CN108965035A - A kind of attack path prediction technique based on attack gain - Google Patents
A kind of attack path prediction technique based on attack gain Download PDFInfo
- Publication number
- CN108965035A CN108965035A CN201811113102.9A CN201811113102A CN108965035A CN 108965035 A CN108965035 A CN 108965035A CN 201811113102 A CN201811113102 A CN 201811113102A CN 108965035 A CN108965035 A CN 108965035A
- Authority
- CN
- China
- Prior art keywords
- attack
- node
- gain
- path
- resource node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 239000011159 matrix material Substances 0.000 claims abstract description 46
- 230000009286 beneficial effect Effects 0.000 claims description 9
- 230000008901 benefit Effects 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000002459 sustained effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of attack path prediction technique based on attack gain, comprising: obtains Bayes's attack graph as network to be assessed using tender spots scanning tools;Obtain all resource nodes and all attack nodes in network to be assessed;Entire network to be assessed is traversed, all possible attack paths from starting resource node to target resource node are obtained;Each resource node on attack path possible for every is obtained with the direct-connected each attack node of the resource node to the attack gain of the resource node and attack time, and corresponding begin attack gain matrix, attack time matrix, the probability of generating attacks gain matrix;The attack path that gain matrix eliminates redundancy in possible attack path is attacked according to probability, obtains attack gain path;Traversal attack gain path, attacks gain rate maximum principle according to path probability, determines the optimum gain path in attack gain path.The present invention has many characteristics, such as accuracy height, can be widely applied to network safety filed.
Description
Technical field
The present invention relates to Predicting Techniques, more particularly to a kind of attack path prediction technique based on attack gain.
Background technique
It is well known that the research of network attack path prediction technique always is the hot issue of scientific research field, produce thus
Various prediction techniques are given birth to.In recent years, researcher is applied to attack graph in attack prediction, is based on
Tender spots carries out forecast assessment.Currently, attack path prediction technique is usually true according to factors such as attack complexity, operating costs
Fixed possible attack path, does not consider the subjective factor of attacker, it is still relatively low to result in precision of prediction.
It can be seen that in the prior art, network attack path prediction technique has that precision of prediction is poor.
Summary of the invention
In view of this, the main purpose of the present invention is to provide a kind of higher attacks based on attack gain of precision of prediction
Path prediction technique.
In order to achieve the above object, technical solution proposed by the present invention are as follows:
A kind of attack path prediction technique based on attack gain, includes the following steps:
Step 1 obtains Bayes's attack graph as network to be assessed using tender spots scanning tools.
All resource node R={ r in step 2, the acquisition network to be assessedj| j=1,2 ..., M } it is attacked with all
Beat time point A={ ai| i=1,2 ..., N };Resource node includes as the starting resource node of network attack starting point, conduct
Intermediary resources section on the target resource node of network attack target point, network path between start node and destination node
Point, attack node are connected with more than one forerunner's resource node and more than one rear-guard resource node, starting resource node
It is connected with more than one attack node below, more than one attack node is connected with before target resource node;Wherein, it presses
According to sequence of attack, it is arranged in front of attack node and the resource node that is directly connected to attack node is as forerunner's resource node,
It is arranged in behind attack node and with the resource node that is directly connected to of attack node as rear-guard resource node;Setting is being attacked
As predecessor attack node before resource node and with the attack node that is directly connected to by attack resource node, setting is being attacked
Node is attacked as rear-guard behind resource node and with the attack node being directly connected to by attack resource node;M indicates all moneys
Source node sum, N indicates all attack node total numbers, and M, N, i, j are natural number.
Step 3 traverses entire network to be assessed, and obtain from starting resource node to target resource node all may attack
Hit path.
Each resource node in step 4, attack path possible for every, obtains and the resource node is direct-connected respectively attacks
Beat time point is to the attack gain of the resource node and attack time, and the corresponding initial attack for generating every possible attack path increases
Beneficial matrix and attack time matrix, further, the probability for generating every possible attack path attack gain matrix;Wherein, it attacks
Hit the difference that gain is attack income and intrusion scene.
