Attack graph is becoming a key technology for network security analysis. The paper introduces the concept of network security grade to reflect the direction of network attacks and the hierarchy of network defense. Therefore the paper improves its monotony assumption to reduce the attack graph scale, depending on the concept of network security grade, executes sub-task division on attack graph generation; then designs a parallel attack graph generation algorithm. Compared to previous algorithms, experiment results show that the parallel algorithm effectively improves the attack graph generation efficiency; on a 8-cored server with 32GB of memory, the parallel algorithm can generate an attack graph with a network size of 400 within 20 seconds. Moreover the efforts by the paper may help attack graph analysis and network remedy technology with large size network applications.%攻击图正成为一种网络安全分析的关键技术.介绍网络安全梯度的概念来反映网络攻击的方向性和网络防御的层次性.据此,改进了单调性假设以减小攻击图的规模.利用网络安全梯度的概念,将攻击图生成进行子任务划分,从而设计了并行化的攻击图生成算法.与以前的算法进行比较,实验结果表明并行算法有效地提高了攻击图生成效率:在内存为32GB的8核的服务器上,并行算法能在20秒内生成网络规模为400的攻击图.此外,该工作可能对于攻击图的分析和网络弥补技术在大型网络应用有所帮助.
展开▼
