中文摘要：

针对现有攻击图生成方法存在的状态爆炸导致攻击图规模庞大的问题,提出了一种基于安全状态约简的攻击图生成方法。该方法对现有的采用正向搜索策略和＂单调性＂假设的生成算法进行改进,对非目标主机的安全状态进行约简。针对非目标叶节点导致攻击图冗余的问题,设计了攻击图优化算法。模拟实验对比分析表明了所提方法的有效性。

英文摘要：

Aimed at the problem that too large scale of attack graphs caused by states explosion of existing attack graph generation methods, an attack graph generation algorithm based on security state reduction is proposed. In this method, the generation algorithm which adapts forward search strategy and monotone assumption is improved, and security states of non-target hosts are reduced. Aimed at the problem that the non-target state leaf nodes result in redundancy of attack graphs, an optimization algorithm is proposed. Experimental results show that the proposed method is efficient in generating and simplifying attack graphs.