In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in ...In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage.Besides,an algorithm of searching attack path was also obtained in accordence with its definition.Finally,an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree,the weight distribution information,and the attack paths.An example threat tree is given to verify the effectiveness of the algorithms.展开更多
Web applications have become a widely accepted method to support the internet for the past decade.Since they have been successfully installed in the business activities and there is a requirement of advanced functiona...Web applications have become a widely accepted method to support the internet for the past decade.Since they have been successfully installed in the business activities and there is a requirement of advanced functionalities,the configuration is growing and becoming more complicated.The growing demand and complexity also make these web applications a preferred target for intruders on the internet.Even with the support of security specialists,they remain highly problematic for the complexity of penetration and code reviewing methods.It requires considering different testing patterns in both codes reviewing and penetration testing.As a result,the number of hacked websites is increasing day by day.Most of these vulnerabilities also occur due to incorrect input validation and lack of result validation for lousy programming practices or coding errors.Vulnerability scanners for web applications can detect a few vulnerabilities in a dynamic approach.These are quite easy to use;however,these often miss out on some of the unique critical vulnerabilities in a different and static approach.Although these are time-consuming,they can find complex vulnerabilities and improve developer knowledge in coding and best practices.Many scanners choose both dynamic and static approaches,and the developers can select them based on their requirements and conditions.This research explores and provides details of SQL injection,operating system command injection,path traversal,and cross-site scripting vulnerabilities through dynamic and static approaches.It also examines various security measures in web applications and selected five tools based on their features for scanning PHP,and JAVA code focuses on SQL injection,cross-site scripting,Path Traversal,operating system command.Moreover,this research discusses the approach of a cyber-security tester or a security developer finding out vulnerabilities through dynamic and static approaches using manual and automated web vulnerability scanners.展开更多
The open and distributed connection of the powersystem makes it vulnerable to various potential cyber-attacks,which may lead to power outages and even casualties. Therefore,the construction of attack and defense drill...The open and distributed connection of the powersystem makes it vulnerable to various potential cyber-attacks,which may lead to power outages and even casualties. Therefore,the construction of attack and defense drill (ADD) platforms forattack mechanism investigation and protection strategy evaluationhas become a research hotspot. However, for the massiveand heterogeneous security analysis data generated during thedrill, it is rare to have a comprehensive and intuitive methodto visually and efficiently display the perspective of the attackerand defender. In order to solve this problem, this paper proposesa visual analysis scheme of an ADD framework for a grid cyberphysicalsystem (GCPS) based on the interactive visual analysismethod. Specifically, it realizes system weakness discovery basedon knowledge visualization, optimization of the detection modeland visualization interaction. Finally, the case study on thesimulation platform of ADD proves the effectiveness of theproposed method.展开更多
Recognizing attack intention is crucial for security analysis. In recent years, a number of methods for attack intention recognition have been proposed. However, most of these techniques mainly focus on the alerts of ...Recognizing attack intention is crucial for security analysis. In recent years, a number of methods for attack intention recognition have been proposed. However, most of these techniques mainly focus on the alerts of an intrusion detection system and use algorithms of low efficiency that mine frequent attack patterns without reconstructing attack paths. In this paper, a novel and effective method is proposed, which integrates several techniques to identify attack intentions. Using this method, a Bayesian-based attack scenario is constructed, where frequent attack patterns are identified using an efficient data-mining algorithm based on frequent patterns. Subsequently, attack paths are rebuilt by recorrelating frequent attack patterns mined in the scenario. The experimental results demonstrate the capability of our method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources. Specifically, to the best of our knowledge, the proposed method is the first to correlate complementary intrusion evidence with frequent pattern mining techniques based on the FP-Growth algorithm to rebuild attack paths and to recognize attack intentions.展开更多
