基于贝叶斯攻击图的网络入侵意图分析模型

doi:10.11959/j.issn.1000-436x.2020172

摘要/Abstract

摘要：

针对目前网络风险评估模型中忽略攻击代价和入侵意图对网络安全产生影响的问题，为了准确评估目标网络风险，提出一种基于贝叶斯攻击图的网络入侵意图分析方法。利用由漏洞价值、攻击成本和攻击收益计算出的原子攻击概率，结合贝叶斯信念网络量化攻击图，建立静态风险评估模型，并利用入侵意图动态更新模型，实现对网络风险的动态评估，为攻击面动态防御措施提供了依据。实验表明，所提模型不但可以有效地评估网络整体的安全性，而且在预测攻击路径方面也具有可行性。

关键词: 贝叶斯信念网络, 攻击图, 网络安全, 入侵意图, 风险评估

Abstract:

Aiming at the problem of ignoring the impact of attack cost and intrusion intention on network security in the current network risk assessment model,in order to accurately assess the target network risk,a method of network intrusion intention analysis based on Bayesian attack graph was proposed.Based on the atomic attack probability calculated by vulnerability value,attack cost and attack benefit,the static risk assessment model was established in combination with the quantitative attack graph of Bayesian belief network,and the dynamic update model of intrusion intention was used to realize the dynamic assessment of network risk,which provided the basis for the dynamic defense measures of attack surface.Experiments show that the model is not only effective in evaluating the overall security of the network,but also feasible in predicting attack paths.

Key words: Bayesian belief network, attack graph, network security, intrusion intention, risk assessment

中图分类号:

TP393.4

罗智勇,杨旭,刘嘉辉,许瑞. 基于贝叶斯攻击图的网络入侵意图分析模型[J]. 通信学报, 2020, 41(9): 160-169.

Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph[J]. Journal on Communications, 2020, 41(9): 160-169.

图/表 15

图1

表1

表2

表3

图2

图3

表4

图4

图5

图6

图7

表5

图8

图9

图10

参考文献 16

[1]	罗智勇, 杨旭, 孙广路 ,等. 基于马尔可夫的有限自动机入侵容忍系统模型[J]. 通信学报, 2019,40(10): 79-89.
	LUO Z Y , YANG X , SUN G L ,et al. Finite automaton intrusion tolerance system model based on Markov[J]. Journal on Communications, 2019,40(10): 79-89.
[2]	王帆 . 基于贝叶斯攻击图的网络安全风险评估方法研究[D]. 西安:西北大学, 2018.
	WANG F . Research on network security risk assessment method based on Bayesian attack graph[D]. Xi’an:Northwest University, 2018.
[3]	PHILLIPS C , SWILER L P . A graph-based system for networ-k vulnerability analysis[C]// 1998 Workshop on New Security Paradigms. New York:ACM Press, 1998: 71-79.
[4]	叶子维, 郭渊博, 王宸东 ,等. 攻击图技术应用研究综述[J]. 通信学报, 2017,38(11): 121-132.
	YE Z W , GUO Y B , WANG C D ,et al. Survey on application of attack graph technology[J]. Journal on Communications, 2017,38(11): 121-132.
[5]	吴晨思, 谢卫强, 姬逸潇 ,等. 网络系统安全度量综述[J]. 通信学报, 2019,40(6): 14-31.
	WU C S , XIE W Q , JI Y X ,et al. Survey on network sy-stem security metrics[J]. Journal on Communications, 2019,40(6): 14-31.
[6]	王硕, 汤光明, 王建华 ,等. 基于因果知识网络的攻击场景构建方法[J]. 计算机研究与发展, 2018,55(12): 2620-2636.
	WANG S , TANG G M , WANG J H ,et al. Attack scenarioconstruction method based on causal knowledge net[J]. Journal of Computer Research and Development, 2018,55(12): 2620-2636.
[7]	胡浩, 刘玉岭, 张红旗 ,等. 基于吸收Markov链的网络入侵路径预测方法[J]. 计算机研究与发展, 2018,55(4): 831-845.
	HU H , LIU Y L , ZHANG H Q ,et al. Route prediction method for network intrusion using absorbing Markov chain[J]. Journal of Computer Research and Development, 2018,55(4): 831-845.
[8]	雷程, 马多贺, 张红旗 ,等. 基于变点检测的网络移动目标防御效能评估方法[J]. 通信学报, 2017,38(1): 126-140.
	LEI C , MA D H , ZHANG H Q ,et al. Performance assessment approach based on change-point detection for network moving target defense[J]. Journal on Communications, 2017,38(1): 126-140.
[9]	HU H , ZHANG H , YANG Y ,et al. Security risk situation quantification method based on threat prediction for multimedia communication network[J]. Multimedia Tools and Applications, 2018,77(11): 1-31.
[10]	王辉, 鹿士凯, 王银城 . 基于关联攻击图的入侵预测算法[J]. 计算机工程, 2018,44(7): 131-138.
	WANG H , LU S K , WANG Y C . Intrusion prediction algorithm based on correlation attack graph[J]. Computer Engineering, 2018,44(7): 131-138.
[11]	秦虎, 王建利, 彭逍遥 . 基于权限提升矩阵的攻击图生成方法[J]. 北京理工大学学报, 2019,39(1): 101-105.
	QIN H , WANG J L , PENG X Y . Attack graph generation method based on privilege escalation matrix[J]. Transactions of Beijing Institute of Technology, 2019,39(1): 101-105.
[12]	李艳, 王纯子, 黄光球 ,等. 网络安全态势感知分析框架与实现方法比较[J]. 电子学报, 2019,47(4): 927-945.
	LI Y , WANG C Z , HUANG G Q ,et al. A survey of architecture and implementation method on cyber security situation awareness analysis[J]. Acta Electronica Sinica, 2019,47(4): 927-945.
[13]	JUKKA R . A look at the time delays in CVSS vulnerability scoring[J]. Applied Computing and Informatics, 2019,15(2): 1-18.
[14]	马春光, 汪诚弘, 张东红 ,等. 一种基于攻击意愿分析的网络风险动态评估模型[J]. 计算机研究与发展, 2015,52(9): 2056-2068.
	MA C G , WANG C H , ZHANG D H ,et al. A dynamic network risk assessment model based on attacker’s inclination[J]. Journal of Computer Research and Development, 2015,52(9): 2056-2068.
[15]	高妮, 高岭, 贺毅岳 ,等. 基于贝叶斯攻击图的动态安全风险评估模型[J]. 四川大学学报(工程科学版), 2016,48(1): 111-118.
	GAO N , GAO L , HE Y Y ,et al. Dynamic security risk assessment model based on bayesian attack graph[J]. Journal of Sichuan University (Engineering Science Edition), 2016,48(1): 111-118.
[16]	周余阳, 程光, 郭春生 . 基于贝叶斯攻击图的网络攻击面风险评估方法[J]. 网络与信息安全学报, 2018,4(6): 11-22.
	ZHOU Y Y , CHENG G , GUO C S . Risk assessment method for network attack surface based on Bayesian attack graph[J]. Chinese Journal of Network and Information Security, 2018,4(6): 11-22.

基础指标	因素	度量值	评分
		网络(N)	0.85
	AV	相邻(A)	0.62
		本地(L)	0.55
		物理(P)	0.20
	AC	低(L)	0.77
可利用性		高(H)	0.44
可利用性		无(N)	0.85
	PR	低(L)	0.62
		高(H)	0.27
	UI	无(N)	0.85
		所需(R)	0.62
		无(N)	0.00
影响度	C,I,A	低(L)	0.22
		高(H)	0.56
范围	S	不变(U)
		变动(C)

成本	度量值	评分
SI	完整/功能/空	0.1/0.3/0.7
SP	普通/特殊/特定	0.15/0.35/0.6
Or	工具/脚本/手册/团体	0.1/0.25/0.45/0.7
IR	空/普通/配置/关键	0/0.2/0.55/0.8

度量值	评分
信息泄露	0.3～0.55
远程注册	0.55～0.7
认证绕过	0.7～0.8
有限访问	0.85～0.95
完整权限	1.0

主机	操作系统或程序	漏洞编号	CVE编号	value(v_i)
H₁	Titan FTP Server6.0.3	v₁	CVE-2013-4465	46%
H₁	Windows 2003 Server	v₂	CVE-2004-0575	53%
H₂	Windows 2003 Server	v₃	CVE-2002-0364	35%
H₂	IIS 5.0 Web Server	v₄	CVE-2006-2379	39%
H₃	Check Point VPN-1 Server4.1	v₅	CVE-2009-0241	43%
H₆	Windows 2000	v₆	CVE-2007-0038	55%
H₇	Windows XP	v₇	CVE-2006-2370	25%
H₉	Windows XP	v₈	CVE-2003-0252	39%
H₁₂	Windows XP	v₉	CVE-2004-1306	51%
H₁₂	SQL Server	v₁₀	CVE-2004-0893	36%
H₁₂	SQL Server	v₁₁	CVE-2015-1762	41%

编号	攻击路径
AP₁	S₀—S₁—S₄—S₇—S₈
AP₂	S₀—S₂—S₄—S₇—S₈
AP₃	S₀—S₂—S₄—S₅—S₇—S₈
AP₄	S₀—S₂—S₅—S₇—S₈
AP₅	S₀—S₃—S₅—S₇—S₈
AP₆	S₀—S₃—S₆—S₇—S₈
AP₇	S₀—S₃—S₅—S₆—S₇—S₈