一种基于本体的潜在多步网络攻击发现方法
|
摘要
随着互联网的普及,网络攻击已经成为制约互联网发展的重要安全问题。随着社交工程等新型攻击手段的出现,网络攻击呈现出复杂性、隐蔽性和分布式等特点,不断威胁着网络安全和信息安全。因此,提出了一种基于本体的潜在网络攻击路径的发现方法。具体地,通过本体构建网络信息系统模型,描述攻击者、安全弱点和攻击方法,利用SWRL规则刻画攻击者能力,并结合本体推理机来自动识别信息系统潜在的多步网络攻击途径。
With the popularity of the Internet,the cyber attack becomes an important problem in restricting the development of the Internet.With the advent of new-type attacks such as social engineering,the cyber attack is characterized by complexity,invisibility and distribution,directly threatening network security and information security.In this paper,an ontology-based method to find out potential network attack paths is proposed.By constructing a network information system model based on ontology,the attacker,security vulnerabilities and attack methods are described,and with SWRL rules,the capabilities of the attacker portrayed,and meanwhile,the ontology reasoning engine is used to automatically identify potential multi-step network attack toute.
With the popularity of the Internet,the cyber attack becomes an important problem in restricting the development of the Internet.With the advent of new-type attacks such as social engineering,the cyber attack is characterized by complexity,invisibility and distribution,directly threatening network security and information security.In this paper,an ontology-based method to find out potential network attack paths is proposed.By constructing a network information system model based on ontology,the attacker,security vulnerabilities and attack methods are described,and with SWRL rules,the capabilities of the attacker portrayed,and meanwhile,the ontology reasoning engine is used to automatically identify potential multi-step network attack toute.
引文
[1]Schneider B.Attack Trees:Modeling Security Threats[J].Dr Dobb's Journal,1999,12(24):21-29.
[2]Moberg F.Security Analysis of an Information Systems:Usingan Attack Tree-Based Methodology[D].Sweden:Chalmers University of Technology,2000.
[3]Mcdermott J.Attack Net Penetration Testing[C].The 2000 New Security Paradigms Workshop,2000:15-22.
[4]Steffan I,Schumacher M.Collaborative Attack Modeling[C].Proceeding s of SAC,2002.
[5]高建波,张保稳,陈晓桦.安全本体研究进展[J].计算机科学,2012,39(08):14-19,41.GAO Jian-bo,ZHANG Bao-wen,CHEN Xiao-hua.Research Progress in Security Ontology[J].Computer Science,2012,39(08):14-19,41.
[6]Undercoffer J,Joshi A,Finin T,et al.A Target Centric Ontology for Intrusion Detection:Using DAML+OIL to Classify Intrusive Behaviors[D].Cambridge:Cambridge University Press,2004:23-29.
[7]Niles I,Pease A.Towards a Standard Upper Ontology[C].Proc.of the 2nd International Conference on Formal Ontology in Information Systems(FOIS’01),2001:2-9.
[8]Pease A,Niles I,Li J.The Suggested Upper Merged Ontology:A Large Ontology forthe Semantic Web and Its Applications[C].AAAI,Tech.Rep.,2002.
[9]Golbeck J,Rothstein M.Linking Social Networks on the Web with FOAF:A Semantic Web Case Study[C].Proc.of the 23rd National Conference on Artificial Intelligence(AAAI’08),2008.
[10]Ding L,Zhou L,Finin T,et al.How the Semantic Web is Being Used:An Analysis of FOAFDocuments[C].Proc.of the 38th Annual Hawaii International Conference on System Sciences(HICSS’05),2005:113-122.
[11]Emem U,Pedro R,Falcone S.The'REFINTO'Framework and Tool:Supporting Business-IT Alignment in Enterprise Financial Application Development[C].Enterprise Distributed Object Computing Conference Workshops and Demonstrations(EDOCW)2014 IEEE 18th International,2014:406-409.
[12]GAO Jian-bo,ZHANG Bao-wen,CHEN Xiao-hua,et al.Ontology-Based Model of Network and Computer Attacks for Security Assessment[J].J.Shanghai Jiaotong Univ.(Sci.),2013,18(05):554-562.
[13]Herzog A,Shahmehri N,Duma C.An Ontology of Information Security[J].International Journal of Information Security and Privacy,2007,1(04):1-23.
[2]Moberg F.Security Analysis of an Information Systems:Usingan Attack Tree-Based Methodology[D].Sweden:Chalmers University of Technology,2000.
[3]Mcdermott J.Attack Net Penetration Testing[C].The 2000 New Security Paradigms Workshop,2000:15-22.
[4]Steffan I,Schumacher M.Collaborative Attack Modeling[C].Proceeding s of SAC,2002.
[5]高建波,张保稳,陈晓桦.安全本体研究进展[J].计算机科学,2012,39(08):14-19,41.GAO Jian-bo,ZHANG Bao-wen,CHEN Xiao-hua.Research Progress in Security Ontology[J].Computer Science,2012,39(08):14-19,41.
[6]Undercoffer J,Joshi A,Finin T,et al.A Target Centric Ontology for Intrusion Detection:Using DAML+OIL to Classify Intrusive Behaviors[D].Cambridge:Cambridge University Press,2004:23-29.
[7]Niles I,Pease A.Towards a Standard Upper Ontology[C].Proc.of the 2nd International Conference on Formal Ontology in Information Systems(FOIS’01),2001:2-9.
[8]Pease A,Niles I,Li J.The Suggested Upper Merged Ontology:A Large Ontology forthe Semantic Web and Its Applications[C].AAAI,Tech.Rep.,2002.
[9]Golbeck J,Rothstein M.Linking Social Networks on the Web with FOAF:A Semantic Web Case Study[C].Proc.of the 23rd National Conference on Artificial Intelligence(AAAI’08),2008.
[10]Ding L,Zhou L,Finin T,et al.How the Semantic Web is Being Used:An Analysis of FOAFDocuments[C].Proc.of the 38th Annual Hawaii International Conference on System Sciences(HICSS’05),2005:113-122.
[11]Emem U,Pedro R,Falcone S.The'REFINTO'Framework and Tool:Supporting Business-IT Alignment in Enterprise Financial Application Development[C].Enterprise Distributed Object Computing Conference Workshops and Demonstrations(EDOCW)2014 IEEE 18th International,2014:406-409.
[12]GAO Jian-bo,ZHANG Bao-wen,CHEN Xiao-hua,et al.Ontology-Based Model of Network and Computer Attacks for Security Assessment[J].J.Shanghai Jiaotong Univ.(Sci.),2013,18(05):554-562.
[13]Herzog A,Shahmehri N,Duma C.An Ontology of Information Security[J].International Journal of Information Security and Privacy,2007,1(04):1-23.