面向多步攻击的网络安全态势评估方法

doi:10.11959/j.issn.1000-436x.2017021

Abstract

Abstract:

Aiming at analyzing the influence of multi-step attack,as well as reflecting the system’s security situation accurately and comprehensively,a network security situation evaluation method for multi-step attack was proposed.This method firstly clustered security events into several attack scenes,which was used to identify the attacker.Then the attack path and the attack phase were identified by causal correlation of every scene.Finally,combined with the attack phase as well as the threat index,the quantitative standard was established to evaluate the network security situation.The proposed method is assessed by two network attack-defense experiments,and the results illustrate accuracy and effectiveness of the method.

Key words: scene clustering, multi-step attack, security situation, quantification analysis

CLC Number:

TP393.08

Hao-pu YANG,Hui QIU,Kun WANG. Network security situation evaluation method for multi-step attack[J]. Journal on Communications, 2017, 38(1): 187-198.

Figures/Tables 10

References 20

[1]	吴迪, 连一峰, 陈恺 ,等. 一种基于攻击图的安全威胁识别和分析方法[J]. 计算机学报, 2012,35(6): 1938-1950.
	WU D , LIAN Y F , CHEN K ,et al. A security threats identification and analysis method based on attack graph[J]. Chinese Journal of Computers, 2012,35(6): 1938-1950.
[2]	田志宏, 余翔湛, 张宏莉 ,等. 基于证据推理网络的实时网络入侵取证方法[J]. 计算机学报, 2014,37(5): 1184-1194.
	TIAN Z H , YU X Z , ZHANG H L ,et al. A real-time intrusion forensics method based on evidence reasoning network[J]. Chinese Journal of Computer, 2014,37(5): 1184-1194.
[3]	ALHAZMI O H , MALAIYA Y K , RAY I . Measuring,analyzing and predicting security vulnerabilities in software systems[J]. Computers＆ Security, 2007,26(3): 219-228.
[4]	HANNES H , MATHIAS E , DENNIS A . Empirical analysis of system-level vulnerability metrics through actual attacks[J]. IEEE Transactions on Dependable and Secure Computing, 2012,9(6): 825-837.
[5]	ENDSLEY M R , . Design and evaluation for situation awareness enhancement[C]// The Human Factors Society 32nd Annual Meeting. 1988: 97-101.
[6]	BASS T . Intrusion detection systems ＆ multisensory data fusion:creating cyberspace situational awareness[J]. Communications of the ACM, 2000,43(4): 99-105.
[7]	陈秀真, 郑庆华, 管晓宏 ,等. 层次化网络安全威胁态势量化评估方法[J]. 软件学报, 2006,17(4): 885-997.
	CHEN X Z , ZHENG Q H , GUAN X H ,et al. Quantitative hierarchical threat evaluation model for network security[J]. Journal of Software, 2006,17(4): 885-997.
[8]	韦勇, 连一峰, 冯登国 . 基于信息融合的网络安全态势评估模型[J]. 计算机研究与发展, 2009,46(3): 353-362.
[9]	MIRMOEINI F , KRISHNAMURTHY V . Reconfigurable Bayesian networks for hierarchical multi-stage situation assessment in battlespace[C]// The 39th Asilomar Conference on Signals,Systems and Computers. 2005
[10]	徐晓辉, 刘作良 . 基于 D-S 证据理论的态势评估方法[J]. 电光与控制, 2005,12(5): 36-37.
	XU X H , LIU Z L . A method for situation assessment based on D-S evidence theory[J]. Electronics Optics ＆ Control, 2005,12(5): 36-37.
[11]	ZHUO Y , ZHANG Q , GONG Z H . Network situation assessment based on RST[C]// Pacific-Asia Workshop on Computational Indulgence and Industrial Application. 2008: 502-506.
[12]	ZHOU Y , ZHANG Q , GONG Z H . Research and implementation of network transmission situation awareness[C]// WRI World Congress on Computer Science and Information Engineering. 2009: 210-214.
[13]	张勇, 谭笑彬, 崔孝林 ,等. 基于 Markov 博弈模型的网络安全态势感知方法[J]. 软件学报, 2011,22(3): 495-508.
	ZHANG Y , TAN X B , CUI X L ,et al. Network security situation awareness approach based on markov game model[J]. Journal of Software, 2011,22(3): 495-508.
[14]	YEE W , TANSU A , MARIMUTHU P . Security games for risk minization in automatic generation control[J]. IEEE Transactions on Power Systems, 2015,30(1): 223-232.
[15]	吕慧颖, 彭武, 王瑞梅 ,等. 基于时空关联分析的网络安全实时威胁识别与评估[J]. 计算机研究与发展, 2014,51(5): 1039-1049.
	LYU H Y , PENG W , WANG R M ,et al. A real-time network threat recognition and assessment method based on association analysis of time and space[J]. Journal of Computer Research and Development, 2014,51(5): 1039-1049.
[16]	CYRIL O , THOMAS O . Situational awareness in computer network defense principles,methods and applications[M]. Hershey: IGI Global SnippetPress, 2012
[17]	SCHIFFMAN M . Common vulnerability scoring system version 2.0[EB/OL]. .
[18]	FATEMEH K , BEHZAD A . Automatic learning of attack behavior patterns using Bayesian networks[C]// 6th International Symposium on Telecommunications (IST’2012). 2012: 999-1004
[19]	MIT LINCOLN LABORATORY. 2000 DARPA intrusion detection scenario specific data sets[EB/OL]. .
[20]	DEFCON Capture the flag traffic dump[EB/OL]. .

