CN105827450A - Bug restoration strategy generation method - Google Patents

Bug restoration strategy generation method Download PDF

Info

Publication number
CN105827450A
CN105827450A CN201610219203.9A CN201610219203A CN105827450A CN 105827450 A CN105827450 A CN 105827450A CN 201610219203 A CN201610219203 A CN 201610219203A CN 105827450 A CN105827450 A CN 105827450A
Authority
CN
China
Prior art keywords
attack
tender spots
host
network
harm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610219203.9A
Other languages
Chinese (zh)
Inventor
马媛媛
李伟伟
周诚
王记军
张波
黄秀丽
谭晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Global Energy Interconnection Research Institute
Original Assignee
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Global Energy Interconnection Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Jiangsu Electric Power Co Ltd, Global Energy Interconnection Research Institute filed Critical State Grid Corp of China SGCC
Priority to CN201610219203.9A priority Critical patent/CN105827450A/en
Publication of CN105827450A publication Critical patent/CN105827450A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a bug restoration strategy generation method. The method comprises the following steps: determining a reachable relation between host nodes in an object network; scanning the host nodes to obtain a bug set of the host nodes, and evaluating a host information asset value; constructing a state attack and defense map; generating a weight value of an object network bug harm scoring standard; calculating an atom attack success probability, an atom attack accumulation success probability and an atom attack harm index; determining an attack path which is most likely to reach a network security state and an attack path with a maximum attack path harm index; and marking a bug restoration strategy. According to the technical scheme provided by the invention, the actual security status of a network is determined by use of a mode based on a network topology and host bug scanning, and compared to a conventional mode based on observation of a simple abnormal event, the method provided by the invention is more comprehensive and objective.

