一种基于知识图谱的扩展攻击图生成方法

doi:10.11896/jsjkx.190400092

摘要/Abstract

摘要： 现有攻击图生成和分析方法主要依赖漏洞评分信息,无法判断软硬件环境等外部因素对漏洞评分的影响并进行修正,导致生成的攻击图难以精确反映节点和路径的真实风险程度。知识图谱中信息抽取和知识推理等工具是对多源途径获取的漏洞相关信息进行融合的有效手段,可以更准确地反映网络中节点和路径的风险程度。首先,设计了基于原子攻击本体的知识图谱,以对攻击图的输入和显示信息进行扩展;然后,提出了基于知识图谱的扩展攻击图生成框架,并在此基础上给出了攻击图生成算法以及攻击成功率、攻击收益的计算方法,从而实现了对漏洞更全面和精确的评分;最后,通过实验验证了所提方法的有效性。

关键词: 风险评估, 攻击成功率, 攻击收益, 攻击图, 知识图谱

Abstract: Existing attack graph generation and analysis techniques mainly depend on vulnerability scores.External factors such as hardware and software cann’t be considered to judge their impact and correct vulnerability scores.As a result,generated attack graph is difficult to accurately reflect the real risk of nodes and attack paths.Information extraction and knowledge reasoning in knowledge graph technique are effective means to integrate vulnerability information acquired by multiple sources,and can be used to calculate the risk of nodes and attack paths more accurately in the network.Firstly,knowledge graph based on atomic attack ontology is designed to extend the input and display information of attack graph.Then,an extended attack graph generation framework based on knowledge graph is proposed.On this basis,the attack graph generation algorithm and calculation of attack success rate and attack profit are given,so as to achieve a more comprehensive and accurate evaluation of vulnerabilities.Finally,experimental results verify the effectiveness of proposed method.

Key words: Attack graph, Attack profit, Attack success rate, Knowledge graph, Risk assessment

中图分类号:

TP393

叶子维, 郭渊博, 李涛, 琚安康. 一种基于知识图谱的扩展攻击图生成方法[J]. 计算机科学, 2019, 46(12): 165-173. https://doi.org/10.11896/jsjkx.190400092

YE Zi-wei, GUO Yuan-bo, LI Tao, JU An-kang. Extended Attack Graph Generation Method Based on Knowledge Graph[J]. Computer Science, 2019, 46(12): 165-173. https://doi.org/10.11896/jsjkx.190400092

