摘要
为了分析多步攻击对网络系统的影响,准确、全面地反映系统的安全态势,提出一种面向多步攻击的网络安全态势评估方法。首先对网络中的安全事件进行场景聚类以识别攻击者;对每个攻击场景因果关联,识别出相应的攻击轨迹与攻击阶段;建立态势量化标准,结合攻击阶段及其威胁指数,实现对网络安全态势的评估。通过对2个网络攻防实验的测评分析表明,所提出的多步攻击分析方法符合实际应用,评估结果准确、有效。
Aiming at analyzing the influence of multi-step attack, as well as reflecting the system's security situation ac- curately and comprehensively, a network security situation evaluation method for multi-step attack was proposed. This method firstly clustered security events into several attack scenes, which was used to identify the attacker. Then the attack path and the attack phase were identified by causal correlation of every scene. Finally, combined with the attack phase as well as the threat index, the quantitative standard was established to evaluate the network security situation. The proposed method is assessed by two network attack-defense experiments, and the results illustrate accuracy and effectiveness of th~ method.
出处
《通信学报》
EI
CSCD
北大核心
2017年第1期187-198,共12页
Journal on Communications
基金
国家自然科学基金资助项目(No.61303074
No.61309013)
国家重点基础研究发展计划("973"计划)基金资助项目(No.2012CB315900)~~
关键词
场景聚类
多步攻击
安全态势
量化分析
scene clustering, multi-step attack, security situation, quantification analysis
