CN108429728A - A kind of attack path prediction technique based on time gain compensation - Google Patents
A kind of attack path prediction technique based on time gain compensation Download PDFInfo
- Publication number
- CN108429728A CN108429728A CN201810010612.7A CN201810010612A CN108429728A CN 108429728 A CN108429728 A CN 108429728A CN 201810010612 A CN201810010612 A CN 201810010612A CN 108429728 A CN108429728 A CN 108429728A
- Authority
- CN
- China
- Prior art keywords
- resource node
- attack
- node
- attack path
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of attack path prediction technique based on time gain compensation, including:Obtain network to be assessed;Obtain all resource nodes in the network to be assessed;The entire network to be assessed of traversal, according to time gain compensationDetermine attack ei→jIt is whether feasible;It exports by the confidence level of each resource node on the corresponding possibility attack path formed by attack resource node of all feasible attacks, and possibility attack path.The present invention has the characteristics that with high accuracy, can be widely applied to network safety filed.
Description
Technical field
The present invention relates to attack path Predicting Techniques, pre- more particularly to a kind of attack path based on time gain compensation
Survey method.
Background technology
With the continuous expansion of internet scale, internet topological structure is increasingly complicated.Currently, to the attack row of internet
Gradually to show both sides variation:In terms of the variation of first aspect shows intelligence, that is, attack tool is by passively starting
Attack, which develops to, actively launches a offensive, and it self can be adjusted according to environmental change or design rule;The change of second aspect
In terms of change shows as destructiveness, malicious attack and loophole increase quickly.
In order to prevent network attack, scientific research personnel has studied various do.For example, being predicted by attack path, to prevent net
Network is attacked.Currently, attack path prediction technique determines possible attack road generally according to factors such as attack complexity, operating costs
Diameter causes attack path prediction accuracy relatively low.
It can be seen that in the prior art, attack path predicts that considered factor is less, attack path prediction is caused to exist
The relatively low problem of accuracy.
Invention content
In view of this, that the main purpose of the present invention is to provide a kind of precision of predictions is higher based on time gain compensation
Attack path prediction technique.
In order to achieve the above object, technical solution proposed by the present invention is:
A kind of attack path prediction technique based on time gain compensation, includes the following steps:
Step 1 obtains network to be assessed.
All resource nodes in step 2, the acquisition network to be assessed, resource node include being originated as network attack
The starting resource node of point, is located at start node and mesh at the target resource node as network attack target point on network path
Mark the resource node between node;In network to be assessed, intermediary resources node be connected with more than one forerunner's resource node with
More than one subsequent resource node, starting resource node are connected with more than one subsequent resource node, target resource node
It is connected with more than one forerunner's resource node.
The entire network to be assessed of step 3, traversal, to what is launched a offensive to j-th of resource node by i-th of resource node
Attack ei→jObtain time gain compensationAs Δ > 0, attack e is indicatedi→jIt can not
Row;When Δ≤0, attack e is indicatedi→jIt is feasible;Wherein, i is nonnegative integer, and j is natural number, 0≤i < j, 1≤j≤m;m
It is time cost threshold value for each resource node sum, M in network to be assessed;costtime(ei→j) indicate to pass through i-th of resource section
The attack e o'clock to launch a offensive to j-th of resource nodei→jSuccess attack the time it takes cost.
Step 4 is exported by the corresponding possibility attack path formed by attack resource node of all feasible attacks,
And may on attack path each resource node confidence level.
In conclusion the attack path prediction technique traversal entire net to be assessed of the present invention based on time gain compensation
Network carries out considering based on time gain compensation for each attack, for which attack energy success attack determined
By attack resource node, which attack can not successful attack by attack resource node;It can not be by successful attack by those
It is excluded to be formed except the resource node of possible attack path by attack resource node, those can be attacked by successful attack
Resource node can thus remove the resource node of redundancy, reduce possibility as the resource node for forming possible attack path
Attack path quantity, and improve prediction may attack path and may on attack path the confidence level of resource node essence
True property.
Description of the drawings
Fig. 1 is the overall procedure schematic diagram of the attack path prediction technique of the present invention based on time gain compensation.
Specific implementation mode
To make the object, technical solutions and advantages of the present invention clearer, right below in conjunction with the accompanying drawings and the specific embodiments
The present invention is described in further detail.
Fig. 1 is the overall procedure schematic diagram of the attack path prediction technique of the present invention based on time gain compensation.Such as
Shown in Fig. 1, the attack path prediction technique of the present invention based on time gain compensation includes the following steps:
Step 1 obtains network to be assessed.
