资源说明:Abstract—Attack graphs play important roles in analyzing
network security vulnerabilities, and previous works have provided
meaningful conclusions on the generation and security
measurement of attack graphs. However, it is still hard for us to
understand attack graphs in a large network, and few suggestions
have been proposed to prevent inside malicious attackers from
attacking networks. To address these problems, we propose a
novel approach to generate and describe attack graphs. Firstly,
we construct a two-layer attack graph, where the upper layer
is a hosts access graph and the lower layer is composed of
some host-pair attack graphs. Compared with previous works,
our attack graph has simpler structures, and reaches the best
upper bound of computation cost in O(N2). Furthermore, we
introduce the adjacency matrix to efficiently evaluate network
security, with overall evaluation results presented by gray scale
images vividly. Thirdly, by applying prospective damage and
important weight factors on key hosts with crucial resources,
we can create prioritized lists of potential threatening hosts and
stepping stones, both of which can help network administrators
to harden network security. Analysis on computation cost shows
that the upper bound computation cost of our measurement
methodology is O(N3), which could also be completed in real
time. Finally, we give some examples to show how to put our
methods in practice.
本源码包内暂不包含可直接显示的源代码文件,请下载源码包。