基于吸收马尔可夫链攻击图的网络攻击分析方法研究

doi:10.11959/j.issn.1000-436x.2023002

Abstract

Abstract:

Existing intrusion path studies based on attack graph lack consideration of factors other than basic network environment information when calculating the state transition probability.In order to analyze the security of target network comprehensively and reasonably, a network attack analysis method based on attack graph of absorbing Markov chain was proposed.Firstly, a state transition probability normalization algorithm based on vulnerability life cycle was proposed based on attack graph.Secondly, the attack graph was mapped to the absorbing Markov chain and the state transition probability matrix was given.Finally, the state transition probability matrix was calculated to comprehensively analyze the node threat degree, attack path length and expected impact of the target network.The results show that the proposed method can effectively analyze the expected influence of node threat degree, attack path length and vulnerability life cycle on the whole network, which is helpful for security research personnel to better understand the security state of the network.

Key words: attack graph, absorbing Markov chain, vulnerability life cycle, network attack, network security analysis

CLC Number:

TP393

Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain[J]. Journal on Communications, 2023, 44(2): 122-135.

Figures/Tables 16

References ［20］

［1］	叶云, 徐锡山, 齐治昌 ,等．大规模网络中攻击图自动构建算法研究［J］．计算机研究与发展, 2013,50(10): 2133-2139．
	YE Y , XU X S , QI Z C ,et al． Attack graph generation algorithm for large-scale network system［J］． Journal of Computer Research and Development, 2013,50(10): 2133-2139．
［2］	杨英杰, 冷强, 潘瑞萱 ,等．基于属性攻击图的动态威胁跟踪与量化分析技术研究［J］．电子与信息学报, 2019,41(9): 2172-2179．
	YANG Y J , LENG Q , PAN R X ,et al． Research on dynamic threat tracking and quantitative analysis technology based on attribute attack graph［J］． Journal of Electronics ＆ Information Technology, 2019,41(9): 2172-2179．
［3］	BHATTACHARYA S , GHOSH S K ． An artificial intelligence based approach for risk management using attack graph［C］// Proceedings of 2007 International Conference on Computational Intelligence and Security (CIS 2007)． Piscataway:IEEE Press, 2007: 794-798．
［4］	陈锋, 张怡, 苏金树 ,等．攻击图的两种形式化分析［J］．软件学报, 2010,21(4): 838-848．
	CHEN F , ZHANG Y , SU J S ,et al． Two formal analyses of attack graphs［J］． Journal of Software, 2010,21(4): 838-848．
［5］	KAYNAR K ． A taxonomy for attack graph generation and usage in network security［J］． Journal of Information Security and Applications, 2016,29: 27-56．
［6］	杨宏宇, 袁海航, 张良．基于攻击图的主机安全评估方法［J］．通信学报, 2022,43(2): 89-99．
	YANG H Y , YUAN H H , ZHANG L ． Host security assessment method based on attack graph［J］． Journal on Communications, 2022,43(2): 89-99．
［7］	罗智勇, 杨旭, 刘嘉辉 ,等．基于贝叶斯攻击图的网络入侵意图分析模型［J］．通信学报, 2020,41(9): 160-169．
	LUO Z Y , YANG X , LIU J H ,et al． Network intrusion intention analysis model based on Bayesian attack graph［J］． Journal on Communications, 2020,41(9): 160-169．
［8］	王文娟, 杜学绘, 单棣斌．基于动态概率攻击图的云环境攻击场景构建方法［J］．通信学报, 2021,42(1): 1-17．
	WANG W J , DU X H , SHAN D B ． Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph［J］． Journal on Communications, 2021,42(1): 1-17．
［9］	HU H , ZHANG H Q , YANG Y J ． Security risk situation quantification method based on threat prediction for multimedia communication network［J］． Multimedia Tools and Applications, 2018,77(16): 21693-21723．
［10］	陈小军, 方滨兴, 谭庆丰 ,等．基于概率攻击图的内部攻击意图推断算法研究［J］．计算机学报, 2014,37(1): 62-72．
	CHEN X J , FANG B X , TAN Q F ,et al． Inferring attack intent of malicious insider based on probabilistic attack graph model［J］． Chinese Journal of Computers, 2014,37(1): 62-72．
［11］	胡浩, 刘玉岭, 张红旗 ,等．基于吸收Markov链的网络入侵路径预测方法［J］．计算机研究与发展, 2018,55(4): 831-845．
	HU H , LIU Y L , ZHANG H Q ,et al． Route prediction method for network intrusion using absorbing Markov chain［J］． Journal of Computer Research and Development, 2018,55(4): 831-845．
［12］	张凯, 刘京菊．基于吸收 Markov 链的网络入侵路径分析方法［J］．计算机科学, 2021,48(5): 294-300．
	ZHANG K , LIU J J ． Attack path analysis method based on absorbing Markov chain［J］． Computer Science, 2021,48(5): 294-300．
［13］	DURKOTA K , LISY V , B BOSANSKY ,et al． Optimal network security hardening using attack graph games［C］// International Conference on Artificial Intelligence． Palo Alto:AAAI Press, 2015: 526-532．
［14］	MALIK S U R , ANJUM A , MOQURRAB S A ,et al． Towards enhanced threat modelling and analysis using a Markov Decision Process［J］． Computer Communications, 2022,194: 282-291．
［15］	SHAHZAD M , SHAFIQ M Z , LIU A X ． Large scale characterization of software vulnerability life cycles［J］． IEEE Transactions on Dependable and Secure Computing, 2020,17(4): 730-744．
［16］	胡浩, 叶润国, 张红旗 ,等．面向漏洞生命周期的安全风险度量方法［J］．软件学报, 2018,29(5): 1213-1229．
	HU H , YE R G , ZHANG H Q ,et al． Vulnerability life cycle oriented security risk metric method［J］． Journal of Software, 2018,29(5): 1213-1229．
［17］	BOTEV Z I , LECUYER P , TUFFIN B ． Markov chain importance sampling with applications to rate event probability estimation［J］． Statistics and Computing, 2013,23(2): 271-285．
［18］	NIST． National vulnerability database［R］． 2017．
［19］	ABRAHAM S , NAIR S ． Predictive cyber-security analytics framework:a non-homogenous Markov model for security quantification［J］． Journal of Communication, 2014,12(9): 899-907．
［20］	杨宏宇, 袁海航, 张良．一种基于主机重要度的网络主机节点风险评估方法［J］．北京邮电大学学报, 2022,45(2): 16-21．
	YANG H Y , YUAN H H , ZHANG L ． A risk assessment method of network host node with host importance［J］． Journal of Beijing University of Posts and Telecommunications, 2022,45(2): 16-21．

Metrics

Recommended 0

No Suggested Reading articles found!

文献	研究内容所属类别
［1,3-4］	攻击图的生成与优化算法
［5-7］	基于网络拓扑信息的静态风险分析
［2,8-9］	基于图论的动态风险量化与评估
［10-14］	基于概率论的攻击图与马尔可夫模型的融合
［15-16］	漏洞生命周期

基础指标	名称	描述	分值
AV	Local(L)	通过本地物理接触攻击或本地shell攻击	0.395
	Adjacent Network(A)	相邻网络攻击	0.646
	Network(N)	远程网络攻击	1.000
AC	High(H)	复杂度高，需要获取系统权限等	0.350
	Medium(M)	复杂度中等，需要获取系统部分权限等	0.610
	Low(L)	复杂度低	0.710
Au	Multiple(M)	需要多次认证	0.450
	Single(S)	需要一次认证	0.560
	None(N)	不需要认证	0.704

运行服务名称	CVE编号(漏洞编号)	可利用得分	主机号	漏洞发现日期
apache	CVE-2014-0098(V₁)	10.0	H₁	2014-03-18
FTP server	CVE-2013-4465(V₂)	4.6	H₂	2013-10-25
Linux	CVE-2014-0038(V₃)	3.4	H₃	2014-02-06
Ms-office	CVE-2013-1324(V₄)	8.6	H₄	2013-11-12
bmc	CVE-2013-4782(V₅)	10.0	H₅	2013-07-08
radius	CVE-2014-1878(V₆)	10.0	H₆	2014-02-28
postgresql	CVE-2014-0063(V₇)	7.9	H₇	2014-02-17

