计算机工程 ›› 2018, Vol. 44 ›› Issue (7): 131-138.doi: 10.19678/j.issn.1000-3428.0047975

• 安全技术 • 上一篇    下一篇

基于关联攻击图的入侵预测算法

王辉,鹿士凯,王银城   

  1. 河南理工大学 计算机科学与技术学院,河南 焦作 454000
  • 收稿日期:2017-07-17 出版日期:2018-07-15 发布日期:2018-07-15
  • 作者简介:王辉(1975—),男,副教授、博士,主研方向为网络安全、无线传感器网络;鹿士凯、王银城,硕士研究生。
  • 基金项目:

    国家自然科学基金(61300216)。

Intrusion Prediction Algorithm Based on Correlation Attack Graph

WANG Hui,LU Shikai,WANG Yincheng   

  1. School of Computer Science and Technology,Henan Polytechnic University,Jiaozuo,Henan 454000,China
  • Received:2017-07-17 Online:2018-07-15 Published:2018-07-15

摘要:

针对攻击图模型无法准确反映攻击证据对入侵意图预测影响的难题,提出一种基于改进型攻击图的入侵预测算法。引入资源节点、攻击证据、单步攻击等参数,定义关联攻击图。为了计算单步攻击的发生概率,利用贝叶斯推理,设计关联关系量化算法,给出各节点可达概率的推算公式,动态预测网络中潜在的入侵意图。实验结果表明,与基于传统攻击图的入侵预测算法相比,该算法能有效消除攻击证据与单步攻击间的冗余关系,提高攻击证据节点置信度的准确性。

关键词: 关联攻击图, 关联关系, 贝叶斯推理, 可达概率, 入侵预测

Abstract:

In view of the problem that the attack graph model cannot accurately reflect the influence of the attack evidence on the prediction of intrusion intention,An intrusion prediction algorithm based on improved attack graph is proposed.Introduction of resource nodes,evidence,step attackers,parameters,such as defining Correlation Attack Graph (CAG),in order to calculate step attack probability,using bayesian inference,quantitative design correlation algorithm,each node is given to the calculation of probability formula of dynamic prediction in the network of potential invasion of intention.Experimental results show that compared with the traditional attack graph-based intrusion prediction algorithm,the proposed algorithm can effectively eliminate the evidence and single-step attacked redundant relation,and improve the accuracy of the evidence against node degree of confidence.

Key words: Correlation Attack Graph(CAG), correlation relationship, Bayesian inference, reachable probability, intrusion prediction

中图分类号: