面向多步攻击的网络安全态势评估方法

杨豪璞; 邱辉; 王坤

doi:10.11959/j.issn.1000-436x.2017021

您当前的位置：

首页 >

文章列表页 >

面向多步攻击的网络安全态势评估方法

学术通信 | 更新时间：2024-06-05

- 面向多步攻击的网络安全态势评估方法
- Network security situation evaluation method for multi-step attack
- 通信学报 2017年38卷第1期页码：187-198
- 作者机构：
  
  信息工程大学三院，河南郑州 450001
- 作者简介：
  
  [ "杨豪璞（1993-），女，福建厦门人，信息工程大学硕士生，主要研究方向为APT攻击防御、博奕理论。" ]
  [ "邱辉（1991-），男，河南周口人，信息工程大学硕士生，主要研究方向为网络安全态势感知、数据挖掘。" ]
  [ "王坤（1975-），男，河南周口人，信息工程大学副教授，主要研究方向为信息安全、数据分析。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61303074);国家自然科学基金资助项目(61309013);国家重点基础研究发展技术（“973”计划）基金资助项目(2012CB315900)
- DOI：10.11959/j.issn.1000-436x.2017021
  中图分类号： TP393.08
- 网络出版日期：2017-01，
  
  纸质出版日期：2017-01-25
- 稿件说明：
移动端阅览
杨豪璞, 邱辉, 王坤. 面向多步攻击的网络安全态势评估方法[J]. 通信学报, 2017,38(1):187-198.

Hao-pu YANG, Hui QIU, Kun WANG. Network security situation evaluation method for multi-step attack[J]. Journal on communications, 2017, 38(1): 187-198.
杨豪璞, 邱辉, 王坤. 面向多步攻击的网络安全态势评估方法[J]. 通信学报, 2017,38(1):187-198. DOI： 10.11959/j.issn.1000-436x.2017021.

Hao-pu YANG, Hui QIU, Kun WANG. Network security situation evaluation method for multi-step attack[J]. Journal on communications, 2017, 38(1): 187-198. DOI： 10.11959/j.issn.1000-436x.2017021.

摘要

为了分析多步攻击对网络系统的影响，准确、全面地反映系统的安全态势，提出一种面向多步攻击的网络安全态势评估方法。首先对网络中的安全事件进行场景聚类以识别攻击者；对每个攻击场景因果关联，识别出相应的攻击轨迹与攻击阶段；建立态势量化标准，结合攻击阶段及其威胁指数，实现对网络安全态势的评估。通过对2个网络攻防实验的测评分析表明，所提出的多步攻击分析方法符合实际应用，评估结果准确、有效。

Abstract

Aiming at analyzing the influence of multi-step attack

as well as reflecting the system’s security situation accurately and comprehensively

a network security situation evaluation method for multi-step attack was proposed.This method firstly clustered security events into several attack scenes

which was used to identify the attacker.Then the attack path and the attack phase were identified by causal correlation of every scene.Finally

combined with the attack phase as well as the threat index

the quantitative standard was established to evaluate the network security situation.The proposed method is assessed by two network attack-defense experiments

and the results illustrate accuracy and effectiveness of the method.

关键词

Keywords

references

吴迪 , 连一峰 , 陈恺 , 等 . 一种基于攻击图的安全威胁识别和分析方法 [J ] . 计算机学报 , 2012 , 35 ( 6 ): 1938 - 1950 .

WU D , LIAN Y F , CHEN K , et al . A security threats identification and analysis method based on attack graph [J ] . Chinese Journal of Computers , 2012 , 35 ( 6 ): 1938 - 1950 .

田志宏 , 余翔湛 , 张宏莉 , 等 . 基于证据推理网络的实时网络入侵取证方法 [J ] . 计算机学报 , 2014 , 37 ( 5 ): 1184 - 1194 .

TIAN Z H , YU X Z , ZHANG H L , et al . A real-time intrusion forensics method based on evidence reasoning network [J ] . Chinese Journal of Computer , 2014 , 37 ( 5 ): 1184 - 1194 .

ALHAZMI O H , MALAIYA Y K , RAY I . Measuring,analyzing and predicting security vulnerabilities in software systems [J ] . Computers＆ Security , 2007 , 26 ( 3 ): 219 - 228 .

HANNES H , MATHIAS E , DENNIS A . Empirical analysis of system-level vulnerability metrics through actual attacks [J ] . IEEE Transactions on Dependable and Secure Computing , 2012 , 9 ( 6 ): 825 - 837 .

ENDSLEY M R , . Design and evaluation for situation awareness enhancement [C ] // The Human Factors Society 32nd Annual Meeting . 1988 : 97 - 101 .

BASS T . Intrusion detection systems ＆ multisensory data fusion:creating cyberspace situational awareness [J ] . Communications of the ACM , 2000 , 43 ( 4 ): 99 - 105 .

陈秀真 , 郑庆华 , 管晓宏 , 等 . 层次化网络安全威胁态势量化评估方法 [J ] . 软件学报 , 2006 , 17 ( 4 ): 885 - 997 .

CHEN X Z , ZHENG Q H , GUAN X H , et al . Quantitative hierarchical threat evaluation model for network security [J ] . Journal of Software , 2006 , 17 ( 4 ): 885 - 997 .

韦勇 , 连一峰 , 冯登国 . 基于信息融合的网络安全态势评估模型 [J ] . 计算机研究与发展 , 2009 , 46 ( 3 ): 353 - 362 .

MIRMOEINI F , KRISHNAMURTHY V . Reconfigurable Bayesian networks for hierarchical multi-stage situation assessment in battlespace [C ] // The 39th Asilomar Conference on Signals,Systems and Computers . 2005

徐晓辉 , 刘作良 . 基于 D-S 证据理论的态势评估方法 [J ] . 电光与控制 , 2005 , 12 ( 5 ): 36 - 37 .

XU X H , LIU Z L . A method for situation assessment based on D-S evidence theory [J ] . Electronics Optics ＆ Control , 2005 , 12 ( 5 ): 36 - 37 .

ZHUO Y , ZHANG Q , GONG Z H . Network situation assessment based on RST [C ] // Pacific-Asia Workshop on Computational Indulgence and Industrial Application . 2008 : 502 - 506 .

ZHOU Y , ZHANG Q , GONG Z H . Research and implementation of network transmission situation awareness [C ] // WRI World Congress on Computer Science and Information Engineering . 2009 : 210 - 214 .

张勇 , 谭笑彬 , 崔孝林 , 等 . 基于 Markov 博弈模型的网络安全态势感知方法 [J ] . 软件学报 , 2011 , 22 ( 3 ): 495 - 508 .

ZHANG Y , TAN X B , CUI X L , et al . Network security situation awareness approach based on markov game model [J ] . Journal of Software , 2011 , 22 ( 3 ): 495 - 508 .

YEE W , TANSU A , MARIMUTHU P . Security games for risk minization in automatic generation control [J ] . IEEE Transactions on Power Systems , 2015 , 30 ( 1 ): 223 - 232 .

吕慧颖 , 彭武 , 王瑞梅 , 等 . 基于时空关联分析的网络安全实时威胁识别与评估 [J ] . 计算机研究与发展 , 2014 , 51 ( 5 ): 1039 - 1049 .

LYU H Y , PENG W , WANG R M , et al . A real-time network threat recognition and assessment method based on association analysis of time and space [J ] . Journal of Computer Research and Development , 2014 , 51 ( 5 ): 1039 - 1049 .

CYRIL O , THOMAS O . Situational awareness in computer network defense principles,methods and applications [M ] . Hershey : IGI Global SnippetPress , 2012

SCHIFFMAN M . Common vulnerability scoring system version 2.0 [EB/OL ] . http://www.first.org/cvss/cvss-guide.html http://www.first.org/cvss/cvss-guide.html .

FATEMEH K , BEHZAD A . Automatic learning of attack behavior patterns using Bayesian networks [C ] // 6th International Symposium on Telecommunications (IST’2012) . 2012 : 999 - 1004

MIT LINCOLN LABORATORY . 2000 DARPA intrusion detection scenario specific data sets [EB/OL ] . http://ll.mit.edu/IST/ideval/data/2000/2000_data_index.html http://ll.mit.edu/IST/ideval/data/2000/2000_data_index.html .

DEFCON Capture the flag traffic dump [EB/OL ] . http://www.defcon.org/html/links/dc-cft.html http://www.defcon.org/html/links/dc-cft.html .

浏览量

2282

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于自修正系数修匀法的网络安全态势预测

基于网络通信异常识别的多步攻击检测方法

基于攻击预测的网络安全态势量化方法

基于警报序列聚类的多步攻击模式发现研究