Chinese Journal of Network and Information Security ›› 2021, Vol. 7 ›› Issue (1): 143-156.doi: 10.11959/j.issn.2096-109x.2021015
• Papers • Previous Articles Next Articles
Cheng SUN, Hao HU, Yingjie YANG, Hongqi ZHANG
Revised:
2020-10-07
Online:
2021-02-15
Published:
2021-02-01
Supported by:
CLC Number:
Cheng SUN, Hao HU, Yingjie YANG, Hongqi ZHANG. Two-layer threat analysis model integrating macro and micro[J]. Chinese Journal of Network and Information Security, 2021, 7(1): 143-156.
"
对象属性名 | 定义域 | 值域 | 含义 |
has | Device | Component | 设备实例IndvDev拥有组件实例IndvCmpt |
hasAccess | Device | Component | 设备实例IndvDev拥有组件实例IndvCmpt的访问权限 |
exist | Component | Vulnerability | 组件实例IndvCmpt存在脆弱性实例IndvOptr |
exploit | Attack | Vulnerability | 攻击实例IndvAtt利用脆弱性实例IndvOptr |
hasPrivilegeUser | Device | Device | 设备实例IndvDev拥有组件实例IndvCmpt的用户权限 |
hasPrivilegeRoot | Device | Device | 设备实例IndvDev拥有组件实例IndvCmpt的完全控制权限 |
hasCompromised | Device | Component | 设备实例IndvDev损害了组件实例IndvCmpt |
trustedBy | Device | Operator | 设备实例IndvDev受操作管理人员实例IndvOptr信任 |
launchAttack_{name}_{vul} | Device | Device | 设备实例IndvDev向组件实例IndvCmpt发起攻击 |
注:“launch Attack”命名格式中,name为攻击名称,vul为脆弱性,技术漏洞以cve编号格式进行标识,人员弱点采取自编号模式,以“hw_code”格式标识,当攻击属于网络扫描类时,vul以“null”标识。 |
"
Device | Component | Vulnerability | ModifiedScore | Attack |
Firewall 4 | Management Software(MS) | CVE-2019-1642 (恶意脚本注入) | 6.1 | ScriptInjection |
Admin Station 1 | Google Chrome | CVE-2018-6116 (越界访问内存) | 6.5 | CodeExecution |
Web Server 1 | Apache Tomcat Native(ATN) | CVE-2018-8019 (过期证书认证) | 7.4 | CertAbuse |
Email Server 1 | Apache James JMX(JMX) | CVE-2017-12628 (本地权限提升) | 7.8 | PriElevation |
Apache James Server(AJS) | CVE-2015-7611 (操作系统命令注入) | 8.1 | CommandInjection | |
WorkStation 1 | Microsoft outlook | CVE-2013-3870 (远程权限获取) | 9.1 | CodeExecution |
Operator | hw-001(安全意识薄弱) | 4.0 | Waterholing | |
WorkStation 2 | MsMpEng | CVE-2017-0290(远程权限获取) | 9.3 | CodeExecution |
File Server 1 | Microsoft Windows | CVE-2019-0543 (本地权限提升) | 7.8 | PriElevation |
Data Server 1 | S-CMS | CVE-2019-6805 (SQL命令注入) | 9.8 | SQLInjection |
"
From Individual | To Individual | Object Properties |
Web Server | S-CMS | hasAccess(web_1,DS_1_S-CMS) |
Management Software(MS) | hasAccess(web_1, FW_4_MS) | |
Email Server | Operator | trustedBy(ES_1,WS_1_operator) |
Management Software(MS) | hasAccess(ES_1, FW_4_MS) | |
WorkStation 1 | File Server | hasPrivilegeUser(WS_1,FS_1) |
WorkStation 2 | hasAccess(WS_1, WS_2_MsMpEng) | |
WorkStation 2 | File Server | hasAccess(WS_2,FS_1_windows) |
WorkStation 1 | hasPrivilegeUser(WS_2, WS_1) | |
Admin Station | Data Server | hasPrivilegeRoot(AS_1,DS_1) |
Firewall 4 | Admin Station | hasAccess (FW_4,AS_1_chrome) |
[1] | 赵志岩, 纪小默 . 智能化网络安全威胁感知融合模型研究[J]. 信息网络安全, 2020,20(4): 87-93. |
ZHAO Z Y , JI X M . Research on the intelligent fusion model of network security situation awareness[J]. Netinfo Security, 2020,20(4): 87-93. | |
[2] | 金辉, 张红旗, 张传富 ,等. 复杂网络中基于 QRD 的主动防御决策方法研究[J]. 信息网络安全, 2020,20(5): 72-82. |
