基于权能的黑客攻击场景建模方法

MODELING ATTACK SCENARIO WITH CAPABILITY

攻击场景的建模和识别能够为安全管理员提供黑客攻击过程的高层视图,并为攻击响应提供更精确的决策信息。目前,攻击场景建模已经成为网络与信息安全的热点之一。黑客攻击常常需要实施多个不同性质的攻击步骤,这些攻击步骤形成了攻击场景。黑客可以通过变异、重排、替换、分布、循环等手段产生几乎无穷的不同种攻击场景以达到攻击目的。这种攻击步骤的变异性和攻击组合的多样性是攻击场景建模的难点。研究了现有的攻击场景建模方法,提出使用权能表达的需求/提供关系来建模黑客攻击场景,该方法具有同时考虑攻击变体的层次性和攻击组合的多样性优点。

Attack scenario modeling and recognizing technology can provide the security system operator（SSO） with the high-level attack views and precise decision information for response, and it has been a hot research direction in network and information security domain. In order to succeed in attacking, attackers often use different steps and various skills such as mutation, re-sequencing, substitution,distribution, looping etc. to construct almost infinite attack scenarios. The variation in attack steps and diversity in scenario constructions lead to difficulties in attack scenario modeling and recognizing. On the basis of researches of the present attack scenario modeling technologies, a new attack scenario modeling using Requires/Provides relation represented by Capability is proposed, which can take both the various attack steps and diverse scenario constructions into consideration simultaneously.