基于漏洞动态可利用性的网络入侵路径分析方法

现有的网络入侵路径分析方法未考虑漏洞的动态特征,且在描述漏洞利用导致的状态转移时,未考虑漏洞利用失败的情形。通过建模漏洞可利用性随时间的变化,文章提出一种改进状态转移概率计算方法的吸收Markov链模型。该模型结合网络攻防实际,考虑漏洞利用失败的情形,合理计算状态转移概率:首先对目标网络生成攻击图,在计算漏洞动态可利用概率的基础上,构建吸收Markov链;然后利用状态转移概率矩阵的性质,计算状态节点威胁度排序、入侵路径长度期望和路径成功概率,并在时间维度上进行分析。实验分析表明,文章方法相比已有方法在节点威胁度排序上更准确,对入侵路径长度期望和路径成功概率的计算更加符合网络攻防实际。

Network Attack Path Analysis Method Based on Vulnerability Dynamic Availability

The existing network attack path analysis methods do not consider the dynamic characteristics of vulnerabilities, and do not consider the problem of vulnerability exploitation failure when describing the state transition caused by vulnerability exploitation. By modeling the change of vulnerability availability over time, this paper proposes an absorbing Markov chain model using an improved state transition probability calculation method. This method combines the actual situation of network attack and defense, fully considers the situation of vulnerability exploitation failure, and reasonably calculates the state transition probability. Firstly, the attack graph is generated for the target network, and the absorbing Markov chain is constructed based on calculating the vulnerability dynamic availability probability. Then, by using the properties of state transition probability matrix, the node threat ranking, the expected length of attack path and the path success probability are calculated and analyzed in time dimension. Experimental results show that the proposed method is more accurate in node threat ranking than the existing methods, and the calculation of the expected length of attack path and the path success probability is more consistent with the actual situation of network attack and defense.