Step 5 attacks the attack path that gain matrix eliminates redundancy in possible attack path according to probability, obtains attack and increases
Beneficial path.
The attack gain path that step 6, traversal step 5 obtain attacks gain rate maximum principle according to path probability, really
Make the optimum gain path in attack gain path.
In conclusion after the attack path prediction technique of the present invention based on attack gain obtains network to be assessed, root
According to the relationship between all kinds of resource nodes in the network to be assessed and attack node, from attacker's subjective point, obtain from
All possible attack paths of the starting resource node to target resource node.In all possible attack path, a part can
It include "AND" relationship on the attack path of energy, which refers to that a resource node is connected with more than two forerunners and attacks
Beat time point, and be "AND" relationship between the predecessor attack node more than the two;It is not wrapped on the possible attack path of another part
Contain "AND" relationship, that is to say, that resource node only one predecessor attack node on every possible attack path.It is right
Each resource node on every possible attack path, obtain each resource node by success attack the time it takes with
And the probability attack gain obtained after success attack, all possible attack path is eliminated according to the size that probability attacks gain
In redundant path, obtain attack gain path.In attack gain path, attacked according to the path probability of each attack gain path
Gain rate size is hit, the final attack gain path for predicting to determine that attacker most possibly selects, that is, optimal attack gain road
Diameter.Most there is prediction according to this, so that it may more precisely take the precautionary measures in advance, guarantee network security.
Detailed description of the invention
Fig. 1 is the overview flow chart of the attack path prediction technique of the present invention based on attack gain.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, right below in conjunction with the accompanying drawings and the specific embodiments
The present invention is described in further detail.
Fig. 1 is the overview flow chart of the attack path prediction technique of the present invention based on attack gain.As shown in Figure 1,
A kind of attack path prediction technique based on attack gain of the present invention, includes the following steps:
Step 1 obtains Bayes's attack graph as network to be assessed using tender spots scanning tools.
All resource node R={ r in step 2, the acquisition network to be assessedj| j=1,2 ..., M } it is attacked with all
Beat time point A={ ai| i=1,2 ..., N };Resource node includes as the starting resource node of network attack starting point, conduct
Intermediary resources section on the target resource node of network attack target point, network path between start node and destination node
Point, attack node are connected with more than one forerunner's resource node and more than one rear-guard resource node, starting resource node
It is connected with more than one attack node below, more than one attack node is connected with before target resource node;Wherein, it presses
According to sequence of attack, it is arranged in front of attack node and the resource node that is directly connected to attack node is as forerunner's resource node,
It is arranged in behind attack node and with the resource node that is directly connected to of attack node as rear-guard resource node;Setting is being attacked
As predecessor attack node before resource node and with the attack node that is directly connected to by attack resource node, setting is being attacked
Node is attacked as rear-guard behind resource node and with the attack node being directly connected to by attack resource node;M indicates all moneys
Source node sum, N indicates all attack node total numbers, and M, N, i, j are natural number.
Step 3 traverses entire network to be assessed, and obtain from starting resource node to target resource node all may attack
Hit path.
Each resource node in step 4, attack path possible for every, obtains and the resource node is direct-connected respectively attacks
Beat time point is to the attack gain of the resource node and attack time, and the corresponding initial attack for generating every possible attack path increases
Beneficial matrix and attack time matrix, further, the probability for generating every possible attack path attack gain matrix;Wherein, it attacks
Hit the difference that gain is attack income and intrusion scene.
Step 5 attacks the attack path that gain matrix eliminates redundancy in possible attack path according to probability, obtains attack and increases
Beneficial path.
The attack gain path that step 6, traversal step 5 obtain attacks gain rate maximum principle according to path probability, really
Make the optimum gain path in attack gain path.
