通信学报 ›› 2023, Vol. 44 ›› Issue (2): 122-135.doi: 10.11959/j.issn.1000-436x.2023002

• 学术论文 • 上一篇    下一篇

基于吸收马尔可夫链攻击图的网络攻击分析方法研究

康海燕, 龙墨澜   

  1. 北京信息科技大学信息管理学院,北京 100192
  • 修回日期:2022-10-29 出版日期:2023-02-25 发布日期:2023-02-01
  • 作者简介:康海燕(1971– ),男,河北灵寿人,博士,北京信息科技大学教授,主要研究方向为网络安全与隐私保护等
    龙墨澜(1997– ),男,河南郑州人,北京信息科技大学硕士生,主要研究方向为网络攻击与恶意代码检测
  • 基金资助:
    国家社科基金资助项目(21BTQ079);教育部人文社科基金资助项目(20YJAZH046);未来区块链与隐私计算高精尖中心基金资助项目

Research on network attack analysis method based on attack graph of absorbing Markov chain

Haiyan KANG, Molan LONG   

  1. School of Information Management, Beijing Information Science and Technology University, Beijing 100192, China
  • Revised:2022-10-29 Online:2023-02-25 Published:2023-02-01
  • Supported by:
    The National Social Science Foundation of China(21BTQ079);The Humanities and Social Sciences Research Project of the Ministry of Education(20YJAZH046);Advanced Innovation Center for Future Blockchain and Privacy Computing Fund

在线阅读

32

PDF下载

505

摘要:

现有基于攻击图的入侵路径研究在计算状态转移概率时,缺乏对除基本网络环境信息以外因素的考虑,为了全面且合理地分析目标网络的安全性,提出了一种基于吸收马尔可夫链攻击图的网络攻击分析方法。首先,在攻击图的基础上,提出了一种基于漏洞生命周期的状态转移概率归一化算法;其次,使用该算法将攻击图映射为吸收马尔可夫链,并给出其状态转移概率矩阵;最后,对状态转移概率矩阵进行计算,全面分析目标网络的节点威胁程度、攻击路径长度、预期影响。在实验网络环境中应用所提方法,结果表明,所提方法能够有效分析目标网络中的节点威胁程度、攻击路径长度以及漏洞生命周期对网络整体的预期影响,有助于安全研究人员更好地了解网络的安全状态。

关键词: 攻击图, 吸收马尔可夫链, 漏洞生命周期, 网络攻击, 网络安全分析

Abstract:

Existing intrusion path studies based on attack graph lack consideration of factors other than basic network environment information when calculating the state transition probability.In order to analyze the security of target network comprehensively and reasonably, a network attack analysis method based on attack graph of absorbing Markov chain was proposed.Firstly, a state transition probability normalization algorithm based on vulnerability life cycle was proposed based on attack graph.Secondly, the attack graph was mapped to the absorbing Markov chain and the state transition probability matrix was given.Finally, the state transition probability matrix was calculated to comprehensively analyze the node threat degree, attack path length and expected impact of the target network.The results show that the proposed method can effectively analyze the expected influence of node threat degree, attack path length and vulnerability life cycle on the whole network, which is helpful for security research personnel to better understand the security state of the network.

Key words: attack graph, absorbing Markov chain, vulnerability life cycle, network attack, network security analysis

中图分类号: 

No Suggested Reading articles found!