All resource nodes in step 2, the acquisition network to be assessed, resource node include being originated as network attack
The starting resource node of point, is located at start node and mesh at the target resource node as network attack target point on network path
Mark the resource node between node;In network to be assessed, intermediary resources node be connected with more than one forerunner's resource node with
More than one subsequent resource node, starting resource node are connected with more than one subsequent resource node, target resource node
It is connected with more than one forerunner's resource node.
The entire network to be assessed of step 3, traversal, to what is launched a offensive to j-th of resource node by i-th of resource node
Attack ei→jObtain time gain compensationAs Δ > 0, attack e is indicatedi→jIt can not
Row;When Δ≤0, attack e is indicatedi→jIt is feasible;Wherein, i is nonnegative integer, and j is natural number, 0≤i < j, 1≤j≤m;m
It is time cost threshold value for each resource node sum, M in network to be assessed;costtime(ei→j) indicate to pass through i-th of resource section
The attack e o'clock to launch a offensive to j-th of resource nodei→jSuccess attack the time it takes cost.
In the present invention, i-th of the resource node launched a offensive is the starting resource node or intermediary resources of network to be assessed
Node;J-th of the resource node attacked is the target resource node of intermediary resources node or network to be assessed.
Step 4 is exported by the corresponding possibility attack path formed by attack resource node of all feasible attacks,
And may on attack path each resource node confidence level.
In short, the attack path prediction technique traversal entire network to be assessed of the present invention based on time gain compensation,
Considering based on time gain compensation is carried out for each attack, for determining which attack energy success attack is attacked
Hit resource node, which attack can not successful attack by attack resource node;Those can not be attacked by successful attack
Resource node is hit to exclude to be formed except the resource node of possible attack path, it can be by successful attack by attack resource by those
Node can thus remove the resource node of redundancy, reduce possible attack as the resource node for forming possible attack path
Hit number of paths, and improve prediction may attack path and may on attack path the confidence level of resource node it is accurate
Property.
In step 3 of the present invention, the attack ei→jSuccess attack the time it takes cost costtime(ei→j)=σ
(ei→j)×θ(vj)×∑time(meta-operation)×π(ei→j);Wherein, σ (ei→j) indicate the attack ei→j's
Influence coefficient;θ(vj) indicate j-th of the resource node v attackedjThe influence coefficient of itself;∑time(meta-operation)
Indicate the sum of atom operation time cost sequence;π(ei→j) indicate to mobilize the attack ei→jAttacker's empirical coefficient.
In step 4 of the present invention, the confidence level of each resource node is specially on the possible attack path:
For the starting resource node v on possible attack path0, confidence level I (v0)=100%.
For the more than one keystone resources node v on possible attack pathg, confidence level I (vg)=100%.Its
In, g, n are natural number, and 0 < g≤n;N is the resource node sum on the possible attack path.
For removing starting resource node v on possible attack path0, keystone resources node vgRemaining resource node in addition
vk, confidence levelWherein, k is natural number, and 0 < k≤n, k ≠ g;ωk、ωk+1Respectively resource node vk's
Sampling weights, resource node vk+1Sampling weights.Here, remaining resource node vkIt can be intermediary resources node, can also be
Target resource node.
In the present invention, the keystone resources node v is obtainedgMethod it is specific as follows:
It seeks common ground to the possible attack path:If there is intersection, then as on the possibility attack path of intersection element
More than one resource node be key node;If there is no intersection, then key node is not present.
In the present invention, as resource node v on the possible attack pathkThere is no when AND or OR logical relations,In turn,
As resource node v on the possible attack pathkThere are two above forerunner's resource node prep(vk), and this two
There are when AND logical relations between a above forerunner's resource node,In turn,Wherein, p indicates that the serial number of more than two forerunner's resource nodes, t expressions have
The forerunner resource node sum of AND logical relations, p, t are natural number, and 2≤p≤t, 2≤t < n.
As resource node v on the possible attack pathkThere are two above forerunner's resource node prep(vk), and this two
There are when OR logical relations between a above forerunner's resource node,
In turn,Wherein, s indicates forerunner's resource with OR logical relations
Node total number, s are natural number, and 2≤s < n.
In step 3 of the present invention, the attack ei→jInfluence factor sigma (ei→j) value range be [0.1,0.9].
J-th of the resource node v attackedjThe influence coefficient θ (v of itselfj) value it is as follows:
Here, by attack resource node vjAttack complexity low, medium, high be determined as the prior art, herein
It repeats no more.
Attacker's empirical coefficient be (0,1].
In step 3 of the present invention, the time cost threshold value M values are as follows:
Wherein, h indicates chronomere's " hour ".Resource node vjBy time urgency low, medium of success attack,
High's is determined as the prior art, and details are not described herein again.
