Yan Huang

DOI: https://doi.org/10.1088/1757-899X/740/1/012114

2020-03-17

IOP Conference Series: Materials Science and Engineering

Abstract:With the development of network technology, network is more and more closely related to people’s lives. Network security has been paid more and more attention, and the research on network security has gradually been put on the agenda. The main purpose of computer network security research is to extract the system data and factors related to computer network security and establish a model to analyze computer network security. Computer security concerns people’s vital interests. Now, hacker attacks and virus intrusions often occur, which threaten people’s privacy and security. The research work of security analysis needs to extract the system resources and security factors related to computer network security and establish a security model oriented to security analysis. Based on the analysis of the connotation and current situation of computer network security, this paper points out the main problems existing in the network security model, in order to explore a practical model for improving computer network security analysis.

Computer Science,Physics

Tao Zhang,Mingzeng Hu,Xiaochun YUN,Yongzheng Zhang,ming Zheng

DOI: https://doi.org/10.3321/j.issn:1002-0470.2005.07.004

2005-01-01

Abstract:System visitors were classified into five kinds by their privilege to access system resource by analysing computer resource, visitor privilege, security requirement, vulnerability, etc. The attacker can enhance his privilege using vulnerability. According to distribution of vulnerabilities privilege set, fault tree should be constructed to analyze the system security states under different security requirement condition, and this method could express qualitative security states using attack path and quantificational security states using attack success probability via analyzing fault tree.

CHEN Chun-xia,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.07.040

2005-01-01

Abstract:It needs to further investigate t echnology of network attack to protect the network security. Attack models can help in describing and analyzing the course of attack structurely and effectively, further more, they can help in sharing the security knowledge and improving the efficiency of attack detectio n and security prediction. This article analyzes and compares several attack mod els in common use at present,and then prospects the future directions of attack model research in the end.

Huiying Lv,Yuanda Cao

DOI: https://doi.org/10.1109/ISISE.2008.109

2008-01-01

Abstract:A risk situation evaluation model for network security is proposed based on analyzing security threat status. This method first perceived and identified the characteristics of critical risk factors, such as asset, vulnerability and threat, from multi-security-sensors. Then a quantitative evaluation algorithm was presented to estimate current threats and potential threats. By analyzing their threat degree, the real-time status and dynamic evolvement trend of security risk was revealed. Sequentially, the security administrator can comprehend the situation about both the single entity and the overall network then timely and effectively make security decisions. Finally this method was illustrated and validated in an emulated network environment. © 2008 IEEE.

Huiying Lv,Yuanda Cao,Cuixia Shi

2008-01-01

Abstract:Network security analysis needs to identify both security information and intruder's intention. So in this paper we proposed a novel framework for network security situation analysis. At first the information about the target network and the intruder was thoroughly identified and described. By correlating the countermine knowledge between attack and defense, an Attack State Graph (ASG) model was constructed, and its generating algorithm was also introduced. In the graph, state transferring during the attack process was analyzed and intruding route was simulated. Then the attack state graph was used to analyze attack situation and further to evaluate network risk, which provides a useful evidence and guidance for security strategies. Finally a representative virtual network environment was given to illustrate the applicability of this attack state model, and to validate its effectiveness to network security analysis and quantitative assessment.

Yinxing Li

DOI: https://doi.org/10.1088/1742-6596/1648/4/042071

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract With the continuous development of human civilization and the continuous progress of computer technology, computer network has been widely used in our life, which has brought great convenience to people’s production and life. As the computer network plays an increasingly important role in daily life, the security of computer network has been paid more and more attention. Therefore, this paper studies the modeling of computer network security analysis based on deep learning algorithm. Starting from the types, levels and main problems of security needs, this paper analyzes the threats faced by the system equipment, access rights, and the main connection relationship, and makes a visual description of the network threats from the perspective of the purpose of the attack is to enhance higher permissions. The security analysis and modeling work is applied to the security fault tree method of computer system and the attack method of network information system. Through research and analysis, starting from the current state of computer network security, this paper deeply studies the analysis and modeling of computer network security, and realizes the evaluation of current computer network security. The accuracy rate of the proposed method for intrusion detection reaches 91.6%.

Dapeng Man,Yang Wu,Yongtian Yang,Wei Wang,Lejun Zhang

DOI: https://doi.org/10.1109/cis.2007.75

2007-01-01

Abstract:The existing network security assessment models have the problems of inadequate capacity of quantitative analysis and lacking for vulnerabilities correlation. To address these problems, a hierarchical network security evaluation model is proposed. The network is divided into vulnerability level, service level, equipment level and network level. The model uses attack graph to correlate the network vulnerabilities, and then calculates the probabilities of successfully exploiting the vulnerabilities. On this basis, the quantitative risks of each level are calculated. Since this model much more accords with the features of network structure, it is an effectively guidance for the network administrators to develop and improve the network security policies.

ZHU Li-na,ZHANG Zuo-chang,FENG Li

DOI: https://doi.org/10.3969/j.issn.1001-3695.2011.11.082

2011-01-01

Abstract:In order to estimate the security situation of large-scale network,this paper aimed at confidentiality,integrality and availability,adopted hierarchical analysis,and put forward a quantitative evaluation model for network security threats situation.This model included a suit of security threat situation indices composed of service,host,subnet and whole network,and quantitative calculation method for each index.Experimental results show the easy operation of this model,and it depicts the safety evolution process of network system accurately and intuitively.

L(U) Hui-ying,CAO Yuan-da,SHI Cui-xia

2008-01-01

Abstract:Network security analysis must identify vulnerabilities in network and intruder's intention.A novel network risk analysis model is proposed based on simulation attacks.First,the information about target network and intruder is studied and described.By correlating the system's vulnerabilities and attacker's behaviors,attack state graph(ASG) was introduced,and its generating algorithm presented.In ASG the state transfer during the attack process is simulated.Then the ASG is used to find out all the routes of the attacker's pervasion,and then to evaluate the threatened location and risk degree,which provides a useful evidence and guidance for making risk decision.Finally a virtual network environment is given to illustrate the applicability of this risk analysis model,and validate its effectiveness to network security analysis and quantitative assessment.

Tao Zhang,Mingzeng Hu,Xiaochun Yun,Yongzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-31979-5_26

2005-01-01

Abstract:For analyzing computer system security, the system visitor could be classified into five kinds by his privilege to access system resource, and presented the model base on privilege escalation. The attacker can enhance his privilege by exploiting vulnerability, according to distribution of vulnerabilities privilege set, we could construct fault tree to reflect distinctly potential attack path, and so this method could quantificational express security state at different security policy via analyzing fault tree.

xue yong wan,liang zhang,wei xu,hong hui gong

DOI: https://doi.org/10.4028/www.scientific.net/AMM.599-601.1457

2014-01-01

Abstract:the computer network is widely applied to people's attention,computer network security is very important,we must take effective measures to ensure the security of computer network.This paper analyzes the implications of computer network security system and its security mechanism,and for the current network security should be involved in some of the elements is introduced.

XIA Yang,LU Yu-liang,YANG Guo-zheng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.19.050

2007-01-01

Abstract:Computer network security vulnerability assessment is a research focus in network security field.This paper puts forward the research target of computer network vulnerability assessment and the major problems appeared in the course of research.It analyses some resent research methods and techniques aimed at computer network vulnerability assessment,such as network vulnerability assessment in terms of network connectivity,intrusion path,graph theory,analysis tools,agent,AHP,as well as vulnerability dependence relation graph.Based on the analysis,it points out the advantage and disadvantage of each method.

Zhiming Liu,Sheng Li,Jin He,Di Xie,Zhantao Deng

DOI: https://doi.org/10.1109/imccc.2012.50

2012-01-01

Abstract:Today's computer systems face lots of challenges in the fast rate of emerging security problems. To accurately assess the security of computer network systems, one must understand how vulnerabilities can be combined to stage an attack. Attack graphs are important tools for analyzing security vulnerabilities in enterprise networks. However, the complexity of traditional method for generating attack graphs increases dramatically as the network size grows. To solve this problem, the efficiency of attack graph generation method must be improved. Based on the analysis of generation approaches to attack graphs, an attack graph generation method for complex network is proposed in this paper. In this method, the network framework and key nodes can be analyzed and searched by loopholes scanning firstly. Then, starting from these key nodes, the algorithm which combined greedy policy, forward exploration and backward searching is used to generate the attack graph. Experimental results prove that the model can make a comprehensive analysis on network security and research the estimation of network attack.

