English

应用科学学报 ›› 2012, Vol. 30 ›› Issue (4): 374-378.doi: 10.3969/j.issn.0255-8297.2012.04.008

• 计算机科学与应用 • 上一篇    下一篇

利用迭代矩阵寻找网络中的关键主机

钟尚勤1;2, 刘福强3, 徐国胜1;2, 杨榆1;2, 姚文斌1;2   

  1. 1. 北京邮电大学信息安全中心,北京100876
    2. 北京邮电大学灾备技术国家工程实验室,北京100876
    3. 海军装备研究院,北京100036
  • 收稿日期:2011-07-21 修回日期:2011-10-10 出版日期:2012-07-23 发布日期:2012-07-25
  • 作者简介:钟尚勤,博士,研究方向:信息与网络安全、网络攻击图等,E-mail: zhongshangqin2003@yahoo.com.cn;姚文斌,教授,博导,研究方向:信息与网络安全、容灾备份等,E-mail: yaowenbin_cdc@163.com
  • 基金资助:

    国家自然科学基金(No.61003285);国家发改委信息安全专项基金;教育部科学技术研究重点项目基金;中央高校基本科研业务
    费专项资金(No.BUPT2009RC0215)资助

Finding Key Host of Network through Iterative Matrix

ZHONG Shang-qin1;2, LIU Fu-qiang3, XU Guo-sheng1;2, YANG Yu1;2, YAO Wen-bin1;2   

  1. 1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China
    2. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and
    Telecommunications, Beijing 100876, China
    3. Naval Academy of Armament, Beijing 100036, China
  • Received:2011-07-21 Revised:2011-10-10 Online:2012-07-23 Published:2012-07-25

PDF

881

摘要:

 网络中的关键主机对网络的整体安全性有重大影响,但目前缺少有效方法在网络中寻找关键主机. 该文对网络关键主机进行定义和分类,提出一种关键主机的寻找方法. 将主机攻击图生成算法与迭代矩阵相结合,计算网络中各主机的相关安全属性并排序,使网络安全管理员能方便而有效地找出网络中的3 类关键主机及对应的关
键临界条件,从而采取相应措施保护关键主机. 实验表明该方法可用于网络安全性分析,对提升网络整体安全性有重要意义.

关键词: 关键主机, 主机攻击图, 迭代矩阵, 网络安全

Abstract:

Security of the key host is of prime importance to the overall network, but locating the key host
difficult. This paper gives a definition of key hosts, provides their classification, and propose an approach to
finding the key hosts. The method uses the host-based attack graph and the theory of iterative matrix. By
computing and sorting the security properties of each host, the network security administrator can identify
key hosts and the corresponding key critical-conditions. Appropriate measures can then be taken to protect
the key hosts and enhance the overall network security. Experiment shows that this approach can be applied
to the analysis of network security, and is useful for the enhancement of network security.

Key words: key host, host-based attack graph, iterative matrix, network security

中图分类号: