基于攻击预测的网络安全态势量化方法

胡浩; 叶润国; 张红旗; 杨英杰; 刘玉岭

doi:10.11959/j.issn.1000-436x.2017204

您当前的位置：

首页 >

文章列表页 >

基于攻击预测的网络安全态势量化方法

学术论文 | 更新时间：2024-06-05

- 基于攻击预测的网络安全态势量化方法
- Quantitative method for network security situation based on attack prediction
- 通信学报 2017年38卷第10期页码：122-134
- 作者机构：
  
  1. 解放军信息工程大学三院，河南郑州 450001
  2. 河南省信息安全重点实验室，河南郑州 450001
  3. 中国电子技术标准化研究院，北京 100007
  4. 中国科学院软件研究所可信计算与信息保障实验室，北京 100190
- 作者简介：
  
  [ "胡浩（1989-），男，安徽池州人，解放军信息工程大学博士生，主要研究方向为网络安全态势感知和图像秘密共享。" ]
  [ "叶润国（1976-），男，江西萍乡人，博士，中国电子技术标准化研究院工程师，主要研究方向为大数据安全。" ]
  [ "张红旗（1962-），男，河北遵化人，博士，解放军信息工程大学教授、博士生导师，主要研究方向为网络安全、风险评估、等级保护和信息安全管理等。" ]
  [ "杨英杰（1971-），男，河南郑州人，博士，解放军信息工程大学教授、硕士生导师，主要研究方向为数据挖掘、态势感知和信息安全管理等。" ]
  [ "刘玉岭（1983-），男，山东济阳人，博士，中国科学院软件研究所副研究员，主要研究方向为网络安全态势感知。" ]
- 基金信息：
  
  国家高技术研究发展计划（“863计划）基金资助项目(2012AA012704);国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016006);国家重点研发计划课题基金资助项目(2016YFF0204003);郑州市科技领军人才基金资助项目(131PLJRC644);“十三五”装备预研领域基金资助项目(61400020201);CCF-启明星辰“鸿雁”科研计划基金资助项目(2017003);公安部信息网络安全重点实验室开放课题基金资助项目(C15604)
- DOI：10.11959/j.issn.1000-436x.2017204
  中图分类号： TP393.8
- 网络出版日期：2017-10，
  
  纸质出版日期：2017-10-25
- 稿件说明：
移动端阅览
胡浩, 叶润国, 张红旗, 等. 基于攻击预测的网络安全态势量化方法[J]. 通信学报, 2017,38(10):122-134.

Hao HU, Run-guo YE, Hong-qi ZHANG, et al. Quantitative method for network security situation based on attack prediction[J]. Journal on communications, 2017, 38(10): 122-134.
胡浩, 叶润国, 张红旗, 等. 基于攻击预测的网络安全态势量化方法[J]. 通信学报, 2017,38(10):122-134. DOI： 10.11959/j.issn.1000-436x.2017204.

Hao HU, Run-guo YE, Hong-qi ZHANG, et al. Quantitative method for network security situation based on attack prediction[J]. Journal on communications, 2017, 38(10): 122-134. DOI： 10.11959/j.issn.1000-436x.2017204.

摘要

为准确、全面地预测攻击行为并量化攻击威胁，提出一种基于攻击预测的安全态势量化方法。通过融合攻击方、防御方和网络环境态势要素，依据实时检测的攻击事件评估攻击者能力和漏洞利用率，并计算攻防期望耗时；进而设计基于动态贝叶斯攻击图的攻击预测算法，推断后续攻击行为；最后从主机和网络这2个层面将攻击威胁量化为安全风险态势。实例分析表明，该方法符合实际对抗网络环境，能够准确预测攻击发生时间并合理量化攻击威胁。

Abstract

To predict the attack behaviors accurately and comprehensively as well as to quantify the threat of attack

a quantitative method for network security situation based on attack prediction was proposed.By fusing the situation factors of attacker

defender and network environment

the capability of attacker and the exploitability rate of vulnerability were evaluated utilizing the real-time detected attack events

and the expected time-cost for attack-defense were further calculated.Then an attack prediction algorithm based on the dynamic Bayesian attack graph was designed to infer the follow-up attack actions.At last

the attack threat was quantified as the security risk situation from two levels of the hosts and the overall network.Experimental analysis indicates that the proposed method is suitable for the real adversarial network environment

and is able to predict the occurrence time of attack accurately and quantify the attack threat reasonably.

关键词

Keywords

references

QU Z Y , LI Y Y , LI P . A network security situation evaluation method based on D-S evidence theory [C ] // Environmental Science and Information Application Technology (ESIAT) . 2010 : 496 - 499 .

吕慧颖 , 彭武 , 王瑞梅 . 基于时空关联分析的网络实时威胁识别与评估 [J ] . 计算机研究与发展 , 2014 , 51 ( 5 ): 1039 - 1049 .

LYU H Y , PENG W , WANG R M , et al . A real-time network threat recognition and assessment method based on association analysis of time and space [J ] . Journal of Computer Research and Development , 2014 , 51 ( 5 ): 1039 - 1049 .

席荣荣 , 云晓春 , 张永铮 , 等 . 一种改进的网络安全态势量化评估方法 [J ] . 计算机学报 , 2015 , 38 ( 4 ): 749 - 758 .

XI R R , YUN X C , ZHANG Y Z , et al . An improved quantitative evaluation method for network security [J ] . Chinese Journal of Computers , 2015 , 38 ( 4 ): 749 - 758 .

杨豪璞 , 邱辉 , 王坤 . 面向多步攻击的网络安全态势评估方法 [J ] . 通信学报 , 2017 , 38 ( 1 ): 187 - 198 .

YANG H P , QIU H , WANG K . Network security situation evaluation method for multi-step attack [J ] . Journal on Communications , 2017 , 38 ( 1 ): 187 - 198 .

刘玉岭 , 冯登国 , 连一峰 , 等 . 基于时空维度分析的网络安全态势预测方法 [J ] . 计算机研究与发展 , 2014 , 51 ( 8 ): 1681 - 1694 .

LIU Y L , FENG D G , LIAN Y F , et al . Network situation prediction method based on spatial-time dimension analysis [J ] . Journal of Computer Research and Development , 2014 , 51 ( 8 ): 1681 - 1694 .

LING L J , SU L , WANG H F , et al . An ARIMA-ANN hybrid model for time series forecasting [J ] . Systems Research And Behavioral Science , 2013 , 30 ( 3 ): 1092 - 7026 .

GE P , WANG J , REN P , et al . A new improved forecasting method integrated fuzzy time series with the exponential smoothing method [J ] . International Journal of Environment and Pollution , 2013 , 51 ( 3/4 ): 206 - 221 .

彭武 , 胡昌振 , 姚淑萍 , 等 . 基于时间自动机的入侵意图动态识别方法 [J ] . 计算机研究与发展 , 2011 , 48 ( 7 ): 1288 - 1297 .

PENG W , HU C Z , YAO S P , et al . A dynamic intrusive intention recognition method based on timed automata [J ] . Journal of Computer Research and Development , 2011 , 48 ( 7 ): 1288 - 1297 .

陈小军 , 方滨兴 , 谭庆丰 , 等 . 基于概率攻击图的内部攻击意图推断算法研究 [J ] . 计算机学报 , 2014 , 37 ( 1 ): 62 - 72 .

CHEN X J , FANG B X , TAN Q F , et al . Inferring attack intent of malicious insider based on probabilistic attack graph model [J ] . Chinese Journal of Computers , 2014 , 37 ( 1 ): 62 - 72 .

LIU S , LIU Y . Network security risk assessment method based on HMM and attack graph model [C ] // IEEE/ACIS International Conference on Software Engineering,Artificial Intelligence,NETWORKING and Parallel/distributed Computing . 2016 : 517 - 522 .

FREDJ O B . A realistic graph based alert correlation system [J ] . Security ＆ Communication Networks , 2015 , 8 ( 15 ): 2477 - 2493 .

DAI F , HU Y , ZHENG K , et al . Exploring risk flow attack graph for security risk assessment [J ] . IET Information Security , 2015 , 9 ( 6 ): 344 - 353 .

ABRAHAM S , NAIR S . A predictive framework for cyber security analytics using attack graphs [J ] . International Journal of Computer Networks ＆ Communications , 2015 , 7 ( 1 ): 1 - 17 .

GHASEMIGOL M , GHAEMI B A , TAKABI H . A comprehensive approach for network attack forecasting [J ] . Computers ＆ Security , 2016 , 58 : 83 - 105 .

WANG Y , LI J , MENG K , et al . Modeling and security analysis of enterprise network using attack-defense stochastic game Petri nets [J ] . Security ＆ Communication Networks , 2013 , 6 ( 1 ): 89 - 99 .

张勇 , 谭小彬 , 崔孝林 , 等 . 基于Markov博弈模型的网络安全态势感知方法 [J ] . 软件学报 , 2011 , 22 ( 3 ): 495 - 508 .

ZHANG Y , TAN X B , CUI X L , et al . Network security situation awareness approach based on Markov game model [J ] . Journal of Software , 2011 , 22 ( 3 ): 495 - 508 .

CHEN G , SHEN D , KWAN C , et al . Game theoretic approach to threat prediction and situation awareness [C ] // International Conference on Information Fusion . 2006 : 1 - 8 .

WU J , OTA K , DONG M , et al . Big data analysis based security situational awareness for smart grid [J ] . IEEE Transactions on Big Data , 2016 ,doi:10.1109/TBDATA.2016.2616146.

SERRA E , JAJODIA S , PUGLIESE A , et al . Pareto-optimal adversarial defense of enterprise systems [J ] . ACM Transactions on Information ＆ System Security , 2015 , 17 ( 3 ): 11 .

MELL P , SCARFONE K , ROMAMOSKY S . Common vulnerability scoring system [J ] . IEEE Security ＆ Privacy , 2007 , 4 ( 6 ): 85 - 89 .

OU X , GOVINDAVAJHALAS , APPEL A W . MulVAL:a logic-based network security analyzer [C ] // 14th USENIX Security Symposium . 2005 .

浏览量

1617

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于自修正系数修匀法的网络安全态势预测

面向多步攻击的网络安全态势评估方法