基于攻击图的网络安全度量研究综述

doi:10.11959/j.issn.2096-109x.2018072

网络与信息安全学报 ›› 2018, Vol. 4 ›› Issue (9): 1-16.doi: 10.11959/j.issn.2096-109x.2018072

• 综述 • 下一篇

基于攻击图的网络安全度量研究综述

胡浩^1,²(),刘玉岭³,张玉臣^1,²,张红旗^1,²

¹ 信息工程大学三院，河南郑州 450001
² 河南省信息安全重点实验室，河南郑州 450001
³ 中国科学院软件研究所可信计算与信息保障实验室，北京 100190

修回日期:2018-08-10 出版日期:2018-09-15 发布日期:2018-10-15
作者简介:胡浩（1989-），男，安徽池州人，信息工程大学博士生，主要研究方向为网络安全态势感知和图像秘密共享。|刘玉岭（1982-），男，山东济阳人，博士，中国科学院软件研究所副研究员，主要研究方向为网络安全态势感知。|张玉臣（1977-），男，河南郑州人，博士，信息工程大学副教授、硕士生导师，主要研究方向为风险评估、态势感知和密码管理。|张红旗（1962-），男，河北遵化人，博士，信息工程大学教授、博士生导师，主要研究方向为网络安全、风险评估、等级保护和信息安全管理。
基金资助:
国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016006);国家重点研发计划基金资助项目(2016YFF0204002);国家重点研发计划基金资助项目(2016YFF0204003);郑州市科技领军人才基金资助项目(131PLJRC644);“十三五”装备预研领域基金资助项目(6140002020115);CCF-启明星辰“鸿雁”科研计划基金资助项目(2017003)

Survey of attack graph based network security metric

Hao HU^1,²(),Yuling LIU³,Yuchen ZHANG^1,²,Hongqi ZHANG^1,²

¹ The Third Institute,Information Engineering University,Zhengzhou 450001,China
² Henan Key Laboratory of Information Security,Zhengzhou 450001,China
³ Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China

Revised:2018-08-10 Online:2018-09-15 Published:2018-10-15
Supported by:
The National High Technology Research and Development Program of China (863 Program)(2015AA016006);The National Key Research and Development Program of China(2016YFF0204002);The National Key Research and Development Program of China(2016YFF0204003);The Science and Technology Leading Talent Project of Zhengzhou(131PLJRC644);The Equipment Pre-research Foundation During the 13th Five-Year Plan Period(6140002020115);The CCF-Venus Hongyan Research Plan(2017003)

摘要/Abstract

摘要：

网络安全度量面临的主要挑战之一，即如何准确地识别目标网络系统中入侵者利用脆弱性之间的依赖关系进行威胁传播，量化对网络系统的潜在影响。攻击图由于具备优越的可视化展示能力，是解决该问题的有效途径之一。首先，介绍了安全度量的概念、发展历程和通用测度模型；然后，阐述攻击图构建、分类和应用的相关研究；其次，提出一种基于攻击图的层次化安全度量框架，从关键“点”、攻击“线”和态势“面”3个层次总结归纳了现有网络安全度量方法；最后，阐述了目前研究面临的难点问题与发展趋势。

关键词: 网络安全度量, 攻击图, 安全漏洞, 告警分析, 量化评估

Abstract:

One of the main challenges of network security metrics is how to accurately identify the intrusion of the intruders exploiting the dependence between the vulnerabilities for threat propagation in the target network system as well as to quantify the potential impact on the network system.Because of its superior performance of visual display,the attack graph becomes one of the effective ways to solve the problem.Firstly,the concept,development and general metric models of security metrics were introduced.Secondly,the related researches with respect to attack graph construction,classification and application were discussed.Thirdly,a hierarchical framework for security metric using attack graph was proposed,and then existing methods of network security metric were summarized from three levels (key “point”,attack “line” and situation “plane”).Finally,the difficult issues and development trends for the current research were discussed.

Key words: network security metric, attack graph, security vulnerability, alert analysis, quantitative assessment

中图分类号:

TP393.8

胡浩, 刘玉岭, 张玉臣, 张红旗. 基于攻击图的网络安全度量研究综述[J]. 网络与信息安全学报, 2018, 4(9): 1-16.

Hao HU, Yuling LIU, Yuchen ZHANG, Hongqi ZHANG. Survey of attack graph based network security metric[J]. Chinese Journal of Network and Information Security, 2018, 4(9): 1-16.

