Research on Dynamic Threat Tracking and Quantitative Analysis Technology Based on Attribute Attack Graph

Yingjie YANG; Qiang LENG; Ruixuan PAN; Hao HU

doi:10.11999/JEIT181117

Volume 41 Issue 9

Sep. 2019

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2019 > 41(9): 2172-2179

Yingjie YANG, Qiang LENG, Ruixuan PAN, Hao HU. Research on Dynamic Threat Tracking and Quantitative Analysis Technology Based on Attribute Attack Graph[J]. Journal of Electronics & Information Technology, 2019, 41(9): 2172-2179. doi: 10.11999/JEIT181117

Citation:

Yingjie YANG, Qiang LENG, Ruixuan PAN, Hao HU. Research on Dynamic Threat Tracking and Quantitative Analysis Technology Based on Attribute Attack Graph[J]. Journal of Electronics & Information Technology, 2019, 41(9): 2172-2179. doi: 10.11999/JEIT181117

Citation:

PDF( 1821 KB)

Research on Dynamic Threat Tracking and Quantitative Analysis Technology Based on Attribute Attack Graph

doi: 10.11999/JEIT181117

Information Engineering University, Zhengzhou 450001, China

Funds: The National “863” High Technology Research and Development Program of China (2015AA016006), The National Key Research and Development Program of China (2016YFF0204003), The National Natural Science Foundation of China (61471344)

Received Date: 2018-12-04
Rev Recd Date: 2019-04-05

Available Online: 2019-04-22

Publish Date: 2019-09-10

Abstract

Abstract

Network multi-alarm information fusion processing is one of the most important methods to implement effectively network dynamic threat analysis. Focusing on this, a mechanism for dynamic threat tracking and quantitative analysis by using network system multi-alarm information is proposed. Firstly, the attack graph theory is used to construct the system dynamic threat attribute attack graph. Secondly, based on the privilege escalation principle, Antecedent Predictive Algorithm(APA), the Consequent Predictive Algorithm(CPA) and the Comprehensive Alarm Information Inference Algorithm(CAIIA) are designed to integrate the multi-alarm information fusion and do threat analysis. Then, the network dynamic threat tracking graph is generated to visualize the threat change situation. Finally, the effectiveness of the mechanism and algorithm is validates through experiments.
- Multiple alarm information,
- Network dynamic threat analysis,
- Attribute attack graph,
- Privilege escalation

FullText(HTML)

References(22)

References

韦勇. 网络安全态势评估模型研究[D]. [博士论文], 中国科学技术大学, 2009.

WEI Yong. Research on network security situational awareness model[D]. [Ph.D. dissertation], University of Science and Technology of China, 2009.

梅海彬, 龚俭, 张明华. 基于警报序列聚类的多步攻击模式发现研究[J]. 通信学报, 2011, 32(5): 63–69. doi: 10.3969/j.issn.1000-436X.2011.05.009

MEI Haibin, GONG Jian, and ZHANG Minghua. Research on discovering multi-step attack patterns based on clustering IDS alert sequences[J]. Journal on Communications, 2011, 32(5): 63–69. doi: 10.3969/j.issn.1000-436X.2011.05.009

PHILLIPS C and SWILER L P. A graph-based system for network-vulnerability analysis[C]. The 1998 Workshop on New Security Paradigms, Charlottesville, USA, 1998: 71–79.

SWILER L P, PHILLIPS C, ELLIS D, et al. Computer-attack graph generation tool[C]. The 2nd DARPA Information Survivability Conference and Exposition, Anaheim, USA, 2001: 307–321.

王会梅, 鲜明, 王国玉. 基于扩展网络攻击图的网络攻击策略生成算法[J]. 电子与信息学报, 2011, 33(12): 3015–3021. doi: 10.3724/SP.J.1146.2011.00414

WANG Huimei, XIAN Ming, and WANG Guoyu. A network attack decision-making algorithm based on the extended attack graph[J]. Journal of Electronics &Information Technology, 2011, 33(12): 3015–3021. doi: 10.3724/SP.J.1146.2011.00414

苏婷婷, 潘晓中, 肖海燕, 等. 基于属性邻接矩阵的攻击图表示方法研究[J]. 电子与信息学报, 2012, 34(7): 1744–1747. doi: 10.3724/SP.J.1146.2012.00261

SU Tingting, PAN Xiaozhong, XIAO Haiyan, et al. Research on attack graph based on attributes adjacncy matrix[J]. Journal of Electronics &Information Technology, 2012, 34(7): 1744–1747. doi: 10.3724/SP.J.1146.2012.00261

黄永洪, 吴一凡, 杨豪璞, 等. 基于攻击图的APT脆弱节点评估方法[J]. 重庆邮电大学学报: 自然科学版, 2017, 29(4): 535–541. doi: 10.3979/j.issn.1673-825X.2017.04.017

