基于攻击图的网络安全风险计算研究
|
摘要
当前,随着计算机技术和网络通信技术的飞速发展,以互联网为代表的计算机网络应用日趋广泛与深入。探寻科学、合理、实用的网络安全风险计算方法已成为网络安全领域研究的热点,并取得了大量的研究成果,但是由于网络安全风险计算的复杂性,现有研究仍然面临诸多挑战。
针对传统网络安全风险计算方法的不足,本文重点研究基于攻击图的网络安全风险计算方法。本文将网络安全风险计算对象界定为传统计算方法不能适用的网络攻击造成的安全风险,并在此基础上提出了网络安全计算模型和基于攻击图的网络安全风险计算框架AG-SRC,阐述了计算过程所包含的计算阶段以及计算流程,并深入研究了该框架所涉及的各项关键技术。
首先,采用AGML建模语言形式化描述漏洞知识库和目标环境,在深入研究开放漏洞数据库和CAPEC分类方法的基础上,提出了攻击模式的提取方法和攻击模式的分类方法,从而有效支持了大规模目标网络的攻击图的自动构建。
其次,通过深入分析传统构建算法的不足和目标环境的特点,本文提出了目标环境的预处理技术,为目标环境中的属性建立索引,然后利用攻击模式的实例化技术构建攻击图;通过对该算法的时间复杂度分析和模拟实验验证,表明该算法具有良好的可扩展性,能够为具有复杂网络拓扑结构的大规模目标网络构建攻击图。
再次,通过分析攻击图中循环路径的特点,提出了最大可达概率计算算法和累计概率计算算法,成功地解决了在计算攻击图中各节点被攻击者成功到达的概率时,因为循环路径导致的重复计算问题,并从不同的角度表示节点被攻击者成功到达的可能性;通过深入分析攻击图中节点间的相关性对计算节点被攻击者成功到达的累计概率产生的影响,提出了节点间的独立假定;通过对这两种概率计算算法的时间复杂度分析和模拟实验验证,表明这两种算法具有良好的可扩展性,能够高效地计算大规模复杂攻击图中各个节点被攻击者成功到达的概率。
最后,提出了基于攻击图的网络安全风险计算方法,它利用攻击图有效地识别目标网络面临的潜在威胁,以资产的重要性、主机的重要性、威胁发生的概率和威胁产生的后果为基础数据,按照我们制定的风险计算指标体系从底层向上层层聚合,最后计算出主机的风险指数和网络的风险指数,并利用风险邻接矩阵从更细的粒度展示了主机面临的安全风险;按照不同的威胁发生的概率类型和威胁对资产不同安全属性的破坏程度,我们将风险分类,按照粒度的大小从不同的角度来刻画目标网络面临的风险。
总之,通过对基于攻击图的网络安全风险计算中关键技术的深入研究,不仅有效支撑和完善了基于攻击图的网络安全风险计算方法,也对攻击图技术的完善和发展起到了积极推动作用。
At present, with the rapid development of computer technology and networkcommunication technology, the application of computer network represented by internetis used more and more widely and deeply. Seeking for the scientific, reasonable, andpractical network security risk computation method has become a hotspot in networksecurity areas, and has achieved great results, but because of the complexity of thenetwork security risk computation, the existed researches still face many challenges.
According to the shortcomings of the traditional methods, this paper focuses on theresearch on network security risk computation approach based on attack graphs. In thispaper, the object of the network security risk computation is defined as security riskcaused by network attack which is cannot be applied to the traditional computationmethods. Furthermore, a hierarchical network security risk computation frameworkbased on attack graphs AG-SRC is developed, which involves the computation stagesand computation process. In addition, the study goes further in the key technologiescorresponding to the computation stages.
Firstly, the modeling language AGML is designed to formally describe the modelsof the given network environment and vulnerability knowledge base. The methods ofextraction and classification for attack patterns are put forward to model the attacker’sability on the basis of the study of the open vulnerability database and vulnerabilityclassification of CAPEC, which effectively support to build attack graphs for the actuallarge-scale network system automatically.
Secondly, a pretreatment technology for network environment is proposed tosustain the novel attack graphs generation algorithm, through the in-depth analysis ofthe models’ features of the network environment and the limitation of previousalgorithms. The facts in network environment are indexed by this pretreatmenttechnology, and then attack graphs are generated by instantiating the attack patterns.Moreover, the algorithm’s scalability is explored by analyzing the time complexity andcomputing simulated networks. The experimental result shows the algorithm could beapplied to the large network system.
Thirdly, through the analysis of the features of the cyclic paths in attack graphs,maximum reachable probability algorithm and cumulative probability algorithm areproposed to successfully solve the problem of probabilistic re-computing in computingthe probability of nodes in attack graphs, and the likelihood of nodes are showed fromthe perspective of different perspective; The independence assumption between nodes isproposed, through the in-depth analysis of the affect for computing probability of nodescaused by shared dependencies in nodes; Moreover, these two algorithms’ scalability isexplored by analyzing the time complexity and computing simulated networks. The experimental result shows the algorithms could be applied to the large attack graphs.
Finally, a network security risk computation approach based on attack graphs isproposed, which utilizes attack graphs to identify the potential threats, and make use ofthe basic data such as importance of asset, importance of host, threats occurrenceprobability and threats impact, and then compute host risk index and network risk indexfrom the bottom to the top according to the risk index system, and use risk adjacencymatrix to show the more granular security risk suffered by the host; Risk is classifiedaccording to different type of threats occurrence probability and threats impact, and riskfaced by the network is characterized from different granularity and perspective.
In a word, the above study of the key technologies not only supports thedevelopment of the network security risk computation approach based on attack graphsAG-SRC, but also plays a crucial role in promoting the improvement and developmentof the attack graphs technology.