路径序号	渗透路径	路径长度	渗透成功率
Route₁	S₁→S₃→S₄→S₆→S₈	5	0.006
Route₂	S₁→S₃→S₄→S₇→S₈	5	0.010
Route₃	S₁→S₃→S₅→S₆→S₈	5	0.020
Route₄	S₁→S₃→S₅→S₇→S₈	5	0.035
Route₅	S₁→S₂→S₃→S₄→S₆→S₈	6	0.002
Route₆	S₁→S₂→S₃→S₄→S₇→S₈	6	0.003
Route₇	S₁→S₂→S₃→S₅→S₆→S₈	6	0.006
Route₈	S₁→S₂→S₃→S₅→S₇→S₈	6	0.011
Route₉	S₁→S₃→S₄→S₅→S₆→S₈	6	0.002
Route₁₀	S₁→S₃→S₄→S₅→S₇→S₈	6	0.004
Route₁₁	S₁→S₃→S₅→S₆→S₇→S₈	6	0.017
Route₁₂	S₁→S₃→S₄→S₆→S₇→S₈	6	0.005
Route₁₃	S₁→S₂→S₃→S₅→S₆→S₇→S₈	7	0.005
Route₁₄	S₁→S₂→S₃→S₄→S₅→S₆→S₈	7	0.000 7
Route₁₅	S₁→S₂→S₃→S₄→S₅→S₇→S₈	7	0.001
Route₁₆	S₁→S₂→S₃→S₄→S₆→S₇→S₈	7	0.002
Route₁₇	S₁→S₃→S₄→S₅→S₆→S₇→S₈	7	0.002
Route₁₈	S₁→S₂→S₃→S₄→S₅→S₆→S₇→S₈	8	0.000 7

方法	建模方法	客观程度	漏洞生命周期度量	攻击路径分析	威胁程度分析	预期影响分析
文献［3］	攻击图	低	否	否	否	否
文献［7］	贝叶斯攻击图	高	否	是	否	否
文献［11］	马尔可夫链攻击图	中	否	是	是	否
文献［12］	马尔可夫链攻击图	中	否	是	是	否
文献［16］	马尔可夫链攻击图	高	是	否	否	是
本文方法	吸收马尔可夫链攻击图	高	是	是	是	是

Research on network attack analysis method based on attack graph of absorbing Markov chain

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References ［20］

Related Articles 15

Metrics

Recommended 0

[1]	Zhiyong LUO, Yu ZHANG, Qing WANG, Weiwei SONG. Study of SDN intrusion intent identification algorithm based on Bayesian attack graph [J]. Journal on Communications, 2023, 44(4): 216-225.
[2]	Hongyu YANG, Haihang YUAN, Liang ZHANG. Host security assessment method based on attack graph [J]. Journal on Communications, 2022, 43(2): 89-99.
[3]	Wenjuan WANG, Xuehui DU, Dibin SHAN. Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph [J]. Journal on Communications, 2021, 42(1): 1-17.
[4]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.
[5]	Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU. Network security threat warning method based on qualitative differential game [J]. Journal on Communications, 2018, 39(8): 29-36.
[6]	Hongqi ZHANG,Junnan YANG,Chuanfu ZHANG. Defense decision-making method based on incomplete information stochastic game and Q-learning [J]. Journal on Communications, 2018, 39(8): 56-68.
[7]	Zi-wei YE,Yuan-bo GUO,Chen-dong WANG,An-kang JU. Survey on application of attack graph technology [J]. Journal on Communications, 2017, 38(11): 121-132.
[8]	Hao HU,Run-guo YE,Hong-qi ZHANG,Ying-jie YANG,Yu-ling LIU. Quantitative method for network security situation based on attack prediction [J]. Journal on Communications, 2017, 38(10): 122-134.
[9]	Jian-ming HUANG,Heng-wei ZHANG,Jin-dong WANG,Shi-rui HUANG. Defense strategies selection based on attack-defense evolutionary game model [J]. Journal on Communications, 2017, 38(1): 168-176.
[10]	Wei-xin LIU,Kang-feng ZHENG,Bin WU,Yi-xian YANG. Alert processing based on attack graph and multi-source analyzing [J]. Journal on Communications, 2015, 36(9): 135-144.
[11]	Guang-sheng ZHAO,Qing-feng CHENG,Yong-lin SUN. Minimum-cost network hardening algorithm based on stochastic loose optimize strategy [J]. Journal on Communications, 2015, 36(1): 237-245.
[12]	. App-DDoS detection method based on K-means multiple principal component analysis [J]. Journal on Communications, 2014, 35(5): 3-24.
[13]	Hong-yu YANG,Yuan CHANG. App-DDoS detection method based on K-means multiple principal component analysis [J]. Journal on Communications, 2014, 35(5): 16-24.
[14]	Yun YE,Xi-shan XU,Yan JIA,Zhi-chang QI,Wen-cong CHENG. Research on the risk adjacency matrix based on attack graphs [J]. Journal on Communications, 2011, 32(5): 112-120.
[15]	Fen YAN,Xin-chun YIN,Hao HUANG. Research on establishing network intrusion modeling based on MLL-AT [J]. Journal on Communications, 2011, 32(3): 115-124.