计算机科学 ›› 2021, Vol. 48 ›› Issue (5): 294-300.doi: 10.11896/jsjkx.200700108
张凯1,2,3, 刘京菊1,3
ZHANG Kai1,2,3, LIU Jing-ju1,3
摘要: 从攻击者角度对网络进行入侵路径分析对于指导网络安全防御具有重要意义。针对现有的基于吸收Markov链的分析方法中存在的对状态转移情形考虑不全面的问题和状态转移概率计算不合理的问题,提出了一种基于吸收Markov链的入侵路径分析方法。该方法在生成攻击图的基础上,根据攻击图中实现状态转移所利用的漏洞的可利用性得分,充分考虑了非吸收节点状态转移失败的情况,提出了一种新的状态转移概率计算方法,将攻击图映射到吸收Markov链模型;利用吸收Markov链的状态转移概率矩阵的性质,计算入侵路径中节点的威胁度排序和入侵路径长度的期望值。实验结果表明,该方法能够有效计算节点威胁度排序和路径长度期望;通过对比分析,该方法的计算结果相比现有方法更符合网络攻防的实际情况。
中图分类号:
[1]HUANG Y H,WU Y F,YANG H P,et al.Graph-based vulnerability assessment for APT attack[J].Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition),2017,29(4):535-541. [2]YU D,FRINCKE D.Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net[J].Computer Networks,2007,51(3):632-654. [3]WANG S,TANG G M,KOU G,et al.Attack path predictionmethod based on causal knowledge net[J].Journal on Communications,2016(10):198. [4]LIU Y L,FENG D G,LIAN Y F,et al.Network Situation Prediction Method Based on Spatial-Time Dimension Analysis[J].Journal of Computer Research and Development,2014,51(8):1681-1694. [5]ZENG S W,WEN Z H,DAI L W,et al.Analysis of Network Security Based on Uncertain Attack Graph Path[J].Computer Science,2017,44(S1):361-365. [6]KAYNAR K.A taxonomy for attack graph generation and usage in network security[J].Journal of Information Security and Applications,2016,29:27-56. [7]ZENG J,WU S,CHEN Y,et al.Survey of Attack Graph Analysis Methods from the Perspective of Data and Knowledge Processing[J].Security & Communication Networks,2019,2019(11):1-16. [8]SHEYNER O,HAINES J,JHA S,et al.Automated Generationand Analysis of Attack Graphs[C]//Proceedings 2002 IEEE Symposium on Security and Privacy.2004. [9]WANG S,ZHANG Z,KADOBAYASHI Y.Exploring attackgraph for cost-benefit security hardening:A probabilistic approach[J].Computers & Security,2013,32:158-169. [10]MIEHLING E,RASOULI M,TENEKETZIS D.Optimal De-fense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs[C]//ACM Workshop on Moving Target Defense.2015. [11]ABRAHAM S,NAIR S.Cyber security analytics:a stochastic model for security quantification using absorbing markov chains[J].Journal of Communications,2014,9(12):899-907. [12]ABRAHAM S,NAIR S.A Predictive Framework for Cyber Security Analytics using Attack Graphs[J].International Journal of Computer Networks & Communications,2015,7(1). [13]FREI S.Security econometrics:The dynamics of (in) security[M].BookSurge Publishing,2009. [14]HU H,LIU Y L,ZHANG H Q,et al.Route Prediction Method for Network Intrusion Using Absorbing Markov Chain[J].Journal of Computer Research and Development,2018,55(4):831-845. [15]YE Z W,GUO Y B,WANG C D,et al.Survey on application ofattack graph technology[J].Journal on Communications,2017,38(11):121-132. [16]GRINSTEAD C M,SNELL J L.Introduction to probability[M].American Mathematical Soc.,2012. [17]OU X,GOVINDAVAJHALA S,APPEL A W.MulVAL:ALogic-based Network Security Analyzer[C]//USENIX security symposium.2005,8:113-128. [18]YOUSEFI M,MTETWA N,ZHANG Y,et al.A novel approach for analysis of attack graph[C]//IEEE International Conference on Intelligence and Security Informatics (ISI).IEEE,2017:7-12. |
[1] | 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171 |
[2] | 王磊, 李晓宇. 基于随机洋葱路由的LBS移动隐私保护方案 LBS Mobile Privacy Protection Scheme Based on Random Onion Routing 计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077 |
[3] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[4] | 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018 |
[5] | 陶礼靖, 邱菡, 朱俊虎, 李航天. 面向网络安全训练评估的受训者行为描述模型 Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment 计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048 |
[6] | 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳. 基于进化神经网络的电力信息网安全态势量化方法 Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network 计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151 |
[7] | 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏. 基于网络媒体的非线性动力学信息传播模型 Nonlinear Dynamics Information Dissemination Model Based on Network Media 计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043 |
[8] | 李嘉睿, 凌晓波, 李晨曦, 李子木, 杨家海, 张蕾, 吴程楠. 基于贝叶斯攻击图的动态网络安全分析 Dynamic Network Security Analysis Based on Bayesian Attack Graphs 计算机科学, 2022, 49(3): 62-69. https://doi.org/10.11896/jsjkx.210800107 |
[9] | 张师鹏, 李永忠. 基于降噪自编码器和三支决策的入侵检测方法 Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions 计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059 |
[10] | 周仕承, 刘京菊, 钟晓峰, 卢灿举. 基于深度强化学习的智能化渗透测试路径发现 Intelligent Penetration Testing Path Discovery Based on Deep Reinforcement Learning 计算机科学, 2021, 48(7): 40-46. https://doi.org/10.11896/jsjkx.210400057 |
[11] | 李贝贝, 宋佳芮, 杜卿芸, 何俊江. DRL-IDS:基于深度强化学习的工业物联网入侵检测系统 DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things 计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021 |
[12] | 杨萍, 舒辉, 康绯, 卜文娟, 黄宇垚. 一种基于语义分析的恶意代码攻击图生成方法 Generating Malicious Code Attack Graph Using Semantic Analysis 计算机科学, 2021, 48(6A): 448-458. https://doi.org/10.11896/jsjkx.201100074 |
[13] | 陈海彪, 黄声勇, 蔡洁锐. 一个基于智能电网的跨层路由的信任评估协议 Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid 计算机科学, 2021, 48(6A): 491-497. https://doi.org/10.11896/jsjkx.201000169 |
[14] | 王金恒, 单志龙, 谭汉松, 王煜林. 基于遗传优化PNN神经网络的网络安全态势评估 Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network 计算机科学, 2021, 48(6): 338-342. https://doi.org/10.11896/jsjkx.201200239 |
[15] | 陈明豪, 祝跃飞, 芦斌, 翟懿, 李玎. 基于Attention-CNN的加密流量应用类型识别 Classification of Application Type of Encrypted Traffic Based on Attention-CNN 计算机科学, 2021, 48(4): 325-332. https://doi.org/10.11896/jsjkx.200900155 |
|