Abstract:

The attack graph, attack tree and attack net are important modeling methods for testing and evaluating network security, but these methods are disordered and short of pertinence when choosing attacks. To overcome these shortages, this paper models the vulnerability tree of the security attributes for each host, taking the network vulnerability as the leaf node and attacks as tree borders. After analyzing the fruit efficiency and time efficiency comprehensively, we present an approach for vulnerability tree modeling of the host security attributes by efficiency priority. Finally, the feasibility and validity of the approach are verified using some practical examples.

Key words: host security attribute;vulnerability tree;efficiency;evaluation;modeling