关键词: 脆弱性评估, 评估指标, 贝叶斯网络, 量化评估

Abstract: Network vulnerability evaluation is a hot topic of network security research. In this paper we analyze and compare the existing network security model and quantitative assessment methods. Considering all the security-related factors of network in vulnerability evaluation, we propose a set of evaluation metrics that includes reliability parameters of network, criticality parameters of network, lowest degree minimal path set and lowest degree minimal cut set .We also propose a new method of quantitative assessment based on Bayesian network. Finally we give an example to simulate the net-attack using SPIN and validate vulnerability evaluation indices and methods. The result shows that the method and the evaluation indices could evaluate and reflect the security state of network successfully.