CN108429728A - A kind of attack path prediction technique based on time gain compensation - Google Patents

A kind of attack path prediction technique based on time gain compensation Download PDF

Info

Publication number
CN108429728A
CN108429728A CN201810010612.7A CN201810010612A CN108429728A CN 108429728 A CN108429728 A CN 108429728A CN 201810010612 A CN201810010612 A CN 201810010612A CN 108429728 A CN108429728 A CN 108429728A
Authority
CN
China
Prior art keywords
resource node
attack
node
attack path
resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810010612.7A
Other languages
Chinese (zh)
Other versions
CN108429728B (en
Inventor
王辉
王银城
贺军义
申自浩
刘琨
王岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan University of Technology
Original Assignee
Henan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University of Technology filed Critical Henan University of Technology
Publication of CN108429728A publication Critical patent/CN108429728A/en
Application granted granted Critical
Publication of CN108429728B publication Critical patent/CN108429728B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of attack path prediction technique based on time gain compensation, including:Obtain network to be assessed;Obtain all resource nodes in the network to be assessed;The entire network to be assessed of traversal, according to time gain compensationDetermine attack ei→jIt is whether feasible;It exports by the confidence level of each resource node on the corresponding possibility attack path formed by attack resource node of all feasible attacks, and possibility attack path.The present invention has the characteristics that with high accuracy, can be widely applied to network safety filed.

