计算机科学

计算机科学 ›› 2021, Vol. 48 ›› Issue (5): 294-300.doi: 10.11896/jsjkx.200700108

• 信息安全 • 上一篇    下一篇

基于吸收Markov链的网络入侵路径分析方法

张凯1,2,3, 刘京菊1,3   

  1. 1 国防科技大学电子对抗学院 合肥230037
    2中国酒泉卫星发射中心 甘肃 酒泉732750
    3 网络空间安全态势感知与评估安徽省重点实验室 合肥230037
  • 收稿日期:2020-07-17 修回日期:2020-08-13 出版日期:2021-05-15 发布日期:2021-05-09
  • 通讯作者: 刘京菊(jingjul@aliyun.com)

Attack Path Analysis Method Based on Absorbing Markov Chain

ZHANG Kai1,2,3, LIU Jing-ju1,3   

  1. 1 College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China
    2 Jiuquan Satellite Launch Center,Jiuquan,Gansu 732750,China
    3 Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China
  • Received:2020-07-17 Revised:2020-08-13 Online:2021-05-15 Published:2021-05-09
  • About author:ZHANG Kai,born in 1992,postgraduate.His main research interests include network security situation awareness and so on.(zkdfbbking@163.com)
    LIU Jing-ju,born in 1974,professor.Her main research interests include network security situation awareness and network security detection.

PDF (PC)

598

摘要: 从攻击者角度对网络进行入侵路径分析对于指导网络安全防御具有重要意义。针对现有的基于吸收Markov链的分析方法中存在的对状态转移情形考虑不全面的问题和状态转移概率计算不合理的问题,提出了一种基于吸收Markov链的入侵路径分析方法。该方法在生成攻击图的基础上,根据攻击图中实现状态转移所利用的漏洞的可利用性得分,充分考虑了非吸收节点状态转移失败的情况,提出了一种新的状态转移概率计算方法,将攻击图映射到吸收Markov链模型;利用吸收Markov链的状态转移概率矩阵的性质,计算入侵路径中节点的威胁度排序和入侵路径长度的期望值。实验结果表明,该方法能够有效计算节点威胁度排序和路径长度期望;通过对比分析,该方法的计算结果相比现有方法更符合网络攻防的实际情况。

关键词: 攻击图, 节点威胁度排序, 路径长度期望, 入侵路径分析, 网络安全, 吸收Markov链

Abstract: The analysis of network attack path from the perspective of attackers is of great significance to guide network security defense.The existing analysis methods based on absorbing Markov chain have some problems,such as incomplete consideration of state transition and unreasonable calculation of state transition probability.In order to solve these problems,this paper proposes an attack path analysis method based on absorbing Markov chain.Based on the generation of attack graph and the exploitability score of vulnerability,the situation that the failure state transition of non-absorbing nodes will be fully considered.In order to map the attack graph to the absorbing Markov chain model,this paper proposes a new method to calculate the state transition probability.Then,by using the properties of the state transition probability matrix of the absorbing Markov chain,it calculates the threat ranking of the nodes in the attack path and the expected length of the attack path.Then,the application feasibility of absorbing Markov chain with multi absorbing states is discussed.The results of the experiment show that the proposed method can effectively calculate the node threat ranking and path length expectation.Through comparative analysis,this method is more in line with the actual situation of network attack and defense than the existing methods.

Key words: Absorbing Markov chain, Attack graph, Attack path analysis, Network security, Node threat ranking, Path length expectation

中图分类号: 

