首页 | 本学科首页   官方微博 | 高级检索  
     

基于攻击源激发和攻击原子筛选的攻击图构建方法
引用本文:焦 波,黄赪东,黄 飞,李 伟. 基于攻击源激发和攻击原子筛选的攻击图构建方法[J]. 计算机应用研究, 2013, 30(3): 891-893
作者姓名:焦 波  黄赪东  黄 飞  李 伟
作者单位:中国人民解放军63880部队,河南 洛阳,471003
摘    要:针对现有攻击图在大规模网络应用中存在的时间复杂性高和图形化展示凌乱等不足, 提出一种新的构建方法:在目标网络模型和攻击者模型的基础上, 以攻击源为起点广度遍历网络主机, 针对主机间的网络连接, 通过攻击模式实例化和信任关系获取攻击原子集, 并根据攻击者贪婪原则和攻击原子发生概率计算尺度筛选攻击原子, 同时更新攻击原子作用对象状态。通过实验分析, 该方法面向网络主机实现一次遍历, 筛选关键攻击原子, 快速生成攻击图, 不仅具有较高的时间效率, 而且为安全事件分析提供客观的攻击路径信息。该方法能够满足大规模网络环境下的攻击辅助决策、入侵检测和网络安全评估等应用需求。

关 键 词:攻击图  网络安全  攻击原子  攻击源  贪婪原则

Attack graph generation method based onattack source excitation and attack atom filter
JIAO Bo,HUANG Cheng-dong,HUANG Fei,LI Wei. Attack graph generation method based onattack source excitation and attack atom filter[J]. Application Research of Computers, 2013, 30(3): 891-893
Authors:JIAO Bo  HUANG Cheng-dong  HUANG Fei  LI Wei
Affiliation:Unit of 63880 of PLA, Luoyang Henan 471003, China
Abstract:With the shortcoming of high time complexity and messy graphical presentation in large scale network application for attack graphs, this paper proposed a new generation method. The method visited network hosts using breadth-first traversing algorithm from attack sources based on target network model and attacker model, acquired attack atoms with attack patterns instantiation and confidential relationship for network connections between two hosts, filtered attack atoms through greedy principle and probability metric for attack atoms, and updated effect states of attack atoms. The experimental results show that the method can traverse once among hosts and filter attack atoms, not only has higher time efficiency, but also provides objective attack paths information for security events analyzing. The proposed method can meet the needs of attacking auxiliary decision, intrusion detection and network security evaluation in large scale network environment.
Keywords:attack graph   network security   attack atom   attack source   greedy principle
本文献已被 CNKI 万方数据 等数据库收录!
点击此处可从《计算机应用研究》浏览原始摘要信息
点击此处可从《计算机应用研究》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号