Description

A kind of attack path prediction technique based on time gain compensation
Technical field
The present invention relates to attack path Predicting Techniques, pre- more particularly to a kind of attack path based on time gain compensation Survey method.
Background technology
With the continuous expansion of internet scale, internet topological structure is increasingly complicated.Currently, to the attack row of internet Gradually to show both sides variation:In terms of the variation of first aspect shows intelligence, that is, attack tool is by passively starting Attack, which develops to, actively launches a offensive, and it self can be adjusted according to environmental change or design rule;The change of second aspect In terms of change shows as destructiveness, malicious attack and loophole increase quickly.
In order to prevent network attack, scientific research personnel has studied various do.For example, being predicted by attack path, to prevent net Network is attacked.Currently, attack path prediction technique determines possible attack road generally according to factors such as attack complexity, operating costs Diameter causes attack path prediction accuracy relatively low.
It can be seen that in the prior art, attack path predicts that considered factor is less, attack path prediction is caused to exist The relatively low problem of accuracy.
Invention content
In view of this, that the main purpose of the present invention is to provide a kind of precision of predictions is higher based on time gain compensation Attack path prediction technique.
In order to achieve the above object, technical solution proposed by the present invention is:
A kind of attack path prediction technique based on time gain compensation, includes the following steps:
Step 1 obtains network to be assessed.
All resource nodes in step 2, the acquisition network to be assessed, resource node include being originated as network attack The starting resource node of point, is located at start node and mesh at the target resource node as network attack target point on network path Mark the resource node between node;In network to be assessed, intermediary resources node be connected with more than one forerunner's resource node with More than one subsequent resource node, starting resource node are connected with more than one subsequent resource node, target resource node It is connected with more than one forerunner's resource node.
The entire network to be assessed of step 3, traversal, to what is launched a offensive to j-th of resource node by i-th of resource node Attack ei→jObtain time gain compensationAs Δ > 0, attack e is indicatedi→jIt can not Row;When Δ≤0, attack e is indicatedi→jIt is feasible;Wherein, i is nonnegative integer, and j is natural number, 0≤i < j, 1≤j≤m;m It is time cost threshold value for each resource node sum, M in network to be assessed;costtime(ei→j) indicate to pass through i-th of resource section The attack e o'clock to launch a offensive to j-th of resource nodei→jSuccess attack the time it takes cost.
Step 4 is exported by the corresponding possibility attack path formed by attack resource node of all feasible attacks, And may on attack path each resource node confidence level.
In conclusion the attack path prediction technique traversal entire net to be assessed of the present invention based on time gain compensation Network carries out considering based on time gain compensation for each attack, for which attack energy success attack determined By attack resource node, which attack can not successful attack by attack resource node;It can not be by successful attack by those It is excluded to be formed except the resource node of possible attack path by attack resource node, those can be attacked by successful attack Resource node can thus remove the resource node of redundancy, reduce possibility as the resource node for forming possible attack path Attack path quantity, and improve prediction may attack path and may on attack path the confidence level of resource node essence True property.
Description of the drawings
Fig. 1 is the overall procedure schematic diagram of the attack path prediction technique of the present invention based on time gain compensation.
Specific implementation mode
To make the object, technical solutions and advantages of the present invention clearer, right below in conjunction with the accompanying drawings and the specific embodiments The present invention is described in further detail.
Fig. 1 is the overall procedure schematic diagram of the attack path prediction technique of the present invention based on time gain compensation.Such as Shown in Fig. 1, the attack path prediction technique of the present invention based on time gain compensation includes the following steps:
Step 1 obtains network to be assessed.
All resource nodes in step 2, the acquisition network to be assessed, resource node include being originated as network attack The starting resource node of point, is located at start node and mesh at the target resource node as network attack target point on network path Mark the resource node between node;In network to be assessed, intermediary resources node be connected with more than one forerunner's resource node with More than one subsequent resource node, starting resource node are connected with more than one subsequent resource node, target resource node It is connected with more than one forerunner's resource node.
The entire network to be assessed of step 3, traversal, to what is launched a offensive to j-th of resource node by i-th of resource node Attack ei→jObtain time gain compensationAs Δ > 0, attack e is indicatedi→jIt can not Row;When Δ≤0, attack e is indicatedi→jIt is feasible;Wherein, i is nonnegative integer, and j is natural number, 0≤i < j, 1≤j≤m;m It is time cost threshold value for each resource node sum, M in network to be assessed;costtime(ei→j) indicate to pass through i-th of resource section The attack e o'clock to launch a offensive to j-th of resource nodei→jSuccess attack the time it takes cost.
In the present invention, i-th of the resource node launched a offensive is the starting resource node or intermediary resources of network to be assessed Node;J-th of the resource node attacked is the target resource node of intermediary resources node or network to be assessed.
Step 4 is exported by the corresponding possibility attack path formed by attack resource node of all feasible attacks, And may on attack path each resource node confidence level.
In short, the attack path prediction technique traversal entire network to be assessed of the present invention based on time gain compensation, Considering based on time gain compensation is carried out for each attack, for determining which attack energy success attack is attacked Hit resource node, which attack can not successful attack by attack resource node;Those can not be attacked by successful attack Resource node is hit to exclude to be formed except the resource node of possible attack path, it can be by successful attack by attack resource by those Node can thus remove the resource node of redundancy, reduce possible attack as the resource node for forming possible attack path Hit number of paths, and improve prediction may attack path and may on attack path the confidence level of resource node it is accurate Property.
In step 3 of the present invention, the attack ei→jSuccess attack the time it takes cost costtime(ei→j)=σ (ei→j)×θ(vj)×∑time(meta-operation)×π(ei→j);Wherein, σ (ei→j) indicate the attack ei→j's Influence coefficient;θ(vj) indicate j-th of the resource node v attackedjThe influence coefficient of itself;∑time(meta-operation) Indicate the sum of atom operation time cost sequence;π(ei→j) indicate to mobilize the attack ei→jAttacker's empirical coefficient.
In step 4 of the present invention, the confidence level of each resource node is specially on the possible attack path:
For the starting resource node v on possible attack path0, confidence level I (v0)=100%.
For the more than one keystone resources node v on possible attack pathg, confidence level I (vg)=100%.Its In, g, n are natural number, and 0 < g≤n;N is the resource node sum on the possible attack path.
For removing starting resource node v on possible attack path0, keystone resources node vgRemaining resource node in addition vk, confidence levelWherein, k is natural number, and 0 < k≤n, k ≠ g;ωk、ωk+1Respectively resource node vk's Sampling weights, resource node vk+1Sampling weights.Here, remaining resource node vkIt can be intermediary resources node, can also be Target resource node.
In the present invention, the keystone resources node v is obtainedgMethod it is specific as follows:
It seeks common ground to the possible attack path:If there is intersection, then as on the possibility attack path of intersection element More than one resource node be key node;If there is no intersection, then key node is not present.
In the present invention, as resource node v on the possible attack pathkThere is no when AND or OR logical relations,In turn,
As resource node v on the possible attack pathkThere are two above forerunner's resource node prep(vk), and this two There are when AND logical relations between a above forerunner's resource node,In turn,Wherein, p indicates that the serial number of more than two forerunner's resource nodes, t expressions have The forerunner resource node sum of AND logical relations, p, t are natural number, and 2≤p≤t, 2≤t < n.
As resource node v on the possible attack pathkThere are two above forerunner's resource node prep(vk), and this two There are when OR logical relations between a above forerunner's resource node, In turn,Wherein, s indicates forerunner's resource with OR logical relations Node total number, s are natural number, and 2≤s < n.
In step 3 of the present invention, the attack ei→jInfluence factor sigma (ei→j) value range be [0.1,0.9].
J-th of the resource node v attackedjThe influence coefficient θ (v of itselfj) value it is as follows:
Here, by attack resource node vjAttack complexity low, medium, high be determined as the prior art, herein It repeats no more.
Attacker's empirical coefficient be (0,1].
In step 3 of the present invention, the time cost threshold value M values are as follows:
Wherein, h indicates chronomere's " hour ".Resource node vjBy time urgency low, medium of success attack, High's is determined as the prior art, and details are not described herein again.
In conclusion the above is merely preferred embodiments of the present invention, being not intended to limit the scope of the present invention. All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in the present invention's Within protection domain.

