基于随机松弛优选策略的网络脆弱性弥补算法

赵光胜; 程庆丰; 孙永林

doi:10.11959/j.issn.1000-436x.2015027

您当前的位置：

首页 >

文章列表页 >

基于随机松弛优选策略的网络脆弱性弥补算法

学术通信 | 更新时间：2024-06-05

- 基于随机松弛优选策略的网络脆弱性弥补算法
- Minimum-cost network hardening algorithm based on stochastic loose optimize strategy
- 通信学报 2015年36卷第1期页码：237-245
- 作者机构：
  
  1. 解放军外国语学院语言工程系，河南洛阳 471003
  2. 国防科技大学计算机学院，湖南长沙 410073
- 作者简介：
  
  [ "赵光胜（1984-），男，河南濮阳人，硕士，解放军外国语学院讲师，主要研究方向为网络攻防、网络信息安全。" ]
  [ "程庆丰（1979-），男，辽宁朝阳人，博士，解放军外国语学院副教授，主要研究方向为密码学与信息安全。" ]
  [ "孙永林（1984-），男，陕西西安人，国防科技大学博士生，主要研究方向为网络安全、移动安全。" ]
- 基金信息：
  
  国家高技术研究发展计划(“863”计划)基金资助项目(2009AA01Z432);国家自然科学基金资助项目(60873215);国家自然科学基金资助项目(61003303);信息保障技术重点实验室开放基金资助项目(KJ-13-109)
- DOI：10.11959/j.issn.1000-436x.2015027
  中图分类号： TN915.08
- 网络出版日期：2015-01，
  
  纸质出版日期：2015-01-25
- 稿件说明：
移动端阅览
赵光胜, 程庆丰, 孙永林. 基于随机松弛优选策略的网络脆弱性弥补算法[J]. 通信学报, 2015,36(1):237-245.

Guang-sheng ZHAO, Qing-feng CHENG, Yong-lin SUN. Minimum-cost network hardening algorithm based on stochastic loose optimize strategy[J]. Journal on communications, 2015, 36(1): 237-245.
赵光胜, 程庆丰, 孙永林. 基于随机松弛优选策略的网络脆弱性弥补算法[J]. 通信学报, 2015,36(1):237-245. DOI： 10.11959/j.issn.1000-436x.2015027.

Guang-sheng ZHAO, Qing-feng CHENG, Yong-lin SUN. Minimum-cost network hardening algorithm based on stochastic loose optimize strategy[J]. Journal on communications, 2015, 36(1): 237-245. DOI： 10.11959/j.issn.1000-436x.2015027.

摘要

为了在大规模网络中构建代价最小的脆弱性弥补方案，提出了一种基于随机松弛优选策略的网络脆弱性弥补算法 (MCNHA-SLOS)，并分析了算法的有效性。MCNHA-SLOS 是一种近似最优算法，通过在全部弥补方案空间的一系列随机松弛子空间中进行迭代计算，使近似最优弥补方案必定落入低代价弥补方案空间中。实例分析和仿真结果表明，MCNHA-SLOS具有高效、精度可控、渐近最优等特点，能够应用于大规模网络环境。

Abstract

To construst a minimum-cost network hardening (MCNH) scheme in large-scale network

a stochastic loose optimize strategy based algorithm (MCNHA-SLOS) was proposed

and its effectiveness was analyzed.MCNHA-SLOS was a near-optimal approximation algorithm

which could achieve iterative computations in the array of sparse spaces of the whole plan space

so that the near-optimal scheme must exist in the low cost plan space.Instantiation analysis and experimental results show that the MCNHA-SLOS algorithm to be efficient

precision controllable and asymptotically optimal

and thus very applicable for large-scale network.

关键词

Keywords

references

JHA S , SHEYNER O , WING J M . Two formal analyses of attack graphs [A ] . Proceedings of 15th IEEE Computer Security Foundations Workshop [C ] . 2002 .

NOEL S , JAJODIA S , O'BERRY B , JACOBS M , et al . Efficient minimum-cost network hardening via exploit dependency graphs [A ] . Proceedings of 19th Annual Computer Security Applications Conference [C ] . 2003 . 86 - 95 .

WANG L Y , NOEL S , JAJODIA S . Minimum-cost network hardening using attack graphs [J ] . Computer Communications , 2006 , 29 ( 18 ): 3812 - 3824 .

