摘要
针对现有攻击评估方法大多属于静态评估、无法有效应用于APT攻击长期潜伏、持续渗透的特点,分别从空间、时间两个维度入手,提出了一种面向APT攻击的攻击行为动态评估方法。通过对攻击行为在整个网络系统中进行因果关联,初步发现攻击痕迹;基于APT攻击的持续性特征,再对因果关联结果在时间层面上进行调整与修正,得到含有真实攻击信息的攻击动态因果行为链;结合CVSS标准对攻击行为链进行动态量化评估。设计实验对所提方法的有效性进行证明,实验结果显示该评估方法能够较为真实的反映APT攻击情况,能够对攻击收益进行合理有效的评估。
The existing attack assessment methods cannot effectively deal with the long-term concealment in APT attack. Aiming at the accurate assessment of attack behaviors in APT attack, the APT-oriented dynamic assessment of attack behaviors which focuses on both the space dimension and the time dimension is proposed. The attack behaviors are correlated in the causality-diversion among the whole network system to discover the attack paths. The attack paths are modified in the time-diversion to get the dynamic causal attack traces. The attack traces are quantified based on CFSS standard. The experimental result shows that the proposed method can correctly reflect the attack status and effectively assess the attack behavior.
作者
王晋东
杨豪璞
张恒巍
李涛
Wang Jindong, Yang Haopu, Zhang Hengwei, Li Tao(Information Engineering University, Zhengzhou 450001, China)
出处
《系统仿真学报》
CAS
CSCD
北大核心
2018年第10期3796-3806,共11页
Journal of System Simulation
基金
国家自然科学基金(61303074
61309013)
国家重点基础研究发展计划(2012CB315900)
关键词
APT攻击
攻击量化
动态评估
因果关联
APT attack
attack quantification
dynamic assessment
causal correlation