Device vulnerabilities emerge one after another in the Internet of thing environment, the attackers attack vulnerabilities on several low-level devices simultaneously by multi-step attack method to trigger the vulnerabilities on other high-level devices to damage or control the information system. Considering the correlation between device vulnerabilities, we proposed a method based on attack graph to evaluate vulnerability risk in order to ensure Internet of thing network security. First, according to the type, version, and other relevant information of device vulnerabilities in the Internet of thing environment, hidden Markov model can be used to model the association between device states. Second, analyze the possible attacks on the vulnerabilities on the device, and generate the attack graph according to the correlation between the device states and the relevant information of the vulnerabilities in the device. Finally, the vulnerabilities are objectively and accurately evaluated according to the attack graph. The experiments results show that the proposed method can map the relationship between devices more accurately and objectively and improve the efficiency and accuracy of the vulnerability evaluation.

在物联网环境中，设备漏洞层出不穷，攻击者通过多步攻击的方法同时攻击多个低级设备上的漏洞，从而触发其他高级设备上的漏洞，从而破坏或控制信息系统。考虑到设备漏洞之间的相关性，我们提出了一种基于攻击图的漏洞风险评估方法，以确保物联网网络安全。首先，根据物联网环境中设备漏洞的类型、版本等相关信息，可以采用隐马尔可夫模型对设备状态之间的关联进行建模。二、分析设备上的漏洞可能受到的攻击，根据设备状态与设备漏洞相关信息的相关性，生成攻击图。最后根据攻击图对漏洞进行客观准确的评估。实验结果表明，该方法能够更加准确、客观地映射设备之间的关系，提高漏洞评估的效率和准确性。