Wei-wei CHENG,Yu-liang LU,Yang XIA,Guo-zheng YANG

DOI: https://doi.org/10.3969/j.issn.1000-2162.2007.04.008

2007-01-01

Abstract:Computer network vulnerability assessment is the important part of the computer security domain,it is very important to improve oneself security level of computer network.This paper introduces the computer network vulnerability firstly,expatiate on the problem which should be solved by the vulnerability assessment,embody introduce some main methods of computer network vulnerability assessment and the issues faced,and then it gives the future work of computer network vulnerability assessment.

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

余冬梅,刘密霞,冯涛

DOI: https://doi.org/10.3969/j.issn.1673-629x.2004.02.041

2004-01-01

Abstract:The greater the availability of the network, the greater its vulnerability to threats from within and outside the organization. To an organization, an enterprise, constructing an appropriate network security system is very necessary. Based on a framework for network security system design put forwarded in, detailed analysis of the phase of network security design is made in this paper, and architecture model and policy management implemented model are given, which hangs security architecture, security policy implement and the enforced mechanism of network security together, and insures the transition between high-level security requirement analysis and the low-level system implementation smoothly.

Zhaocui Li,Huichuan Liu,Chunyan Wu

DOI: https://doi.org/10.1080/23742917.2022.2120293

2022-09-10

Journal of Cyber Security Technology

Abstract:The traditional security detection and defense methods are relatively backward, and there are many problems, such as high false alarm and missed alarm rate, and detection lag, which have been difficult to meet the requirements of computer security defense. In order to strengthen the active defense of computer network security and improve the classification and prediction performance of computer network security events, a computer network security risk assessment model based on mrmr Ig feature selection model and attack graph model is proposed. The mrmr Ig feature selection model is used to classify the characteristics of security events, and the hidden Markov chain model and attack graph model are used to predict the attack intention. The experimental results show that the classification accuracy rate of the model is 99.79%, the false alarm rate and the false alarm rate are 0.11% and 0.18%, respectively. The model can accurately predict attacks in real time, and can provide reference for timely taking targeted computer network security reinforcement and active defense measures.

LOU Jian,CAO Zhen-fu

DOI: https://doi.org/10.3969/j.issn.1007-757X.2006.10.003

2006-01-01

Abstract:With the rapid development of the E-business activities in recent years, the security problem about computer network is attracting more and more people's attention. In the same time, the modes and motivations of network attacks have also had a great change. The formernetwork security models now are too simple to describe the new changes of the security trends. This thesis puts forward an improved network security model and a two-channel network security model on the basis of the study of the security realities. At last, the thesis gives an example of the security exchange system on the Internet which uses the two-channel network security model.

Shangqin Zhong,Wenbin Yao,Haihui Ge,Yixian Yang

2011-01-01

Abstract:Network attack graph was an important tool for network security analysis. With inefficient generating algorithm, previous attack graphs for network assessment and analysis were in large-scale. As building model more reasonably, a simple, flexible and efficient method to generate host-based attack graph was proposed. Based on the generated host-based attack graph, an approach of analyzing network security by using theory of iterative matrix was described. It is proved to be intuitive, efficient and accurate, as it describes the overall security situation of network and facilitates network security administrator to identify the key hosts.

ZENG MENGLIANG,ZHENG XUEFENG

2007-01-01

Abstract:This paper detailedly analyses some kinds of network attacking methods and their harm to the users.From the access control and the flow control on the network,the paper presents a complete solution aim at this attackings based on the Port Based Network Access Control Protocol and the Dynamic Host Configuration Protocol.The solution units the process of software and the hardware fil-ter,not only makes sure the security of the network,but also keeps the high efficiency.