Network security situation evaluation method for multi-step attack

Hao-pu YANG; Hui QIU; Kun WANG

doi:10.11959/j.issn.1000-436x.2017021

您当前的位置：

首页 >

文章列表页 >

Network security situation evaluation method for multi-step attack

Correspondences | 更新时间：2024-06-05

- Network security situation evaluation method for multi-step attack
- Journal on Communications Vol. 38, Issue 1, Pages: 187-198(2017)
- 作者机构：
  
  信息工程大学三院，河南郑州 450001
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61303074);The National Natural Science Foundation of China(61309013);The National Basic Research Program of China(973 Program)(2012CB315900)
- DOI：10.11959/j.issn.1000-436x.2017021
  CLC： TP393.08
- Online First：2017-01，
  
  Published：25 January 2017
- 稿件说明：
移动端阅览
Hao-pu YANG, Hui QIU, Kun WANG. Network security situation evaluation method for multi-step attack[J]. Journal on Communications, 2017, 38(1): 187-198.
DOI：

Hao-pu YANG, Hui QIU, Kun WANG. Network security situation evaluation method for multi-step attack[J]. Journal on Communications, 2017, 38(1): 187-198. DOI： 10.11959/j.issn.1000-436x.2017021.

摘要

为了分析多步攻击对网络系统的影响，准确、全面地反映系统的安全态势，提出一种面向多步攻击的网络安全态势评估方法。首先对网络中的安全事件进行场景聚类以识别攻击者；对每个攻击场景因果关联，识别出相应的攻击轨迹与攻击阶段；建立态势量化标准，结合攻击阶段及其威胁指数，实现对网络安全态势的评估。通过对2个网络攻防实验的测评分析表明，所提出的多步攻击分析方法符合实际应用，评估结果准确、有效。

Abstract

Aiming at analyzing the influence of multi-step attack

as well as reflecting the system’s security situation accurately and comprehensively

a network security situation evaluation method for multi-step attack was proposed.This method firstly clustered security events into several attack scenes

which was used to identify the attacker.Then the attack path and the attack phase were identified by causal correlation of every scene.Finally

combined with the attack phase as well as the threat index

the quantitative standard was established to evaluate the network security situation.The proposed method is assessed by two network attack-defense experiments

and the results illustrate accuracy and effectiveness of the method.

关键词

Keywords

references

吴迪 , 连一峰 , 陈恺 , 等 . 一种基于攻击图的安全威胁识别和分析方法 [J ] . 计算机学报 , 2012 , 35 ( 6 ): 1938 - 1950 .

WU D , LIAN Y F , CHEN K , et al . A security threats identification and analysis method based on attack graph [J ] . Chinese Journal of Computers , 2012 , 35 ( 6 ): 1938 - 1950 .

田志宏 , 余翔湛 , 张宏莉 , 等 . 基于证据推理网络的实时网络入侵取证方法 [J ] . 计算机学报 , 2014 , 37 ( 5 ): 1184 - 1194 .

TIAN Z H , YU X Z , ZHANG H L , et al . A real-time intrusion forensics method based on evidence reasoning network [J ] . Chinese Journal of Computer , 2014 , 37 ( 5 ): 1184 - 1194 .

ALHAZMI O H , MALAIYA Y K , RAY I . Measuring,analyzing and predicting security vulnerabilities in software systems [J ] . Computers＆ Security , 2007 , 26 ( 3 ): 219 - 228 .

HANNES H , MATHIAS E , DENNIS A . Empirical analysis of system-level vulnerability metrics through actual attacks [J ] . IEEE Transactions on Dependable and Secure Computing , 2012 , 9 ( 6 ): 825 - 837 .

ENDSLEY M R , . Design and evaluation for situation awareness enhancement [C ] // The Human Factors Society 32nd Annual Meeting . 1988 : 97 - 101 .

BASS T . Intrusion detection systems ＆ multisensory data fusion:creating cyberspace situational awareness [J ] . Communications of the ACM , 2000 , 43 ( 4 ): 99 - 105 .

陈秀真 , 郑庆华 , 管晓宏 , 等 . 层次化网络安全威胁态势量化评估方法 [J ] . 软件学报 , 2006 , 17 ( 4 ): 885 - 997 .

CHEN X Z , ZHENG Q H , GUAN X H , et al . Quantitative hierarchical threat evaluation model for network security [J ] . Journal of Software , 2006 , 17 ( 4 ): 885 - 997 .

韦勇 , 连一峰 , 冯登国 . 基于信息融合的网络安全态势评估模型 [J ] . 计算机研究与发展 , 2009 , 46 ( 3 ): 353 - 362 .

MIRMOEINI F , KRISHNAMURTHY V . Reconfigurable Bayesian networks for hierarchical multi-stage situation assessment in battlespace [C ] // The 39th Asilomar Conference on Signals,Systems and Computers . 2005

徐晓辉 , 刘作良 . 基于 D-S 证据理论的态势评估方法 [J ] . 电光与控制 , 2005 , 12 ( 5 ): 36 - 37 .

XU X H , LIU Z L . A method for situation assessment based on D-S evidence theory [J ] . Electronics Optics ＆ Control , 2005 , 12 ( 5 ): 36 - 37 .

ZHUO Y , ZHANG Q , GONG Z H . Network situation assessment based on RST [C ] // Pacific-Asia Workshop on Computational Indulgence and Industrial Application . 2008 : 502 - 506 .

ZHOU Y , ZHANG Q , GONG Z H . Research and implementation of network transmission situation awareness [C ] // WRI World Congress on Computer Science and Information Engineering . 2009 : 210 - 214 .

张勇 , 谭笑彬 , 崔孝林 , 等 . 基于 Markov 博弈模型的网络安全态势感知方法 [J ] . 软件学报 , 2011 , 22 ( 3 ): 495 - 508 .

ZHANG Y , TAN X B , CUI X L , et al . Network security situation awareness approach based on markov game model [J ] . Journal of Software , 2011 , 22 ( 3 ): 495 - 508 .

YEE W , TANSU A , MARIMUTHU P . Security games for risk minization in automatic generation control [J ] . IEEE Transactions on Power Systems , 2015 , 30 ( 1 ): 223 - 232 .

吕慧颖 , 彭武 , 王瑞梅 , 等 . 基于时空关联分析的网络安全实时威胁识别与评估 [J ] . 计算机研究与发展 , 2014 , 51 ( 5 ): 1039 - 1049 .

LYU H Y , PENG W , WANG R M , et al . A real-time network threat recognition and assessment method based on association analysis of time and space [J ] . Journal of Computer Research and Development , 2014 , 51 ( 5 ): 1039 - 1049 .

CYRIL O , THOMAS O . Situational awareness in computer network defense principles,methods and applications [M ] . Hershey : IGI Global SnippetPress , 2012

SCHIFFMAN M . Common vulnerability scoring system version 2.0 [EB/OL ] . http://www.first.org/cvss/cvss-guide.html http://www.first.org/cvss/cvss-guide.html .

FATEMEH K , BEHZAD A . Automatic learning of attack behavior patterns using Bayesian networks [C ] // 6th International Symposium on Telecommunications (IST’2012) . 2012 : 999 - 1004

MIT LINCOLN LABORATORY . 2000 DARPA intrusion detection scenario specific data sets [EB/OL ] . http://ll.mit.edu/IST/ideval/data/2000/2000_data_index.html http://ll.mit.edu/IST/ideval/data/2000/2000_data_index.html .

DEFCON Capture the flag traffic dump [EB/OL ] . http://www.defcon.org/html/links/dc-cft.html http://www.defcon.org/html/links/dc-cft.html .

Views

2696

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Self-corrected coefficient smoothing method based network security situation prediction

Multi-step attack detection method based on network communication anomaly recognition

Quantitative method for network security situation based on attack prediction

Research on discovering multi-step attack patterns based on clustering IDS alert sequences

Related Author

Hongyu YANG

Xugao ZHANG

Ankang JU

Yuanbo GUO

Tao LI

Ziwei YE

Hao HU

Run-guo YE

Related Institution

School of Computer Science and Technology, Civil Aviation University of China

Department of Cryptogram Engineering,Strategic Support Force Information Engineering University

The Third Institute,PLA Information Engineering University

Henan Key Laboratory of Information Security

China Electronics Standardization Institute

AI问答

⁰