Abstract:

Modeling attack actions with description language can depict the details of the attack more effectively. By evaluating the effectiveness of network attacks, the qualitative and quantitative evaluation of the effect of network attacks is concluded, and it can test the effectiveness of attack actions and help to establish effective security policy of network. Based on the LAMBDA description language, this paper expands its expressiveness on time constraints and effectiveness constraints, proposes an enhanced attack description language, the enhanced LAMBDA, and then gives an application example of the enhanced LAMBDA. In the end, this paper uses DARPA data set, the LLDOS1.0, to construct a test scenario of combined attack of network and evaluates its effectiveness based on the enhanced LAMBDA. The experimental results indicate that Enhanced LAMBDA can effectively support the evaluation of effectiveness of combined attacks.

Key words: attack modeling;LAMBDA;description language;effectiveness evaluation