计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (9): 35-43.doi: 10.11896/jsjkx.230500025

• 数据安全 • 上一篇    下一篇

基于分层任务网络的攻击路径发现方法

王子博1, 张耀方1, 陈翊璐1, 刘红日1,2, 王佰玲1, 王冲华3   

  1. 1 哈尔滨工业大学(威海)计算机科学与技术学院 山东 威海 264209
    2 威海天之卫网络空间安全科技有限公司 山东 威海 264209
    3 国家工业信息安全发展研究中心 北京 100040
  • 收稿日期:2023-05-05 修回日期:2023-07-06 出版日期:2023-09-15 发布日期:2023-09-01
  • 通讯作者: 王佰玲(wbl@hit.edu.cn)
  • 作者简介:(wzb_inet_hitwh@hotmail.com)
  • 基金资助:
    国家重点研发计划(2021YFB2012400)

Hierarchical Task Network Planning Based Attack Path Discovery

WANG Zibo1, ZHANG Yaofang1, CHEN Yilu1, LIU Hongri1,2, WANG Bailing1, WANG Chonghua3   

  1. 1 School of Computer Science and Technology,Harbin Institute of Technology(Weihai),Weihai,Shandong 264209,China
    2 Weihai Cyberguard Technologies Co.Ltd,Weihai,Shandong 264209,China
    3 China Industrial Control Systems Cyber Emergency Response Team,Beijing 100040,China
  • Received:2023-05-05 Revised:2023-07-06 Online:2023-09-15 Published:2023-09-01
  • About author:WANG Zibo,born in 1992,postgra-duate.His main research interests include industrial Internet security and industrial control system security assessment.
    WANG Bailing,born in 1978,Ph.D,professor,Ph.D supervisor,is a member of China Computer Federation.His main research interests include cyber security,information content security and industrial Internet security.
  • Supported by:
    National Key R & D Program of China(2021YFB2012400).

PDF (PC)

2389

摘要: 攻击路径发现是辅助网络资产安全评估的一项关键任务。现有基于智能规划的攻击路径发现方法因建模语言丰富和规划算法完备而深受安全从业者青睐,但其存在的扩展性问题不容忽视。为此,提出一种基于分层任务网络的攻击路径发现方法。具体而言,围绕网络规模逐步扩展、路径发现任务愈加复杂和安全推演场景频繁变化所引发的扩展性问题,将所提方法分解为3个阶段。第一阶段,针对路径生成性能差的问题,引入面向目标拓扑的多层级K路划分算法;第二阶段,针对领域问题描述难的问题,构建融入专家经验的路径规划分层任务网络;第三阶段,针对路径更新效率低的问题,设计应对局部信息更替的攻击路径维护方案。实验结果表明,所提方法适用于大规模网络,执行效率更高,具备良好的扩展性。

关键词: 智能规划分层任务网络, 多层级K路算法, 攻击路径发现, 攻击路径扩展

Abstract: Attack path discovery is a critical task for cyber asset security assessment.The existing artificial intelligence-based planning for attack path discovery method is favored by security practitioners due to its rich modeling language and complete planning algorithm,but its scalability problem cannot be ignored.For that reason,a hierarchical task network-based attack path method is proposed.Specifically,concerning the scalability problem,the proposed method is decomposed into the following three stages:first and foremost,focusing on undesirable attack path generation performance caused by expanding network scale,a multi-level K-way partitioning algorithm is introduced into the target topology; subsequently,focusing on the difficulty of domain problem description caused by complex discovery tasks,an attack path-oriented hierarchical task network is constructed with the combination of expert experiments; and finally,focusing on low attack path updating efficiency caused by demands on what-if security analysis,a maintenance scheme is designed for local information changes of assets.Experimental results show that the proposed method is suitable for attack path discovery in large-scale network which has an advantage over efficiency and scalability.

