KNEMAG:Key Node Estimation Mechanism Based on Attack Graph for IoT Security 被引量：4

下载PDF

导出

摘要 With the rapid development and widespread application of the IoT,the at-tacks against IoT vulnerabilities have become more complex and diverse.Most of the previous research focused on node vulnerability and its risk analysis.There is little information available about the importance of the location of the node in the system.Therefore,an estimation mechanism is proposed to assess the key node of the IoT system.The estimation of the key node includes two parts:one is the utilization relationship between nodes,and the other is the impact on the system after the node is conquered.We use the node importance value and the node risk value to quantify these two parts.First,the node importance value is calculated by considering the attack path that pass through the node and the probability that the attacker will abandon the attack.Second,in addition to node vulnerabilities and the consequences of being attacked,two quantitative indicators are proposed to comprehensively assess the impact of nodes on the system security,and the node risk value is calculated based on the grey correlation analysis method.Third,the key node in the IoT system could be obtained by integrating the node importance value and risk value.Finally,the simulation experiment result shows that the presented method could find the key node of the system quickly and accurately.

作者 Bichen Che Long Liu Huali Zhang

机构地区 School of Cyberspace Security College of New Media

出处《Journal on Internet of Things》 2020年第4期145-162,共18页

基金 This work is supported by the National Key R&D Program of China(2017YFB0802703) Major Scientific and Technological Special Project of Guizhou Province(20183001) Open Foundation of Guizhou Provincial Key VOLUME XX,2019 Laboratory of Public Big Data(2018BDKFJJ014) Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ019) Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ022).

关键词 IOT vulnerability assessment key node 1

分类号 TN9 [电子电信—信息与通信工程]

引文网络
相关文献

参考文献3

1孙知信,骆冰清,罗圣美,朱洪波.一种基于等级划分的物联网安全模型[J].计算机工程,2011,37(10):1-7. 被引量：18
2叶云,徐锡山,贾焰,齐治昌.基于攻击图的网络安全概率计算方法[J].计算机学报,2010,33(10):1987-1996. 被引量：44
3SU Jian,WEN Guangjun,HONG Danfeng.A New RFID Anti-collision Algorithm Based on the Q-Ary Search Scheme[J].Chinese Journal of Electronics,2015,24(4):679-683. 被引量：13

二级参考文献29

1冯萍慧,连一峰,戴英侠,鲍旭华.基于可靠性理论的分布式系统脆弱性模型[J].软件学报,2006,17(7):1633-1640. 被引量：30
2Mehta V, Bartzis C, Zhu H F. Ranking attack graphs//Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID). Hamburg, Germany, 2006, 127-144. 被引量：1
3Sawilla R, Ou X M. Identifying critical attack assets in dependency attack graphs//Proceedings of the 13th European Symposium on Research in Computer Security (ESORICS). Malaga, Spain, 2008:18-34. 被引量：1
4Ou X M, Boyer W F. A scalable approach to attack graph generation//Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS). Alexandria, USA, 2006. 336-345. 被引量：1
5Wang L Y, Tania I. An attack graph-based probabilistic security metric//Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec). London, UK, 2008:283-296. 被引量：1
6Homer J, Ou X M, Schmidt D. A sound and practical approach to quantifying security risk in enterprise networks. Kansas State University: Technical Report 2009-3, 2009. 被引量：1
7Singhal A, Ou X M. Security risk analysis of computer networks: Techniques and challenge//Proceedings of the 16th ACM Computer and Communications Security(CCS). Chicago, USA, 2009. 被引量：1
8Wang L Y, Singhal A, Jajodia S. Measuring the overall security of network configurations using attack graphs//Proceedings of the 21th IFIP WG 11. 3 Working Conference on Data and Applications Security (DBSee). Redondo Beach, CA, USA, 2007:98-112. 被引量：1
9Wang L Y, Singhal A, Jajodia S. Toward measuring network security using attack graphs//Proceedings of the 3rd International Workshop on Quality of Protection (QoP). Alexandria, USA, 2007:49-54. 被引量：1
10Shon T,Koo B,Choi H,et al.Security Architecture for IEEE 802.15.4-based Wireless Sensor Network[C] //Proc.of the 4th International Symposium on Wireless Pervasive Computing.Melbourne,Australia:[s.n.] ,2009:1-5. 被引量：1

共引文献72

1毕坤,韩德志.一种基于攻击图的云租户系统安全检测方法[J].华中科技大学学报（自然科学版）,2012,40(S1):30-33. 被引量：2
2孙梦梦,刘元安,刘凯明.物联网中的安全问题分析及其安全机制研究[J].保密科学技术,2011(11):61-66. 被引量：18
3杨鹏.漏洞扫描平台和未知安全隐患检测方法研究[J].自动化与仪器仪表,2016(7):143-144. 被引量：2
4叶云,徐锡山,齐治昌.大规模网络中攻击图的节点概率计算方法[J].计算机应用与软件,2011,28(11):136-139. 被引量：6
5王会梅,鲜明,王国玉.基于扩展网络攻击图的网络攻击策略生成算法[J].电子与信息学报,2011,33(12):3015-3021. 被引量：9
6朱随江,刘宝旭,刘宇,姜政伟.有环攻击图中的节点风险概率算法[J].计算机工程,2012,38(3):19-21. 被引量：1
7张道银,王薇.物联网安全威胁及对策[J].信息技术与标准化,2012(4):21-23. 被引量：3
8罗智勇,孙广路,刘嘉辉,王卫兵.攻击图算法在入侵防御系统中的应用[J].云南大学学报（自然科学版）,2012,34(3):271-275. 被引量：3
9罗卫敏,熊江,应宏,刘井波,陈晓峰.物联网中基于两层P2P结构的ONS模型[J].计算机工程,2012,38(12):79-81. 被引量：2
10杨娅.计算机系统漏洞的危害及处置措施分析[J].科技创新导报,2012,9(17):32-32. 被引量：1

同被引文献22

1盛洁谞,吴海昕,黄志刚.基于特性指标故障森林模型的软件关键件识别[J].火力与指挥控制,2010,35(12):171-173. 被引量：2
2赵健,王瑞,李正民,雷敏,马敏耀.物联网系统安全威胁和风险评估[J].北京邮电大学学报,2017,40(S1):135-139. 被引量：14
3吕晋军.车载钻机顶驱系统关键件的设计分析[J].煤矿机械,2017,38(3):78-80. 被引量：4
4夏卓群,李文欢,姜腊林,徐明.基于路径分析的电力CPS攻击预测方法[J].清华大学学报（自然科学版）,2018,58(2):157-163. 被引量：5
5高金萍,石竑松,贾炜,王峰.通用评估准则国际标准的修订进展[J].信息技术与标准化,2018(5):64-67. 被引量：5
6Guangyong Yang,Mengke Yang,Shafaq Salam,Jianqiu Zeng.Research on Protecting Information Security Based on the Method of Hierarchical Classification in the Era of Big Data[J].Journal of Cyber Security,2019,1(1):19-28. 被引量：5
7Paolina Centonze.Security and Privacy Frameworks for Access Control Big Data Systems[J].Computers, Materials & Continua,2019(5):361-374. 被引量：2
8Weihong Han,Zhihong Tian,Zizhong Huang,Lin Zhong,Yan Jia.System Architecture and Key Technologies of Network Security Situation Awareness System YHSAS[J].Computers, Materials & Continua,2019(4):167-180. 被引量：7
9杨威超,郭渊博,李涛,朱本全.基于流量指纹的物联网设备识别方法和物联网安全模型[J].计算机科学,2020,47(7):299-306. 被引量：13
10吕鹏,王晓玲,余红玲,王成,刘长欣.基于FDA的大坝渗流安全动态可拓评价模型[J].河海大学学报（自然科学版）,2020,48(5):433-439. 被引量：14

引证文献4

1Bin Zhang,Muhammad Waqas,Shanshan Tu,Syed Mudassir Hussain,Sadaqat Ur Rehman.Power Allocation Strategy for Secret Key Generation Method in Wireless Communications[J].Computers, Materials & Continua,2021(8):2179-2188. 被引量：1
2Jinxin Zuo,Yueming Lu,Hui Gao,Tong Peng,Ziyv Guo,Tong An,Enjie Liu.Security-Critical Components Recognition Algorithm for Complex Heterogeneous Information Systems[J].Computers, Materials & Continua,2021(8):2579-2595.
3Chao Li,Fan Li,Cheng Huang,Lihua Yin,Tianjie Luo,Bin Wang.A Traceable Capability-based Access Control for IoT[J].Computers, Materials & Continua,2022(9):4967-4982.
4陈翊璐,王子博,张耀方,梁超,刘红日,王佰玲.面向流程工业系统的关键攻击步骤识别[J].计算机技术与发展,2024,34(2):105-112.

二级引证文献1

1Muhammad Waqas,Shehr Bano,Fatima Hassan,Shanshan Tu,Ghulam Abbas,Ziaul Haq Abbas.Physical Layer Authentication Using Ensemble Learning Technique in Wireless Communications[J].Computers, Materials & Continua,2022(12):4489-4499. 被引量：1

1Zuoguang Wang,Hongsong Zhu,Peipei Liu,Limin Sun.Social engineering in cybersecurity:a domain ontology and knowledge graph application examples[J].Cybersecurity,2021,4(1):480-500. 被引量：4
2Weiwei Liu,Yang Tang,Fei Yang,Chennan Zhang,Dun Cao,Gwang-jun Kim.Internet of Things Based Solutions for Transport Network Vulnerability Assessment in Intelligent Transportation Systems[J].Computers, Materials & Continua,2020(12):2511-2527. 被引量：1
3Yaomin Zheng,Shudong Wang,Yue Cao,Jinlian Shi,Yi Qu,Liping Li,Tianjie Zhao,Zhenguo Niu,Rui Yang,Peng Gong.Assessing the ecological vulnerability of protected areas by using Big Earth Data[J].International Journal of Digital Earth,2021,14(11):1624-1637. 被引量：3
4Keiko Saito,Robin Spence.Mapping urban building stocks for vulnerability assessment preliminary results[J].International Journal of Digital Earth,2011,4(S01):117-130. 被引量：1

Journal on Internet of Things

2020年第4期

浏览历史

内容加载中请稍等...