chin J, Donnelley J,et al. Security Analysis andEnhancements of Computer Operating Systems[R]. Lawrence LivermoreLaboratory TR NBSIR-76-1041, National Bureau of Standards,Washington D C,1976.
[48] Aslam T. A Taxonomy of Security Faults in the Unix Operating System[D].Purdue University,1995.
[49] Ivall Victor Krusl. Software Vulnerability analysis[D]. PurdueUniversity, West Lafayette,1998.
[50] Bishop M, Bailey D. A Taxonomy of Unix System and NetworkVulnerabilities[R]. Technical Report CSE-9510. Department ofComputer Science, University of California, Davis,1995.
[51] Knight E, Hartley B V. Is your network inviting an attack[J]. InternetSecurity Advisor,2000(5/6):2-5.
[52]张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114
[53]汪立东.操作系统安全评估与审计增强[D].哈尔滨:哈尔滨工业大学,2002.
[54]翟钰,张玉清,武维善.系统安全漏洞研究及数据库实现[J].计算机工程,2004,30(8):68-70.
[55] FIRST. A Complete Guide to the Common Vulnerability Scoring SystemVersion [EB/OL].[2013-12-10]. http://www.first.org/cvss/cvss-guide.html.
[56]张涛,胡铭曾,云晓春,张永铮.计算机网络安全性分析建模研究.通信学报,2005,26(12):100109.
[57]张海霞,连一峰,苏璞睿,冯登国.基于安全状态域的网络评估模型[J].软件学报,2009,20(2):451-461.
[58]冯萍葱,连一峰,藏英侠,鲍旭华.基于可靠性理论的分布式系统脆弱性模型.软件学报,2006,17(7):1633一1640.
[59]冯萍慧,连一峰,戴英侠.面向网络系统的脆弱性利用成本估算模型[J].计算机学报,2006,29(8):1375-1382.
[60] Schnerier B. Attack trees-modeling security threats[J]. Dr Dobb,SJournal,1999,12(24):21-29.
[61]林闯,汪洋,李枭林.网络安全的随机模型方法与评价技术[J].计算机学报,2005,28(12):1943-1956.
[62] K Clark, S Tyree, J Dawkins, et al. Qualitative and QuantitativeAnalytical Techniques for Network Security Assessment[C]. Proc2004Information Assurance Workshop of the5th Annual IEEESMC,Hawaii,USA,IEEE Press,2004.
[63] R Dewri,N PoolsapPasit,I Ray,et al. Optimal Security Hardening UsingMulti-objective Optimization on Attack Tree Models of Networks. Procthe14th ACM Conference on Computer and CommunicationsSecurity(CCS.07). Alexandria,Virginia,USA,ACM Press,2007.
[64] Dacier M,Deswarte Y. The privilege graph: An extension to the typedaccess matrix model[C]. In European Symposium in Computer Security(ES0R1CS'94), Lecture Notes in Computer Science, Springer-Verlag,Brighton, UK,1994(875):319-334.
[65] Dacier M. Towards quantitative evaluation of computer security[D].Institute National Polytechnique de Toulouse, December1994.
[66] Dacier M,Deswarte Y, M Kaaniche. Quantitative assessment ofoperational security models and tools[R]. Technical Report ResearchReport96493,LAAS, May1996:177-186.
[67] C Phillips,L Painton Swiler. A graph-based system for networkvulnerability analysis[C].Proeeedings of the1998workshop on Newsecurity Paradigms,Charlottesville, Virginia,United States,1998:71-79.
[68] L P Swiler, C Phillips, D. Ellis, and S. Chakerian. Computer-AttackGraph Generation Tool[C]. Proceedings: DARPA InformationSurvivability Conference and Exposition,Anaheim,California,2001:1307–1321.
[69] L P Swiler, C Phillips, and T Gaylor. A Graph-BasedNetwork-Vulnerability Analysis System[R]. Sandia NationalLaboratories, Albuquerque, New Mexico and Livermore, California,1998.
[70] C Ramakrishnan,R Sekar. Mode-Based Analysis of ConfigurationVulnerabilities[J]. Journal of Computer Security,2002,10(l/2):189-209.
[71] R W Ritchey,P Ammann. Using Model Checking to Analyze NetworkVulnerabilities[C]. Proceedings:2000IEEE Computer SocietySymposium on Security and Privacy (S&P2000), Oakland, California,IEEE Computer Society,2000:156–165.