针对传统网络安全风险计算方法的不足,本文重点研究基于攻击图的网络安全风险计算方法。本文将网络安全风险计算对象界定为传统计算方法不能适用的网络攻击造成的安全风险,并在此基础上提出了网络安全计算模型和基于攻击图的网络安全风险计算框架AG-SRC,阐述了计算过程所包含的计算阶段以及计算流程,并深入研究了该框架所涉及的各项关键技术。
首先,采用AGML建模语言形式化描述漏洞知识库和目标环境,在深入研究开放漏洞数据库和CAPEC分类方法的基础上,提出了攻击模式的提取方法和攻击模式的分类方法,从而有效支持了大规模目标网络的攻击图的自动构建。
其次,通过深入分析传统构建算法的不足和目标环境的特点,本文提出了目标环境的预处理技术,为目标环境中的属性建立索引,然后利用攻击模式的实例化技术构建攻击图;通过对该算法的时间复杂度分析和模拟实验验证,表明该算法具有良好的可扩展性,能够为具有复杂网络拓扑结构的大规模目标网络构建攻击图。
再次,通过分析攻击图中循环路径的特点,提出了最大可达概率计算算法和累计概率计算算法,成功地解决了在计算攻击图中各节点被攻击者成功到达的概率时,因为循环路径导致的重复计算问题,并从不同的角度表示节点被攻击者成功到达的可能性;通过深入分析攻击图中节点间的相关性对计算节点被攻击者成功到达的累计概率产生的影响,提出了节点间的独立假定;通过对这两种概率计算算法的时间复杂度分析和模拟实验验证,表明这两种算法具有良好的可扩展性,能够高效地计算大规模复杂攻击图中各个节点被攻击者成功到达的概率。
最后,提出了基于攻击图的网络安全风险计算方法,它利用攻击图有效地识别目标网络面临的潜在威胁,以资产的重要性、主机的重要性、威胁发生的概率和威胁产生的后果为基础数据,按照我们制定的风险计算指标体系从底层向上层层聚合,最后计算出主机的风险指数和网络的风险指数,并利用风险邻接矩阵从更细的粒度展示了主机面临的安全风险;按照不同的威胁发生的概率类型和威胁对资产不同安全属性的破坏程度,我们将风险分类,按照粒度的大小从不同的角度来刻画目标网络面临的风险。
总之,通过对基于攻击图的网络安全风险计算中关键技术的深入研究,不仅有效支撑和完善了基于攻击图的网络安全风险计算方法,也对攻击图技术的完善和发展起到了积极推动作用。
At present, with the rapid development of computer technology and networkcommunication technology, the application of computer network represented by internetis used more and more widely and deeply. Seeking for the scientific, reasonable, andpractical network security risk computation method has become a hotspot in networksecurity areas, and has achieved great results, but because of the complexity of thenetwork security risk computation, the existed researches still face many challenges.
According to the shortcomings of the traditional methods, this paper focuses on theresearch on network security risk computation approach based on attack graphs. In thispaper, the object of the network security risk computation is defined as security riskcaused by network attack which is cannot be applied to the traditional computationmethods. Furthermore, a hierarchical network security risk computation frameworkbased on attack graphs AG-SRC is developed, which involves the computation stagesand computation process. In addition, the study goes further in the key technologiescorresponding to the computation stages.
Firstly, the modeling language AGML is designed to formally describe the modelsof the given network environment and vulnerability knowledge base. The methods ofextraction and classification for attack patterns are put forward to model the attacker’sability on the basis of the study of the open vulnerability database and vulnerabilityclassification of CAPEC, which effectively support to build attack graphs for the actuallarge-scale network system automatically.
Secondly, a pretreatment technology for network environment is proposed tosustain the novel attack graphs generation algorithm, through the in-depth analysis ofthe models’ features of the network environment and the limitation of previousalgorithms. The facts in network environment are indexed by this pretreatmenttechnology, and then attack graphs are generated by instantiating the attack patterns.Moreover, the algorithm’s scalability is explored by analyzing the time complexity andcomputing simulated networks. The experimental result shows the algorithm could beapplied to the large network system.
Thirdly, through the analysis of the features of the cyclic paths in attack graphs,maximum reachable probability algorithm and cumulative probability algorithm areproposed to successfully solve the problem of probabilistic re-computing in computingthe probability of nodes in attack graphs, and the likelihood of nodes are showed fromthe perspective of different perspective; The independence assumption between nodes isproposed, through the in-depth analysis of the affect for computing probability of nodescaused by shared dependencies in nodes; Moreover, these two algorithms’ scalability isexplored by analyzing the time complexity and computing simulated networks. The experimental result shows the algorithms could be applied to the large attack graphs.
Finally, a network security risk computation approach based on attack graphs isproposed, which utilizes attack graphs to identify the potential threats, and make use ofthe basic data such as importance of asset, importance of host, threats occurrenceprobability and threats impact, and then compute host risk index and network risk indexfrom the bottom to the top according to the risk index system, and use risk adjacencymatrix to show the more granular security risk suffered by the host; Risk is classifiedaccording to different type of threats occurrence probability and threats impact, and riskfaced by the network is characterized from different granularity and perspective.
In a word, the above study of the key technologies not only supports thedevelopment of the network security risk computation approach based on attack graphsAG-SRC, but also plays a crucial role in promoting the improvement and developmentof the attack graphs technology.
引文
[1] CNNIC.第28次中国互联网络发展状况统计报告[EB/OL].http://www.cnnic.net.cn/dtygg/dtgg/201107/t20110719_22132.html,2011.
[2] CNCERT/CC.2009年网络安全工作报告[EB/OL].http://www.cert.org.cn/UserFiles/File/CNCERTCC2009AnnualReport_Chinese.pdf,2009.
[3] J. Michener. System Insecurity in the Internet Age[M]. IEEE Software,1999,16(4):62-69.
[4] CNCERT/CC. CNCERTCC Annual Report[EB/OL]. http://www.cert.org.cn/,2004.
[5] NVD. CVE and CCE Statistics Query[EB/OL].http://web.nvd.nist.gov/view/vuln/statistics,2011.
[6] W. R. Cheswick, S. M. Bellovin. Firewalls and Internet Security: Repelling theWily Hacker[R]. Addison-Wesley,1994
[7] CERT/CC. CERT/CC Statistics1988-2005[EB/OL].http://www.cert.org/stats/cert_stats.html,2005.
[8] C. J. Alberts. OCTAVE Method Implementation Guide V2.0[R]. Pittsburgh, PA:Software Engineering Institute, Carnegie Mellon University,2001.
[9] Defense USA Department Of. Trusted Computer System EvaluationCriteria[S].DoD-5200.28-STD. DoD,1985.
[10] Communities Office for Official Publications of European. ITSEC.Information Technology System Evaluation Criteria Version1.2[S],1991.
[11] Board Common Criteria Editing. Common Criteria of Information TechnologySecurity Evaluation[S],1998.
[12] Canadian Trusted Computer Product Evaluation Criteria. CTCPEC.Communications Security Establishment Canada[S],1993.
[13] ISO/IEC15408.Information technology-Security techniques-EvaluationCriteria for IT Security-Part1: Introduction and general model[S],1998.
[14] ISO/IEC15408-1:1999Information technology-Security techniques–Evaluation criteria for IT security–Part1: Introduction and general model[S],1999.
[15] ISO/IEC TR13335-1. Information Technology-Guidelines for theManagement of IT Security-Part I: Concepts and models of IT Security[S],1997.
[16] ISO/IEC TR13335-2. Information Technology-Guidelines for theManagement of IT Security-Part I: Managing and Planning IT Security[S],1998.
[17] ISO/IEC TR13335-3. Information Technology-Guidelines for theManagement of IT Security-Part I: Techniques for the Management of ITSecurity[S],1998.
