摘要
威胁评估是根据网络环境、脆弱性、攻击行为、防护措施等信息预测和评估攻击者的入侵意图和攻击行为的过程。针对网络信息的多源性和复杂性,提出了一种基于多源信息融合理论和方法的网络威胁动态评估方法。该方法在攻击图的基础上,通过分析脆弱性的利用难度来定义攻击状态之间的转换概率,应用D-S证据理论融合入侵检测系统的报警得到攻击者的攻击行为和攻击者的能力,最终预测攻击者的攻击意图以及攻击规则,并对网络威胁进行量化分析。实验验证了该方法的可行性和有效性。
Threat assessment is a process of prediction and estimation intrusive intention and attack action of an attacker according to network configurations,vulnerabilities,attack actions,safeguards and so on.Because of the variety and complexity of network information,a novel network threat assessment method based on multi-source fusion theory is proposed in this paper. On the basis of attack graph,the probabilities of attack state transition is defined by the difficulty analysis of vulnerability exploit. Then applying DS evidence theory,attack actions and capabilities of the attacker are obtained from alerts of intrusion detection system. Finally,intrusive intentions and attack plans can be projected through this method. The experimental results also prove the validity of the algorithm.
出处
《中国电子科学研究院学报》
北大核心
2016年第3期250-256,共7页
Journal of China Academy of Electronics and Information Technology
