| Security checking and evaluation of computer network is one of the core research directions in protecting network security. It analyses the network status and identifies security vulnerabilities in advance, and evaluates their risks. It quickly finds out a set of vulnerabilities according to the risks that affect the network security most and provides fix solutions corresponding to these vulnerabilities. This security checking and evaluation has become an exigent demand for many organizations with high security requirement.The thesis first outlines the security status of nowadays network, and briefly introduces the basic situation of network security checking and evaluation. But the current evaluation systems are unilaterally and slowly in evaluating. Aim to these disadvantages, author puts forward an attack-graph based vulnerability risk evaluation model.Author firstly introduces OVAL scanner which is able to scan vulnerability information and computer configurations, etc. And then author summarizes the network and vulnerability information needed in constructing attack graph and model them into logical semantics, including attack preconditions and results, network connectivity, network services information, data binding and security strategies. Then implement the information into Datalog, a logical model language, to form logical semantics to construct network attack path.Based on the information above, author gives out an attack-graph based vulnerability evaluation model and its mathematic formula group. Due to high risk vulnerabilities are all network services related, so the evaluation model is designed to... |
PDF Full Text Request