Description

A kind of vulnerability correcting strategy generates method
Technical field
The present invention relates to network vulnerability and repair field, a kind of vulnerability correcting strategy generates method.
Background technology
Complex network multi-step attack based on the intrinsic vulnerability of network, is current typical, network attack mode that purposiveness is extremely strong.State attacking and defending diagram technology is a kind of effective scheme that network multi-step attack is modeled analyzing and generating vulnerability correcting strategy, " network security defence policies based on state attacking and defending graph model generates method " (. Liu Gang, Li Qian mesh, Zhang Hong. computer utility, 2013,33 (A01): 121-125.) disclose the angle design network security defence policies generation method from assailant and defender, the probability successfully sent out by the assessment system-computed atomic strike of safe tender spots and hazard index, and then draw the most easily generation and the attack path of hazard index maximum.
Numerous limitation is there is in the state attacking and defending diagram technology of above-mentioned main flow in implementation process, such as it is directed to the calculating of the atomic strike probability of success, attacks the definition of hazard index, in actual application, if operator lack experience, the security postures of network is difficult to truly reflect, is difficult to accordingly generate suitable vulnerability correcting strategy.
Therefore, need to provide a kind of technical scheme to introduce and attack the accumulative probability of success and the concept of host information assets value, redefine the calculation of atomic strike hazard index and attack path hazard index, obtain meeting success attack probability and the attack hazard index that actual attack is intended to, generate more reasonably vulnerability correcting strategy.
Summary of the invention
Of the present invention a kind of based on the network vulnerability correcting strategy generation method improving attacking and defending diagram technology, by finding the easiest attack path and attacking the attack path that hazard index is maximum, the correcting strategy that the attack intension probability of the person that comes Forecast attack and defender should take.Determine and attack the attack path that hazard index is maximum, need to calculate the probability of success of atomic strike on attack path, and the harm that successfully atomic strike causes to destination host.Article one, attack path is the product of each atomic strike probability of success on this path by the probability of successful implementation, an attack path attack hazard index is each atomic strike hazard index on this path and value.
Vulnerability strategy-generating method of the present invention, it thes improvement is that, described method includes:
S1, the reachability relation determined between objective network host node;
S2, tender spots set according to described host node, assess host information assets value;
S3, structure state attacking and defending figure;
S4, the weighted value of generation objective network tender spots harm standards of grading;
S5, the calculating atomic strike probability of success, atomic strike adds up the probability of success and atomic strike hazard index;
S6, determine and the most easily reach the attack path of network safe state and the maximum attack path of attack path hazard index;
S7, formulation vulnerability correcting strategy.
The first optimal technical scheme that the present invention provides, in described S1, determines the reachability relation between described host node according to the configuration information of the fire wall in objective network and router;
Described step S2 includes: utilize tender spots scanning tools to scan host node;Shown in described host information assets value R such as following formula (1):
R=r (C)+r (I)+r (A) (1)
Wherein, r (C): host information assets value in terms of confidentiality;R (I): host information assets value in terms of integrity;R (A): host information assets value in terms of availability;
The second optimal technical scheme that the present invention provides, in described S3, tender spots set and tender spots according to host node utilize rule to build described state attacking and defending figure;
Described state attacking and defending figure SADG is SADG=(S, T, s0,SGState transition system figure shown in), wherein S is the safe condition node set of the safe condition reflecting nodes,;T is limit collection, represents the transition of safe condition in objective network;s0It is network initial safe state, SGIt it is assailant's dbjective state set;
Described tender spots utilizes rule to utilize tender spots to implement aggressive behavior for assailant;
Described tender spots utilizes rule for attacking premise to the mapping attacking consequence;
Attack the formalization representation of premise: (src_priv, dst_priv, vul_id, connection), wherein src_priv represents that assailant is attacking the minimum access rights having on host node;Dst_priv represents the minimum access rights that assailant has on destination host;The tender spots mark that vul_id is utilized by this atomic strike;Connection represents attack host node and the reachability relation of destination host node.
The 3rd optimal technical scheme that the present invention provides, the reachability relation connection of described attack host node and destination host node is with 4 tuple (src_host, dst_host, protocol, port) represent, wherein src_host: the host node mark launched a offensive;Dst_host: the host node attacked identifies;Protocol: internodal communication protocol;Port: port used by agreement.
The 4th optimal technical scheme that the present invention provides, in described S4, the generation of described objective network tender spots harm standards of grading weighted value: the objective network tender spots set described in integrating step S2 and objective network harm standard deflection, and utilize the tender spots harm marking system scoring of improvement;
The confidentiality infringement that system is caused after being utilized tender spots by described objective network harm standard deflection reflection network manager, integrity infringement and the attention degree of availability infringement, show as infringement value variable ImpactX, ImpactY, ImpactZ and ConfImpact, the corresponding relation of AvailImpact, IntegImpact.
The 5th optimal technical scheme that the present invention provides, in described S4, the generation of described objective network tender spots harm standards of grading weighted value includes: order infringement variable ImpactX, ImpactY, the ConfImpact of ImpactZ the most corresponding tender spots harm marking system, a standard in AvailImpact, IntegImpact;
Weighted value meets following rule and is criteria weights value:
The weighted value of rule 1:ImpactX > weighted value of ImapctY > weighted value of ImpactZ;
Rule 2: " None " ImpactX=" None " ImpactY=" None " ImpactZ=0.0;
Rule 3:PartialImpact=0.5*CompleteImpact;
The scope of rule 4:ImpactScore is from 0.0 to 7.0;
Rule 5: three endangers the necessary with value different of standards of grading;
The weighted value of rule 6:CompleteImpactY > weighted value of PartialImpactX;
The weighted value of rule 7:CompleteImpactZ > weighted value of PartialImpactY.
