基于SQAG模型的攻击熵优化算法

doi:10.19678/j.issn.1000-3428.0056289

摘要/Abstract

摘要： 为降低网络安全风险，更好地实现网络攻击路径的优化，在现有网络攻击图的基础上构建SQAG模型对网络攻击进行建模。该模型将攻击过程离散化，每一时刻的攻击图包含攻击者在当前时刻已经占据的节点。同时利用攻击熵优化算法对子攻击路径进行成本收益分析，从而消除冗余路径。通过对攻击过程进行合理的推演，将精确推理的联结树算法应用到时序网络攻击图中，实时得到任意时刻攻击图的节点置信度。实验结果表明，在防火墙收紧访问尺度情况下，该模型网络攻击节点置信度随时间延长而降低，利用攻击熵优化算法消除冗余路径，可得到更准确的节点置信度。

关键词: SQAG模型, 置信度, 攻击熵, 成本收益分析, 联结树算法

Abstract: In order to reduce network security risks and better realize the optimization of network attack paths,this paper constructs a SQAG model for network attacks based on the existing network attack graphs.The model discretizes the attack process,in which the attack graph at each moment contains the nodes occupied by the attacker at that time.The attack entropy optimization algorithm is used to implement cost-benefit analysis of sub-attack paths,so as to reasonably eliminate redundant paths.Through reasonable deduction of the attack process,the joint tree algorithm that performs precise reasoning is applied to the sequential network attack graph to obtain the node confidence degree of the attack graph at any moment in real time.Experimental results show that when the firewall tightens the access scale,the confidence degree of each node in the proposed model decreases with time in the attack process.The redundant paths are eliminated by using the attack entropy optimization algorithm to obtain a more accurate confidence degree of nodes.

Key words: SQAG model, confidence degree, attack entropy, cost-benefit analysis, joint tree algorithm

中图分类号:

TP301.6

张俊, 张安康, 王辉. 基于SQAG模型的攻击熵优化算法[J]. 计算机工程, 2020, 46(10): 143-150.

ZHANG Jun, ZHANG Ankang, WANG Hui. Attack Entropy Optimization Algorithm Based on SQAG Model[J]. Computer Engineering, 2020, 46(10): 143-150.

