一种智能高效的最优渗透路径生成方法
|
摘要
在考虑未知攻击和内部攻击条件下,为进一步提高最优渗透路径生成效率,提出一种智能高效的最优渗透路径生成方法.首先给出双层威胁渗透图(two-layer threat penetration graphs, TLTPG)模型,其下层为主机威胁渗透图(host threat penetration graph, HTPG),其上层为网络威胁渗透图(network threat penetration graph, NTPG);然后,基于知识图谱,构建主机资源知识图谱(host resource knowledge graph, HRKG),用于智能高效推理生成HTPG;进一步,利用HTPG,设计智能化的基于渗透信息交换的NTPG生成算法;最后依据TLTPG,设计任意2个主机间的最优渗透路径生成算法.实验结果表明:该方法能够描述未知攻击和内部攻击,且可提高最优渗透路径的生成效率.
Considering the insider and unknown attack, to further improve the efficiency, an intelligent-efficient method for generating the optimal penetration path is put forward. Firstly, we define the two-layer threat penetration graph(TLTPG), where the lower layer is called host threat penetration graph(HTPG) and the upper layer is called network threat penetration graph(NTPG). Then, based on knowledge graph, we build the host resource knowledge graph(HRKG), which is used to generate the HTPG intelligently and efficiently. Further, utilizating the HTPG, we design the NTPG generation algorithm based on penetration information exchange. Finaly, we describe the algorithm of optimal penetration path generation by using the TLTPG. Experimental results show that the proposed method can improve the efficiency of generating the optimal penetration path under the condition that the insider and unknown attack are considered.
Considering the insider and unknown attack, to further improve the efficiency, an intelligent-efficient method for generating the optimal penetration path is put forward. Firstly, we define the two-layer threat penetration graph(TLTPG), where the lower layer is called host threat penetration graph(HTPG) and the upper layer is called network threat penetration graph(NTPG). Then, based on knowledge graph, we build the host resource knowledge graph(HRKG), which is used to generate the HTPG intelligently and efficiently. Further, utilizating the HTPG, we design the NTPG generation algorithm based on penetration information exchange. Finaly, we describe the algorithm of optimal penetration path generation by using the TLTPG. Experimental results show that the proposed method can improve the efficiency of generating the optimal penetration path under the condition that the insider and unknown attack are considered.
引文
[1]National Internet Emergency Center.2017 Annual Report of Chinese Internet Security[M].Beijing:Post & Telecom Press,2018:39- 144 (in Chinese)(国家计算机网络应急技术处理协调中心.2017年中国互联网网络安全报告[M].北京:人民邮电出版社,2018:39- 144)
[2]Nourian A,Madnick S.A systems theoretic approach to the security threats in cyber physical systems applied to STUXNET[J].IEEE Transactions on Dependable and Secure Computing,2018,15(1):2- 13
[3]Muňoz-González L,Sgandurra D,Paudice A,et al.Efficient attack graph analysis through approximate inference [J] ACM Transactions on Privacy and Security,2017,20(3):10:1- 10:30
[4]Wang Shuo,Tang Guangming,Kou Guang,et al.Attack path prediction method based on causal knowledge net[J].Journal on Communications,2016,37(10):188- 198 (in Chinese)(王硕,汤光明,寇广,等.基于因果知识网络的攻击路径预测方法[J].通信学报,2016,37(10):188- 198)
[5]Wang Shuo,Tang Guangming,Wang Jianhua,et al.Attack scenario construction method based on causal knowledge net[J].Journal of Computer Research and Development,2018,55(12):2620- 2636 (in Chinese)(王硕,汤光明,王建华,等.基于因果知识网络的攻击场景构建方法[J].计算机研究与发展,2018,55(12):2620- 2636)
[6]Zangeneh V,Shajari M.A cost-sensitive move selection strategy for moving target defense[J].Computers & Security,2018,75(4):72- 91
[7]Phillips C,Swiler L P.A graph-based system for network vulnerability analysis[C] //Proc of Workshop on New Security Paradigms.New York:ACM,1998:71- 79
[8]Jajodia S,Noel S.Topological vulnerability analysis:A powerful new approach for network attack prevention,detection,and response[G] //Algorithms,Architectures and Information Systems Security.Singapore:World Scientific,2008:285- 305
[9]Ning Peng,Cui Yun,Douglas S R,et al.Techniques and tools for analyzing intrusion alerts[J].ACM Transcations on Information and System Security,2004,7(2):274- 318
[10]Ammann P,Wijesekera D,Kaushik S.Scalable graph-based network vulnerability analysis[C] //Proc of the 9th ACM Conf on Computer and Communications Security.New York:ACM,2002:217- 224
[11]Ou X,Rajagopalan S R,Sakthivelmurugan S.An empirical approach to modeling uncertainty in intrusion analysis[C] //Proc of Computer Security Applications Conf.Piscataway,NJ:IEEE,2009:494- 503
[12]Dawkins J,Hale J.A systematic approach to multi-stage network attack analysis[C] //Proc of the 2nd IEEE Int Information Assurance Workshop.Piscataway,NJ:IEEE,2004:48- 54
[13]Ma Junchun,Sun Jiyin,Wang Yongjun,et al.Study of attack graph construction based on distributed parallel processing[J].Acta Armamentarii,2012,33(1):109- 115 (in Chinese)(马俊春,孙继银,王勇军,等.基于分布并行处理的攻击图构建方法研究[J].兵工学报,2012,33(1):109- 115)
[14]Man Daping,Zhang Bing,Zhou Yuan,et al.Depth-first method for attack graph generation[J].Journal of Jilin University:Engineering and Technology Edition,2009,39(2):446- 452 (in Chinese)(苘大鹏,张冰,周渊,等.一种深度优先的攻击图生成方法[J].吉林大学学报:工学版,2009,39(2):446- 452)
[15]Man Dapeng,Zhou Yuan,Yang Wu,et al.Method to generate attack graphs for assessing the overall security of networks[J].Journal on Communications,2009,30(3):1- 5 (in Chinese)(苘大鹏,周渊,杨武等.用于评估网络整体安全性的攻击图生成方法[J].通信学报,2009,30(3):1- 5)
[16]Ye Yun,Xu Xishan,Qi Zhichang,et al.Attack graph generation algorithm for large-scale network system[J].Journal of Computer Research and Deelopment,2013,50(10):2133- 2139 (in Chinese)(叶云,徐锡山,齐治昌,等.大规模网络中攻击图自动构建算法研究[J].计算机研究与发展,2013,50(10):2133- 2139)
[17]Barrère M,Steiner R V,Mohsen,R,et al.Tracking the bad guys:An efficient forensic methodology to trace multi-step attacks using core attack graphs[C] //Proc of the 13th Int Conf on Network and Service Management.Piscataway,NJ:IEEE,2017:1- 7
[18]Noel S,Jacobs M,Kalapa P.Multiple coordinated views for network attack graphs[C] //Proc of the 2nd Workshop on Visualization for Computer Security.Piscataway,NJ:IEEE,2005:99- 106
[19]Su Tingting,Pan Xiaozhong,Xiao Haiyan.Research on attack graph based on attributes adjacncy matrix[J].Journal of Electronics & Information Technology,2012,34(7):1744- 1747 (in Chinese)(苏婷婷,潘晓中,肖海燕,等.基于属性邻接矩阵的攻击图表示方法研究[J].电子与信息学报,2012,34(7):1744- 1747)
[20]Zhong Shangqin,Xu Guosheng,Yao Wenbin,et al.Network security analysis based on host-security-group[J].Journal of Beijing University of Posts and Telecommunications,2012,35(1):19- 23 (in Chinese)(钟尚勤,徐国胜,姚文斌,等.基于主机安全组划分的网络安全性分析[J].北京邮电大学学报,2012,35(1):19- 23)
[21]Hong J,Kim D S.Harms:Hierarchical attack representa-tion models for network security analysis[C] //Proc of the 10th Australian Information Security Management Conf.Western,Australia:Research Online,2012:74- 81
[22]Xie Anming,Cai Zhuhua,Tang Cong,et al.Evaluating network security with two-layer attack graphs[C] //Proc of Computer Security Applications Conf.Piscataway,NJ:IEEE,2009
[23]Hong J B,Kim D S.Assessing the effectiveness of moving target defenses using security models[J].IEEE Transactions on Dependable and Secure Computing,2016,13(2):163- 177
[24]Pokhrel N R,Tsokos C P.Cybersecurity:A stochastic predictive model to determine overall network security risk using Markovian process[J].Journal of Information Security,2017,8(2):91- 105
[25]Wang Shuo,Tang Guangming,Kou Guang,et al.An attack graph generation method based on heuristic searching strategy[C] //Proc of the 2nd IEEE Int Conf on Computer and Communications.Piscataway,NJ:IEEE,2016:1180- 1185
[26]Kerem K,Sivrikaya F.Distributed attack graph generation[J].IEEE Transactions on Dependable & Secure Computing,2016,13(5):519- 532
[27]Liu Qiao,Li Yang,Duan Hong,et al.Knowledge graph construction techniques[J].Journal of Computer Research and Development,2016,53(3):582- 600 (in Chinese)(刘峤,李杨,段宏,等.知识图谱构建技术综述[J].计算机研究与发展,2016,53(3):582- 600)
[28]Yang Yuji,Xu Bin,Hu Jiawei,et al.Accurate and efficient method for constructing domain knowledge graph[J].Journal of Software,2018,29(10):1- 16 (in Chinese)(杨玉基,许斌,胡家威,等.一种准确高效的知识图谱构建方法[J].软件学报,2018,29(10):1- 16)
[29]Chen Xiaojun,Fang Binxing,Tan Qingfeng,et al.Inferring attack intent of malicious insider based on probabilistic attack graph model[J].Chinese Journal of Computers,2014,37(1):62- 72 (in Chinese)(陈小军,方滨兴,谭庆丰,等.基于概率攻击图的内部攻击意图推断算法研究[J].计算机学报,2014,37(1):62- 72)
[2]Nourian A,Madnick S.A systems theoretic approach to the security threats in cyber physical systems applied to STUXNET[J].IEEE Transactions on Dependable and Secure Computing,2018,15(1):2- 13
[3]Muňoz-González L,Sgandurra D,Paudice A,et al.Efficient attack graph analysis through approximate inference [J] ACM Transactions on Privacy and Security,2017,20(3):10:1- 10:30
[4]Wang Shuo,Tang Guangming,Kou Guang,et al.Attack path prediction method based on causal knowledge net[J].Journal on Communications,2016,37(10):188- 198 (in Chinese)(王硕,汤光明,寇广,等.基于因果知识网络的攻击路径预测方法[J].通信学报,2016,37(10):188- 198)
[5]Wang Shuo,Tang Guangming,Wang Jianhua,et al.Attack scenario construction method based on causal knowledge net[J].Journal of Computer Research and Development,2018,55(12):2620- 2636 (in Chinese)(王硕,汤光明,王建华,等.基于因果知识网络的攻击场景构建方法[J].计算机研究与发展,2018,55(12):2620- 2636)
[6]Zangeneh V,Shajari M.A cost-sensitive move selection strategy for moving target defense[J].Computers & Security,2018,75(4):72- 91
[7]Phillips C,Swiler L P.A graph-based system for network vulnerability analysis[C] //Proc of Workshop on New Security Paradigms.New York:ACM,1998:71- 79
[8]Jajodia S,Noel S.Topological vulnerability analysis:A powerful new approach for network attack prevention,detection,and response[G] //Algorithms,Architectures and Information Systems Security.Singapore:World Scientific,2008:285- 305
[9]Ning Peng,Cui Yun,Douglas S R,et al.Techniques and tools for analyzing intrusion alerts[J].ACM Transcations on Information and System Security,2004,7(2):274- 318
[10]Ammann P,Wijesekera D,Kaushik S.Scalable graph-based network vulnerability analysis[C] //Proc of the 9th ACM Conf on Computer and Communications Security.New York:ACM,2002:217- 224
[11]Ou X,Rajagopalan S R,Sakthivelmurugan S.An empirical approach to modeling uncertainty in intrusion analysis[C] //Proc of Computer Security Applications Conf.Piscataway,NJ:IEEE,2009:494- 503
[12]Dawkins J,Hale J.A systematic approach to multi-stage network attack analysis[C] //Proc of the 2nd IEEE Int Information Assurance Workshop.Piscataway,NJ:IEEE,2004:48- 54
[13]Ma Junchun,Sun Jiyin,Wang Yongjun,et al.Study of attack graph construction based on distributed parallel processing[J].Acta Armamentarii,2012,33(1):109- 115 (in Chinese)(马俊春,孙继银,王勇军,等.基于分布并行处理的攻击图构建方法研究[J].兵工学报,2012,33(1):109- 115)