The 6th optimal technical scheme that the present invention provides, in described S5, described atomic strike probability of success M represents the successful probability of atomic strike during safe condition transition;
Shown in described atomic strike probability of success M such as following formula (2):
M=Exploitability=2*AccessVector*AccessComplexity*Authent ication (2)
Wherein, the mode that AccessVector: tender spots is utilized;AccessComplexity: assailant utilizes the attack complexity of tender spots;Authentication: assailant utilizes authentication number of times needed for tender spots.
The 7th optimal technical scheme that the present invention provides, described atomic strike adds up successfully probability P and represents attack cost aggregate-value when carrying out atomic strike on attack path;
Described atomic strike adds up shown in the probability of success such as following formula (3):
P ( τ k ) = M k Π i = 1 k - 1 M i k > 1 M 1 k = 1 - - - ( 3 )
Wherein, τkRepresent that atom kth time is attacked;
MkRepresent successful probability when kth time is attacked;K is number of times of attack, k=1,2 ..., N;
MiRepresent probability of success when atom i & lt is attacked;I represents number of times of attack, i=1,2 ..., k-1.
The 8th optimal technical scheme that the present invention provides, shown in described atomic strike hazard index harm such as following formula (4):
Harm=(ConfImpact*r (C)+IntegImpact*r (I)+AvailImpact*r (A)) * P (4)
Wherein, the confidentiality infringement that system is caused after being utilized by ConfImpact: tender spots;The integrity infringement that system is caused after being utilized by IntegImpact: tender spots;The availability infringement that system is caused after being utilized by AvailImpact: tender spots.
The 9th optimal technical scheme that the present invention provides, in described S6, described network safe state reaches according to atomic strike;The described attack path the most easily reaching network safe state adds up successfully probability P and obtains according to calculating atomic strike: it is the biggest that the atomic strike of attack path adds up successfully probability P, the most easily reaches described network safe state;
If attack path be τ _ 1, τ _ 2 ..., τ _ n}, shown in the most described path hazard index Harm such as following formula (5):
H a r m = Σ i = 1 n harm i - - - ( 5 )
Wherein, restrictive condition is τi∈{τ1, τ2..., τn};harmiRepresent hazard index during i & lt atomic strike.
Moreover with immediate prior art ratio, the present invention has a following excellent effect:
(1) technical scheme that the present invention provides uses the form of attacking and defending figure to represent the security postures of objective network, more general method is the most directly perceived it can be readily appreciated that can the vulnerability reclamation activities that should take with defender of simultaneous reactions assailant may take in the drawings attack path.
(2) the technical scheme employing mode based on network topology and main frame vulnerability scanning that the present invention provides determines that the safe condition of network reality relatively uses the mode observed based on simple anomalous event the most objective.
(3) technical scheme that the present invention provides uses the tender spots harm marking system improved, compared with the general method using CVSS marking system, multiformity higher harm scoring score value can be produced, the objective network deflection to various harm standards can be reacted more accurately.
(4) the tender spots reparation generation method that the present invention provides introduces information assets value, attack the accumulative probability of success, and attacked hazard index by the two calculating, complexity and the harm ability of multi-step attack can be reacted more accurately.
Figure of description
Fig. 1 is that network vulnerability correcting strategy generates method flow diagram;
Fig. 2 is objective network topology diagram;
Fig. 3 is objective network state attacking and defending figure;
Fig. 4 is optimum vulnerability scoring weighed combination searching method exemplary plot.
Detailed description of the invention
For clearly illustrating that the network security vulnerabilities correcting strategy that the present invention provides generates method, below in conjunction with specific embodiment, described correcting strategy is generated method and be addressed further under.
Network security vulnerabilities correcting strategy generates method, including following basic step:
(1), the reachability relation between host node is determined in objective network according to the configuration information of fire walls all in objective network and router;
(2), utilize tender spots scanning tools that the host node in network is scanned, obtain the tender spots set of each host node, and each host node is carried out the assessment of host information assets value;
Host information assets value represents the value of information assets on main frame, and host information assets value R represents, calculating formula is
R=r (C)+r (I)+r (A) (1)
Wherein r (C) represents host information assets value in terms of confidentiality, r (I) represents host information assets value in terms of integrity, r (A) represents host information assets value in terms of availability, and the span of three is 0 to 100.
(3), tender spots set and each tender spots according to each host node utilize rule structure state attacking and defending figure;
Tender spots utilizes rule to be to utilize tender spots to implement a kind of description of aggressive behavior it from the angle of assailant, complete an atomic strike behavior needs and meet certain precondition, when, after success attack, the access rights of destination host node are obtained and promote by assailant.Tender spots utilizes rule can be write as the premise mapping to consequence, and its structure is as shown in table 1.
Table 1 tender spots utilizes regular texture
Wherein, AtomicAttack is atomic strike title, and Pre-Condition represents attack premise, Post-Condition represent attack consequence, i.e. success attack after the authority that obtains on destination host of assailant.
Attacking premise can formalization representation be (src_priv, dst_priv, vul_id, connection), wherein src_priv represents that assailant is attacking the minimum access rights having on host node, dst_priv represents the minimum access rights that assailant has on destination host, and the tender spots mark that vul_id is utilized by this atomic strike, connection represents attack host node and the reachability relation of destination host node.
Attack host node and the reachability relation of destination host node, with 4 tuple (src_host, dst_host, protocol, port) representing, wherein src_host is the host node mark launched a offensive, and dst_host is that the host node attacked identifies, protocol represents internodal communication protocol, and port represents port used by agreement.If certain atomic strike meets above-mentioned rule, a limit in state attacking and defending figure can be produced.
State attacking and defending figure SADG is with SADG=(S, T, s0,SG) a state transition system figure representing.Wherein, S is the set of safe condition node of safe condition of reflection nodes;T is limit collection, represents the transition of safe condition in objective network;s0It is network initial safe state, SGIt it is assailant's dbjective state set.
Safe condition node 2 tuples (hostid, privilege) represent, the host node name that under wherein hostid is this network safe state, security factor changes.Privilege is that when arriving this safe condition, assailant obtains the authority on host node hostid.
Safe condition transition are with 5 tuple (tid, vid, harm, M, d) represent, wherein tid is safe condition transition numberings, vid is the tender spots numbering that this atomic strike is utilized, and harm is atomic strike hazard index, gives the infringement that destination host information assets causes after reflecting this subatom success attack, M is the atomic strike probability of success, and d is the reclamation activities of the utilized tender spots of atomic strike.
Attack path 3 tuples (src_host, dst_host, sequence) represent, wherein src_host is the host node mark launched a offensive, dst_host is that the host node attacked identifies, and sequence is the attack sequence this time attacked, sequence=(⊥ → τ1→τ2→...→τl→◇),Its " ⊥ " is the origin identification symbol of this sequence, and " ◇ " is the end identifier of this sequence, and τ is atomic strike, τlIt is τl-1Direct precursor, τl-1It is τlDirect rear-guard.
The concrete generating algorithm of attacking and defending figure is as follows:
Input:
1) the reachability relation table that in .RT-network topology, All hosts node is constituted
2) the tender spots set of each host node of VS-
3) the tender spots information bank that IB has built and utilize rule list
4) the original state node of s0-network
Output:
State attacking and defending figure StateAttack-DefenseGraph
1st step, algorithm input network topology reachability matrix RM, the tender spots set VS of each host node, utilization rule IB of each tender spots and network initial safe state s0;And a safe condition queue state_queue is set, preliminary examination is empty;
2nd step, adds network initial safe state node s0 in state queue, is labeled as " traversal ", state_queue={s0};
3rd step, if state queue also has the state node not traveled through, obtain the state node not traveled through, from reachability matrix RM, obtain this state node respective hosts accessibility host node set reachable_hostids, this state node is labeled as " traveling through ", turns the 4th step;Otherwise, the 9th step is turned;
4th step, the host node set reachable_hostids obtained for the 3rd step, if reachable_hostids has the host node not traveled through, turn the 5th step;Otherwise, the 3rd step is turned;
5th step, in reachable_hostids gathers, obtains the host node that the next one does not travels through, obtains the tender spots set vuls of this host node;If vuls also has the tender spots not traveled through, turn the 6th step;Otherwise, the 4th step is turned;
6th step, in vuls gathers, obtains the tender spots vul that the next one is not traversed, if the condition that tender spots is utilized meets, and the network state after utilization is not at state in queue, turns the 7th step;If the condition that tender spots is utilized meet but utilize after network state existence queue in, turn the 8th step.
7th step, is generated as a new state node, and generates the current state node status change to new state node, is added in state queue by new state node simultaneously, and is labeled as " traversal ", turns the 6th step.
8th step, then only generate transition from current state node to oldState node, turns the 6th step.
9th step, builds a complete state attacking and defending figure according to status change relation, terminates.
(4) objective network tender spots set and objective network harm standard deflection that second step obtains, are combined, utilize the tender spots harm marking system (ImprovedVulnerabilityScoringSystem improved, IVSS), the weighted value of objective network tender spots harm standards of grading is generated;
The standards of grading of tender spots harm marking system include following six:
(1) AccessVector: the mode that reflection tender spots is utilized.It may value be Network, AdjacentNetwork and Local.
(2) AccessComplexity: reflection assailant utilizes the attack complexity of tender spots.Its possible value be: Low, Medium and High.
(3) Authentication: reflection assailant utilizes authentication number of times needed for tender spots.Its possible value be: None, Single and Multiple.
(4) ConfImpact: the confidentiality infringement that system is caused after being utilized by reflection tender spots.Its possible value be: Complete, Partial and None.
(5) IntegImpact: the integrity infringement that system is caused after being utilized by reflection tender spots.Its possible value be: Complete, Partial and None.
(6) AvailImpact: the availability infringement that system is caused after being utilized by reflection tender spots.Its possible value be: Complete, Partial and None.
Make infringement value variable ImpactX, the most corresponding ConfImpact of ImpactY, ImpactZ, a standard in AvailImpact, IntegImpact proposes following regular:
Rule 1:WeightofImpactX > WeightofImapctY > WeightofImpactZ;
Rule 2: " None " ImpactX=" None " ImpactY=" None " ImpactZ=0.0;
Rule 3:PartialImpact=0.5*CompleteImpact;
The scope of rule 4:ImpactScore is from 0.0 to 7.0;
Rule 5: three endangers 3 that standards of grading are possible3=27 kinds and the necessary difference of value;
The score value of tender spots to be made scoring is still between 0 to 10, and the scoring formula that can obtain tender spots severity levels in IVSS according to mathematical approach is as follows:
Score=Round_to_1_decimal (ExploitabilityScore+ImpactScore) * f (Impact) (2)
F (Impact)=0ifImpactScore=0andf (Impact)=1otherwise (3)
The calculation wherein endangering scoring is as follows:
ImpactScore=ImpactX+ImpactY+ImpactZ (4)
The calculation that tender spots utilizes complexity to mark is as follows:
ExploitabilityScore=6*AccessVector*AcccessComplexity*Aut hentication (5)
Reflection tender spots being utilized to three scoring tolerance of complexity, its scoring weights are constant still uses the default value in CVSS.
It addition, in order to avoid not reflecting that the extreme case of tender spots real detriment occurs, such as, CompleteImpactinImpactX=6.0, CompleteImpactinImpactY=0.6, CompleteImpactinImpactZ=0.4, add following two rules.
Rule 6:WeightofCompleteImpactY > WeightofPartialImpactX;
Rule 7:WeightofCompleteImpactZ > WeightofPartialImpactY;
Order scoring end product retains a decimal, value minimum for CompleteImpact is had to be 0.2 according to rule 3, now PartialImpact takes minima 0.1, otherwise the value of PartialImpact is i.e. less than 0.1, the score value finally obtained may be for two-decimal, Step is the step-size in search to CompleteImpact again, should be its obtainable minima, so the value of Step is 0.2.
Have according to rule 4:
WImpactX+WImpactY+WImpactZ=7 (6)
According further to rule 3, regular 6, rule 7:
2*WImpactZ> WImpactY(7)
2*WImpactY> WImpactX(8)
According to formula (6), formula (7), formula (8) disappears first formula (9).
7 * W Im p a c t Z > 7 ⇒ W Im p a c t Z > 1 - - - ( 9 )
Step=0.2 again, so WImpactZInitial value can be set to 1.2.
Value according to rule 1 and step-size in search Step has:
WImpactz≤WImpactY-0.2(10)
WImpactY≤WImpactx-0.2(11)
Simultaneous formula (6), (10), (11) can obtain:
3*WImpactZ≤7-0.6(12)
W is had according to formula (12)ImpactZ≤ 2.13, Step=0.2 again, scoring weighted value should be the multiple of 0.2, can obtain WImpactZ≤2.0。