Metrics

Recommended 0

No Suggested Reading articles found!

脆弱性信息	Mill	Pascal	Locke	www.af.mil
ICMP非法配置	√	√	√
SunRPC非法配置	√	√	√
Sadmind缓存区溢出(CVE-1999-0977)	√	√	√
RCP非法配置	√	√	√
SYN泛洪(CVE-1999-0116)				√
HINFO Query非法配置	√
FTP非法配置	√	√	√

攻击手段	利用漏洞	威胁值
IP扫描	ICMP非法配置	1
Sadmind Ping	SunRPC非法配置	2
Daemon安装	Sadmind 缓存区溢出(CVE-1999-0977)	10
Sadmind Exploit	RCP非法配置	4
DDoS	SYN泛洪(CVE-1999-0116)	10

时间	攻击状态	Mill	Locke	Pascal	www.af.mil	SA
09:51～09:52	阶段1	0.917	0.917	0.917	0	0.458 5
10:07～10:17	阶段2	0.918	0.918	0.918	0	0.733 9
10:33～10:35	阶段3	0.95	0.95	0.96	0	2.163 9
10:50	阶段4	0.94	0.94	0.94	0	2.727 9
11:27	阶段5	0	0	0	0.96	3.687 9

Network security situation evaluation method for multi-step attack

RichHTML

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 10

References 20

Related Articles 8

Metrics

Recommended 0

[1]	Lingcui ZHANG, Yaobing XU, Fenghua LI, Liang FANG, Yunchuan GUO, Zifu LI. Dynamic security-empowering architecture for space-ground integration information network [J]. Journal on Communications, 2021, 42(9): 87-95.
[2]	Hongyu YANG,Xugao ZHANG. Self-corrected coefficient smoothing method based network security situation prediction [J]. Journal on Communications, 2020, 41(5): 196-204.
[3]	Ankang JU,Yuanbo GUO,Tao LI,Ziwei YE. Multi-step attack detection method based on network communication anomaly recognition [J]. Journal on Communications, 2019, 40(7): 57-66.
[4]	Hao HU,Run-guo YE,Hong-qi ZHANG,Ying-jie YANG,Yu-ling LIU. Quantitative method for network security situation based on attack prediction [J]. Journal on Communications, 2017, 38(10): 122-134.
[5]	. Bandwidth extension method based on nonlinear audio characteristics classification [J]. Journal on Communications, 2013, 34(8): 16-131.
[6]	Li-yan ZHANG,Chang-chun BAO,Xin LIU,Xing-tao ZHANG. Bandwidth extension method based on nonlinear audio characteristics classification [J]. Journal on Communications, 2013, 34(8): 120-130.
[7]	Hai-bin MEI,Jian GONG,Ming-hua ZHANG. Research on discovering multi-step attack patterns based on clustering IDS alert sequences [J]. Journal on Communications, 2011, 32(5): 63-69.
[8]	Xiao-yan LI,Qing-xian WANG,Lin YANG. Research of network security situation index system and visualization technology [J]. Journal on Communications, 2011, 32(11A): 109-118.