JIN H , ZHANG H Q , ZHANG C F ,et al. Research on active defense decision-making method based on QRD in complex network[J]. Netinfo Security, 2020,20(5): 72-82. | |
[3] | LI M , HUANG W , WANG Y ,et al. The study of APT attack stage model[C]// 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS). 2016. |
[4] | CHEN P , DESMET L , HUYGENS C . A study on advanced persistent threats[C]// IFIP International Conference on Communications and Multimedia Security. 2014: 63-72. |
[5] | USSATH M , JAEGER D , CHENG F ,et al. Advanced persistent threats:behind the scenes[C]// 2016 Annual Conference on Information Science and Systems (CISS). 2016: 181-186. |
[6] | 贺诗洁, 黄文培 . APT 攻击详解与检测技术[J]. 计算机应用, 2018,38(S2): 170-173. |
HE S J , HUANG W P . APT attacks details and detection technology[J]. Journal of Computer Applications, 2018,38(S2): 170-173. | |
[7] | HUTCHINS E M , CLOPPERT M J , AMIN R M . Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains[J]. Leading Issues in Information Warfare & Security Research, 2011,1(1): 80. |
[8] | SWILER L P , PHILLIPS C . A graph-based system for network-vulnerability analysis[R]. 1998. |
[9] | 吴迪, 连一峰, 陈恺 ,等. 一种基于攻击图的安全威胁识别和分析方法[J]. 计算机学报, 2012,35(9): 1938-1950. |
WU D , LIAN Y F , CHEN K ,et al. A security threats identification and analysis method based on attack graph[J]. Chinese Journal of Computers, 2012,35(9): 1938-1950. | |
[10] | WU S , ZHANG Y , CAO W ,et al. Network security assessment using a semantic reasoning and graph based approach[J]. Computers & Electrical Engineering, 2017: 96-109. |
[11] | WANG L , LIU A , JAJODIA S . Using attack graphs for correlating,hypothesizing,and predicting intrusion alerts[J]. Computer communications, 2006,29(15): 2917-2933. |
[12] | AHAMADINEJAD S H , JALILI S , ABADI M . A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs[J]. Computer Networks, 2011,55(9): 2221-2240. |
[13] | 刘威歆, 郑康锋, 武斌 ,等. 基于攻击图的多源告警关联分析方法[J]. 通信学报, 2015,36(9): 135-144. |
LIU W X , ZHENG K F , WU B ,et al. Alert processing based on attack graph and multi-source analyzing[J]. Journal on Communications, 2015,36(9): 135-144. | |
[14] | 杨英杰, 冷强, 常德显 ,等. 基于属性攻击图的网络动态威胁分析技术研究[J]. 电子与信息学报, 2019,41(8): 1838-1846. |
YANG Y J , LENG Q , CHANG D X ,et al. Research on network dynamic threat analysis technology based on attribute attack graph[J]. Technology Based on Attribute Attack Graph Journal of Electronics & Information Technology, 2019,41(8): 1838-1846. | |
[15] | 杨英杰, 冷强, 潘瑞萱 ,等. 基于属性攻击图的动态威胁跟踪与量化分析技术研究[J]. 电子与信息学报, 2019,41(9): 2172-2179. |
YANG Y J , LENG Q , PAN R X ,et al. Research on dynamic threat tracking and quantitative analysis[J]. Technology Based on Attribute Attack Graph Journal of Electronics & Information Technology, 2019,41(9): 2172-2179. | |
[16] | 胡浩, 叶润国, 张红旗 ,等. 基于攻击预测的网络安全态势量化方法[J]. 通信学报, 2017,38(10): 122-134. |
HU H , YE R G , ZHANG H Q ,et al. Quantitative method for network security situation based on attack prediction[J]. Journal on Communications, 2017,38(10): 122-134. | |
[17] | 樊雷, 余江明, 雷英杰 . 面向APT攻击的分层表示模型[J]. 计算机工程, 2018,44(8): 155-160. |
FAN L , YU J M , LEI Y J . Hierarchical representation model for APT attack[J]. Computer Engineering, 2018,44(8): 155-160. |
[1] | Cheng SUN, Hao HU, Yingjie YANG, Hongqi ZHANG. Prediction method of 0day attack path based on cyber defense knowledge graph [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 151-166. |
[2] | Yao LYU, Jinpeng HOU, Chong NIE, Mang SU, Bin WANG, Hongling JIANG. Partial blind signature scheme based on SM9 algorithm [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 147-153. |
[3] | Bin ZHANG,Lixun LI,Shuqin DONG. Malware detection approach based on improved SOINN [J]. Chinese Journal of Network and Information Security, 2019, 5(6): 21-30. |
[4] | Jianming ZHU,Hongrui YANG. Data security challenges and countermeasures in financial technology [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 71-79. |
[5] | Chuanfeng XU,Hui LIN,Xuancheng GUO,Xiaoding WANG. New collaborative DDoS defense technology based on NFV [J]. Chinese Journal of Network and Information Security, 2019, 5(2): 66-76. |
[6] | Shuang WANG,Yueming LU. Information acquisition strategy for security gate-ways based on swing door trending algorithm [J]. Chinese Journal of Network and Information Security, 2018, 4(10): 59-67. |
[7] | Juntai HU,Zhenyu WU,Xiao FU,Yichao WANG. Game model based security strategy of heterogeneous controllers in the cloud [J]. Chinese Journal of Network and Information Security, 2018, 4(9): 52-59. |
[8] | Junnan YANG,Hongqi ZHANG,Chuanfu ZHANG. Defense decision-making method based on incomplete information stochastic game [J]. Chinese Journal of Network and Information Security, 2018, 4(8): 12-20. |
[9] | Binghao YAN,Guodong HAN. Combinatorial intrusion detection model based on deep recurrent neural network and improved SMOTE algorithm [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 48-59. |
[10] | Wenyan LIU,Shumin HUO,Qing TONG,Miao ZHANG,Chao QI. Research on models of network security evaluation and analysis [J]. Chinese Journal of Network and Information Security, 2018, 4(4): 1-11. |
[11] | Xiaoyu CHEN,Yueming LU. Improved packet classification algorithm based on multidimensional space dynamic division and RFC [J]. Chinese Journal of Network and Information Security, 2018, 4(3): 35-41. |
[12] | Haocheng ZHANG,Xiaojie WU,Xiang TANG,Runxuan SHU,Tianchen DING,Xiaoju DONG. System detecting network anomaly with visualization techniques [J]. Chinese Journal of Network and Information Security, 2018, 4(2): 40-54. |
[13] | Xiang-dong HU,Ke LIU,Feng ZHANG,Jia-fu LIN,Jun FU,Zhi-hui GUO. Financial phishing detection method based on sensitive characteristics of webpage [J]. Chinese Journal of Network and Information Security, 2017, 3(2): 31-38. |
[14] | Jia JIA,Zhi-wei YAN,Guang-gang GENG,Jian JIN. Study on BGP route leak [J]. Chinese Journal of Network and Information Security, 2016, 2(8): 54-61. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|