[18] ISO/IEC TR13335-4. Information Technology-Guidelines for theManagement of IT Security-Part I: Selections of Safeguards[S],2000.
[19] ISO/IEC TR13335-5. Information Technology-Guidelines for theManagement of IT Security-Part I: Management guidance on NetworkSecurity[S],2001.
[20] ISO/IEC TR13335-1. Information Technology-Guidelines for theManagement of IT Security-Part I: Management guidance on NetworkSecurity[S],2004.
[21] GB/T18336-2001.信息技术安全技术信息技术信息安全评估准则[S],2001.
[22] GB/T18336.3-2001.信息技术安全技术信息技术信息安全评估准则第3部分:安全保证要求[S].中华人民共和国国家标准,2001.
[23] GB/T18336.2-2001.信息技术安全技术信息技术信息安全评估准则第2部分:安全功能要求[S].中华人民共和国国家标准,2001.
[24] GB/T18336.1-2001.信息技术安全技术信息技术信息安全评估准则第1部分:简介和一般模型[S].中华人民共和国国家标准,2001.
[25] GB/T19716-2005.信息技术信息安全管理实用规则[S].中华人民共和国国家标准,2005.
[26] GB/T19715.1-2005.信息技术IT安全管理指南第1部分:IT安全概念和模型[S].中华人民共和国国家标准,2005.
[27] GB/T19715.2-2005.信息技术IT安全管理指南第2部分:管理和规划IT安全[S].中华人民共和国国家标准,2005.
[28] GB/T22080-2008.信息技术安全技术信息安全管理体系要求[S].中华人民共和国国家标准,2008.
[29] GB/T22081-2008.信息技术安全技术信息安全管理实用规则[S].中华人民共和国国家标准,2008.
[30] Wright. Third Generation Risk Management Practice. Computer fraud andsecurity[M]. Elsevier,1992,2:9-12.
[31] Y Haimes. Risk Modeling, Assessment, and Management,3rd Edition[M].Wiley Series in Systems Engineering, New York,1998.
[32] Hoffman L.J. Computer Security Risk Analysis. New Risks: Issues andManagement[M]. Plenum Press, New York,1990:371-377.
[33] Tregear J. Risk Assessment[R]. Information Security Technical Report,2001,6(3):19-27.
[34] Davies Gareth. Risk Analysis Generations-The evolution of Risk Analysis[EB/OL]. http://csweb.rau.ac.za/deth/research/article_page.htm,1999.
[35] S. P. Bennett M. P. Kailay. An Application of Qualitative Risk Analysis toComputer Security for the Commercial Sector[R]. Information SecurityTechnical Report,2001,6(3):28-36.
[36] Cramm. A Practitioner's View ofCRAMM[EB/OL].http://www.gammassl.co.uk/,2011.
[37] K Wu, T Zhang. Research on Active Controllable Defense Model Based onZero-PDR Model[C]. Proceedings of the3rd International Symposium onIntelligent Information Technology and Security Informatics,2010:572-575.
[38] KANG Song-Lin, SUN Yong-Xin. Application of Dynamic Defense Model toMilitary Networks.Computer Systems&Applications,2010,19(3):146-149
[39] Li Yonghua. The Design and Realization of Qinghai Province's MeteorologicalScientific Data Sharing System[C]. Information Technology and Applications(IFITA),2010International Forum on,2010:126-129.
[40]曹芳.电力行业管理信息系统网络安全的研究[D].昆明理工大学,2003.
[41] Yan Zhuang. Network Security Construction for University Libraries Based onWPDRRC[J].Journal of Modern Information,2010,(02):92-95.
[42] M. Bishop, D. Bailey. A Critical Analysis of Vulnerability Taxonomies[R].Tech. Rep. CSE-96-11, Department of Computer Science at the University ofCalifornia at Davis,1996.
[43] I. Krsul. Software Vulnerability Analysis[D]. Department of Computer Science,Purdue University, West Lafayette, USA,1998.
[44]汪立东.操作系统安全评估与审计增强[D].哈尔滨工业大学,2002.
[45]邢栩嘉,林闯,蒋屹新.计算机系统脆弱性评估研究[J].计算机学报,2004,27(1):1-11.
[46] D. J. Bodeau, F. N. Chase and S. G. Kass. ANSSR: ATool for Risk Analysis ofNetworked Systems[C]. Proceedings of the13th National Computer SecurityConference, Washington, US,1990:687-696.
[47] NeVO. Passive Vulnerability Sensor[EB/OL].www.tenablesecurity.com/products/nevo.shtml,2011.
[48] W. Erhard, M. M. Gutzmann, H. M. Libati. Network Traffic Analysis andSecurity Monitoring with Unimon[C]. Proceedings of the IEEE Conference onHigh Performance Switching and Routing, Heidelberg, Germany,2000:439-446.
[49] S. Jajodia, S. Noel, B. O’Berry. Topological Analysis of Network AttackVulnerability[J]. Managing Cyber Threats: Issues, Approaches andChallenges, Springer,2005:248-266.
[50]郎良,张玉清,高有行等.漏洞检测与主动防御系统模型的研究与实现[J].计算机工程.2004,30(13):38-40.
[51] H. S. Venter, J. H. P. Eloff. Vulnerability Forecasting-AConceptual Model[J].Computers&Security,2004(23):489-497.
[52]洪宏,张玉清,胡予濮等.网络安全扫描技术研究[J].计算机工程,2004,30(10):54-56
[53]戴瑞恩,罗平,彭小宁.一种新型数据库安全扫描系统[J].计算机应用研究,2005,22(3):122-124.
[54] B. Skaggs, B. Blackburn, G. Manes. Network Vulnerability Analysis[C].Proceedings of IEEE45th Midwest Symposium on Circuits and Systems, Tulsa,Oklahoma, US,2002, Vol.3:493-495.
[55] D. Farmer, E. H. Spafford. The Cops Security Checker System[R]. TechnicalReport CSD-TR-993, Department of Computer Sciences, Purdue University,1991.
[56] J. L. Lerida, S. M. Grackzyr, A. Vina. Detecting Security Vulnerabilities inRemote TCP/IP Networks: An Approach Using Security Scanners[C].Proceedings of IEEE33rd Annual International Carnahan Conference onSecurity Technology, Madrid, Spain,1999:446-460.
[57] Internet Security Systems. System Scanner[EB/OL]. http://www.iss.net,2011.
[58] Nessus. Remote Security Scanner[EB/OL]. http://www.nessus.org,2011.
[59] L. P. Swiler, C. Phillips, and T. Gaylo. A Graph-Based Network-VulnerabilityAnalysis System[R]. Technical Report SAND97-3010/1, Sandia NationalLaboratories, New Mexico and Livermore, California,1998.
