基于贝叶斯攻击图的网络入侵意图分析模型

doi:10.11959/j.issn.1000-436x.2020172

Abstract

Abstract:

Aiming at the problem of ignoring the impact of attack cost and intrusion intention on network security in the current network risk assessment model,in order to accurately assess the target network risk,a method of network intrusion intention analysis based on Bayesian attack graph was proposed.Based on the atomic attack probability calculated by vulnerability value,attack cost and attack benefit,the static risk assessment model was established in combination with the quantitative attack graph of Bayesian belief network,and the dynamic update model of intrusion intention was used to realize the dynamic assessment of network risk,which provided the basis for the dynamic defense measures of attack surface.Experiments show that the model is not only effective in evaluating the overall security of the network,but also feasible in predicting attack paths.

Key words: Bayesian belief network, attack graph, network security, intrusion intention, risk assessment

CLC Number:

TP393.4

Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph[J]. Journal on Communications, 2020, 41(9): 160-169.

Figures/Tables 15

References 16

[1]	罗智勇, 杨旭, 孙广路 ,等. 基于马尔可夫的有限自动机入侵容忍系统模型[J]. 通信学报, 2019,40(10): 79-89.
	LUO Z Y , YANG X , SUN G L ,et al. Finite automaton intrusion tolerance system model based on Markov[J]. Journal on Communications, 2019,40(10): 79-89.
[2]	王帆 . 基于贝叶斯攻击图的网络安全风险评估方法研究[D]. 西安:西北大学, 2018.
	WANG F . Research on network security risk assessment method based on Bayesian attack graph[D]. Xi’an:Northwest University, 2018.
[3]	PHILLIPS C , SWILER L P . A graph-based system for networ-k vulnerability analysis[C]// 1998 Workshop on New Security Paradigms. New York:ACM Press, 1998: 71-79.
[4]	叶子维, 郭渊博, 王宸东 ,等. 攻击图技术应用研究综述[J]. 通信学报, 2017,38(11): 121-132.
	YE Z W , GUO Y B , WANG C D ,et al. Survey on application of attack graph technology[J]. Journal on Communications, 2017,38(11): 121-132.
[5]	吴晨思, 谢卫强, 姬逸潇 ,等. 网络系统安全度量综述[J]. 通信学报, 2019,40(6): 14-31.
	WU C S , XIE W Q , JI Y X ,et al. Survey on network sy-stem security metrics[J]. Journal on Communications, 2019,40(6): 14-31.
[6]	王硕, 汤光明, 王建华 ,等. 基于因果知识网络的攻击场景构建方法[J]. 计算机研究与发展, 2018,55(12): 2620-2636.
	WANG S , TANG G M , WANG J H ,et al. Attack scenarioconstruction method based on causal knowledge net[J]. Journal of Computer Research and Development, 2018,55(12): 2620-2636.
[7]	胡浩, 刘玉岭, 张红旗 ,等. 基于吸收Markov链的网络入侵路径预测方法[J]. 计算机研究与发展, 2018,55(4): 831-845.
	HU H , LIU Y L , ZHANG H Q ,et al. Route prediction method for network intrusion using absorbing Markov chain[J]. Journal of Computer Research and Development, 2018,55(4): 831-845.
[8]	雷程, 马多贺, 张红旗 ,等. 基于变点检测的网络移动目标防御效能评估方法[J]. 通信学报, 2017,38(1): 126-140.
	LEI C , MA D H , ZHANG H Q ,et al. Performance assessment approach based on change-point detection for network moving target defense[J]. Journal on Communications, 2017,38(1): 126-140.
[9]	HU H , ZHANG H , YANG Y ,et al. Security risk situation quantification method based on threat prediction for multimedia communication network[J]. Multimedia Tools and Applications, 2018,77(11): 1-31.
[10]	王辉, 鹿士凯, 王银城 . 基于关联攻击图的入侵预测算法[J]. 计算机工程, 2018,44(7): 131-138.
	WANG H , LU S K , WANG Y C . Intrusion prediction algorithm based on correlation attack graph[J]. Computer Engineering, 2018,44(7): 131-138.
[11]	秦虎, 王建利, 彭逍遥 . 基于权限提升矩阵的攻击图生成方法[J]. 北京理工大学学报, 2019,39(1): 101-105.
	QIN H , WANG J L , PENG X Y . Attack graph generation method based on privilege escalation matrix[J]. Transactions of Beijing Institute of Technology, 2019,39(1): 101-105.
[12]	李艳, 王纯子, 黄光球 ,等. 网络安全态势感知分析框架与实现方法比较[J]. 电子学报, 2019,47(4): 927-945.
	LI Y , WANG C Z , HUANG G Q ,et al. A survey of architecture and implementation method on cyber security situation awareness analysis[J]. Acta Electronica Sinica, 2019,47(4): 927-945.
[13]	JUKKA R . A look at the time delays in CVSS vulnerability scoring[J]. Applied Computing and Informatics, 2019,15(2): 1-18.
[14]	马春光, 汪诚弘, 张东红 ,等. 一种基于攻击意愿分析的网络风险动态评估模型[J]. 计算机研究与发展, 2015,52(9): 2056-2068.
	MA C G , WANG C H , ZHANG D H ,et al. A dynamic network risk assessment model based on attacker’s inclination[J]. Journal of Computer Research and Development, 2015,52(9): 2056-2068.
[15]	高妮, 高岭, 贺毅岳 ,等. 基于贝叶斯攻击图的动态安全风险评估模型[J]. 四川大学学报(工程科学版), 2016,48(1): 111-118.
	GAO N , GAO L , HE Y Y ,et al. Dynamic security risk assessment model based on bayesian attack graph[J]. Journal of Sichuan University (Engineering Science Edition), 2016,48(1): 111-118.
[16]	周余阳, 程光, 郭春生 . 基于贝叶斯攻击图的网络攻击面风险评估方法[J]. 网络与信息安全学报, 2018,4(6): 11-22.
	ZHOU Y Y , CHENG G , GUO C S . Risk assessment method for network attack surface based on Bayesian attack graph[J]. Chinese Journal of Network and Information Security, 2018,4(6): 11-22.