[72] O. Sheyner, S Jha, J M Wing, R P Lippmann, and J Haines. AutomatedGeneration and Analysis of Attack Graphs[C].2002IEEE Symposium onSecurity and Privacy,Oakland, California,2002.
[73] O.Sheyner. Scenario graphs and attack graphs[D]. Carnegie MellonUniversity,2004.
[74] Sheyner O, Wing JM. Tools for generating and analyzing attackgraph[C]. Proceedings of the Workshop on Formal Methods forComponents and Objects,Tehran,2004:344-371.
[75] S Jha, O Sheyner, J Wing. Two Formal Analyses of Attack Graphs[C].Proceedings:15th IEEE Computer Security Foundations Workshop(CSFW’15),IEEE Computer Society,2002:49–63.
[76] P Ammann, D Wijesekera, S Kaushik. Scalable, Graph-Based NetworkVulnerability Analysis[C]. Proceedings of the9th ACM Conference onComputer and Communication Security, New York: ACM Press,2002:217-224.
[77] L. Wang, S. Noel, and S. Jajodia. Minimum-cost network hardeningusing attack graphs[J]. Computer Communications,2006,29(18):3812-3824.
[78] Li Wei. An Approach to Graph-Based Modeling of NetworkExploitations[D]. Department of Computer Science and Engineering,Mississippi State University,Mississippi State, Mississippi,2005.
[79] W Li, R Vaughn. Building Compact Exploitation Graphs for a ClusterComputing Environment[C]. Proceedings of the6th IEEE Systems, Manand Cybernetics Information Assurance Workshop, West Point, New York,IEEE SMC, IEEE Computer Society and National Security Agency,2005:50-57.
[80] W Li, and R Vaughn. Using Exploitation Graphs to Model NetworkExploitations[C].Symposium on Risk Management and Cyber-Informatics:Proceedings of the9th World Multi-Conference onSystemics,Cybernetics and Informatics, Orlando, Florida,International Institute of Informatics and Systemics,2005:404-409.
[81] W Li, R Vaughn. An Approach to Model Network ExploitationsUsingExploitation Graphs[C]. Military, Government, and AerospaceSimulation Symposium: Proceedings of the2005Spring SimulationMulticonference, San Diego, California,2005:237-244.
[82] Xinming Ou, Wayne F Boyer, Miles A. McQueen. A Scalable Approach toAttack Graph Generation[C]. Proceedings of the13th ACM conferenceon Computer and communications security,2006:336-345.
[83] Xinming Ou. A logic-programming approach to network securityanalysis[D].Princeton: Princeton University,2005.
[84] S Jajodia, S Noel, B O'Beny. Topological Analysis of Network AttackVulnerability[M]. Netherlands: Kluwer Academic Publisher,2003.
[85] P Eades, W Feng. Multilevel Visualization of Clustered Graphs[C].Proceedings of the Symposium on Graph Drawing,1996.
[86] A Buchsbaum, J Westbrook. Maintaining Hierarchical GraphViews[C].Proceedings of the11th ACM-SIAM Symposium on DiscreteAlgorithms,2000.
[87] M Raitner. HGV: A Library for Hierarchies, Graphs, and Views[C].Proceedings of the Symposium on Graph Drawing,2002.
[88] M Raitner. Maintaining Hierarchical Graph Views for DynamicGraphs[R]. University of Passau,2004.
[89] Noel S and S Jajodia. Managing attack graph complexity through visualhierarchical aggregation[C]. Proceedings of the2004ACM workshopon Visualization and data mining for computer security, New York,NY, USA,2004:109-118.
[90] Noel S, M Jacobs, P Kalapa, S Jajodia. Multiple coordinated viewsfor network attack graphs[C]. In IEEE Workshop on Visualization forComputer Security,2005.
[91] Williams, L, R. Lippmann, and K Ingols. An interactive attack graphcascade and reachability display[C]. In IEEE Workshop onVisualization for Computer Security,2007.
[92] Williams L, R Lippmann, K Ingols. Garnet: A graphical attack graphand reachability network evaluation tool[C]. In The5thInternational Workshop on Visualization for Cyber Security,2008.