[60] O. Sheyner, S. Jha, J. M. Wing, R. P. Lippmann, and J. Haines. AutomatedGeneration and Analysis of Attack Graphs[C]. Proceedings of2002IEEESymposium on Security and Privacy, Oakland, California,2002.
[61] O.Sheyner. Scenario Graphs and Attack Graphs [D]. Carnegie MellonUniversity,2004.
[62] S. Jha,O. Sheyner,and J. Wing. Two Formal Analyses of Attack Graphs[C].Proceedings of15th IEEE Computer Security Foundations Workshop(CSFW’15), Cape Breton, Nova Scotia, Canada,2002:49–63.
[63] L. Wang, S. Noel, and S. Jajodia. Minimum-cost Network Hardening UsingAttack Graphs[J]. Computer Communications,2006,29(18):3812-3824.
[64] P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, Graph-Based NetworkVulnerability Analysis[C]. Proceedings of the9th ACM Conference onComputer and Communications Security, New York,2002:217-224.
[65] L. P. Swiler, C. Phillips, D. Ellis. Computer-Attack Graph Generation Tool[C].Proceedings of the2nd DARPA Information Survivability Conference&Exposition, LosAlamitos, California,2001, vol.11:307-321.
[66] R. W. Ritchey and P. Ammann. Using Model Checking to Analyze NetworkVulnerabilities[C]. Proceedings of2000IEEE Computer Society Symposiumon Security and Privacy, Oakland, California,2000:156–165.
[67]张海霞,苏璞睿,冯登国.基于攻击能力增长的网络安全分析模型[J].计算机研究与发展,2007,44(12):1225-1227.
[68] Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. AScalable Approach toAttack Graph Generation[C]. Proceedings of the13th ACM conference onComputer and communications security,2006:336-345.
[69] Xinming Ou. A Logic-programming Approach to Network SecurityAnalysis[D]. Princeton, Princeton University,2005.
[70]冯萍慧,连一峰,戴英侠,鲍旭华.基于可靠性理论的分布式系统脆弱性模型[J].软件学报,2006,17(7):1633-1640.
[71] R. Ritchey, B. O'Berry, and S. Noel. Representing TCP/IP Connectivity forTopological Analysis of Network Security[C]. Proceedings of the18th AnnualComputer SecurityApplications Conference, Las Vegas, Nevada,2002.
[72] Zakeri, R. Jalili, R.Shahriari, H.R. Abolhassani, H. Using Description Logicsfor Network Vulnerability Analysis[C]. Networking International Conferenceon Systems and International Conference on Mobile Communications andLearning Technologies, IEEE Computer Society,2006:78-78.
[73] Feng Cheng, Sebastian Roschke. An Integrated Network Scanning Tool forAttack Graph Construction[C].Proceedings of the6th international conferenceonAdvances in grid and pervasive computing, Oulu, Finland,2011:138-147.
[74] S. Templeton and K. Levitt. A Requires/Provides Model for ComputerAttacks[C]. Proceedings of the2000Workshop on New Security Paradigms,New York,2001.
[75] F. Cuppens and R. Ortalo. LAMBDA: A Language to Model a Database forDetection of Attacks[J]. Recent Advances in Intrusion Detection (RAID)2000,Lecture Notes in Computer Science1907, Berlin, Springer Verlag,2001.
[76] S. Cheung, U. Lindqvist, and M. Fong. Modeling Multistep Cyber Attacks forScenario Recognition[C]. Proceedings of the Third DARPA InformationSurvivability Conference and Exposition,2003, vol.1:284-292.
[77] L. Wang, C. Yao, A. Singhal, and S. Jajodia. Interactive Analysis of AttackGraphs Using Relational Queries[C]. Proceedings of20th IFIP WG11.3Working Conference on Data and Applications Security,2006:119–132.
[78] Li Wei. An Approach to Graph-Based Modeling of Network Exploitations[D].Department of Computer Science and Engineering, Mississippi StateUniversity, Mississippi State, Mississippi,2005.
[79] Moore, A.P.Ellison. Attack Modeling for Information Security andSurvivability[D]. Pittsburgh, Camegie Mellon University,2001.
[80] CAPEC. CAPEC Reports[EB/OL]. http://capec.mitre.org/,2011.
[81] Hong Chen, Ninghui Li. Towards Analyzing Complex Operating SystemAccess Control Configurations[C].Proceeding of the15th ACM symposium onAccess control models and technologies, Pittsburgh, USA,2010:13-22.
[82] B. Somak, S.K. Ghosh. An Artificial Intelligence Based Approach for RiskManagement Using Attack Graph[C]. International Conference onComputational Intelligence and Security,2007:794-798.
[83] K. Ingols, R. Lippmann. Practical Attack Graph Generation for NetworkDefense[C]. Computer SecurityApplications Conference,2006:121-130.
[84]陈锋.基于多目标攻击图的层次化网络安全风险评估方法研究[D].长沙:国防科技大学,2009.
[85] Junchun Ma, Yongjun Wang. A Scalable, Bidirectional-Based Search Strategyto Generate Attack Graphs[C]. Proceeding of the10th IEEE InternationalConference on Computer and Information Technology, Bradford, UK,2010:2976-2981.
[86] Homer, J. and X. Ou. SAT-solving Approaches to Context-aware EnterpriseNetwork Security Management[C]. IEEE JSAC Special Issue on NetworkInfrastructure Conguration,2008.
[87] Homer, J., A. Varikuti, X. Ou, and M. A. McQueen. Improving Attack GraphVisualization Through Data Reduction and Attack Grouping[C]. Proceedingsof the5th International Workshop on Visualization for Cyber Security(VizSEC),2008.
[88] Homer, J. A Comprenhensive Approach to Enterprise Network SecurityManagment[D]. Kansas State University,2008.
[89] Noel, S. and S. Jajodia. Managing Attack Graph Complexity Through VisualHierarchical Aggregation[C]. Proceedings of the2004ACM workshop onVisualization and data mining for computer security, New York, NY, USA,2004:109-118.
[90] Noel, S., M. Jacobs, P. Kalapa, and S. Jajodia. Multiple Coordinated Views forNetwork Attack Graphs[C]. In IEEE Workshop on Visualization for ComputerSecurity (VizSEC2005),2005.
[91] Pengsu Cheng, Lingyu Wang. Compressing Attack Graphs Through ReferenceEncoding[C]. Proceeding of the10th IEEE International Conference onComputer and Information Technology (CIT), Bradford, UK,2010:1026–1031.
[92] NOEL S, JAJODIA S. Understanding Complex Network Attack Graphsthrough Clustered Adjacency Matrices[C]. Proceedings of the21st AnnualComputer Security Applications Conference(ACSAC), Tucson, USA,2005:160-169.
