Explore-Exploit:一种模拟真实网络渗透场景的安全竞赛  被引量：4

作　　者：章秀 刘宝旭[1,2] 龚晓锐 于磊[1,2] 宋振宇 ZHANG Xiu;LIU Baoxu;GONG Xiaorui;YU Lei;SONG Zhenyu(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区：[1]中国科学院信息工程研究所,北京100093 [2]中国科学院大学网络空间安全学院,北京100049

出　　处：《信息安全学报》2020年第4期55-71,共17页Journal of Cyber Security

基　　金：中国科学院网络测评技术重点实验室和网络安全防护技术北京市重点实验室资助;北京市科学技术委员会(No.D161100001216001,No.Z161100002616032)课题资助。

摘　　要：安全竞赛对网络安全领域人才的培养和选拔至关重要,然而在有限资源条件下如何设计与实现真实度高的竞赛场景是经典难题。本研究围绕着解决该难题的3个关键挑战展开。本研究首先将现实世界中的网络渗透场景建模为多步骤、多跳板、多漏洞组合渗透过程;然后应用攻击图技术对复杂网络信息系统中脆弱点及其关联关系的描述能力进行设计;最后借助于网络靶场平台的大规模复杂异构网络快速复现能力进行实现。本研究以内网攻防渗透赛的形式展开实验,取名为Explore-Exploit,实验中最长的渗透路径包含4个跳板机,组合利用了3个漏洞和1个服务,达到了预期的演训效果。相比现有竞赛场景,Explore-Exploit包含更丰富的场景元素,比如网络拓扑探测、内网横向移动、数据资产发现等,对真实网络渗透场景的还原度更高。Security competitions have become increasingly popular events for cultivating and selecting elites in the field of information security.However,how to design a highly realistic scenario under the condition of limited resources is a classic problem.This research revolves around three key challenges in solving this difficult problem.In this paper,we first model the network penetration scenario in the real-world as a multi-step,multi-host infiltration process combined with multiple vulnerabilities.Then the design is performed by making use of attack graph techniques which are capable of describing the dependency between vulnerabilities in a complex network information system.Finally,with the support of a cybersecurity testbed which is born to an experimental platform with the ability to quickly reproduce and reconfigure a large-scale network,we implement the entire design.In this study,the experiment was conducted in the form of an intranet attack-defense network penetration competition,named as Explore-Exploit.The longest penetration path in the experiment included four hosts and combined with three vulnerabilities,along with a service,which achieved the motivated goal.Compared to the existing competitions,Explore-Exploit contains more elements,such as network topology exploring,intranet lateral movement,data asset discovery and more.It’s proved that Explore-Exploit is more faithful to the authenticity of the real-world network penetration scenario.

关 键 词：真实网络渗透场景 攻击图技术 网络靶场 人才培养 安全竞赛 

分 类 号：TP309.1[自动化与计算机技术—计算机系统结构]