[93] Homer J,X Ou. SAT-solving approaches to context-aware enterprisenetwork security management[C]. IEEE JSAC Special Issue on NetworkInfrastructure Conguration,2008.
[94] Homer J, A Varikuti, X Ou, and M A McQueen. Improving attack graphvisualization through data reduction and attack grouping[C]. In The5th International Workshop on Visualization for Cyber Security,2008.
[95] Homer J. A comprenhensive approach to enterprise network securitymanagment[D]. Kansas State University,2008.
[96] Dawkins J Hale. A System Approach to Multi-Stage Network AttackAnalysis. Proc the2nd IEEE International Information AssuranceWorkshop,Charlotte,NC,USA,2004.
[97]简大鹏,张冰,周渊,杨武,杨永田.一种深度优先的攻击图生成方法[J].吉林大学学报(工学版),2009,39(2):446-452.
[98]苘大鹏,周渊,杨武,杨永田.用于评估网络整体安全性的攻击图生成方法.通信学报,2009,30(3):1-5.
[99] Saha D. Extending logical attack graphs for efficient vulnerabilityanalysis[C].In Proceedings of the15th ACM conference on Computerand Communications Security,2008.
[100] Salim M, E Al-Shaer, L Khan. A novel quantitative approach formeasuring network security[C]. In INFOCOM2008Mini Conference,2008.
[101] Sawilla R,X. Ou. Googling attack graphs[R]. Defence R&D CanadaOttawa,2007.
[102] Vaibhav Mehta, Constantinos Bartzis. Ranking Attack Graphs[R].Zamboni and Kruegel:RAID2006, LNCS4219,2006
[103] Sawilla R,X Ou. Identifying critical attack assets in dependencyattack graphs[C]. In13th European Symposium on Research inComputer Security. Malaga, Spain,2008
[104]Page L, Brin S,Motwani R,et al. The PageRank Citation Ranking:Bringing Order to the Web[R]. Technical Report Stanford DigitalLibrary Technologies Project,1998
[105] Lingyu Wang, Anoop Singhal, Sushil Jajodia. Measuring the overallsecurity of network configurations using attack graphs[C]. Proc21st Annual IFIP WG11.3Working Conference on Data and ApplicationsSecurity,2007.
[106] Lingyu Wang, Anoop Singhal, Sushil Jajodia. Toward MeasuringNetwork Security Using Attack Graphs[C]. Proc3rd InternationalWorkshop on Quality of Protection,2007.
[107] Homer J, Ou XM, Schmidt D. A Sound and Practical Approach toQuantifying Security Risk in Enterprise Networks[R]. Kansas StateUniversity,2009.
[108] Frigault M, Wang LY. Measuring Network Security Using BayesianNetwork-Based Attack Graphs [C]. Proc The3rd IEEE InternationalWorkshop on Security, Trust, and Privacy for SoftwareApplications,2008:698-703.
[109] Frigault M,Wang LY, Singhal A, et al. Measuring network securityusing dynamic Bayesian network[C]. In Proc4th ACM Workshop onQuality of Protection,ACM Press,2008:23-30.
[110] S Noel, S Jajodia, B O’Berry, and M Jacobs. Efficient minimum-costnetwork hardening via exploit dependency graphs[C]. In Proceedingsof the19th Annual Computer Security Applications Conference,2003.
[2]张耀疆.聚焦黑客—攻击手段与防护策略[M].北京:人民邮电出版社,2002.
[3] John Chirillo.黑客攻击防范篇[M].北京:机械工业出版社,2003.
[4]谭毓安.网络攻击防护编码设计[M].北京:北京希望电子出版社,2002.
[5]欧迪尔.黑客札记: Windows安全手册[M].北京:清华大学出版社,2005.
[6]哈茨,李著. LINUX黑客大曝光[M].北京:清华大学出版社,2003.
[7]连一峰,王航.网络攻击原理与技术[M].北京:科学出版社,2004.
[8]刘欣然.网络攻击分类技术综述[J].通信学报,2004,25(7):30-36.
[9]杨义先,钮心忻.网络安全理论与技术[M].北京:人民邮电出版社,2003.
[10]冯登国.网络安全原理与技术[M].北京:科学出版社,2003.
[11]史忠植.高级计算机网络[M].北京:电子业出版社,2002,230-235.
