一种基于主机重要度的网络主机节点风险评估方法

doi:10.13190/j.jbupt.2021-166

北京邮电大学学报 ›› 2022, Vol. 45 ›› Issue (2): 16-21.doi: 10.13190/j.jbupt.2021-166

一种基于主机重要度的网络主机节点风险评估方法

杨宏宇^1,2, 袁海航², 张良³

1. 中国民航大学安全科学与工程学院, 天津 300300;
2. 中国民航大学计算机科学与技术学院, 天津 300300;
3. 亚利桑那大学信息学院, 图森 AZ85721

收稿日期:2021-08-06 发布日期:2021-12-16
作者简介:杨宏宇(1969—),男,教授,邮箱:yhyxlx@hotmail.com。
基金资助:
国家自然科学基金民航联合研究基金项目(U1833107)

A Risk Assessment Method of Network Host Node with Host Importance

YANG Hongyu^1,2, YUAN Haihang², ZHANG Liang³

1. College of Safety Science and Engineering, Civil Aviation University of China, Tianjin 300300, China;
2. College of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China;
3. College of Information, University of Arizona, Tucson AZ85721, USA

Received:2021-08-06 Published:2021-12-16

摘要/Abstract

摘要： 现有依据攻击图评估网络主机节点方法中的原子攻击概率和资产保护价值计算时,未考虑主机节点间关联关系对主机节点风险值的影响。对此,提出了以网络中主机重要程度为基础的风险评估方案。首先,依据网络信息构建主机攻击图,利用漏洞可利用性、代码可用性和防御强度计算原子攻击概率并依据攻击图计算路径攻击概率;然后,从攻击图结构和资产保护价值2个角度表征主机重要度,利用原子攻击概率的倒数对主机攻击图加权并计算主机节点的改进加权介数指标,利用熵权法对主机节点资产保护价值指标赋权并计算资产保护价值;最后,根据主机节点最大路径攻击概率和主机重要度计算网络主机节点的风险值。实验结果表明,所提方法能够更全面地评估网络环境中的主机节点风险,得到的风险值更加合理。

关键词: 网络安全, 主机攻击图, 主机重要度, 熵权法, 风险评估

Abstract: The existing network host node assessment methods based on attack graph have unreasonable calculation of atomic attack probability and asset protection value, and ignore the impact of the association relationship between host nodes on host node risk value. To solve these problems, a risk assessment scheme based on the importance of hosts in the network is proposed. Firstly, a host-based attack graph based on network information is build, and then the probability of atomic attack is calculated by vulnerability exploitability, code availability and defense intensity. After that, the attack probability of path is calculated based on the attack graph. Furthermore, the host importance is characterized from the attack graph structure and asset protection value. The reciprocal of atomic attack probability is used to weigh the host-based attack graph, and the improved weighted betweenness index is calculated. Moreover, the entropy weight method is used to weigh the asset protection value index of the host nodes and calculate the asset protection value. Finally, the risk value of the network host node is calculated according to the maximum path attack probability and host importance. The experimental results show that the host node risk in the network environmentand the obtained risk value results are more rational.

Key words: network security, host-based attack graph, host importance, entropy weight method, risk assessment

中图分类号:

TP393

杨宏宇, 袁海航, 张良. 一种基于主机重要度的网络主机节点风险评估方法[J]. 北京邮电大学学报, 2022, 45(2): 16-21.

YANG Hongyu, YUAN Haihang, ZHANG Liang. A Risk Assessment Method of Network Host Node with Host Importance[J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(2): 16-21.

