关键词: 攻击图, 概率可控, 复杂网络, 网络安全, 脆弱性分析

Abstract: Computer network is one of the largest and most widely used complex networks, how to improve the accuracy of network security evaluation and promote its practical applicability in large scale networks is the current research hotspot. This paper summarizes the research status and progress in attack model and vulnerability risk assessment. After that, this paper provides a new model which refines the attack graph node to component level and describes the interaction process between the components in the attack step in the form of a directed weighted graph to improve coarse grain size and limitations of the current attack graph. At the same time, through rigorous theoretical    deduction, this paper comes out the standard condition of controllability or partial probability controllability for complex attack network, and proves the relationship between the probability controllability and the traditional controllability. The analysis results and the examples show that, if valid defense existed, the complex networks can still provide      normal service function in the case of attack and damage. Besides, this paper gives out the concrete method for controlling network and defense node selection.

Key words:  attack graph, probability controllability, complex network, network security, vulnerability analysis