图/表 10

图1

图2

表1

表2

图3

图4

图5

图6

图7

图8

参考文献 65

[1]	江健, 诸葛建伟, 段海新 ,等. 僵尸网络机理与防御技术[J]. 软件学报, 2012,23(1): 82-96.
	JIAN J J , ZHUGE J W , DUAN H X ,et al. Research on Botnet mechanisms and defenses[J]. Journal of Software, 2012,23(1): 82-96.
[2]	ROBERTS F S . Measurement theory with applications to decisionmaking,utility,and the social sciences[M]. Addison- Wesley Advanced Book Program, 1979.
[3]	SADEMIES A , . Process approach to information security metrics in Finnish industry and state institutions[C]// Intrinsic Multiscale Structure and Dynamics in Complex Electronic Oxides. 2004.
[4]	陈长松 . 信息安全测量与态势分析关键技术研究[D]. 上海:上海交通大学, 2012.
	CHEN C S . Research on key technologies of information security measurement and situation analysis[D]. Shanghai:Shanghai Jiaotong University, 2012.
[5]	OU X , BOYER W F , MCQUEEN M A . A scalable approach to attack graph generation[C]// ACM Conference on Computer and Communications Security (CCS 2006). 2006: 336-345.
[6]	SHEYNER O , WING J . Tools for generating and analyzing attack graphs[J]. Lecture Notes in Computer Science, 2003,3188: 344-372.
[7]	OU X , GOVINDAVAJHALA S , APPEL A W . MulVAL:a logic-based network security analyzer[J]. Usenix Security Symposium, 2005:8.
[8]	JAJODIA S , NOEL S . Topological vulnerability analysis:apowerful new approach for network attack prevention,detection,and response[J]. Algorithms,Architectures And Information Systems Security, 2005: 285-305.
[9]	BEALE J , DERAISON R , MEER H ,et al. Nessus network auditing[M]. Elsevier, 2004.
[10]	HUSTON B . Skybox view 3.0[J]. Information Security, 2006:
[11]	SHEYNER , MIKHAIL O . Scenario graphs and attack graphs[J]. Dissertation Abstracts International, 2004: 65-03.
[12]	DANFORTH M , . Scalable patch management using evolutionary analysis of attack graphs[C]// Seventh International Conference on Machine Learning and Applications. 2008: 300-307.
[13]	DACIER M , DESWARTE Y . Privilege graph:an extension to the typed access matrix model[C]// Computer Security - ESORICS 94,Third European Symposium on Research in Computer Security. 1994: 319-334.
[14]	PHILLIPS C , SWILER L P . A graph-based system for nework-vulnerability analysis[C]// The 1998 Workshop on New Secruity Paradigms. 1998: 71-79.
[15]	CIMATTI A , CLARKE E , GIUNCHIGLIA F ,et al. NUSMV:a new symbolic model checker[J]. International Journal on Software Tools for Technology Transfer, 2000,2(4): 410-425.
[16]	TEMPLETON S J , LEVITT K . A requires/provides model for computer attacks[C]// The ACM Workshop on New Security Paradigms. 2001: 31-38.
[17]	叶云, 徐锡山, 齐治昌 ,等. 大规模网络中攻击图自动构建算法研究[J]. 计算机研究与发展, 2013,50(10): 2133-2139.
	YE Y , XU X S , QI Z C ,et al. Attack graph generation algorithm for large-scale network system[J]. Journal of Computer Research and Development, 2013,50(10): 2133-2139.
[18]	AMMANN P , WIJESEKERA D , KAUSHIK S . Scalable,graph-based network vulnerability analysis[C]// ACM Conference on Computer and Communications Security (CCS 2002). 2002: 217-224.
[19]	陈恺, 冯登国, 苏璞睿 ,等. 一种多周期漏洞发布预测模型[J]. 软件学报, 2010,21(9): 2367-2375.
	CHEN K , FENG D G , SU P R ,et al. Multi-cycle vulnerability discovery model for prediction[J]. Journal of Software, 2010,21(9): 2367-2375.
[20]	聂楚江, 赵险峰, 陈恺 ,等. 一种微观漏洞数量预测模型[J]. 计算机研究与发展, 2011,48(7): 1279-1287.
	NIER C J , ZHAO X F , CHEN K ,et al. An software vulnerability number prediction model based on micro-parameters[J]. Journal of Computer Research and Development, 2011,48(7): 1279-1287.
[21]	高志伟, 姚尧, 饶飞 ,等. 基于漏洞严重程度分类的漏洞预测模型[J]. 电子学报, 2013,41(9): 1784-1787.
	GAO Z W , YAO Y , RAO F ,et al. Predicting model of vulnerabilities based on the type of vulnerability severity[J]. Acta Electronica Sinica, 2013,41(9): 1784-1787.
[22]	ARBAUGH WA , FITHEN WL , MCHUGH J . Windows of vulnerability:a case study analysis[J]. Computer, 2000,33(12): 52-59.
[23]	FREI S . Security econometrics:the dynamics of (in) security[D]. Sissach,Switzerland:ETH Zurich, 2009.
[24]	KAANICHE M , MARCONATO GV , NICOMETTE V . Security-related vulnerability life cycle analysis[C]// The 2013 IEEE International Conference on Risk and Security of Internet and Systems. 2013: 1-8.