This paper proposes a solution for the problem of cooperative salvo attack of multiple cruise missiles against targets in a group. Synchronization of the arrival time of missiles to hit their common target, minimizing...This paper proposes a solution for the problem of cooperative salvo attack of multiple cruise missiles against targets in a group. Synchronization of the arrival time of missiles to hit their common target, minimizing the time consumption of attack and maximizing the expected damage to group targets are taken into consideration simultaneously. These operational objectives result in a hierarchical mixed-variable optimization problem which includes two types of subproblems, namely the multi-objective missile-target assignment(MOMTA) problem at the upper level and the time-optimal coordinated path planning(TOCPP) problems at the lower level. In order to solve the challenging problem, a recently proposed coordinated path planning method is employed to solve the TOCPP problems to achieve the soonest salvo attack against each target. With the aim of finding a more competent solver for MOMTA, three state-of-the-art multi-objective optimization methods(MOMs),namely NSGA-II, MOEA/D and DMOEA-εC, are adopted. Finally, a typical example is used to demonstrate the advantage of the proposed method. A simple rule-based method is also employed for comparison. Comparative results show that DMOEA-εC is the best choice among the three MOMs for solving the MOMTA problem. The combination of DMOEA-εC for MOMTA and the coordinated path planning method for TOCPP can generate obviously better salvo attack schemes than the rule-based method.展开更多
Social engineering has posed a serious threat to cyberspace security.To protect against social engineering attacks,a fundamental work is to know what constitutes social engineering.This paper first develops a domain o...Social engineering has posed a serious threat to cyberspace security.To protect against social engineering attacks,a fundamental work is to know what constitutes social engineering.This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application.The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain,together with 22 kinds of relations describing how these entities related to each other.It provides a formal and explicit knowledge schema to understand,analyze,reuse and share domain knowledge of social engineering.Furthermore,this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios.7 knowledge graph application examples(in 6 analysis patterns)demonstrate that the ontology together with knowledge graph is useful to 1)understand and analyze social engineering attack scenario and incident,2)find the top ranked social engineering threat elements(e.g.the most exploited human vulnerabilities and most used attack mediums),3)find potential social engineering threats to victims,4)find potential targets for social engineering attackers,5)find potential attack paths from specific attacker to specific target,and 6)analyze the same origin attacks.展开更多
基金Supported by National Natural Science Foundation of China (No.90718023)National High-Tech Research and Development Program of China (No.2007AA01Z130)
文摘In order to evaluate all attack paths in a threat tree,based on threat modeling theory,a weight distribution algorithm of the root node in a threat tree is designed,which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage.Besides,an algorithm of searching attack path was also obtained in accordence with its definition.Finally,an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree,the weight distribution information,and the attack paths.An example threat tree is given to verify the effectiveness of the algorithms.
基金The author swould like to thank the Deanship of Scientific Research at Majmaah University for supporting this work under Project Number No-R-14xx-4x.
文摘Web applications have become a widely accepted method to support the internet for the past decade.Since they have been successfully installed in the business activities and there is a requirement of advanced functionalities,the configuration is growing and becoming more complicated.The growing demand and complexity also make these web applications a preferred target for intruders on the internet.Even with the support of security specialists,they remain highly problematic for the complexity of penetration and code reviewing methods.It requires considering different testing patterns in both codes reviewing and penetration testing.As a result,the number of hacked websites is increasing day by day.Most of these vulnerabilities also occur due to incorrect input validation and lack of result validation for lousy programming practices or coding errors.Vulnerability scanners for web applications can detect a few vulnerabilities in a dynamic approach.These are quite easy to use;however,these often miss out on some of the unique critical vulnerabilities in a different and static approach.Although these are time-consuming,they can find complex vulnerabilities and improve developer knowledge in coding and best practices.Many scanners choose both dynamic and static approaches,and the developers can select them based on their requirements and conditions.This research explores and provides details of SQL injection,operating system command injection,path traversal,and cross-site scripting vulnerabilities through dynamic and static approaches.It also examines various security measures in web applications and selected five tools based on their features for scanning PHP,and JAVA code focuses on SQL injection,cross-site scripting,Path Traversal,operating system command.Moreover,this research discusses the approach of a cyber-security tester or a security developer finding out vulnerabilities through dynamic and static approaches using manual and automated web vulnerability scanners.
