基于攻击事件的动态网络风险评估框架

计算机工程与科学

基于攻击事件的动态网络风险评估框架

李艳，黄光球，张斌

(西安建筑科技大学管理学院，陕西西安 710055)

收稿日期:2015-07-15 修回日期:2015-09-23 出版日期:2016-09-25 发布日期:2016-09-25
基金资助:
陕西省科学技术研究发展计划(2013K1117);陕西省重点学科建设专项资金(E08001);陕西省教育厅科技计划(12JK0789)

A risk assessment framework based on attack events in dynamic networks

LI Yan，HUANG Guang-qiu，ZHANG Bin

（School of Management,Xi’an University of Architecture & Technology,Xi’an 710055,China）

Received:2015-07-15 Revised:2015-09-23 Online:2016-09-25 Published:2016-09-25

摘要/Abstract

摘要：

将动态网络的演化思想应用于计算机网络风险评估中，提出了基于攻击事件的动态网络风险评估框架。整个框架首先在静态物理链路的基础上构建动态访问关系网络，随后提出的Timeline算法可以利用时间特性有效地描述攻击演化趋势和发现重要攻击事件，图近似算法可以将分析过程简化为时间段近似图之间的分析，能够有效减小噪声行为的影响。此外，整体框架可以对网络段进行演化追踪和关联分析。实例分析表明，该框架具有很好的实用性，可以更好地揭示攻击者的攻击策略以及重要攻击事件间的紧密联系。

关键词: 动态攻击图, 网络风险分析, 攻击图, 网络演化, 风险评估

Abstract:

By applying the evolution theory of dynamic network into the risk assessment of computer network, we propose a new risk assessment framework based on attack events in dynamic networks. We first construct the dynamic access relation network based on static physical links. Then the Timeline algorithm uses its time characteristic effectively to describe the attack evolution trend and find important attacks. The graph approximation algorithm is also adopted to simplify the analysis process as an analysis among approximate graphs and reduce the impact of noise behaviors effectively. In addition, the framework can track the network segment evolution and do correlation analysis. Case study shows that the proposal has good practicability, reveals attackers' attack strategies better, and finds the close ties between important attacks.

Key words: dynamic attack graph, network risk analysis, attack graph, network evolution, risk assessment

李艳，黄光球，张斌. 基于攻击事件的动态网络风险评估框架[J]. 计算机工程与科学.

LI Yan，HUANG Guang-qiu，ZHANG Bin. A risk assessment framework based on attack events in dynamic networks[J]. Computer Engineering & Science.

参考文献

［1］Gao Lin ,Yang Jian-ye, Qin Gui-min. Methods for pattern mining in dynamic networks and applications［J］. Journal of Software,2013,24(9):2042-2061.(in Chinese)
［2］Xing Xu-jia,Lin Chuang.A survey of computer vulnerability assessment［J］.Chinese Journal of Computers,2004,27(1)：1-11.(in Chinese)
［3］Ammann P,Wijesekera D,Kaushik S.Scalable,graph based network vulnerability analysis［C］∥Proc of the 9th ACM Conference on Computer and Communications Security,2002:217-224.
［4］Sheyner O,Haines J W,Jha S,et al.Automated generation and analysis of attack graphs［C］∥Proc of the 2002 IEEE Symposium on Security and Privacy, 2002:273-284.doi:10.1109/SECPRI.2002.1004377.
［5］Chen Xiu-zheng, Zheng Qing-hua, Guan Xiao-hong, et al. Quantitative hierarchical threat evaluation model for network security［J］.Journal of Software,2006,17(4):885-897.(in Chinese)
［6］He Hui,Zhang Hong-li,Wang Xing,et al. Detriment quantitative assessment of the network security incident［J］.Journal of Harbin Institute of Technology,2012,44(5):66-70.(in Chinese)
［7］Palla G,Barabási A L,Vicsek T.Quantifying social group evolution［J］. Nature,2007,446(7136):664-667.doi:10.1038/nature05670.
［8］Berger-Wolf T Y,Saia J.A framework for analysis of dynamic social networks［C］∥Proc of the KDD 2006,2006:523-528.
［9］Zhang Shao-jun, Li Jian-hua, Song Shan-shan, et al. Using Bayesian inference for computing attack graph node beliefs［J］.Journal of Software,2010,21(9):2376-2386.(in Chinese)
［10］Ye Yun, Xu Xi-shan, Yia Yan. An attack graph-based probabilistic computing approach of network security ［J］.Chinese Journal of Computers,2010,33(10):1987-1996.(in Chinese)
［11］Cheng Xiao-jun, Fang Bin-xing, Tan Qing-feng, et al. Inferring attack intent of malicious insider based on probabilistic attack graph model ［J］.Chinese Journal of Computers,2014,37(1):62-72.(in Chinese)
［12］Schneier B.Secrets and lies: Digital security in a networked world［M］.New York:John Wiley & Sons,2000.
［13］Dacier M.Towards quantitative evaluation of computer security［D］.Toulouse:Institut National Polytechnique de Toulouse,1994.
［14］Porras P A,Kemmerer R.A penetration state transition analysis:A rule-based intrusion detection approach［C］∥Proc of the 8th Annual Computer Security Applications Conference,1992:220-229.
［15］Wang Yong-jie,Xian Ming,Liu Jin,et al.Study of network security evaluation based on attack graph model［J］.Journal on Communications,2007,28(3):29-34.(in Chinese)
［16］Bollinger J A.Bollinger on bollinger bands［M］.New York:McGraw-Hill,2001.
附中文参考文献：
［1］高琳，杨建业，覃桂敏.动态网络模式挖掘方法及其应用［J］.软件学报，2013,24(9):2042-2061.
［2］邢栩嘉,林闯.计算机系统脆弱点评估研究［J］.计算机学报,2004,27(1)：1-11.
［5］陈秀真,郑庆华,管晓宏,等,层次化网络安全威胁态势量化评估方法［J］.软件学报,2006,17(4):885-897.
［6］何慧,张宏莉,王星,等.网络安全事件危害度的量化评估［J］.哈尔滨工业大学学报,2012,44(5):66-70.
［9］张少俊,李建华,宋珊珊,等.贝叶斯推理在攻击图节点置信度计算中的应用［J］.软件学报,2010,21(9):2376-2386.
［10］叶云,徐锡山,贾焰.基于攻击图的网络安全概率计算方法［J］.计算机学报,2010,33(10):1987-1996.
［11］陈小军,方滨兴,谭庆丰,等.基于概率攻击图的内部攻击意图推断算法研究［J］.计算机学报,2014,37(1):62-72.
［15］王永杰,鲜明,刘进,等.基于攻击图模型的网络安全评估研究［J］.通信学报,2007,28(3):29-34.

