基于攻击预测的网络安全态势量化方法  被引量:29

Quantitative method for network security situation based on attack prediction

在线阅读下载全文

作  者:胡浩[1,2] 叶润国 张红旗[1,2] 杨英杰[1,2] 刘玉岭 

机构地区:[1]解放军信息工程大学三院,河南郑州450001 [2]河南省信息安全重点实验室,河南郑州450001 [3]中国电子技术标准化研究院,北京100007 [4]中国科学院软件研究所可信计算与信息保障实验室,北京100190

出  处:《通信学报》2017年第10期122-134,共13页Journal on Communications

基  金:国家高技术研究发展计划("863"计划)基金资助项目(No.2012AA012704;No.2015AA016006);国家重点研发计划课题基金资助项目(No.2016YFF0204003);郑州市科技领军人才基金资助项目(No.131PLJRC644);"十三五"装备预研领域基金资助项目(No.61400020201);CCF-启明星辰"鸿雁"科研计划基金资助项目(No.2017003);公安部信息网络安全重点实验室开放课题基金资助项目(No.C15604)~~

摘  要:为准确、全面地预测攻击行为并量化攻击威胁,提出一种基于攻击预测的安全态势量化方法。通过融合攻击方、防御方和网络环境态势要素,依据实时检测的攻击事件评估攻击者能力和漏洞利用率,并计算攻防期望耗时;进而设计基于动态贝叶斯攻击图的攻击预测算法,推断后续攻击行为;最后从主机和网络这2个层面将攻击威胁量化为安全风险态势。实例分析表明,该方法符合实际对抗网络环境,能够准确预测攻击发生时间并合理量化攻击威胁。To predict the attack behaviors accurately and comprehensively as well as to quantify the threat of attack, a quantitative method for network security situation based on attack prediction was proposed. By fusing the situation factors of attacker, defender and network environment, the capability of attacker and the exploitability rate of vulnerability were evaluated utilizing the real-time detected attack events, and the expected time-cost for attack-defense were further calculated. Then an attack prediction algorithm based on the dynamic Bayesian attack graph was designed to infer the follow-up attack actions. At last, the attack threat was quantified as the security risk situation from two levels of the hosts and the overall network. Experimental analysis indicates that the proposed method is suitable for the real adversarial network environment, and is able to predict the occurrence time of attack accurately and quantify the attack threat reasonably.

关 键 词:攻击预测 安全态势 贝叶斯攻击图 攻防对抗 时间预测 

分 类 号:TP393.8[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象