In short, after the attack path prediction technique of the present invention based on attack gain obtains network to be assessed, according to this
Relationship in network to be assessed between all kinds of resource nodes and attack node is obtained from attacker's subjective point from starting
All possible attack paths of the resource node to target resource node.It is a part of possible in all possible attack path
It include "AND" relationship on attack path, which refers to that a resource node is connected with more than two predecessor attack sections
Point, and be "AND" relationship between the predecessor attack node more than the two;Not including on the possible attack path of another part has
"AND" relationship, that is to say, that resource node only one predecessor attack node on every possible attack path.For every
Each resource node on the possible attack path of item, obtain each resource node by success attack the time it takes and by
The probability attack gain obtained after success attack, is eliminated in all possible attack path according to the size that probability attacks gain
Redundant path obtains attack gain path.In attack gain path, is attacked and increased according to the path probability of each attack gain path
Beneficial rate size, the final attack gain path for predicting to determine that attacker most possibly selects, that is, optimal attack gain path.
Most there is prediction according to this, so that it may more precisely take the precautionary measures in advance, guarantee network security.
In the method for the present invention, the initial attack gain matrix are as follows:
Wherein, gain q is attackedijIndicate attack node aiTo resource node rjAttack gain, and qij=grain (ai,
rj)-cost(ai, rj);Work as qijWhen≤0, attack node a is indicatediTo resource node rjAttack be not present or without attack increase
Benefit;Attack the i-th row and attack node a of gain matrixiIt is corresponding, attack the jth column and resource node r of gain matrixjIt is corresponding;
grain(ai, rj) indicate attack node aiTo resource node rjAttack income, cost (ai, rj) indicate attack node aiTo money
Source node rjIntrusion scene.
In the method for the present invention, the attack time matrix are as follows:
Wherein, tijIndicate attack node aiSuccessfully occupy resource node rjAttack time;Work as tijWhen≤0, attack is indicated
Node aiTo resource node rjAttack be not present;The i-th row and attack node a of attack time matrixiIt is corresponding, when attack
Between matrix jth column with resource node rjIt is corresponding.
In the method for the present invention, attack income grain (ai, rj)=wjβijuj, wjIndicate resource node rjResource value,
βijIndicate resource node rjNode a is attacked after success attackiThe weight of control authority grade obtained, ujIt indicates to resource
Node rjAttack revenue impact coefficient.Here, control authority grade is the prior art, and the weight of control authority grade can basis
Actual needs voluntarily determines that details are not described herein again.
In the method for the present invention, intrusion scene cost (ai, rj)=αij1Hij+αij2Sij;Wherein, HijIndicate attack node aiIt is right
The attack complexity of resource node, SijIndicate attack node aiTo the risk of attacks of resource node, αij1Indicate complexity weight,
αij2Indicate risk weight, and αij1+αij2=1.αij1、αij2Specific value can voluntarily determine according to actual needs.
Here, attack complexity quantitative criteria see the table below shown in 1.Risk of attacks quantitative criteria is shown in Table 2.
Table 1 attacks complexity quantitative criteria
2 risk of attacks quantitative criteria of table
In the method for the present invention, the probability attacks gain matrix are as follows:
Wherein, probability attacks gain wij=Ψ (ai, rj)×qij;Work as wijWhen≤0, attack node a is indicatediTo resource node
rjAttack be not present or without attack gain;Probability attacks the i-th row and attack node a of gain matrixiCorresponding, probability is attacked
Hit the jth column and resource node r of gain matrixjIt is corresponding;Ψ(ai, rj) indicate attack node aiTo resource node rjCapture it is general
Rate.
It is described to capture probability Ψ (a in the method for the present inventioni, rj)=P1(ai, rj)×P2(ai, rj) indicate resource node rjQuilt
Attack node aiThe probability captured;Wherein, P1(ai, rj) indicate attack node aiForerunner's resource node captured after attack node
aiTo resource node rjThe probability launched a offensive, and P1(ai, rj)=P (γ (ai, rj)|Ω(Rj-1));P2(ai, rj) indicate attack
Node aiTo resource node rjThe probability successfully occupied, and P2(ai, rj)=P (Ω (rj)|γ(ai, rj));γ(ai, rj) indicate
Attack node aiTo resource node rjThe attack of initiation;Ω(Rj-1) indicate attack node aiForerunner's resource node by success
The behavior occupied, Ω (rj) indicate attack node aiSuccessfully occupy resource node rjBehavior;Rj-1Indicate attack node aiBefore
Drive resource node set, and Rj-1={ rJ-1,1, rJ-1,2..., rJ-1, g, g is natural number;P (|) indicates conditional probability.
In the method for the present invention, for the attack node aiForerunner's resource node set Rj-1={ rJ-1,1, rJ-1,2...,
rJ-1, g, as g=1, show the attack node aiForerunner's resource section only one, and Ω (Rj-1)=Ω (rJ-1,1);Work as g
When > 1, show the attack node aiFront is direct-connected more than one forerunner's resource node with "AND" relationship, and Ω
(Rj-1)=Ω (rJ-1,1)×Ω(rJ-1,2)×…×Ω(rJ-1, g)。
In the method for the present invention, step 5 is specifically included:
Step 51, for step 3 obtain described in all from starting resource node to target resource node possible attack
Path is numbered.
Step 52, according to may the sequence of attack path serial number from small to large, judge each possibility attack path whether redundancy:
Gain matrix is attacked according to the corresponding probability of current possibility attack path, if the probability of its each column attacks gain element
Have in element and only one probability attack gain element be greater than 0, then shows currently "AND" relationship may be not present on attack path,
And the current possible attack path not redundancy;
Attack gain matrix according to the corresponding probability of current possible attack path, if its each column exist it is more than one
Probability not equal to 0 attacks gain element, then for there are column of more than two probability attack gain element not equal to 0 and
There are more than two predecessor attack sections with "AND" relationship in speech, the corresponding resource node on current possible attack path
Point, the probability attack gain of the corresponding resource node are that each probability of the column attacks the sum of gain element: when each probability attack of each column
When the sum of gain element is greater than 0, illustrate the current possible attack path not redundancy;Otherwise, illustrate the current possible attack path
Redundancy;
Attack gain matrix according to the corresponding probability of current possible attack path, if its there are each probability to attack gain
Element is respectively less than 0 or the column equal to 0, then shows the current possible attack path redundancy.
Step 53, after the attack path for deleting redundancy, attack gain path is obtained.
In the present invention, the attack gain of resource node is the difference of attack income and intrusion scene.From the angle of attack people
It sets out, if attack does not generate interests, attack people is not will do it network attack.For this purpose, considering currently to be attacked
Hit forerunner's resource node quilt in the attack gain and the possibility attack path locating for attack resource node of resource node
Attack cost determines the probability attack gain of Current resource node, so that it is determined that whole possible attack path out
Probability attack gain matrix.Attack gain path possible for every, if some resource node thereon, probability
Gain is attacked less than 0 or equal to 0;So, income would not be generated by attacking the resource node, or even can also be sustained losses in business;Cause
This, attacker will not attack the resource node, that is to say, that and attacker will not select the possible attack path to attack,
This possible attack path is exactly redundancy.
In the present invention, if attacker to resource node without attack, attack node state value be
"false".If attacker attacks resource node, the state value of attack node is " true ".
In the method for the present invention, the optimum gain method for obtaining path is specifically included:
Step 61, all attack gain paths obtained for step 53, the probability for calculating every attack gain path are attacked
Hit gain rateWherein, PathW indicates that the probability of attack gain path attacks gain, and PathT indicates attack
Gain path is by success attack the time it takes.
Step 62 is attacked in gain rate from the probability of all attack gain paths, finds out probability attack gain rate most
Big value.
The probability is attacked the corresponding attack gain path of gain rate maximum value as optimal attack path by step 63.