参考文献

[1]JHA S,SHEYNER O,WING J.Two formal analyses of attack graphs[C]//Proceedings 15th IEEE Computer Security Foundations Workshop(CSFW-15).IEEE,2002:49-63.
[2]SHEYNER O,HAINES J,JHA S,et al.Automated generation and analysis of attack graphs[C]//IEEE Symposium on Security and Privacy.IEEE,2002:273-284.
[3]WANG L,NOEL S,JAJODIA S.Minimum-cost network harde- ning using attack graphs [J].Computer Communications,2006,29(18):3812-3824.
[4]CHEN F,MAO H D,ZHANG W M,et al.Survey of attack graph technique [J].Computer Science,2011,38(11):12-18.(in Chinese)
陈铎,毛捍东,张维明,等.攻击图技术研究进展[J].计算机科学,2011,38(11):12-18.
[5]WANG S,ZHANG Z,KADOBAYASHI Y.Exploring attack graph for cost-benefit security hardening:a probabilistic approach[J].Computers & Security,2013,32(1):158-169.
[6]HONG J,KIM D S.Harms:hierarchical attack representation models for network security analysis[C]//The 10th Australian Information Security Management Conference.Western Australia,2012:1-8.
[7]KOTENKO I,STEPASHKIN M.Attack graph based evaluation of network security[C]//IFIP International Conference on Communications and Multimedia Security.Springer Berlin Heidelberg,2006:216-227.
[8]WANG L,ISLAM T,LONG T,et al.An attack graph-based probabilistic security metric[C]//IFIP Annual Conference on Data and Applications Security and Privacy.Springer Berlin Heidelberg,2008:283-296.
[9]LIU Q,ZHANG Y.VRSS:A new system for rating and scoring vulnerabilities[J].Computer Communications,2011,34(3):264-273.
[10]LEI K,ZHANG Y,WU C.A system for scoring the exploitability of vulnerability based types [J].Journal of Computer Research and Development,2017,54(10):2296-2309.
[11]LIAO D,ZHOU M,LIU D,et al.Assessment method of automatic optimizing CVSS v2.0 vulnerability indicators [J].Computer Engineering and Applications,2015,51(2):103-107.
[12]OU X,BOYER W F,MCQUEEN M A.A scalable approach to attack graph generation[C]//The 13th ACM Conference on Computer and Communications Security.ACM,2006:336-345.
[13]RICK V H.A framework for the motivation of attackers in attack tree analysis [D].Holland,Delft:Delft University of Technology,2015.
[14]WANG L,JAJODIA S,SINGHAL A,et al.k-Zero day safety:measuring the security risk of networks against unknown attacks[J].Lecture Notes in Computer Science,2010,11(1):573-587.
[15]WANG L,JAJODIA S,SINGHAL A,et al.k-Zero day safety:a network security metric for measuring the risk of unknown vulnerabilities[J].IEEE Transactions on Dependable & Secure Computing,2014,11(1):30-44.
[16]WANG L,ZHANG M,JAJODIA S,et al.Modeling network diversity for evaluating the robustness of networks against zero-day attacks[C]//European Symposium on Research in ComputerSecurity.Springer International Publishing,2014:494-511.
[17]ZHANG M,WANG L,JAJODIA S,et al.Network diversity:a security metric for evaluating the resilience of networks against zero-day attacks[J].IEEE Transactions on Information Forensics & Security,2016,11(5):1071-1086.
[18]FADLALLAH A,SBEITY H,MALLI M,et al.Application of attack graphs in intrusion detection systems:an implementation[J].International Journal of Computer Networks,2016,8(1):1-12.
[19]AHMADINEJAD S H,JALILI S,ABADI M.A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs[J].Computer Networks,2011,55(9):2221-2240.
[20]LIU W X,ZHENG K F,WU B,et al.Alert processing based on attack graph and multi-source analyzing[J].Journal on Communications,2015,36(9):135-144.
[21]WU Y B,YANG F,LAI G H,et al.Research progress of know- ledge graph learning and reasoning[J].Journal of Chinese Mini-Micro Computer Systems,2016,37(9):2007-2013.(in Chinese)
吴运兵,杨帆,赖国华,等.知识图谱学习和推理研究进展[J].小型微型计算机系统,2016,37(9):2007-2013.
[22]LI H,WANG Y,CAO Y.Searching forward complete attack graph generation algorithm based on hypergraph partitioning[J].Procedia Computer Science,2017,107(5):27-38.
[23]PIETERS W,DAVARYNEJAD M.Calculating adversarial risk from attack trees:Control strength and probabilistic attackers[M]//Data Privacy Management,Autonomous Spontaneous Security,and Security Assurance.Springer International Publishing,2015:201-215.
[24]ZHANG S J,LI J H,SONG S S,et al.Using Bayesian inference for computing attack graph node beliefs[J].Journal of Software,2010,21(9):2376-2386.
[25]FRIGAULT M,WANG L.Measuring network security using Bayesian network-based attack graphs[C]//The 3rd IEEE International Workshop on Security,Trust,and Privacy for Software Applications.IEEE,2008:698-703.
[26]POOLSAPPASIT N,DEWRI R,RAY I.Dynamic security risk management using bayesian attack graphs[J].IEEE Transactions on Dependable & Secure Computing,2011,9(1):61-74.
[27]FANG Y,YIN X C,LI J Z.Research of quantitative network security assessment based on Bayesian-attack graphs[J].Application Research of Computers,2013,30(9):2763-2766.
[28]MIEHLING E,RASOULI M,TENEKETZIS D.Optimal de- fense policies for partially observable spreading processes on Bayesian attack graphs[C]//The Second ACM Workshop on Moving Target Defense.ACM,2015:67-76.
[29]DURKOTA K,LISY V,BOSANSKY B,et al.Optimal network security hardening using attack graph games[C]//Twenty-Fourth International Joint Conference on Artificial Intelligence.2015:7-14.
[30]ABRAHAM S,NAIR S.Predictive cyber security analytics framework:a non-homogenous markov model for security quantification[J].Journal of Communications,2014,12(9):899-907.
[31]JIA Y,QI Y,SHANG H,et al.A practical approach to constructing a knowledge graph for cybersecurity[J].Engineering,2018,4(1):53-60.
[32]LIANG Z,ZHOU J K,ZHU H,et al.Research on Aggregation Technology for Information Security Knowledge Based on Security Ontology[J].Netinfo Security,2017,196(4):78-85.(in Chinese)
梁中,周嘉坤,朱汉,等.基于安全本体的信息安全知识聚合技术研究[J].信息网络安全,2017,196(4):78-85.
[33]IANNACONE M,BOHN S,NAKAMURA G,et al.Developing an ontology for cyber security knowledge graphs[C]//Cyber and Information Security Research Conference.ACM,2015:12.
[34]ASAMOAH C,TAO L,GAI K,et al.Powering filtration process of cyber security ecosystem using knowledge graph[C]//IEEE International Conference on Cyber Security and Cloud Computing.IEEE,2016:240-246.
[35]NADEAU D,SEKINE S.A survey of named entity recognition and classification[J].Lingvisticae Investigations,2007,30(1):3-26.
[36]LAO N,MITCHELL T,COHEN W W.Random walk inference and learning in a large scale knowledge base[C]//Conference on Empirical Methods in Natural Language Processing.2012:529-539.
[37]BENGIO Y,DUCHARME R,VINCENT P,et al.A neural probabilistic language model[J].Journal of Machine Learning Research,2003,3(2):1137-1155.
[38]MNIH A,HINTON G.Three new graphical models for statistical language modelling[C]//Proceedings of the24th International Conference on Machine Learning.ACM,2007:641-648.
[39]YE Z W,GUO Y B,WANG C D,et al.Survey on application of attack graph technology[J].Journal on Communications,2017,38(11):125-136.(in Chinese)
叶子维,郭渊博,王宸东,等.攻击图技术应用研究综述[J].通信学报,2017,38(11):125-136.
[40]CHEN X,FANG B,TAN Q.Inferring attack intent of malicious insider based on probabilistic attack graph model[J].Chinese Journal of Computers,2014,37(1):62-72.
[41]TANJA B,MARCOS K,HEIKO S,et al.Using natural lan- guage processing to enable in-depth analysis of clinical messages posted to an internet mailing sist:a feasibility study[J].Journal of Medical Internet Research,2011,13(4):e98.
[42]FINKEL J R,GRENAGER T,MANNING C.Incorporating non-local information into information extraction systems by Gibbs sampling[C]//Proceedings of the 43rd Annual Meeting of the Association for Computational Linguistics.Association for Computational Linguistics,2005:363-370.

相关文章 15

[1]	饶志双, 贾真, 张凡, 李天瑞. 基于Key-Value关联记忆网络的知识图谱问答方法 Key-Value Relational Memory Networks for Question Answering over Knowledge Graph 计算机科学, 2022, 49(9): 202-207. https://doi.org/10.11896/jsjkx.220300277
[2]	吴子仪, 李邵梅, 姜梦函, 张建朋. 基于自注意力模型的本体对齐方法 Ontology Alignment Method Based on Self-attention 计算机科学, 2022, 49(9): 215-220. https://doi.org/10.11896/jsjkx.210700190
[3]	孔世明, 冯永, 张嘉云. 融合知识图谱的多层次传承影响力计算与泛化研究 Multi-level Inheritance Influence Calculation and Generalization Based on Knowledge Graph 计算机科学, 2022, 49(9): 221-227. https://doi.org/10.11896/jsjkx.210700144
[4]	柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[5]	徐涌鑫, 赵俊峰, 王亚沙, 谢冰, 杨恺. 时序知识图谱表示学习 Temporal Knowledge Graph Representation Learning 计算机科学, 2022, 49(9): 162-171. https://doi.org/10.11896/jsjkx.220500204
[6]	秦琪琦, 张月琴, 王润泽, 张泽华. 基于知识图谱的层次粒化推荐方法 Hierarchical Granulation Recommendation Method Based on Knowledge Graph 计算机科学, 2022, 49(8): 64-69. https://doi.org/10.11896/jsjkx.210600111
[7]	王杰, 李晓楠, 李冠宇. 基于自适应注意力机制的知识图谱补全算法 Adaptive Attention-based Knowledge Graph Completion 计算机科学, 2022, 49(7): 204-211. https://doi.org/10.11896/jsjkx.210400129
[8]	马瑞新, 李泽阳, 陈志奎, 赵亮. 知识图谱推理研究综述 Review of Reasoning on Knowledge Graph 计算机科学, 2022, 49(6A): 74-85. https://doi.org/10.11896/jsjkx.210100122
[9]	邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018
[10]	杜晓明, 袁清波, 杨帆, 姚奕, 蒋祥. 军事指控保障领域命名实体识别语料库的构建 Construction of Named Entity Recognition Corpus in Field of Military Command and Control Support 计算机科学, 2022, 49(6A): 133-139. https://doi.org/10.11896/jsjkx.210400132
[11]	熊中敏, 舒贵文, 郭怀宇. 融合用户偏好的图神经网络推荐模型 Graph Neural Network Recommendation Model Integrating User Preferences 计算机科学, 2022, 49(6): 165-171. https://doi.org/10.11896/jsjkx.210400276
[12]	钟将, 尹红, 张剑. 基于学术知识图谱的辅助创新技术研究 Academic Knowledge Graph-based Research for Auxiliary Innovation Technology 计算机科学, 2022, 49(5): 194-199. https://doi.org/10.11896/jsjkx.210400195
[13]	朱敏, 梁朝晖, 姚林, 王翔坤, 曹梦琦. 学术引用信息可视化方法综述 Survey of Visualization Methods on Academic Citation Information 计算机科学, 2022, 49(4): 88-99. https://doi.org/10.11896/jsjkx.210300219
[14]	李嘉睿, 凌晓波, 李晨曦, 李子木, 杨家海, 张蕾, 吴程楠. 基于贝叶斯攻击图的动态网络安全分析 Dynamic Network Security Analysis Based on Bayesian Attack Graphs 计算机科学, 2022, 49(3): 62-69. https://doi.org/10.11896/jsjkx.210800107
[15]	梁静茹, 鄂海红, 宋美娜. 基于属性图模型的领域知识图谱构建方法 Method of Domain Knowledge Graph Construction Based on Property Graph Model 计算机科学, 2022, 49(2): 174-181. https://doi.org/10.11896/jsjkx.210500076

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed