通信学报 ›› 2017, Vol. 38 ›› Issue (10): 122-134.doi: 10.11959/j.issn.1000-436x.2017204

• 学术论文 • 上一篇    下一篇

基于攻击预测的网络安全态势量化方法

胡浩1,2,叶润国3,张红旗1,2,杨英杰1,2,刘玉岭4   

  1. 1 解放军信息工程大学三院,河南 郑州 450001
    2 河南省信息安全重点实验室,河南 郑州 450001
    3 中国电子技术标准化研究院,北京 100007
    4 中国科学院软件研究所可信计算与信息保障实验室,北京 100190
  • 修回日期:2017-08-28 出版日期:2017-10-01 发布日期:2017-11-16
  • 作者简介:胡浩(1989-),男,安徽池州人,解放军信息工程大学博士生,主要研究方向为网络安全态势感知和图像秘密共享。|叶润国(1976-),男,江西萍乡人,博士,中国电子技术标准化研究院工程师,主要研究方向为大数据安全。|张红旗(1962-),男,河北遵化人,博士,解放军信息工程大学教授、博士生导师,主要研究方向为网络安全、风险评估、等级保护和信息安全管理等。|杨英杰(1971-),男,河南郑州人,博士,解放军信息工程大学教授、硕士生导师,主要研究方向为数据挖掘、态势感知和信息安全管理等。|刘玉岭(1983-),男,山东济阳人,博士,中国科学院软件研究所副研究员,主要研究方向为网络安全态势感知。
  • 基金资助:
    国家高技术研究发展计划(“863”计划)基金资助项目(2012AA012704);国家高技术研究发展计划(“863”计划)基金资助项目(2015AA016006);国家重点研发计划课题基金资助项目(2016YFF0204003);郑州市科技领军人才基金资助项目(131PLJRC644);“十三五”装备预研领域基金资助项目(61400020201);CCF-启明星辰“鸿雁”科研计划基金资助项目(2017003);公安部信息网络安全重点实验室开放课题基金资助项目(C15604)

Quantitative method for network security situation based on attack prediction

Hao HU1,2,Run-guo YE3,Hong-qi ZHANG1,2,Ying-jie YANG1,2,Yu-ling LIU4   

  1. 1 The Third Institute,PLA Information Engineering University,Zhengzhou 450001,China
    2 Henan Key Laboratory of Information Security,Zhengzhou 450001,China
    3 China Electronics Standardization Institute,Beijing 100007,China
    4 Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China
  • Revised:2017-08-28 Online:2017-10-01 Published:2017-11-16
  • Supported by:
    The National High Technology Research and Development Program of China (863 Program)(2012AA012704);The National High Technology Research and Development Program of China (863 Program)(2015AA016006);The National Key Research and Development Program of China(2016YFF0204003);The Science and Technology Leading Talent Project of Zhengzhou(131PLJRC644);The Equipment Pre-Research Foundation During the 13th Five-Year Plan Period(61400020201);The CCF-Venus “Hongyan” Research Plan(2017003);The Key Lab of Information Network Security,Ministry of Public Security(C15604)

摘要:

为准确、全面地预测攻击行为并量化攻击威胁,提出一种基于攻击预测的安全态势量化方法。通过融合攻击方、防御方和网络环境态势要素,依据实时检测的攻击事件评估攻击者能力和漏洞利用率,并计算攻防期望耗时;进而设计基于动态贝叶斯攻击图的攻击预测算法,推断后续攻击行为;最后从主机和网络这2个层面将攻击威胁量化为安全风险态势。实例分析表明,该方法符合实际对抗网络环境,能够准确预测攻击发生时间并合理量化攻击威胁。

关键词: 攻击预测, 安全态势, 贝叶斯攻击图, 攻防对抗, 时间预测

Abstract:

To predict the attack behaviors accurately and comprehensively as well as to quantify the threat of attack,a quantitative method for network security situation based on attack prediction was proposed.By fusing the situation factors of attacker,defender and network environment,the capability of attacker and the exploitability rate of vulnerability were evaluated utilizing the real-time detected attack events,and the expected time-cost for attack-defense were further calculated.Then an attack prediction algorithm based on the dynamic Bayesian attack graph was designed to infer the follow-up attack actions.At last,the attack threat was quantified as the security risk situation from two levels of the hosts and the overall network.Experimental analysis indicates that the proposed method is suitable for the real adversarial network environment,and is able to predict the occurrence time of attack accurately and quantify the attack threat reasonably.

Key words: attack prediction, security situation, Bayesian attack graph, attack-defense, time prediction

中图分类号: 

No Suggested Reading articles found!