基于贝叶斯网络的脆弱性状态评估方法

对网络安全性的量化评估问题是目前网络安全领域的研究热点之一。通过对现有的网络安全模型及量化分析方法的研究和比较，针对影响网络安全性的各项因素的全面脆弱性评估，提出了网络可靠度、脆弱点关键度、脆弱性状态图最低阶最小路集和最低阶最小割集4个具体的评估指标，将基于贝叶斯网络的计算方法引入脆弱性评估中，提出了量化评估计算方法。在此基础上构建了网络实例，使用SPIN验证工具对网络攻击进行模拟并对提出的评估指标及算法进行了分析验证。实验结果表明，文中提出的算法和评估指标集能够正确地量化反映网络的安全状态。

A network vulnerability evaluation method based on Bayesian networks

Network vulnerability evaluation is a hot topic of network security research. In this paper we analyze and compare the existing network security model and quantitative assessment methods. Considering all the security-related factors of network in vulnerability evaluation, we propose a set of evaluation metrics that includes reliability parameters of network, criticality parameters of network, lowest degree minimal path set and lowest degree minimal cut set .We also propose a new method of quantitative assessment based on Bayesian network. Finally we give an example to simulate the net-attack using SPIN and validate vulnerability evaluation indices and methods. The result shows that the method and the evaluation indices could evaluate and reflect the security state of network successfully.