CN108965035A - A kind of attack path prediction technique based on attack gain - Google Patents

A kind of attack path prediction technique based on attack gain Download PDF

Info

Publication number
CN108965035A
CN108965035A CN201811113102.9A CN201811113102A CN108965035A CN 108965035 A CN108965035 A CN 108965035A CN 201811113102 A CN201811113102 A CN 201811113102A CN 108965035 A CN108965035 A CN 108965035A
Authority
CN
China
Prior art keywords
attack
node
gain
path
resource node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811113102.9A
Other languages
Chinese (zh)
Other versions
CN108965035B (en
Inventor
王坤福
王辉
茹鑫鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Information Science and Technology
Henan University of Technology
Original Assignee
Nanjing University of Information Science and Technology
Henan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Information Science and Technology, Henan University of Technology filed Critical Nanjing University of Information Science and Technology
Priority to CN201811113102.9A priority Critical patent/CN108965035B/en
Publication of CN108965035A publication Critical patent/CN108965035A/en
Application granted granted Critical
Publication of CN108965035B publication Critical patent/CN108965035B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of attack path prediction technique based on attack gain, comprising: obtains Bayes's attack graph as network to be assessed using tender spots scanning tools;Obtain all resource nodes and all attack nodes in network to be assessed;Entire network to be assessed is traversed, all possible attack paths from starting resource node to target resource node are obtained;Each resource node on attack path possible for every is obtained with the direct-connected each attack node of the resource node to the attack gain of the resource node and attack time, and corresponding begin attack gain matrix, attack time matrix, the probability of generating attacks gain matrix;The attack path that gain matrix eliminates redundancy in possible attack path is attacked according to probability, obtains attack gain path;Traversal attack gain path, attacks gain rate maximum principle according to path probability, determines the optimum gain path in attack gain path.The present invention has many characteristics, such as accuracy height, can be widely applied to network safety filed.

Description

A kind of attack path prediction technique based on attack gain
Technical field
The present invention relates to Predicting Techniques, more particularly to a kind of attack path prediction technique based on attack gain.
Background technique
It is well known that the research of network attack path prediction technique always is the hot issue of scientific research field, produce thus Various prediction techniques are given birth to.In recent years, researcher is applied to attack graph in attack prediction, is based on Tender spots carries out forecast assessment.Currently, attack path prediction technique is usually true according to factors such as attack complexity, operating costs Fixed possible attack path, does not consider the subjective factor of attacker, it is still relatively low to result in precision of prediction.
It can be seen that in the prior art, network attack path prediction technique has that precision of prediction is poor.
Summary of the invention
In view of this, the main purpose of the present invention is to provide a kind of higher attacks based on attack gain of precision of prediction Path prediction technique.
In order to achieve the above object, technical solution proposed by the present invention are as follows:
A kind of attack path prediction technique based on attack gain, includes the following steps:
Step 1 obtains Bayes's attack graph as network to be assessed using tender spots scanning tools.
All resource node R={ r in step 2, the acquisition network to be assessedj| j=1,2 ..., M } it is attacked with all Beat time point A={ ai| i=1,2 ..., N };Resource node includes as the starting resource node of network attack starting point, conduct Intermediary resources section on the target resource node of network attack target point, network path between start node and destination node Point, attack node are connected with more than one forerunner's resource node and more than one rear-guard resource node, starting resource node It is connected with more than one attack node below, more than one attack node is connected with before target resource node;Wherein, it presses According to sequence of attack, it is arranged in front of attack node and the resource node that is directly connected to attack node is as forerunner's resource node, It is arranged in behind attack node and with the resource node that is directly connected to of attack node as rear-guard resource node;Setting is being attacked As predecessor attack node before resource node and with the attack node that is directly connected to by attack resource node, setting is being attacked Node is attacked as rear-guard behind resource node and with the attack node being directly connected to by attack resource node;M indicates all moneys Source node sum, N indicates all attack node total numbers, and M, N, i, j are natural number.
Step 3 traverses entire network to be assessed, and obtain from starting resource node to target resource node all may attack Hit path.
Each resource node in step 4, attack path possible for every, obtains and the resource node is direct-connected respectively attacks Beat time point is to the attack gain of the resource node and attack time, and the corresponding initial attack for generating every possible attack path increases Beneficial matrix and attack time matrix, further, the probability for generating every possible attack path attack gain matrix;Wherein, it attacks Hit the difference that gain is attack income and intrusion scene.
Step 5 attacks the attack path that gain matrix eliminates redundancy in possible attack path according to probability, obtains attack and increases Beneficial path.
The attack gain path that step 6, traversal step 5 obtain attacks gain rate maximum principle according to path probability, really Make the optimum gain path in attack gain path.
In conclusion after the attack path prediction technique of the present invention based on attack gain obtains network to be assessed, root According to the relationship between all kinds of resource nodes in the network to be assessed and attack node, from attacker's subjective point, obtain from All possible attack paths of the starting resource node to target resource node.In all possible attack path, a part can It include "AND" relationship on the attack path of energy, which refers to that a resource node is connected with more than two forerunners and attacks Beat time point, and be "AND" relationship between the predecessor attack node more than the two;It is not wrapped on the possible attack path of another part Contain "AND" relationship, that is to say, that resource node only one predecessor attack node on every possible attack path.It is right Each resource node on every possible attack path, obtain each resource node by success attack the time it takes with And the probability attack gain obtained after success attack, all possible attack path is eliminated according to the size that probability attacks gain In redundant path, obtain attack gain path.In attack gain path, attacked according to the path probability of each attack gain path Gain rate size is hit, the final attack gain path for predicting to determine that attacker most possibly selects, that is, optimal attack gain road Diameter.Most there is prediction according to this, so that it may more precisely take the precautionary measures in advance, guarantee network security.
Detailed description of the invention
Fig. 1 is the overview flow chart of the attack path prediction technique of the present invention based on attack gain.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, right below in conjunction with the accompanying drawings and the specific embodiments The present invention is described in further detail.
Fig. 1 is the overview flow chart of the attack path prediction technique of the present invention based on attack gain.As shown in Figure 1, A kind of attack path prediction technique based on attack gain of the present invention, includes the following steps:
Step 1 obtains Bayes's attack graph as network to be assessed using tender spots scanning tools.
All resource node R={ r in step 2, the acquisition network to be assessedj| j=1,2 ..., M } it is attacked with all Beat time point A={ ai| i=1,2 ..., N };Resource node includes as the starting resource node of network attack starting point, conduct Intermediary resources section on the target resource node of network attack target point, network path between start node and destination node Point, attack node are connected with more than one forerunner's resource node and more than one rear-guard resource node, starting resource node It is connected with more than one attack node below, more than one attack node is connected with before target resource node;Wherein, it presses According to sequence of attack, it is arranged in front of attack node and the resource node that is directly connected to attack node is as forerunner's resource node, It is arranged in behind attack node and with the resource node that is directly connected to of attack node as rear-guard resource node;Setting is being attacked As predecessor attack node before resource node and with the attack node that is directly connected to by attack resource node, setting is being attacked Node is attacked as rear-guard behind resource node and with the attack node being directly connected to by attack resource node;M indicates all moneys Source node sum, N indicates all attack node total numbers, and M, N, i, j are natural number.
Step 3 traverses entire network to be assessed, and obtain from starting resource node to target resource node all may attack Hit path.
Each resource node in step 4, attack path possible for every, obtains and the resource node is direct-connected respectively attacks Beat time point is to the attack gain of the resource node and attack time, and the corresponding initial attack for generating every possible attack path increases Beneficial matrix and attack time matrix, further, the probability for generating every possible attack path attack gain matrix;Wherein, it attacks Hit the difference that gain is attack income and intrusion scene.
Step 5 attacks the attack path that gain matrix eliminates redundancy in possible attack path according to probability, obtains attack and increases Beneficial path.
The attack gain path that step 6, traversal step 5 obtain attacks gain rate maximum principle according to path probability, really Make the optimum gain path in attack gain path.
In short, after the attack path prediction technique of the present invention based on attack gain obtains network to be assessed, according to this Relationship in network to be assessed between all kinds of resource nodes and attack node is obtained from attacker's subjective point from starting All possible attack paths of the resource node to target resource node.It is a part of possible in all possible attack path It include "AND" relationship on attack path, which refers to that a resource node is connected with more than two predecessor attack sections Point, and be "AND" relationship between the predecessor attack node more than the two;Not including on the possible attack path of another part has "AND" relationship, that is to say, that resource node only one predecessor attack node on every possible attack path.For every Each resource node on the possible attack path of item, obtain each resource node by success attack the time it takes and by The probability attack gain obtained after success attack, is eliminated in all possible attack path according to the size that probability attacks gain Redundant path obtains attack gain path.In attack gain path, is attacked and increased according to the path probability of each attack gain path Beneficial rate size, the final attack gain path for predicting to determine that attacker most possibly selects, that is, optimal attack gain path. Most there is prediction according to this, so that it may more precisely take the precautionary measures in advance, guarantee network security.
In the method for the present invention, the initial attack gain matrix are as follows:
Wherein, gain q is attackedijIndicate attack node aiTo resource node rjAttack gain, and qij=grain (ai, rj)-cost(ai, rj);Work as qijWhen≤0, attack node a is indicatediTo resource node rjAttack be not present or without attack increase Benefit;Attack the i-th row and attack node a of gain matrixiIt is corresponding, attack the jth column and resource node r of gain matrixjIt is corresponding; grain(ai, rj) indicate attack node aiTo resource node rjAttack income, cost (ai, rj) indicate attack node aiTo money Source node rjIntrusion scene.
In the method for the present invention, the attack time matrix are as follows:
Wherein, tijIndicate attack node aiSuccessfully occupy resource node rjAttack time;Work as tijWhen≤0, attack is indicated Node aiTo resource node rjAttack be not present;The i-th row and attack node a of attack time matrixiIt is corresponding, when attack Between matrix jth column with resource node rjIt is corresponding.
In the method for the present invention, attack income grain (ai, rj)=wjβijuj, wjIndicate resource node rjResource value, βijIndicate resource node rjNode a is attacked after success attackiThe weight of control authority grade obtained, ujIt indicates to resource Node rjAttack revenue impact coefficient.Here, control authority grade is the prior art, and the weight of control authority grade can basis Actual needs voluntarily determines that details are not described herein again.
In the method for the present invention, intrusion scene cost (ai, rj)=αij1Hijij2Sij;Wherein, HijIndicate attack node aiIt is right The attack complexity of resource node, SijIndicate attack node aiTo the risk of attacks of resource node, αij1Indicate complexity weight, αij2Indicate risk weight, and αij1ij2=1.αij1、αij2Specific value can voluntarily determine according to actual needs.
Here, attack complexity quantitative criteria see the table below shown in 1.Risk of attacks quantitative criteria is shown in Table 2.
Table 1 attacks complexity quantitative criteria
2 risk of attacks quantitative criteria of table
In the method for the present invention, the probability attacks gain matrix are as follows:
Wherein, probability attacks gain wij=Ψ (ai, rj)×qij;Work as wijWhen≤0, attack node a is indicatediTo resource node rjAttack be not present or without attack gain;Probability attacks the i-th row and attack node a of gain matrixiCorresponding, probability is attacked Hit the jth column and resource node r of gain matrixjIt is corresponding;Ψ(ai, rj) indicate attack node aiTo resource node rjCapture it is general Rate.
It is described to capture probability Ψ (a in the method for the present inventioni, rj)=P1(ai, rj)×P2(ai, rj) indicate resource node rjQuilt Attack node aiThe probability captured;Wherein, P1(ai, rj) indicate attack node aiForerunner's resource node captured after attack node aiTo resource node rjThe probability launched a offensive, and P1(ai, rj)=P (γ (ai, rj)|Ω(Rj-1));P2(ai, rj) indicate attack Node aiTo resource node rjThe probability successfully occupied, and P2(ai, rj)=P (Ω (rj)|γ(ai, rj));γ(ai, rj) indicate Attack node aiTo resource node rjThe attack of initiation;Ω(Rj-1) indicate attack node aiForerunner's resource node by success The behavior occupied, Ω (rj) indicate attack node aiSuccessfully occupy resource node rjBehavior;Rj-1Indicate attack node aiBefore Drive resource node set, and Rj-1={ rJ-1,1, rJ-1,2..., rJ-1, g, g is natural number;P (|) indicates conditional probability.
In the method for the present invention, for the attack node aiForerunner's resource node set Rj-1={ rJ-1,1, rJ-1,2..., rJ-1, g, as g=1, show the attack node aiForerunner's resource section only one, and Ω (Rj-1)=Ω (rJ-1,1);Work as g When > 1, show the attack node aiFront is direct-connected more than one forerunner's resource node with "AND" relationship, and Ω (Rj-1)=Ω (rJ-1,1)×Ω(rJ-1,2)×…×Ω(rJ-1, g)。
In the method for the present invention, step 5 is specifically included:
Step 51, for step 3 obtain described in all from starting resource node to target resource node possible attack Path is numbered.
Step 52, according to may the sequence of attack path serial number from small to large, judge each possibility attack path whether redundancy:
Gain matrix is attacked according to the corresponding probability of current possibility attack path, if the probability of its each column attacks gain element Have in element and only one probability attack gain element be greater than 0, then shows currently "AND" relationship may be not present on attack path, And the current possible attack path not redundancy;
Attack gain matrix according to the corresponding probability of current possible attack path, if its each column exist it is more than one Probability not equal to 0 attacks gain element, then for there are column of more than two probability attack gain element not equal to 0 and There are more than two predecessor attack sections with "AND" relationship in speech, the corresponding resource node on current possible attack path Point, the probability attack gain of the corresponding resource node are that each probability of the column attacks the sum of gain element: when each probability attack of each column When the sum of gain element is greater than 0, illustrate the current possible attack path not redundancy;Otherwise, illustrate the current possible attack path Redundancy;
Attack gain matrix according to the corresponding probability of current possible attack path, if its there are each probability to attack gain Element is respectively less than 0 or the column equal to 0, then shows the current possible attack path redundancy.
Step 53, after the attack path for deleting redundancy, attack gain path is obtained.
In the present invention, the attack gain of resource node is the difference of attack income and intrusion scene.From the angle of attack people It sets out, if attack does not generate interests, attack people is not will do it network attack.For this purpose, considering currently to be attacked Hit forerunner's resource node quilt in the attack gain and the possibility attack path locating for attack resource node of resource node Attack cost determines the probability attack gain of Current resource node, so that it is determined that whole possible attack path out Probability attack gain matrix.Attack gain path possible for every, if some resource node thereon, probability Gain is attacked less than 0 or equal to 0;So, income would not be generated by attacking the resource node, or even can also be sustained losses in business;Cause This, attacker will not attack the resource node, that is to say, that and attacker will not select the possible attack path to attack, This possible attack path is exactly redundancy.
In the present invention, if attacker to resource node without attack, attack node state value be "false".If attacker attacks resource node, the state value of attack node is " true ".
In the method for the present invention, the optimum gain method for obtaining path is specifically included:
Step 61, all attack gain paths obtained for step 53, the probability for calculating every attack gain path are attacked Hit gain rateWherein, PathW indicates that the probability of attack gain path attacks gain, and PathT indicates attack Gain path is by success attack the time it takes.
Step 62 is attacked in gain rate from the probability of all attack gain paths, finds out probability attack gain rate most Big value.
The probability is attacked the corresponding attack gain path of gain rate maximum value as optimal attack path by step 63.
In step 61, the probability for calculating the attack gain path attacks gain rateSpecifically:
If there is no "AND" relationship on attack gain path, Wherein,Indicate that probability attack increases The sum of beneficial matrix kth column all elements;Indicate that the kth in attack time matrix arranges the sum of all attack time elements;X, k is equal For natural number;
If attacked on gain path there are "AND" relationship, Wherein,It indicates on the attack gain path The sum of the attack time element of the resource node of only one predecessor attack node each respective column in attack time matrix;Indicate the resource on the attack gain path with more than two predecessor attack nodes The sum of the attack time that node rd is attacked,Indicate the resource node r with more than two predecessor attack nodesdIt is attacked When the maximum synchronization attack time,Indicate the resource node r with more than two predecessor attack nodesdIt is different when being attacked Walk attack time;S, d, E, F are natural number, and E+F=M.
In conclusion the above is merely preferred embodiments of the present invention, being not intended to limit the scope of the present invention. All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in of the invention Within protection scope.

Claims (8)

1. a kind of attack path prediction technique based on attack gain, which is characterized in that the attack path prediction technique includes Following steps:
Step 1 obtains Bayes's attack graph as network to be assessed using tender spots scanning tools;
All resource node R={ r in step 2, the acquisition network to be assessedj| j=1,2 ..., M } and all attack nodes A={ ai| i=1,2 ..., N };Resource node includes attacking as the starting resource node of network attack starting point, as network The target resource node of target point, the intermediary resources node on network path between start node and destination node are hit, is attacked Beat time point is connected with more than one forerunner's resource node and more than one rear-guard resource node, connects behind starting resource node It is connected to more than one attack node, more than one attack node is connected with before target resource node;Wherein, according to attack Sequentially, it is arranged in front of attack node and with the resource node that is directly connected to of attack node as forerunner's resource node, is arranged and exists The resource node being directly connected to behind attack node and with attack node is as rear-guard resource node;It is arranged by attack resource section Point front and with the attack node that is directly connected to by attack resource node as predecessor attack node, setting is by attack resource section Point attacks node as rear-guard below and with the attack node being directly connected to by attack resource node;M indicates all resource nodes Sum, N indicates all attack node total numbers, and M, N, i, j are natural number;
Step 3 traverses entire network to be assessed, obtains all possible attack roads from starting resource node to target resource node Diameter;
Each resource node in step 4, attack path possible for every is obtained and is saved with the direct-connected each attack of the resource node Point corresponds to the initial attack gain square for generating every possible attack path to the attack gain of the resource node and attack time Battle array and attack time matrix, further, the probability for generating every possible attack path attack gain matrix;Wherein, attack increases Benefit takes in the difference with intrusion scene for attack;
Step 5 attacks the attack path that gain matrix eliminates redundancy in possible attack path according to probability, obtains attack gain road Diameter;
The attack gain path that step 6, traversal step 5 obtain is attacked gain rate maximum principle according to path probability, is determined Attack the optimum gain path in gain path.
2. the attack path prediction technique according to claim 1 based on attack gain, which is characterized in that
The initial attack gain matrixWherein, it attacks Gain qijIndicate attack node aiTo resource node rjAttack gain, and qij=grain (ai, rj)-cost(ai, rj);Work as qij When≤0, attack node a is indicatediTo resource node rjAttack be not present or without attack gain;Attack the i-th of gain matrix Row and attack node aiIt is corresponding, attack the jth column and resource node r of gain matrixjIt is corresponding;grain(ai, rj) indicate attack section Point aiTo resource node rjAttack income, cost (ai, rj) indicate attack node aiTo resource node rjIntrusion scene;
The attack time matrixWherein, tijExpression is attacked Beat time point aiSuccessfully occupy resource node rjAttack time;Work as tijWhen≤0, attack node a is indicatediTo resource node rjAttack The behavior of hitting is not present;The i-th row and attack node a of attack time matrixiIt is corresponding, jth column and the resource section of attack time matrix Point rjIt is corresponding;Wherein,
Attack income grain (ai, rj)=wjβijuj, wjIndicate resource node rjResource value, βijIndicate resource node rjQuilt Node a is attacked after success attackiThe weight of control authority grade obtained, ujIt indicates to resource node rjAttack income shadow Ring coefficient;
Intrusion scene cost (ai, rj)=αij1Hijij2Sij;Wherein, HijIndicate attack node aiIt is multiple to the attack of resource node Miscellaneous degree, SijIndicate attack node aiTo the risk of attacks of resource node, αij1Indicate complexity weight, αij2Indicate risk power Value, and αij1ij2=1.
3. the attack path prediction technique according to claim 2 based on attack gain, which is characterized in that the probability is attacked Hit gain matrix are as follows:
Wherein, probability attacks gain wij=ψ (ai, rj)×qij;Work as wijWhen≤0, attack node a is indicatediTo resource node rjAttack be not present or without attack gain;Probability Attack the i-th row and attack node a of gain matrixiCorresponding, probability attacks the jth column and resource node of gain matrix;ψ(ai, rj) Indicate attack node aiTo resource node rjCapture probability.
