摘要
攻击图模型是网络风险评估的主要技术之一,其通过攻击步骤之间的因果关系来描述攻击者从初始状态到目标状态的攻击过程,分析的整个过程也是以某种形式化方式表述的图数据为基础的,但分析时很少考虑网络链路、网络拥塞、入侵报警等不确定性。结合不确定图的概念将攻击图扩展为可能攻击图(PAG),给出了可能攻击图的构建方法,同时基于可达概率提出了最大可达概率求解算法和最大攻击子图生成及最大可能攻击路径选取算法。实验结果表明,本文所提方法能够在可接受的时间内生成可能攻击图,并能够有效地推测出攻击意图,为作为网络管理员的管理方提供决策依据。
The attack graph model which uses the causal relationship between the attack steps to infer the attack progress from the initial state to the target state is a key method for network risk assessment. And the whole analysis process is based on the graph data expressed in formal style, but few uncertainty factors such as the uncertainty degree of the network link, network congestion, and intrusion alarm, are considered. Based on the concept of uncertain graphs, we expand the attack graph content to a possible attack graph, describe the construction method for the possible attack graph, and propose a maximum probability algorithm and an algorithm to find maximum possible attack paths based on reachability. Experimental results show that we can generate the possible attack graph within acceptable time, effectively speculate the attack intentions, and provide decision-making foundation for a network administrator.
出处
《计算机工程与科学》
CSCD
北大核心
2017年第4期698-707,共10页
Computer Engineering & Science
基金
陕西省科学技术研究发展计划(2013K1117)
陕西省重点学科建设专项资金(E08001)
陕西省教育厅科技计划(12JK0789)
关键词
不确定图
攻击图
可能世界模型
可能攻击图
攻击意图推测
uncertain graph
attack graph
possible worlds model
possible attack model
attack intent inferring