Key words: Artificial intelligence planning, Hierarchical task network, Multi-level K-way partitioning algorithm, Attack path discovery, Attack path extension

中图分类号: 

  • TP393
[1]LALLIE H S,DEBATTISTA K,BAL J.A review of attackgraph and attack tree visual syntax in cyber security[J].Computer Science Review,2020,35:100219-100259.
[2]ZENITANI K.Attack graph analysis:an explanatory guide[J].Computers & Security,2022,126:103081-103101.
[3]ZANG Y C,ZHU T Y,ZHU J H,et al.Domain-independent intelligent planning technology and its application to automated penetration testing oriented attack path discovery[J].Journal of Electronics & Information Technology,2020,42(9):2095-2107.
[4]OU X,GOVINDAVAJHALA S,APPEL A W.MulVAL:ALogic-based Network Security Analyzer[C]//USENIX security symposium.2005:113-128.
[5]INOKUCHI M,OHTA Y,KINOSHITA S,et al.Design procedure of knowledge base for practical attack graph generation[C]//Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security.2019:594-601.
[6]STAN O,BITTON R,EZRETS M,et al.Extending AttackGraphs to Represent Cyber-Attacks in Communication Protocols and Modern IT Networks[J].IEEE Transactions on Dependable and Secure Computing,2022,19(3):1936-1954.
[7]SAHA D.Extending logical attack graphs for efficient vulnerability analysis[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security.2008:63-74.
[8]GHOSH N,GHOSH S K.A planner-based approach to generate and analyze minimal attack graph[J].Applied Intelligence,2012,36:369-390.
[9]GAO W L,ZHOU T Y,ZHU J H,et al.Network attack path discovery method based on bidirectional ant colony algorithm[J].Computer Science,2022,49(S1):516-522.
[10]BEZAWADA B,RAY I,TIWARY K.AGBuilder:an AI tool for automated attack graph building,analysis,and refinement[C]//IFIP Annual Conference on Data and Applications Security and Privacy.Cham:Springer,2019:23-42.
[11]KAYNAR K,SIVRIKAYA F.Distributed attack graph generation[J].IEEE Transactions on Dependable and Secure Computing,2015,13(5):519-532.
[12]CAO N,LV K,HU C.An attack graph generation method based on parallel computing[C]//Science of Cyber Security:First International Conference.Springer International Publishing,2018:34-48.
[13]LIU Y Z,CHEN Y Z,GUO K,et al.Distributed process mining and graph segmentation for network attack modeling [J].Journal of Chinese Mini-Micro Computer Systems,2020,41(8):1732-1740.
[14]SHAO T H,ZHANG H J,CHENG K,et al.Review of replanning in hierarchical task network [J].Journal of Systems Engineering and Electronics,2020,42(12):2833-2846.
[15]HERRMANN J,KHO J,UÇAR B,et al.Acyclic partitioning of large directed acyclic graphs[C]//2017 17th IEEE/ACM International Symposium on Cluster,Cloud and Grid Computing(CCGRID).IEEE,2017:371-380.
[16]CHEN F,ZHANG Y,SU J S,et al.Two Formal Analyses of Attack Graphs [J].Journal of Software,2010,21(4):838-848.
[17]Simple Hierarchical Ordered Planner(SHOP)[EB/OL].https://www.cs.umd.edu/projects/shop/.
[18]Fast Forward(FF) [EB/OL].https://fai.cs.uni-saarland.de/hoffmann/ff.html.
[19]SGPlan(Version 5.0)[EB/OL].https://wah.cse.cuhk.edu.hk/wah/programs/SGPlan/.
[20]Fast Downward(FD)[EB/OL].https://github.com/aibasel/downward.
[21]Partial Order Planning Forwards(POPF)(Version 2.0) [EB/OL].https://nms.kcl.ac.uk/planning/software/popf.html.
[22]Heavy-edge matching [EB/OL] https://github.com/loukasa/graph-coarsening.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发