ZHU Yu-hui1,2, SONG Li-peng1,2
(1. School of Data Science and Technology, North University of China, Taiyuan 030051, China; 2. Research Institute of Big Data and Security, North University of China, Taiyuan 030051, China)
Abstract: The real-time of network security situation awareness (NSSA) is always affected by the state explosion problem. To solve this problem, a new NSSA method based on layered attack graph (LAG) is proposed. Firstly, network is divided into several logical subnets by community discovery algorithm. The logical subnets and connections between them constitute the logical network. Then, based on the original and logical networks, the selection of attack path is optimized according to the monotonic principle of attack behavior. The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA. The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s. Meanwhile, this method can give the same security strategy with other methods.
Key words: network security situation awareness (NSSA); layered attack graph (LAG); state explosion; community detection
CLD number: TP393.08 Document code: A
Article ID: 1674-8042(2019)02-0182-09 doi: 10.3969/j.issn.1674-8042.2019.02.011
References
[1]Liu X W, Wang H Q, Lü H W, et al. Fusion-based cognitive awareness-control model for network security situation. Journal of Software, 2016, 27(8): 2099-2114.
[2]Zhang Y, Tan X B, Cui X L, et al. Network security situation awareness approach based on markov game model. Journal of Software, 2011, 22(3): 495-508.
[3]Bass T. Intrusion detection systems and multisensor data fusion. Communications of the ACM, 2000, 43(4): 99-105.
[4]Zang X D, Su Q. Survey of network security situation awareness. Journal of Software, 2017, 28(4): 1010-1026.
[5]Chen X J, Fang B X, Tan Q F, et al. Inferring attack intent of malicious insider based on probabilistic attack graph model. Chinese Journal of Computers, 2014, 37(1): 62-72.
[6]Wang Y J, Xian M, Liu J, et al. Study of network security evaluation based on attack graph model. Journal on Communications, 2007, 28(3): 29-34.
[7]Liu Q, Yin J P, Cai Z P, et al. Uncertain-graph based method for network vulnerability analysis. Journal of Software, 2011, 22(6): 1398-1412.
[8]Zeng S W, Wen Z H, Dai L W, et al. Analysis of network security based on uncertain attack graph path. Computer Science, 2017, 44(S1): 351-355.
[9]Zhang C M, Chen T P, Zhang X Y, et al. A method of evaluating network system risk events probability based on attack tree. Fire Control & Command Control, 2010, 35(11): 17-19.
[10]Chen F, Liu D H, Zhang Y, et al. A hierarchical evaluation approach for network Security based on threat spread model. Journal of Computer Research and Development, 2011, 48(6): 945-954.
[11]Tian J W, Tian Z, Qi W H, et al. Threat propagation based security situation quantitative assessment in multi—node network. Journal of Computer Research and Development, 2017, 54(4): 731-741.
[12]Ma G, Du Y G, An B, et al. Risk evaluation of complex information system based on threat propagation sampling. Journal of Computer Research and Development, 2015, 52(7): 1642-1659.
[13]Lü H Y, Peng W, Wang R M, et al. A real-time network threat recognition and assessment method based on association analysis of time and space. Journal of Computer Research and Development, 2014, 51(5): 1039-1049.
[14]Liu Y L, Feng D G, Lian Y F, et al. Network situation prediction method based on spatial-time dimension analysis. Journal of Computer Research and Development, 2014, 51(8): 1681-1694.
[15]Wang S, Tang G M, Kou G, et al. Attack path prediction method based on causal knowledge net. Journal on Communications, 2016, 37(10): 188-198.
[16]Kaynar K, Sivrikaya F. Distributed attack graph generation. IEEE Transactions on Dependable & Secure Computing, 2016, 13(5): 519-532.
[17]Ammann P, Wijesekera D, Kaushik S. Scalable graph-based network vulnerability analysis. In: Proceedings of ACM Conference on Computer and Communications Security, Washington, 2002: 217-224.
[18]Blondel V D, Guillaume J L, Lambiotte R, et al. Fast unfolding of communities in large networks. Journal of Statistical Mechanics, 2008, (10): 155-168.
[19]Newman M E J. Fast algorithm for detecting community structure in networks. Physical review E, 2004, 69(6): 066133.
[20]Liu Y, Kang X H, Gao H, et al. A community detecting method based on the node intimacy and degree in social network. Journal of Computer Research and Development, 2015, 52(10): 2363-2372.
[21]Xi R R, Yun X C, Zhang Y Z. Quantitative threat situational assessment based on contextual information. Journal of Software, 2015, 26(7): 1638-1649.
基于层次攻击图的网络安全态势感知方法
朱宇辉1,2, 宋礼鹏1,2
(1. 中北大学 大数据学院, 山西 太原 030051; 2. 中北大学 大数据与网络安全研究所, 山西 太原 030051)
摘要: 现有的网络安全态势感知算法通常会面临状态爆炸问题, 严重影响算法的实时性。 针对这一问题, 提出了一个基于层次攻击图的网络安全态势感知方法。 首先, 利用社区发现算法将原网络划分为多个逻辑子网, 所有逻辑子网及其之间的连接关系构成网络的逻辑结构。 然后, 基于原始网络和逻辑网络结构, 优化攻击路径的选择, 避免生成不符合攻击行为单调性原则的路径。 该方法有效缩减了攻击路径规模, 解决了状态爆炸问题。实验结果表明, 基于层次攻击图的攻击路径生成用时仅为0.029 s, 与其它方法用时56 s相比提升显著。 此外, 该方法能提供与其它方法一致的防御策略。
关键词: 网络安全态势感知; 层次攻击图; 状态爆炸; 社区发现
引用格式:ZHU Yu-hui, SONG Li-peng. A network security situation awareness method based on layered attack graph. Journal of Measurement Science and Instrumentation, 2019, 10(2): 182-190. [doi: 10.3969/j.issn.1674-8042.2019.02.011]
[full text view]