A Generation Method of Network Security Hardening Strategy Based on Attack Graphs

被引：2

作者：

Zhao, Chao ^{[1
]}

Wang, Huiqiang ^{[1
]}

Lin, Junyu ^{[1
]}

Lv, Hongwu ^{[1
]}

Zhang, Yushu ^{[1
]}

机构：

[1] Harbin Engn Univ, Coll Comp Sci & Technol, Harbin, Peoples R China

来源：

INTERNATIONAL JOURNAL OF WEB SERVICES RESEARCH | 2015年 / 12卷 / 01期

基金：

中国国家自然科学基金; 高等学校博士学科点专项科研基金;

关键词：

Attack Graph; Heuristic Algorithm; Network Security Hardening; Risk Assessment; Vulnerability;

D O I：

10.4018/IJWSR.2015010104

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Analyzing attack graphs can provide network security hardening strategies for administrators. Concerning the problems of high time complexity and costly hardening strategies in previous methods, a method for generating low cost network security hardening strategies is proposed based on attack graphs. The authors' method assesses risks of attack paths according to path length and the common vulnerability scoring system, limits search scope with a threshold to reduce the time complexity, and lowers cost of hardening strategies by using a heuristic algorithm. The experimental results show that the authors' method has good scalability, and significantly reduces cost of network security hardening strategies with reasonable running time.

引用

页码：45 / 61

页数：17

共 50 条

[1] A Heuristic Method of Attack Graph Analysis for Network Security Hardening
Zhao Chao
Wang Huiqiang
Guo Fangfang
Zhou Mo
Zhang Yushu
[J]. 2014 INTERNATIONAL CONFERENCE ON CYBER-ENABLED DISTRIBUTED COMPUTING AND KNOWLEDGE DISCOVERY (CYBERC), 2014, : 43 - 47
[2] A Minimum Cost of Network Hardening Model Based on Attack Graphs
Ma Jun-chun
Wang Yong-jun
Sun Ji-yin
Chen Shan
[J]. CEIS 2011, 2011, 15
[3] Game-Theoretic Algorithms for Optimal Network Security Hardening Using Attack Graphs
Durkota, Karel
Lisy, Viliam
Kiekintveld, Christopher
Bosansky, Branislav
[J]. PROCEEDINGS OF THE 2015 INTERNATIONAL CONFERENCE ON AUTONOMOUS AGENTS & MULTIAGENT SYSTEMS (AAMAS'15), 2015, : 1773 - 1774
[4] A Method Based on Global Attack Graph for Network Hardening
Man, Dapeng
Yang, Wu
Yang, Yongtian
[J]. 2008 4TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-31, 2008, : 4536 - 4539
[5] Applying Attack Graphs to Network Security Metric
Xie, Anming
Wen, Weiping
Zhang, Li
Hu, Jianbin
Chen, Zhong
[J]. MINES 2009: FIRST INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY, VOL 1, PROCEEDINGS, 2009, : 427 - +
[6] Network Security Evaluation Method via Attack Graphs and Fuzzy Cognitive Maps
Diamah, Aodah
Mohammadian, Masoud
Balachandran, Bala M.
[J]. INTELLIGENT DECISION TECHNOLOGIES (IDT'2012), VOL 2, 2012, 16 : 433 - 440
[7] Minimum-cost network hardening using attack graphs
Wang, Lingyu
Noel, Steven
Jajodia, Sushil
[J]. COMPUTER COMMUNICATIONS, 2006, 29 (18) : 3812 - 3824
[8] Generation method of power network security defense strategy based on Markov decision process
Yang, Wang
Dong, Liu
Dong, Wang
Chun, Xu
[J]. Distributed Generation and Alternative Energy Journal, 2021, 36 (03):
[9] PROV5GC: Hardening 5G Core Network Security with Attack Detection and Attribution Based on Provenance Graphs
Pacherkar, Harsh Sanjay
Yan, Guanhua
[J]. PROCEEDINGS OF THE 17TH ACM CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORKS, WISEC 2024, 2024, : 254 - 264
[10] GENERATING NETWORK ATTACK GRAPHS FOR SECURITY ALERT CORRELATION
Zhang, Shaojun
Li, Jianhua
Chen, Xiuzhen
Fan, Lei
[J]. 2008 THIRD INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA, VOLS 1-3, 2008, : 220 - 225

← 1 2 3 4 5 →