In step 61, the probability for calculating the attack gain path attacks gain rateSpecifically:
If there is no "AND" relationship on attack gain path, Wherein,Indicate that probability attack increases
The sum of beneficial matrix kth column all elements;Indicate that the kth in attack time matrix arranges the sum of all attack time elements;X, k is equal
For natural number;
If attacked on gain path there are "AND" relationship, Wherein,It indicates on the attack gain path
The sum of the attack time element of the resource node of only one predecessor attack node each respective column in attack time matrix;Indicate the resource on the attack gain path with more than two predecessor attack nodes
The sum of the attack time that node rd is attacked,Indicate the resource node r with more than two predecessor attack nodesdIt is attacked
When the maximum synchronization attack time,Indicate the resource node r with more than two predecessor attack nodesdIt is different when being attacked
Walk attack time;S, d, E, F are natural number, and E+F=M.
In conclusion the above is merely preferred embodiments of the present invention, being not intended to limit the scope of the present invention.
All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in of the invention
Within protection scope.
Claims (8)
1. a kind of attack path prediction technique based on attack gain, which is characterized in that the attack path prediction technique includes
Following steps:
Step 1 obtains Bayes's attack graph as network to be assessed using tender spots scanning tools;
All resource node R={ r in step 2, the acquisition network to be assessedj| j=1,2 ..., M } and all attack nodes
A={ ai| i=1,2 ..., N };Resource node includes attacking as the starting resource node of network attack starting point, as network
The target resource node of target point, the intermediary resources node on network path between start node and destination node are hit, is attacked
Beat time point is connected with more than one forerunner's resource node and more than one rear-guard resource node, connects behind starting resource node
It is connected to more than one attack node, more than one attack node is connected with before target resource node;Wherein, according to attack
Sequentially, it is arranged in front of attack node and with the resource node that is directly connected to of attack node as forerunner's resource node, is arranged and exists
The resource node being directly connected to behind attack node and with attack node is as rear-guard resource node;It is arranged by attack resource section
Point front and with the attack node that is directly connected to by attack resource node as predecessor attack node, setting is by attack resource section
Point attacks node as rear-guard below and with the attack node being directly connected to by attack resource node;M indicates all resource nodes
Sum, N indicates all attack node total numbers, and M, N, i, j are natural number;
Step 3 traverses entire network to be assessed, obtains all possible attack roads from starting resource node to target resource node
Diameter;
Each resource node in step 4, attack path possible for every is obtained and is saved with the direct-connected each attack of the resource node
Point corresponds to the initial attack gain square for generating every possible attack path to the attack gain of the resource node and attack time
Battle array and attack time matrix, further, the probability for generating every possible attack path attack gain matrix;Wherein, attack increases
Benefit takes in the difference with intrusion scene for attack;
Step 5 attacks the attack path that gain matrix eliminates redundancy in possible attack path according to probability, obtains attack gain road
Diameter;
The attack gain path that step 6, traversal step 5 obtain is attacked gain rate maximum principle according to path probability, is determined
Attack the optimum gain path in gain path.
2. the attack path prediction technique according to claim 1 based on attack gain, which is characterized in that
The initial attack gain matrixWherein, it attacks
Gain qijIndicate attack node aiTo resource node rjAttack gain, and qij=grain (ai, rj)-cost(ai, rj);Work as qij
When≤0, attack node a is indicatediTo resource node rjAttack be not present or without attack gain;Attack the i-th of gain matrix
Row and attack node aiIt is corresponding, attack the jth column and resource node r of gain matrixjIt is corresponding;grain(ai, rj) indicate attack section
Point aiTo resource node rjAttack income, cost (ai, rj) indicate attack node aiTo resource node rjIntrusion scene;
The attack time matrixWherein, tijExpression is attacked
Beat time point aiSuccessfully occupy resource node rjAttack time;Work as tijWhen≤0, attack node a is indicatediTo resource node rjAttack
The behavior of hitting is not present;The i-th row and attack node a of attack time matrixiIt is corresponding, jth column and the resource section of attack time matrix
Point rjIt is corresponding;Wherein,
Attack income grain (ai, rj)=wjβijuj, wjIndicate resource node rjResource value, βijIndicate resource node rjQuilt
Node a is attacked after success attackiThe weight of control authority grade obtained, ujIt indicates to resource node rjAttack income shadow
Ring coefficient;
Intrusion scene cost (ai, rj)=αij1Hij+αij2Sij;Wherein, HijIndicate attack node aiIt is multiple to the attack of resource node
Miscellaneous degree, SijIndicate attack node aiTo the risk of attacks of resource node, αij1Indicate complexity weight, αij2Indicate risk power
Value, and αij1+αij2=1.