Above-mentioned rule and formula transfer optimum vulnerability scoring weighed combination searching method to as shown in Figure 4.Each condition in the method is i.e. obtained by above-mentioned rule or formula, and method is with WImpactZTravel through with the step-length that Step is 0.2 on the interval of 1.2 to 2.0 for independent variable.WImpactXWith WImpactYFor dependent variable.Retained otherwise given up for meeting the valued combinations of above-mentioned rule and formula.
This method can produce about ImpactX, 14 groups of possible vulnerability weighed combination of ImpactY, ImpactZ after performing.The occurrence of weighed combination is as shown in table 2:
Table 2IVSS marks weighed combination
Objective network harm standard deflection reflection network manager endanger confidentiality, and integrity harm and the attention degree of availability harm show as infringement value variable ImpactX, ImpactY, the corresponding relation of ImpactZ and ConfImpact, AvailImpact, IntegImpact.Such as, if in current network, IntegImpact the most serious AvailImpact time serious, ConfImpact is the most serious.So the value of ImpactX can be assigned to IntegImpact, the value of ImpactY is assigned to AvailImpact, the value of ImpactZ is assigned to ConfImpact.After corresponding relation determines, can be applied on objective network leak collection be analyzed by above-mentioned 14 groups of weights, select the combination producing most score values as final standards of grading.
(5) the tender spots standards of grading weighted value produced in the 4th step, is combined, host information assets value, with the topological structure of attacking and defending figure, calculating the atomic strike probability of success on all attack paths in state attacking and defending figure, the attack of atomic strike adds up the probability of success and atomic strike hazard index;
(1) atomic strike probability of success M represents, describes the successful probability of atomic strike representated by once safety status change.Its computing formula is:
M=Exploitability=2*AccessVector*AccessComplexity*Authent ication (13)
(2) attack accumulative probability of success P to represent, react and carry out attack cost aggregate-value during atomic strike on an attack path.For a complete attack path (τ12,⊥→τ1→τ2→...→τl→ ◇), if τkFor certain atomic strike in this attack path, i.e. τk∈{τ12,...,τl, then have:
P ( τ k ) = M k Π i = 1 k - 1 M i k > 1 M 1 k = 1 - - - ( 14 )
Wherein, τkRepresent that atom kth time is attacked;
MkRepresent successful probability when kth time is attacked;K is number of times of attack, k=1,2 ..., N;
MiRepresent probability of success when atom i & lt is attacked;I represents number of times of attack, i=1,2 ..., k-1.
(3) atomic strike hazard index harm represents.The leak harm criteria weights value drawn in conjunction with 2.1 joint marking systems, computing formula is as follows:
Harm=(ConfImpact*r (C)+IntegImpact*r (I)+AvailImpact*r (A)) * P (15)
(6), for each network safe state, the attack path that attack path hazard index when the most easily arriving the attack path of this state and arrive this state is maximum is drawn;Network system is in certain specific safe condition and is reached by a series of atomic strike, and attack path describes the enforcement step of atomic strike.Calculating atomic strike for all attack paths arriving a certain network safe state and add up successfully probability P, it is the biggest that atomic strike adds up the probability of success, the most easily reaches network safe state.
Attack path hazard index Harm represents, if an attack path is { τ12,...,τnThen:
H a r m = Σ i = 1 n harm i - - - ( 16 )
Wherein, restrictive condition is τi∈{τ1, τ2..., τn};harmiRepresent hazard index during i & lt atomic strike.
(7), for the maximum attack path of attack path hazard index when the most easily arriving the attack path of network safe state and arrive network safe state, in conjunction with tender spots reclamation activities, vulnerability correcting strategy is formulated.
Below in conjunction with embodiment, this method is described.
The first step, uses network autodiscovery instrument such as SolarWind to determine the topological structure of objective network as shown in Figure 2.Firewall rule in combining target network determines in objective network that the reachability relation between host node is as shown in table 3.
Table 3 objective network host node reachability relation table
Attacker Server1 Sever2 Server3 Server4
Attacker 1 1 0 0 0
Server1 0 1 1 1 1
Server2 0 1 1 1 1
Server3 0 1 1 1 1
Server4 0 1 1 1 1
Second step, carries out the assessment of host information assets value as shown in table 4 to each host node.Utilize tender spots scanning tools such as Nessus that the host node in network is scanned, obtain the tender spots distribution of each host node as shown in table 5.
3rd step, tender spots set and each tender spots according to each host node utilize rule structure state attacking and defending figure as shown in Figure 3.
4th step, the objective network tender spots set obtained in conjunction with second step assumes that in objective network, ConfImpact is the most serious, IntegImpact time serious, AvailImpact is less serious, utilizing the tender spots harm marking system improved, the weighted value generating objective network tender spots harm standards of grading is as follows.
A c c e s s V e c t o r = 0.395 , L o c a l 0.646 , A d j a c e n t N e t w o r k 1 , N e t w o r k C o n f Im p a c t = 0.0 , N o n e 1.8 , P a r t i a l 3.6 , C o m p l e t e A c c e s s C o m p l e x i t y = 0.35 , H i g h 0.61 , M e d i u m 0.71 , L o w I n t e g Im p a c t = 0.0 , N o n e 1.1 , P a r t i a l 2.2 , C o m p l e t e A u t h e n t i c a t i o n = 0.45 , M u l t i p l e 0.56 , S i n g l e 0.704 , N o n e A v a i l Im p a c t = 0.0 , N o n e 0.6 , P a r t i a l 1.2 , C o m p l e t e
5th step, in conjunction with the tender spots standards of grading weighted value produced in the 4th step, host information assets value, topological structure with attacking and defending figure, the atomic strike probability of success on all attack paths in calculating state attacking and defending figure, the attack of atomic strike adds up the probability of success and atomic strike hazard index is as shown in table 6:
Table 6 atomic strike hazard index and probability of success relevant information
6th step, the 7th step, for each network safe state, draw the attack path that when the most easily arriving the attack path of this state and arrive this state, attack path hazard index is maximum;Network system is in certain specific safe condition and is reached by a series of atomic strike, and attack path describes the enforcement step of atomic strike.For above two attack path, in conjunction with tender spots prevention and control measure, formulate vulnerability correcting strategy.The result of above-mentioned two steps is as shown in table 7.
Table 7 attack path and vulnerability correcting strategy
Finally should be noted that: above example is only in order to illustrate the technical scheme of the application rather than restriction to its protection domain; although the application being described in detail with reference to above-described embodiment; those of ordinary skill in the field are it is understood that those skilled in the art still can carry out all changes, amendment or equivalent to the detailed description of the invention of application after reading the application; but these changes, amendment or equivalent, all within the claims that application is awaited the reply.

Claims (10)

1. one kind generates method based on the vulnerability correcting strategy improving attacking and defending figure, it is characterised in that described method includes:
S1, the reachability relation determined between objective network host node;
S2, tender spots set according to described host node, assess host information assets value;
S3, structure state attacking and defending figure;
S4, the weighted value of generation objective network tender spots harm standards of grading;
S5, the calculating atomic strike probability of success, atomic strike adds up the probability of success and atomic strike hazard index;
S6, determine and the most easily reach the attack path of network safe state and the maximum attack path of attack path hazard index;
S7, formulation vulnerability correcting strategy.
2. the method for claim 1, it is characterised in that in described S1, determines the reachability relation between described host node according to the configuration information of the fire wall in objective network and router;
Described step S2 includes: utilize tender spots scanning tools to scan host node;Shown in described host information assets value R such as following formula (1):
R=r (C)+r (I)+r (A) (1)
Wherein, r (C): host information assets value in terms of confidentiality;R (I): host information assets value in terms of integrity;R (A): host information assets value in terms of availability.
3. the method for claim 1, it is characterised in that in described S3, tender spots set and tender spots according to host node utilize rule to build described state attacking and defending figure;
Described state attacking and defending figure SADG is SADG=(S, T, s0,SGState transition system figure shown in), wherein S is the safe condition node set of the safe condition reflecting nodes;T is limit collection, represents the transition of safe condition in objective network;s0It is network initial safe state, SGIt it is assailant's dbjective state set;Described tender spots utilizes rule to utilize tender spots to implement aggressive behavior for assailant;
Described tender spots utilizes rule for attacking premise to the mapping attacking consequence;
Attack the formalization representation of premise: (src_priv, dst_priv, vul_id, connection), wherein src_priv represents that assailant is attacking the minimum access rights having on host node;Dst_priv represents the minimum access rights that assailant has on destination host;The tender spots mark that vul_id is utilized by this atomic strike;Connection represents attack host node and the reachability relation of destination host node.
4. method as claimed in claim 3, it is characterised in that the reachability relation connection of described attack host node and destination host node is with 4 tuple (src_host, dst_host, protocol, port) represent, wherein src_host: the host node mark launched a offensive;Dst_host: the host node attacked identifies;Protocol: internodal communication protocol;Port: port used by agreement.
5. the method for claim 1, it is characterized in that, in described S4, the generation of described objective network tender spots harm standards of grading weighted value: the objective network tender spots set described in integrating step S2 and objective network harm standard deflection, and utilize the tender spots harm marking system scoring of improvement;
The confidentiality infringement that system is caused after being utilized tender spots by described objective network harm standard deflection reflection network manager, integrity infringement and the attention degree of availability infringement, show as infringement value variable ImpactX, ImpactY, ImpactZ and ConfImpact, the corresponding relation of AvailImpact, IntegImpact.
6. the method for claim 1, it is characterized in that, in described S4, the generation of described objective network tender spots harm standards of grading weighted value includes: order infringement variable ImpactX, ImpactY, the ConfImpact of ImpactZ the most corresponding tender spots harm marking system, a standard in AvailImpact, IntegImpact;Weighted value meets following rule and is criteria weights value:
The weighted value of rule 1:ImpactX > weighted value of ImapctY > weighted value of ImpactZ;
Rule 2: " None " ImpactX=" None " ImpactY=" None " ImpactZ=0.0;
Rule 3:PartialImpact=0.5*CompleteImpact;
The scope of rule 4:ImpactScore is from 0.0 to 7.0;
Rule 5: three endangers the necessary with value different of standards of grading;
The weighted value of rule 6:CompleteImpactY > weighted value of PartialImpactX;
The weighted value of rule 7:CompleteImpactZ > weighted value of PartialImpactY.
7. the method for claim 1, it is characterised in that in described S5, described atomic strike probability of success M represents the successful probability of atomic strike during safe condition transition;
Shown in described atomic strike probability of success M such as following formula (2):
M=Exploitability=2*AccessVector*AccessComplexity*Authent ication (2)
Wherein, the mode that AccessVector: tender spots is utilized;AccessComplexity: assailant utilizes the attack complexity of tender spots;Authentication: assailant utilizes authentication number of times needed for tender spots.
8. the method for claim 1, it is characterised in that described atomic strike adds up successfully probability P and represents attack cost aggregate-value when carrying out atomic strike on attack path;
Described atomic strike adds up shown in the probability of success such as following formula (3):
Wherein, τkRepresent that atom kth time is attacked;
MkRepresent successful probability when kth time is attacked;K is number of times of attack, k=1,2 ..., N;
MiRepresent probability of success when atom i & lt is attacked;I represents number of times of attack, i=1,2 ..., k-1.
9. the method for claim 1, it is characterised in that shown in described atomic strike hazard index harm such as following formula (4):
Harm=(ConfImpact*r (C)+IntegImpact*r (I)+AvailImpact*r (A)) * P (4)
Wherein, the confidentiality infringement that system is caused after being utilized by ConfImpact: tender spots;The integrity infringement that system is caused after being utilized by IntegImpact: tender spots;The availability infringement that system is caused after being utilized by AvailImpact: tender spots.
10. the method for claim 1, it is characterised in that in described S6, described network safe state reaches according to atomic strike;The most easily reach the attack path of network safe state described in acquisition and add up successfully probability P according to atomic strike: it is the biggest that the atomic strike of attack path adds up successfully probability P, the most easily reaches described network safe state;
If attack path is { τ1, τ2..., τn, shown in the most described path hazard index Harm such as following formula (5):
Wherein, restrictive condition is τi∈{τ1, τ2..., τn};harmiRepresent hazard index during i & lt atomic strike.
CN201610219203.9A 2016-04-11 2016-04-11 Bug restoration strategy generation method Pending CN105827450A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610219203.9A CN105827450A (en) 2016-04-11 2016-04-11 Bug restoration strategy generation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610219203.9A CN105827450A (en) 2016-04-11 2016-04-11 Bug restoration strategy generation method

Publications (1)

Publication Number Publication Date
CN105827450A true CN105827450A (en) 2016-08-03

Family

ID=56526716

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610219203.9A Pending CN105827450A (en) 2016-04-11 2016-04-11 Bug restoration strategy generation method

Country Status (1)

Country Link
CN (1) CN105827450A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106657150A (en) * 2017-01-26 2017-05-10 北京航空航天大学 Acquiring method and acquiring device for network attack structure
CN106921653A (en) * 2017-01-25 2017-07-04 全球能源互联网研究院 A kind of reinforcing strategy-generating method for network vulnerability
CN107220549A (en) * 2017-05-26 2017-09-29 中国民航大学 Leak risk basal evaluation method based on CVSS
CN107360047A (en) * 2017-09-12 2017-11-17 西安邮电大学 Network safety evaluation method based on CIA attributes
CN109784043A (en) * 2018-12-29 2019-05-21 北京奇安信科技有限公司 Attack restoring method, device, electronic equipment and storage medium
CN110135171A (en) * 2019-05-24 2019-08-16 武汉华电工研科技有限公司 A kind of Internet of Things information security situation system
CN113779591A (en) * 2021-09-16 2021-12-10 中国民航大学 Network host node security risk assessment method based on host importance
WO2022127482A1 (en) * 2020-12-18 2022-06-23 华为技术有限公司 Network security protection method and apparatus