[93] Lingyu Wang, Anoop Singhal, Sushil Jajodia. Measuring the Overall Securityof Network Configurations Using Attack Graphs[C]. Proc.21st Annual IFIPWG11.3Working Conference on Data and Applications Security (DBSec2007),2007, Vol.4602:98-112.
[94] Lingyu Wang, Anoop Singhal, Sushil Jajodia. Toward Measuring NetworkSecurity Using Attack Graphs[C]. Proceedings of the3rd InternationalWorkshop on Quality of Protection (QoP2007),2007:49-54.
[95] Saha, D. Extending Logical Attack Graphs for Efficient VulnerabilityAnalysis[C]. Proceedings of the15th ACM conference on Computer andCommunications Security (CCS),2008.
[96] Salim, M., E. Al-Shaer, and L. Khan. A Novel Quantitative Approach forMeasuring Network Security[C]. In INFOCOM2008Mini Conference,2008.
[97] Sawilla, R. and X. Ou. Googling attack graphs[R]. Technical report, Defence R&D Canada Ottawa,2007.
[98] Vaibhav Mehta, Constantinos Bartzis, Haifeng Zhu, Edmund M. Clarke,Jeannette M. Wing. Ranking Attack Graphs[C]. RAID,2006:127-144.
[99] Sawilla, R. and X. Ou. Identifying Critical Attack Assets in Dependency AttackGraphs[C]. In13th European Symposium on Research in Computer Security.(ESORICS), Malaga, Spain,2008.
[100] Steven Noel, Sushil Jajodia. Measuring Security Risk of Networks UsingAttack Graphs[J]. International Journal of Next-Generation Computing,2010,1(1):135-147.
[101] Mahdi Abadi, Saeed Jalili. A Particle Swarm Optimization Algorithm forMinimization Analysis of Cost-Sensitive Attack Graphs[J].The ISC Int'lJournal of Information Security,2010,2(1):13-32.
[102] Kijsanayothin, P. Hewett, R. Analytical Approach to Attack Graph Analysis forNetwork Security[C].Proceeding of the6th IEEE International Conference onAvailability, Reliability and Security, Prague, Czech,2010:25-32.
[103] Teodor Sommestad, Mathias Ekstedt. Cyber Security Risks Assessment withBayesian Defense Graphs and Architectural Models[C].Proceeding of the42thHawaii International Conference on System Sciences, Hawaii, USA,2009:1-10.
[104] Feng Chen, Dehui Liu. A Scalable Approach to Analyzing Network Securityusing Compact Attack Graphs[J]. Journal of Networks,2010,5(5):543-550.
[105]施锋,吴秋峰.网络多层拓扑发现算法的分析[J].网络信息技术,2004,23(3):30-32.
[106] Siamwalla R, Sharma R, Keshav S. Discovering Internet Topology[C].Proceedings of IEEE INFOCOM,1999.
[107] Breitbhart Y, Garofalakis M, Martin C.Topology Discovery in IPHeterogeneous Networks[C]. Proceedings of IEEE INFOCOM,2000.
[108]王志刚,王汝传等.网络拓扑发现算法的研究[J].通信学报,2004,25(8):36-43.
[109]熊坤,寇晓蕤,范元书等.网络拓扑发现算法定性分析[J].计算机工程与应用,2004,(14):136-137.
[110] Lowekamp B, Hallaron D R, Gross T R. Topology Discovery for LargeEthernet Network[C]. Proceedings of SIGCOMM,2001.
[111]高福祥,刘莹,尚敏.一种基于SNMP协议的网络拓扑发现算法[C].中国控制与决策学术年会论文集,2006.
[112]刘振山,徐孟春,程玮玮.基于SNMP协议的网络拓扑结构发现[J].信息工程大学学报,2003.
[113]刘亚莉,孙亚民.基于SNMP的网络拓扑结构自动发现研究[J].微型机与应用,2004.
[114] Graphviz. Graphviz-Graph Visualization Software[EB/OL].http://www.graphviz.org/,2011.
[115] Sushil Jajodia, Steven Noel. Topological Vulnerability Analysis[J]. Advancesin Information Security,2010,46(4):139-154.
[116]石进,郭山清等.一种基于攻击图的入侵响应方法[J].软件学报,2008,19(10):2746-2753.
[117] WANG L Y, TANIA I. An Attack Graph-Based Probabilistic SecurityMetric[C]. In:22nd Annual IFIP WG11.3Working Conference on Data andApplications Security (DBSec), London, UK,2008:283-296.
[118] HOMER J, OU X M, SCHMIDT D. A Sound and Practical Approach toQuantifying Security Risk in Enterprise Networks[R]. Technical report, KansasState University,2009.
[119] FRIGAULT M, WANG L. Measuring Network Security Using BayesianNetwork-based Attack Graphs[C]. Proceedings of the3rd IEEE InternationalWorkshop on Security, Trust, and Privacy for Software Applications. Turku,Finland,2008:698-703.
[120] FRIGAULT M, WANG L. Measuring Network Security Using DynamicBayesian Network[C]. Proceedings of the4th ACM Workshop on Quality ofProtection. Alexandria VA, USA,2008:23-30.
[121] CHAKRABARTI D, PAPADIMITRIOU S, MODHA D. Fully AutomaticCross-Associations[C]. Proceedings of the10th ACM International Conferenceon Knowledge Discovery and Data Mining(SIGKDD), Washington, USA,2004:79-88.
[122] Matthew Chu, Kyle Ingols, Richard Lippmann. Visualizing Attack Graphs,Reachability, and Trust Relationships with NAVIGATOR[C]. Proceedings ofthe7th International Symposium on Visualization for CyberSecurity(VizSec2010), Ottawa, Canada,2010:22-33.
[2] CNCERT/CC.2009年网络安全工作报告[EB/OL].http://www.cert.org.cn/UserFiles/File/CNCERTCC2009AnnualReport_Chinese.pdf,2009.
[3] J. Michener. System Insecurity in the Internet Age[M]. IEEE Software,1999,16(4):62-69.
[4] CNCERT/CC. CNCERTCC Annual Report[EB/OL]. http://www.cert.org.cn/,2004.
[5] NVD. CVE and CCE Statistics Query[EB/OL].http://web.nvd.nist.gov/view/vuln/statistics,2011.
[6] W. R. Cheswick, S. M. Bellovin. Firewalls and Internet Security: Repelling theWily Hacker[R]. Addison-Wesley,1994
[7] CERT/CC. CERT/CC Statistics1988-2005[EB/OL].http://www.cert.org/stats/cert_stats.html,2005.
[8] C. J. Alberts. OCTAVE Method Implementation Guide V2.0[R]. Pittsburgh, PA:Software Engineering Institute, Carnegie Mellon University,2001.
[9] Defense USA Department Of. Trusted Computer System EvaluationCriteria[S].DoD-5200.28-STD. DoD,1985.