Claims (7)

1. a kind of attack path prediction technique based on time gain compensation, which is characterized in that the attack path prediction technique Include the following steps:
Step 1 obtains network to be assessed;
All resource nodes in step 2, the acquisition network to be assessed, resource node includes as network attack starting point Starting resource node, the target resource node as network attack target point are located at start node and target section on network path Resource node between point;In network to be assessed, intermediary resources node is connected with more than one forerunner's resource node and one Above subsequent resource node, starting resource node are connected with more than one subsequent resource node, the connection of target resource node There are one above forerunner's resource nodes;
The entire network to be assessed of step 3, traversal, the attack to being launched a offensive to j-th of resource node by i-th of resource node Behavior ei→jObtain time gain compensationAs Δ > 0, attack e is indicatedi→jIt is infeasible;When When Δ≤0, attack e is indicatedi→jIt is feasible;Wherein, i is nonnegative integer, and j, m are natural number, 0≤i < j, 1≤j≤m;M tables Show that each resource node sum, M are time cost threshold value in network to be assessed;costtime(ei→j) indicate to pass through i-th of resource section The attack e o'clock to launch a offensive to j-th of resource nodei→jSuccess attack the time it takes cost;
Step 4 is exported by the corresponding possibility attack path formed by attack resource node of all feasible attacks, and The confidence level of each resource node on possible attack path.
2. the attack path prediction technique according to claim 1 based on time gain compensation, which is characterized in that step 3 In, the attack ei→jSuccess attack the time it takes cost costtime(ei→j)=σ (ei→j)×θ(vj)×∑time (meta-operation)×π(ei→j);Wherein, σ (ei→j) indicate the attack ei→jInfluence coefficient;θ(vj) indicate J-th of the resource node v attackedjThe influence coefficient of itself;∑time(meta-operation) atom operation time cost is indicated The sum of sequence;π(ei→j) indicate to mobilize the attack ei→jAttacker's empirical coefficient.
3. the attack path prediction technique according to claim 1 based on time gain compensation, which is characterized in that step 4 In, the confidence level of each resource node is specially on the possible attack path:
For the starting resource node v on possible attack path0, confidence level I (v0)=100%;
For the more than one keystone resources node v on possible attack pathg, confidence level I (vg)=100%;Wherein, g, n For natural number, and 0 < g≤n;N is the resource node sum on the possible attack path;
For removing starting resource node v on possible attack path0, keystone resources node vgRemaining resource node v in additionk, Confidence levelWherein, k is natural number, and 0 < k≤n, k ≠ g;ωk、ωk+1Respectively resource node vkSampling Weight, resource node vk+1Sampling weights.
4. the attack path prediction technique according to claim 3 based on time gain compensation, which is characterized in that obtain institute State keystone resources node vgMethod it is specific as follows:
It seeks common ground to the possible attack path:If there is intersection, then as one on the possibility attack path of intersection element A above resource node is key node;If there is no intersection, then key node is not present.
5. the attack path prediction technique according to claim 3 based on time gain compensation, which is characterized in that when described Resource node v on possible attack pathkThere is no when AND or OR logical relations,
As resource node v on the possible attack pathkThere are two above forerunner's resource node prep(vk), and this two with On forerunner's resource node between there are when AND logical relations,Wherein, p indicate two with On forerunner's resource node serial number, t indicates the forerunner resource node sum with AND logical relations, and p, t are natural number, And 2≤p≤t, 2≤t < n;
As resource node v on the possible attack pathkThere are two above forerunner's resource node prep(vk), and this two with On forerunner's resource node between there are when OR logical relations, Wherein, s indicates the forerunner resource node sum with OR logical relations, and s is natural number, and 2≤s < n.
6. the attack path prediction technique according to claim 2 based on time gain compensation, which is characterized in that step 3 In, the attack ei→jInfluence factor sigma (ei→j) value range be [0.1,0.9];
J-th of the resource node v attackedjThe influence coefficient θ (v of itselfj) value it is as follows:
Attacker's empirical coefficient be (0,1].
7. the attack path prediction technique according to claim 1 based on time gain compensation, which is characterized in that step 3 In, the time cost threshold value M values are as follows:
Wherein, h indicates chronomere's " hour ".
CN201810010612.7A 2017-09-05 2018-01-04 Attack path prediction method based on time gain compensation Expired - Fee Related CN108429728B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2017107883574 2017-09-05
CN201710788357 2017-09-05