HUANG Yonghong, WU Yifan, YANG Haopu, et al. Graph-based vulnerability assessment for APT attack[J]. Journal of Chongqing University of Posts and Telecommunications:Natural Science Edition, 2017, 29(4): 535–541. doi: 10.3979/j.issn.1673-825X.2017.04.017

叶子维, 郭渊博, 王宸东, 等. 攻击图技术应用研究综述[J]. 通信学报, 2017, 38(11): 121–132. doi: 10.11959/j.issn.1000-436x.2017213

YE Ziwei, GUO Yuanbo, WANG Chendong, et al. Survey on application of attack graph technology[J]. Journal on Communications, 2017, 38(11): 121–132. doi: 10.11959/j.issn.1000-436x.2017213

HU Hao, LIU Yulin, ZHANG Hongqi, et al. Security metric methods for network multistep attacks using AMC and big data correlation analysis[J]. Security and Communication Networks, 2018, 2018: 5787102. doi: 10.1155/2018/5787102

WANG Huan, CHEN Zhanfang, ZHAO Jianping, et al. A vulnerability assessment method in industrial internet of things based on attack graph and maximum flow[J]. IEEE Access, 2018, 6: 8599–8609. doi: 10.1109/ACCESS.2018.2805690

胡浩, 叶润国, 张红旗, 等. 面向漏洞生命周期的安全风险度量方法[J]. 软件学报, 2018, 29(5): 1213–1229. doi: 10.13328/j.cnki.jos.005507

HU Hao, YE Runguo, ZHANG Hongqi, et al. Vulnerability life cycle oriented security risk metric method[J]. Journal of Software, 2018, 29(5): 1213–1229. doi: 10.13328/j.cnki.jos.005507

WANG Lingyu, LIU Anyi, and JAJODIA S. Using attack craphs for correlating, hypothesizing, and predicting intrusion alerts[J]. Computer Communications, 2006, 29(15): 2917–2933. doi: 10.1016/j.comcom.2006.04.001

ROSCHKE S, CHENG F, and MEINEL C. A New Alert Correlation Algorithm Based on Attack Graph[M]. HERRERO Á, CORCHADO E. Computational Intelligence in Security for Information Systems. Berlin, Germany: Springer, 2011: 58–67.

ROSCHKE S, CHENG F, and MEINEL C. High-quality attack graph-based IDS correlation[J]. Logic Journal of the IGPL, 2013, 21(4): 571–591. doi: 10.1093/jigpal/jzs034

AHMADINEJAD S H, JALILI S, and ABADI M. A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs[J]. Computer Networks, 2011, 55(9): 2221–2240. doi: 10.1016/j.comnet.2011.03.005

吕慧颖, 彭武, 王瑞梅, 等. 基于时空关联分析的网络实时威胁识别与评估[J]. 计算机研究与发展, 2014, 51(5): 1039–1049. doi: 10.7544/issn1000-1239.2014.20120816

Huiying, PENG Wu, WANG Ruimei, et al. A real-time network threat recognition and assessment method based on association analysis of time and space[J]. Journal of Computer Research and Development, 2014, 51(5): 1039–1049. doi: 10.7544/issn1000-1239.2014.20120816

刘威歆, 郑康锋, 武斌, 等. 基于攻击图的多源告警关联分析方法[J]. 通信学报, 2015, 36(9): 135–144. doi: 10.11959/j.issn.1000-436x.2015193

LIU Weixin, ZHENG Kangfeng, WU Bin, et al. Alert processing based on attack graph and multi-source analyzing[J]. Journal on Communications, 2015, 36(9): 135–144. doi: 10.11959/j.issn.1000-436x.2015193

王硕, 汤光明, 寇广, 等. 基于因果知识网络的攻击路径预测方法[J]. 通信学报, 2016, 37(10): 188–198. doi: 10.11959/j.issn.1000-436x.2016210

WANG Shuo, TANG Guangming, KOU Guang, et al. Attack path prediction method based on causal knowledge net[J]. Journal on Communications, 2016, 37(10): 188–198. doi: 10.11959/j.issn.1000-436x.2016210

LIANG Wei, CHEN Zuo, YAN Xiaolong, et al. Multiscale entropy-based weighted hidden Markov network security situation prediction model[C]. 2017 IEEE International Congress on Internet Of Things (ICIOT), Honolulu, USA 2017: 97–104.

CVE. Common vulnerabilities and exposures[EB/OL]. http://cve.mitre.org/, 2018.

NIST. National vulnerability database[EB/OL]. https://nvd.nist.gov/, 2018.

CVSS v3.0: specification document[EB/OL].

Relative Articles

Supplements(0)

Cited By

Proportional views