HOMER J , , et al . From Attack Graphs to Automated Configuration Management-An Iterative Approach [R ] . Kansas State University Technical Report , 2008 .

SI J Q , ZHANG B , MAN D P , et al . Approach to making strategies for network security enhancement based on attack graphs [J ] . Journal on Commurtications , 2009 , 30 ( 2 ): 123 - 128 .

CHEN F , WANG L Y , SU J S . An efficient approach to minimum-cost network hardening using attack graphs [A ] . Proceedings of the 4th International Conference on Information Assurance and Security [C ] . 2008 . 209 - 212 .

CHEN F , ZHANG Y , SU J S , et al . Two formal analyses of attack graphs [J ] . Journal of Software , 2010 , 21 ( 4 ): 838 - 848 .

CHEN F . A Hierarchical Network Security Risk Evaluation Approach Based on Multi-goal Attack Graph [D ] . National University of Defense Technology , 2008 .

ALBANESE M , JAJODIA S , NOEL S . Time-efficient and cost- effective network hardening using attack graphs [A ] . Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) [C ] . 2012 . 1 - 12 .

DIAMAH A , MOHAMMADIA M , BALACHANDRAN B . Network security evaluation method via attack graphs and fuzzy cognitive maps [J ] . Intelligent Decision Technologies , 2012 , 16 : 433 - 440 .

SWILER L P , PHILLIPS C , ELLIS D , et al . Computer-attack graph generation tool [A ] . Proceedings of DARPA Information Survivability Conference ＆Exposition II [C ] . 2001 . 307 - 321 .

SHEYNER O , HAINES J , JHA S , et al . Automated generation and analysis of attack graphes [A ] . Proceedings of IEEE Symposium on Security and Privacy [C ] . 2002 . 273 - 284 .

SHEYNER O . Scenario Graphs and Attack Graphs [D ] . Carnegie Mellon University , 2004 .

AMMANN P , WIJESEKERA D , KAUSHIK S . Scalable,graph-based network vulnerability analysis [A ] . Proceedings of the 9th ACM Conference on Computer and Communications Security [C ] . 2002 . 217 - 224 .

LIPPMANN R P , et al . An Annotated Review of Past Papers on Attack Graphs [R ] . MIT Lincoln Laboratory , 2005 .

LIPPMANN R P , INGOLS K W , SCOTT C , et al . Evaluating and Strengthening Enterprise Network Security Using Attack Graphs [R ] . ESC-TR-2005-064,MIT Lincoln Laboratory , 2005 .

OU X M , GOVINDAVAJHALA S , APPEL A W . MulVAL:a logic-based network security analyzer [A ] . Proceedings of 14th USENIX Security Symposium [C ] . 2005 , 8 .

OU X M , BOYER W F , MCQUEEN M A . A scalable approach to attack graph generation [A ] . Proceedings of 13th ACM conference on Computer and Communications Security [C ] . 2006 . 336 - 345 .

CHEN F , TU R , ZHANG Y , et al . Two scalable approaches to analyzing network security using compact attack graphs [A ] . Proceedings of International Symposium on Information Engineering and Electronic Commerce [C ] . 2009 . 90 - 94 .

CHEN F , SUN J S , HAN W B . AI planning-based approach of attack graph generation [J ] . Journal of PLA University of Science and Technology , 2008 , 9 ( 5 ): 460 - 465 .

MAN D P , ZHOU Y , YANG W , et al . Method to generate attack graphs for assessing the overall security of networks [J ] . Journal on Commurtications , 2009 , 30 ( 3 ): 1 - 5 .

HOMER J , VARIKUTI A , OU XM , et al . Improving attack graph visualization through data reduction and attack grouping [A ] . Proceedings of 5th International Workshop on Visualization for Cyber Security [C ] . 2008 . 68 - 79 .

HARBORT Z , LOUTHAN G , HALE J , et al . Techniques for attack graph visualization and interaction [A ] . Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research [C ] . 2011 .

ALHOMIDI M A , REED M J . Attack graphs representations [A ] . Proceedings of 4th Computer Science and Electronic Engineering Conference (CEEC) [C ] . 2012 . 83 - 88 .

浏览量

486

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于贝叶斯攻击图的SDN入侵意图识别算法的研究

基于吸收马尔可夫链攻击图的网络攻击分析方法研究

基于攻击图的主机安全评估方法

基于贝叶斯攻击图的网络入侵意图分析模型

攻击图技术应用研究综述