基于攻击预测的网络安全态势量化方法

doi:10.11959/j.issn.1000-436x.2017204

Abstract

Abstract:

To predict the attack behaviors accurately and comprehensively as well as to quantify the threat of attack,a quantitative method for network security situation based on attack prediction was proposed.By fusing the situation factors of attacker,defender and network environment,the capability of attacker and the exploitability rate of vulnerability were evaluated utilizing the real-time detected attack events,and the expected time-cost for attack-defense were further calculated.Then an attack prediction algorithm based on the dynamic Bayesian attack graph was designed to infer the follow-up attack actions.At last,the attack threat was quantified as the security risk situation from two levels of the hosts and the overall network.Experimental analysis indicates that the proposed method is suitable for the real adversarial network environment,and is able to predict the occurrence time of attack accurately and quantify the attack threat reasonably.

Key words: attack prediction, security situation, Bayesian attack graph, attack-defense, time prediction

CLC Number:

TP393.8

Hao HU,Run-guo YE,Hong-qi ZHANG,Ying-jie YANG,Yu-ling LIU. Quantitative method for network security situation based on attack prediction[J]. Journal on Communications, 2017, 38(10): 122-134.

Figures/Tables 14

References 21

[1]	QU Z Y , LI Y Y , LI P . A network security situation evaluation method based on D-S evidence theory[C]// Environmental Science and Information Application Technology (ESIAT). 2010: 496-499.
[2]	吕慧颖, 彭武, 王瑞梅 . 基于时空关联分析的网络实时威胁识别与评估[J]. 计算机研究与发展, 2014,51(5): 1039-1049.
	LYU H Y , PENG W , WANG R M ,et al. A real-time network threat recognition and assessment method based on association analysis of time and space[J]. Journal of Computer Research and Development, 2014,51(5): 1039-1049.
[3]	席荣荣, 云晓春, 张永铮 ,等. 一种改进的网络安全态势量化评估方法[J]. 计算机学报, 2015,38(4): 749-758.
	XI R R , YUN X C , ZHANG Y Z ,et al. An improved quantitative evaluation method for network security[J]. Chinese Journal of Computers, 2015,38(4): 749-758.
[4]	杨豪璞, 邱辉, 王坤 . 面向多步攻击的网络安全态势评估方法[J]. 通信学报, 2017,38(1): 187-198.
	YANG H P , QIU H , WANG K . Network security situation evaluation method for multi-step attack[J]. Journal on Communications, 2017,38(1): 187-198.
[5]	刘玉岭, 冯登国, 连一峰 ,等. 基于时空维度分析的网络安全态势预测方法[J]. 计算机研究与发展, 2014,51(8): 1681-1694.
	LIU Y L , FENG D G , LIAN Y F ,et al. Network situation prediction method based on spatial-time dimension analysis[J]. Journal of Computer Research and Development, 2014,51(8): 1681-1694.
[6]	LING L J , SU L , WANG H F ,et al. An ARIMA-ANN hybrid model for time series forecasting[J]. Systems Research And Behavioral Science, 2013,30(3): 1092-7026.
[7]	GE P , WANG J , REN P ,et al. A new improved forecasting method integrated fuzzy time series with the exponential smoothing method[J]. International Journal of Environment and Pollution, 2013,51(3/4): 206-221.
[8]	彭武, 胡昌振, 姚淑萍 ,等. 基于时间自动机的入侵意图动态识别方法[J]. 计算机研究与发展, 2011,48(7): 1288-1297.
	PENG W , HU C Z , YAO S P ,et al. A dynamic intrusive intention recognition method based on timed automata[J]. Journal of Computer Research and Development, 2011,48(7): 1288-1297.
[9]	陈小军, 方滨兴, 谭庆丰 ,等. 基于概率攻击图的内部攻击意图推断算法研究[J]. 计算机学报, 2014,37(1): 62-72.
	CHEN X J , FANG B X , TAN Q F ,et al. Inferring attack intent of malicious insider based on probabilistic attack graph model[J]. Chinese Journal of Computers, 2014,37(1): 62-72.
[10]	LIU S , LIU Y . Network security risk assessment method based on HMM and attack graph model[C]// IEEE/ACIS International Conference on Software Engineering,Artificial Intelligence,NETWORKING and Parallel/distributed Computing. 2016: 517-522.
[11]	FREDJ O B . A realistic graph based alert correlation system[J]. Security ＆ Communication Networks, 2015,8(15): 2477-2493.
[12]	DAI F , HU Y , ZHENG K ,et al. Exploring risk flow attack graph for security risk assessment[J]. IET Information Security, 2015,9(6): 344-353.
[13]	ABRAHAM S , NAIR S . A predictive framework for cyber security analytics using attack graphs[J]. International Journal of Computer Networks ＆ Communications, 2015,7(1): 1-17.
[14]	GHASEMIGOL M , GHAEMI B A , TAKABI H . A comprehensive approach for network attack forecasting[J]. Computers ＆ Security, 2016,58: 83-105.
[15]	WANG Y , LI J , MENG K ,et al. Modeling and security analysis of enterprise network using attack-defense stochastic game Petri nets[J]. Security ＆ Communication Networks, 2013,6(1): 89-99.
[16]	张勇, 谭小彬, 崔孝林 ,等. 基于Markov博弈模型的网络安全态势感知方法[J]. 软件学报, 2011,22(3): 495-508.
	ZHANG Y , TAN X B , CUI X L ,et al. Network security situation awareness approach based on Markov game model[J]. Journal of Software, 2011,22(3): 495-508.
[17]	CHEN G , SHEN D , KWAN C ,et al. Game theoretic approach to threat prediction and situation awareness[C]// International Conference on Information Fusion. 2006: 1-8.
[18]	WU J , OTA K , DONG M ,et al. Big data analysis based security situational awareness for smart grid[J]. IEEE Transactions on Big Data, 2016,doi:10.1109/TBDATA.2016.2616146.
[19]	SERRA E , JAJODIA S , PUGLIESE A ,et al. Pareto-optimal adversarial defense of enterprise systems[J]. ACM Transactions on Information ＆ System Security, 2015,17(3): 11.
[20]	MELL P , SCARFONE K , ROMAMOSKY S . Common vulnerability scoring system[J]. IEEE Security ＆ Privacy, 2007,4(6): 85-89.
[21]	OU X , GOVINDAVAJHALAS , APPEL A W . MulVAL:a logic-based network security analyzer[C]// 14th USENIX Security Symposium. 2005.

