网络攻击图是根据观测到的攻击证据推测网络安全状态的理想模板.现有的攻击图节点置信度计算方法或在模型通用性、计算复杂度方面存在一定不足,或又过多依靠经验公式进行推理而缺乏严密的数学理论支撑.为此,提出一种基于贝叶斯推理的攻击图节点置信度计算方法.方法对似然加权法进行了改进,以支持攻击证据之间的时间偏序关系.实验结果表明,该方法能够有效提高节点置信度的计算准确性,且具有线性计算复杂度,适合于处理大规模攻击图节点置信度的实时计算问题.

Network attack graphs are widely used as templates to extrapolate network security state by analyzing observed intrusion evidence. Existing attack graph node belief computation methods are suffering from generality problems, high computational complexity, or the overuse of empirical formulas to solve problems. This paper improves one of the Bayesian network inference algorithms—the likelihood weighting algorithm into a novel graph node belief computation algorithm, which supports the temporal partial ordering relationship among intrusion evidences. Experiment results show that the method can achieve high computation accuracy in linear computational complexity, a feature making it feasible to be used to process large scale attack graphs in real-time.

Supported by the National Natural Science Foundation of China under Grant Nos.60605019, 60803145 (国家自然科学基金); the National High-Tech Research and Development Plan of China under Grant Nos.2007AA01Z473, 2008AA01Z409 (国家高技术研究发展计划(863)); the Specialized Resea