两种网络环境中权限提升攻击分析与对比

Analysis and comparison of permission-elevating attack under two networks environment

下载PDF

导出

摘要为了分析分离映射网络对权限提升攻击的缓解作用,提出了一种基于损失期望的攻击图建模评估方法。首先根据网络状态和脆弱性信息确定属性节点和原子攻击节点,生成攻击图,然后根据攻击者选取的攻击序列计算其对目标网络造成损失的期望值。基于该方法对两种网络环境中权限提升攻击情况进行了建模分析对比,结果表明分离映射网络对权限提升攻击起到了良好的缓解作用,较传统网络具有明显的安全优势。 To analysis the role of the Identifier/Locator separated network in the mitigation of permission-elevating attack,an attack graph,a modeling and evaluating approach,based on the expected loss is introduced.First,determine the attribute nodes and the atomic attack nodes and generate the attack graph according to the network states and vulnerability information.On this basis,calculate the expectations of its loss on the target network according to the attacker＇s attack sequence.After a comparative analysis,it can be concluded that the Identifier/Locator separated network effectively alleviates the permission-elevating attack,and performs much better than the current one in network security.

作者刘颖唐建强张宏科

机构地区北京交通大学电子信息工程学院

出处《计算机工程与设计》 CSCD 北大核心 2012年第6期2101-2106,共6页 Computer Engineering and Design

基金国家自然科学基金项目(60833002 60903150 60972010) 中央高校基本科研业务费专项基金项目(2011JBM016)

关键词攻击图属性节点原子攻击节点损失期望分离映射网络权限提升攻击 attack graph attribute nodes atomic attack nodes expected loss identifier-locator split mapping network permission-elevating attack

分类号 TP393 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献16

1LIU Ying, WAN Ming, ZHANG Hongke, et al. Research on the data reconstruction method based on Identifier/Locator sepa- ration architecture [J]. Joumal of Internet Technology, 2011, 12 (4): 531-539.
2国家计算网络应急技术处理协调中心.2010年中国互联网网络安全报告[EB/OL].[2011-04-22].http://www.cert.org.cn/arti-cles/docs/common/2011042225342.shtml.
3RFC 4882, IP address location privacy and mobile IPv6: Pro- blem statement [S]. Koodli R, 2007.
4Draft-farinaeci-lisp-15, Locator/ID separation protocol (LISP) [S]. Farinacci D, Fuller V, Meyer D, et al. 2011.
5Draft-whittle-ivip-db-fast-push-04, Ivip mapping database fast push [S]. Whittle R, 2010.
6Draft-whittle-ivip-drtm-01, DRTM-Distributed real time map- ping for Ivip and LISP [S]. Whittle R, 2010.
7Drafl-adan-idr-tidr-01, Tunneled inter-domain routing (TIDR) [S]. Adan J J, 2006.
8张宏科,苏伟.新网络体系基础研究——一体化网络与普适服务[J].电子学报,2007,35(4):593-598. 被引量：127
9董平,秦雅娟,张宏科.支持普适服务的一体化网络研究[J].电子学报,2007,35(4):599-606. 被引量：59
10Murase T, Fukushima Y, Kobayashi M, et al. Performance evaluation of a multi-stage network event detection scheme against DDoS attacks [C]. 7th Asia-Pacific Symposium on In- formation and Telecommunication Technologies. Piscataway.. IEEE Publisher, 2008: 58-63.

