面向APT攻击的攻击行为动态评估方法

doi:10.16182/j.issn1004731x.joss.201810025

系统仿真学报 ›› 2018, Vol. 30 ›› Issue (10): 3796-3806.doi: 10.16182/j.issn1004731x.joss.201810025

面向APT攻击的攻击行为动态评估方法

王晋东, 杨豪璞, 张恒巍, 李涛

信息工程大学,河南郑州 450001

收稿日期:2016-09-08 修回日期:2016-12-19 出版日期:2018-10-10 发布日期:2019-01-04
作者简介:王晋东(1966-),男,山西,教授,博导,研究方向为信息安全、云计算;杨豪璞(1993-),女,河南,硕士,助工,研究方向为APT攻防、博弈论。
基金资助:
国家自然科学基金(61303074, 61309013),国家重点基础研究发展计划(2012CB315900)

APT-oriented Dynamic Assessment of Attack Behaviors

Wang Jindong, Yang Haopu, Zhang Hengwei, Li Tao

Information Engineering University, Zhengzhou 450001, China

Received:2016-09-08 Revised:2016-12-19 Online:2018-10-10 Published:2019-01-04

摘要/Abstract

摘要： 针对现有攻击评估方法大多属于静态评估、无法有效应用于APT攻击长期潜伏、持续渗透的特点,分别从空间、时间两个维度入手,提出了一种面向APT攻击的攻击行为动态评估方法。通过对攻击行为在整个网络系统中进行因果关联,初步发现攻击痕迹;基于APT攻击的持续性特征,再对因果关联结果在时间层面上进行调整与修正,得到含有真实攻击信息的攻击动态因果行为链;结合CVSS标准对攻击行为链进行动态量化评估。设计实验对所提方法的有效性进行证明,实验结果显示该评估方法能够较为真实的反映APT攻击情况,能够对攻击收益进行合理有效的评估。

关键词: APT攻击, 攻击量化, 动态评估, 因果关联

Abstract: The existing attack assessment methods cannot effectively deal with the long-term concealment in APT attack. Aiming at the accurate assessment of attack behaviors in APT attack, the APT-oriented dynamic assessment of attack behaviors which focuses on both the space dimension and the time dimension is proposed. The attack behaviors are correlated in the causality-diversion among the whole network system to discover the attack paths. The attack paths are modified in the time-diversion to get the dynamic causal attack traces. The attack traces are quantified based on CVSS standard. The experimental result shows that the proposed method can correctly reflect the attack status and effectively assess the attack behavior.

Key words: APT attack, attack quantification, dynamic assessment, causal correlation

中图分类号:

TP393.08

王晋东, 杨豪璞, 张恒巍, 李涛. 面向APT攻击的攻击行为动态评估方法[J]. 系统仿真学报, 2018, 30(10): 3796-3806.

Wang Jindong, Yang Haopu, Zhang Hengwei, Li Tao. APT-oriented Dynamic Assessment of Attack Behaviors[J]. Journal of System Simulation, 2018, 30(10): 3796-3806.

参考文献

[1] Defense USA Department of Trusted Computer System Evaluation Criteria[S]. DoD-5200, 28-STD, DoD, 1985.
[2] Board Common Criteria Editing. Common Criteria of Information Technology Security Evaluation[S]. 1998.
[3] M Schiffman. Common Vulnerability Scoring System Version 2.0 [EB/OL]. [2013-7-8]. http://www.first.org/ cvss/cvss-guide.html.
[4] Mell P, Scarfone K, Romanosky S. The common vulnerability scoring system (CVSS) andits applicability to federal agency systems, NIST Interagency Report7435 [R/OL]. (2007) [2014-01-17]. http:csrc.nist.gov/ publications/nistir/ir7435/NISTIR-7435.pdf.
[5] GB 17859-1999B 17859-1999. 计算机信息系统安全保护等级划分准则 [S]. 中国标准出版社, 1999.
GB 17859-1999B 17859-1999. Classification criteria for computer information system security protection [S]. Standards Press of China, 1999.
[6] GB/T18336-2001. 信息技术安全技术信息技术信息安全评估准则[S]. 中华人民共和国国家标准, 2001.
GB/T18336-2001. Information technology safety technology information technology information security evaluation criteria[S]. National Standard of the People’s Republic of China, 2001
[7] GB/T 20984-2007. 信息安全技术信息系统的风险评估规范 20984-2007. 信息安全技术信息系统的风险评估规范[S]. 中华人民共和国国家标准, 2005.
GB/T 20984-2007. Risk assessment specification for information security technology information system 20984-2007. Risk assessment specification for information security technology information system[S]. National Standard of the People’s Republic of China, 2005
[8] Poolsappasit N, Dewri R, Ray I.Dynamic security risk management using Bayesian attack graph[J]. IEEE Trans on Dependable and Secure Computing, 2012, 9(1): 61-74.
[9] 方研, 殷肖川, 李景志. 基于贝叶斯攻击图的网络安全量化评估研究[J]. 计算机研究应用, 2013, 30(9): 2763-2766.
FANG Yan, YIN Xiao-chuan, LI Jing-zhi.Research of quantitative network security assessment based on Bayesian-attack graphs[J]. Application Research of Computers, 2013, 30(9): 2763-2766.
[10] Helmer C, Wong J, Slagell M, et al.Software Fault Tree and Colored Petri net based Specification, Design and Implementation of Agent-based Intrusion Detection System[J]. Requirements Engineering, 2000, 7(4): 207-220.
[11] 张勇, 谭笑彬, 崔孝林, 等. 基于Markov博弈模型的网络安全态势感知方法[J]. 软件学报, 2011, 22(3): 495-508.
Zhang Yong, Tan Xiao-bin, Cui Xiao-lin.Network Security Situation Awareness Approach Based on Markov Game Model[J]. Journal of Software, 2011, 22(3): 495-508.
[12] Yee Weilaw, Tansu Alpcan, Marimuthu Palaniswami.Security Games for Risk Minization in Automatic Generation Control[J]. IEEE Transactions on Power Systems, 2015, 30(1): 223-232.
[13] 张少俊, 李建华, 宋珊珊. 贝叶斯推理在攻击图节点置信度计算中的应用[J]. 软件学报, 2010, 21(9): 2376-2386.
Zhang Shao-jun, Li Jian-hua, Song Shan-shan.Using Bayesian Inference for Computing Attack Graph Node Beliefs[J]. Journal of Software, 2010, 21(9): 2376-2386.
[14] Joint Task Force Transformation Initiative. Managing Information Security Risk: Organization, Mission, and Information System View [EB/OL]. [2011-03-01] http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf.
[15] Fatemeh Kavousi, Behzad Akbari.Automatic learning of attack behavior patterns using Bayesian networks[C]// 6’th International Symposium on Telecommunications (IST’2012). USA: IEEE, 2012: 999-1004.
[16] 陈剑锋, 王强, 伍淼. 网络APT攻击及防范策略[J]. 信息安全与通信保密, 2012(7): 24-27.
Chen Jian-feng, Wang Qiang, Wu Miao.Network-based APT attack and defense strategies[J]. Information Security and Communications Privacy, 2012(7): 24-27.
[17] 林龙成, 陈波, 郭向民. 传统网络安全防御面临的新威胁:APT攻击[J]. 信息安全, 2013, 4(3): 20-25.
Lin Long-cheng, Chen Bo, Guo Xiang-min.The new threat to traditional network security defense: APT attack[J]. Information Security, 2013, 4(3): 20-25.
[18] 杜跃进, 翟立东, 李跃, 等. 一种应对APT攻击的安全架构: 异常发现[J]. 计算机研究与发展, 2014, 51(7): 1633-1645.
Du Yue-jin, Zhai Li-dong, Li Yue.Security architecture to deal with APT attacks: abnormal discovery[J]. Journal of Computer Research and Development, 2014, 51(7): 1633-1645.
[19] J Moss. Capture the flag traffic dump [EB/OL]. [2017-09-04] http://www.defcon.org/html/links/dc-cft. html.

面向APT攻击的攻击行为动态评估方法

APT-oriented Dynamic Assessment of Attack Behaviors

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 7

编辑推荐

Metrics

本文评价

[1]	刘小虎, 张恒巍, 张玉臣, 马壮, 吕文雷. 基于博弈模型与NetLogo仿真的网络攻防态势研究[J]. 系统仿真学报, 2020, 32(10): 1918-1926.
[2]	刘渊, 冯兴兵, 王晓锋, 邓赵红. 面向虚实互联网络的链路采集技术研究[J]. 系统仿真学报, 2020, 32(3): 421-429.
[3]	柯钢. 基于合作对策论的网络安全态势组合预测模型[J]. 系统仿真学报, 2017, 29(5): 1153-1159.
[4]	张靖, 王衡军, 李俊全, 郁滨. 基于空间和时间密度的入侵报警聚合研究[J]. 系统仿真学报, 2016, 28(6): 1336-1343.
[5]	董崇杰. 全局分配策略在级联故障中的建模与研究[J]. 系统仿真学报, 2018, 30(11): 4172-4179.
[6]	闫茹, 费敏锐, 杜大军. 针对电力系统蓄意攻击的简要技术分析[J]. 系统仿真学报, 2017, 29(10): 2507-2517.
[7]	黄光球, 白璐. 基于对象Petri网的信任攻击建模与分析[J]. 系统仿真学报, 2017, 29(8): 1702-1711.