攻击图技术应用研究综述

doi:10.11959/j.issn.1000-436x.2017213

摘要/Abstract

摘要：

攻击图是一种预判攻击者对目标网络发动攻击的方式和过程，指导防御方对网络中的节点采取针对性防御措施，提高网络安全性的技术。首先介绍了攻击图的基本构成，列举了攻击图的几种类型及其各自的优缺点，然后介绍了攻击图技术目前在风险评估和网络加固、入侵检测和告警关联等方面的应用现状以及现有的几种攻击图生成和分析工具，最后指出了攻击图技术面临的挑战和未来可能的研究方向。

关键词: 攻击图, 安全漏洞, 网络加固, 告警关联

Abstract:

Attack graph technology was a measure to predict the pattern and process used by attacker to compromise the target network,so as to guide defender to take defensive measures and improve network security.The basic component,types of attack graphs and respective advantages and disadvantages of each type were reviewed.The application status of attack graph technology in risk assessment and network hardening,intrusion detection and alarm correlation,and other aspects were introduced.Several kinds of existing attack graph generation and analysis tools were also presented.At last a survey of some challenges and research trends in future research work was provided.

Key words: attack graph, vulnerability, network hardening, alert correlation

中图分类号:

TP393

叶子维,郭渊博,王宸东,琚安康. 攻击图技术应用研究综述[J]. 通信学报, 2017, 38(11): 121-132.

Zi-wei YE,Yuan-bo GUO,Chen-dong WANG,An-kang JU. Survey on application of attack graph technology[J]. Journal on Communications, 2017, 38(11): 121-132.

