期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于模拟攻击的高校网络安全风险评估研究 被引量:7

Research for the Risk Assessment of University Network Security Based on Simulated Attack
在线阅读 下载PDF
导出
摘要 针对高校网络目前存在的安全风险,提出一种新型的基于模拟攻击的高校网络安全风险评估模型。该模型综合考虑了单机脆弱性和网络攻击威胁,首先结合原有基于单机脆弱性测出的风险值,模拟攻击者利用网络弱点的入侵过程,产生攻击状态图;然后基于生成的攻击状态图和原有风险值,识别攻击者入侵网络所利用的攻击行为、可能路线及导致的安全状态变化,评估潜在威胁的位置;并对新方法的风险值给出了定量分析,从而为针对性地实施风险控制决策提供更准确的依据。实验结果表明,该模型是正确的,并且平均要比目前存在的风险评估模型多发现大约50%的安全风险。由此可以看出,本模型方法的评估结论较传统方法更为准确。 For the existing network security risks, this paper provides a novel network security risk assessment model based on simulated attack, which comprehensively considers the vulnerabilities of single computer and network attack menace. Firstly, the model uses the assessment value based on the vulnerabilities of single computer to simulate the intrusion process of attacker using the network weakness initially and produce the attack state chart. Secondly, the model identifies the attack behaviors, the possible attack line, the change of security state and the location of potential threat according to the attack state chart and the initial assessment value. Finally, the paper gives the quantitative analysis on the new assessment value by the new method, and provides a more accurate basis for the implement on risk control decision pointedly. The experimental results show that this model is correct, and can find out about more 50% security risk than the existing risk assessment models averagely. It means that the assessment results estimated by the model designed in this paper are more accurate than the traditional methods.
作者 史姣丽
机构地区 九江学院信息科学与技术学院
出处 《计算机工程与科学》 CSCD 北大核心 2012年第12期51-55,共5页 Computer Engineering & Science
关键词 高校网络安全 模拟攻击 风险评估 university network security simulated attack risk assessment
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1张永铮,方滨兴,迟悦,云晓春.用于评估网络信息系统的风险传播模型[J].软件学报,2007,18(1):137-145. 被引量:76
  • 2Ariri S,Qu G Z,Dharmagadda T.Impact Analysis of Faults and Attacks in Large-Scale Networks[J].IEEE Security&Privacy,2010,1(5):49-54.
  • 3陆琳琳,马鑫.一种基于移动代理的网络安全联合风险评估系统模型[J].计算机工程与科学,2010,32(5):26-29. 被引量:2
  • 4Rtalo R,Deswarte Y,Kaaniche M.Experimenting with Quantita-tive Evaluation Tools for Monitoring Operational Security[J].IEEE Transactions on Software Engineering,2009,25(5):633-650.
  • 5Li T.An Immunity Based Network Security Risk Estimation[J].Science in China Series E-Information Sciences,2009,35(8):798-816.
  • 6Wales E.Vulnerability Assessment Tools[J].Network Secu-rity,2009(7):15-17.
  • 7Yau S,Zhang X.Computer Network Intrusion Detection As-sessment and Prevention Based on Security Dependency Rela-tion[C]∥Proc of the23rd Annual International Computer Software&Applications Conference,2009:86-91.
  • 8Biswas G,Debelak A,Kawamura K.Applications of Qualita-tive Modeling to Knowledge-Based Risk Assessment Studies[C]∥Proc of the2nd International Conference on Industrial and Engineering Applications of Artificial Intelligence and Expert Systems,2008:92-101.
  • 9Strutt J,Patrick,Custance N.A Risk Assessment Method-ology for Security Advisors[C]∥Proc of the29th IEEE An-nual International Carnahan Conference on Security Tech-nology,2009:225-229.
  • 10Bruce L.Managed Vulnerability Assessment(MVA)-Improve Security by Understanding Your Own Vulnerabilities[J].Network Security,2010,3(4):8-9.

二级参考文献12

共引文献76

同被引文献25

引证文献7

二级引证文献13

计算机工程与科学
2012年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部