基金the Science and Technology Project of State Grid Corporation of China(Research on key technologies of integrated electric power network security simulation and verification environment,521304190004).
文摘The open and distributed connection of the powersystem makes it vulnerable to various potential cyber-attacks,which may lead to power outages and even casualties. Therefore,the construction of attack and defense drill (ADD) platforms forattack mechanism investigation and protection strategy evaluationhas become a research hotspot. However, for the massiveand heterogeneous security analysis data generated during thedrill, it is rare to have a comprehensive and intuitive methodto visually and efficiently display the perspective of the attackerand defender. In order to solve this problem, this paper proposesa visual analysis scheme of an ADD framework for a grid cyberphysicalsystem (GCPS) based on the interactive visual analysismethod. Specifically, it realizes system weakness discovery basedon knowledge visualization, optimization of the detection modeland visualization interaction. Finally, the case study on thesimulation platform of ADD proves the effectiveness of theproposed method.
文摘Recognizing attack intention is crucial for security analysis. In recent years, a number of methods for attack intention recognition have been proposed. However, most of these techniques mainly focus on the alerts of an intrusion detection system and use algorithms of low efficiency that mine frequent attack patterns without reconstructing attack paths. In this paper, a novel and effective method is proposed, which integrates several techniques to identify attack intentions. Using this method, a Bayesian-based attack scenario is constructed, where frequent attack patterns are identified using an efficient data-mining algorithm based on frequent patterns. Subsequently, attack paths are rebuilt by recorrelating frequent attack patterns mined in the scenario. The experimental results demonstrate the capability of our method in rebuilding attack paths, recognizing attack intentions as well as in saving system resources. Specifically, to the best of our knowledge, the proposed method is the first to correlate complementary intrusion evidence with frequent pattern mining techniques based on the FP-Growth algorithm to rebuild attack paths and to recognize attack intentions.
基金supported by the National Natural Science Foundation of China under Grant No.61673058the NSFC-Zhejiang Joint Fund for the Integration of Industrialization and Informatization under Grant No.U1609214
文摘This paper proposes a solution for the problem of cooperative salvo attack of multiple cruise missiles against targets in a group. Synchronization of the arrival time of missiles to hit their common target, minimizing the time consumption of attack and maximizing the expected damage to group targets are taken into consideration simultaneously. These operational objectives result in a hierarchical mixed-variable optimization problem which includes two types of subproblems, namely the multi-objective missile-target assignment(MOMTA) problem at the upper level and the time-optimal coordinated path planning(TOCPP) problems at the lower level. In order to solve the challenging problem, a recently proposed coordinated path planning method is employed to solve the TOCPP problems to achieve the soonest salvo attack against each target. With the aim of finding a more competent solver for MOMTA, three state-of-the-art multi-objective optimization methods(MOMs),namely NSGA-II, MOEA/D and DMOEA-εC, are adopted. Finally, a typical example is used to demonstrate the advantage of the proposed method. A simple rule-based method is also employed for comparison. Comparative results show that DMOEA-εC is the best choice among the three MOMs for solving the MOMTA problem. The combination of DMOEA-εC for MOMTA and the coordinated path planning method for TOCPP can generate obviously better salvo attack schemes than the rule-based method.
基金the National Key Research and Development Program of China(2017YFB0802804)the Joint Fund of the National Natural Science Foundation of China(U1766215).
文摘Social engineering has posed a serious threat to cyberspace security.To protect against social engineering attacks,a fundamental work is to know what constitutes social engineering.This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application.The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain,together with 22 kinds of relations describing how these entities related to each other.It provides a formal and explicit knowledge schema to understand,analyze,reuse and share domain knowledge of social engineering.Furthermore,this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios.7 knowledge graph application examples(in 6 analysis patterns)demonstrate that the ontology together with knowledge graph is useful to 1)understand and analyze social engineering attack scenario and incident,2)find the top ranked social engineering threat elements(e.g.the most exploited human vulnerabilities and most used attack mediums),3)find potential social engineering threats to victims,4)find potential targets for social engineering attackers,5)find potential attack paths from specific attacker to specific target,and 6)analyze the same origin attacks.
