摘要
为了网络安全管理员能够在有限的资源条件下及时加固关键节点,减少网络攻击带来的损失,设计一种基于属性邻接矩阵和博弈理论的风险控制模型。该模型利用BFS攻击图简化算法删减攻击图中出现的环路和冗余节点,将简化后的攻击图转化为属性邻接矩阵,最后利用博弈理论得出可能的攻击路径和最优防御策略。实验结果表明,与传统风险控制方法相比,该模型解决了顶点和边数过多导致图结构过于复杂的问题,更具可视性地得出了攻击路径和原子攻击序列,可为信息系统管理员提供科学的理论参考。
A risk control model based on the attribute adjacency matrix and game theory is designed for the network security administrators to timely consolidate key nodes under the limited resource condition and reduce losses caused by network attacks. In the model,the BFS attack graph simplified algorithm is used to delete the loops and redundant nodes appearing in the attack graph. The simplified attack graph is transformed to the attribute adjacency matrix. The game theory is used to obtain possible attack paths and the optimal defense strategy. The experimental results show that,in comparison with traditional risk control methods,the model can solve the problem of too complex graph structure caused by excessive vertexes and edges,and obtain the attack paths and atomic attack sequence visually,which provides a scientific and theoretical reference for information system administrators.
引文
[1]Computer Security Institute.15th annual 2010/2011 computer crime and security survey[J].[2011-08-09].https://www.docin.com/p-241701547.html.
[2]陆余良,宋舜宏,程微微,等.网络攻击图生成方法分析[J].安徽大学学报(自然科学版),2010,34(4):23-30.LU Yuliang,SONG Shunhong,CHENG Weiwei,et al.Analysis of the generation approaches to network attack graphs[J].Journal of Anhui University(Natural sciences),2010,34(4):23-30.
[3]陈锋,张怡,苏金树,等.攻击图的两种形式化分析[J].软件学报,2010,21(4):838-848.CHEN Feng,ZHANG Yi,SU Jinshu,et al.Two formal analysis of attack graphs[J].Journal of software,2010,21(4):838-848.
[4]OU X M,BOYER W F,MCQUEEN M A.A scalable approach to attack graph generation[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.Alexandria:ACM,2006:336-345.
[5]HOMER J,OU X M,SCHMIDT D.A sound and practical approach to quantifying security risk in enterprise networks[J/OL].[2013-08-09].http://people.cs.ksu.edu/~xou/publications/tr_homer_0809.pdf.
[6]NOEL S,JAJODIA S.Understanding complex network attack graphs through clustered adjacency matrices[C]//Proceedings of the 21st Annual Computer Security Applications Conference.Tucson:IEEE,2006:160-169.
[7]LYE K W,WING J M.Game strategies in network security[J].International journal of information security,2015,4(1):71-86.
[8]姜伟.基于攻防博弈模型的主动防御关键技术研究[D].哈尔滨:哈尔滨工业大学,2010.JIANG Wei.Research on the key technology of active defense based on offensive and defensive game model[D].Harbin:Harbin Institute of Technology,2010.
[9]李庆朋,郑连清,张串绒,等.基于脆弱点利用关联的攻击图优化方法[J].计算机工程,2012,38(21):129-132.LI Qingpeng,ZHENG Lianqing,ZHANG Chuanrong,et al.Optimization method for attack graph based on vulnerability exploit correlation[J].Computer engineering,2012,38(21):129-132.
[10]SHEYNER O M.Scenario graphs and attack graphs[D].Pittsburgh:Carnegie Mellon University,2004.
[11]WANG L,NOEL S,JAJODIA S.Minimum-cost network hardening using attack graphs[J].Computer communications,2006,29(18):3812-3824.
[12]叶云,徐锡山,贾焰,等.基于攻击图的网络安全概率计算方法[J].计算机学报,2010,33(10):1987-1996.YE Yun,XU Xishan,JIA Yan,et al.An attack graph-based probabilistic computing approach of network security[J].Chinese journal of computers,2010,33(10):1987-1996.
[13]苏婷婷,潘晓中,肖海燕,等.基于属性邻接矩阵的攻击图表示方法研究[J].电子与信息学报,2012,34(7):1744-1747.SU Tingting,PAN Xiaozhong,XIAO Haiyan,et al.Research on attack graph based on attribute adjacency matrix[J].Journal of electronics&information technology,2012,34(7):1744-1747.
[14]RITCHEY R,O′BERRY B,NOEL S.Representing TCP/IPconnectivity for topological analysis of network security[C]//Proceedings of the 18th Annual Computer Security Applications Conference.Las Vegas:IEEE,2012:156-165.