基于攻击图模型的网络可能入侵估计研究

发布时间：2018-05-01 05:05

本文选题：网络攻击 + 攻击图　；参考：《微电子学与计算机》2016年02期

【摘要】：提出了一种基于攻击图模型的网络可能入侵估计方法.该方法先将以往每次成功的网络入侵行为都当作一次网络状态的变迁,并以此为依据定义网络攻击图、网络入侵路径、网络攻击行动,并预测攻击者下一次入侵目标的可能性和选择入侵路径的可能性,在此基础上融合已知和潜在的网络入侵威胁因素构建网络入侵的原子攻击库,计算系统网络环境下入侵者所面临的攻击压力与收益期望,对网络入侵者在决策时的攻击意愿进行量化,以量化后的结果为基础建立网络可能入侵估计风险模型,利用该模型给出网络可能入侵估计量化的风险值,从而有效地完成对网络可能入侵的估计.实验仿真证明,基于攻击图模型的网络可能入侵估计方法具有良好的可行性和有效性,可大幅减少不可信报警数量.
[Abstract]:In this paper, a network possible intrusion estimation method based on attack graph model is proposed. This method regards every successful network intrusion behavior as a change of network state, and defines the network attack graph, network intrusion path, network attack action according to the network attack graph, network intrusion path and network attack action. It also predicts the possibility of the attacker's next invasion target and the possibility of choosing the invasion path. On this basis, the atomic attack library of the network intrusion is constructed by combining the known and potential network intrusion threat factors. The attack pressure and profit expectation of the intruder in the network environment are calculated. The network intruder's intention to attack in the decision-making is quantified, and the risk model of the network possible intrusion estimation is established based on the quantized results. By using this model, the quantization risk value of network possible intrusion estimation is given, so that the estimation of possible network intrusion can be completed effectively. The simulation results show that the network likelihood intrusion estimation method based on attack graph model is feasible and effective, and can greatly reduce the number of untrusted alerts.
【作者单位】：呼伦贝尔学院计算机科学与技术学院;
【分类号】：TP393.08

【相似文献】