基于动态概率攻击图的云环境攻击场景构建方法

王文娟; 杜学绘; 单棣斌

doi:10.11959/j.issn.1000-436x.2021004

您当前的位置：

首页 >

文章列表页 >

基于动态概率攻击图的云环境攻击场景构建方法

学术论文 | 更新时间：2024-06-05

- 基于动态概率攻击图的云环境攻击场景构建方法
- Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph
- 通信学报 2021年42卷第1期页码：1-17
- 作者机构：
  
  信息工程大学，河南郑州 450001
- 作者简介：
  
  [ "王文娟（1981- ），女，河南鹤壁人，信息工程大学博士生、副教授，主要研究方向为网络与信息安全、云计算安全。" ]
  [ "杜学绘（1963- ），女，河南新乡人，博士，信息工程大学教授、博士生导师，主要研究方向为网络与信息安全、云计算安全、大数据安全等。" ]
  [ "单棣斌（1983- ），男，河北邯郸人，信息工程大学博士生、讲师，主要研究方向为网络与信息安全、大数据安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61802436)
- DOI：10.11959/j.issn.1000-436x.2021004
  中图分类号： TP309.5
- 网络出版日期：2021-01，
  
  纸质出版日期：2021-01-25
- 稿件说明：
移动端阅览
王文娟, 杜学绘, 单棣斌. 基于动态概率攻击图的云环境攻击场景构建方法[J]. 通信学报, 2021,42(1):1-17.

Wenjuan WANG, Xuehui DU, Dibin SHAN. Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph[J]. Journal on communications, 2021, 42(1): 1-17.
王文娟, 杜学绘, 单棣斌. 基于动态概率攻击图的云环境攻击场景构建方法[J]. 通信学报, 2021,42(1):1-17. DOI： 10.11959/j.issn.1000-436x.2021004.

Wenjuan WANG, Xuehui DU, Dibin SHAN. Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph[J]. Journal on communications, 2021, 42(1): 1-17. DOI： 10.11959/j.issn.1000-436x.2021004.

摘要

针对复杂多步攻击检测问题，研究面向云计算环境的攻击场景构建方法。首先，构建了动态概率攻击图模型，设计了概率攻击图更新算法，使之能够随着时空的推移而周期性更新，从而适应弹性、动态性的云计算环境。其次，设计了攻击意图推断算法和最大概率攻击路径推断算法，解决了误报、漏报导致的攻击场景错误、断裂等不确定性问题，保证了攻击场景的准确性。同时将攻击场景随动态概率攻击图动态演化，保证了攻击场景的完备性和新鲜性。实验结果表明，所提方法能够适应弹性、动态的云计算环境，还原出攻击者完整的攻击渗透过程，重构出高层次的攻击场景，为构建可监管可追责的云环境提供了一定的依据和参考。

Abstract

Aiming at the problem of complex multi-step attack detection

the method of attack scenario construction oriented to cloud computing environment was studied.Firstly

a dynamic probabilistic attack graph model was constructed

and a probabilistic attack graph updating algorithm was designed to make it update periodically with the passage of time and space

so as to adapt to the elastic and dynamic cloud computing environment.Secondly

an attack intention inference algorithm and a maximum probability attack path inference algorithm were designed to solve the uncertain problems such as error and fracture of attack scenarios caused by false positive or false negative

and ensure the accuracy of attack scenario.Meanwhile

the attack scenario was dynamically evolved along with the dynamic probability attack graph to ensure the completeness and freshness of the attack scenario.Experimental results show that the proposed method can adapt to the elastic and dynamic cloud environment

restore the penetration process of attacker’s and reconstruct high-level attack scenario

and so provide certain references for building supervised and accountable cloud environment.

关键词

Keywords

references

PETER M M , TIMOTHY G . SP 800-145.The NIST definition of cloud computing [M ] . National Institute of Standards ＆ Technology , 2011 .

PENG N , YUN C , REEVES D S , et al . Constructing attack scenarios through correlation of intrusion alerts [C ] // ACM Symposium on Computer and Communications Security . New York:ACM Press , 2002 : 245 - 254 .

WANG L , GHORBANI A , LI Y , et al . Automatic multi-step attack pattern discovering [J ] . International Journal of Network Security , 2010 , 10 ( 2 ): 142 - 152 .

梅海彬 , 龚俭 , 张明华 , 等 . 基于警报序列聚类的多步攻击模式发现研究 [J ] . 通信学报 , 2011 , 32 ( 5 ): 63 - 69 .

MEI H B , GONG J , ZHANG M H , et al . Research on discovering multi-step attack patterns based on clustering IDS alert sequences [J ] . Journal on Communications , 2011 , 32 ( 5 ): 63 - 69 .

葛琳 , 季新生 , 江涛 , 等 . 基于关联规则的网络信息内容安全事件发现及其 Map-Reduce 实现 [J ] . 电子与信息学报 , 2014 , 36 ( 8 ): 1831 - 1837 .

GE L , JI X S , JIANG T , et al . Association rules and its implementation in Map-Reduce [J ] . Journal of Electronics ＆ Information Technology , 2014 , 36 ( 8 ): 1831 - 1837 .

鲁显光 , 杜学绘 , 王文娟 , 等 . 基于改进FP growth的告警关联算法 [J ] . 计算机科学 , 2019 , 46 ( 8 ): 64 - 70 .

LU X G , DU X H , WANG W J , et al . Alert correlation algorithm based on improved FP growth [J ] . Computer Science , 2019 , 46 ( 8 ): 64 - 70 .

WANG S , TANG G , KOU G , et al . An attack graph generation method based on heuristic searching strategy [C ] // IEEE International Conference on Computer and Communications . Piscataway:IEEE Press , 2016 : 1180 - 1185 .

KAYNAR K , SIVRIKAYA F . Distributed attack graph generation [J ] . IEEE Transactions on Dependable and Secure Computing , 2016 , 13 ( 5 ): 519 - 532 .

吕慧颖 , 彭武 , 王瑞梅 , 等 . 基于时空关联分析的网络实时威胁识别与评估 [J ] . 计算机研究与发展 , 2014 , 51 ( 5 ): 1039 - 1049 .

LYU H Y , PENG W , WANG R M , et al . A real-time network threat recognition and assessment method based on association analysis of time and space [J ] . Journal of Computer Research and Development , 2014 , 51 ( 5 ): 1039 - 1049 .

刘威歆 , 郑康锋 , 武斌 , 等 . 基于攻击图的多源告警关联分析方法 [J ] . 通信学报 , 2015 , 36 ( 9 ): 135 - 144 .

LIU W X , ZENG K F , WU B , et al . Alert processing based on attack graph and multi-source analyzing [J ] . Journal on Communications , 2015 , 36 ( 9 ): 135 - 144 .

陈小军 , 方滨兴 , 谭庆丰 , 等 . 基于概率攻击图的内部攻击意图推断算法研究 [J ] . 计算机学报 , 2014 , 37 ( 1 ): 62 - 72 .

CHEN X J , FANG B X , TAN Q F , et al . Inferring attack intent of malicious insider based on probabilistic attack graph [J ] . Journal of Computers , 2014 , 37 ( 1 ): 62 - 72 .

王硕 , 汤光明 , 王建华 , 等 . 基于因果知识网络的攻击场景构建方法 [J ] . 计算机研究与发展 , 2018 , 55 ( 12 ): 2620 - 2636 .

WANG S , TANG G M , WANG J H , et al . Attack scenario construction method based on causal knowledge net [J ] . Journal of Computer Research and Development , 2018 , 55 ( 12 ): 2620 - 2636 .

许嘉 , 张千桢 , 赵翔 , 等 . 动态图模式匹配技术综述 [J ] . 软件学报 , 2018 , 29 ( 3 ): 663 - 688 .

XU J , ZHANG Q Z , ZHAO X , et al . Survey on dynamic graph pattern matching technologies [J ] . Journal of Software , 2018 , 29 ( 3 ): 663 - 688 .

OU X , GOVINDAVAJHALA S , APPEL A W , et al . MulVAL:a logic-based network security analyzer [C ] // 14th USENIX Security . Berkeley:USENIX Association , 2005 : 1 - 16 .

JAJODIA S , NOEL S . Topological vulnerability analysis:a powerful new approach for network attack prevention,detection,and response [J ] . Algorithms,Architectures and Information Systems Security , 2005 : 285 - 305 .

LIPPMANN R , INGOLS K , SCOTT C , et al . Validating and restoring defense in depth using attack graphs [C ] // Milcom 2006 Military Communications Conference .[S.n.:s.l. ] , 2006 : 1 - 10 .

SCARFONE K , MELL P . An analysis of CVSS version 2 vulnerability scoring [C ] // International Symposium on Empirical Software Engineering ＆ Measurement . Piscataway:IEEE Press , 2009 .

冯学伟 , 王东霞 , 黄敏桓 , 等 . 一种基于马尔可夫性质的因果知识挖掘方法 [J ] . 计算机研究与发展 , 2014 , 51 ( 11 ): 2493 - 2504 .

FENG X W , WANG D X , HUANG M H , et al . A mining approach for causal knowledge in alert correlating based on the Markov property [J ] . Journal of Computer Research and Development , 2014 , 51 ( 11 ): 2493 - 2504 .

浏览量

1261

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

云环境下协同作业的密码服务优化调度算法

M-RSF：面向Unikernel的一种多级反馈队列任务调度机制

基于强化学习的在线离线混部云环境下的调度框架

云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案

公有云中身份基多源IoT终端数据PDP方案