目前网络攻击技术逐步多样化和智能化,攻击者对目标网络内存在的脆弱性会采取多步骤的组合攻击方式进行逐步渗透.攻击图是一种新型的网络脆弱性分析技术,它在对目标网络和攻击者建模的基础上,根据二者之间的相互作用关系计算产生攻击图,展示攻击者利用目标网络脆弱性实施网络攻击的各种可能攻击路径.该技术能够自动发现未知的系统脆弱性以及脆弱性之间的关系,因此是目前研究的热点之一.攻击图技术经历了从面向小型网络的手工分析到自动分析的发展,目前正在向面向大规模网络的自动分析发展.总结了攻击图技术的发展现状,阐述了它的巨大应用前景,最后分析了该技术目前所面临的主要挑战.%The network attack techniques are being more diversified* and intelligent, an attacker can often infiltrate a seemingly well-guarded network system using multi-step attacks by exploiting sequences of related vulnerabilities. As the novel vulnerability assessment technique, the attack graph technique analyzes the interaction between the target net work and the attacker through the models of these two agents,generates attack graph to show possible attack paths. Be cause this technology has the capacity to automatically discover the unknown system vulnerabilities and the relationship between vulnerabilities,it is currently a hot subject of research. The attack graph technique has experienced the stage of manual analysis and the stage of the automatic analysis of small-scale network, and is currently in the way of the auto matic analysis of large-scale network. In this paper, the development of attack graph technique was summarized and challenges arising from the current research were discussed and some suggestions for the future research work were put forward.
展开▼