主动式网络病毒入侵下漏洞感知方法仿真  被引量：6

作　　者：王跟成 周银萍 WANG Gen-cheng;ZHOU Yin-ping(Network Information Center,Xizang M inzu University,Xianyang Shanxi 712082,China)

机构地区：[1]西藏民族大学网络信息技术中心,陕西咸阳712082

出　　处：《计算机仿真》2018年第7期245-248,共4页Computer Simulation

基　　金：西藏自治区高校人文社科项目(SK2017-40)

摘　　要：对病毒入侵下的网络漏洞进行感知能够减少攻击行为的发生,及时发现潜在的漏洞风险,从而确保主动式网络系统的安全。针对基于能力机会意图模型的漏洞感知方法没有考虑未知漏洞的存在、难以从整体上发现病毒入侵下网络所处的状态和潜在的漏洞风险,导致漏洞感知结果不准确的问题,提出一种基于路径攻击图模型的主动式网络病毒入侵下漏洞感知方法。通过分析已知主动式网络病毒入侵的共性,给出漏洞及其利用规则的形式描述构建病毒入侵路径攻击图模型,扩展入侵攻击图的描述语义。将病毒入侵漏洞利用产生的隐式攻击路径和已知病毒入侵漏洞产生的显式攻击路径表征在相同入侵攻击图中,在入侵攻击图的基础上,分析脆弱性的利用程度来定义入侵攻击状态之间的转换概率,采用D-S证据理论融合入侵检测系统的报警获得攻击者的攻击行为及能力,最终感知病毒入侵攻击者的攻击意图。实验结果表明,所提方法能够很好地反映网络病毒入侵漏洞风险,感知网络安全漏洞态势。Aiming at the problem of inaccuracy of vulnerability perception result, a method for perceiving vulnera- bility in active network virus intrusion is presented based on model of path attack graph. By analyzing the common- ness of known active network viruses intrusion, the formal description of vulnerability and its rule was given to build the model of virus invasion path attack graph and thus to extend the description semantics of intrusion attack graph. Moreover, the implicit attack path caused by vulnerability of virus intrusion and the explicit attack path caused by known virus intrusion vulnerability were characterized in the same intrusion attackgraph. Based on the intrusion at- tack graph, the utilization of vulnerability was analyzed to define the conversion probability among invasion attack state. Then, D-S evidence theory is used to integrate with the alarm of intrusion detection system to obtain the attack- ers＂ behaviors and abilities. Finally, we perceived the attack intention of attackers. Simulation results show that the proposed method can reflect the risk of network virus invasion vulnerability and perceive the situation of network secu- rity vulnerability.

关 键 词：主动式网络 病毒入侵 漏洞 感知 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]