图/表 6

图1

图2

图3

图4

图5

表1

参考文献 64

[1]	国家计算机网络应急技术处理协调中心. 2016年中国互联网网络安全报告[M]. 北京: 人民邮电出版社, 2017: 15-89.
	National Internet Emergency Center. Report on China Internet network security in 2016[M]. Beijing: Posts ＆ Telecommunications Press, 2017: 15-89.
[2]	PHILLIPS C , SWILER L P . A graph-based system for network-vulnerability analysis[C]// The 1998 Workshop on New Security Paradigms. ACM, 1998: 71-79.
[3]	WANG S , ZHANG Z , KADOBAYASHI Y . Exploring attack graph for cost-benefit security hardening:a probabilistic approach[J]. Computers＆ Security, 2013,32(1): 158-169.
[4]	HONG J , KIM D S . Harms:hierarchical attack representation models for network security analysis[C]// The 10th Australian Information Security Management Conference. Western Australia, 2012.
[5]	KOTENKO I , STEPASHKIN M . Attack graph based evaluation of network security[C]// IFIP International Conference on Communications and Multimedia Security. Springer Berlin Heidelberg, 2006: 216-227.
[6]	WANG L , ISLAM T , LONG T ,et al. An attack graph-based probabilistic security metric[C]// IFIP Annual Conference on Data and Applications Security and Privacy. Springer Berlin Heidelberg, 2008: 283-296.
[7]	OU X , BOYER W F , MCQUEEN M A . A scalable approach to attack graph generation[C]// The 13th ACM conference on Computer and Communications Security. ACM, 2006: 336-345.
[8]	HUANG H , ZHANG S , OU X ,et al. Distilling critical attack graph surface iteratively through minimum-cost sat solving[C]// 27th Annual Computer Security Applications Conference. ACM, 2011: 31-40.
[9]	陈锋, 毛捍东, 张维明 ,等. 攻击图技术研究进展[J]. 计算机科学, 2011,38(11): 12-18.
	CHEN F , MAO H D , ZHANG W M ,et al. Survey of attack graph technique[J]. Computer Science, 2011,38(11): 12-18.
[10]	LI H , WANG Y , CAO Y . Searching forward complete attack graph generation algorithm based on hypergraph partitioning[J]. Procedia Computer Science, 2017,107: 27-38.
[11]	RICK V H . The motivation of attackers in attack tree analysis[D]. Holland,Delft:Delft University of Technology, 2015.
[12]	PIETERS W , DAVARYNEJAD M . Calculating adversarial risk from attack trees:control strength and probabilistic attackers[M]// Data Privacy Management,Autonomous Spontaneous Security,and Security Assurance. Springer International Publishing, 2015: 201-215.
[13]	JHA S , SHEYNER O , WING J . Two formal analyses of attack graphs[C]// The 2002 Computer Security Foundations Workshop. IEEE, 2002: 49-63.
[14]	SHEYNER O , HAINES J , JHA S ,et al. Automated generation and analysis of attack graphs[C]// The 2002 Security and Privacy Symposium. 2002: 273-284.
[15]	SHEYNER O . Scenario graphs and attack graphs[D]. US Air Force Research Laboratory, 2004.
[16]	BHATTACHARYA S , GHOSH S K . An artificial intelligence based approach for risk management using attack graph[C]// Computational Intelligence and Security,2007 International Conference on IEEE. 2007: 794-798.
[17]	冯萍慧, 连一峰, 戴英侠 ,等. 基于可靠性理论的分布式系统脆弱性模型[J]. 软件学报, 2006,17(7): 1633-1640.
	FENG P H , LIAN Y F , DAI Y X ,et al. A vulnerability model of distributed systems based on reliability theory[J]. Journal of Software, 2006,17(7): 1633-1640.
[18]	HOMER J , ZHANG S , OU X ,et al. Aggregating vulnerability metrics in enterprise networks using attack graphs[J]. Journal of Computer Security, 2013,21(4): 561-597.
[19]	吴迪, 连一峰, 陈恺 ,等. 一种基于攻击图的安全威胁识别和分析方法[J]. 计算机学报, 2012,35(9): 1938-1950.
	WU D , LIAN Y F , CHEN K ,et al. A security threats identification and analysis method based on attack graph[J]. Chinese Journal of Computers, 2012,35(9): 1938.
[20]	方研, 殷肖川, 李景志 . 基于贝叶斯攻击图的网络安全量化评估研究[J]. 计算机应用研究, 2013,30(9): 2763-2766.
	FANG Y , YIN X C , LI J Z . Research of quantitative network security assessment based on Bayesian-attack graphs[J]. Application Research of Computers, 2013,30(9): 2763-2766.
[21]	ALHOMIDI M , REED M . Risk assessment and analysis through population-based attack graph modelling[C]// 2013 World Congress on Internet Security (WorldCIS) . 2013: 19-24.
[22]	ROSCHKE S , CHENG F , MEINEL C . High-quality attack graph-based IDS correlation[J]. Logic Journal of the IGPL, 2013,21(4): 571-591.