3. the attack path prediction technique according to claim 2 based on attack gain, which is characterized in that the probability is attacked
Hit gain matrix are as follows:
Wherein, probability attacks gain wij=ψ (ai,
rj)×qij;Work as wijWhen≤0, attack node a is indicatediTo resource node rjAttack be not present or without attack gain;Probability
Attack the i-th row and attack node a of gain matrixiCorresponding, probability attacks the jth column and resource node of gain matrix;ψ(ai, rj)
Indicate attack node aiTo resource node rjCapture probability.
4. the attack path prediction technique according to claim 3 based on attack gain, which is characterized in that described to capture generally
Rate ψ (ai, rj)=P1(ai, rj)×P2(ai, rj) indicate resource node rjBy attack node aiThe probability captured;Wherein, P1(ai,
rj) indicate attack node aiForerunner's resource node captured after attack node aiTo resource node rjThe probability launched a offensive, and
P1(ai, rj)=P (γ (ai, rj)|Ω(Rj-1));P2(ai, rj) indicate attack node aiTo resource node rjThat successfully occupies is general
Rate, and P2(ai, rj)=P (Ω (rj)|γ(ai, rj));γ(ai, rj) indicate attack node aiTo resource node rjThat initiates attacks
Hit behavior;Ω(Rj-1) indicate attack node aiThe behavior that is successfully occupied of forerunner's resource node, Ω (rj) indicate attack node
aiSuccessfully occupy resource node rjBehavior;Rj-1Indicate attack node aiForerunner's resource node set, and Rj-1={ rJ-1,1,
rJ-1,2..., rJ-1, g, g is natural number;P (|) indicates conditional probability.
5. the attack path prediction technique according to claim 4 based on attack gain, which is characterized in that attacked for described
Beat time point aiForerunner's resource node set Rj-1={ rJ-1,1, rJ-1,2..., rJ-1, g, as g=1, show the attack node
aiForerunner's resource section only one, and Ω (Rj-1)=Ω (rJ-1,1);As g > 1, show the attack node aiFront is straight
It is connected with more than one forerunner's resource node with "AND" relationship, and Ω (Rj-1)=Ω (rJ-1,1)×Ω(rJ-1,2)×…×Ω
(rJ-1, g)。
6. the attack path prediction technique based on attack gain according to claim 3,4 or 5, which is characterized in that step 5
It specifically includes:
Step 51, for step 3 obtain described in all possible attack paths from starting resource node to target resource node
It is numbered;
Step 52, according to may the sequence of attack path serial number from small to large, judge each possibility attack path whether redundancy:
Gain matrix is attacked according to the corresponding probability of current possibility attack path, if in the probability attack gain element of its each column
Have and only one probability attack gain element is greater than 0, then shows currently "AND" relationship may be not present on attack path, and should
It currently may attack path not redundancy;
Gain matrix is attacked according to the corresponding probability of current possibility attack path, if its each column has more than one differ
Probability in 0 attacks gain element, then for being not equal to 0 column there are more than two probability attack gain element,
There are more than two predecessor attack nodes with "AND" relationship in its corresponding resource node on current possible attack path,
The probability attack gain of the corresponding resource node is that each probability of the column attacks the sum of gain element: when each probability of each column attacks gain
When the sum of element is greater than 0, illustrate the current possible attack path not redundancy;Otherwise, illustrate the current possible attack path redundancy;
Attack gain matrix according to the corresponding probability of current possible attack path, if its there are each probability to attack gain element
Respectively less than 0 or the column equal to 0, then show the current possible attack path redundancy;
Step 53, after the attack path for deleting redundancy, attack gain path is obtained.
7. the attack path prediction technique according to claim 6 based on attack gain, which is characterized in that the optimal increasing
Beneficial method for obtaining path, specifically includes:
Step 61, all attack gain paths obtained for step 53, the probability for calculating every attack gain path, which is attacked, to be increased
Beneficial rateWherein, PathW indicates that the probability of attack gain path attacks gain, and PathT indicates attack gain
Path is by success attack the time it takes;
Step 62 is attacked in gain rate from the probability of all attack gain paths, finds out probability attack gain rate maximum value;
The probability is attacked the corresponding attack gain path of gain rate maximum value as optimal attack path by step 63.
8. the attack path prediction technique according to claim 7 based on attack gain, which is characterized in that in step 61,
Calculate the probability attack gain rate of the attack gain pathSpecifically:
If there is no "AND" relationship on attack gain path, Wherein,Indicate that probability attack increases
The sum of beneficial matrix kth column all elements;Indicate that the kth in attack time matrix arranges the sum of all attack time elements;X, k is equal
For natural number;
If attacked on gain path there are "AND" relationship, Wherein,It indicates on the attack gain path
The sum of the attack time element of the resource node of only one predecessor attack node each respective column in attack time matrix;Indicate the resource on the attack gain path with more than two predecessor attack nodes
Node rdThe sum of attack time attacked,Indicate the resource node r with more than two predecessor attack nodesdWhen being attacked
The maximum synchronization attack time,Indicate the resource node r with more than two predecessor attack nodesdIt is asynchronous when being attacked
Attack time;S, d, E, F are natural number, and E+F=M.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811113102.9A CN108965035B (en) | 2018-09-13 | 2018-09-13 | Attack path prediction method based on attack gain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811113102.9A CN108965035B (en) | 2018-09-13 | 2018-09-13 | Attack path prediction method based on attack gain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108965035A true CN108965035A (en) | 2018-12-07 |
CN108965035B CN108965035B (en) | 2021-06-29 |
Family
ID=64471740
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811113102.9A Expired - Fee Related CN108965035B (en) | 2018-09-13 | 2018-09-13 | Attack path prediction method based on attack gain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108965035B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111131257A (en) * | 2019-12-26 | 2020-05-08 | 哈尔滨工程大学 | Bayesian attack graph-based attack path derivation method for adding singular nodes |
CN113890764A (en) * | 2021-10-08 | 2022-01-04 | 中国电子科技集团公司第三十研究所 | Time synchronization system with prediction function and safety monitoring method and device thereof |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103152345A (en) * | 2013-03-07 | 2013-06-12 | 南京理工大学常熟研究院有限公司 | Network safety optimum attacking and defending decision method for attacking and defending game |
US20150040228A1 (en) * | 2013-07-31 | 2015-02-05 | Arizona Board of Regents, a body Corporate of the State of Arizona, Acting for and on Behalf of Ariz | Selection of a countermeasure |
CN106453217A (en) * | 2016-04-13 | 2017-02-22 | 河南理工大学 | Network attack path behavior prediction method based on path revenue calculation |
CN107528850A (en) * | 2017-09-05 | 2017-12-29 | 西北大学 | A kind of optimal prevention policies analysis system and method based on improvement ant group algorithm |
CN108429728A (en) * | 2017-09-05 | 2018-08-21 | 河南理工大学 | A kind of attack path prediction technique based on time gain compensation |
-
2018
- 2018-09-13 CN CN201811113102.9A patent/CN108965035B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103152345A (en) * | 2013-03-07 | 2013-06-12 | 南京理工大学常熟研究院有限公司 | Network safety optimum attacking and defending decision method for attacking and defending game |
US20150040228A1 (en) * | 2013-07-31 | 2015-02-05 | Arizona Board of Regents, a body Corporate of the State of Arizona, Acting for and on Behalf of Ariz | Selection of a countermeasure |
CN106453217A (en) * | 2016-04-13 | 2017-02-22 | 河南理工大学 | Network attack path behavior prediction method based on path revenue calculation |
CN107528850A (en) * | 2017-09-05 | 2017-12-29 | 西北大学 | A kind of optimal prevention policies analysis system and method based on improvement ant group algorithm |
CN108429728A (en) * | 2017-09-05 | 2018-08-21 | 河南理工大学 | A kind of attack path prediction technique based on time gain compensation |
Non-Patent Citations (2)
Title |
---|
RINKU DEWRI等: "Optimal security hardening on attack tree models of networks: a cost-benefit analysis", 《SPRINGER INT. J. INF. SECUR. (2012)》 * |
王辉等: "基于路径收益计算的网络攻击路径行为分析方法", 《吉林大学学报(理学版)》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111131257A (en) * | 2019-12-26 | 2020-05-08 | 哈尔滨工程大学 | Bayesian attack graph-based attack path derivation method for adding singular nodes |
CN111131257B (en) * | 2019-12-26 | 2022-03-18 | 哈尔滨工程大学 | Bayesian attack graph-based attack path derivation method for adding singular nodes |
CN113890764A (en) * | 2021-10-08 | 2022-01-04 | 中国电子科技集团公司第三十研究所 | Time synchronization system with prediction function and safety monitoring method and device thereof |
CN113890764B (en) * | 2021-10-08 | 2023-05-09 | 中国电子科技集团公司第三十研究所 | Time synchronization system with prediction function and safety monitoring method and device thereof |
Also Published As
Publication number | Publication date |
---|---|
CN108965035B (en) | 2021-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10951408B2 (en) | Method and system for publicly verifiable proofs of retrievability in blockchains | |
Xiao et al. | Generating adversarial examples with adversarial networks | |
CN105590142B (en) | Synthetic team cooperative fire power distribution method | |
CN106453217A (en) | Network attack path behavior prediction method based on path revenue calculation | |
CN108009918A (en) | The bookkeeping methods and electronic equipment of block chain common recognition algorithm transaction system | |
CN108965035A (en) | A kind of attack path prediction technique based on attack gain | |
CN107066558A (en) | Boot entry based on artificial intelligence recommends method and device, equipment and computer-readable recording medium | |
CN102135937A (en) | Pairwise overlay integrated software test case suite generating method | |
JP2020119539A (en) | Method and learning device for learning object detector of cnn foundation using 1×h convolution used for hardware optimization, test method and test device using the same | |
CN107277065A (en) | The resource regulating method of the senior constant threat of detection based on intensified learning | |
CN113132410A (en) | Method for detecting fishing website | |
CN111881439B (en) | Recognition model design method based on antagonism regularization | |
CN113709152B (en) | Antagonistic domain name generation model with high-resistance detection capability | |
CN114021698A (en) | Malicious domain name training sample expansion method and device based on capsule generation countermeasure network | |
CN115619607B (en) | Multi-stage resource attack and defense allocation method and system based on reinforcement learning | |
CN104572820B (en) | The generation method and device of model, importance acquisition methods and device | |
CN116192424A (en) | Method for attacking global data distribution in federation learning scene | |
JP2010151637A (en) | Target tracking device | |
CN115328189A (en) | Multi-unmanned aerial vehicle cooperative game decision method and system | |
CN114244550A (en) | Method and system for block chain FAW attack protection based on node consensus behavior | |
Wang et al. | Enhancing targeted attack transferability via diversified weight pruning | |
CN106533651A (en) | Cost-based complex network side attack method under weight changing | |
CN115022282B (en) | Novel domain name generation model establishment and application | |
Sankhyan et al. | PDS-Phishing Detection Systems | |
Zhang et al. | Dynamic loss yielding more transferable targeted adversarial examples |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210629 |