In conclusion the above is merely preferred embodiments of the present invention, being not intended to limit the scope of the present invention.
All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in the present invention's
Within protection domain.
Claims (7)
1. a kind of attack path prediction technique based on time gain compensation, which is characterized in that the attack path prediction technique
Include the following steps:
Step 1 obtains network to be assessed;
All resource nodes in step 2, the acquisition network to be assessed, resource node includes as network attack starting point
Starting resource node, the target resource node as network attack target point are located at start node and target section on network path
Resource node between point;In network to be assessed, intermediary resources node is connected with more than one forerunner's resource node and one
Above subsequent resource node, starting resource node are connected with more than one subsequent resource node, the connection of target resource node
There are one above forerunner's resource nodes;
The entire network to be assessed of step 3, traversal, the attack to being launched a offensive to j-th of resource node by i-th of resource node
Behavior ei→jObtain time gain compensationAs Δ > 0, attack e is indicatedi→jIt is infeasible;When
When Δ≤0, attack e is indicatedi→jIt is feasible;Wherein, i is nonnegative integer, and j, m are natural number, 0≤i < j, 1≤j≤m;M tables
Show that each resource node sum, M are time cost threshold value in network to be assessed;costtime(ei→j) indicate to pass through i-th of resource section
The attack e o'clock to launch a offensive to j-th of resource nodei→jSuccess attack the time it takes cost;
Step 4 is exported by the corresponding possibility attack path formed by attack resource node of all feasible attacks, and
The confidence level of each resource node on possible attack path.
2. the attack path prediction technique according to claim 1 based on time gain compensation, which is characterized in that step 3
In, the attack ei→jSuccess attack the time it takes cost costtime(ei→j)=σ (ei→j)×θ(vj)×∑time
(meta-operation)×π(ei→j);Wherein, σ (ei→j) indicate the attack ei→jInfluence coefficient;θ(vj) indicate
J-th of the resource node v attackedjThe influence coefficient of itself;∑time(meta-operation) atom operation time cost is indicated
The sum of sequence;π(ei→j) indicate to mobilize the attack ei→jAttacker's empirical coefficient.
3. the attack path prediction technique according to claim 1 based on time gain compensation, which is characterized in that step 4
In, the confidence level of each resource node is specially on the possible attack path:
For the starting resource node v on possible attack path0, confidence level I (v0)=100%;
For the more than one keystone resources node v on possible attack pathg, confidence level I (vg)=100%;Wherein, g, n
For natural number, and 0 < g≤n;N is the resource node sum on the possible attack path;
For removing starting resource node v on possible attack path0, keystone resources node vgRemaining resource node v in additionk,
Confidence levelWherein, k is natural number, and 0 < k≤n, k ≠ g;ωk、ωk+1Respectively resource node vkSampling
Weight, resource node vk+1Sampling weights.
4. the attack path prediction technique according to claim 3 based on time gain compensation, which is characterized in that obtain institute
State keystone resources node vgMethod it is specific as follows:
It seeks common ground to the possible attack path:If there is intersection, then as one on the possibility attack path of intersection element
A above resource node is key node;If there is no intersection, then key node is not present.
5. the attack path prediction technique according to claim 3 based on time gain compensation, which is characterized in that when described
Resource node v on possible attack pathkThere is no when AND or OR logical relations,
As resource node v on the possible attack pathkThere are two above forerunner's resource node prep(vk), and this two with
On forerunner's resource node between there are when AND logical relations,Wherein, p indicate two with
On forerunner's resource node serial number, t indicates the forerunner resource node sum with AND logical relations, and p, t are natural number,
And 2≤p≤t, 2≤t < n;
As resource node v on the possible attack pathkThere are two above forerunner's resource node prep(vk), and this two with
On forerunner's resource node between there are when OR logical relations,
Wherein, s indicates the forerunner resource node sum with OR logical relations, and s is natural number, and 2≤s < n.
6. the attack path prediction technique according to claim 2 based on time gain compensation, which is characterized in that step 3
In, the attack ei→jInfluence factor sigma (ei→j) value range be [0.1,0.9];
J-th of the resource node v attackedjThe influence coefficient θ (v of itselfj) value it is as follows:
Attacker's empirical coefficient be (0,1].
7. the attack path prediction technique according to claim 1 based on time gain compensation, which is characterized in that step 3
In, the time cost threshold value M values are as follows:
Wherein, h indicates chronomere's " hour ".
