作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (9): 154-162. doi: 10.19678/j.issn.1000-3428.0055651

• 网络空间安全 • 上一篇    下一篇

基于PANAG模型的攻击路径预测研究

王辉, 赵雅, 张娟, 刘琨   

  1. 河南理工大学 计算机科学与技术学院, 河南 焦作 454000
  • 收稿日期:2019-08-05 修回日期:2019-10-04 发布日期:2019-10-17
  • 作者简介:王辉(1975-),男,教授、博士,主研方向为网络安全;赵雅、张娟,硕士研究生;刘琨(通信作者),副教授。
  • 基金资助:
    国家自然科学基金(61300216)。

Research on Attack Path Prediction Based on PANAG Model

WANG Hui, ZHAO Ya, ZHANG Juan, LIU Kun   

  1. College of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, Henan 454000, China
  • Received:2019-08-05 Revised:2019-10-04 Published:2019-10-17

摘要: 为准确预测网络攻击路径信息,提出一种基于概率属性网络攻击图(PANAG)的攻击路径预测方法。利用通用漏洞评分系统对弱点属性进行分析,设计节点弱点聚类算法以减少弱点数目,同时提出概率属性网络攻击图生成算法GeneratNAG,从而避免攻击图生成后可能存在的状态爆炸问题。综合分析影响网络攻击可行性的多方面因素,引入攻击价值的概念,提出一种基于攻击价值的路径生成算法BuildNAP,以消除冗余路径。在此基础上,通过PANAG模型定量分析基于入侵意图的不同入侵路径的可能性,预测攻击者最可能采取的攻击路径。实验结果表明,该方法的准确率与执行效率均较高。

关键词: 状态变迁, 节点弱点聚类, 攻击价值, 攻击可行性, 入侵意图

Abstract: In order to accurately predict network attack paths,this paper proposes an attack path prediction method based on Probabilistic Attribute Network Attack Graph(PANAG).The method uses the common vulnerability scoring system to analyze the vulnerability attributes,and designs a Node Vulnerability Clustering(NVC) algorithm to reduce the number of vulnerabilities.Also,the probability attribute network attack graph generation algorithm,GeneratNAG,is given to avoid the possible state explosion of generated attack graphs.Then a comprehensive analysis of factors that influence the feasibility of cyberattacks is made,and on this basis the concept of attack value is introduced.A path generation algorithm based on attack value,BuildNAP,is proposed to eliminate redundant paths.Finally,the PANAG model is used to quantitatively analyze the possibility of different intrusion paths based on intrusion intent,and predict the attack path that the attacker is most likely to take.Experimental results demonstrate the accuracy and execution efficiency of the proposed method.

Key words: state transition, Node Vulnerability Clustering(NVC), attack value, attack feasibility, intrusion intent

中图分类号: