èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽæ”»å‡»å›¾çš„ç½‘ç»œå®‰å…¨æŠ€æœ¯ç ”ç©¶

Research for Network Security Based on Attack Graph

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ æŽé¹é£žï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ åŒ—äº¬é‚®ç”µå¤§å¦ ï¼Œ é€šä¿¡ä¸Žä¿¡æ¯ç³»ç»Ÿï¼Œ 2013ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ éšç€è®¡ç®—æœºç½‘ç»œæŠ€æœ¯çš„å¿«é€Ÿå‘å±•,äººä»¬çš„å·¥ä½œã€ç”Ÿæ´»å·²ç»è¶Šæ¥è¶Šç¦»ä¸å¼€ç½‘ç»œ,è®¸å¤šä¸Žäººä»¬ä¼‘æˆšç›¸å…³çš„å…³é”®åŸºç¡€è®¾æ–½å·²ç»ç¦»ä¸å¼€ä¿¡æ¯é€šä¿¡æŠ€æœ¯çš„è¾…åŠ©äº†ã€‚ç›®å‰æˆ‘ä»¬å›½å®¶åœ¨åŠ å¤§åŠ›åº¦çš„æŠ•å…¥å’ŒæŽ¨å¹¿ç‰©è”ç½‘ã€ä¿¡æ¯ç‰©ç†ç³»ç»Ÿ(cyber physical systems,ç®€ç§°CPS)ç‰æŠ€æœ¯,åŠ¿å¿…å°†äººä»¬çš„ç”Ÿæ´»ä¸Žç½‘ç»œæ›´ä¸ºç´§å¯†çš„æ†ç»‘åœ¨ä¸€èµ·ã€‚ç„¶è€Œä¼´éšç€ç½‘ç»œçš„å‘å±•,å±‚å‡ºä¸ç©·çš„è®¡ç®—æœºç—…æ¯’ã€è •è™«ä»¥åŠæ›´ä¸ºå…ˆè¿›çš„é»‘å®¢æ”»å‡»å·¥å…·ç»™è®¡ç®—æœºç½‘ç»œå¸¦æ¥æžå¤§çš„ç ´åå’Œå¨èƒã€‚ç½‘ç»œå®‰å…¨é—®é¢˜å·²ç»æˆä¸ºå„ä¸ªå›½å®¶ã€å…¬å¸å’Œç»„ç»‡ä¸å®¹å¿½è§†çš„é—®é¢˜,åŒæ—¶éšç€ç”Ÿäº§å…¨çƒåŒ–,è½¯ç¡¬ä»¶æµ·å¤–å¤–åŒ…ä¸šåŠ¡çš„å‘å±•,ç»™CPSç³»ç»Ÿæ•´ä½“å®‰å…¨æ€§çš„æ£€æŸ¥ä¹Ÿå¸¦æ¥æ›´å¤šçš„éšœç¢å’Œä¸åˆ©æ¡ä»¶ã€‚åœ¨æœ¬æ–‡ä¸,æˆ‘ä»¬å¼•å…¥æ”»å‡»å›¾ç†è®ºæ¥è§£å†³ä¸Šæ–‡æåˆ°çš„ç½‘ç»œå®‰å…¨é—®é¢˜,åŒæ—¶æˆ‘ä»¬æå»ºäº†çŠ¶æ€æ”»å‡»å›¾ç”ŸæˆåŽŸåž‹ç³»ç»Ÿã€‚åŸºäºŽæ”»å‡»å›¾ç†è®ºå’Œå±‚æ¬¡åˆ†æžæ³•(analytic hierarchy process, AHP),æˆ‘ä»¬æå‡ºäº†ç½‘ç»œå®‰å…¨åˆ†æžçš„NodeRankç®—æ³•å’ŒåŽ‚å•†å®‰å…¨è¯„ä¼°æ¨¡åž‹çš„å»ºç«‹,æˆ‘ä»¬è¯•å›¾é€šè¿‡çˆ¬å–ç½‘ç»œæ¼æ´žæ•°æ®åº“ä¾‹å¦‚osvdbç‰çš„æ¼æ´žæ•°æ®,å»ºç«‹æœ¬åœ°åŽ‚å•†æ¼æ´žåº“ã€‚ç„¶åŽé€šè¿‡åˆ©ç”¨çˆ¬å–çš„æ¼æ´žæ•°æ®çš„åŽ†å²ä¿¡æ¯æ¥è¯„ä¼°åŽ‚å•†çš„ä¿¡èª‰åº¦,æœ€åŽé€šè¿‡NodeRankç®—æ³•æ¥è¯„åˆ¤CPSç³»ç»Ÿçš„å®‰å…¨å¯é æ€§ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the development of the information technology, people canâ€™t stand the life without the network. More and more critical infrastructure is increasingly depending on information communication technology, at the same time our country is investing more money in the IOT(internet of things) and CPS(cyber physical systems), so that the future life of people will depend more on the network. Increasing number of bugs, vulnerabilities, Trojan horses, and security incidents due to nefarious insiders and industrial espionage activities have been reported, and with the increasing complexity of CPS due to outsourcing and globalized manufacturing, itâ€™s by no means to guarantee the integrity of a modern CPS product through only supplier screening. Cost and timing restrictions in building and managing critical infrastructure also turn technical testing covering every piece of products from all suppliers into a formidable task.However, we import attack graph to solve the problem mentioned above. In this paper, we set up an attack graph generation system and collect the vendorâ€™s vulnerability information from online vulnerability database such as osvdb(Open Source Vulnerability Database). Based on attack graph, we set up the NodeRank algorithm to analyze the integrity of CPS. With the help of the local vulnerability database set up by ourselves and the AHP (analytic hierarchy process) method, we propose a Supplier Trustworthy Value model to solve the problem.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ ç½‘ç»œå®‰å…¨ï¼› ä¿¡æ¯ç‰©ç†ç³»ç»Ÿï¼› æ”»å‡»å›¾ï¼› å±‚æ¬¡åˆ†æžæ³•ï¼›
ã€Key wordsã€‘ Network Securityï¼› CPSï¼› Attack Graphï¼› AHPï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ åŒ—äº¬é‚®ç”µå¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘2
ã€ä¸‹è½½é¢‘æ¬¡ã€‘208
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®