计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (3): 62-69.doi: 10.11896/jsjkx.210800107

• 新兴分布式计算技术与系统* 上一篇    下一篇

基于贝叶斯攻击图的动态网络安全分析

李嘉睿1, 凌晓波2, 李晨曦1, 李子木1, 杨家海1, 张蕾2, 吴程楠2   

  1. 1 清华大学网络科学与网络空间研究院 北京100084
    2 国网上海市电力公司 上海200122
    3 国网上海电力科学研究院 上海200437
    4 国网上海松江供电公司 上海201699
  • 收稿日期:2021-08-11 修回日期:2021-10-12 出版日期:2022-03-15 发布日期:2022-03-15
  • 通讯作者: 杨家海(yang@cernet.edu.cn)
  • 作者简介:(ljrui7675@outlook.com)
  • 基金资助:
    电力监控系统网络空间脆弱性分析与威胁探测关键技术研究(5108-202117055A-0-0-00)

Dynamic Network Security Analysis Based on Bayesian Attack Graphs

LI Jia-rui1, LING Xiao-bo2, LI Chen-xi1, LI Zi-mu1, YANG Jia-hai1, ZHANG Lei2, WU Cheng-nan2   

  1. 1 Institute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China
    2 State Grid Shanghai Municipal Electric Power Company,Shanghai 200122,China
    3 State Grid Shanghai Electric Power Research Institute,Shanghai 200437,China
    4 Songjiang Power Supply Company of State Grid Shanghai Municipal Electric Power Company,Shanghai 201699,China
  • Received:2021-08-11 Revised:2021-10-12 Online:2022-03-15 Published:2022-03-15
  • About author:LI Jia-rui,born in 1997,postgraduate.Her main research interests include network measurement,cybersecurity and next generation Internet.
    YANG Jia-hai,born in 1966,professor,Ph.D supervisor,is a senior member of China Computer Federation and IEEE.His main research interests include network management,internet measurement and security,cybersecurity and cyberspace mapping,cloud computing and network functions vir-tualization.
  • Supported by:
    Research on Cyberspace Vulnerability Analysis and Threat Detection in Power Monitoring System(5108-202117055A-0-0-00).

PDF (PC)

1023

摘要: 针对目前攻击图模型不能实时反映网络攻击事件的问题,提出了前向更新风险概率计算方法,以及前向、后向更新相结合的动态风险概率算法。所提算法能够即时、准确地动态评估和分析网络环境变化问题,对网络攻击事件进行动态实时分析。首先对图中各个节点的不确定性进行具体量化分析,在贝叶斯网络中计算它们的静态概率,之后根据实时发生的网络安全事件沿前向和后向路径更新图中各个节点的动态概率,实时量化和反映外界条件的变化,评估网络各处的实时危险程度。实验结果表明,所提方法可以根据实际情况校准和调整攻击图中各节点的概率,进而帮助网络管理员正确认识网络各处的危险级别,更好地为预防和阻止下一步攻击做出决策。

关键词: 贝叶斯网络, 动态概率, 风险概率, 攻击图, 静态概率, 实时

Abstract: In order to overcome the difficulties that current attack graph model cannot reflect real-time network attack events,a method is proposed including a forward risk probability update algorithm and a forward-backward combined risk probability update algorithm,which meets the needs of real-time analyzing network security.It first performs specific quantitative analysis on the uncertainty of each node in the graph,and uses Bayesian networks to calculate their static probabilities.After that,it updates the dynamic probability of each node along the forward and backward paths according to the real-time network security events,instantly reflecting the changes of external conditions and assessing real-time risk levels across the network.Experimental results show that the method can calibrate and adjust the risk probability of each node according to the actual situation,which helps the network operator correctly understand the dangerous levels of the network and make better decision for defense and prevention of the next attack.

Key words: Attack graph, Bayesian network, Dynamic probability, Real time, Risk probability, Static probability

中图分类号: 

