基于贝叶斯攻击图的动态网络安全分析  被引量：7

作　　者：李嘉睿 凌晓波 李晨曦[1] 李子木[1] 杨家海[1] 张蕾 吴程楠 无 LI Jia-rui;LING Xiao-bo;LI Chen-xi;LI Zi-mu;YANG Jia-hai;ZHANG Lei;WU Cheng-nan;无(Institute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China;State Grid Shanghai Municipal Electric Power Company,Shanghai 200122,China;State Grid Shanghai Electric Power Research Institute,Shanghai 200437,China;Songjiang Power Supply Company of State Grid Shanghai Municipal Electric Power Company,Shanghai 201699,China)

机构地区：[1]清华大学网络科学与网络空间研究院,北京100084 [2]国网上海市电力公司,上海200122 [3]国网上海电力科学研究院,上海200437 [4]国网上海松江供电公司,上海201699

出　　处：《计算机科学》2022年第3期62-69,共8页Computer Science

基　　金：电力监控系统网络空间脆弱性分析与威胁探测关键技术研究(5108-202117055A-0-0-00)。

摘　　要：针对目前攻击图模型不能实时反映网络攻击事件的问题,提出了前向更新风险概率计算方法,以及前向、后向更新相结合的动态风险概率算法。所提算法能够即时、准确地动态评估和分析网络环境变化问题,对网络攻击事件进行动态实时分析。首先对图中各个节点的不确定性进行具体量化分析,在贝叶斯网络中计算它们的静态概率,之后根据实时发生的网络安全事件沿前向和后向路径更新图中各个节点的动态概率,实时量化和反映外界条件的变化,评估网络各处的实时危险程度。实验结果表明,所提方法可以根据实际情况校准和调整攻击图中各节点的概率,进而帮助网络管理员正确认识网络各处的危险级别,更好地为预防和阻止下一步攻击做出决策。In order to overcome the difficulties that current attack graph model cannot reflect real-time network attack events,a method is proposed including a forward risk probability update algorithm and a forward-backward combined risk probability update algorithm,which meets the needs of real-time analyzing network security.It first performs specific quantitative analysis on the uncertainty of each node in the graph,and uses Bayesian networks to calculate their static probabilities.After that,it updates the dynamic probability of each node along the forward and backward paths according to the real-time network security events,instantly reflecting the changes of external conditions and assessing real-time risk levels across the network.Experimental results show that the method can calibrate and adjust the risk probability of each node according to the actual situation,which helps the network operator correctly understand the dangerous levels of the network and make better decision for defense and prevention of the next attack.

关 键 词：贝叶斯网络 攻击图 实时 静态概率 动态概率 风险概率 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]