[25]	宋明秋, 王磊磊, 于博 . 基于生命周期理论的安全漏洞时间风险研究[J]. 计算机工程, 2011,37(1): 131-133.
	SONG M Q , WANG L L , YU B . Research on time risk of security vulnerability based on lifecycle theory[J]. Computer Engineering, 2011,37(1): 131-133.
[26]	JUMRATJAROENVANIT A , TENG-AMNUAY Y , . Probability of attack based on system vulnerability life cycle[C]// The 2008 IEEE International Symposium on Electronic Commerce ＆ Security, 2008: 531-535.
[27]	JOH H , MALAIYA YK . A framework for software security risk evaluation using the vulnerability lifecycle and CVSS metrics[C]// The 2010 International Workshop on Risk ＆ Trust in Extended Enterprises. 2010: 430-434.
[28]	SHAHZAD M , SHAFIQ MZ , LIU AX . A large scale exploratory analysis of software vulnerability life cycles[C]// The 2012 IEEE International Conference on Software Engineering. 2012: 771-781.
[29]	COX JLAT . Some limitations of “risk= threat× vulnerability× consequence” for risk analysis of terrorist attacks[J]. Risk Analysis, 2008,28(6): 1749-1761.
[30]	MKPONG-Ruffin I , UMPHRESS D , HAMILTON J ,et al. Quantitative software security risk assessment model[C]// The ACM Workshop on Quality of Protection. 2007: 31-33.
[31]	付志耀, 高岭, 孙骞 ,等. 基于粗糙集的漏洞属性约简及严重性评估[J]. 计算机研究与发展, 2016,53(5): 1009-1017.
	FU ZY , GAO L , SUN Q ,et al. Evaluation of vulnerability severity based on rough sets and attributes reduction[J]. Journal of Computer Research and Development, 2016,53(5): 1009-1017.
[32]	HOUMB SH , FRANQUEIRA VNL , ENGUM EA . Quantifying security risk level from CVSS estimates of frequency and impact[J]. Journal of Systems ＆ Software, 2010,83(9): 1622-1634.
[33]	周亮, 李俊娥, 陆天波 ,等. 信息系统漏洞风险定量评估模型研究[J]. 通信学报, 2009,30(2): 71-76.
	ZAO L , LI J E , LU T B ,et al. Research on quantitative assessment model on vulnerability risk for information system[J]. Journal on Communication, 2009,30(2): 71-76
[34]	YU D , FRINCKE D . Improving the quality of alerts and predicting intruder’s next goal with hidden colored Petri-net[J]. Computer Networks, 2007,51(3): 632-654.
[35]	SHEYNER O , HAINES J , JHA S ,et al. Automated generation and analysis of attack graphs[C]// The 2002 IEEE Symposium on Security and Privacy. 2002: 273-284.
[36]	彭武, 胡昌振, 姚淑萍 ,等. 基于时间自动机的入侵意图动态识别方法[J]. 计算机研究与发展, 2011,48(7): 1288-1297.
	PENG W , HU C Z , YAO S P ,et al. A dynamic intrusive intention recognition method based on timed automata[J]. Journal of Computer Research and Development, 2011,48(7): 1288-1297.
[37]	鲍旭华, 戴英侠, 冯萍慧 ,等. 基于入侵意图的复合攻击检测和预测算法[J]. 软件学报, 2005,16(12): 2132-2138.
	BAO X H , DAI Y X , FENG P H ,et al. A detection and forecast algorithm for multi-step attack based on intrusion intention[J]. Journal of Software, 2005,16(12): 2132-2138.
[38]	陈小军, 方滨兴, 谭庆丰 ,等. 基于概率攻击图的内部攻击意图推断算法研究[J]. 计算机学报, 2014,37(1): 62-72.
	CHEN X J , FANG B X , TAN Q F ,et al. Inferring attack intent of malicious insider based on probabilistic attack graph model[J]. Chinese Journal of Computers, 2014,37(1): 62-72.
[39]	诸葛建伟, 韩心慧, 叶志远 ,等. 基于扩展目标规划图的网络攻击规划识别算法[J]. 计算机学报, 2006,29(8): 1356-1366.
	ZHUGE J W , HAN X H , YE Z Y ,et al. A network attack plan recognition algorithm based on the extended goal graph[J]. Journal of Computers, 2006,29(8): 1356-1366.
[40]	吕慧颖, 彭武, 王瑞梅 ,等. 基于时空关联分析的网络实时威胁识别与评估[J]. 计算机研究与发展, 2014,51(5): 1039-1049.
	LV H Y , PENG W , WANG R M ,et al. A real-time network threat recognition and assessment method based on association analysis of time and space[J]. Journal of Computer Research and Development, 2014,51(5): 1039-1049.
[41]	王硕, 汤光明, 寇广 ,等. 基于因果知识网络的攻击路径预测方法[J]. 通信学报, 2016,37(10): 188-198.
	WANG S , TANG G , KOU G ,et al. Attack route prediction method based on causal knowledge[J]. Journal on Communications, 2016,37(10): 188-198.
[42]	SARRAUTE C , RICHARTE G , LUCáNGELI OBES J . An algorithm to find optimal attack routes in nondeterministic scenarios[C]// The 4th ACM Workshop on Security and Artificial Intelligence. 2011: 71-80.
[43]	ORTALO R , DESWARTE Y , KAANICHE M . Experimenting with quantitative evaluation tools for monitoring operational security[J]. IEEE Transactions on Software Engineering, 1999,25(5): 633-50.
