基于不确定攻击图的攻击路径的网络安全分析

计算机科学 ›› 2017, Vol. 44 ›› Issue (Z6): 351-355.doi: 10.11896/j.issn.1002-137X.2017.6A.080

基于不确定攻击图的攻击路径的网络安全分析

曾赛文,文中华,戴良伟,袁润

湘潭大学信息工程学院湘潭411105,湖南工程学院湖南省风电装备与电能协同变换创新中心湘潭411104;湘潭大学智能计算与信息处理教育部重点实验室湘潭411105,湘潭大学信息工程学院湘潭411105,湘潭大学信息工程学院湘潭411105

出版日期:2017-12-01 发布日期:2018-12-01
基金资助:
本文受国家自然科学基金(61272295,61105039,61202398),湘潭大学智能计算与信息处理教育部重点实验室,湖南省重点学科建设项目(0812)资助

Analysis of Network Security Based on Uncertain Attack Graph Path

ZENG Sai-wen, WEN Zhong-hua, DAI Liang-wei and YUAN Run

Online:2017-12-01 Published:2018-12-01

摘要/Abstract

摘要： 随着科学技术的发展,现有攻击图生成算法在描述突发网络拥塞、网络断开、网络延迟等意外情况时存在不足；并且对于在攻击图中同样可以达到目标状态的攻击路径,哪一条路径网络更可靠等问题还未开始研究。通过不确定图模型提出了一种攻击图的生成算法,从攻击者的目标出发,逆向模拟生成攻击图,可以较好地模拟现实攻击情况并找出最可靠攻击路径,而且可以避免在大规模网络中使用模型检测方法出现状态空间爆炸的问题,以帮助防御者更好地防御网络漏洞攻击。实验结果表明,该方法能够正确生成攻击图,并且对大型网络的模拟也很实用。

关键词: 不确定图,攻击图,模型检测,网络漏洞攻击

Abstract: With the development of science and technology,the existing attack graph generation algorithm has deficiencies in describing of network congestion,network disconnection,network delays and other unforeseen circumstances.And in pathing out which route network will be more reliable when all the routes can achieve the same target state has not keen studied in pathing out.Researches nowadays about the uncertain graph have delicate descriptions about the real network.Therefore,this thesis will put forward a new algorithm through uncertain graph model,and we can simulate the reality of attacks by reverse simulation to generate attack graph from the target of attackers and we can also avoid the troubles of space explosion to help defenders against the risks of network vulnerabilities.Through experiments we fond that our approach can generate the attack graph correctly and it is also practical for the simulation of large networks.

Key words: Uncertain graph,Attack graph,Model check,Network vulnerabilities attack

曾赛文,文中华,戴良伟,袁润. 基于不确定攻击图的攻击路径的网络安全分析[J]. 计算机科学, 2017, 44(Z6): 351-355. https://doi.org/10.11896/j.issn.1002-137X.2017.6A.080

ZENG Sai-wen, WEN Zhong-hua, DAI Liang-wei and YUAN Run. Analysis of Network Security Based on Uncertain Attack Graph Path[J]. Computer Science, 2017, 44(Z6): 351-355. https://doi.org/10.11896/j.issn.1002-137X.2017.6A.080

参考文献

[1] 中国互联网网络信息中心.[2016-08-03].http://www.cnnic.net.cn.
[2] CNNIC.中国互联网网络发展状况统计报告(2016)[R].北京:中国互联网络信息中心,2016.
[3] 国家互联网应急中心.[2016-06].http://www.cert.org.cn.
[4] 王永杰,鲜明,刘进,等.基于攻击图模型的网络安全评估研究[J].通信学报,2007,28(3):29-34.
[5] SCHNEIER B.Secrets and Lies[M].John Wiley and Sons,2000:318-333.
[6] MCDERMOTT J P.Attack net penetration testing[C]∥Proceedings of the 2000 Workshop on New Security Paradigms.ACM,200:15-21.
[7] PHILLIPS C,SWILER L P.A graph-based system for network-vulnerability analysis[C]∥Proceedings of the 1998 Workshop on New Security Paradigms.ACM,1998:71-79.
[8] HEWETT R,KIJSANAYOTHIN P.Host-centric model chec-king for network vulnerability analysis[C]∥Computer Security Applications Conference,2008(ACSAC 2008).Annual.IEEE,2008:225-234.
[9] MAGGI P,POZZA D,SISTO R.Vulnerability modelling for the analysis of network attacks[C]∥Third International Conference on Dependability of Computer Systems,2008(DepCos-RELCOMEX’08).IEEE,2008:15-22.
[10] MALHOTRA S,BHATTACHARYA S,G HOSH S K.A vulnerability and exploit independent approach for attack path prediction[C]∥IEEE 8th International Conference on Computer and Information Technology Workshops,2008(CIT Workshops 2008).IEEE,2008:282-287.
[11] 刘强,殷建平,蔡志平,等.基于不确定图的网络漏洞分析方法[J].软件学报,2011,22(6):1398-1412.
[12] 高原.不确定图与不确定网络[D].北京:清华大学,2013.
[13] GAO X L.Regularity index of uncertain graph[J].Journal of Intelligent & Fuzzy Systems,2014,7(4):1671-1678.
[14] BUGTRAQ.The security vulnerabilities mailing list.http://www.securityfocus.com.
[15] WAXMAN B M.Routing of multipoint connections[J].IEEE Journal on Selected Areas in Communications,1988,6(9):1617-1622.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed