一种面向组合攻击效能评估的Enhanced LAMBDA描述语言

An enhanced LAMBDA description language oriented to combined attack effectiveness evaluation

利用描述语言进行攻击建模能够更有效地刻画攻击细节。通过对网络攻击效能进行评估,可以对网络攻击的效果给出定性和定量的评价,检验攻击行为的有效性,有助于制定有效的网络安全策略。基于LAMBDA语言,扩充了时间约束和效能约束方面的描述能力,提出了一种增强的攻击描述语言Enhanced LAMBDA,并给出了Enhanced LAMBDA的应用实例。最后,利用DARPA数据集LLDOS1.0构造了网络组合攻击的测试场景,基于Enhanced LAMBDA对其进行效能评估。实验结果表明,Enhanced LAMBDA能有效支持网络组合攻击的效能评估。

Modeling attack actions with description language can depict the details of the attack more effectively. By evaluating the effectiveness of network attacks, the qualitative and quantitative evalua- tion of the effect of network attacks is concluded, and it can test the effectiveness of attack actions and help to establish effective security policy of network. Based on the LAMBDA description language, this paper expands its expressiveness on time constraints and effectiveness constraints, proposes an enhanced attack description language, the enhanced LAMBDA, and then gives an application example of the en- hanced LAMBDA. In the end, this paper uses DARPA data set, the LLDOS1.0, to construct a test sce- nario of combined attack of network and evaluates its effectiveness based on the enhanced LAMBDA. The experimental results indicate that Enhanced LAMBDA can effectively support the evaluation of ef- fectiveness of combined attacks.