Journal on Communications ›› 2021, Vol. 42 ›› Issue (1): 1-17.doi: 10.11959/j.issn.1000-436x.2021004
• Papers • Next Articles
Wenjuan WANG, Xuehui DU, Dibin SHAN
Revised:
2020-09-23
Online:
2021-01-25
Published:
2021-01-01
Supported by:
CLC Number:
Wenjuan WANG, Xuehui DU, Dibin SHAN. Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph[J]. Journal on Communications, 2021, 42(1): 1-17.
"
主机 | 版本 | 漏洞 | 描述 | AV/AC/Au |
WS | Apache 2.0 | CVE-2006-3747 | execute code, dos | N/H/N |
WS | IE 9 | CVE-2019-1367 | overflow, execute code | N/H/N |
FS | NFS 1.0 | CVE-2004-0946 | execute code, overflow | N/L/N |
VM1 | Win7 SP1 | CVE-2017-0146 | execute code | N/M/N |
PM3 | Hadoop 2.6 | CVE-2016-3086 | obtain information | N/L/N |
PM4 | Spark 2.1 | CVE-2018-8024 | obtain infotmation | N/M/S |
VMM | Xen 4.6 | CVE-2017-2620 | dos, gain privileges | L/M/N |
"
有向边 | 权值 | 有向边 | 权值 | 有向边 | 权值 | 有向边 | 权值 |
(s0, a1) | 0.49 | (s3, a4) | 0.86 | (s0, a7) | 1.0 | (s7, a10) | 0.68 |
(a1, s1) | 1.0 | (a4, s4) | 1.0 | (a7, s3) | 1.0 | (a10, s8) | 1.0 |
(s1, a2) | 0.5 | (s4, a5) | 1.0 | (s3, a8) | 0.5 | (s1, a11) | 0.49 |
(a2, s2) | 0.9 | (a5, s5) | 1.0 | (a8, s6) | 0.9 | (a11, s7) | 1.0 |
(s2, a3) | 0.5 | (s1, a6) | 0.49 | (s6, a9) | 0.5 | (s8, a12) | 0.34 |
(a3, s3) | 0.9 | (a6, s4) | 1.0 | (a9, s7) | 0.9 | (a12, s9) | 1.0 |
"
时刻 | 更新操作 | 编号 | 观察事件序列 | 攻击意图gMAP | 最大概率攻击路径hMAP |
t0 | — | O0 | {null} | s5 | {s0, a7, s3, a4, s4, a5, s5} |
t1 | ? | O1 | {o1:0.81, o2:0.6, o3:0.38} | s5 | {s0, a1, s1, a2, s2, a3, s3, a4, s4, a5, s5} |
t2 | {D, a5, s5} | O2 | { o11:0.59, o10:0.62} | s8 | {s0, a1, s1, a11, s7, a10, s8} |
t3 | {I, a12, s9} | O3 | { o12:0.54} | s9 | {s0, a1, s1, a11, s7, a12, s9} |
[1] | PETER M M , TIMOTHY G . SP 800-145.The NIST definition of cloud computing[M]. National Institute of Standards & Technology, 2011. |
[2] | PENG N , YUN C , REEVES D S ,et al. Constructing attack scenarios through correlation of intrusion alerts[C]// ACM Symposium on Computer and Communications Security. New York:ACM Press, 2002: 245-254. |
[3] | WANG L , GHORBANI A , LI Y ,et al. Automatic multi-step attack pattern discovering[J]. International Journal of Network Security, 2010,10(2): 142-152. |
[4] | 梅海彬, 龚俭, 张明华 ,等. 基于警报序列聚类的多步攻击模式发现研究[J]. 通信学报, 2011,32(5): 63-69. |
MEI H B , GONG J , ZHANG M H ,et al. Research on discovering multi-step attack patterns based on clustering IDS alert sequences[J]. Journal on Communications, 2011,32(5): 63-69. | |
[5] | 葛琳, 季新生, 江涛 ,等. 基于关联规则的网络信息内容安全事件发现及其 Map-Reduce 实现[J]. 电子与信息学报, 2014,36(8): 1831-1837. |
GE L , JI X S , JIANG T ,et al. Association rules and its implementation in Map-Reduce[J]. Journal of Electronics & Information Technology, 2014,36(8): 1831-1837. | |
[6] | 鲁显光, 杜学绘, 王文娟 ,等. 基于改进FP growth的告警关联算法[J]. 计算机科学, 2019,46(8): 64-70. |
LU X G , DU X H , WANG W J ,et al. Alert correlation algorithm based on improved FP growth[J]. Computer Science, 2019,46(8): 64-70. | |
[7] | WANG S , TANG G , KOU G ,et al. An attack graph generation method based on heuristic searching strategy[C]// IEEE International Conference on Computer and Communications. Piscataway:IEEE Press, 2016: 1180-1185. |
[8] | KAYNAR K , SIVRIKAYA F . Distributed attack graph generation[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(5): 519-532. |
[9] | 吕慧颖, 彭武, 王瑞梅 ,等. 基于时空关联分析的网络实时威胁识别与评估[J]. 计算机研究与发展, 2014,51(5): 1039-1049. |
LYU H Y , PENG W , WANG R M ,et al. A real-time network threat recognition and assessment method based on association analysis of time and space[J]. Journal of Computer Research and Development, 2014,51(5): 1039-1049. | |
[10] | 刘威歆, 郑康锋, 武斌 ,等. 基于攻击图的多源告警关联分析方法[J]. 通信学报, 2015,36(9): 135-144. |
LIU W X , ZENG K F , WU B ,et al. Alert processing based on attack graph and multi-source analyzing[J]. Journal on Communications, 2015,36(9): 135-144. | |
[11] | 陈小军, 方滨兴, 谭庆丰 ,等. 基于概率攻击图的内部攻击意图推断算法研究[J]. 计算机学报, 2014,37(1): 62-72. |
CHEN X J , FANG B X , TAN Q F ,et al. Inferring attack intent of malicious insider based on probabilistic attack graph[J]. Journal of Computers, 2014,37(1): 62-72. | |
[12] | 王硕, 汤光明, 王建华 ,等. 基于因果知识网络的攻击场景构建方法[J]. 计算机研究与发展, 2018,55(12): 2620-2636. |