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098306A (en) * 2011-01-27 2011-06-15 北京信安天元科技有限公司 Network attack path analysis method based on incidence matrixes
CN103139220A (en) * 2013-03-07 2013-06-05 南京理工大学常熟研究院有限公司 Network security attack defense method using state attack and defense graph model

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098306A (en) * 2011-01-27 2011-06-15 北京信安天元科技有限公司 Network attack path analysis method based on incidence matrixes
CN103139220A (en) * 2013-03-07 2013-06-05 南京理工大学常熟研究院有限公司 Network security attack defense method using state attack and defense graph model

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SPANOS G 等: "Impact Metrics of Security Vulnerabilities:Analysis and Weighing", 《INFORMATION SECURITY JOURNAL:A GLOBAL PERSPECTIVE》 *
刘刚: "网络安全风险评估、控制和预测技术研究", 《中国博士学位论文全文数据库信息科技辑》 *
叶云 等: "基于攻击图的网络安全概率计算方法", 《计算机学报》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106921653A (en) * 2017-01-25 2017-07-04 全球能源互联网研究院 A kind of reinforcing strategy-generating method for network vulnerability
CN106921653B (en) * 2017-01-25 2022-03-18 全球能源互联网研究院 Reinforcing strategy generation method for network vulnerability
CN106657150A (en) * 2017-01-26 2017-05-10 北京航空航天大学 Acquiring method and acquiring device for network attack structure
CN106657150B (en) * 2017-01-26 2020-01-14 北京航空航天大学 Method and device for acquiring network attack structure
CN107220549A (en) * 2017-05-26 2017-09-29 中国民航大学 Leak risk basal evaluation method based on CVSS
CN107220549B (en) * 2017-05-26 2020-12-01 中国民航大学 Vulnerability risk basic evaluation method based on CVSS
CN107360047A (en) * 2017-09-12 2017-11-17 西安邮电大学 Network safety evaluation method based on CIA attributes
CN109784043A (en) * 2018-12-29 2019-05-21 北京奇安信科技有限公司 Attack restoring method, device, electronic equipment and storage medium
CN110135171A (en) * 2019-05-24 2019-08-16 武汉华电工研科技有限公司 A kind of Internet of Things information security situation system
WO2022127482A1 (en) * 2020-12-18 2022-06-23 华为技术有限公司 Network security protection method and apparatus
CN113779591A (en) * 2021-09-16 2021-12-10 中国民航大学 Network host node security risk assessment method based on host importance
CN113779591B (en) * 2021-09-16 2023-11-03 中国民航大学 Network host node security risk assessment method based on host importance

Similar Documents

Publication Publication Date Title
CN105827450A (en) Bug restoration strategy generation method
CN103152345A (en) Network safety optimum attacking and defending decision method for attacking and defending game
CN105871882A (en) Network-security-risk analysis method based on network node vulnerability and attack information
Ren et al. A theoretical method to evaluate honeynet potency
CN105991521A (en) Network risk assessment method and network risk assessment device
CN103139220A (en) Network security attack defense method using state attack and defense graph model
Hewett et al. Cyber-security analysis of smart grid SCADA systems with game models
CN114915476A (en) Attack deduction graph generation method and system based on network security evaluation process
Rasouli et al. A supervisory control approach to dynamic cyber-security
CN111245828A (en) Defense strategy generation method based on three-party dynamic game
CN113595790A (en) Security access assessment method and device for power terminal equipment
Huang et al. Socialwatch: detection of online service abuse via large-scale social graphs
CN109379322A (en) The decision-making technique and its system that network dynamic converts under the conditions of a kind of Complete Information
Wang et al. A network security assessment model based on attack-defense game theory
Wang et al. A Network Security Risk Assessment Method Based on a B_NAG Model.
Yan et al. Game-theoretical Model for Dynamic Defense Resource Allocation in Cyber-physical Power Systems Under Distributed Denial of Service Attacks
CN110401650A (en) A kind of network security decision-making technique, device and the storage medium of game attacking and defending figure
Zhou et al. Black-box attacks against signed graph analysis via balance poisoning
CN112491801B (en) Incidence matrix-based object-oriented network attack modeling method and device
Kim et al. Time-Based Moving Target Defense Using Bayesian Attack Graph Analysis
Cohen et al. An axiomatic approach to link prediction
Huang et al. Seeking best-balanced patch-injecting strategies through optimal control approach
Boehmer Dynamic systems approach to analyzing event risks and behavioral risks with game theory
Lahno Protection of information in critical application data processing systems
Wang et al. Optimal network defense strategy selection based on Markov Bayesian game

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160803