天地一体化信息网络 ›› 2021, Vol. 2 ›› Issue (3): 57-65.doi: 10.11959/j.issn.2096-8930.2021031

所属专题: 专题:天地一体化信息网络安全防护技术

• 专题:天地一体化信息网络安全防护技术 • 上一篇    下一篇

基于网络安全知识图谱的天地一体化信息网络攻击研判框架

亓玉璐1, 江荣1, 荣星2, 李爱平1   

  1. 1 国防科技大学,湖南 长沙 410073
    2 中国电子设备系统工程公司,北京 100089
  • 修回日期:2021-08-25 出版日期:2021-09-20 发布日期:2021-09-01
  • 作者简介:亓玉璐(1986-),女,国防科技大学博士生,主要研究方向为网络信息安全
    江荣(1984-),男,博士,国防科技大学助理研究员,主要研究方向为网络空间安全大数据分析
    荣星(1986-),男,中国电子设备系统工程公司工程师,主要研究方向为网络安全、云计算
    李爱平(1974-),男,博士,国防科技大学研究员,主要研究方向为语义网络、数据挖掘和网络信息安全
  • 基金资助:
    广东省重点领域研发计划项目(2019B010136003);国家自然科学基金资助项目(62072131)

Attack Analysis Framework of Space-Integrated-Ground Information Network Based on Cybersecurity Knowledge Graph

Yulu QI1, Rong JIANG1, Xing RONG2, Aiping LI1   

  1. 1 National University of Defense Technology, Changsha 410073, China
    2 China Electronic Device Systems Engineering Corporation, Beijing 100089, China
  • Revised:2021-08-25 Online:2021-09-20 Published:2021-09-01
  • Supported by:
    The Key R&D Program of Guangdong Province(2019B010136003);The National Natural Science Foundation of China(62072131)

摘要:

天地一体化信息网络在实现全球覆盖、随遇接入、按需服务、安全可信的同时,也面临着更加复杂多变的安全威胁,相比于传统互联网,卫星网络具有拓扑的高动态变化、特有的数据传输协议和格式等特点。因此,将卫星网络攻击的规律融合到APT攻击的规律中,构建天地一体化信息网络安全知识图谱和攻击规则库,进而对天地一体化信息网络攻击进行综合研判。采用包含时空属性的数据模型表达攻击规律,在数据有非连续漏报和误报的情况下,可以进行攻击研判的补全。本文提出的攻击研判框架可以实时、准确地感知天地一体化信息网络的安全状态,并为其威胁响应提供决策支撑。

关键词: 天地一体化信息网络, 网络安全知识图谱, 攻击规则库, 攻击研判框架, 攻击链补全

Abstract:

While realizing global coverage, random access, on-demand service, security and credibility, the space-integrated-ground information network(SGIN) is confronted with more complex and variable security threats.Compared with the internet, satellite network has a lot of diff erences, such as highly dynamic changes of topology, transfer protocol and data format.In terms of these questions, it was necessary to integrated the rule of satellite network attacks into the rules of APT attacks, developed the cybersecurity knowledge graph and the attack rules library to analyzed the attacks of the SGIN.The pattern of attack rules was expressed based on time-space data model, which was used to completed the attack chain when there were non-continuous missed data or false positives data.The attack analysis framework proposed in this paper could accurately perceived the security status of the SGIN in real time , and provided decision support for the SGIN.

Key words: space-integrated-ground information network, cybersecurity knowledge graph, attack rule library, attack analysis framework, attack chain completion

中图分类号: 

No Suggested Reading articles found!