云计算中的高级持久威胁攻击的建模与检测
发布时间:2021-07-29 12:27
安全性是许多使用云计算的组织所关注的一个重要问题。随着电子政务的出现,许多政府也开始关注和使用云计算技术,这无意中吸引了以大公司和政府为目标的高级持续威胁(APT)攻击者。云计算组件和大型网络中存在的安全漏洞(不限于虚拟机监控程序、虚拟机和虚拟化)是首要的安全问题。为了对这些网络中的APT攻击进行建模和检测,主要的挑战是勾画出高级持久威胁(APT)攻击者在利用云组件漏洞进行攻击的关联路径。为了填补现有文献中的空白,本文介绍了云计算和大型网络中APT攻击的建模和检测过程。在建模和检测过程中,考虑了两大类APT,即基于间谍的APT和有组织犯罪的APT。建模过程针对利用漏洞的攻击路径和后续攻击路径的生成,提出了一种基于动态贝叶斯网络的加权攻击路径建模技术。以及提出了一种基于关键节点和关键边缘的多源最短攻击路径优化算法。以云计算中的GameOver-Zeus僵尸网络为场景,将其建模为具有动态复杂网络特征的无标度网络。为了克服目前APT研究所面临的攻击网络动力学的局限性,提出了一种基于半监督学习方法和复杂网络特性的新型APT攻击检测模型。因此,整个目标网络随机建模可视为一个小世界网络,而其中的A...
【文章来源】:北京科技大学北京市 211工程院校 教育部直属院校
【文章页数】:151 页
【学位级别】:博士
【文章目录】:
Acknowledgements
Dedication
摘要
Abstract
List of Abbreviations
1 Introduction
1.1 Background
1.2 APT Attacks in Cloud Computing
1.3 Modeling APT Attacks in Cloud Computing Networks
1.4 Problem Statement and Research Questions
1.5 Innovations and Contributions
1.6 Scope and Significance of the study
1.7 Organization of the dissertation
2 Literature Review
2.1 Cyber-attacks in Cloud Computing Service Models
2.2 Cyber-attacks on Cloud Computing Deployment Models
2.3 Cyber and APT Attacks Modeling
2.3.1 Cyber-attacks Modeling Approaches
2.3.2 APT Attacks Modeling Approaches
2.4 Literature Review Summary
3 Design of the Modeling Methodology
3.1 Finite State Machines Model-APT States Modeling
3.2 Bayesian Networks Model-Vulnerability Exploitation
3.3 Complex Networks Model-Detection Modeling
3.4 APTs Botnets Utilization
3.5 Datasets
3.5.1 Data Processing and Analysis Methods
3.5.2 CVEs Datasets Processing
3.5.3 LANL Datasets Processing
3.6 Tools and Hardware Considerations
3.6.1 Data Processing Tools
3.6.2 Data Manipulation and Evaluation Tools
3.6.3 Network Graphing and Visualization Tools
3.6.4 Data Clustering and Classification Tools
3.6.5 Hardware and Testbed Environments
3.6.6 Scope and Limitations
4 The Bayesian Networks APT Attack Model
4.1 APT Attackers Profiling
4.2 Attacker's perception vs Actual system exploitability
4.3 Cloud Infrastructure Layer Partitioning
4.3.1 Attack Paths Formalizations
4.3.2 The Bayesian Attack Network
4.3.3 Conditional Probabilities with detection
4.3.4 Path Derivations and Conditional Probability Assignments
4.3.5 Optimized Shortest Path Algorithm and Edge Weighting
4.3.6 Attack Complexity and Time Cost
5 Finite State Machine Model for APT Attacks
5.1 FSM Model for APT Attacks on Discrete Hosts
5.1.1 Security States and Transitions of a Discrete Host
5.1.2 Formulation of the APT Attack Model
5.1.3 Attack Tree Integration and Analysis
5.2 FSM Model for Bayesian Networks APT Attacks
5.2.1 APT Attack Source
5.2.2 APT Attack State
5.2.3 APT Attack Nodes
5.3 Global FSM Model for APT Attacks
5.3.1 APT Attack State Transition Table
5.3.2 APT Attacks K-maps
6 Complex Networks Model for APT Attacks Detection
6.1 Unpredictability of APT Attack Lifecycle Stages
6.2 Dynamism of APT-ANs and Communication Networks
6.3 Imbalanced Data Distribution
6.4 Small World Communication Network Model
6.5 Scale-Free APT-AN Network Model
6.6 Scarcity of Public APT Data
6.7 FSM State Changes of Complex Network Nodes in APT-ANs
7 Data Preprocessing and Formatting
7.1 CVEs and Base Scores
7.2 Network flows and DNS
7.3 Feature Normalization
8 Modeling Results and Analyses
8.1 Bayesian Network Based APT Attack Paths
8.2 Detection of Multi-stages APTs by a Semi-supervised LearningApproach
8.2.1 Detection in the Infiltration Phase
8.2.2 Detection in the Lateral Movement Phase
8.2.3 Detection in the C2 Beaconing and Exfiltration Phase
8.2.4 Application of the Clustering and Classification Algorithms
9 Conclusion and Future Directions
9.1 Conclusion and Significance
9.2 Future Directions
References
作者简历及在学研究成果
学位论文数据集
本文编号:3309321
【文章来源】:北京科技大学北京市 211工程院校 教育部直属院校
【文章页数】:151 页
【学位级别】:博士
【文章目录】:
Acknowledgements
Dedication
摘要
Abstract
List of Abbreviations
1 Introduction
1.1 Background
1.2 APT Attacks in Cloud Computing
1.3 Modeling APT Attacks in Cloud Computing Networks
1.4 Problem Statement and Research Questions
1.5 Innovations and Contributions
1.6 Scope and Significance of the study
1.7 Organization of the dissertation
2 Literature Review
2.1 Cyber-attacks in Cloud Computing Service Models
2.2 Cyber-attacks on Cloud Computing Deployment Models
2.3 Cyber and APT Attacks Modeling
2.3.1 Cyber-attacks Modeling Approaches
2.3.2 APT Attacks Modeling Approaches
2.4 Literature Review Summary
3 Design of the Modeling Methodology
3.1 Finite State Machines Model-APT States Modeling
3.2 Bayesian Networks Model-Vulnerability Exploitation
3.3 Complex Networks Model-Detection Modeling
3.4 APTs Botnets Utilization
3.5 Datasets
3.5.1 Data Processing and Analysis Methods
3.5.2 CVEs Datasets Processing
3.5.3 LANL Datasets Processing
3.6 Tools and Hardware Considerations
3.6.1 Data Processing Tools
3.6.2 Data Manipulation and Evaluation Tools
3.6.3 Network Graphing and Visualization Tools
3.6.4 Data Clustering and Classification Tools
3.6.5 Hardware and Testbed Environments
3.6.6 Scope and Limitations
4 The Bayesian Networks APT Attack Model
4.1 APT Attackers Profiling
4.2 Attacker's perception vs Actual system exploitability
4.3 Cloud Infrastructure Layer Partitioning
4.3.1 Attack Paths Formalizations
4.3.2 The Bayesian Attack Network
4.3.3 Conditional Probabilities with detection
4.3.4 Path Derivations and Conditional Probability Assignments
4.3.5 Optimized Shortest Path Algorithm and Edge Weighting
4.3.6 Attack Complexity and Time Cost
5 Finite State Machine Model for APT Attacks
5.1 FSM Model for APT Attacks on Discrete Hosts
5.1.1 Security States and Transitions of a Discrete Host
5.1.2 Formulation of the APT Attack Model
5.1.3 Attack Tree Integration and Analysis
5.2 FSM Model for Bayesian Networks APT Attacks
5.2.1 APT Attack Source
5.2.2 APT Attack State
5.2.3 APT Attack Nodes
5.3 Global FSM Model for APT Attacks
5.3.1 APT Attack State Transition Table
5.3.2 APT Attacks K-maps
6 Complex Networks Model for APT Attacks Detection
6.1 Unpredictability of APT Attack Lifecycle Stages
6.2 Dynamism of APT-ANs and Communication Networks
6.3 Imbalanced Data Distribution
6.4 Small World Communication Network Model
6.5 Scale-Free APT-AN Network Model
6.6 Scarcity of Public APT Data
6.7 FSM State Changes of Complex Network Nodes in APT-ANs
7 Data Preprocessing and Formatting
7.1 CVEs and Base Scores
7.2 Network flows and DNS
7.3 Feature Normalization
8 Modeling Results and Analyses
8.1 Bayesian Network Based APT Attack Paths
8.2 Detection of Multi-stages APTs by a Semi-supervised LearningApproach
8.2.1 Detection in the Infiltration Phase
8.2.2 Detection in the Lateral Movement Phase
8.2.3 Detection in the C2 Beaconing and Exfiltration Phase
8.2.4 Application of the Clustering and Classification Algorithms
9 Conclusion and Future Directions
9.1 Conclusion and Significance
9.2 Future Directions
References
作者简历及在学研究成果
学位论文数据集
本文编号:3309321
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/3309321.html
