一种基于目标攻击图的态势威胁评估方法

doi:10.13190/j.jbupt.2015.01.016

北京邮电大学学报 ›› 2015, Vol. 38 ›› Issue (1): 82-86.doi: 10.13190/j.jbupt.2015.01.016

一种基于目标攻击图的态势威胁评估方法

刘威歆¹, 郑康锋¹, 胡影², 武斌¹

1. 北京邮电大学信息安全中心, 北京 100876;
2. 武警北京指挥学院, 北京 100012

收稿日期:2014-04-01 出版日期:2015-02-28 发布日期:2015-03-30
作者简介:刘威歆(1987—),男,博士生,E-mail:jack18jack@gmail.com;郑康锋(1975—),男,副教授,博士生导师.
基金资助:
国家自然科学基金青年科学基金项目(61101108)

Approach of Goal-Oriented Attack Graph-Based Threat Evaluation for Network Security

LIU Wei-xin¹, ZHENG Kang-feng¹, HU Ying², WU Bin¹

1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2. Armed Police Beijing Command Academy, Beijing 100012, China

Received:2014-04-01 Online:2015-02-28 Published:2015-03-30

摘要/Abstract

摘要：

针对传统安全威胁评估方法难以理解攻击渗透的相关性,且难以量化相关渗透对于网络环境的影响问题,结合攻击图渗透动作危害性、渗透相关性和主机业务重要性,提出双向威胁评估模型和计算方法,能衡量攻击的深入程度和对目标的威胁程度,最后提出了一个能应用于实时告警分析的攻击序列评估方法,并通过实验验证了所提模型的合理性和有效性.

关键词: 威胁评估, 攻击图, 双向威胁评估

Abstract:

For being not falling in as final targets of attackers, the critical resources in network environments should be protected. It is vital to quantify the threat and impact during the process of multi-stage attacks. Aiming at combine threat quantification of individual attack action and significance value of hosts, as well as large amount of attack dependencies in attack graphs, a methodology for threat evaluation was proposed. The bi-directional threat evaluation presented in this article is able to compute progress attackers already, as well as the threat to goal-resources in attack graph, which can be well applied to real-time attack threat evaluation. The proposed was finally verified in experiment and simulation.

Key words: threat situation, attack graph, bi-directional threat evaluation

中图分类号:

TN911.22

刘威歆, 郑康锋, 胡影, 武斌. 一种基于目标攻击图的态势威胁评估方法[J]. 北京邮电大学学报, 2015, 38(1): 82-86.

LIU Wei-xin, ZHENG Kang-feng, HU Ying, WU Bin. Approach of Goal-Oriented Attack Graph-Based Threat Evaluation for Network Security[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(1): 82-86.

参考文献

[1] 陈秀真, 郑庆华, 管晓宏, 等. 层次化网络安全威胁态势量化评估方法[J]. 软件学报, 2006, 17(4): 885-897. Chen Xiuzhen, Zheng Qinghua, Guan Xiaohong, et al. Quantitative hierarchical threat evaluation model for network security[J]. Journal of Software, 2006, 17(4): 885-897.

[2] 刘效武, 王慧强, 禹继国, 等. 基于多源融合的网络安全态势感知模型[J]. 解放军理工大学学报: 自然科学版, 2012, 13(4): 403-407. Liu Xiaowu, Wang Huiqiang, Yu Jiguo, et al. Network security situation awareness model based on multi-source fusion[J]. Journal of PLA University of Science and Technology(Natural Science Edition), 2012, 13(4): 403-407.

[3] Cheng Pengsu, Wang Lingyu, Jajodia S, et al. Aggregating CVSS base scores for semantics-rich network security metrics[C]//Reliable Distributed Systems (SRDS), 2012 IEEE 31^st Symposium on. Irvine, CA: IEEE, 2012: 31-40.

[4] Keramati M, Akbari A, Keramati M. CVSS-based security metrics for quantitative analysis of attack graphs[C]//Computer and Knowledge Engineering (ICCKE), 2013 3^th International Conference on. Mashhad: IEEE, 2013: 178-183.

[5] Ahmadinejad S H, Jalili S, Abadi M. A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs[J]. Computer Networks, 2011, 55(9): 2221-2240.

[6] Wang Lingyu, Liu Anyi, Jajodia S. Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts[J]. Computer Communications, 2006, 29(15): 2917-2933.

[7] 叶云, 徐锡山, 贾焰, 等. 基于攻击图的网络安全概率计算方法[J]. 计算机学报, 2010, 33(10): 1987-1996. Ye Yun, Xu XiShan, Jia Yan, et al. An Attack Graph-Based Probabilistic Computing Approach of Network Security[J]. Chinese Journal of Computers, 2010, 33(10): 1987-1996.

[8] 陈锋. 基于多目标攻击图的层次化网络安全风险评估方法研究[D]. 长沙: 国防科学技术大学, 2009.

一种基于目标攻击图的态势威胁评估方法

Approach of Goal-Oriented Attack Graph-Based Threat Evaluation for Network Security

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 4

编辑推荐

Metrics

本文评价

[1]	杨宏宇, 袁海航, 张良. 一种基于主机重要度的网络主机节点风险评估方法[J]. 北京邮电大学学报, 2022, 45(2): 16-21.
[2]	王秀娟, 孙博, 廖彦文, 相从斌. 贝叶斯属性攻击图网络脆弱性评估[J]. 北京邮电大学学报, 2015, 38(4): 110-116.
[3]	钟尚勤徐国胜姚文斌杨义先. 基于主机安全组划分的网络安全性分析 [J]. 北京邮电大学学报, 2012, 35(1): 19-23.
[4]	吴焕潘林王晓箴许榕生. 应用不完整攻击图分析的风险评估模型[J]. 北京邮电大学学报, 2010, 33(3): 57-61.