[44]	LI W , VAUGHN R B . Cluster security research involving the modeling of network exploitations using exploitation graphs[C]// IEEE International Symposium on CLUSTER Computing and the Grid. 2006:26.
[45]	IDIKA N , BHARGAVA B . Extending attack graph-based security metrics and aggregating their application[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2012,9(1): 75-85.
[46]	BOPCHE G S , MEHTRE B M . Graph similarity metrics for assessing temporal changes in attack surface of dynamic networks[J]. Computers ＆ Security, 2016,64: 16-43.
[47]	DAI F , HU Y , ZHENG K ,et al. Exploring risk flow attack graph for security risk assessment[J]. IET Information Security, 2015,9(6): 344-353.
[48]	ABRAHAM S , NAIR S . a predictive framework for cyber security analytics using attack graphs[J]. International Journal of Computer Networks ＆ Communications, 2015,7(1).
[49]	刘强, 殷建平, 蔡志平 ,等. 基于不确定图的网络漏洞分析方法[J]. 软件学报, 2011,22(6): 1398-1412.
	LIU Q , YIN J P , CAI Z P ,et al. Uncertain-graph based method for network vulnerability analysis[J]. Journal of Software, 2011,22(6): 1398-1412.
[50]	ZHU B , GHORBANI A A . Alert correlation for extracting attack strategies[J]. International Journal of Network Security, 2006,3(3): 244-258.
[51]	BOPCHE G S , MEHTRE B M . Graph similarity metrics for assessing temporal changes in attack surface of dynamic networks[J]. Computers ＆ Security, 2016,64: 16-43.
[52]	NAYOT P , RINKU D , INDRAJIT R . Dynamic security risk management using Bayesian attack graphs[J]. IEEE Trans on Dependable ＆Secure Computing, 2012,9(1): 61-74
[53]	QU Z Y , LI Y Y , LI P . A network security situation evaluation method based on D-S evidence theory[C]// 2010 International Conference on Environmental science and information application technology (ESIAT). 2010: 496-499.
[54]	席荣荣, 云晓春, 张永铮 ,等. 一种改进的网络安全态势量化评估方法[J]. 计算机学报, 2015,38(4): 749-758.
	XI R R , YUN X C , ZHANG Y Z ,et al. An improved quantitative evaluation method for network security[J]. Journal of Computers, 2015,38(4): 749-758.
[55]	杨豪璞, 邱辉, 王坤 . 面向多步攻击的网络安全态势评估方法[J]. 通信学报, 2017,38(1): 187-198.
	YANG H P , QIU H , WANG K . Network security situation evaluation method for multi-step attack[J]. Journal on Communications, 2017,38(1): 187-198
[56]	刘玉岭, 冯登国, 连一峰 ,等. 基于时空维度分析的网络安全态势预测方法[J]. 计算机研究与发展, 2014,51(8): 1681-1694.
	LIU Y L , FENG D G , LIAN Y F ,et al. Network situation prediction method based on spatial-time dimension analysis[J]. Journal of Computer Research and Development, 2014,51(8): 1681-1694.
[57]	LINGL J,SUL , WANG H F ,et al. An ARIMA-ANN hybrid model for time series forecasting[J]. Systems Research and Behavioral Science, 2013,30(3): 1092-7026.
[58]	GE P , WAMG J , REN P ,et al. A new improved forecasting method integrated fuzzy time series with the exponential smoothing method[J]. International Journal of Environment and Pollution, 2013,51(3/4): 206-221.
[59]	LIU S , LIU Y . Network security risk assessment method based on HMM and attack graph model[C]// IEEE/ACIS International Conference on Software Engineering,Artificial Intelligence,Networking and Parallel/Distributed Computing. 2016: 517-522.
[60]	FREDJ O B . A realistic graph based alert correlation system[J]. Security ＆ Communication Networks, 2015,8(15): 2477-2493.
[61]	GHASEMIGOL M , GHAEMI B A , TAKABI H . A comprehensive approach for network attack forecasting[J]. Computers ＆ Security, 2016,58: 83-105.
[62]	WANG Y , LI J , MENG K ,et al. Modeling and security analysis of enterprise network using attack-defense stochastic game Petri nets[J]. Security ＆ Communication Networks, 2013,6(1): 89-99.
[63]	张勇, 谭小彬, 崔孝林 ,等. 基于Markov博弈模型的网络安全态势感知方法[J]. 软件学报, 2011,22(3): 495-508.
	ZHANG Y , TAN X B , CUI X L ,et al. Network security situation awareness approach based on Markov game model[J]. Journal of Software, 2011,22(3): 495-508.
[64]	CHEN G , SHEN D , KWAN C ,et al. Game theoretic approach to threat prediction and situation awareness[C]// IEEE International Conference on Information Fusion. 2006: 1-8.
[65]	WU J , OTA K , DONG M ,et al. Big data analysis based security situational awareness for smart grid[J]. IEEE Transactions on Big Data, 2016.

