Measuring network security using Bayesian Network-based attack graphs.

机译：使用基于贝叶斯网络的攻击图衡量网络安全。

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Given the increasing dependence of our societies on networked information systems, the overall security of such systems should be measured and improved. Recent research has explored the application of attack graphs and probabilistic security metrics to address this challenge. However, such work usually shares several limitations. First, individual vulnerabilities' scores are usually assumed to be independent. This assumption will not hold in many realistic cases where exploiting a vulnerability may change the score of other vulnerabilities. Second, the evolving nature of vulnerabilities and networks has generally been ignored. The scores of individual vulnerabilities are constantly changing due to released patches and exploits, which should be taken into account in measuring network security. To address these limitations, this thesis first proposes a Bayesian Network-based attack graph model for combining scores of individual vulnerabilities into a global measurement of network security. The application of Bayesian Networks allows us to handle dependency between scores and provides a sound theoretical foundation to network security metrics. We then extend the model using Dynamic Bayesian Networks in order to reason about the patterns and trends in changing scores of vulnerabilities. Finally, we implement and evaluate the proposed models through simulation studies.

机译：鉴于我们社会对网络信息系统的依赖性越来越高，应该测量和改善这种系统的整体安全性。最近的研究已经探索了攻击图和概率安全度量的应用来应对这一挑战。但是，这样的工作通常有几个局限性。首先，通常假定单个漏洞的分数是独立的。在许多实际情况下，利用漏洞可能会更改其他漏洞的分数，这一假设将不成立。其次，漏洞和网络的不断发展的性质通常被忽略。由于发布了补丁和漏洞，单个漏洞的分数在不断变化，在测量网络安全性时应考虑这些漏洞。为了解决这些局限性，本文首先提出了一种基于贝叶斯网络的攻击图模型，用于将各个漏洞的分数组合成对网络安全性的整体度量。贝叶斯网络的应用使我们能够处理分数之间的依赖关系，并为网络安全度量提供了良好的理论基础。然后，我们使用动态贝叶斯网络扩展该模型，以便推断漏洞得分变化的模式和趋势。最后，我们通过仿真研究来实施和评估所提出的模型。

著录项

作者
Frigault, Marcel.;
展开▼
作者单位

Concordia University (Canada).;

展开▼
授予单位 Concordia University (Canada).;
学科 Computer Science.
学位 M.A.Sc.
年度 2010
页码 77 p.
总页数 77
原文格式 PDF
正文语种 eng
中图分类
关键词

相似文献

外文文献
中文文献
专利

1. A Bayesian network-based approach for learning attack strategies from intrusion alerts [J] . Security and communication networks . 2014,第5期

机译：基于贝叶斯网络的方法，用于从入侵警报中学习攻击策略
2. Bayesian Decision Network-Based Security Risk Management Framework [J] . Masoud Khosravi-Farmad, Abbas Ghaemi-Bafghi Journal of network and systems management . 2020,第4期

机译：贝叶斯决策基于网络的安全风险管理框架
3. Study of Bayesian Network-based Vegetable Traceability Model for Quality Security [J] . Qingcong Zhao, Qingling Zhao Advance journal of food science and technology . 2016,第11期

机译：基于贝叶斯网络的蔬菜安全质量溯源模型研究
4. Measuring Network Security Using Bayesian Network-Based Attack Graphs [C] . Marcel Frigault, Lingyu Wang Annual IEEE International Computer Software and Applications Conference . 2008

机译：使用基于贝叶斯网络的攻击图测量网络安全性
5. A Measure of Systems Engineering Effectiveness in Government Acquisition of Complex Information Systems: A Bayesian Belief Network-Based Approach. [D] . Doskey, Steven Craig. 2014

机译：政府获取复杂信息系统中系统工程有效性的度量：基于贝叶斯信念网络的方法。
6. Network as a Biomarker: A Novel Network-Based Sparse Bayesian Machine for Pathway-Driven Drug Response Prediction [O] . Qi Liu, Louis J. Muglia, Lei Frank Huang 2019

机译：网络作为生物标记：一种基于网络的新型稀疏贝叶斯机器用于途径驱动的药物反应预测
7. A survey on security attacks and countermeasures with primary user detection in cognitive radio networks [O] . José Marinho, Jorge Granjal, Edmundo Monteiro 2015

机译：认知无线电网络中主要用户检测的安全攻击和对策调查
8. Modeling Modern Network Attacks and Countermeasures Using Attack Graphs. [R] . Ingols, K., Chu, M., Lippmann, R., 2009

机译：利用攻击图建模现代网络攻击及对策。

Measuring network security using Bayesian Network-based attack graphs.

摘要

著录项

相似文献

相关主题

期刊订阅