基于可能图的攻击意图检测方法
发布时间:2019-06-15 14:40
【摘要】:攻击图模型是网络风险评估的主要技术之一,其通过攻击步骤之间的因果关系来描述攻击者从初始状态到目标状态的攻击过程,分析的整个过程也是以某种形式化方式表述的图数据为基础的,但分析时很少考虑网络链路、网络拥塞、入侵报警等不确定性。结合不确定图的概念将攻击图扩展为可能攻击图(PAG),给出了可能攻击图的构建方法,同时基于可达概率提出了最大可达概率求解算法和最大攻击子图生成及最大可能攻击路径选取算法。实验结果表明,本文所提方法能够在可接受的时间内生成可能攻击图,并能够有效地推测出攻击意图,为作为网络管理员的管理方提供决策依据。
[Abstract]:Attack graph model is one of the main techniques of network risk assessment. It describes the attack process from initial state to target state by causality between attack steps. The whole process of analysis is also based on graph data expressed in some formal way, but the uncertainty such as network link, network congestion, intrusion alarm and so on is rarely considered in the analysis. Combined with the concept of uncertain graph, the attack graph is extended to possible attack graph (PAG), and the construction method of possible attack graph is given. at the same time, based on the reachability probability, the maximum reachability probability solution algorithm, the maximum attack subgraph generation and the maximum possible attack path selection algorithm are proposed. The experimental results show that the proposed method can generate the possible attack graph within an acceptable time, and can effectively infer the attack intention, which provides the decision basis for the management of the network administrator.
【作者单位】: 西安建筑科技大学管理学院;
【基金】:陕西省科学技术研究发展计划(2013K1117) 陕西省重点学科建设专项资金(E08001) 陕西省教育厅科技计划(12JK0789)
【分类号】:TP393.08
,
本文编号:2500295
[Abstract]:Attack graph model is one of the main techniques of network risk assessment. It describes the attack process from initial state to target state by causality between attack steps. The whole process of analysis is also based on graph data expressed in some formal way, but the uncertainty such as network link, network congestion, intrusion alarm and so on is rarely considered in the analysis. Combined with the concept of uncertain graph, the attack graph is extended to possible attack graph (PAG), and the construction method of possible attack graph is given. at the same time, based on the reachability probability, the maximum reachability probability solution algorithm, the maximum attack subgraph generation and the maximum possible attack path selection algorithm are proposed. The experimental results show that the proposed method can generate the possible attack graph within an acceptable time, and can effectively infer the attack intention, which provides the decision basis for the management of the network administrator.
【作者单位】: 西安建筑科技大学管理学院;
【基金】:陕西省科学技术研究发展计划(2013K1117) 陕西省重点学科建设专项资金(E08001) 陕西省教育厅科技计划(12JK0789)
【分类号】:TP393.08
,
本文编号:2500295
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2500295.html
