摘要
为准确、全面地预测攻击行为并量化攻击威胁,提出一种基于攻击预测的安全态势量化方法。通过融合攻击方、防御方和网络环境态势要素,依据实时检测的攻击事件评估攻击者能力和漏洞利用率,并计算攻防期望耗时;进而设计基于动态贝叶斯攻击图的攻击预测算法,推断后续攻击行为;最后从主机和网络这2个层面将攻击威胁量化为安全风险态势。实例分析表明,该方法符合实际对抗网络环境,能够准确预测攻击发生时间并合理量化攻击威胁。
To predict the attack behaviors accurately and comprehensively as well as to quantify the threat of attack, a quantitative method for network security situation based on attack prediction was proposed. By fusing the situation factors of attacker, defender and network environment, the capability of attacker and the exploitability rate of vulnerability were evaluated utilizing the real-time detected attack events, and the expected time-cost for attack-defense were further calculated. Then an attack prediction algorithm based on the dynamic Bayesian attack graph was designed to infer the follow-up attack actions. At last, the attack threat was quantified as the security risk situation from two levels of the hosts and the overall network. Experimental analysis indicates that the proposed method is suitable for the real adversarial network environment, and is able to predict the occurrence time of attack accurately and quantify the attack threat reasonably.
出处
《通信学报》
EI
CSCD
北大核心
2017年第10期122-134,共13页
Journal on Communications
基金
国家高技术研究发展计划("863"计划)基金资助项目(No.2012AA012704
No.2015AA016006)
国家重点研发计划课题基金资助项目(No.2016YFF0204003)
郑州市科技领军人才基金资助项目(No.131PLJRC644)
"十三五"装备预研领域基金资助项目(No.61400020201)
CCF-启明星辰"鸿雁"科研计划基金资助项目(No.2017003)
公安部信息网络安全重点实验室开放课题基金资助项目(No.C15604)~~
关键词
攻击预测
安全态势
贝叶斯攻击图
攻防对抗
时间预测
attack prediction, security situation, Bayesian attack graph, attack-defense, time prediction
