基于因果知识网络的攻击路径预测方法

王硕; 汤光明; 寇广; 宋海涛

doi:10.11959/j.issn.1000-436x.2016210

您当前的位置：

首页 >

文章列表页 >

基于因果知识网络的攻击路径预测方法

学术通信 | 更新时间：2024-06-05

- 基于因果知识网络的攻击路径预测方法
- Attack path prediction method based on causal knowledge net
- 通信学报 2016年37卷第10期页码：188-198
- 作者机构：
  
  1. 解放军信息工程大学，河南郑州 450001
  2. 信息保障技术重点实验室，北京 100072
- 作者简介：
  
  [ "王硕（1991-），男，河南南阳人，解放军信息工程大学硕士生，主要研究方向为网络安全。" ]
  [ "汤光明（1963-），女，湖南常德人，解放军信息工程大学教授，博士生导师，主要研究方向为网络信息安全和体系对抗。" ]
  [ "寇广（1983-），男，河南许昌人，解放军信息工程大学讲师，主要研究方向为网络安全态势感知、大数据和云计算安全。" ]
  [ "宋海涛（1990-），男，山东烟台人，解放军信息工程大学博士生，主要研究方向为网络安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61303074);信息保障技术重点实验室开放基金资助项目(KJ-14-106)
- DOI：10.11959/j.issn.1000-436x.2016210
  中图分类号： TP393.8
- 网络出版日期：2016-10，
  
  纸质出版日期：2016-10-25
- 稿件说明：
移动端阅览
王硕, 汤光明, 寇广, 等. 基于因果知识网络的攻击路径预测方法[J]. 通信学报, 2016,37(10):188-198.

Shuo WANG, Guang-ming TANG, Guang KOU, et al. Attack path prediction method based on causal knowledge net[J]. Journal on communications, 2016, 37(10): 188-198.
王硕, 汤光明, 寇广, 等. 基于因果知识网络的攻击路径预测方法[J]. 通信学报, 2016,37(10):188-198. DOI： 10.11959/j.issn.1000-436x.2016210.

Shuo WANG, Guang-ming TANG, Guang KOU, et al. Attack path prediction method based on causal knowledge net[J]. Journal on communications, 2016, 37(10): 188-198. DOI： 10.11959/j.issn.1000-436x.2016210.

摘要

针对现有攻击路径预测方法无法准确反映攻击者攻击能力对后续攻击路径的影响，提出了基于因果知识网络的攻击路径预测方法。借助因果知识网络，首先通过告警映射识别已发生的攻击行为；然后分析推断攻击者能力等级，进而根据攻击者能力等级动态调整概率知识分布；最后利用改进的Dijkstra算法计算出最有可能的攻击路径。实验结果表明，该方法符合网络对抗实际环境，且能提高攻击路径预测的准确度。

Abstract

The existing attack path prediction methods can not accurately reflect the variation of the following attack path caused by the capability of the attacker.Accordingly an attack path prediction method based on causal knowledge net was presented.The proposed method detected the current attack actions by mapping the alarm sets to the causal knowledge net.By analyzing the attack actions

the capability grade of the attacker was inferred

according to which adjust the probability knowledge distribution dynamically.With the improved Dijkstra algorithm

the most possible attack path was computed.The experiments results indicate that the proposed method is suitable for a real network confrontation environment.Besides

the method can enhance the accuracy of attack path prediction.

关键词

Keywords

references

SHAH C . Zeus crime ware toolkit [EB/OL ] . http://blogs.mcafee.com/mcafeelabs/zeus-crimeware-toolkit http://blogs.mcafee.com/mcafeelabs/zeus-crimeware-toolkit .

QIN X , LEE W . Statistical causality of INFOSEC alert data [C ] // Recent Advances in Intrusion Detection 2003 . Berlin , 2003 : 73 - 93 .

梅海彬 , 龚俭 , 张明华 . 基于警报序列聚类的多步攻击模式发现研究 [J ] . 通信学报 , 2011 , 32 ( 5 ): 63 - 69 .

