中文

Journal of Shanghai University >

2013 , Vol. 19 >Issue 3: 271 - 279

DOI: https://doi.org/10.3969/j.issn.1007-2861.2013.03.011

Computer Engineering and Science

Host-Based Attack Graph for Attack Recognition

Expand
  • 1. School of Computer Engineering and Science, Shanghai University, Shanghai 200072, China; 2. State Key Laboratory of Information Security, Chinese Academy of Sciences, Beijing 100190, China

Received date: 2012-11-05

  Online published: 2013-06-30

Fold

Abstract

This paper establishes a system of network attack recognition based on attack graph by defining a SAGML language, which uses three elements: state, behavior and relationship to describe an attack. State and behavior chain structure of the attack graph, and the construction and analysis of attack graph based on XML are discussed in detail. To improve efficiency of attack graph retrieval, the attack graph indexing and matching strategy are studied. Two typical attacks, SYNFlood and Peacomm, are used to show applications of the proposed method.

Key words: attack graph; attack graph indexing; attack graph matching

Cite this article

QIAN Quan, ZHU Wei, LAI Yan-yan, ZHANG Rui . Host-Based Attack Graph for Attack Recognition[J]. Journal of Shanghai University, 2013 , 19(3) : 271 -279 . DOI: 10.3969/j.issn.1007-2861.2013.03.011

References

[1] Phillips C, Swiler L P. A graph-based system for network-vulnerability analysis [C]// Proceeding of the Workshop on New Security Paradigms. 1998: 71-79.

[2] Sheyner O M. Scenario graphs and attack graphs [D]. Pittsburgh: Carnegie Mellon University, 2004.

[3] Ritchey R W, Ammann P. Using model checking to analyze network vulnerabilities [C]// Proceedings of the 2000 IEEE Symposium on Security and Privacy. 2000: 156-165.

[4] Roschke S, Cheng F, Meinel C. A new alert correlation algorithm based on attack graph [C]// Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS’11). 2011: 58-67.

[5] 顾婷. 基于攻击图的网络安全评估[D]. 武汉: 华中师范大学, 2010.

[6] Eckmann S T, Vigna G, Kemmerer R A. STATL: an attack language for state-based intrusion detection [J]. Journal of Computer Security, 2002, 10(1/2): 71-103.

[7] 徐立. 基于攻击图模型的网络安全分析方法研究[D]. 上海: 上海交通大学, 2010.

[8] Roschke S, Cheng F, Meinel C. Using vulnerability information and attack graphs for intrusion detection [C]// 2010 6th International Conference on Information Assurance and Security. 2010: 68-73.

[9] 姚兰, 王新梅, 何金勇, 等. 基于攻击描述语言的IDS基准测试技术研究[J]. 计算机工程与应用, 2005, 41(33): 1-4.

[10] Yilmaz E. Survey of intrusion detection and attack description languages based on monitoring program behavior [EB/OL]. [2013-03-01]. http:// ww2.cs.fsu.edu/  yilmaz/ AreaExam/ Area-Exam.ppt.

[11] Eckmann S T, Vigna G, Kemmerer R A. STATL definition [D]. Santa Barbara: University of California Santa Barbara, 2001.

[12] 薄建业. 基于攻击模式的攻击图生成技术研究[D]. 武汉: 国防科技大学, 2009.

[13] Porras P, Sa¨?di H, Yegneswaran V. A multiperspective analysis of the storm (peacomm) worm [EB/OL]. [2013-01-02]. http://www.cyber-ta.og/pubs/StormWorm.

[14] Steggink M, Idziejczak I. Detection of peer-to-peer botnets [EB/OL]. [2013-02-05]. http://staff.science.uva.nl/delaat/rp/2007-2008/p22/report.pdf.
Options
Outlines

/