摘要
当前的大多数漏洞扫描器和入侵检测系统只能检测汇报孤立的漏洞和攻击。但网络中真正的威胁来自那些技术精湛的黑客,他们综合利用各种攻击手段绕开安全策略,逐步获得权限。这种复合攻击能渗透进看似防御严密的网络。攻击图是一种重要的网络安全漏洞分析工具,能用来关联警报,假设漏报,预测下一步的警报,对系统管理员理解威胁的本质从而采取适当对策是关键的。本文提出一种基于攻击图来关联并预测复合网络入侵的方法,该方法在实际网络环境中有良好的表现。
Most existing vulnerability scanners and intrusion detection systems can only report isolated vulnerabilities and attacks.But real threats to a network usually come from skilled attackers who employ multiple attacks to evade security measures and to gradually gain privileges.Such multi-step network intrusions can often infiltrate a seemingly well guarded network.Attack graphs are important tools for analyzing security vulnerabilities in networks,and can be used to correlate received alerts,hypothesize missing alerts,and predict future alerts.So attack graphs are crucial for system administrators to understand the nature of the threats and decide upon appropriate countermeasures.In this paper,we describe an attack graph-based approach to correlating and predicting multi-step network intrusions,which perform well in a real network.
出处
《网络安全技术与应用》
2010年第7期11-13,共3页
Network Security Technology & Application
关键词
复合攻击
入侵检测
攻击图
警报关联
multi-step attack
intrusion detection
attack graph
alert correlation