MEI H B , GONG J , ZHANG M H . Research on discovering multi-step attack patterns based on clustering IDS alert sequences [J ] . Journal on Communications , 2011 , 32 ( 5 ): 63 - 69 .

VALEUR F , VIGNA G , KRUEGEL C , et al . A comprehensive approach to intrusion detection alert correlation [J ] . IEEE Trans.Dependable and Secure Computing , 2004 , 1 ( 3 ): 146 - 169 .

JAJODIA S , NOEL S , KALAPA P , et al . Cauldron:mission-centric cyber situational awareness with defense in depth [C ] // The Military Communications Conference . Baltimore , 2011 : 1339 - 1344 .

YU D , FRINCKE D . Improving the quality of alerts and predicting intruder’s next goal with hidden colored petri-net [J ] . Computer Networks , 2007 , 51 ( 3 ): 632 - 654 .

WANG L , ISLAM T , LONG T , et al . An attack graph-based probabilistic security metric [C ] // Data and Applications Security XXII . Berlin Heidelberg , 2008 : 283 - 296 .

苏婷婷 , 潘晓中 , 肖海燕 . 基于属性邻接矩阵的攻击图表示方法研究 [J ] . 电子与信息学报 , 2012 , 34 ( 7 ): 1744 - 1747 .

SU T T , PAN X Z , XIAO H Y . Research on attack graph based on attributes adjacncy matrix [J ] . Journal of Electronics ＆ Information Technology , 2012 , 34 ( 7 ): 1744 - 1747 .

陈小军 , 方滨兴 , 谭庆丰 . 基于概率攻击图的内部攻击意图推断算法研究 [J ] . 计算机学报 , 2014 , 37 ( 1 ): 62 - 72 .

CHEN X J , FANG B X , TAN Q F . Inferring attack intent of malicious insider based on probabilistic attack graph model [J ] . Chinese Journal of Computers , 2014 , 37 ( 1 ): 62 - 72 .

吕慧颖 , 彭武 , 王瑞梅 . 基于时空关联分析的网络实时威胁识别与评估 [J ] . 计算机研究与发展 , 2014 , 51 ( 5 ): 1039 - 1049 .

LV H Y , PENG W , WANG R M . A real-time network threat recognition and assessment method based on association analysis of time and space [J ] . Journal of Computer Research and Development , 2014 , 51 ( 5 ): 1039 - 1049 .

XIE P , LI J H , OU X M , et al . Using Bayesian networks for cyber security analysis [C ] // The 40th IEEE/IFIP International Conference on Dependable Systems and Networks(DSN) . Chicago , 2010 : 211 - 220 .

张少俊 , 李建华 , 宋珊珊 . 贝叶斯推理在攻击图节点置信度计算中的应用 [J ] . 软件学报 , 2010 , 21 ( 9 ): 2376 - 2386 .

ZHANG S J , LI J H , SONG S S . Using Bayesian inference for computing attack graph node beliefs [J ] . Journal of Software , 2010 , 21 ( 9 ): 2376 - 2386 .

ABRAHAM S , NAIR S . A predictive framework for cyber security analytics using attack graphs [J ] . International Journal of Computer Networks ＆ Communications , 2015 , 7 ( 1 ): 1 - 17 .

FREDJ O B . A realistic graph-based alert correlation system [J ] . Security and Communication Network , 2015 , 8 ( 15 ): 2477 - 2493 .

冯学伟 , 王东霞 , 黄敏桓 . 一种基于马尔可夫性质的因果知识挖掘方法 [J ] . 计算机研究与发展 , 2014 , 51 ( 11 ): 2493 - 2504 .

FENG X W , WANG D X , HANG M H . A mining approach for causal knowledge in alert correlating based on the Markov property [J ] . Journal of Computer Research and Development , 2014 , 51 ( 11 ): 2493 - 2504 .

浏览量

2163

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据