Publications (2)

Publication Number Publication Date
CN108429728A true CN108429728A (en) 2018-08-21
CN108429728B CN108429728B (en) 2020-11-06

Family

ID=63155837

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810010612.7A Expired - Fee Related CN108429728B (en) 2017-09-05 2018-01-04 Attack path prediction method based on time gain compensation

Country Status (1)

Country Link
CN (1) CN108429728B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965035A (en) * 2018-09-13 2018-12-07 南京信息工程大学 A kind of attack path prediction technique based on attack gain

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103748992B (en) * 2010-06-09 2012-02-08 北京理工大学 Network attack intention dynamic recognition system based on Timed Automata
CN105162752A (en) * 2015-06-17 2015-12-16 河南理工大学 Method for predicting propagation path of network threat
US20160330226A1 (en) * 2015-04-16 2016-11-10 Nec Laboratories America, Inc. Graph-based Instrusion Detection Using Process Traces
CN106453217A (en) * 2016-04-13 2017-02-22 河南理工大学 Network attack path behavior prediction method based on path revenue calculation
CN107040552A (en) * 2017-06-13 2017-08-11 上海斗象信息科技有限公司 Network attack path Forecasting Methodology

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103748992B (en) * 2010-06-09 2012-02-08 北京理工大学 Network attack intention dynamic recognition system based on Timed Automata
US20160330226A1 (en) * 2015-04-16 2016-11-10 Nec Laboratories America, Inc. Graph-based Instrusion Detection Using Process Traces
CN105162752A (en) * 2015-06-17 2015-12-16 河南理工大学 Method for predicting propagation path of network threat
CN106453217A (en) * 2016-04-13 2017-02-22 河南理工大学 Network attack path behavior prediction method based on path revenue calculation
CN107040552A (en) * 2017-06-13 2017-08-11 上海斗象信息科技有限公司 Network attack path Forecasting Methodology

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王辉 等: "基于贝叶斯推理的攻击路径预测研究", 《计算机应用研究》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965035A (en) * 2018-09-13 2018-12-07 南京信息工程大学 A kind of attack path prediction technique based on attack gain
CN108965035B (en) * 2018-09-13 2021-06-29 南京信息工程大学 Attack path prediction method based on attack gain

Also Published As

Publication number Publication date
CN108429728B (en) 2020-11-06

Similar Documents

Publication Publication Date Title
CN110266647B (en) Command and control communication detection method and system
Xu et al. Hierarchical bidirectional RNN for safety-enhanced B5G heterogeneous networks
Li et al. Seed-free graph de-anonymiztiation with adversarial learning
CN104883356A (en) Target model-based network attack detection method
He et al. Inferring application type information from tor encrypted traffic
CN113841157A (en) Training a safer neural network by using local linearity regularization
Zhang Impact of defending strategy decision on DDoS attack
Hoffmann Markov models of cyber kill chains with iterations
CN115883261A (en) ATT and CK-based APT attack modeling method for power system
Zhang et al. Analysis of road traffic network cascade failures with coupled map lattice method
Ma et al. Active resilient control for two‐dimensional systems under denial‐of‐service attacks
Yang et al. An immunization strategy for social network worms based on network vertex influence
CN108429728A (en) A kind of attack path prediction technique based on time gain compensation
Zhang et al. An Advanced Persistent Distributed Denial‐of‐Service Attacked Dynamical Model on Networks
CN105488394B (en) A kind of method and system that intrusion behavior identification and classification are carried out towards honey pot system
Dehghan et al. Proapt: Projection of apt threats with deep reinforcement learning
Burita et al. Cyber Security and APT Groups
CN115719085A (en) Deep neural network model inversion attack defense method and equipment
Zhang et al. A New Model for Capturing the Spread of Computer Viruses on Complex‐Networks
Khare et al. State vulnerability assessment against false data injection attacks in AC state estimators
Mishra et al. Cyber Warfare: Worms’ Transmission Model
Li et al. Defending Byzantine attacks in ensemble federated learning: A reputation-based phishing approach
Li et al. Research on information security of urban traffic control system based on tripartite evolutionary game
Guo et al. State Estimation and Event‐Triggered Control for Cyber‐Physical Systems under Malicious Attack
CN110232641B (en) Privacy protection method based on network regulation and control mechanism of power information system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201106

Termination date: 20220104

CF01 Termination of patent right due to non-payment of annual fee