摘要
针对目前缺少APT攻击中系统威胁风险评估理论模型的问题,提出了一种基于攻防树的网络攻击风险分析方法。将APT攻击过程分为攻击阶段与防护阶段,定义不同阶段内的参数计算方法,首先通过漏洞收集和攻击事件捕获构建攻击行为节点,并将防护对策映射为防护行为节点;其次形式化定义了漏洞成功利用概率、攻击成本、防护成本和系统损失度等参数,利用ADTool工具生成攻防树和节点参数值;然后引入攻击回报与防护回报的概念,作为系统风险分析的依据;最后构建了基于攻防树的攻击风险分析框架,并通过一个APT攻击实例对框架效果进行了验证。计算结果表明,可通过攻击回报等参数数值的变化评估采取防护对策的效果。该方法对攻防双方策略互相影响的场景描述更加贴近实际,实现了系统威胁风险度分析与防护策略效果评估的目的。
Considering the lack of theoretical analysis for systems under APT network attacks, this paper proposed a method to analyze attack risks based on attack-defense trees. This method divided the attack period into attack phase and defense phase and defined respective metrics as well. First, this method constructed behavior nodes by collecting system vulnerabilities and capturing invasive events, and mapped defense strategies to the defense nodes in the tree structure. Besides, it proposed the formal definitions of probability of success for threat, attack cost, defense cost and system impact, and constructed attack-de- fense tree with metrics using ADTool. In addition, it introduced the concepts of ROA ( return on attack) and ROI ( return on investment) to analyze system risk. Finally, this paper established a risk analysis framework based on attack-defense trees and demonstrated the proposed approach through a case of APT attack, The calculated results show that it can evaluate counter- measures through the change of metrics. The approach can clearly describe the practical scenario of the interaction between at- tacks and defenses, and can achieve the goals of risk analysis and countermeasures evaluation.
出处
《计算机应用研究》
CSCD
北大核心
2018年第2期511-514,551,共5页
Application Research of Computers
基金
国家自然科学基金资助项目(61572521)