Metrics

Recommended 0

No Suggested Reading articles found!

AC		p (AC,ACAP )
AC	ACAP=Low	ACAP=Medium	ACAP=High
Low	0.5	0.7	0.9
Medium	0.3	0.5	0.7
High	0.1	0.3	0.5

主机	主机配置	服务名称	CVE #	漏洞描述	AC	权重	威胁得分
H1	Web服务器Windows Server 2008	Apache	CVE 2014-0098	apache图形接口XSS漏洞	Low	0.1	2.9
H2	Database服务器MSQL Server 2003	postgresql	CVE 2014-0063	非认证用户执行任意代码漏洞	Medium	0.2	6.4
H3	FTP 服务器Red Hat Linux 7.2	Linux	CVE 2013-1324	基于堆栈的缓冲区溢出攻击漏洞	High	0.1	10.0
H3	FTP 服务器Red Hat Linux 7.2	MS-office	CVE 2014-0038	指针参数调用超时漏洞	Low	0.1	10.0
H4	图形工作站Windows XP SP2	BMC	CVE 2013-4782	远程攻击者绕过身份认证执行 IPMI 命令漏洞	High	0.2	10.0
H5	认证服务器Windows Server 2008	radius	CVE 2014-1878	远程拒绝服务攻击漏洞	Low	0.3	2.9

CVE #	利用率	攻击期望耗时/h
CVE 2014-0098	0.7	0.31
CVE 2014-0063	0.5	0.43
CVE 2013-1324	0.3	0.73
CVE 2014-0038	0.7	0.31
CVE 2013-4782	0.3	0.73
CVE 2014-1878	0.7	0.31

状态编号	状态名称	状态描述
S₁	Initialization	外部用户
S₂	root(1)	(H1,root)
S₃	root(2)	(H2,root)
S₄	user(3)	(H3,user)
S₅	root(3)	(H3,root)
S₆	user(4)	(H4,user)
S₇	root(5)	(H5,root)