[14]Man Daping,Zhang Bing,Zhou Yuan,et al.Depth-first method for attack graph generation[J].Journal of Jilin University:Engineering and Technology Edition,2009,39(2):446- 452 (in Chinese)(苘大鹏,张冰,周渊,等.一种深度优先的攻击图生成方法[J].吉林大学学报:工学版,2009,39(2):446- 452)
[15]Man Dapeng,Zhou Yuan,Yang Wu,et al.Method to generate attack graphs for assessing the overall security of networks[J].Journal on Communications,2009,30(3):1- 5 (in Chinese)(苘大鹏,周渊,杨武等.用于评估网络整体安全性的攻击图生成方法[J].通信学报,2009,30(3):1- 5)
[16]Ye Yun,Xu Xishan,Qi Zhichang,et al.Attack graph generation algorithm for large-scale network system[J].Journal of Computer Research and Deelopment,2013,50(10):2133- 2139 (in Chinese)(叶云,徐锡山,齐治昌,等.大规模网络中攻击图自动构建算法研究[J].计算机研究与发展,2013,50(10):2133- 2139)
[17]Barrère M,Steiner R V,Mohsen,R,et al.Tracking the bad guys:An efficient forensic methodology to trace multi-step attacks using core attack graphs[C] //Proc of the 13th Int Conf on Network and Service Management.Piscataway,NJ:IEEE,2017:1- 7
[18]Noel S,Jacobs M,Kalapa P.Multiple coordinated views for network attack graphs[C] //Proc of the 2nd Workshop on Visualization for Computer Security.Piscataway,NJ:IEEE,2005:99- 106
[19]Su Tingting,Pan Xiaozhong,Xiao Haiyan.Research on attack graph based on attributes adjacncy matrix[J].Journal of Electronics & Information Technology,2012,34(7):1744- 1747 (in Chinese)(苏婷婷,潘晓中,肖海燕,等.基于属性邻接矩阵的攻击图表示方法研究[J].电子与信息学报,2012,34(7):1744- 1747)
[20]Zhong Shangqin,Xu Guosheng,Yao Wenbin,et al.Network security analysis based on host-security-group[J].Journal of Beijing University of Posts and Telecommunications,2012,35(1):19- 23 (in Chinese)(钟尚勤,徐国胜,姚文斌,等.基于主机安全组划分的网络安全性分析[J].北京邮电大学学报,2012,35(1):19- 23)
[21]Hong J,Kim D S.Harms:Hierarchical attack representa-tion models for network security analysis[C] //Proc of the 10th Australian Information Security Management Conf.Western,Australia:Research Online,2012:74- 81
[22]Xie Anming,Cai Zhuhua,Tang Cong,et al.Evaluating network security with two-layer attack graphs[C] //Proc of Computer Security Applications Conf.Piscataway,NJ:IEEE,2009
[23]Hong J B,Kim D S.Assessing the effectiveness of moving target defenses using security models[J].IEEE Transactions on Dependable and Secure Computing,2016,13(2):163- 177
[24]Pokhrel N R,Tsokos C P.Cybersecurity:A stochastic predictive model to determine overall network security risk using Markovian process[J].Journal of Information Security,2017,8(2):91- 105
[25]Wang Shuo,Tang Guangming,Kou Guang,et al.An attack graph generation method based on heuristic searching strategy[C] //Proc of the 2nd IEEE Int Conf on Computer and Communications.Piscataway,NJ:IEEE,2016:1180- 1185
[26]Kerem K,Sivrikaya F.Distributed attack graph generation[J].IEEE Transactions on Dependable & Secure Computing,2016,13(5):519- 532
[27]Liu Qiao,Li Yang,Duan Hong,et al.Knowledge graph construction techniques[J].Journal of Computer Research and Development,2016,53(3):582- 600 (in Chinese)(刘峤,李杨,段宏,等.知识图谱构建技术综述[J].计算机研究与发展,2016,53(3):582- 600)
[28]Yang Yuji,Xu Bin,Hu Jiawei,et al.Accurate and efficient method for constructing domain knowledge graph[J].Journal of Software,2018,29(10):1- 16 (in Chinese)(杨玉基,许斌,胡家威,等.一种准确高效的知识图谱构建方法[J].软件学报,2018,29(10):1- 16)
[29]Chen Xiaojun,Fang Binxing,Tan Qingfeng,et al.Inferring attack intent of malicious insider based on probabilistic attack graph model[J].Chinese Journal of Computers,2014,37(1):62- 72 (in Chinese)(陈小军,方滨兴,谭庆丰,等.基于概率攻击图的内部攻击意图推断算法研究[J].计算机学报,2014,37(1):62- 72)