欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2012, Vol. 29 ›› Issue (4): 529-535.DOI: 10.7523/j.issn.2095-6134.2012.4.015

• 计算机科学 • 上一篇    下一篇

基于网络中心性的计算机网络脆弱性评估方法

贾炜1,2,3, 冯登国2, 连一峰2,3   

  1. 1. 中国科学技术大学电子工程与信息科学系, 合肥 230026;
    2. 中国科学院软件研究所信息安全 国家重点实验室, 北京 100190;
    3. 信息安全共性技术国家工程研究中心, 北京 100080
  • 收稿日期:2011-04-15 修回日期:2011-06-07 发布日期:2012-07-15
  • 通讯作者: 贾炜
  • 基金资助:
    国家高技术研究发展计划(863) (2009AA01Z439)资助

Network-vulnerability evaluation method based on network centrality

JIA Wei1,2,3, FENG Deng-Guo2, LIAN Yi-Feng2,3   

  1. 1. Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230026, China;
    2. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
    3. National Engineering Research Center for Information Security, Beijing 100080, China
  • Received:2011-04-15 Revised:2011-06-07 Published:2012-07-15

摘要: 提出一种基于网络中心性的计算机网络脆弱性评估方法. 首先基于通用脆弱性评分系统,对攻击者利用脆弱性攻击所花费的代价进行量化评估,根据评估结果对脆弱性攻击图进行最小攻击代价路径分析. 引入网络中心性理论,采用攻击图节点的介数和节点连通度相结合的方法,对攻击图的节点关键程度进行量化分析,判断对网络安全产生关键影响的脆弱性,为计算机网络的安全优化提供依据.

关键词: 脆弱性, 脆弱性攻击图, 网络中心性, 介数, 攻击代价

Abstract: We propose a method based on network centrality to evaluate the vulnerabilities of computer networks. We evaluate the attack costs based on CVSS and analyze the minimum attack cost routes by using the quantitative results. Then, we present a new network centrality method which combines betweenness with degree-theory to analyze the importance of the nodes in attack graph. The method helps us to find the key vulnerabilities which have great effect on network security and to enhance the network security.

Key words: vulnerability, vulnerabilities attack graph, network centrality, betweenness, attack cost

中图分类号: