关键词: 攻击图, 有效攻击路径, 最大可达概率, 可信度

Abstract:

Attack graph is a modelbased vulnerability analysis technology. It may automatically analyze the interrelation among vulnerabilities in the network and the potential threat resulting from the vulnerabilities，which is one of problems the quantitative vulnerability assessment must solve. This paper proposes a novel quantitative vulnerability assessment method based on attributebased attack graphs. First attributebased attack graphs and valid attack paths are formally described， and maximal reachable probability is adopted to measure the vulnerability of the key attribute set of the target network. An algorithm for computing maximal reachable probability is presented to solve the problem of loop attack paths. Finally， because some data may not be obtained in practical assessment，the conception of creditability is introduced to measure the impact of absent data on the result.

Key words: attack graph, valid attack path, maximal reachable probability, creditability