[1]	张玉凤，楼芳，张历. 面向软件攻击面的Web应用安全评估模型研究[J]. J4, 20160101, 38(01): 73-77.
[2]	王克克, 郭莉丽, 郎静宏 . 基于STAMP模型的风险评估行为安全指标体系[J]. 计算机工程与科学, 2022, 44(08): 1372-1381.
[3]	郭昊, 何小芸, 孙学洁, 陈红松, 刘周斌, 颉靖. 国家电网边缘计算应用安全风险评估研究[J]. 计算机工程与科学, 2020, 42(09): 1563-1571.
[4]	张瑞芝1,唐湘滟1,程杰仁1,2. 基于改进模糊C-均值聚类的DDoS攻击安全态势评估模型[J]. 计算机工程与科学, 2018, 40(11): 1957-1966.
[5]	李艳，黄光球. 基于可能图的攻击意图检测方法[J]. 计算机工程与科学, 2017, 39(04): 698-707.
[6]	张玉凤，楼芳，张历. 面向软件攻击面的Web应用安全评估模型研究[J]. J4, 2016, 38(01): 73-77.
[7]	余定坤，王晋东，张恒巍，王娜，陈宇. 基于静态贝叶斯博弈的风险评估方法研究[J]. J4, 2015, 37(06): 1079-1086.
[8]	王娜1，张健2，王晋东1，张恒巍1. 单调指标空间在信息系统风险评估中的应用研究[J]. J4, 2015, 37(03): 486-491.
[9]	陈永艳，戴伟. 分层渗透深度下隐马尔科夫风险评估模型[J]. J4, 2014, 36(09): 1690-1696.
[10]	贺志强，楼芳，李亮. 基于攻击距离的攻击图优化方法[J]. J4, 2012, 34(2): 9-12.
[11]	史姣丽. 基于模拟攻击的高校网络安全风险评估研究[J]. J4, 2012, 34(12): 51-55.
[12]	赵豹1，张怡2,孟源1. 基于攻击模式的反向搜索攻击图生成算法[J]. J4, 2011, 33(7): 18-24.
[13]	吴叶科1,宋如顺1,陈波2. 基于博弈论的综合赋权法的信息安全风险评估[J]. J4, 2011, 33(5): 9-13.
[14]	王淼，凌捷，郝彦军. 电子政务系统安全域划分技术的研究与应用[J]. J4, 2010, 32(8): 52-55.
[15]	朱明1，殷建平1，程杰仁1,2，刘强1，林加润1. 基于贪心策略的多目标攻击图生成方法[J]. J4, 2010, 32(6): 22-25.