基于攻击图的网络安全分析方法的研究
|
摘要
在某些情况下,单个网络节点可能是安全的,或者某些单一的行为不构成威胁,但在错综复杂的网络连接下,网络安全脆弱性情况就表现出来了。它不是单个节点的缺陷的反映,而是网络系统整体风险的度量。网络安全分析要做的事情便是对网络的整体安全性进行检测评估,是部署防御策略的基础。大规模网络的安全分析是需要统筹来考虑的问题,需要寻找更优的解决方案,同时还要考虑分析方法的多样性以及网络节点之间的关联性。
本文分析了网络安全分析方法的基本原理,包括攻击图的概念,攻击树的模型,以及其他模型的建模等。同时,在借鉴国内外研究成果的基础上,探讨了攻击路径的自动生成算法以及对攻击图相关的算法之间的优缺点进行了比较。然后,通过对攻击图理论的深入研究,提出了一个基于攻击图的网络安全分析系统的原型,设计了系统的五大主要模块,并对实现各个模块的细节与所需的技术方法或工具进行了比较和探讨,提出了模块开发所需的数据结构和数据表格,分析了安全评估的策略,给出了分析系统的基本框架。
最后,本文针对所提出的原型方案以及所研究的内容提出了一些不足之处,并指明了将来所要努力的方向和需要改进的地方。
Under some circumstances, the single network node may be safe, or single network behavior will not form threat, but for the complicated network connections, the vulnerability situation is quite different. Network risk is not merely the reflection of node flaw, but the measure of risk degree for the entire network. Network security analysis can evaluate the overall security of the network, which is the foundation for security strategy deployment. The network security evaluation is a systematic project, so we need to overall consider the security questions and seek the optimized solution. Simultaneously, we should consider the diversification of analysis methods and the relation among network nodes.
This article has analyzed the basic principle of network security analysis method, including attack graph conception, attack tree model, and other method of modeling. It has profited from the domestic and foreign research results, in this foundation, it discussed automatic production of attack path, as well as attack graph algorithm comparison. Then, based on theory research, this article proposed a network security analysis system prototype based on attack graph, and produce five main modules which is given the more details, such as data structure, tables, and then compare these technology methods or tools, at last, analysis the strategy of security evaluation and give the basic framework on how to realize system.
In conclusion, this article proposed some deficiency aimed at the prototype system as well as the content about research, and has introduced the direction which needs to be improved.
本文分析了网络安全分析方法的基本原理,包括攻击图的概念,攻击树的模型,以及其他模型的建模等。同时,在借鉴国内外研究成果的基础上,探讨了攻击路径的自动生成算法以及对攻击图相关的算法之间的优缺点进行了比较。然后,通过对攻击图理论的深入研究,提出了一个基于攻击图的网络安全分析系统的原型,设计了系统的五大主要模块,并对实现各个模块的细节与所需的技术方法或工具进行了比较和探讨,提出了模块开发所需的数据结构和数据表格,分析了安全评估的策略,给出了分析系统的基本框架。
最后,本文针对所提出的原型方案以及所研究的内容提出了一些不足之处,并指明了将来所要努力的方向和需要改进的地方。
Under some circumstances, the single network node may be safe, or single network behavior will not form threat, but for the complicated network connections, the vulnerability situation is quite different. Network risk is not merely the reflection of node flaw, but the measure of risk degree for the entire network. Network security analysis can evaluate the overall security of the network, which is the foundation for security strategy deployment. The network security evaluation is a systematic project, so we need to overall consider the security questions and seek the optimized solution. Simultaneously, we should consider the diversification of analysis methods and the relation among network nodes.
This article has analyzed the basic principle of network security analysis method, including attack graph conception, attack tree model, and other method of modeling. It has profited from the domestic and foreign research results, in this foundation, it discussed automatic production of attack path, as well as attack graph algorithm comparison. Then, based on theory research, this article proposed a network security analysis system prototype based on attack graph, and produce five main modules which is given the more details, such as data structure, tables, and then compare these technology methods or tools, at last, analysis the strategy of security evaluation and give the basic framework on how to realize system.
In conclusion, this article proposed some deficiency aimed at the prototype system as well as the content about research, and has introduced the direction which needs to be improved.
引文
[1]吕欣. 我国信息网络安全现状与趋势. 信息安全与通信保密. 2007.2
[2]基于攻击图的渗透测试模型的设计,张继业,谢小权,中国航天科工集团第二研究院 706 所,2005.6
[3]闯坏志,胡昌振,谭惠民. 基于模糊矩阵博弈的网络安全威胁评估[J]. 计算机工程与应用,2002.13.
[4]B.Schneier. Attack Trees: Modeling Security Threats[J]. Dr. Dobb's Journal, December 1999.
[5]T.Tidwell,R.Larson,K.Fitch et al. Modeling Internet Attacks[A]. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security,pp.54-59, 2001.
[6]F.Modegr. Security analysis of an information system using an attack tree-based methodology[D]. Master's Thesis. Chalmers University of Technology. 2000.
[7]庄朝辉. 基于攻击树的大规模入侵检测及其在 Linux 上的原型[D]. 硕士学位论文. 厦门:厦门大学硕士论文,2002.
[8]J.Steaffan and M. Schumacher. Collaborative Attack Modeling[A]. In Proc. of the 2002 ACM Symposium on Applied Computing(SAC'02, Madrid, SPain). 2002.
[9]J.P. McDermott. Attack Net Penetration Testing[A]. In The 2000 New Security Paradigms Workshop, ACM SIGSAC, ACM Press, pp. 15-22.
[10]魏强. 网络攻击行动建模与攻击方案推理算法研究[D]. 硕士学位论文. 长沙:国防科学技术大学,2004, 11.
[11]Ronald W.Ritchey and P. Ammann. Using Model Checking to Analyze Network Vulnerabiliyt[A]. In Proceeding of IEEE Symposium on Security and Privacy. 2000.
[12]董威,王戟,齐治昌. UML Statecharts 的模型检验方法[J]. 软件学报,2003,14(4):750-756.
[13]Clarke E.M., Grumberg J.O., Peled D.A.. Model Checking[M]. MA:MIT. 1999.
[14]尹飞. 形式验证方法[J].电子计算机,2002,154:24-28.
[15]SMV. SMV: A Symbolic Model Checker. http://www.cs.cmu.edu/?modelcheck/.
[16]NuSMV website, http://nusmv.irst.itc.it/
[17]L.P.Swiler, C.Phillips, D.Ellis, and S.Chakerian. Computer-attack graph generation tool. In Proceedings of the DARPA Information Survivability Conference and Exposition, June, 2000.
[18]O Sheyner, J Haines, S Jha, et al. Automated Generation and Analysis of Attack Graphs. Proceedings of IEEE Symposium on Security and Privacy, 2002.2732284.
[19]P. Ammann, D. Wijesekera, S. Kaushik. Scalable, Graph based Network Vulnerability Analysis. Proc. of the 9th ACM Conference on Computer and Communications Security, 2002.2172224.
[20]Dacier M.Towards Quantitative Evaluation of Computer Security[D].Institut National Polytechnique de Toulouse,1994.
[21]Dacier M,Deswartes Kaaniche M.Quantitative Assessment of Operational Security Models and Tools[R].Technical Report Research Report 96493,LAAS,1996.
[22]Ortalo R,Deswartes Kaaniche M.Experimenting with quantitative evaluation tools for monitoring operational security[J] . IEEE Transactions on Software Engineering,1999,25(5):633-650.
[23]Vigna G Kemmerer R A . Netstat : a network-based intrusion detection system[J].Journal of Computer Security,1999,7(1): 37-71.
[24]Kumar S.Classification and Detection of Computer Intrusion[D].Purdue University,1995.
[25]Kumar S,Spafford E H.A pattern matching model for misuse intrusion detection[A].Proceedings of the 17th National Computer Security[C]. 1994.
[26]刘吉夷. 基于混合马尔可夫链蒙特卡洛法的渗透率随机预测. 硕士学位论文,浙江大学,2007.8
[27]田雪峰. 基于马尔可夫链的网络异常检测系统研究与实现. 硕士学位论文,国防科大,2006.9
[28]张宗国. 马尔可夫链预测方法及其应用研究. 硕士学位论文,河海大学,2005.7
[29]覃广平. 交互式马尔可夫链:理论与应用. 博士学位论文,成都计算机应用研究所,2006.8
[30]Cynthia P, Laura P S.A graph-based system for network-vulnerability analysis system[A].ACM New Security Paradigms Workshop[C].1998.
[31]Nessus. http://www.nessus.org/nessus/
[32]张涛,胡铭曾,云晓春等,网络攻击图生成方法研究,哈尔滨工业大学计算机网络与信息安全技术研究中心,2006.4
[33]Oleg Sheyner. Scenario Graphs and Attack Graphs. PhD thesis, CMU, 2004.
[34]ISS. http://www.iss.net/products/Internet_Scanner/product_main_page.html
[35]汪渊,蒋凡,陈国良. 基于图论的网络安全分析方法研究与应用. 小型微型计算机系统,2003.10
[2]基于攻击图的渗透测试模型的设计,张继业,谢小权,中国航天科工集团第二研究院 706 所,2005.6
[3]闯坏志,胡昌振,谭惠民. 基于模糊矩阵博弈的网络安全威胁评估[J]. 计算机工程与应用,2002.13.
[4]B.Schneier. Attack Trees: Modeling Security Threats[J]. Dr. Dobb's Journal, December 1999.
[5]T.Tidwell,R.Larson,K.Fitch et al. Modeling Internet Attacks[A]. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security,pp.54-59, 2001.
[6]F.Modegr. Security analysis of an information system using an attack tree-based methodology[D]. Master's Thesis. Chalmers University of Technology. 2000.
[7]庄朝辉. 基于攻击树的大规模入侵检测及其在 Linux 上的原型[D]. 硕士学位论文. 厦门:厦门大学硕士论文,2002.
[8]J.Steaffan and M. Schumacher. Collaborative Attack Modeling[A]. In Proc. of the 2002 ACM Symposium on Applied Computing(SAC'02, Madrid, SPain). 2002.
[9]J.P. McDermott. Attack Net Penetration Testing[A]. In The 2000 New Security Paradigms Workshop, ACM SIGSAC, ACM Press, pp. 15-22.
[10]魏强. 网络攻击行动建模与攻击方案推理算法研究[D]. 硕士学位论文. 长沙:国防科学技术大学,2004, 11.
[11]Ronald W.Ritchey and P. Ammann. Using Model Checking to Analyze Network Vulnerabiliyt[A]. In Proceeding of IEEE Symposium on Security and Privacy. 2000.
[12]董威,王戟,齐治昌. UML Statecharts 的模型检验方法[J]. 软件学报,2003,14(4):750-756.
[13]Clarke E.M., Grumberg J.O., Peled D.A.. Model Checking[M]. MA:MIT. 1999.
[14]尹飞. 形式验证方法[J].电子计算机,2002,154:24-28.
[15]SMV. SMV: A Symbolic Model Checker. http://www.cs.cmu.edu/?modelcheck/.
[16]NuSMV website, http://nusmv.irst.itc.it/
[17]L.P.Swiler, C.Phillips, D.Ellis, and S.Chakerian. Computer-attack graph generation tool. In Proceedings of the DARPA Information Survivability Conference and Exposition, June, 2000.
[18]O Sheyner, J Haines, S Jha, et al. Automated Generation and Analysis of Attack Graphs. Proceedings of IEEE Symposium on Security and Privacy, 2002.2732284.
[19]P. Ammann, D. Wijesekera, S. Kaushik. Scalable, Graph based Network Vulnerability Analysis. Proc. of the 9th ACM Conference on Computer and Communications Security, 2002.2172224.
[20]Dacier M.Towards Quantitative Evaluation of Computer Security[D].Institut National Polytechnique de Toulouse,1994.
[21]Dacier M,Deswartes Kaaniche M.Quantitative Assessment of Operational Security Models and Tools[R].Technical Report Research Report 96493,LAAS,1996.
[22]Ortalo R,Deswartes Kaaniche M.Experimenting with quantitative evaluation tools for monitoring operational security[J] . IEEE Transactions on Software Engineering,1999,25(5):633-650.
[23]Vigna G Kemmerer R A . Netstat : a network-based intrusion detection system[J].Journal of Computer Security,1999,7(1): 37-71.
[24]Kumar S.Classification and Detection of Computer Intrusion[D].Purdue University,1995.
[25]Kumar S,Spafford E H.A pattern matching model for misuse intrusion detection[A].Proceedings of the 17th National Computer Security[C]. 1994.
[26]刘吉夷. 基于混合马尔可夫链蒙特卡洛法的渗透率随机预测. 硕士学位论文,浙江大学,2007.8
[27]田雪峰. 基于马尔可夫链的网络异常检测系统研究与实现. 硕士学位论文,国防科大,2006.9
[28]张宗国. 马尔可夫链预测方法及其应用研究. 硕士学位论文,河海大学,2005.7
[29]覃广平. 交互式马尔可夫链:理论与应用. 博士学位论文,成都计算机应用研究所,2006.8
[30]Cynthia P, Laura P S.A graph-based system for network-vulnerability analysis system[A].ACM New Security Paradigms Workshop[C].1998.
[31]Nessus. http://www.nessus.org/nessus/
[32]张涛,胡铭曾,云晓春等,网络攻击图生成方法研究,哈尔滨工业大学计算机网络与信息安全技术研究中心,2006.4
[33]Oleg Sheyner. Scenario Graphs and Attack Graphs. PhD thesis, CMU, 2004.
[34]ISS. http://www.iss.net/products/Internet_Scanner/product_main_page.html
[35]汪渊,蒋凡,陈国良. 基于图论的网络安全分析方法研究与应用. 小型微型计算机系统,2003.10