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2017107883574 | 2017-09-05 | ||
CN201710788357 | 2017-09-05 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108429728A true CN108429728A (en) | 2018-08-21 |
CN108429728B CN108429728B (en) | 2020-11-06 |
Family
ID=63155837
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810010612.7A Expired - Fee Related CN108429728B (en) | 2017-09-05 | 2018-01-04 | Attack path prediction method based on time gain compensation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108429728B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965035A (en) * | 2018-09-13 | 2018-12-07 | 南京信息工程大学 | A kind of attack path prediction technique based on attack gain |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103748992B (en) * | 2010-06-09 | 2012-02-08 | 北京理工大学 | Network attack intention dynamic recognition system based on Timed Automata |
CN105162752A (en) * | 2015-06-17 | 2015-12-16 | 河南理工大学 | Method for predicting propagation path of network threat |
US20160330226A1 (en) * | 2015-04-16 | 2016-11-10 | Nec Laboratories America, Inc. | Graph-based Instrusion Detection Using Process Traces |
CN106453217A (en) * | 2016-04-13 | 2017-02-22 | 河南理工大学 | Network attack path behavior prediction method based on path revenue calculation |
CN107040552A (en) * | 2017-06-13 | 2017-08-11 | 上海斗象信息科技有限公司 | Network attack path Forecasting Methodology |
-
2018
- 2018-01-04 CN CN201810010612.7A patent/CN108429728B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103748992B (en) * | 2010-06-09 | 2012-02-08 | 北京理工大学 | Network attack intention dynamic recognition system based on Timed Automata |
US20160330226A1 (en) * | 2015-04-16 | 2016-11-10 | Nec Laboratories America, Inc. | Graph-based Instrusion Detection Using Process Traces |
CN105162752A (en) * | 2015-06-17 | 2015-12-16 | 河南理工大学 | Method for predicting propagation path of network threat |
CN106453217A (en) * | 2016-04-13 | 2017-02-22 | 河南理工大学 | Network attack path behavior prediction method based on path revenue calculation |
CN107040552A (en) * | 2017-06-13 | 2017-08-11 | 上海斗象信息科技有限公司 | Network attack path Forecasting Methodology |
Non-Patent Citations (1)
Title |
---|
王辉 等: "基于贝叶斯推理的攻击路径预测研究", 《计算机应用研究》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965035A (en) * | 2018-09-13 | 2018-12-07 | 南京信息工程大学 | A kind of attack path prediction technique based on attack gain |
CN108965035B (en) * | 2018-09-13 | 2021-06-29 | 南京信息工程大学 | Attack path prediction method based on attack gain |
Also Published As
Publication number | Publication date |
---|---|
CN108429728B (en) | 2020-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110266647B (en) | Command and control communication detection method and system | |
Xu et al. | Hierarchical bidirectional RNN for safety-enhanced B5G heterogeneous networks | |
Li et al. | Seed-free graph de-anonymiztiation with adversarial learning | |
CN104883356A (en) | Target model-based network attack detection method | |
He et al. | Inferring application type information from tor encrypted traffic | |
CN113841157A (en) | Training a safer neural network by using local linearity regularization | |
Zhang | Impact of defending strategy decision on DDoS attack | |
Hoffmann | Markov models of cyber kill chains with iterations | |
CN115883261A (en) | ATT and CK-based APT attack modeling method for power system | |
Zhang et al. | Analysis of road traffic network cascade failures with coupled map lattice method | |
Ma et al. | Active resilient control for two‐dimensional systems under denial‐of‐service attacks | |
Yang et al. | An immunization strategy for social network worms based on network vertex influence | |
CN108429728A (en) | A kind of attack path prediction technique based on time gain compensation | |
Zhang et al. | An Advanced Persistent Distributed Denial‐of‐Service Attacked Dynamical Model on Networks | |
CN105488394B (en) | A kind of method and system that intrusion behavior identification and classification are carried out towards honey pot system | |
Dehghan et al. | Proapt: Projection of apt threats with deep reinforcement learning | |
Burita et al. | Cyber Security and APT Groups | |
CN115719085A (en) | Deep neural network model inversion attack defense method and equipment | |
Zhang et al. | A New Model for Capturing the Spread of Computer Viruses on Complex‐Networks | |
Khare et al. | State vulnerability assessment against false data injection attacks in AC state estimators | |
Mishra et al. | Cyber Warfare: Worms’ Transmission Model | |
Li et al. | Defending Byzantine attacks in ensemble federated learning: A reputation-based phishing approach | |
Li et al. | Research on information security of urban traffic control system based on tripartite evolutionary game | |
Guo et al. | State Estimation and Event‐Triggered Control for Cyber‐Physical Systems under Malicious Attack | |
CN110232641B (en) | Privacy protection method based on network regulation and control mechanism of power information system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201106 Termination date: 20220104 |
|
CF01 | Termination of patent right due to non-payment of annual fee |