  • TP393.08
[1]WANG L,ISLAM T,LONG T,et al.An attack graph-basedprobabilistic security metric[C]//22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security.London:IFIP,2008:283-296.
[2]ZHANG J,WANG J D,ZHANG H W,et al.Network risk ana-lysis method based on node game vulnerability attack graph[J].Computer Science,2014,9(41):169-173.
[3]LIAO J,LI D W.A Bayesian Network inference algorithm based on message propagation and its application[J].Computer and Digital Engineering,2017,44(1):16-20,57.
[4]MUÑOZ-GONZÁLEZ L,SGANDURRA D,PAUDICE A,et al.Efficient attack graph analysis through approximate inference[J].arXiv:1606.07025,2016.
[5]Common Vulnerability Scoring System (CVSS)[EB/OL].[2019-05-30].http://www.first.org/cvss/.
[6]XIE P,LI J,OU X M,et al.Using Bayesian networks for cybersecurity analysis[C]//DSN 2010:2010 IEEE/IFIP International Conference on Dependable Systems & Networks.Chicago:IEEE,2010:211-220.
[7]POOLSAPPASIT N,DEWRI R,RAY I.Dynamic security risk management using Bayesian attack graphs[J].IEEE Transactions on Dependable and Secure Computing,2012,9(1):61-74.
[8]ASVIJA B,ESWARI R,BIJOY M B.Bayesian attack graphs for platform virtualized infrastructures in clouds[J/OL].Journal of Information Security and Applications.https://www.science-direct.com/science/article/abs/pii/S2214212619305332.
[9]WANG H,CHEN Z,ZHAO J,et al.A vulnerability assessment method in industrial internet of things based on attack graph and maximum flow[J].IEEE Access,2018,6:8599-8609.
[10]ZIMBA A,CHEN H,WANG Z.Bayesian network based weighted APT attack paths modeling in cloud computing[J].Future Generation Computer Systems,2019,96:525-537.
[11]GONZALEZ L,LUPU E.Bayesian attack graphs for securityrisk assessment[C]//IST-153 NATO Workshop on Cyber Resilience.Munich:IST-153,2017.
[12]ZHENG Y K,LV K,HU C Z.A quantitative method for evaluating network security based on attack graph[C]//Proceedings of Network and System Security.Switzerland:Springer,2017:349-358.
[13]FRIGAULT M,WANG L,SINGHAL A,et al.Measuring network security using dynamic bayesian network[C]//Procee-dings of the 4th ACMworkshop on Quality of Protection.2008:23-30.
[14]LUIS G,DANIELE S,MARTIN B,et al.Exact inference techniques for the analysis of Bayesian attack Graphs[J].IEEE Transactions on Dependable and Secure Computing,2019,16(2):231-244.
[15]HU Z,ZHU M,LIU P.Online algorithms for adaptive cyber Defenseon Bayesian attack graphs[C]//2017 Workshop on Moving Target Defense.Dallas:ACM,2017:99-109.
[16]WILLIAM S.Cryptography and Network Security:Principlesand Practice Second[OL].https://www.informit.com/store/cryptography-and-network-security-principles-and-practice-9780134444666.
[17]OU X,GOVINDAVAJHALA S,APPEL A W.MulVAL:ALogic-based Network Security Analyzer[C]//USENIX Security Symposium.2005:113-128.
[1] 程成, 降爱莲.
基于多路径特征提取的实时语义分割方法
Real-time Semantic Segmentation Method Based on Multi-path Feature Extraction
计算机科学, 2022, 49(7): 120-126. https://doi.org/10.11896/jsjkx.210500157
[2] 徐涛, 陈奕仁, 吕宗磊.
基于改进YOLOv3的机坪工作人员反光背心检测研究
Study on Reflective Vest Detection for Apron Workers Based on Improved YOLOv3 Algorithm
计算机科学, 2022, 49(4): 239-246. https://doi.org/10.11896/jsjkx.210200119
[3] 耿海军, 王威, 尹霞.
基于混合软件定义网络的单节点故障保护方法
Single Node Failure Routing Protection Algorithm Based on Hybrid Software Defined Networks
计算机科学, 2022, 49(2): 329-335. https://doi.org/10.11896/jsjkx.210100051
[4] 杨萍, 舒辉, 康绯, 卜文娟, 黄宇垚.
一种基于语义分析的恶意代码攻击图生成方法
Generating Malicious Code Attack Graph Using Semantic Analysis
计算机科学, 2021, 48(6A): 448-458. https://doi.org/10.11896/jsjkx.201100074
[5] 韩丽霞, 张占营.
基于树增益朴素贝叶斯网络的服务定价策略
TAN-based Service Pricing Strategy
计算机科学, 2021, 48(6A): 203-. https://doi.org/10.11896/jsjkx.200900024
[6] 刘邦邦, 易国洪, 黄祖源.
面向Docker容器的动态负载算法
Dynamic Loading Algorithm for Docker Container
计算机科学, 2021, 48(6): 276-281. https://doi.org/10.11896/jsjkx.200500152
[7] 张凯, 刘京菊.
基于吸收Markov链的网络入侵路径分析方法
Attack Path Analysis Method Based on Absorbing Markov Chain
计算机科学, 2021, 48(5): 294-300. https://doi.org/10.11896/jsjkx.200700108
[8] 李超, 覃飙.
高效计算因果网中的最大可能解释
Efficient Computation of MPE in Causal Bayesian Networks
计算机科学, 2021, 48(4): 14-19. https://doi.org/10.11896/jsjkx.200500155
[9] 张英, 陶磊岩, 曹健, 王世会, 赵茜, 张兴.
实时低功耗飞行器神经网络
Real-time Low Power Consumption Aircraft Neural Network
计算机科学, 2021, 48(3): 196-200. https://doi.org/10.11896/jsjkx.191200142
[10] 吴培培, 吴兆贤, 唐文兵.
基于吸收态马尔可夫链的智能无人车系统实时性能分析
Real-time Performance Analysis of Intelligent Unmanned Vehicle System Based on Absorbing Markov Chain
计算机科学, 2021, 48(11A): 147-153. https://doi.org/10.11896/jsjkx.210300050
[11] 钱光明, 易超.
一种多节点实时无线连接方案
Real Time Wireless Connection Scheme for Multi-nodes
计算机科学, 2021, 48(11A): 446-451. https://doi.org/10.11896/jsjkx.201200209
[12] 张忆文, 林铭炜.
基于动态优先级设备低能耗调度算法
Devices Low Energy Consumption Scheduling Algorithm Based on Dynamic Priority
计算机科学, 2021, 48(11A): 471-475. https://doi.org/10.11896/jsjkx.210100080
[13] 马梦宇, 吴烨, 陈荦, 伍江江, 李军, 景宁.
显示导向型的大规模地理矢量实时可视化技术
Display-oriented Data Visualization Technique for Large-scale Geographic Vector Data
计算机科学, 2020, 47(9): 117-122. https://doi.org/10.11896/jsjkx.190800121
[14] 汪亮, 周新志, 严华.
基于GPU的实时SIFT算法
Real-time SIFT Algorithm Based on GPU
计算机科学, 2020, 47(8): 105-111. https://doi.org/10.11896/jsjkx.190700036
[15] 张元鸣, 李梦妮, 黄浪游, 陆佳炜, 肖刚.
基于增量日志的数据组合视图定位更新方法
Data Composition View Positioning Update Approach with Incremental Logs
计算机科学, 2020, 47(6): 85-91. https://doi.org/10.11896/jsjkx.190500085
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发