一种基于ATI的网络攻击路径预测方法
传统基于贝叶斯网络攻击图的攻击路径预测方法容易产生冗余路径,节点置信度计算不够精确。为此,提出一种新的九元组攻击图模型。定义资源脆弱性指数和攻击行为风险的概念,结合攻击威胁性指数分析(ATI)方法,给出基于威胁性指数分析的攻击路径生成方法,通过将操作成本的概念引入到似然加权抽样法中,使节点置信度的计算更加精确,并尽可能避免冗余路径的产生。分析结果表明,该方法能有效减免冗余路径的产生,提高节点置信度计算结果的精度。...
Saved in:
| Published in | 计算机工程 Vol. 42; no. 9; pp. 132 - 137 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | Chinese |
| Published |
河南理工大学计算机科学与技术学院,河南焦作454000
2016
吉林大学计算机科学与技术学院,长春130012%河南理工大学计算机科学与技术学院,河南焦作,454000%吉林大学计算机科学与技术学院,长春,130012 |
| Subjects | |
| Online Access | Get full text |
| ISSN | 1000-3428 |
| DOI | 10.3969/j.issn.1000-3428.2016.09.024 |
Cover
| Summary: | 传统基于贝叶斯网络攻击图的攻击路径预测方法容易产生冗余路径,节点置信度计算不够精确。为此,提出一种新的九元组攻击图模型。定义资源脆弱性指数和攻击行为风险的概念,结合攻击威胁性指数分析(ATI)方法,给出基于威胁性指数分析的攻击路径生成方法,通过将操作成本的概念引入到似然加权抽样法中,使节点置信度的计算更加精确,并尽可能避免冗余路径的产生。分析结果表明,该方法能有效减免冗余路径的产生,提高节点置信度计算结果的精度。 |
|---|---|
| Bibliography: | attack graph ; attack path ; vulnerability assessment; attack threat ; likelihood weighted sampling 31-1289/TP WANG Hui 1,2 ,WANG Tengfei 1 ,LIU Shufen2 ( 1. College of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, Henan 454000, China; 2. College of Computer Science and Technology, Jilin University, Changchun 130012, China) The traditional attack path prediction method based on Bayesian network attack graph is easy to produce redundant paths,and node confidence degree calculation is not precise enough. In order to solve these problems,this paper presents a new nine tuples attack graph model,and defines the resource vulnerability index and aggressive behavior risk. Combined with Attack Threat Index (ATI) analysis method, the attack path generation method based on threat index analysis is proposed. The concept of operating cost is introduced into the likelihood weighted sampling method to make node confidence degree calculation more precise and avoid redundant path generation. Analysis re |
| ISSN: | 1000-3428 |
| DOI: | 10.3969/j.issn.1000-3428.2016.09.024 |