计算机科学 ›› 2022, Vol. 49 ›› Issue (3): 62-69.doi: 10.11896/jsjkx.210800107
李嘉睿1, 凌晓波2, 李晨曦1, 李子木1, 杨家海1, 张蕾2, 吴程楠2
LI Jia-rui1, LING Xiao-bo2, LI Chen-xi1, LI Zi-mu1, YANG Jia-hai1, ZHANG Lei2, WU Cheng-nan2
摘要: 针对目前攻击图模型不能实时反映网络攻击事件的问题,提出了前向更新风险概率计算方法,以及前向、后向更新相结合的动态风险概率算法。所提算法能够即时、准确地动态评估和分析网络环境变化问题,对网络攻击事件进行动态实时分析。首先对图中各个节点的不确定性进行具体量化分析,在贝叶斯网络中计算它们的静态概率,之后根据实时发生的网络安全事件沿前向和后向路径更新图中各个节点的动态概率,实时量化和反映外界条件的变化,评估网络各处的实时危险程度。实验结果表明,所提方法可以根据实际情况校准和调整攻击图中各节点的概率,进而帮助网络管理员正确认识网络各处的危险级别,更好地为预防和阻止下一步攻击做出决策。
中图分类号:
[1]WANG L,ISLAM T,LONG T,et al.An attack graph-basedprobabilistic security metric[C]//22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security.London:IFIP,2008:283-296. [2]ZHANG J,WANG J D,ZHANG H W,et al.Network risk ana-lysis method based on node game vulnerability attack graph[J].Computer Science,2014,9(41):169-173. [3]LIAO J,LI D W.A Bayesian Network inference algorithm based on message propagation and its application[J].Computer and Digital Engineering,2017,44(1):16-20,57. [4]MUÑOZ-GONZÁLEZ L,SGANDURRA D,PAUDICE A,et al.Efficient attack graph analysis through approximate inference[J].arXiv:1606.07025,2016. [5]Common Vulnerability Scoring System (CVSS)[EB/OL].[2019-05-30].http://www.first.org/cvss/. [6]XIE P,LI J,OU X M,et al.Using Bayesian networks for cybersecurity analysis[C]//DSN 2010:2010 IEEE/IFIP International Conference on Dependable Systems & Networks.Chicago:IEEE,2010:211-220. [7]POOLSAPPASIT N,DEWRI R,RAY I.Dynamic security risk management using Bayesian attack graphs[J].IEEE Transactions on Dependable and Secure Computing,2012,9(1):61-74. [8]ASVIJA B,ESWARI R,BIJOY M B.Bayesian attack graphs for platform virtualized infrastructures in clouds[J/OL].Journal of Information Security and Applications.https://www.science-direct.com/science/article/abs/pii/S2214212619305332. [9]WANG H,CHEN Z,ZHAO J,et al.A vulnerability assessment method in industrial internet of things based on attack graph and maximum flow[J].IEEE Access,2018,6:8599-8609. [10]ZIMBA A,CHEN H,WANG Z.Bayesian network based weighted APT attack paths modeling in cloud computing[J].Future Generation Computer Systems,2019,96:525-537. [11]GONZALEZ L,LUPU E.Bayesian attack graphs for securityrisk assessment[C]//IST-153 NATO Workshop on Cyber Resilience.Munich:IST-153,2017. [12]ZHENG Y K,LV K,HU C Z.A quantitative method for evaluating network security based on attack graph[C]//Proceedings of Network and System Security.Switzerland:Springer,2017:349-358. [13]FRIGAULT M,WANG L,SINGHAL A,et al.Measuring network security using dynamic bayesian network[C]//Procee-dings of the 4th ACMworkshop on Quality of Protection.2008:23-30. [14]LUIS G,DANIELE S,MARTIN B,et al.Exact inference techniques for the analysis of Bayesian attack Graphs[J].IEEE Transactions on Dependable and Secure Computing,2019,16(2):231-244. [15]HU Z,ZHU M,LIU P.Online algorithms for adaptive cyber Defenseon Bayesian attack graphs[C]//2017 Workshop on Moving Target Defense.Dallas:ACM,2017:99-109. [16]WILLIAM S.Cryptography and Network Security:Principlesand Practice Second[OL].https://www.informit.com/store/cryptography-and-network-security-principles-and-practice-9780134444666. [17]OU X,GOVINDAVAJHALA S,APPEL A W.MulVAL:ALogic-based Network Security Analyzer[C]//USENIX Security Symposium.2005:113-128. |
