摘要
现有攻击图生成和分析方法主要依赖漏洞评分信息,无法判断软硬件环境等外部因素对漏洞评分的影响并进行修正,导致生成的攻击图难以精确反映节点和路径的真实风险程度。知识图谱中信息抽取和知识推理等工具是对多源途径获取的漏洞相关信息进行融合的有效手段,可以更准确地反映网络中节点和路径的风险程度。首先,设计了基于原子攻击本体的知识图谱,以对攻击图的输入和显示信息进行扩展;然后,提出了基于知识图谱的扩展攻击图生成框架,并在此基础上给出了攻击图生成算法以及攻击成功率、攻击收益的计算方法,从而实现了对漏洞更全面和精确的评分;最后,通过实验验证了所提方法的有效性。
Existing attack graph generation and analysis techniques mainly depend on vulnerability scores.External factors such as hardware and software cann’t be considered to judge their impact and correct vulnerability scores.As a result,generated attack graph is difficult to accurately reflect the real risk of nodes and attack paths.Information extraction and knowledge reasoning in knowledge graph technique are effective means to integrate vulnerability information acquired by multiple sources,and can be used to calculate the risk of nodes and attack paths more accurately in the network.Firstly,knowledge graph based on atomic attack ontology is designed to extend the input and display information of attack graph.Then,an extended attack graph generation framework based on knowledge graph is proposed.On this basis,the attack graph generation algorithm and calculation of attack success rate and attack profit are given,so as to achieve a more comprehensive and accurate evaluation of vulnerabilities.Finally,experimental results verify the effectiveness of proposed method.
作者
叶子维
郭渊博
李涛
琚安康
YE Zi-wei;GUO Yuan-bo;LI Tao;JU An-kang(The Third Institute,Information Engineering University,Zhengzhou 450001,China)
出处
《计算机科学》
CSCD
北大核心
2019年第12期165-173,共9页
Computer Science
关键词
攻击图
知识图谱
攻击成功率
攻击收益
风险评估
Attack graph
Knowledge graph
Attack success rate
Attack profit
Risk assessment
