Advanced Search
Volume 41 Issue 9
Sep.  2019
Turn off MathJax
Article Contents
Yingjie YANG, Qiang LENG, Ruixuan PAN, Hao HU. Research on Dynamic Threat Tracking and Quantitative Analysis Technology Based on Attribute Attack Graph[J]. Journal of Electronics & Information Technology, 2019, 41(9): 2172-2179. doi: 10.11999/JEIT181117
Citation: Yingjie YANG, Qiang LENG, Ruixuan PAN, Hao HU. Research on Dynamic Threat Tracking and Quantitative Analysis Technology Based on Attribute Attack Graph[J]. Journal of Electronics & Information Technology, 2019, 41(9): 2172-2179. doi: 10.11999/JEIT181117

Research on Dynamic Threat Tracking and Quantitative Analysis Technology Based on Attribute Attack Graph

doi: 10.11999/JEIT181117
Funds:  The National “863” High Technology Research and Development Program of China (2015AA016006), The National Key Research and Development Program of China (2016YFF0204003), The National Natural Science Foundation of China (61471344)
  • Received Date: 2018-12-04
  • Rev Recd Date: 2019-04-05
  • Available Online: 2019-04-22
  • Publish Date: 2019-09-10
  • Network multi-alarm information fusion processing is one of the most important methods to implement effectively network dynamic threat analysis. Focusing on this, a mechanism for dynamic threat tracking and quantitative analysis by using network system multi-alarm information is proposed. Firstly, the attack graph theory is used to construct the system dynamic threat attribute attack graph. Secondly, based on the privilege escalation principle, Antecedent Predictive Algorithm(APA), the Consequent Predictive Algorithm(CPA) and the Comprehensive Alarm Information Inference Algorithm(CAIIA) are designed to integrate the multi-alarm information fusion and do threat analysis. Then, the network dynamic threat tracking graph is generated to visualize the threat change situation. Finally, the effectiveness of the mechanism and algorithm is validates through experiments.
  • loading
  • 韦勇. 网络安全态势评估模型研究[D]. [博士论文], 中国科学技术大学, 2009.

    WEI Yong. Research on network security situational awareness model[D]. [Ph.D. dissertation], University of Science and Technology of China, 2009.
    梅海彬, 龚俭, 张明华. 基于警报序列聚类的多步攻击模式发现研究[J]. 通信学报, 2011, 32(5): 63–69. doi: 10.3969/j.issn.1000-436X.2011.05.009

    MEI Haibin, GONG Jian, and ZHANG Minghua. Research on discovering multi-step attack patterns based on clustering IDS alert sequences[J]. Journal on Communications, 2011, 32(5): 63–69. doi: 10.3969/j.issn.1000-436X.2011.05.009
    PHILLIPS C and SWILER L P. A graph-based system for network-vulnerability analysis[C]. The 1998 Workshop on New Security Paradigms, Charlottesville, USA, 1998: 71–79.
    SWILER L P, PHILLIPS C, ELLIS D, et al. Computer-attack graph generation tool[C]. The 2nd DARPA Information Survivability Conference and Exposition, Anaheim, USA, 2001: 307–321.
    王会梅, 鲜明, 王国玉. 基于扩展网络攻击图的网络攻击策略生成算法[J]. 电子与信息学报, 2011, 33(12): 3015–3021. doi: 10.3724/SP.J.1146.2011.00414

    WANG Huimei, XIAN Ming, and WANG Guoyu. A network attack decision-making algorithm based on the extended attack graph[J]. Journal of Electronics &Information Technology, 2011, 33(12): 3015–3021. doi: 10.3724/SP.J.1146.2011.00414
    苏婷婷, 潘晓中, 肖海燕, 等. 基于属性邻接矩阵的攻击图表示方法研究[J]. 电子与信息学报, 2012, 34(7): 1744–1747. doi: 10.3724/SP.J.1146.2012.00261

    SU Tingting, PAN Xiaozhong, XIAO Haiyan, et al. Research on attack graph based on attributes adjacncy matrix[J]. Journal of Electronics &Information Technology, 2012, 34(7): 1744–1747. doi: 10.3724/SP.J.1146.2012.00261
    黄永洪, 吴一凡, 杨豪璞, 等. 基于攻击图的APT脆弱节点评估方法[J]. 重庆邮电大学学报: 自然科学版, 2017, 29(4): 535–541. doi: 10.3979/j.issn.1673-825X.2017.04.017

    HUANG Yonghong, WU Yifan, YANG Haopu, et al. Graph-based vulnerability assessment for APT attack[J]. Journal of Chongqing University of Posts and Telecommunications:Natural Science Edition, 2017, 29(4): 535–541. doi: 10.3979/j.issn.1673-825X.2017.04.017
    叶子维, 郭渊博, 王宸东, 等. 攻击图技术应用研究综述[J]. 通信学报, 2017, 38(11): 121–132. doi: 10.11959/j.issn.1000-436x.2017213

    YE Ziwei, GUO Yuanbo, WANG Chendong, et al. Survey on application of attack graph technology[J]. Journal on Communications, 2017, 38(11): 121–132. doi: 10.11959/j.issn.1000-436x.2017213
    HU Hao, LIU Yulin, ZHANG Hongqi, et al. Security metric methods for network multistep attacks using AMC and big data correlation analysis[J]. Security and Communication Networks, 2018, 2018: 5787102. doi: 10.1155/2018/5787102
    WANG Huan, CHEN Zhanfang, ZHAO Jianping, et al. A vulnerability assessment method in industrial internet of things based on attack graph and maximum flow[J]. IEEE Access, 2018, 6: 8599–8609. doi: 10.1109/ACCESS.2018.2805690
    胡浩, 叶润国, 张红旗, 等. 面向漏洞生命周期的安全风险度量方法[J]. 软件学报, 2018, 29(5): 1213–1229. doi: 10.13328/j.cnki.jos.005507

    HU Hao, YE Runguo, ZHANG Hongqi, et al. Vulnerability life cycle oriented security risk metric method[J]. Journal of Software, 2018, 29(5): 1213–1229. doi: 10.13328/j.cnki.jos.005507
    WANG Lingyu, LIU Anyi, and JAJODIA S. Using attack craphs for correlating, hypothesizing, and predicting intrusion alerts[J]. Computer Communications, 2006, 29(15): 2917–2933. doi: 10.1016/j.comcom.2006.04.001
    ROSCHKE S, CHENG F, and MEINEL C. A New Alert Correlation Algorithm Based on Attack Graph[M]. HERRERO Á, CORCHADO E. Computational Intelligence in Security for Information Systems. Berlin, Germany: Springer, 2011: 58–67.
    ROSCHKE S, CHENG F, and MEINEL C. High-quality attack graph-based IDS correlation[J]. Logic Journal of the IGPL, 2013, 21(4): 571–591. doi: 10.1093/jigpal/jzs034
    AHMADINEJAD S H, JALILI S, and ABADI M. A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs[J]. Computer Networks, 2011, 55(9): 2221–2240. doi: 10.1016/j.comnet.2011.03.005
    吕慧颖, 彭武, 王瑞梅, 等. 基于时空关联分析的网络实时威胁识别与评估[J]. 计算机研究与发展, 2014, 51(5): 1039–1049. doi: 10.7544/issn1000-1239.2014.20120816

    Huiying, PENG Wu, WANG Ruimei, et al. A real-time network threat recognition and assessment method based on association analysis of time and space[J]. Journal of Computer Research and Development, 2014, 51(5): 1039–1049. doi: 10.7544/issn1000-1239.2014.20120816
    刘威歆, 郑康锋, 武斌, 等. 基于攻击图的多源告警关联分析方法[J]. 通信学报, 2015, 36(9): 135–144. doi: 10.11959/j.issn.1000-436x.2015193

    LIU Weixin, ZHENG Kangfeng, WU Bin, et al. Alert processing based on attack graph and multi-source analyzing[J]. Journal on Communications, 2015, 36(9): 135–144. doi: 10.11959/j.issn.1000-436x.2015193
    王硕, 汤光明, 寇广, 等. 基于因果知识网络的攻击路径预测方法[J]. 通信学报, 2016, 37(10): 188–198. doi: 10.11959/j.issn.1000-436x.2016210

    WANG Shuo, TANG Guangming, KOU Guang, et al. Attack path prediction method based on causal knowledge net[J]. Journal on Communications, 2016, 37(10): 188–198. doi: 10.11959/j.issn.1000-436x.2016210
    LIANG Wei, CHEN Zuo, YAN Xiaolong, et al. Multiscale entropy-based weighted hidden Markov network security situation prediction model[C]. 2017 IEEE International Congress on Internet Of Things (ICIOT), Honolulu, USA 2017: 97–104.
    CVE. Common vulnerabilities and exposures[EB/OL]. http://cve.mitre.org/, 2018.
    NIST. National vulnerability database[EB/OL]. https://nvd.nist.gov/, 2018.
    CVSS v3.0: specification document[EB/OL].
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(11)  / Tables(6)

    Article Metrics

    Article views (2740) PDF downloads(64) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return