状态转移	CVE #	转移概率	期望耗时/h
S ₁→S₂	CVE 2014-0098	0.73	0.3
S ₂→S₃	CVE 2014-0063	0.54	0.7
S ₂→S₄	CVE 2013-1324	0.3	0.73
S ₂→S₆	CVE 2013-4782	0.3	0.73
S ₃→S₄	CVE 2013-1324	0.3	0.73
S ₃→S₅	CVE 2014-0038	0.7	0.31
S ₃→S₆	CVE 2013-4782	0.3	0.73
S ₄→S₃	CVE 2014-0063	0.5	0.43
S ₄→S₅	CVE 2014-0038	0.7	0.31
S ₄→S₆	CVE 2013-4782	0.3	0.73
S ₄→S₇	CVE 2014-1878	0.7	0.31
S ₅→S₃	CVE 2014-0063	0.5	0.43
S ₅→S₆	CVE 2013-4782	0.3	0.73
S ₆→S₇	CVE 2014-1878	0.7	0.31

Quantitative method for network security situation based on attack prediction

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 21

Related Articles 8

Metrics

Recommended 0

路径编号	攻击路径
Path 1	S ₁→S₂→S₆→S₇
Path 2	S ₁→S₂→S₃→S₄→S₇
Path 3	S ₁→S₂→S₃→S₆→S₇
Path 4	S ₁→S₂→S₃→S₄→S₅→S₆→S₇
Path 5	S ₁→S₂→S₃→S₅→S₆→S₇
Path 6	S ₁→S₂→S₄→S₆→S₇
Path 7	S ₁→S₂→S₄→S₃→S₆→S₇
Path 8	S ₁→S₂→S₄→S₅→S₃→S₆→S₇
Path 9	S ₁→S₂→S₄→S₅→S₆→S₇

轮次	主机H1	主机H2	主机H3	主机H4	主机H5	全网
0	2.117	3.456	0	0	0	0.903
1	2.117	3.456	3.795	2.190	0	2.105
2	2.117	3.456	5.130	4.470	1.218	3.188
3	2.117	3.456	5.130	5.270	1.682	3.488
4	2.117	3.456	5.130	5.270	1.844	3.536

算法		态势要素		攻防对抗网络	攻击能力评估	时间预测	算法复杂度
算法	环境信息	攻击方	防御方	攻防对抗网络	攻击能力评估	时间预测	算法复杂度
文献[3]算法	√	√	√	No	Yes	No	O(n²)
文献[4]算法	√	√	×	No	No	No	O(n)
文献[5]算法	√	√	√	Yes	No	No	O(n)
文献[10]算法	√	√	×	No	No	No	O(n²t)
文献[11]算法	√	√	×	No	No	No	O(n²)
文献[12]算法	√	√	√	Yes	No	No	—
文献[14]算法	√	√	√	Yes	No	Yes	O(n²)
文献[16]算法	√	√	√	Yes	No	No	—
本文算法	√	√	√	Yes	Yes	Yes	O(mn)
注：“—”表示文献未提供

[1]	Lingcui ZHANG, Yaobing XU, Fenghua LI, Liang FANG, Yunchuan GUO, Zifu LI. Dynamic security-empowering architecture for space-ground integration information network [J]. Journal on Communications, 2021, 42(9): 87-95.
[2]	Hongyu YANG,Xugao ZHANG. Self-corrected coefficient smoothing method based network security situation prediction [J]. Journal on Communications, 2020, 41(5): 196-204.
[3]	Hao WU,Jiulun FAN,Chengzhe LAI,Jianhua LIU. Website defense strategy selection method based on attack-defense game and Monte Carlo simulation [J]. Journal on Communications, 2018, 39(8): 48-55.
[4]	Jian-ming HUANG,Heng-wei ZHANG,Jin-dong WANG,Shi-rui HUANG. Defense strategies selection based on attack-defense evolutionary game model [J]. Journal on Communications, 2017, 38(1): 168-176.
[5]	Hao-pu YANG,Hui QIU,Kun WANG. Network security situation evaluation method for multi-step attack [J]. Journal on Communications, 2017, 38(1): 187-198.
[6]	Heng-wei ZHANG,Ding-kun YU,Ji-hong HAN,Jin-dong WANG,Tao LI. Defense policies selection method based on attack-defense signaling game model [J]. Journal on Communications, 2016, 37(5): 51-61.
[7]	Xiao-yan LI,Qing-xian WANG,Lin YANG. Research of network security situation index system and visualization technology [J]. Journal on Communications, 2011, 32(11A): 109-118.
[8]	Jian CHEN,Ying-you WEN,Da-zhe ZHAO,Ji-ren LIU. Long-term prediction for VBR video traffic based on wavelet packet decomposition [J]. Journal on Communications, 2008, 29(6): 34-43.