二级参考文献66

1Swiler LP,Phillips C,Gaylor T.A graph-based network-vulnerability analysis system.Technical Report,SANDIA Report No.SAND 97-3010/1,1998.
2Swiler LP,Phillips C,Ellis D,Chakerian S.Computer-Attack graph generation tool.In:Proc.of the 2nd DARPA Information Survivability Conf.& Exposition.Los Alamitos:IEEE Computer Society Press,2001.307-321.
3Lippmann RP,Ingols KW.An annotated review of past papers on attack graphs.Technical Report,ESC-TR-2005-054,MIT Lincoln Laboratory,2005.
4Ritchey R,Ammann P.Using model checking to analyze network vulnerabilities.In:Proc.of the 2000 IEEE Symp.on Security and Privacy.Oakland:IEEE Computer Society Press,2000.156-165.
5Sheyner O,Jha S,Wing JM,Lippmann RP,Haines J.Automated generation and analysis of attack graphs.In:Hinton H,Blakley B,Abadi M,Bellovin S,eds.Proc.of the IEEE Symp.on Security and Privacy.Oakland:IEEE Computer Society Press,2002.273-284.
6Jha S,Sheyner O,Wing J.Two formal analyses of attack graphs.In:Proc.of the 15th IEEE Computer Security Foundations Workshop.Cape Breton:IEEE Computer Society,2002.49-63.
7Ou XM,Boyer WF,McQueen MA.A scalable approach to attack graph generation.In:Proc.of the 13th ACM Conf.on Computer and Communications Security.Alexandria:ACM Press,2006.336-345.
8Ou XM.A logic-programming approach to network security analysis[Ph.D.Thesis].Princeton:Princeton University,2005.
9Ammann P,Wijesekera D,Kaushik S.Scalable,graph-based network vulnerability analysis.In:Proc.of the 9th ACM Conf.on Computer and Communications Security.New York:ACM Press,2002.217-224.
10Jajodia S,Noel S,O'Beny B.Topological analysis of network attack vulnerability.In:Kumar V,Srivastava J,Lazarevic A,eds.Proc.of the Managing Cyber Threats:Issues,Approaches and Challenges.Netherlands:Kluwer Academic Publisher,2003.

共引文献242

1杨冬,张宏科,宋飞,李世勇.网络分层优先映射理论[J].中国科学：信息科学,2010,40(5):653-667.
2张宏科,罗洪斌.一体化可信网络与普适服务体系基础研究:目标、思路及进展[J].China Communications,2008,5(4):69-74. 被引量：2
3张宏科,黄道超.智慧标识网络的未来互联网体系[J].电信科学,2013,29(S1):20-28. 被引量：4
4廖建新.普适服务综述[J].中兴通讯技术,2008,14(1):32-35. 被引量：1
5王晟,虞红芳,许都.可信网络中安全、可控可管及可生存技术研究[J].中兴通讯技术,2008,14(1):36-41. 被引量：4
6张建伟,王卫卫,蔡增玉.三种新型移动性支持协议的分析研究[J].郑州轻工业学院学报（自然科学版）,2007,22(6):4-9.
7苘大鹏,杨武,杨永田.基于攻击图的网络脆弱性分析方法[J].南京理工大学学报,2008,32(4):416-419. 被引量：14
8董平,杨冬,秦雅娟,张宏科.新一代互联网移动管理机制研究[J].电子学报,2008,36(10):1916-1922. 被引量：8
9张建伟,王卫卫.UDP实现基于标识的终端移动性支持方案[J].通信技术,2008,41(12):149-151.
10司加全,张冰,苘大鹏,杨武.基于攻击图的网络安全性增强策略制定方法[J].通信学报,2009,30(2):123-128. 被引量：13

1沈才樑,唐科萍,俞立峰,樊甫伟.Android权限提升漏洞攻击的检测[J].电信科学,2012,28(5):115-119. 被引量：18
2李晓军,崔学政.应用G语言LabVIEW制作启动画面[J].微计算机信息,2004,20(9):46-46.
3蒋绍林,王金双,于晗,张涛,陈融.改进的Android强制访问控制模型[J].计算机应用,2013,33(6):1630-1636. 被引量：8
4张云亮,冯平法,鲍晟.LabVIEW在大数据量采集与处理软件中的应用[J].自动化仪表,2012,33(7):19-20. 被引量：13
5杨红,赵英俊.LabVIEW上复杂界面的设计[J].微计算机信息,2000,16(4):51-52. 被引量：5
6王聪,张仁斌,李钢.Android系统权限提升攻击检测技术[J].传感器与微系统,2017,36(1):146-148. 被引量：1
7杨红,赵英俊.LabVIEW中动画实现的一种新方法[J].机械与电子,2002,20(1):68-69. 被引量：1
8岳玉霞,张海滨,高存宝.INTRANET企业内部网[J].微型机与应用,1998,17(5):25-27. 被引量：5
9王懿.VPN技术及其安全优势的分析探究[J].魅力中国,2013(23):270-270. 被引量：1
10李兴江,时佃兴.Linux中安装虚拟Windows[J].网管员世界,2012(13):62-63.

计算机工程与设计

2012年第6期

浏览历史

内容加载中请稍等...

两种网络环境中权限提升攻击分析与对比

参考文献16

二级参考文献66

共引文献242

相关作者

相关机构

相关主题

浏览历史