基于攻击图的网络安全风险评估技术研究

发布时间：2018-02-22 22:58

本文关键词： 网络安全风险评估攻击图加固　出处：《吉林大学》2014年博士论文　论文类型：学位论文

【摘要】：随着网络技术的飞速发展，网络攻击事件的不断增多，网络安全问题越发引起人们的关注。网络安全风险评估是一种发现和处理网络安全问题的有效方法。传统的网络安全风险评估方法大都针对主机的孤立脆弱性的评估，没有考虑脆弱性间的依赖关系给网络的安全风险带来的影响。独立脆弱性可能不会对网络造成严重危害，但多个脆弱性被有效的组合起来却可能对网络造成巨大伤害。本文提出基于攻击图的网络安全风险评估方法，将攻击图技术应用到网络安全风险评估中，通过攻击图展示攻击者利用网络中脆弱性及脆弱性间依赖关系综合入侵目标网络的攻击场景，并在此基础上计算网络的安全风险和寻找最小代价的网络加固措施。本文给出了基于攻击图的网络安全风险评估框架，它包括网络信息模型化表示、攻击图生成、风险计算及安全加固四个模块。在攻击图的构建中，文章首先提出了构建全局攻击图。全局攻击图从攻击者最大限度获得网络安全要素的角度，，描绘一切可被攻击者的采用的攻击路径。为了构建全局攻击图，本文提出全局攻击图的构建框架，并给出全局攻击图的构建算法。由于全局攻击图描述了任意两个节点间的攻击路径，因此可能存在环路，这给基于攻击图的安全分析带来困难。为此，本文对攻击图中可能存在的三类环路进行讨论，给出消除环路的办法，并提出逆向搜索算法生成关于攻击目标的不含环路的最优攻击子图。在目标最优攻击子图基础上，本文对到达目标的攻击路径进行分析，并给出了获取攻击路径的算法及判断攻击路径是否为最简攻击路径的判定算法。由于攻击图的各节点间相依赖，为了准确计算各节点的发生概率，本文提出基于贝叶斯网络的精确概率计算方法。该方法分别给出攻击节点间的串联、并联及考虑攻击经验情况下，节点发生概率精确计算办法，并通过实例验证了方法的正确性。但是，由于贝叶斯网络本身是无环图，基于贝叶斯网络概率计算方法也只能适用于无环的攻击图，且计算繁杂度为指数级，不适合大规模网络使用。为了在含环的大规模攻击图中计算节点发生概率，根据“木桶原理”，本文提出了基于邻接矩阵的最大风险概率计算方法。该方法通过矩阵相乘运算推导出多步最大风险邻接矩阵，并将1步到n步最大风险邻接矩阵叠加，生成全局最大风险邻接矩阵，计算出全部节点的风险概率。该方法由于只采用矩阵相乘运算，因此计算繁杂度为多项式级，适用于大规模网络。该方法另外一个优势是能够正确识别和处理环路，对节点在环路内部及节点虽然在环路外部，但是经过若干步攻击会进入环路内部情况分别讨论，给出相应的识别和处理办法。通过风险计算得了到各节点的风险值，对超出接受程度的风险，必须采用安全加固措施消除风险。为了保证目标节点的安全，所采用安全加固措施必须能够切断所有到达目标节点的攻击路径。为此，本文描述关键攻击集及最小关键攻击集的概念，阐述了求解最小关键攻击集等价于碰集问题。由于攻击图中攻击节点依赖于前提属性节点，因此无法直接通过消除关键攻击集中的攻击节点阻止攻击，只能通过消除攻击节点所依赖的初始属性节点来阻止攻击。以前的研究文献中都假设初始属性可以独立消除，初始属性节点与加固措施一一对应，求解最小代价网络加固问题就是求解最优弥补集问题。但是，这种假设在很多情况下是不成立的，一个加固措施往往可同时消除多个初始属性节点。因此，本文放弃了这种假设，阐述了求解最小代价加固措施集问题，可转化为数学中的加权集合覆盖问题。本文还给出最小代价网络加固问题形式化描述。为了求解最小代价网络加固问题，本文首先提出基于弥补集的计算方法。该方法采用了传统的基于弥补集的计算思想，但放弃了初始属性节可以独立消除的假设，并且引入加固措施及加固措施集等思想，所以更能精确求解。但是，基于弥补集的计算方法的两个步骤都是NP完全问题，所以对应算法的复杂度必然很高。为了提高计算效率，本文提出基于转换的最小代价加固措施集计算方法，证明了最小代价网络加固问题与加权碰集问题的等价性，给出了将最小代价网络加固问题转化为加权碰集问题的办法，讨论了最小代价网络加固问题的扩展问题。由于最小代价网络加固问题与加权碰集问题等价，而加权碰集问题是已被证明的NP完全问题，因此精确求解最小代价网络加固问题的算法的时间复杂度必然为指数级，不适合大规模攻击图。为此，本文针对碰集问题提出近似算法，并将其应用基于弥补集的计算方法和基于转换的计算方法中。本文对基于弥补集计算方法和基于转换的计算方法进行对比分析，并通过五个不同规模的攻击图实例进行实验对比，结果表明基于转换的计算方法在计算效率和接近全局最优解的近似度上都优于基于弥补集计算方法。
[Abstract]:With the rapid development of network technology and the increasing of network attacks , the problem of network security is more and more concerned . The network security risk assessment is an effective way to discover and deal with network security problems . The traditional network security risk assessment method is mostly aimed at the evaluation of the isolated vulnerability of the host . The independent vulnerability may not cause serious harm to the network . However , multiple vulnerabilities can be effectively combined to cause great harm to the network . This paper presents a network security risk assessment method based on attack graph , which applies attack graph technology to network security risk assessment . The attack scenario of network security risk and minimum cost is calculated by attack graph . The framework of network security risk assessment based on attack graph is presented , which includes four modules : network information modeling , attack map generation , risk calculation and security reinforcement . In the construction of attack graph , this paper first puts forward the construction of global attack graph . The global attack graph obtains the security element ' s angle from the attacker ' s maximum limit , depicts the attack path that can be exploited by the attacker . In order to construct the global attack graph , this paper presents the construction framework of the global attack graph and gives the construction algorithm of the global attack graph . In order to accurately calculate the probability of occurrence of each node , a precise probability calculation method based on Bayesian network is proposed in order to accurately calculate the probability of occurrence of each node , and the correctness of the method is verified by examples . However , the Bayesian network itself is acyclic graph , and the calculation complexity is exponential , which is not suitable for large - scale network use . In order to calculate the probability of node occurrence in the large - scale attack graph with ring , the maximum risk probability calculation method based on adjacency matrix is presented in this paper . In order to ensure the safety of the target node , the security reinforcement measures must be adopted to eliminate the risk . In order to ensure the safety of the target node , the security reinforcement measures must be able to cut off all attack paths that reach the target node . In order to solve the problem of minimum cost network reinforcement , this paper first puts forward a calculation method based on the compensation set . The method adopts the assumption that the initial attribute section can be eliminated independently , and introduces the reinforcement measures and the set of reinforcement measures , so that the complexity of the corresponding algorithm is very high . In order to improve the calculation efficiency , this paper presents the equivalence of the minimum cost network reinforcement problem and the weighted collision set problem , and gives the method of converting the minimum cost network reinforcement problem into the weighted collision set problem , and discusses the extension problem of the minimum cost network reinforcement problem . Because of the equivalence of the minimum cost network reinforcement problem and the weighted collision set problem , the weighted collision set problem is the NP - complete problem which has been proved . Therefore , the time complexity of the algorithm for accurately solving the problem of minimum cost network reinforcement is necessarily exponential and is not suitable for large - scale attacks .

【学位授予单位】：吉林大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】