A Method of Generating the MultiTargets Attack Graphs Based on Greedy Policies

doi:10.3969/j.issn.1007130X.2010.

J4 ›› 2010, Vol. 32 ›› Issue (6): 22-25.doi: 10.3969/j.issn.1007130X.2010.

• 论文 • Previous Articles Next Articles

A Method of Generating the MultiTargets Attack Graphs Based on Greedy Policies

ZHU Ming1，YIN Jianping1，CHENG Jieren1,2，LIU Qiang1，LIN Jiarun1

(1.School of Computer Science，National University of Defense Technology，Changsha 410073；
2.Xiangnan University，Chenzhou 423000，China)

Received:2009-11-15 Revised:2010-02-09 Online:2010-06-01 Published:2010-06-01

Abstract

Abstract:

In order to avoid the combination of states occurred in the generation of attack graphs while analyzing network vulnerabilities and to make the attack graphs available for analyzing the multitargets’ vulnerabilities, a new method of generating attack graphs based on greedy policies is proposed. The method introduces the network node correlations, uses greedy policies to reduce the amount of vulnerabilities, chooses the attack routes that allow attackers to gain network node priority with the greatest potential and generate the attack graphs with those attack routes. The algorithm analysis and the experimental results show that the cost of time and space of the method is the polynomial level of the network node number and the network node correlation number, which means it has solved the problem of the great combination of states effectively. The attack graph it generates covers all network nodes that attackers can access, so the method can be used to analyze the multitargets’ vulnerabilities.

Key words: network vulnerability analysis;network node correlation;multitargets attack graph;greedy policy

CLC Number:

TP393.08

ZHU Ming1，YIN Jianping1，CHENG Jieren1,2，LIU Qiang1，LIN Jiarun1. A Method of Generating the MultiTargets Attack Graphs Based on Greedy Policies[J]. J4, 2010, 32(6): 22-25.

[1]	LIN Jiarun1，YIN Jianping1，CHENG Jieren1，2，LONG Jun1，ZHU Ming1. Research on the MultiSensor Data Fusion Technology for Network Security [J]. J4, 2010, 32(6): 30-33.
[2]	SHEN Xueli,ZHANG Jisuo. Reserch of Intrusion Detection Based on the BP Networks and the Improved PSO Algorithm [J]. J4, 2010, 32(6): 34-36.
[3]	SUN Bocheng,QIU Yanjun,LIANG Shiqing. A Distributed Intrusion Detection and Decision System Based on MobileAgents [J]. J4, 2010, 32(5): 15-17.
[4]	ZHANG Hongli,HUANG Shouming. A Mobile AgentBased IDS for Wireless Sensor Networks [J]. J4, 2010, 32(5): 18-20.
[5]	LU Linlin，MA Xin. A System Model for the United Risk Assessment of Network Security Based on Mobile Agents [J]. J4, 2010, 32(5): 26-29.
[6]	CHENG Jie-Ren, YAN Jian-Ping, LIU Yun, LIU Xiang-Hui, CAI Zhi-Ping. The DDoS Detection Method Based on Attack Features and the ARMA Prediction Model [J]. J4, 2010, 32(4): 1-4.
[7]	ZHANG Qiang-,Zhuo-Ying, GONG Zheng-Hu. Research on the Representation and Evolvement of Trust in Distributed Network Interaction [J]. J4, 2010, 32(4): 5-9.
[8]	TU Jie, LI Zhou-Jun, ZHANG Chong-Bin, LI Jiang. Research on the Scenario of the Active Scanning of Web Vulnerability [J]. J4, 2010, 32(3): 31-34.
[9]	SU Pan-Jun, CHEN Gang, LIU Cuan. Anomaly Detection Based on Aggregated Network Behavior Metrics [J]. J4, 2010, 32(3): 38-41.
[10]	QIAO Tong-Xu, LI Guo-Huan, ZHANG Wen-Zheng. Hierarchical Secure Communications in Computer Networks [J]. J4, 2010, 32(2): 49-52.
[11]	MA Dun, CA Kai-Yu, CAO Hua-Yang, LIU Xin. Design and Implementation of a MultiLevel InterDomain Routing Security Monitoring System [J]. J4, 2010, 32(2): 60-62.
[12]	GUO You-Yan, DU Ye, WANG Yang, HAN Xiang-Fei, SUN Yi, CHEN Ji, JIANG Lin. Research on an Innernet Access Control System Based on the ARP Protocol [J]. J4, 2010, 32(1): 21-24.
[13]	. [J]. J4, 2002, 24(6): 7-10.
[14]	. [J]. J4, 2002, 24(6): 20-22.
[15]	. [J]. J4, 2002, 24(6): 27-31.

A Method of Generating the MultiTargets Attack Graphs Based on Greedy Policies

PDF

Knowledge

Abstract

Cite this article

share this article

Related Articles 15

Recommended Articles

Metrics

Comments