Metrics

Recommended 0

No Suggested Reading articles found!

基础指标	因素	度量值	评分
		网络(N)	0.85
	AV	相邻(A)	0.62
		本地(L)	0.55
		物理(P)	0.20
	AC	低(L)	0.77
可利用性		高(H)	0.44
可利用性		无(N)	0.85
	PR	低(L)	0.62
		高(H)	0.27
	UI	无(N)	0.85
		所需(R)	0.62
		无(N)	0.00
影响度	C,I,A	低(L)	0.22
		高(H)	0.56
范围	S	不变(U)
		变动(C)

成本	度量值	评分
SI	完整/功能/空	0.1/0.3/0.7
SP	普通/特殊/特定	0.15/0.35/0.6
Or	工具/脚本/手册/团体	0.1/0.25/0.45/0.7
IR	空/普通/配置/关键	0/0.2/0.55/0.8

度量值	评分
信息泄露	0.3～0.55
远程注册	0.55～0.7
认证绕过	0.7～0.8
有限访问	0.85～0.95
完整权限	1.0

主机	操作系统或程序	漏洞编号	CVE编号	value(v_i)
H₁	Titan FTP Server6.0.3	v₁	CVE-2013-4465	46%
H₁	Windows 2003 Server	v₂	CVE-2004-0575	53%
H₂	Windows 2003 Server	v₃	CVE-2002-0364	35%
H₂	IIS 5.0 Web Server	v₄	CVE-2006-2379	39%
H₃	Check Point VPN-1 Server4.1	v₅	CVE-2009-0241	43%
H₆	Windows 2000	v₆	CVE-2007-0038	55%
H₇	Windows XP	v₇	CVE-2006-2370	25%
H₉	Windows XP	v₈	CVE-2003-0252	39%
H₁₂	Windows XP	v₉	CVE-2004-1306	51%
H₁₂	SQL Server	v₁₀	CVE-2004-0893	36%
H₁₂	SQL Server	v₁₁	CVE-2015-1762	41%

编号	攻击路径
AP₁	S₀—S₁—S₄—S₇—S₈
AP₂	S₀—S₂—S₄—S₇—S₈
AP₃	S₀—S₂—S₄—S₅—S₇—S₈
AP₄	S₀—S₂—S₅—S₇—S₈
AP₅	S₀—S₃—S₅—S₇—S₈
AP₆	S₀—S₃—S₆—S₇—S₈
AP₇	S₀—S₃—S₅—S₆—S₇—S₈

Network intrusion intention analysis model based on Bayesian attack graph

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 16

Related Articles 15

Metrics

Recommended 0

[1]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[2]	Zhiyong LUO, Yu ZHANG, Qing WANG, Weiwei SONG. Study of SDN intrusion intent identification algorithm based on Bayesian attack graph [J]. Journal on Communications, 2023, 44(4): 216-225.
[3]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[4]	Hongyu YANG, Haihang YUAN, Liang ZHANG. Host security assessment method based on attack graph [J]. Journal on Communications, 2022, 43(2): 89-99.
[5]	Hongbin ZHANG, Yan YIN, Dongmei ZHAO, Bin LIU. Network security situational awareness model based on threat intelligence [J]. Journal on Communications, 2021, 42(6): 182-194.
[6]	Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices [J]. Journal on Communications, 2021, 42(2): 154-167.
[7]	Xu CHENG, Yingying WANG, Nianjie ZHANG, Zhangjie FU, Beijing CHEN, Guoying ZHAO. Multi-level loss object tracking adversarial attack method based on spatial perception [J]. Journal on Communications, 2021, 42(11): 242-254.
[8]	Wenjuan WANG, Xuehui DU, Dibin SHAN. Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph [J]. Journal on Communications, 2021, 42(1): 1-17.
[9]	Tao HUANG, Jiang LIU, Shuo WANG, Chen ZHANG, Yunjie LIU. Survey of the future network technology and trend [J]. Journal on Communications, 2021, 42(1): 130-150.
[10]	Hanxun ZHOU,Chen CHEN,Runze FENG,Junkun XIONG,Hong PAN,Wei GUO. Mobile malware traffic detection approach based on value-derivative GRU [J]. Journal on Communications, 2020, 41(1): 102-113.
[11]	JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137.
[12]	Xinyu WANG,Ben NIU,Fenghua LI,Kun HE. Risk assessing and privacy-preserving scheme for privacy leakage in APP [J]. Journal on Communications, 2019, 40(5): 13-23.
[13]	Zhiyong LUO, Xu YANG, Guanglu SUN, Zhiqiang XIE, Jiahui LIU. Finite automaton intrusion tolerance system model based on Markov [J]. Journal on Communications, 2019, 40(10): 79-89.
[14]	Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU. Network security threat warning method based on qualitative differential game [J]. Journal on Communications, 2018, 39(8): 29-36.
[15]	Xiaodong ZANG,Jian GONG,Xiaoyan HU. Detecting malicious domain names based on AGD [J]. Journal on Communications, 2018, 39(7): 15-25.