计算机科学 ›› 2021, Vol. 48 ›› Issue (6A): 468-476.doi: 10.11896/jsjkx.200900205
杜金莲, 孙鹏飞, 金雪云
DU Jin-lian, SUN Peng-fei, JIN Xue-yun
摘要: 近年来,由于系统漏洞增多、网络入侵手段不断演化、黑客技术不断更新,导致网络攻击变得复杂多样化。然而,传统攻击树模型的质量高度依赖于分析师的知识和技能水平,主观性强,在表达攻击意图及攻击操作的关系上存在不足,很难实现攻击模型的自动构建。为了能够高质量地检测系统资产潜在的安全威胁,并支持自动化检测的实现,文中提出一种基于攻击者意图的反目标攻击树模型及其构建方法。该模型从攻击者的意图出发,通过对反目标元素的迭代分解来描述攻击者的攻击过程和攻击目标,并以攻击树的形式进行表达,从而高效地发现系统的安全问题。基于Datalog语言给出反目标攻击树模型分解策略的形式化描述并定义了推理规则,为反目标攻击树模型的自动构建以及攻击威胁的自动检测提供了支持。将所提方法应用到真实的攻击案例场景中进行分析,成功地检测出了被攻击系统的实际攻击场景和潜在安全风险,证明了所提方法的有效性。
中图分类号:
[1] SCHNEIER B.Attack trees[J].Dr. Dobb's Journal,1999,24(12):21-29. [2] LI T,HORKOFF J,BECKERS K,et al.A holistic approach to security attack modeling and analysis[J].Proceedings of the Eighth International i* Workshop,2015,13(2):49-54. [3] HUANG H P,XIAO S D,MENG X Y.Atack tree-based method for asesing cyber security risk of industrial control system[J].Aplication Research of Computers,2015,32(10):3032-3035. [4] LI H,ZHANG R,LIU J Y,et al.Safety asesment on digital radio transmision based on atack tre model[J].Netinfo Security,2014,14(8):71-76. [5] HE M L,CHEN Z M,LONG X D.Improvement of attack tree model based on analytic hierarchy process[J].Application Research of Computers,2016,33(12):3755-3758. [6] LV Z P,QI Q.Attack tree model based onfuzzy analytic hierarchy process [A].Computer Engineering and Design,2018,39(6):1501-1505. [7] LUO S L,ZHANG L,GUO L,et al.An efficient serial modeling method of attack tree [J].Journal of Beijing University of Technology,2013,33(5):500-504. [8] NIU B R,LIU P Y,DUAN L S.An improved Trojan analysis and detection based on attack tree[J].Computer Application and Software,2014,31(3):277-330. [9] XIE L C,YUAN P.Improving malicious code detection method of attack tree [J].Computer Engineering and Design,2013,34(5):1599-1608. [10] YANG Y,HUANG H.Detection method of Trojan horse based on attack tree [J].Computer Engineering and Design,2008,29(11):2711-2715. [11] SU Y D,LI G.Discussion on formal modeling of network attack [J].Computer Engineering and Application,2004,23(6):135-138. [12] YAN F,YIN X C,HUANG H.Research on establishing net-work intrusion modeling method based on MLL-AT [J].Journal of Communications,2011,32(3):116-125. [13] PAUL S.Towards automating the construction & maintenance of attack trees:a feasibility study[J].arXiv:1404.1986,2014. [14] TANG S J,LI X J,TU S Z,et al.A description language for attack tree modeling [J].Journal of Beijing University of Aeronautics and Astronautics,2007,33(12):1486-1490. [15] SHI Z C,CHEN C,PENG D,et al.Research on formal description method in the process of network attack [J].Computer Application Research,2007,24(5):150-156. [16] DUAN Y X,WANG H F.Research on the formalization of network attack mode based on improvement [J].Journal of China University of Petroleum (Natural Science Edition),2007,31(1):144-147. [17] GIORGINI P,MASSACCI F,MYLOPOULOS J,et al.Modeling Security Requirements Through Ownership,Permission and Delegation[C]//Requirements Engineering Conference (RE).2005:167-176. [18] GIORGINI P,MASSACCI F,MYLOPOULOUS J,et al.Re-quirements Engineering meets Trust Management:Model,Methodology,and Reasoning[C]//Proc.of iTrust'04,LNCS 2995.Springer-Verlag,2004:176-190. [19] TIDWELL T,LARSON R,FITCH K,et al.Modeling Internet Attacks[C]//Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy.2001. [20] LAMSWEERDE A V.Elaborating security requirements byconstruction of intentional anti-models[C]//ICSE.2004:148-157. [21] SHOSTACK A.Threat Modeling:Designing for Security[M].John Wiley & Sons,2014. [22] SCANDARIATO R,WUYTS K,JOOSEN W.A descriptivestudy of microsofts threat modeling technique[J].Requirements Engineering,20(2):163-180. [23] Information technology-Security techniques-Information security riskmanagement[M].ISO,2011. [24] KREBS B.Email Attack on Vendor Set Up Breach at Target[EB/OL].http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/. |
[1] | 赵人行, 徐频捷, 刘瑶. 基于深度卷积残差网络的心电单导联房颤检测方法 ECG-based Atrial Fibrillation Detection Based on Deep Convolutional Residual Neural Network 计算机科学, 2022, 49(5): 186-193. https://doi.org/10.11896/jsjkx.220200002 |
[2] | 罗婷瑞, 贾建, 张瑞. 基于可调Q因子小波变换和迁移学习的癫痫脑电信号检测 Epileptic EEG Signals Detection Based on Tunable Q-factor Wavelet Transform and Transfer Learning 计算机科学, 2020, 47(7): 199-205. https://doi.org/10.11896/jsjkx.200200104 |
[3] | 刘阳,刘秋荣,刘辉. 函数抽取重构的自动检测方法 Automated Detection of Extract Method Refactorings 计算机科学, 2015, 42(12): 105-107. |
[4] | 倪俊,陈晓苏,刘辉宇,李劲. 网络安全策略求精一致性检测和冲突消解机制的研究 Research on Network Security Policy Refinement Consistency of Detection and Conflict Resolution Mechanisms 计算机科学, 2011, 38(2): 32-37. |
[5] | 熊浩,晏海华,郭涛,黄永刚,郝永乐,李舟军. 代码相似性检测技术:研究综述 Code Similarity Detection:A Survey 计算机科学, 2010, 37(8): 9-14. |
|