  • TP393.8
[1]HUANG Y H,WU Y F,YANG H P,et al.Graph-based vulnerability assessment for APT attack[J].Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition),2017,29(4):535-541.
[2]YU D,FRINCKE D.Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net[J].Computer Networks,2007,51(3):632-654.
[3]WANG S,TANG G M,KOU G,et al.Attack path predictionmethod based on causal knowledge net[J].Journal on Communications,2016(10):198.
[4]LIU Y L,FENG D G,LIAN Y F,et al.Network Situation Prediction Method Based on Spatial-Time Dimension Analysis[J].Journal of Computer Research and Development,2014,51(8):1681-1694.
[5]ZENG S W,WEN Z H,DAI L W,et al.Analysis of Network Security Based on Uncertain Attack Graph Path[J].Computer Science,2017,44(S1):361-365.
[6]KAYNAR K.A taxonomy for attack graph generation and usage in network security[J].Journal of Information Security and Applications,2016,29:27-56.
[7]ZENG J,WU S,CHEN Y,et al.Survey of Attack Graph Analysis Methods from the Perspective of Data and Knowledge Processing[J].Security & Communication Networks,2019,2019(11):1-16.
[8]SHEYNER O,HAINES J,JHA S,et al.Automated Generationand Analysis of Attack Graphs[C]//Proceedings 2002 IEEE Symposium on Security and Privacy.2004.
[9]WANG S,ZHANG Z,KADOBAYASHI Y.Exploring attackgraph for cost-benefit security hardening:A probabilistic approach[J].Computers & Security,2013,32:158-169.
[10]MIEHLING E,RASOULI M,TENEKETZIS D.Optimal De-fense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs[C]//ACM Workshop on Moving Target Defense.2015.
[11]ABRAHAM S,NAIR S.Cyber security analytics:a stochastic model for security quantification using absorbing markov chains[J].Journal of Communications,2014,9(12):899-907.
[12]ABRAHAM S,NAIR S.A Predictive Framework for Cyber Security Analytics using Attack Graphs[J].International Journal of Computer Networks & Communications,2015,7(1).
[13]FREI S.Security econometrics:The dynamics of (in) security[M].BookSurge Publishing,2009.
[14]HU H,LIU Y L,ZHANG H Q,et al.Route Prediction Method for Network Intrusion Using Absorbing Markov Chain[J].Journal of Computer Research and Development,2018,55(4):831-845.
[15]YE Z W,GUO Y B,WANG C D,et al.Survey on application ofattack graph technology[J].Journal on Communications,2017,38(11):121-132.
[16]GRINSTEAD C M,SNELL J L.Introduction to probability[M].American Mathematical Soc.,2012.
[17]OU X,GOVINDAVAJHALA S,APPEL A W.MulVAL:ALogic-based Network Security Analyzer[C]//USENIX security symposium.2005,8:113-128.
[18]YOUSEFI M,MTETWA N,ZHANG Y,et al.A novel approach for analysis of attack graph[C]//IEEE International Conference on Intelligence and Security Informatics (ISI).IEEE,2017:7-12.
[1] 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠.
基于战术关联的网络安全风险评估框架
Network Security Risk Assessment Framework Based on Tactical Correlation
计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[2] 王磊, 李晓宇.
基于随机洋葱路由的LBS移动隐私保护方案
LBS Mobile Privacy Protection Scheme Based on Random Onion Routing
计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077
[3] 赵冬梅, 吴亚星, 张红斌.
基于IPSO-BiLSTM的网络安全态势预测
Network Security Situation Prediction Based on IPSO-BiLSTM
计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[4] 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓.
一种可快速迁移的领域知识图谱构建方法
Fast and Transmissible Domain Knowledge Graph Construction Method
计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018
[5] 陶礼靖, 邱菡, 朱俊虎, 李航天.
面向网络安全训练评估的受训者行为描述模型
Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment
计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048
[6] 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳.
基于进化神经网络的电力信息网安全态势量化方法
Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network
计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151
[7] 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏.
基于网络媒体的非线性动力学信息传播模型
Nonlinear Dynamics Information Dissemination Model Based on Network Media
计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[8] 李嘉睿, 凌晓波, 李晨曦, 李子木, 杨家海, 张蕾, 吴程楠.
基于贝叶斯攻击图的动态网络安全分析
Dynamic Network Security Analysis Based on Bayesian Attack Graphs
计算机科学, 2022, 49(3): 62-69. https://doi.org/10.11896/jsjkx.210800107
[9] 张师鹏, 李永忠.
基于降噪自编码器和三支决策的入侵检测方法
Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions
计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059
[10] 周仕承, 刘京菊, 钟晓峰, 卢灿举.
基于深度强化学习的智能化渗透测试路径发现
Intelligent Penetration Testing Path Discovery Based on Deep Reinforcement Learning
计算机科学, 2021, 48(7): 40-46. https://doi.org/10.11896/jsjkx.210400057
[11] 李贝贝, 宋佳芮, 杜卿芸, 何俊江.
DRL-IDS:基于深度强化学习的工业物联网入侵检测系统
DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things
计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021
[12] 杨萍, 舒辉, 康绯, 卜文娟, 黄宇垚.
一种基于语义分析的恶意代码攻击图生成方法
Generating Malicious Code Attack Graph Using Semantic Analysis
计算机科学, 2021, 48(6A): 448-458. https://doi.org/10.11896/jsjkx.201100074
[13] 陈海彪, 黄声勇, 蔡洁锐.
一个基于智能电网的跨层路由的信任评估协议
Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid
计算机科学, 2021, 48(6A): 491-497. https://doi.org/10.11896/jsjkx.201000169
[14] 王金恒, 单志龙, 谭汉松, 王煜林.
基于遗传优化PNN神经网络的网络安全态势评估
Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network
计算机科学, 2021, 48(6): 338-342. https://doi.org/10.11896/jsjkx.201200239
[15] 陈明豪, 祝跃飞, 芦斌, 翟懿, 李玎.
基于Attention-CNN的加密流量应用类型识别
Classification of Application Type of Encrypted Traffic Based on Attention-CNN
计算机科学, 2021, 48(4): 325-332. https://doi.org/10.11896/jsjkx.200900155
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发