[12]张然,钱德沛,过晓兵.防火墙与入侵检测技术[J].计算机应用研究,2001,18⑴,4-7
[13]冯登国.计算机通信网络安全[M].北京:清华大学出版社,2001.
[14]蒋建春,马恒太,任党恩,等.网络安全入侵检测:研究综述[J].软件学报,2000,11(11):1460-1466.
[15]田畅,郑少仁.计算机病毒计算模型的研究[J].计算机学报,2007,24(2):158-163.
[16]王维,张鹏涛,谭营,等.一种基子人工免疫和代码相关性的计算机病毒特征提取方法[J].计算机学报,2011,34(2):204-215.
[17]吴晓平,付钰.信息安全风险评估教程[M].武汉:武汉大学出版社,2011.
[18]范红.信息安全风险评估规范国家标准理解与实施[M].北京:中国标准出版社,2008.
[19]张泽虹,赵冬梅.信息安全管理与风险评估[M].北京:电子工业出版社,2010.
[20]中华人民共和国国家标准. GB/T17859-1999计算机信息系统安全保护等级划分准则[S].北京:中国标准出版社,1999.
[21]中华人民共和国国家标准. GB/T9361-2011计算机场地安全要求[S].北京:中国标准出版社,2011.
[22]中华人民共和国国家标准. GB/T18336.3-2008信息技术安全技术信息技术安全性评估准则第3部分:安全保证要求[S].北京:中国标准出版社,2008.
[23]中华人民共和国国家标准. GB/T18336.2-2008信息技术安全技术信息技术安全性评估准则第2部分:安全功能要求[S].北京:中国标准出版社,2008.
[24]中华人民共和国国家标准. GB/T18336.1-2008信息技术安全技术信息技术安全性评估准则第1部分:简介和一般模型[S].北京:中国标准出版社,2008.
[25]中华人民共和国国家标准. GB/T22081-2008信息技术安全技术信息安全管理实用规则[S].北京:中国标准出版社,2008.
[26]中华人民共和国国国家标. GB/T19715.1-2005信息技术信息技术安全管理指南第1部分:信息技术安全概念和模型[S].北京:中国标准出版社,2005.
[27]中华人民共和国国家标准. GB/T19715.2-2005信息技术信息技术安全管理指南第2部分:管理和规划信息技术安全[S].北京:中国标准出版社,2005.
[28]中华人民共和国国家标准. GB/T20984-2007信息安全技术信息安全风险评估规范[S].北京:中国标准出版社,2007.
[29]范红,冯登国,吴亚非.信息安全风险评估方法与应用[M].北京:清华大学出版社,2006.
[30]张建军.信息安全风险评估探索与实践[M].北京:中国标准出版社,2005.
[31] John P Kindinger,John L Darby. Risk Factor Analysis-A New QualitativeRisk Management Tool[C]. Proeeedings of the Project ManagementInstitute Annual Seminars&SymPosium, Houston, Texas, USA,2000.
[32] Jack A Jones.An Introduction to Factor Analysis of InformationRisk(FAIR):A framework for understanding,analyzing,and measuring information risk[J]. Norwich University Journal of lnformationAssurance,2006.
[33] M BMiles,A M Huberman.Qualitative data analysis[M]. Cal:Sage,1994.
[34]张义荣,鲜明,王国玉.一种基于网络熵的计算机网络攻击效果定量评估方法[J].通信学报,2004,25(11):158-165.
[35]许福永,申健,李剑英.基于Delphi和ANN的网络安全综合评价方法研究[J].微机发展,2005,15(10):11-15.
[36] T L Saaty. The Analytic Hierarchy Process:Planning,Priority Seting,Resource Allocation[M]. NewYork:MeGraw-HIll,1980.
[37] Tim Bedford,Roger Cooke. probabilistic Risk Analysis-Foundationsand Methods[M]. Cambridge:Cambridge University Press,2005.
[38]刘强,殷建平,蔡志平,程杰仁.基于不确定图的网络漏洞分析方法[J].软件学报,2011,22(6):13981412.
[39]司加全,张冰,苘大鹏,杨武.基于攻击图的网络安全性增强策略制定方法[J].通信学报,2009,30(2):123-128.
[40]陈秀真,郑庆华,管晓宏,林展光,层次化网络安全威胁态势量化评估方法.软件学报,2006,17(4):885一897.
[41]王永杰,鲜明,刘进,王国玉.基于攻击图模型的网络安全评估研究.通信学报,2007,28(3):2934.
[42] Aagedal,Braber,Dimitrakos. Model-Based Risk Assessment to ImproveEnterprise Security[C]. Proceedings Sixth International InEnterprise Distributed Object Computing Conference,2002:51-62.
[43] Denning D. Cryptography and Data Security[M]. MA,USA:Addison-Wesley,1982.
[44] Bishop M,Bailey D. A Critical Analysis of vulnerabilityTaxonomies[R]. Davis,USA:Department of Computer Science at theUniversity of California at Davis,1996.
[45] Longley D, Shain M, Caell W. Information Security: Dictionary ofConcepts, Standards and Terms[M]. New York, USA: MacMillan,1992.
[46] Bisbey R, Hollingworth D. Protection analysis:final report[R].University of southern California,1978.
[47] Abbott R, Chin J, Donnelley J,et al. Security Analysis andEnhancements of Computer Operating Systems[R]. Lawrence LivermoreLaboratory TR NBSIR-76-1041, National Bureau of Standards,Washington D C,1976.
[48] Aslam T. A Taxonomy of Security Faults in the Unix Operating System[D].Purdue University,1995.
[49] Ivall Victor Krusl. Software Vulnerability analysis[D]. PurdueUniversity, West Lafayette,1998.
[50] Bishop M, Bailey D. A Taxonomy of Unix System and NetworkVulnerabilities[R]. Technical Report CSE-9510. Department ofComputer Science, University of California, Davis,1995.
[51] Knight E, Hartley B V. Is your network inviting an attack[J]. InternetSecurity Advisor,2000(5/6):2-5.
[52]张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究[J].通信学报,2004,25(7):107-114
[53]汪立东.操作系统安全评估与审计增强[D].哈尔滨:哈尔滨工业大学,2002.
[54]翟钰,张玉清,武维善.系统安全漏洞研究及数据库实现[J].计算机工程,2004,30(8):68-70.
[55] FIRST. A Complete Guide to the Common Vulnerability Scoring SystemVersion [EB/OL].[2013-12-10]. http://www.first.org/cvss/cvss-guide.html.
[56]张涛,胡铭曾,云晓春,张永铮.计算机网络安全性分析建模研究.通信学报,2005,26(12):100109.
[57]张海霞,连一峰,苏璞睿,冯登国.基于安全状态域的网络评估模型[J].软件学报,2009,20(2):451-461.
[58]冯萍葱,连一峰,藏英侠,鲍旭华.基于可靠性理论的分布式系统脆弱性模型.软件学报,2006,17(7):1633一1640.
[59]冯萍慧,连一峰,戴英侠.面向网络系统的脆弱性利用成本估算模型[J].计算机学报,2006,29(8):1375-1382.
[60] Schnerier B. Attack trees-modeling security threats[J]. Dr Dobb,SJournal,1999,12(24):21-29.
[61]林闯,汪洋,李枭林.网络安全的随机模型方法与评价技术[J].计算机学报,2005,28(12):1943-1956.
[62] K Clark, S Tyree, J Dawkins, et al. Qualitative and QuantitativeAnalytical Techniques for Network Security Assessment[C]. Proc2004Information Assurance Workshop of the5th Annual IEEESMC,Hawaii,USA,IEEE Press,2004.
[63] R Dewri,N PoolsapPasit,I Ray,et al. Optimal Security Hardening UsingMulti-objective Optimization on Attack Tree Models of Networks. Procthe14th ACM Conference on Computer and CommunicationsSecurity(CCS.07). Alexandria,Virginia,USA,ACM Press,2007.
[64] Dacier M,Deswarte Y. The privilege graph: An extension to the typedaccess matrix model[C]. In European Symposium in Computer Security(ES0R1CS'94), Lecture Notes in Computer Science, Springer-Verlag,Brighton, UK,1994(875):319-334.
[65] Dacier M. Towards quantitative evaluation of computer security[D].Institute National Polytechnique de Toulouse, December1994.
[66] Dacier M,Deswarte Y, M Kaaniche. Quantitative assessment ofoperational security models and tools[R]. Technical Report ResearchReport96493,LAAS, May1996:177-186.
[67] C Phillips,L Painton Swiler. A graph-based system for networkvulnerability analysis[C].Proeeedings of the1998workshop on Newsecurity Paradigms,Charlottesville, Virginia,United States,1998:71-79.
[68] L P Swiler, C Phillips, D. Ellis, and S. Chakerian. Computer-AttackGraph Generation Tool[C]. Proceedings: DARPA InformationSurvivability Conference and Exposition,Anaheim,California,2001:1307–1321.
[69] L P Swiler, C Phillips, and T Gaylor. A Graph-BasedNetwork-Vulnerability Analysis System[R]. Sandia NationalLaboratories, Albuquerque, New Mexico and Livermore, California,1998.
[70] C Ramakrishnan,R Sekar. Mode-Based Analysis of ConfigurationVulnerabilities[J]. Journal of Computer Security,2002,10(l/2):189-209.
[71] R W Ritchey,P Ammann. Using Model Checking to Analyze NetworkVulnerabilities[C]. Proceedings:2000IEEE Computer SocietySymposium on Security and Privacy (S&P2000), Oakland, California,IEEE Computer Society,2000:156–165.
[72] O. Sheyner, S Jha, J M Wing, R P Lippmann, and J Haines. AutomatedGeneration and Analysis of Attack Graphs[C].2002IEEE Symposium onSecurity and Privacy,Oakland, California,2002.
[73] O.Sheyner. Scenario graphs and attack graphs[D]. Carnegie MellonUniversity,2004.
[74] Sheyner O, Wing JM. Tools for generating and analyzing attackgraph[C]. Proceedings of the Workshop on Formal Methods forComponents and Objects,Tehran,2004:344-371.
[75] S Jha, O Sheyner, J Wing. Two Formal Analyses of Attack Graphs[C].Proceedings:15th IEEE Computer Security Foundations Workshop(CSFW’15),IEEE Computer Society,2002:49–63.
[76] P Ammann, D Wijesekera, S Kaushik. Scalable, Graph-Based NetworkVulnerability Analysis[C]. Proceedings of the9th ACM Conference onComputer and Communication Security, New York: ACM Press,2002:217-224.
[77] L. Wang, S. Noel, and S. Jajodia. Minimum-cost network hardeningusing attack graphs[J]. Computer Communications,2006,29(18):3812-3824.
[78] Li Wei. An Approach to Graph-Based Modeling of NetworkExploitations[D]. Department of Computer Science and Engineering,Mississippi State University,Mississippi State, Mississippi,2005.
[79] W Li, R Vaughn. Building Compact Exploitation Graphs for a ClusterComputing Environment[C]. Proceedings of the6th IEEE Systems, Manand Cybernetics Information Assurance Workshop, West Point, New York,IEEE SMC, IEEE Computer Society and National Security Agency,2005:50-57.
[80] W Li, and R Vaughn. Using Exploitation Graphs to Model NetworkExploitations[C].Symposium on Risk Management and Cyber-Informatics:Proceedings of the9th World Multi-Conference onSystemics,Cybernetics and Informatics, Orlando, Florida,International Institute of Informatics and Systemics,2005:404-409.
[81] W Li, R Vaughn. An Approach to Model Network ExploitationsUsingExploitation Graphs[C]. Military, Government, and AerospaceSimulation Symposium: Proceedings of the2005Spring SimulationMulticonference, San Diego, California,2005:237-244.
[82] Xinming Ou, Wayne F Boyer, Miles A. McQueen. A Scalable Approach toAttack Graph Generation[C]. Proceedings of the13th ACM conferenceon Computer and communications security,2006:336-345.
[83] Xinming Ou. A logic-programming approach to network securityanalysis[D].Princeton: Princeton University,2005.
[84] S Jajodia, S Noel, B O'Beny. Topological Analysis of Network AttackVulnerability[M]. Netherlands: Kluwer Academic Publisher,2003.
[85] P Eades, W Feng. Multilevel Visualization of Clustered Graphs[C].Proceedings of the Symposium on Graph Drawing,1996.
[86] A Buchsbaum, J Westbrook. Maintaining Hierarchical GraphViews[C].Proceedings of the11th ACM-SIAM Symposium on DiscreteAlgorithms,2000.
[87] M Raitner. HGV: A Library for Hierarchies, Graphs, and Views[C].Proceedings of the Symposium on Graph Drawing,2002.
[88] M Raitner. Maintaining Hierarchical Graph Views for DynamicGraphs[R]. University of Passau,2004.
[89] Noel S and S Jajodia. Managing attack graph complexity through visualhierarchical aggregation[C]. Proceedings of the2004ACM workshopon Visualization and data mining for computer security, New York,NY, USA,2004:109-118.
[90] Noel S, M Jacobs, P Kalapa, S Jajodia. Multiple coordinated viewsfor network attack graphs[C]. In IEEE Workshop on Visualization forComputer Security,2005.
[91] Williams, L, R. Lippmann, and K Ingols. An interactive attack graphcascade and reachability display[C]. In IEEE Workshop onVisualization for Computer Security,2007.
[92] Williams L, R Lippmann, K Ingols. Garnet: A graphical attack graphand reachability network evaluation tool[C]. In The5thInternational Workshop on Visualization for Cyber Security,2008.
[93] Homer J,X Ou. SAT-solving approaches to context-aware enterprisenetwork security management[C]. IEEE JSAC Special Issue on NetworkInfrastructure Conguration,2008.
[94] Homer J, A Varikuti, X Ou, and M A McQueen. Improving attack graphvisualization through data reduction and attack grouping[C]. In The5th International Workshop on Visualization for Cyber Security,2008.
[95] Homer J. A comprenhensive approach to enterprise network securitymanagment[D]. Kansas State University,2008.
[96] Dawkins J Hale. A System Approach to Multi-Stage Network AttackAnalysis. Proc the2nd IEEE International Information AssuranceWorkshop,Charlotte,NC,USA,2004.
[97]简大鹏,张冰,周渊,杨武,杨永田.一种深度优先的攻击图生成方法[J].吉林大学学报(工学版),2009,39(2):446-452.
[98]苘大鹏,周渊,杨武,杨永田.用于评估网络整体安全性的攻击图生成方法.通信学报,2009,30(3):1-5.
[99] Saha D. Extending logical attack graphs for efficient vulnerabilityanalysis[C].In Proceedings of the15th ACM conference on Computerand Communications Security,2008.
[100] Salim M, E Al-Shaer, L Khan. A novel quantitative approach formeasuring network security[C]. In INFOCOM2008Mini Conference,2008.
[101] Sawilla R,X. Ou. Googling attack graphs[R]. Defence R&D CanadaOttawa,2007.
[102] Vaibhav Mehta, Constantinos Bartzis. Ranking Attack Graphs[R].Zamboni and Kruegel:RAID2006, LNCS4219,2006
[103] Sawilla R,X Ou. Identifying critical attack assets in dependencyattack graphs[C]. In13th European Symposium on Research inComputer Security. Malaga, Spain,2008
[104]Page L, Brin S,Motwani R,et al. The PageRank Citation Ranking:Bringing Order to the Web[R]. Technical Report Stanford DigitalLibrary Technologies Project,1998
[105] Lingyu Wang, Anoop Singhal, Sushil Jajodia. Measuring the overallsecurity of network configurations using attack graphs[C]. Proc21st Annual IFIP WG11.3Working Conference on Data and ApplicationsSecurity,2007.
[106] Lingyu Wang, Anoop Singhal, Sushil Jajodia. Toward MeasuringNetwork Security Using Attack Graphs[C]. Proc3rd InternationalWorkshop on Quality of Protection,2007.
[107] Homer J, Ou XM, Schmidt D. A Sound and Practical Approach toQuantifying Security Risk in Enterprise Networks[R]. Kansas StateUniversity,2009.
[108] Frigault M, Wang LY. Measuring Network Security Using BayesianNetwork-Based Attack Graphs [C]. Proc The3rd IEEE InternationalWorkshop on Security, Trust, and Privacy for SoftwareApplications,2008:698-703.
[109] Frigault M,Wang LY, Singhal A, et al. Measuring network securityusing dynamic Bayesian network[C]. In Proc4th ACM Workshop onQuality of Protection,ACM Press,2008:23-30.
[110] S Noel, S Jajodia, B O’Berry, and M Jacobs. Efficient minimum-costnetwork hardening via exploit dependency graphs[C]. In Proceedingsof the19th Annual Computer Security Applications Conference,2003.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |