A Generation Method of Network Security Hardening Strategy Based on Attack Graphs

被引：2

作者：

Zhao, Chao ^{[1
]}

Wang, Huiqiang ^{[1
]}

Lin, Junyu ^{[1
]}

Lv, Hongwu ^{[1
]}

Zhang, Yushu ^{[1
]}

机构：

[1] Harbin Engn Univ, Coll Comp Sci & Technol, Harbin, Peoples R China

来源：

INTERNATIONAL JOURNAL OF WEB SERVICES RESEARCH | 2015年 / 12卷 / 01期

基金：

高等学校博士学科点专项科研基金; 中国国家自然科学基金;

关键词：

Attack Graph; Heuristic Algorithm; Network Security Hardening; Risk Assessment; Vulnerability;

D O I：

10.4018/IJWSR.2015010104

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Analyzing attack graphs can provide network security hardening strategies for administrators. Concerning the problems of high time complexity and costly hardening strategies in previous methods, a method for generating low cost network security hardening strategies is proposed based on attack graphs. The authors' method assesses risks of attack paths according to path length and the common vulnerability scoring system, limits search scope with a threshold to reduce the time complexity, and lowers cost of hardening strategies by using a heuristic algorithm. The experimental results show that the authors' method has good scalability, and significantly reduces cost of network security hardening strategies with reasonable running time.

引用

页码：45 / 61

页数：17

共 50 条

[21] Measuring the overall security of network configurations using attack graphs
Wang, Lingyu
Singhal, Anoop
Jajodia, Sushil
[J]. DATA AND APPLICATIONS SECURITY XXI, PROCEEDINGS, 2007, 4602 : 98 - +
[22] Evaluating Network Security With Two-layer Attack Graphs
Xie, Anming
Cai, Zhuhua
Tang, Cong
Hu, Jianbin
Chen, Zhong
[J]. 25TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, 2009, : 127 - +
[23] A Multi-Objective Approach for Security Hardening and Probabilistic Vulnerability Assessment on Attack Graphs
Bardhan, Shuvo
[J]. 2022 IEEE 46TH ANNUAL COMPUTERS, SOFTWARE, AND APPLICATIONS CONFERENCE (COMPSAC 2022), 2022, : 726 - 735
[24] A Network Security Situation Assessment Method Based On Attack Intention Perception
Kou Guang
Tang Guangming
Ding Xia
Wang Shuo
Wang Kun
[J]. 2016 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATIONS (ICCC), 2016, : 1138 - 1142
[25] Computer network security evaluation method based on improved attack graph
Li, Zhaocui
Liu, Huichuan
Wu, Chunyan
[J]. Journal of Cyber Security Technology, 2022, 6 (04) : 201 - 215
[26] Network Security Situation Evaluation Method Based on Attack Intention Recognition
Wang Kun
Qiu Hui
Yang Haopu
Hou Di
[J]. PROCEEDINGS OF 2015 4TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT 2015), 2015, : 919 - 924
[27] Research on attack graph generation for network security situation
College of Computer Science and Technology Harbin Engineering University, Harbin, China
不详
[J]. Adv. Intell. Sys. Comput., (1147-1154):
[28] Attack Graph Generation with Machine Learning for Network Security
Koo, Kijong
Moon, Daesung
Huh, Jun-Ho
Jung, Se-Hoon
Lee, Hansung
[J]. ELECTRONICS, 2022, 11 (09)
[29] An Efficient Approach to Minimum-Cost Network Hardening Using Attack Graphs
Chen, Feng
Wang, Lingyu
Su, Jinshu
[J]. FOURTH INTERNATIONAL SYMPOSIUM ON INFORMATION ASSURANCE AND SECURITY, PROCEEDINGS, 2008, : 209 - +
[30] Security Assessment of Computer Networks Based on Attack Graphs and Security Events
Kotenko, Igor
Doynikova, Elena
[J]. INFORMATION AND COMMUNICATION TECHNOLOGY, 2014, 8407 : 462 - 471

← 1 2 3 4 5 →