参考文献

[1] WANG H, ZHU C H, SHEN Z H. A network security risk assessment method based on a B_NAG model[J]. Computer Systems Science and Engineering, 2021, 38(1):103-117.
[2] WANG H, CHEN Z F, ZHAO J P, et al. A vulnerability assessment method in industrial Internet of things based on attack graph and maximum flow[J]. IEEE Access, 2018, 6:8599-8609.
[3] HU H, ZHANG H Q, YANG Y J. Security risk situation quantification method based on threat prediction for multimedia communication network[J]. Multimedia Tools and Applications, 2018, 77(16):21693-21723.
[4] SHAN C, GAO J, HU C Z, et al. Network risk assessment method based on asset correlation graph[C]//Trusted Computing and Information Security (CTCIS). Berlin:Springer, 2019:65-83.
[5] POKHREL N R, TSOKOS C P. Cybersecurity:a stochastic predictive model to determine overall network security risk using Markovian process[J]. Journal of Information Security, 2017, 8(2):91-105.
[6] 李鑫.基于攻击图的网络安全评估技术研究与实现[D].北京:北京邮电大学, 2017. LI X. Research and implementation of network security assessment technology based on attack graph[D]. Beijing:Beijing University of Posts and Telecommunications, 2017.
[7] RUOHONEN J. A look at the time delays in CVSS vulnerability scoring[J]. Applied Computing and Informatics, 2019, 15(2):129-135.
[8] FREI S, MAY M, FIEDLER U, et al. Large-scale vulnerability analysis[C]//Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense (LSAD'06). New York:ACM, 2006:131-138.
[9] 葛海慧,肖达,陈天平,等.基于动态关联分析的网络安全风险评估方法[J].电子与信息学报, 2013, 35(11):2630-2636. GE H H, XIAO D, CHEN T P, et al. Quantitative eva-luation approach for real-time risk based on attack event correlating[J]. Journal of Electronics and Information Technology, 2013, 35(11):2630-2636.
[10] 国家质量监督检验检疫总局,中国国家标准化管理委员会.信息安全技术信息安全风险评估规范:GB/T 20984-2007[S].北京:中国标准出版社, 2007. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China. Information security technology-risk assessment specification for information security:GB/T 20984-2007[S]. Beijing:Standards Press of China, 2007.
[11] JIN X, ZHANG W S. The optimization of objective weighting method based on relative importance[C]//20205th International Conference on Mechanical, Control and Computer Engineering (ICMCCE). Piscataway, NJ:IEEE Press, 2020:1234-1237.

[1]	石子成, 李新, 唐颖, 黄善国. 基于全光模式匹配的光包过滤系统[J]. 北京邮电大学学报, 2022, 45(3): 96-101.
[2]	杨宏宇, 张乐, 张良. 一种基于风险传播的信息系统风险评估方法[J]. 北京邮电大学学报, 2021, 44(4): 41-48.
[3]	唐宏伟, 冯圣中, 赵晓芳. TOChain:一种高性能虚拟网络安全服务功能链[J]. 北京邮电大学学报, 2018, 41(1): 70-80.
[4]	赵健, 王瑞, 李正民, 雷敏, 马敏耀. 物联网系统安全威胁和风险评估[J]. 北京邮电大学学报, 2017, 40(s1): 135-139.
[5]	雷敏, 刘晓明, 张鸿, 王勉, 杨榆. 面向Web信息系统安全威胁和风险评估分析[J]. 北京邮电大学学报, 2016, 39(s1): 87-93.
[6]	李旭, 鲍京京, 刘颖. 编队通信安全中的黑洞问题[J]. 北京邮电大学学报, 2016, 39(1): 12-17.
[7]	白媛, 王倩, 贾其兰, 张会兵. 一种高效安全的EPS AKA协议[J]. 北京邮电大学学报, 2015, 38(s1): 10-14.
[8]	刘胜利, 彭飞, 武东英, 邹睿, 肖达. CHoney:一个面向Cisco路由器攻击捕获的新型蜜罐[J]. 北京邮电大学学报, 2015, 38(5): 47-53.
[9]	刘敬, 谷利泽, 钮心忻, 杨义先, 李忠献. 基于神经网络和遗传算法的网络安全事件分析方法[J]. 北京邮电大学学报, 2015, 38(2): 50-54.
[10]	付钰, 陈永强, 吴晓平, 宋衍. 基于随机博弈模型的网络攻防策略选取[J]. 北京邮电大学学报, 2014, 37(s1): 35-39.
[11]	陈永强, 吴晓平, 付钰, 宋衍. 基于随机博弈与网络熵的网络安全性评估[J]. 北京邮电大学学报, 2014, 37(s1): 92-96.
[12]	张峰, 付俊, 杨光华, 景奕昕, 唐威. Web访问日志安全分析技术研究[J]. 北京邮电大学学报, 2014, 37(2): 93-98.
[13]	亓峰, 李琪, 韩骞, 杜益, 邱雪松. 基于神经网络的电力通信网风险评估方法[J]. 北京邮电大学学报, 2014, 37(1): 90-93.
[14]	葛海慧, 郑世慧, 陈天平, 杨义先. 信息安全威胁场景模糊风险评估方法[J]. 北京邮电大学学报, 2013, 36(6): 89-92,107.
[15]	钟尚勤徐国胜姚文斌杨义先. 基于主机安全组划分的网络安全性分析 [J]. 北京邮电大学学报, 2012, 35(1): 19-23.

一种基于主机重要度的网络主机节点风险评估方法

A Risk Assessment Method of Network Host Node with Host Importance

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价