%0 Journal Article
%T Two Formal Analyses of Attack Graphs<br>攻击图的两种形式化分析
%A CHEN Feng
%A ZHANG Yi
%A SU Jin-Shu
%A HAN Wen-Bao
%A <br>陈锋
%A 张怡
%A 苏金树
%A 韩文报
%J 软件学报
%D 2010
%I 
%X An attack graph is a model-based vulnerability analysis technology, which can automatically analyze the interrelation among vulnerabilities in the network and the potential threats resulting from the vulnerabilities. Since the state-based attack graphs can not be applied to the real large networks for the combinatorial explosion in the number of attack paths, the study is now shifted to attribute-based. Based on attribute-based attack graphs, this paper discusses the loop attack paths and the optimization security measures. For the former, an iterative algorithm is presented to find all the non-loop attack paths to the key attributes with their depth less than the given number n. For the latter, it is proved to be an NP-complete problem, and the greedy algorithm is proposed to solve the problem with polynomial time complexity.
%K vulnerability
%K attack graph
%K valid attack path
%K optimization security measures
%K greedy algorithm<br>脆弱性
%K 攻击图
%K 有效攻击路径
%K 最优弥补集
%K 贪婪算法
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=7735F413D429542E610B3D6AC0D5EC59&aid=DEA657F4616BF7FA2B7B714B106F6B0E&yid=140ECF96957D60B2&vid=659D3B06EBF534A7&iid=E158A972A605785F&sid=D40528F59753C0F7&eid=51E4ADE955550A0C&journal_id=1000-9825&journal_name=软件学报&referenced_num=0&reference_num=14