采用方法	节点	边	单调性	搜索策略
	否	网络状态	状态转换	逆向
模型检测
	是	主机状态	原子攻击	深度优先
逻辑推理	是	逻辑状态、攻击规则	依赖关系	逆向
基于图论	是	状态、条件及漏洞节点	依赖关系	广度优先

构建工具	是否开源	展示界面	复杂度	特点
MuVAL	是	命令行界面	O(n²)	攻击图生成准确度高
TVA	否	图形界面	O(n⁶)	实现网络渗透的自动分析，商用软件，收费昂贵
NetSPA	否	图形界面	O(nlogn)	环形攻击图，商用软件
Skybox View	否	图形界面	O(nlogn)	网络配置信息采集全面，商用软件
AGT	否	图形界面	O(2ⁿ)	Linux平台工具，生成复杂度高

基于攻击图的网络安全度量研究综述

Survey of attack graph based network security metric

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 65

相关文章 6

Metrics

推荐阅读 0

[1]	刘文甫, 庞建民, 周鑫, 李男, 岳峰. 基于期望收益率攻击图的网络风险评估研究[J]. 网络与信息安全学报, 2022, 8(4): 87-97.
[2]	张耀方, 张哲宇, 曲海阔, 张格, 王子博, 王佰玲. 面向大规模工控网络的关键路径分析方法[J]. 网络与信息安全学报, 2021, 7(6): 31-43.
[3]	韩磊,刘吉强,王健,石波,和旭东. 高安全属性价值设备威胁态势量化评估方法[J]. 网络与信息安全学报, 2020, 6(5): 54-66.
[4]	冷强,杨英杰,常德显,潘瑞萱,蔡英,胡浩. 面向网络实时对抗的动态防御决策方法[J]. 网络与信息安全学报, 2019, 5(6): 58-66.
[5]	周余阳, 程光, 郭春生. 基于贝叶斯攻击图的网络攻击面风险评估方法[J]. 网络与信息安全学报, 2018, 4(6): 11-22.
[6]	孙歆,姚一杨,卢新岱,刘雪娇,吴永涵. 基于HTTP代理的模糊测试技术研究[J]. 网络与信息安全学报, 2016, 2(2): 75-86.