WANG S , TANG G M , WANG J H ,et al. Attack scenario construction method based on causal knowledge net[J]. Journal of Computer Research and Development, 2018,55(12): 2620-2636. | |
[13] | 许嘉, 张千桢, 赵翔 ,等. 动态图模式匹配技术综述[J]. 软件学报, 2018,29(3): 663-688. |
XU J , ZHANG Q Z , ZHAO X ,et al. Survey on dynamic graph pattern matching technologies[J]. Journal of Software, 2018,29(3): 663-688. | |
[14] | OU X , GOVINDAVAJHALA S , APPEL A W ,et al. MulVAL:a logic-based network security analyzer[C]// 14th USENIX Security. Berkeley:USENIX Association, 2005: 1-16. |
[15] | JAJODIA S , NOEL S . Topological vulnerability analysis:a powerful new approach for network attack prevention,detection,and response[J]. Algorithms,Architectures and Information Systems Security, 2005: 285-305. |
[16] | LIPPMANN R , INGOLS K , SCOTT C ,et al. Validating and restoring defense in depth using attack graphs[C]// Milcom 2006 Military Communications Conference.[S.n.:s.l.], 2006: 1-10. |
[17] | SCARFONE K , MELL P . An analysis of CVSS version 2 vulnerability scoring[C]// International Symposium on Empirical Software Engineering & Measurement. Piscataway:IEEE Press, 2009. |
[18] | 冯学伟, 王东霞, 黄敏桓 ,等. 一种基于马尔可夫性质的因果知识挖掘方法[J]. 计算机研究与发展, 2014,51(11): 2493-2504. |
FENG X W , WANG D X , HUANG M H ,et al. A mining approach for causal knowledge in alert correlating based on the Markov property[J]. Journal of Computer Research and Development, 2014,51(11): 2493-2504. |
[1] | Ling MA, Qiliang FAN, Ting XU, Guanchen GUO, Shenglin ZHANG, Yongqian SUN, Yuzhi ZHANG. Scheduling framework based on reinforcement learning in online-offline colocated cloud environment [J]. Journal on Communications, 2023, 44(6): 90-102. |
[2] | Huaqun WANG, Zhe LIU, Debiao HE, Jiguo LI. Identity-based provable data possession scheme for multi-source IoT terminal data in public cloud [J]. Journal on Communications, 2021, 42(7): 52-60. |
[3] | Jianhong ZHANG, Menglong WU, Jing WANG, Pei LIU, Zhengtao JIANG, Changgen PENG. Secure and verifiable multi-keyword searchable encryption scheme in cloud [J]. Journal on Communications, 2021, 42(4): 139-149. |
[4] | Ruiqi LI, Chunfu JIA, Yafei WANG. Multi-key homomorphic proxy re-encryption scheme based on NTRU and its application [J]. Journal on Communications, 2021, 42(3): 11-22. |
[5] | Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94. |
[6] | Youliang TIAN,Qin LUO. Verifiable multi-keyword search scheme based on improved Merkle-Tree authentication method [J]. Journal on Communications, 2020, 41(9): 118-129. |
[7] | Na WANG,Kun ZHENG,Junsong FU,Jian LI. Method of ciphertext retrieval in mobile edge computing based on block segmentation [J]. Journal on Communications, 2020, 41(7): 95-102. |
[8] | Lindong ZHAO,Wenqin ZHUANG,Jianxin CHEN,Liang ZHOU. Hierarchical task offloading in heterogeneous cellular network:modeling and optimization [J]. Journal on Communications, 2020, 41(4): 34-44. |
[9] | Bing LIANG,Wen JI. Multiuser computation offloading for edge-cloud collaboration using submodular optimization [J]. Journal on Communications, 2020, 41(10): 25-36. |
[10] | SU Mingfeng,WANG Guojun,LI Renfa. Multidimensional QoS cloud computing resource scheduling method based on stakeholder perspective [J]. Journal on Communications, 2019, 40(6): 102-115. |
[11] | CHEN Xingshu,HUA Qiang,WANG Yitong,GE Long,ZHU Yi. Research on low-rate DDoS attack of SDN network in cloud environment [J]. Journal on Communications, 2019, 40(6): 210-222. |
[12] | Wanliang WANG, Zelin ZANG, Guoqi CHEN, Hangyao TU, Yule WANG, Linyan LU. Research on optimal two element exchange algorithm for large scale cloud computing server scheduling problem [J]. Journal on Communications, 2019, 40(5): 180-191. |
[13] | Tian WANG,Xuewei SHEN,Hao LUO,Baisheng CHEN,Guojun WANG,Weijia JIA. Research progress of trusted sensor-cloud based on fog computing [J]. Journal on Communications, 2019, 40(3): 170-181. |
[14] | Xinfeng HE,Junfeng TIAN,Fanming LIU. Survey on trusted cloud platform technology [J]. Journal on Communications, 2019, 40(2): 154-163. |
[15] | Zhiqiang ZHU,Renhao LIN,Cuiyun HU. Openstack authentication protocol based on digital certificate [J]. Journal on Communications, 2019, 40(2): 188-196. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|