基于主机攻击图的攻击识别

doi:10.3969/j.issn.1007-2861.2013.03.011

Journal of Shanghai University（Natural Science Edition） ›› 2013, Vol. 19 ›› Issue (3): 271-279.doi: 10.3969/j.issn.1007-2861.2013.03.011

• Computer Engineering and Science • Previous Articles Next Articles

Host-Based Attack Graph for Attack Recognition

QIAN Quan, ZHU Wei, LAI Yan-yan, ZHANG Rui

1. School of Computer Engineering and Science, Shanghai University, Shanghai 200072, China; 2. State Key Laboratory of Information Security, Chinese Academy of Sciences, Beijing 100190, China

Received:2012-11-05 Online:2013-06-30 Published:2013-06-30

Abstract

Abstract: This paper establishes a system of network attack recognition based on attack graph by defining a SAGML language, which uses three elements: state, behavior and relationship to describe an attack. State and behavior chain structure of the attack graph, and the construction and analysis of attack graph based on XML are discussed in detail. To improve efficiency of attack graph retrieval, the attack graph indexing and matching strategy are studied. Two typical attacks, SYNFlood and Peacomm, are used to show applications of the proposed method.

Key words: attack graph, attack graph indexing, attack graph matching

CLC Number:

TP 309

QIAN Quan, ZHU Wei, LAI Yan-yan, ZHANG Rui. Host-Based Attack Graph for Attack Recognition[J]. Journal of Shanghai University（Natural Science Edition）, 2013, 19(3): 271-279.

References

[1] Phillips C, Swiler L P. A graph-based system for network-vulnerability analysis [C]// Proceeding of the Workshop on New Security Paradigms. 1998: 71-79.

[2] Sheyner O M. Scenario graphs and attack graphs [D]. Pittsburgh: Carnegie Mellon University, 2004.

[3] Ritchey R W, Ammann P. Using model checking to analyze network vulnerabilities [C]// Proceedings of the 2000 IEEE Symposium on Security and Privacy. 2000: 156-165.

[4] Roschke S, Cheng F, Meinel C. A new alert correlation algorithm based on attack graph [C]// Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS’11). 2011: 58-67.

[5] 顾婷. 基于攻击图的网络安全评估[D]. 武汉: 华中师范大学, 2010.

[6] Eckmann S T, Vigna G, Kemmerer R A. STATL: an attack language for state-based intrusion detection [J]. Journal of Computer Security, 2002, 10(1/2): 71-103.

[7] 徐立. 基于攻击图模型的网络安全分析方法研究[D]. 上海: 上海交通大学, 2010.

[8] Roschke S, Cheng F, Meinel C. Using vulnerability information and attack graphs for intrusion detection [C]// 2010 6th International Conference on Information Assurance and Security. 2010: 68-73.

[9] 姚兰, 王新梅, 何金勇, 等. 基于攻击描述语言的IDS基准测试技术研究[J]. 计算机工程与应用, 2005, 41(33): 1-4.

[10] Yilmaz E. Survey of intrusion detection and attack description languages based on monitoring program behavior [EB/OL]. [2013-03-01]. http:// ww2.cs.fsu.edu/ yilmaz/ AreaExam/ Area-Exam.ppt.

[11] Eckmann S T, Vigna G, Kemmerer R A. STATL definition [D]. Santa Barbara: University of California Santa Barbara, 2001.

[12] 薄建业. 基于攻击模式的攻击图生成技术研究[D]. 武汉: 国防科技大学, 2009.

[13] Porras P, Sa¨?di H, Yegneswaran V. A multiperspective analysis of the storm (peacomm) worm [EB/OL]. [2013-01-02]. http://www.cyber-ta.og/pubs/StormWorm.

[14] Steggink M, Idziejczak I. Detection of peer-to-peer botnets [EB/OL]. [2013-02-05]. http://staff.science.uva.nl/delaat/rp/2007-2008/p22/report.pdf.

Host-Based Attack Graph for Attack Recognition

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 3

Recommended Articles

Metrics

Comments

[1]	WANG Li1,2, WANG Qing-wen1. Note on Cheater Detection in Secret Sharing Scheme Using Projection Matrix [J]. Journal of Shanghai University（Natural Science Edition）, 2013, 19(3): 298-302.
[2]	QIAN Quan, WANG Tian-hong, HUANG Guo-rui, ZHANG Rui. Cyclic Key Update Scheme Based on Sharing Group for Distributed Secure Storage [J]. Journal of Shanghai University（Natural Science Edition）, 2013, 19(1): 39-43.
[3]	. Generalized Multiplicative Watermarking Based on Human Visual System [J]. Journal of Shanghai University（Natural Science Edition）, 2012, 18(2): 111-116.