[23]	WANG L , YAO C , SINGHAL A ,et al. Implementing interactive analysis of attack graphs using relational databases[J]. Journal of Computer Security, 2008,16(4): 419-437.
[24]	WANG L , YAO C , SINGHAL A ,et al. Interactive analysis of attack graphs using relational queries[C]// IFIP Annual Conference on Data and Applications Security and Privacy. Springer Berlin Heidelberg, 2006: 119-132.
[25]	陈靖, 王冬海, 彭武 . 基于动态攻击图的网络安全实时评估[J]. 计算机科学, 2013,40(2): 133-138.
	CHEN J , WANG D H , PENG W . Real-time network security assessment based on dynamic attack graph[J]. Computer Science, 2013,40(2): 133-138.
[26]	闫峰 . 基于攻击图的网络安全风险评估技术研究[D]. 长春:吉林大学, 2014.
	YAN F . The technology research of network security assessment based on attack graphs[D]. Changchun:Jilin University, 2014.
[27]	陈锋, 张怡, 苏金树 ,等. 攻击图的两种形式化分析[J]. 软件学报, 2010,21(4): 838-848.
	CHEN F , ZHANG Y , SU J S ,et al. Two formal analyses of attack graphs[J]. Journal of Software, 2010,21(4): 838-848.
[28]	RITCHEY B , O'BERRY B , NOEL S . Representing TCP/IP connectivity for topological analysis of network security[C]// The 2002 Computer Security Applications Conference. 2002: 25-31.
[29]	LI W , VAUGHN R B , DANDASS Y S . An approach to model network exploitations using exploitation graphs[J]. Simulation, 2006,82(8): 523-541.
[30]	AMMANN P , WIJESEKERA D , KAUSHIK S . Scalable,graph-based network vulnerability analysis[C]// The 9th ACM Conference on Computer and Communications Security. ACM, 2002: 217-224.
[31]	PEARL J . Probabilistic reasoning in intelligent system[M]. Morgan Kaufinann: Network of Plausible Inference, 1988: 1-86.
[32]	LIU Y , MAN H . Network vulnerability assessment using Bayesian networks[C]// Defense and Security. International Society for Optics and Photonics, 2005: 61-71.
[33]	张少俊, 李建华, 宋珊珊 ,等. 贝叶斯推理在攻击图节点置信度计算中的应用[J]. 软件学报, 2010,21(9): 2376-2386.
	ZHANG S J , LI J H , SONG S S ,et al. Using Bayesian inference for computing attack graph node beliefs[J]. Journal of Software, 2010,21(9): 2376-2386.
[34]	FRIGAULT M , WANG L . Measuring network security using Bayesian network-based attack araphs[C]// The 3rd IEEE International Workshop on Security,Trust,and Privacy for Software Applications. 2008: 698-703.
[35]	POOLSAPPASIT N , DEWRI R , RAY I . Dynamic security risk management using Bayesian attack graphs[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2011,9(1): 61-74.
[36]	WANG L , JAJODIA S , SINGHAL A ,et al. k-zero day safety:measuring the security risk of networks against unknown attacks[J]. Lecture Notes in Computer Science, 2010,11(1): 573-587.
[37]	WANG L , JAJODIA S , SINGHAL A ,et al. k-zero day safety:a network security metric for measuring the risk of unknown vulnerabilities[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2014,11(1): 30-44.
[38]	WANG L , ZHANG M , JAJODIA S ,et al. Modeling network diversity for evaluating the robustness of networks against zero-day attacks[C]// European Symposium on Research in Computer Security. Springer International Publishing, 2014: 494-511.
[39]	ZHANG M , WANG L , JAJODIA S ,et al. Network diversity:a security metric for evaluating the resilience of networks against zero-day attacks[J]. IEEE Transactions on Information Forensics ＆ Security, 2016,11(5): 1071-1086.
[40]	BECKERS K , KRAUTSEVICH L , YAUTSIUKHIN A . Analysis of social engineering threats with attack graphs[M]// Data Privacy Management,Autonomous Spontaneous Security,and Security Assurance. Springer International Publishing, 2015: 67-73.
[41]	BI K , HAN D , WANG J . K maximum probability attack paths dynamic generation algorithm[J]. Computer Science and Information Systems, 2016,13(2): 677-689.
[42]	WANG S , TANG G , KOU G ,et al. An attack graph generation method based on heuristic searching strategy[C]// 2016 2nd IEEE International Conference on Computer and Communications (ICCC), 2016: 1180-1185.
[43]	KAYNAR K , SIVRIKAYA F . Distributed attack graph generation[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(5): 519-532.
[44]	MIEHLING E , RASOULI M , TENEKETZIS D . Optimal defense policies for partially observable spreading processes on Bayesian attack graphs[C]// The Second ACM Workshop on Moving Target Defense. ACM, 2015: 67-76.
[45]	DURKOTA K , LISY V , BOSANSKY B ,et al. Optimal network security hardening using attack graph games[C]// IJCAI. 2015: 7-14.
[46]	POLAD H , PUZIS R , SHAPIRA B . Attack graph obfuscation[C]// International Conference on Cyber Security Cryptography and Machine Learning. Springer,Cham, 2017: 269-287.
[47]	JOHNSON P , VERNOTTE A , EKSTEDT M ,et al. pwnPr3d:an attack-graph-driven probabilistic threat-modeling approach[C]// 2016 11th International Conference on Availability,Reliability and Security (ARES). 2016: 278-283.
[48]	ABRAHAM S , NAIR S . Predictive cyber security analytics framework:a non-homogenous Markov model for security quantification[J]. Journal of Communications, 2014,12(9): 899-907.
[49]	FADLALLAH A , SBEITY H , MALLI M ,et al. Application of attack graphs in intrusion detection systems:an implementation[J]. International Journal of Computer Networks, 2016,8(1): 1-12.
[50]	WANG L , LIU A , JAJODIA S . Using attack graphs for correlating,hypothesizing,and predicting intrusion alerts[J]. Computer Communications, 2006,29(15): 2917-2933.
[51]	AHMADINEJAD S H , JALILI S , ABADI M . A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs[J]. Computer Networks, 2011,55(9): 2221-2240.
[52]	刘威歆, 郑康锋, 武斌 ,等. 基于攻击图的多源告警关联分析方法[J]. 通信学报, 2015,36(9): 135-144.
	LIU W X , ZHENG K F , WU B ,et al. Alert processing based on attack graph and multi-source analyzing[J]. Journal on Communications, 2015,36(9): 135-144.
[53]	徐丽娟 . 基于攻击图的工业控制网络安全隐患分析[D]. 北京:北京邮电大学, 2015.
	XU L J . Industrial control system network’s potential risk analysis based on attack graph[D]. Beijing:Beijing University of Posts and Telecommunications, 2015.
[54]	黄家辉, 冯冬芹, 王虹鉴 . 基于攻击图的工控系统脆弱性量化方法[J]. 自动化学报, 2015,42(5): 792-798.
	HUANG J H , FENG D Q , WANG H J . A method for quantifying vulnerability of industrial control system based on attack graph[J]. Acta Automatica Sinica, 2015,42(5): 792-798.
[55]	LEVER K E , MACDERMOTT á , KIFAYAT K . Evaluating interdependencies and cascading failures using distributed attack graph generation methods for critical infrastructure defence[C]// The 2015 Developments of E-Systems Engineering (DeSE). 2015: 47-52.
[56]	胡双双 . 基于蜜网的攻击行为分析[D]. 北京:北京邮电大学, 2015.
	HU S S . Analysis of attack based on honeynet[D]. Beijing:Beijing University of Posts and Telecommunications, 2015.
[57]	HAWRYLAK P J , HARTNEY C , PAPA M ,et al. Using hybrid attack graphs to model and analyze attacks against the critical information infrastructure[M]// Critical Information Infrastructure Protection and Resilience in the ICT Sector. IGI Global, 2013: 173-197.
[58]	武文博, 康锐, 李梓 . 基于攻击图的信息物理系统信息安全风险评估方法[J]. 计算机应用, 2016,36(1): 203-206.
	WU W B , KANG R , LI Z . Attack graph based risk assessment method for cyber security of cyber-physical system[J]. Journal of Computer Applications, 2016,36(1): 203-206.
[59]	NICHOLS W , HAWRYLAK P , HALE J ,et al. Introducing priority into hybrid attack graphs[C]// The 12th Annual Conference on Cyber and Information Security Research. ACM, 2017:12.
[60]	LUCKETT P , MCDONALD J , GLISSON W . Attack-graph threat modeling assessment of ambulatory medical devices[C]// The 50th Hawaii International Conference on System Sciences. 2017: 3648-3657.
[61]	OU X , GOVINDAVAJHALA S , APPEL A W . MulVAL:a logic- based network security analyzer[C]// 14th USENIX Security. 2005: 1-16.
[62]	SAHA D , . Extending logical attack graphs for efficient vulnerability analysis[C]// The 15th ACM Conference on Computer and Communications Security. 2008: 63-74.
[63]	LIPPMANN R , INGOLS K , SCOTT C ,et al. Validating and restoring defense in depth using attack graphs[C]// Milcom 2006 Military Communications Conference. 2006: 1-10.
[64]	FREDRIK J S . A test of attack graph-based evaluation of IT-security[D]. Sweden,V?sterbotten:Ume? University, 2014.

工具	是否开源	是否图形界面	是否商用	复杂度
MulVAL	是	命令行界面	否	O(n²)
NetSPA	否	图形界面	是	O(nlogn)
NAVIGATOR	否	图形界面	是	O(nlogn)
GARNET	否	图形界面	是	O(nlogn)
TVA	否	图形界面	否	O(n²)
Cauldron	否	图形界面	是	O(n²)
Attack Graph Toolkit	是	图形界面	否	指数级