[10] Communities Office for Official Publications of European. ITSEC.Information Technology System Evaluation Criteria Version1.2[S],1991.
[11] Board Common Criteria Editing. Common Criteria of Information TechnologySecurity Evaluation[S],1998.
[12] Canadian Trusted Computer Product Evaluation Criteria. CTCPEC.Communications Security Establishment Canada[S],1993.
[13] ISO/IEC15408.Information technology-Security techniques-EvaluationCriteria for IT Security-Part1: Introduction and general model[S],1998.
[14] ISO/IEC15408-1:1999Information technology-Security techniques–Evaluation criteria for IT security–Part1: Introduction and general model[S],1999.
[15] ISO/IEC TR13335-1. Information Technology-Guidelines for theManagement of IT Security-Part I: Concepts and models of IT Security[S],1997.
[16] ISO/IEC TR13335-2. Information Technology-Guidelines for theManagement of IT Security-Part I: Managing and Planning IT Security[S],1998.
[17] ISO/IEC TR13335-3. Information Technology-Guidelines for theManagement of IT Security-Part I: Techniques for the Management of ITSecurity[S],1998.
[18] ISO/IEC TR13335-4. Information Technology-Guidelines for theManagement of IT Security-Part I: Selections of Safeguards[S],2000.
[19] ISO/IEC TR13335-5. Information Technology-Guidelines for theManagement of IT Security-Part I: Management guidance on NetworkSecurity[S],2001.
[20] ISO/IEC TR13335-1. Information Technology-Guidelines for theManagement of IT Security-Part I: Management guidance on NetworkSecurity[S],2004.
[21] GB/T18336-2001.信息技术安全技术信息技术信息安全评估准则[S],2001.
[22] GB/T18336.3-2001.信息技术安全技术信息技术信息安全评估准则第3部分:安全保证要求[S].中华人民共和国国家标准,2001.
[23] GB/T18336.2-2001.信息技术安全技术信息技术信息安全评估准则第2部分:安全功能要求[S].中华人民共和国国家标准,2001.
[24] GB/T18336.1-2001.信息技术安全技术信息技术信息安全评估准则第1部分:简介和一般模型[S].中华人民共和国国家标准,2001.
[25] GB/T19716-2005.信息技术信息安全管理实用规则[S].中华人民共和国国家标准,2005.
[26] GB/T19715.1-2005.信息技术IT安全管理指南第1部分:IT安全概念和模型[S].中华人民共和国国家标准,2005.
[27] GB/T19715.2-2005.信息技术IT安全管理指南第2部分:管理和规划IT安全[S].中华人民共和国国家标准,2005.
[28] GB/T22080-2008.信息技术安全技术信息安全管理体系要求[S].中华人民共和国国家标准,2008.
[29] GB/T22081-2008.信息技术安全技术信息安全管理实用规则[S].中华人民共和国国家标准,2008.
[30] Wright. Third Generation Risk Management Practice. Computer fraud andsecurity[M]. Elsevier,1992,2:9-12.
[31] Y Haimes. Risk Modeling, Assessment, and Management,3rd Edition[M].Wiley Series in Systems Engineering, New York,1998.
[32] Hoffman L.J. Computer Security Risk Analysis. New Risks: Issues andManagement[M]. Plenum Press, New York,1990:371-377.
[33] Tregear J. Risk Assessment[R]. Information Security Technical Report,2001,6(3):19-27.
[34] Davies Gareth. Risk Analysis Generations-The evolution of Risk Analysis[EB/OL]. http://csweb.rau.ac.za/deth/research/article_page.htm,1999.
[35] S. P. Bennett M. P. Kailay. An Application of Qualitative Risk Analysis toComputer Security for the Commercial Sector[R]. Information SecurityTechnical Report,2001,6(3):28-36.
[36] Cramm. A Practitioner's View ofCRAMM[EB/OL].http://www.gammassl.co.uk/,2011.
[37] K Wu, T Zhang. Research on Active Controllable Defense Model Based onZero-PDR Model[C]. Proceedings of the3rd International Symposium onIntelligent Information Technology and Security Informatics,2010:572-575.
[38] KANG Song-Lin, SUN Yong-Xin. Application of Dynamic Defense Model toMilitary Networks.Computer Systems&Applications,2010,19(3):146-149
[39] Li Yonghua. The Design and Realization of Qinghai Province's MeteorologicalScientific Data Sharing System[C]. Information Technology and Applications(IFITA),2010International Forum on,2010:126-129.
[40]曹芳.电力行业管理信息系统网络安全的研究[D].昆明理工大学,2003.
[41] Yan Zhuang. Network Security Construction for University Libraries Based onWPDRRC[J].Journal of Modern Information,2010,(02):92-95.
[42] M. Bishop, D. Bailey. A Critical Analysis of Vulnerability Taxonomies[R].Tech. Rep. CSE-96-11, Department of Computer Science at the University ofCalifornia at Davis,1996.
[43] I. Krsul. Software Vulnerability Analysis[D]. Department of Computer Science,Purdue University, West Lafayette, USA,1998.
[44]汪立东.操作系统安全评估与审计增强[D].哈尔滨工业大学,2002.
[45]邢栩嘉,林闯,蒋屹新.计算机系统脆弱性评估研究[J].计算机学报,2004,27(1):1-11.
[46] D. J. Bodeau, F. N. Chase and S. G. Kass. ANSSR: ATool for Risk Analysis ofNetworked Systems[C]. Proceedings of the13th National Computer SecurityConference, Washington, US,1990:687-696.
[47] NeVO. Passive Vulnerability Sensor[EB/OL].www.tenablesecurity.com/products/nevo.shtml,2011.
[48] W. Erhard, M. M. Gutzmann, H. M. Libati. Network Traffic Analysis andSecurity Monitoring with Unimon[C]. Proceedings of the IEEE Conference onHigh Performance Switching and Routing, Heidelberg, Germany,2000:439-446.
[49] S. Jajodia, S. Noel, B. O’Berry. Topological Analysis of Network AttackVulnerability[J]. Managing Cyber Threats: Issues, Approaches andChallenges, Springer,2005:248-266.
[50]郎良,张玉清,高有行等.漏洞检测与主动防御系统模型的研究与实现[J].计算机工程.2004,30(13):38-40.
[51] H. S. Venter, J. H. P. Eloff. Vulnerability Forecasting-AConceptual Model[J].Computers&Security,2004(23):489-497.
[52]洪宏,张玉清,胡予濮等.网络安全扫描技术研究[J].计算机工程,2004,30(10):54-56
[53]戴瑞恩,罗平,彭小宁.一种新型数据库安全扫描系统[J].计算机应用研究,2005,22(3):122-124.
