网络攻击模型研究综述  被引量：16

作　　者：平国楼 叶晓俊[1,2] Ping Guolou;Ye Xiaojun(School of Software,Tsinghua University,Beijing 100084;National Engineering Laboratory for Big Data System Software(Tsinghua University),Beijing 100084)

机构地区：[1]清华大学软件学院,北京100084 [2]清华大学大数据系统软件国家工程实验室,北京100084

出　　处：《信息安全研究》2020年第12期1058-1067,共10页Journal of Information Security Research

基　　金：国家重点研发计划项目(2019QY1402)。

摘　　要：随着信息技术的快速发展,网络攻击逐渐呈现多阶段、分布式和智能化的特性,单一的防火墙、入侵检测系统等传统网络防御措施不能很好地保护开放环境下的网络系统安全.网络攻击模型作为一种攻击者视角的攻击场景表示,能够综合描述复杂多变环境下的网络攻击行为,是常用的网络攻击分析与应对工具之一.首先介绍主要网络攻击模型,包括传统树、图、网结构模型和现代杀伤链、ATT&CK、钻石模型等;然后再对网络攻击模型的分析与应用进行说明,其中以求解攻击指标为目的的分析过程主要包括概率框架、赋值方法和求解方法,基于生命周期的攻击模型应用则包括了攻击者视角和防守者视角的应用过程;最后总结了网络攻击模型及其分析应用的现有挑战与未来方向.With the rapid development of information technology,network attacks have gradually presented multi-stage,distributed and intelligent characteristics.Single firewalls,intrusion detection systems and other traditional network defense measures cannot well protect the network system security in an open environment.As a kind of attack scene representation from the attacker s perspective,the network attack model can comprehensively describe the network attack behavior in a complex and changeable environment,and is one of the commonly used network attack analysis and response tools.This paper first introduces the current main network attack models,including traditional trees,graphs,nets structure models and modern attack chains,ATT&CK,diamond models,etc.Then the analysis and application of network attack model will be explained.The analysis process for the purpose of solving the attack index mainly includes the probability framework,the assignment method and the solution method,and the application of the attack model based on the life cycle includes the application of the attackers and the defenders perspective;Finally,the current challenges and future directions of the network attack model and its analysis and application are summarized.

关 键 词：网络系统安全 攻击行为 攻击模型 攻击模型分析 攻击模型应用 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]