| 基于攻击图的扩充Petri网攻击模型 |
| |
| 引用本文: | 黄光球,程凯歌.基于攻击图的扩充Petri网攻击模型[J].计算机工程,2011,37(10):131-133. |
| |
| 作者姓名: | 黄光球 程凯歌 |
| |
| 作者单位: | 西安建筑科技大学管理学院,西安,710055 |
| |
| 基金项目: | 国家重点学科培育基金资助项目 |
| |
| 摘 要: | 鉴于网络攻击过程中存在攻击者被检测到的可能性,将攻击图转化成Petri网并进行扩展生成EPN模型,依据库所的攻击成本值求解网络攻击的最佳攻击路径和攻击成本,基于最大流概念定义系统最大承受攻击能力。从二维角度分析网络攻击,提出攻击可行性概念及基于攻击图的扩充Petri网攻击模型,该模型相关算法的遍历性由EPN推理规则保证。当原攻击图的弧较多时,算法的复杂度低于Dijkstra算法,攻击图的攻击发起点和攻击目标点间的路径越多,算法越有效。实验结果证明,该模型可以对网络攻击过程进行高效的综合分析。
|
| 关 键 词: | 攻击模型 攻击图 Petri网 攻击路径 攻击成本 |
Expanded Petri Net Attack Model Based on Attack Graph |
| |
| HUANG Guang-qiu,CHENG Kai-ge.Expanded Petri Net Attack Model Based on Attack Graph[J].Computer Engineering,2011,37(10):131-133. |
| |
| Authors: | HUANG Guang-qiu CHENG Kai-ge |
| |
| Affiliation: | (School of Management,Xi’an University of Architecture & Technology,Xi’an 710055,China) |
| |
| Abstract: | According to the possibility that an attacker can be detected during a network attack,an attack graph is transferred into a Petri Net,which is then expanded into an Expanded Petri Net(EPN).Attack costs of places are used to solve the optimum attach path and the total attack cost of an network attack;the concept of maximum flow is used defined the maximum burdening ability,and the concept of attack feasibility is put forward from the angle of two-dimensional analysis of network attack.The attack graph-based expanded Petri net attack net is represented,the ergodicity of the model's related algorithms is assured by the EPN inference rules.When there are many arcs in an original attack graph,the complexity of the algorithm is lower than that of the Dijkstra algorithm.More is the paths among attack launching points and attack goals in an attack graph,more is efficient the algorithms.Results of a testing case show that the model can make a comprehensive analysis to network attack. |
| |
| Keywords: | attack model attack graph Petri net attack path attack cost |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
