针对基于攻击图的风险评估的可扩展性问题,从内部安全威胁的角度,提出一种基于主机访问图的漏洞评估的定量方法.首先引入网络访问关系与主机关键度的概念,并提出主机安全威胁模型,接着通过生成主机访问图得到所有主机之间的网络访问关系,在此基础上计算各个漏洞对整个网络安全威胁产生的影响,从而实现对漏洞的评估与排序.实验表明该方法能够有效地评估网络的安全状态和漏洞在网络中的严重程度,并为加强网络安全提供重要依据. Aiming at the scalability of risk assessment based on attack graph, this paper presents a quantitative approach to vulnerability assessment based on host access graph from the perspective of internal security threats.Firstly, the concept of network access and host criticality is introduced and the concept of host security And then through the formation of the host access graph to get the network access relationship between all the hosts, and then calculate the impact of each vulnerability on the entire network security threats, in order to achieve the evaluation and ranking of the vulnerabilities.Experiments show that the method can be effective To assess the network security status and vulnerability in the network severity, and to provide an important basis for strengthening network security.