| Under some circumstances, the single network node may be safe, or single network behavior will not form threat, but for the complicated network connections, the vulnerability situation is quite different. Network risk is not merely the reflection of node flaw, but the measure of risk degree for the entire network. Network security analysis can evaluate the overall security of the network, which is the foundation for security strategy deployment. The network security evaluation is a systematic project, so we need to overall consider the security questions and seek the optimized solution. Simultaneously, we should consider the diversification of analysis methods and the relation among network nodes.This article has analyzed the basic principle of network security analysis method, including attack graph conception, attack tree model, and other method of modeling. It has profited from the domestic and foreign research results, in this foundation, it discussed automatic production of attack path, as well as attack graph algorithm comparison. Then, based on theory research, this article proposed a network security analysis system prototype based on attack graph, and produce five main modules which is given the more details, such as data structure, tables, and then compare these technology methods or tools, at last, analysis the strategy of security evaluation and give the basic framework on how to realize system.In conclusion, this article proposed some deficiency aimed at the prototype system as well as the content about research, and has introduced the direction which needs to be improved. |
PDF Full Text Request