[54] B. Skaggs, B. Blackburn, G. Manes. Network Vulnerability Analysis[C].Proceedings of IEEE45th Midwest Symposium on Circuits and Systems, Tulsa,Oklahoma, US,2002, Vol.3:493-495.
[55] D. Farmer, E. H. Spafford. The Cops Security Checker System[R]. TechnicalReport CSD-TR-993, Department of Computer Sciences, Purdue University,1991.
[56] J. L. Lerida, S. M. Grackzyr, A. Vina. Detecting Security Vulnerabilities inRemote TCP/IP Networks: An Approach Using Security Scanners[C].Proceedings of IEEE33rd Annual International Carnahan Conference onSecurity Technology, Madrid, Spain,1999:446-460.
[57] Internet Security Systems. System Scanner[EB/OL]. http://www.iss.net,2011.
[58] Nessus. Remote Security Scanner[EB/OL]. http://www.nessus.org,2011.
[59] L. P. Swiler, C. Phillips, and T. Gaylo. A Graph-Based Network-VulnerabilityAnalysis System[R]. Technical Report SAND97-3010/1, Sandia NationalLaboratories, New Mexico and Livermore, California,1998.
[60] O. Sheyner, S. Jha, J. M. Wing, R. P. Lippmann, and J. Haines. AutomatedGeneration and Analysis of Attack Graphs[C]. Proceedings of2002IEEESymposium on Security and Privacy, Oakland, California,2002.
[61] O.Sheyner. Scenario Graphs and Attack Graphs [D]. Carnegie MellonUniversity,2004.
[62] S. Jha,O. Sheyner,and J. Wing. Two Formal Analyses of Attack Graphs[C].Proceedings of15th IEEE Computer Security Foundations Workshop(CSFW’15), Cape Breton, Nova Scotia, Canada,2002:49–63.
[63] L. Wang, S. Noel, and S. Jajodia. Minimum-cost Network Hardening UsingAttack Graphs[J]. Computer Communications,2006,29(18):3812-3824.
[64] P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, Graph-Based NetworkVulnerability Analysis[C]. Proceedings of the9th ACM Conference onComputer and Communications Security, New York,2002:217-224.
[65] L. P. Swiler, C. Phillips, D. Ellis. Computer-Attack Graph Generation Tool[C].Proceedings of the2nd DARPA Information Survivability Conference&Exposition, LosAlamitos, California,2001, vol.11:307-321.
[66] R. W. Ritchey and P. Ammann. Using Model Checking to Analyze NetworkVulnerabilities[C]. Proceedings of2000IEEE Computer Society Symposiumon Security and Privacy, Oakland, California,2000:156–165.
[67]张海霞,苏璞睿,冯登国.基于攻击能力增长的网络安全分析模型[J].计算机研究与发展,2007,44(12):1225-1227.
[68] Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. AScalable Approach toAttack Graph Generation[C]. Proceedings of the13th ACM conference onComputer and communications security,2006:336-345.
[69] Xinming Ou. A Logic-programming Approach to Network SecurityAnalysis[D]. Princeton, Princeton University,2005.
[70]冯萍慧,连一峰,戴英侠,鲍旭华.基于可靠性理论的分布式系统脆弱性模型[J].软件学报,2006,17(7):1633-1640.
[71] R. Ritchey, B. O'Berry, and S. Noel. Representing TCP/IP Connectivity forTopological Analysis of Network Security[C]. Proceedings of the18th AnnualComputer SecurityApplications Conference, Las Vegas, Nevada,2002.
[72] Zakeri, R. Jalili, R.Shahriari, H.R. Abolhassani, H. Using Description Logicsfor Network Vulnerability Analysis[C]. Networking International Conferenceon Systems and International Conference on Mobile Communications andLearning Technologies, IEEE Computer Society,2006:78-78.
[73] Feng Cheng, Sebastian Roschke. An Integrated Network Scanning Tool forAttack Graph Construction[C].Proceedings of the6th international conferenceonAdvances in grid and pervasive computing, Oulu, Finland,2011:138-147.
[74] S. Templeton and K. Levitt. A Requires/Provides Model for ComputerAttacks[C]. Proceedings of the2000Workshop on New Security Paradigms,New York,2001.
[75] F. Cuppens and R. Ortalo. LAMBDA: A Language to Model a Database forDetection of Attacks[J]. Recent Advances in Intrusion Detection (RAID)2000,Lecture Notes in Computer Science1907, Berlin, Springer Verlag,2001.
[76] S. Cheung, U. Lindqvist, and M. Fong. Modeling Multistep Cyber Attacks forScenario Recognition[C]. Proceedings of the Third DARPA InformationSurvivability Conference and Exposition,2003, vol.1:284-292.
[77] L. Wang, C. Yao, A. Singhal, and S. Jajodia. Interactive Analysis of AttackGraphs Using Relational Queries[C]. Proceedings of20th IFIP WG11.3Working Conference on Data and Applications Security,2006:119–132.
[78] Li Wei. An Approach to Graph-Based Modeling of Network Exploitations[D].Department of Computer Science and Engineering, Mississippi StateUniversity, Mississippi State, Mississippi,2005.
[79] Moore, A.P.Ellison. Attack Modeling for Information Security andSurvivability[D]. Pittsburgh, Camegie Mellon University,2001.
[80] CAPEC. CAPEC Reports[EB/OL]. http://capec.mitre.org/,2011.
[81] Hong Chen, Ninghui Li. Towards Analyzing Complex Operating SystemAccess Control Configurations[C].Proceeding of the15th ACM symposium onAccess control models and technologies, Pittsburgh, USA,2010:13-22.
[82] B. Somak, S.K. Ghosh. An Artificial Intelligence Based Approach for RiskManagement Using Attack Graph[C]. International Conference onComputational Intelligence and Security,2007:794-798.
[83] K. Ingols, R. Lippmann. Practical Attack Graph Generation for NetworkDefense[C]. Computer SecurityApplications Conference,2006:121-130.
[84]陈锋.基于多目标攻击图的层次化网络安全风险评估方法研究[D].长沙:国防科技大学,2009.
[85] Junchun Ma, Yongjun Wang. A Scalable, Bidirectional-Based Search Strategyto Generate Attack Graphs[C]. Proceeding of the10th IEEE InternationalConference on Computer and Information Technology, Bradford, UK,2010:2976-2981.
[86] Homer, J. and X. Ou. SAT-solving Approaches to Context-aware EnterpriseNetwork Security Management[C]. IEEE JSAC Special Issue on NetworkInfrastructure Conguration,2008.
[87] Homer, J., A. Varikuti, X. Ou, and M. A. McQueen. Improving Attack GraphVisualization Through Data Reduction and Attack Grouping[C]. Proceedingsof the5th International Workshop on Visualization for Cyber Security(VizSEC),2008.
