With the shortcoming of high time complexity and messy graphical presentation in large scale network application for attack graphs, this paper proposed a new generation method. The method visited network hosts using breadth-first traversing algorithm from attack sources based on target network model and attacker model, acquired attack atoms with attack patterns instantiation and confidential relationship for network connections between two hosts, filtered attack atoms through greedy principle and probability metric for attack atoms, and updated effect states of attack atoms. The experimental results show that the method can traverse once among hosts and filter attack atoms, not only has higher time efficiency, but also provides objective attack paths information for security events analyzing. The proposed method can meet the needs of attacking auxiliary decision, intrusion detection and network security evaluation in large scale network environment.%针对现有攻击图在大规模网络应用中存在的时间复杂性高和图形化展示凌乱等不足,提出一种新的构建方法:在目标网络模型和攻击者模型的基础上,以攻击源为起点广度遍历网络主机,针对主机间的网络连接,通过攻击模式实例化和信任关系获取攻击原子集,并根据攻击者贪婪原则和攻击原子发生概率计算尺度筛选攻击原子,同时更新攻击原子作用对象状态.通过实验分析,该方法面向网络主机实现一次遍历,筛选关键攻击原子,快速生成攻击图,不仅具有较高的时间效率,而且为安全事件分析提供客观的攻击路径信息.该方法能够满足大规模网络环境下的攻击辅助决策、入侵检测和网络安全评估等应用需求.
展开▼
