| In recent years, with the rapid development of Internet technology, networked computers are playing an increasingly important role in politics, economy, military, social life and other fields. However, the computer security problems have caught people's attention. Computer security are mainly affected by the threat from vulnerability, which refers to computer system design flaws, make malicious organizations or individuals have the opportunity to permeate in a computer system destruction. According to statistics, every year the number of newly discovered vulnerabilities is raising rapidly. At present there have been many organizations undertake vulnerabilities classification and standardization; bring lots of convenience to safety managers. However, attackers always attempts to make complex attacks through combinations of system and destruction, attacks involving multiple vulnerabilities. In a complex environment which vulnerability makes the greatest threat? How to effectively harden the system? Therefore, this paper subject to the above problems, carry out the following aspects:1. in the research on current vulnerability management technology and vulnerability assessment technique on the basis of study, this paper points out some advantages and disadvantages. Through the analysis of the relationship of vulnerabilities, put forward the system permissions for relevance elements attack rules. Lead in the field of safety assessment of several common analysis methods, and discusses mainly using an attack graph analysis method of network state.2. About using the attack graph method existing in the state space of explosion, graph circuit against analysis and attack graph tectonic rules of problems, puts forward an improved model. In the new model by introducing "monotonic principles" effective control of the state for the attack graph with circuit problem,also put forward by introducing virtual starting point to represent host safety status, the method of evaluation methods and the host will weakness vulnerability assessment unification.3. Research how to conduct system repairs after safety evaluation:(1) weakness repair costs and keep threat exists between these two conditions of the relationship. (2) Proposed a "limited budget, be in namely model" known vulnerabilities repair costs and limited budget, how to calculate the best by analyzing the weaknesses of repair plan. Of the algorithm is studied, by introducing itself greedy algorithm is given a efficient for approximate optimal solution scheme.4. Finally through design and implement a set of host vulnerability assessment system, and its application in practice. The main functions of this system includes:(1) to host based local weaknesses scanning and based on the network vulnerability scanning. (2) By generating improved attack graph of system vulnerability assessment. (3) Through agent running mode, can be deployed in the local area network, through the central control system unified operation and analysis, be centrally managed net safety conditions. |
PDF Full Text Request