[88] Homer, J. A Comprenhensive Approach to Enterprise Network SecurityManagment[D]. Kansas State University,2008.
[89] Noel, S. and S. Jajodia. Managing Attack Graph Complexity Through VisualHierarchical Aggregation[C]. Proceedings of the2004ACM workshop onVisualization and data mining for computer security, New York, NY, USA,2004:109-118.
[90] Noel, S., M. Jacobs, P. Kalapa, and S. Jajodia. Multiple Coordinated Views forNetwork Attack Graphs[C]. In IEEE Workshop on Visualization for ComputerSecurity (VizSEC2005),2005.
[91] Pengsu Cheng, Lingyu Wang. Compressing Attack Graphs Through ReferenceEncoding[C]. Proceeding of the10th IEEE International Conference onComputer and Information Technology (CIT), Bradford, UK,2010:1026–1031.
[92] NOEL S, JAJODIA S. Understanding Complex Network Attack Graphsthrough Clustered Adjacency Matrices[C]. Proceedings of the21st AnnualComputer Security Applications Conference(ACSAC), Tucson, USA,2005:160-169.
[93] Lingyu Wang, Anoop Singhal, Sushil Jajodia. Measuring the Overall Securityof Network Configurations Using Attack Graphs[C]. Proc.21st Annual IFIPWG11.3Working Conference on Data and Applications Security (DBSec2007),2007, Vol.4602:98-112.
[94] Lingyu Wang, Anoop Singhal, Sushil Jajodia. Toward Measuring NetworkSecurity Using Attack Graphs[C]. Proceedings of the3rd InternationalWorkshop on Quality of Protection (QoP2007),2007:49-54.
[95] Saha, D. Extending Logical Attack Graphs for Efficient VulnerabilityAnalysis[C]. Proceedings of the15th ACM conference on Computer andCommunications Security (CCS),2008.
[96] Salim, M., E. Al-Shaer, and L. Khan. A Novel Quantitative Approach forMeasuring Network Security[C]. In INFOCOM2008Mini Conference,2008.
[97] Sawilla, R. and X. Ou. Googling attack graphs[R]. Technical report, Defence R&D Canada Ottawa,2007.
[98] Vaibhav Mehta, Constantinos Bartzis, Haifeng Zhu, Edmund M. Clarke,Jeannette M. Wing. Ranking Attack Graphs[C]. RAID,2006:127-144.
[99] Sawilla, R. and X. Ou. Identifying Critical Attack Assets in Dependency AttackGraphs[C]. In13th European Symposium on Research in Computer Security.(ESORICS), Malaga, Spain,2008.
[100] Steven Noel, Sushil Jajodia. Measuring Security Risk of Networks UsingAttack Graphs[J]. International Journal of Next-Generation Computing,2010,1(1):135-147.
[101] Mahdi Abadi, Saeed Jalili. A Particle Swarm Optimization Algorithm forMinimization Analysis of Cost-Sensitive Attack Graphs[J].The ISC Int'lJournal of Information Security,2010,2(1):13-32.
[102] Kijsanayothin, P. Hewett, R. Analytical Approach to Attack Graph Analysis forNetwork Security[C].Proceeding of the6th IEEE International Conference onAvailability, Reliability and Security, Prague, Czech,2010:25-32.
[103] Teodor Sommestad, Mathias Ekstedt. Cyber Security Risks Assessment withBayesian Defense Graphs and Architectural Models[C].Proceeding of the42thHawaii International Conference on System Sciences, Hawaii, USA,2009:1-10.
[104] Feng Chen, Dehui Liu. A Scalable Approach to Analyzing Network Securityusing Compact Attack Graphs[J]. Journal of Networks,2010,5(5):543-550.
[105]施锋,吴秋峰.网络多层拓扑发现算法的分析[J].网络信息技术,2004,23(3):30-32.
[106] Siamwalla R, Sharma R, Keshav S. Discovering Internet Topology[C].Proceedings of IEEE INFOCOM,1999.
[107] Breitbhart Y, Garofalakis M, Martin C.Topology Discovery in IPHeterogeneous Networks[C]. Proceedings of IEEE INFOCOM,2000.
[108]王志刚,王汝传等.网络拓扑发现算法的研究[J].通信学报,2004,25(8):36-43.
[109]熊坤,寇晓蕤,范元书等.网络拓扑发现算法定性分析[J].计算机工程与应用,2004,(14):136-137.
[110] Lowekamp B, Hallaron D R, Gross T R. Topology Discovery for LargeEthernet Network[C]. Proceedings of SIGCOMM,2001.
[111]高福祥,刘莹,尚敏.一种基于SNMP协议的网络拓扑发现算法[C].中国控制与决策学术年会论文集,2006.
[112]刘振山,徐孟春,程玮玮.基于SNMP协议的网络拓扑结构发现[J].信息工程大学学报,2003.
[113]刘亚莉,孙亚民.基于SNMP的网络拓扑结构自动发现研究[J].微型机与应用,2004.
[114] Graphviz. Graphviz-Graph Visualization Software[EB/OL].http://www.graphviz.org/,2011.
[115] Sushil Jajodia, Steven Noel. Topological Vulnerability Analysis[J]. Advancesin Information Security,2010,46(4):139-154.
[116]石进,郭山清等.一种基于攻击图的入侵响应方法[J].软件学报,2008,19(10):2746-2753.
[117] WANG L Y, TANIA I. An Attack Graph-Based Probabilistic SecurityMetric[C]. In:22nd Annual IFIP WG11.3Working Conference on Data andApplications Security (DBSec), London, UK,2008:283-296.
[118] HOMER J, OU X M, SCHMIDT D. A Sound and Practical Approach toQuantifying Security Risk in Enterprise Networks[R]. Technical report, KansasState University,2009.
[119] FRIGAULT M, WANG L. Measuring Network Security Using BayesianNetwork-based Attack Graphs[C]. Proceedings of the3rd IEEE InternationalWorkshop on Security, Trust, and Privacy for Software Applications. Turku,Finland,2008:698-703.
[120] FRIGAULT M, WANG L. Measuring Network Security Using DynamicBayesian Network[C]. Proceedings of the4th ACM Workshop on Quality ofProtection. Alexandria VA, USA,2008:23-30.
[121] CHAKRABARTI D, PAPADIMITRIOU S, MODHA D. Fully AutomaticCross-Associations[C]. Proceedings of the10th ACM International Conferenceon Knowledge Discovery and Data Mining(SIGKDD), Washington, USA,2004:79-88.
[122] Matthew Chu, Kyle Ingols, Richard Lippmann. Visualizing Attack Graphs,Reachability, and Trust Relationships with NAVIGATOR[C]. Proceedings ofthe7th International Symposium on Visualization for CyberSecurity(VizSec2010), Ottawa, Canada,2010:22-33.