http://www.ecice06.com/CN/Y2020/V46/I10/143

图/表 8

20201023092107

20201023092111

20201023092114

20201023092118

20201023092121

20201023092126

20201023092129

20201023092133

参考文献

[1] State Internet Center.2018 China Internet network security report[EB/OL].[2019-09-01].https://www.cert.org.cn/publish/main/46/index.html.(in Chinese)国家互联网中心.《2018年中国互联网网络安全报告》[EB/OL].[2019-09-01].https://www.cert.org.cn/publish/main/46/index.html.
[2] ABRAHAM S,NAIR S.A predictive framework for cyber security analytics using attackgraphs[J].International Journal of Computer Networks & Communications,2015,7(1):1-17.
[3] JIA Wei,LIAN Yifeng,FENG Dengguo,et al.Bayesian-network-approximate-reasoning-based method for network vulnerabilities evaluation[J].Journal on Communications,2008,29(10):191-198.(in Chinese)贾炜,连一峰,冯登国,等.基于贝叶斯网络近似推理的网络脆弱性评估方法[J].通信学报,2008,29(10):191-198.
[4] POOLSAPPASIT N,DEWRI R,RAY I.Dynamic security risk management using Bayesian attack graphs[M].[S.1.]:IEEE Computer Society Press,2012.
[5] WANG Hui,WANG Yincheng,LU Shikai.Attack path optimization algorithm based on time gain compensation rate[J].Computer Engineering,2018,44(8):190-197,204.(in Chinese)王辉,王银城,鹿士凯.基于时间增益补偿率的攻击路径优化算法[J].计算机工程,2018,44(8):190-197,204.
[6] XIE P,LI J H,OU X,et al.Using Bayesian networks for cyber security analysis[C]//Proceedings of 2010 IEEE/IFIP International Conference on Dependable Systems and Networks.Washington D.C.,USA:IEEE Press,2010:211-220.
[7] POOLSAPPASIT N,DEWRI R,RAY I.Dynamic security risk management using Bayesian attack graphs[J].IEEE Transactions on Dependable & Secure Computing,2012,9(1):61-74.
[8] XIAO Daoju,YANG Sujuan,ZHOU Kaifeng,et al.A study of evaluation model for network security[J].Journal of Huazhong University of Science and Technology(Nature Science),2002,30(4):37-39.(in Chinese)肖道举,杨素娟,周开锋,等.网络安全评估模型研究[J].华中科技大学学报(自然科学版),2002,30(4):37-39.
[9] JIANG Wei,FANG Binxing,TIAN Zhihong,et al.Evaluating network security and optimal active defense based on attack-defense game model[J].Chinese Journal of Computers,2009,32(4):817-827.(in Chinese)姜伟,方滨兴,田志宏,等.基于攻防博弈模型的网络安全测评和最优主动防御[J].计算机学报,2009,32(4):817-827.
[10] KAYNAR K.A taxonomy for attack graph generation and usage in network security[J].Journal of Information Security and Applications,2016,29(4):27-56.
[11] CHEN Xiaojun,FANG Binxing,TAN Qingfeng,et al.Inferring attack intent of malicious insider based on probabilistic attack graph model[J].Chinese Journal of Computers,2014,37(1):62-72.(in Chinese)陈小军,方滨兴,谭庆丰,等.基于概率攻击图的内部攻击意图推断算法研究[J].计算机学报,2014,37(1):62-72.
[12] WANG Hui,WANG Yunfeng,WANG Kunfu.Research on predicting attack path based on Bayesian inference[J].Application Research of Computers,2015,32(1):226-231.(in Chinese)王辉,王云峰,王坤福.基于贝叶斯推理的攻击路径预测研究[J].计算机应用研究,2015,32(1):226-231.
[13] ZHANG Shaojun,LI Jianhua,SONG Shanshan,et al.Using Bayesian inference for computing attack graph node beliefs[J].Journal of Software,2010,21(9):2376-2386.(in Chinese)张少俊,李建华,宋珊珊,等.贝叶斯推理在攻击图节点置信度计算中的应用[J].软件学报,2010,21(9):2376-2386.
[14] WANG Hui,LIU Shufen.A scalable predicting model for insider threat[J].Chinese Journal of Computers,2006,29(8):1346-1355.(in Chinese)王辉,刘淑芬.一种可扩展的内部威胁预测模型[J].计算机学报,2006,29(8):1346-1355.
[15] GHASEMIGOL M,GHAEMI-BAFGHI A,TAKABI H.A comprehensive approach for network attack forecasting[J].Computers & Security,2015,58:83-105.
[16] LI Heng,WANG Yongjun,CAO Yuan.Searching forward complete attack graph generation algorithm based on hypergraph partitioning[J].Procedia Computer Science,2017,107:27-38.
[17] HU Xiaojian,YANG Shanlin,MA Shanxi.Inference structure and construction algorithms of Bayesian network based on junction tree[J].Journal of System Simulation,2004,16(11):2559-2563.(in Chinese)胡小建,杨善林,马溪骏.基于联结树的贝叶斯网的推理结构及构造算法[J].系统仿真学报,2004,16(11):2559-2563.
[18] LIU Junna.Research on inference algorithm in Bayesian network[D].Hefei:Hefei University of Technology,2007.(in Chinese)刘俊娜.贝叶斯网络推理算法研究[D].合肥:合肥工业大学,2007.
[19] ZHU Mingmin.Research on Bayesian network structure learning and reasoning[D].Xi'an:Xidian University,2013.(in Chinese)朱明敏.贝叶斯网络结构学习与推理研究[D].西安:西安电子科技大学,2013.
[20] LIU Zhen,TAN Liang,ZHOU Mingtian.Bayesian inference based on global message propagation[J].Computer Science,2006,33(9):166-168.(in Chinese)刘震,谭良,周明天.基于全局消息传播的贝叶斯推理[J].计算机科学,2006,33(9):166-168.

选择文件类型/文献管理软件名称

选择包含的内容