[1] | 程成, 降爱莲. 基于多路径特征提取的实时语义分割方法 Real-time Semantic Segmentation Method Based on Multi-path Feature Extraction 计算机科学, 2022, 49(7): 120-126. https://doi.org/10.11896/jsjkx.210500157 |
[2] | 徐涛, 陈奕仁, 吕宗磊. 基于改进YOLOv3的机坪工作人员反光背心检测研究 Study on Reflective Vest Detection for Apron Workers Based on Improved YOLOv3 Algorithm 计算机科学, 2022, 49(4): 239-246. https://doi.org/10.11896/jsjkx.210200119 |
[3] | 耿海军, 王威, 尹霞. 基于混合软件定义网络的单节点故障保护方法 Single Node Failure Routing Protection Algorithm Based on Hybrid Software Defined Networks 计算机科学, 2022, 49(2): 329-335. https://doi.org/10.11896/jsjkx.210100051 |
[4] | 杨萍, 舒辉, 康绯, 卜文娟, 黄宇垚. 一种基于语义分析的恶意代码攻击图生成方法 Generating Malicious Code Attack Graph Using Semantic Analysis 计算机科学, 2021, 48(6A): 448-458. https://doi.org/10.11896/jsjkx.201100074 |
[5] | 韩丽霞, 张占营. 基于树增益朴素贝叶斯网络的服务定价策略 TAN-based Service Pricing Strategy 计算机科学, 2021, 48(6A): 203-. https://doi.org/10.11896/jsjkx.200900024 |
[6] | 刘邦邦, 易国洪, 黄祖源. 面向Docker容器的动态负载算法 Dynamic Loading Algorithm for Docker Container 计算机科学, 2021, 48(6): 276-281. https://doi.org/10.11896/jsjkx.200500152 |
[7] | 张凯, 刘京菊. 基于吸收Markov链的网络入侵路径分析方法 Attack Path Analysis Method Based on Absorbing Markov Chain 计算机科学, 2021, 48(5): 294-300. https://doi.org/10.11896/jsjkx.200700108 |
[8] | 李超, 覃飙. 高效计算因果网中的最大可能解释 Efficient Computation of MPE in Causal Bayesian Networks 计算机科学, 2021, 48(4): 14-19. https://doi.org/10.11896/jsjkx.200500155 |
[9] | 张英, 陶磊岩, 曹健, 王世会, 赵茜, 张兴. 实时低功耗飞行器神经网络 Real-time Low Power Consumption Aircraft Neural Network 计算机科学, 2021, 48(3): 196-200. https://doi.org/10.11896/jsjkx.191200142 |
[10] | 吴培培, 吴兆贤, 唐文兵. 基于吸收态马尔可夫链的智能无人车系统实时性能分析 Real-time Performance Analysis of Intelligent Unmanned Vehicle System Based on Absorbing Markov Chain 计算机科学, 2021, 48(11A): 147-153. https://doi.org/10.11896/jsjkx.210300050 |
[11] | 钱光明, 易超. 一种多节点实时无线连接方案 Real Time Wireless Connection Scheme for Multi-nodes 计算机科学, 2021, 48(11A): 446-451. https://doi.org/10.11896/jsjkx.201200209 |
[12] | 张忆文, 林铭炜. 基于动态优先级设备低能耗调度算法 Devices Low Energy Consumption Scheduling Algorithm Based on Dynamic Priority 计算机科学, 2021, 48(11A): 471-475. https://doi.org/10.11896/jsjkx.210100080 |
[13] | 马梦宇, 吴烨, 陈荦, 伍江江, 李军, 景宁. 显示导向型的大规模地理矢量实时可视化技术 Display-oriented Data Visualization Technique for Large-scale Geographic Vector Data 计算机科学, 2020, 47(9): 117-122. https://doi.org/10.11896/jsjkx.190800121 |
[14] | 汪亮, 周新志, 严华. 基于GPU的实时SIFT算法 Real-time SIFT Algorithm Based on GPU 计算机科学, 2020, 47(8): 105-111. https://doi.org/10.11896/jsjkx.190700036 |
[15] | 张元鸣, 李梦妮, 黄浪游, 陆佳炜, 肖刚. 基于增量日志的数据组合视图定位更新方法 Data Composition View Positioning Update Approach with Incremental Logs 计算机科学, 2020, 47(6): 85-91. https://doi.org/10.11896/jsjkx.190500085 |
|