4. the attack path prediction technique according to claim 3 based on attack gain, which is characterized in that described to capture generally Rate ψ (ai, rj)=P1(ai, rj)×P2(ai, rj) indicate resource node rjBy attack node aiThe probability captured;Wherein, P1(ai, rj) indicate attack node aiForerunner's resource node captured after attack node aiTo resource node rjThe probability launched a offensive, and P1(ai, rj)=P (γ (ai, rj)|Ω(Rj-1));P2(ai, rj) indicate attack node aiTo resource node rjThat successfully occupies is general Rate, and P2(ai, rj)=P (Ω (rj)|γ(ai, rj));γ(ai, rj) indicate attack node aiTo resource node rjThat initiates attacks Hit behavior;Ω(Rj-1) indicate attack node aiThe behavior that is successfully occupied of forerunner's resource node, Ω (rj) indicate attack node aiSuccessfully occupy resource node rjBehavior;Rj-1Indicate attack node aiForerunner's resource node set, and Rj-1={ rJ-1,1, rJ-1,2..., rJ-1, g, g is natural number;P (|) indicates conditional probability.
5. the attack path prediction technique according to claim 4 based on attack gain, which is characterized in that attacked for described Beat time point aiForerunner's resource node set Rj-1={ rJ-1,1, rJ-1,2..., rJ-1, g, as g=1, show the attack node aiForerunner's resource section only one, and Ω (Rj-1)=Ω (rJ-1,1);As g > 1, show the attack node aiFront is straight It is connected with more than one forerunner's resource node with "AND" relationship, and Ω (Rj-1)=Ω (rJ-1,1)×Ω(rJ-1,2)×…×Ω (rJ-1, g)。
6. the attack path prediction technique based on attack gain according to claim 3,4 or 5, which is characterized in that step 5 It specifically includes:
Step 51, for step 3 obtain described in all possible attack paths from starting resource node to target resource node It is numbered;
Step 52, according to may the sequence of attack path serial number from small to large, judge each possibility attack path whether redundancy:
Gain matrix is attacked according to the corresponding probability of current possibility attack path, if in the probability attack gain element of its each column Have and only one probability attack gain element is greater than 0, then shows currently "AND" relationship may be not present on attack path, and should It currently may attack path not redundancy;
Gain matrix is attacked according to the corresponding probability of current possibility attack path, if its each column has more than one differ Probability in 0 attacks gain element, then for being not equal to 0 column there are more than two probability attack gain element, There are more than two predecessor attack nodes with "AND" relationship in its corresponding resource node on current possible attack path, The probability attack gain of the corresponding resource node is that each probability of the column attacks the sum of gain element: when each probability of each column attacks gain When the sum of element is greater than 0, illustrate the current possible attack path not redundancy;Otherwise, illustrate the current possible attack path redundancy;
Attack gain matrix according to the corresponding probability of current possible attack path, if its there are each probability to attack gain element Respectively less than 0 or the column equal to 0, then show the current possible attack path redundancy;
Step 53, after the attack path for deleting redundancy, attack gain path is obtained.
7. the attack path prediction technique according to claim 6 based on attack gain, which is characterized in that the optimal increasing Beneficial method for obtaining path, specifically includes:
Step 61, all attack gain paths obtained for step 53, the probability for calculating every attack gain path, which is attacked, to be increased Beneficial rateWherein, PathW indicates that the probability of attack gain path attacks gain, and PathT indicates attack gain Path is by success attack the time it takes;
Step 62 is attacked in gain rate from the probability of all attack gain paths, finds out probability attack gain rate maximum value;
The probability is attacked the corresponding attack gain path of gain rate maximum value as optimal attack path by step 63.
8. the attack path prediction technique according to claim 7 based on attack gain, which is characterized in that in step 61, Calculate the probability attack gain rate of the attack gain pathSpecifically:
If there is no "AND" relationship on attack gain path, Wherein,Indicate that probability attack increases The sum of beneficial matrix kth column all elements;Indicate that the kth in attack time matrix arranges the sum of all attack time elements;X, k is equal For natural number;
If attacked on gain path there are "AND" relationship, Wherein,It indicates on the attack gain path The sum of the attack time element of the resource node of only one predecessor attack node each respective column in attack time matrix;Indicate the resource on the attack gain path with more than two predecessor attack nodes Node rdThe sum of attack time attacked,Indicate the resource node r with more than two predecessor attack nodesdWhen being attacked The maximum synchronization attack time,Indicate the resource node r with more than two predecessor attack nodesdIt is asynchronous when being attacked Attack time;S, d, E, F are natural number, and E+F=M.
CN201811113102.9A 2018-09-13 2018-09-13 Attack path prediction method based on attack gain Expired - Fee Related CN108965035B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811113102.9A CN108965035B (en) 2018-09-13 2018-09-13 Attack path prediction method based on attack gain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811113102.9A CN108965035B (en) 2018-09-13 2018-09-13 Attack path prediction method based on attack gain

Publications (2)

Publication Number Publication Date
CN108965035A true CN108965035A (en) 2018-12-07
CN108965035B CN108965035B (en) 2021-06-29

Family

ID=64471740

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811113102.9A Expired - Fee Related CN108965035B (en) 2018-09-13 2018-09-13 Attack path prediction method based on attack gain

Country Status (1)

Country Link
CN (1) CN108965035B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131257A (en) * 2019-12-26 2020-05-08 哈尔滨工程大学 Bayesian attack graph-based attack path derivation method for adding singular nodes
CN113890764A (en) * 2021-10-08 2022-01-04 中国电子科技集团公司第三十研究所 Time synchronization system with prediction function and safety monitoring method and device thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152345A (en) * 2013-03-07 2013-06-12 南京理工大学常熟研究院有限公司 Network safety optimum attacking and defending decision method for attacking and defending game
US20150040228A1 (en) * 2013-07-31 2015-02-05 Arizona Board of Regents, a body Corporate of the State of Arizona, Acting for and on Behalf of Ariz Selection of a countermeasure
CN106453217A (en) * 2016-04-13 2017-02-22 河南理工大学 Network attack path behavior prediction method based on path revenue calculation
CN107528850A (en) * 2017-09-05 2017-12-29 西北大学 A kind of optimal prevention policies analysis system and method based on improvement ant group algorithm
CN108429728A (en) * 2017-09-05 2018-08-21 河南理工大学 A kind of attack path prediction technique based on time gain compensation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152345A (en) * 2013-03-07 2013-06-12 南京理工大学常熟研究院有限公司 Network safety optimum attacking and defending decision method for attacking and defending game
US20150040228A1 (en) * 2013-07-31 2015-02-05 Arizona Board of Regents, a body Corporate of the State of Arizona, Acting for and on Behalf of Ariz Selection of a countermeasure
CN106453217A (en) * 2016-04-13 2017-02-22 河南理工大学 Network attack path behavior prediction method based on path revenue calculation
CN107528850A (en) * 2017-09-05 2017-12-29 西北大学 A kind of optimal prevention policies analysis system and method based on improvement ant group algorithm
CN108429728A (en) * 2017-09-05 2018-08-21 河南理工大学 A kind of attack path prediction technique based on time gain compensation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
RINKU DEWRI等: "Optimal security hardening on attack tree models of networks: a cost-benefit analysis", 《SPRINGER INT. J. INF. SECUR. (2012)》 *
王辉等: "基于路径收益计算的网络攻击路径行为分析方法", 《吉林大学学报(理学版)》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131257A (en) * 2019-12-26 2020-05-08 哈尔滨工程大学 Bayesian attack graph-based attack path derivation method for adding singular nodes
CN111131257B (en) * 2019-12-26 2022-03-18 哈尔滨工程大学 Bayesian attack graph-based attack path derivation method for adding singular nodes
CN113890764A (en) * 2021-10-08 2022-01-04 中国电子科技集团公司第三十研究所 Time synchronization system with prediction function and safety monitoring method and device thereof
CN113890764B (en) * 2021-10-08 2023-05-09 中国电子科技集团公司第三十研究所 Time synchronization system with prediction function and safety monitoring method and device thereof

Also Published As

Publication number Publication date
CN108965035B (en) 2021-06-29

Similar Documents

Publication Publication Date Title
US10951408B2 (en) Method and system for publicly verifiable proofs of retrievability in blockchains
Xiao et al. Generating adversarial examples with adversarial networks
CN105590142B (en) Synthetic team cooperative fire power distribution method
CN106453217A (en) Network attack path behavior prediction method based on path revenue calculation
CN108009918A (en) The bookkeeping methods and electronic equipment of block chain common recognition algorithm transaction system
CN108965035A (en) A kind of attack path prediction technique based on attack gain
CN107066558A (en) Boot entry based on artificial intelligence recommends method and device, equipment and computer-readable recording medium
CN102135937A (en) Pairwise overlay integrated software test case suite generating method
JP2020119539A (en) Method and learning device for learning object detector of cnn foundation using 1×h convolution used for hardware optimization, test method and test device using the same
CN107277065A (en) The resource regulating method of the senior constant threat of detection based on intensified learning
CN113132410A (en) Method for detecting fishing website
CN111881439B (en) Recognition model design method based on antagonism regularization
CN113709152B (en) Antagonistic domain name generation model with high-resistance detection capability
CN114021698A (en) Malicious domain name training sample expansion method and device based on capsule generation countermeasure network
CN115619607B (en) Multi-stage resource attack and defense allocation method and system based on reinforcement learning
CN104572820B (en) The generation method and device of model, importance acquisition methods and device
CN116192424A (en) Method for attacking global data distribution in federation learning scene
JP2010151637A (en) Target tracking device
CN115328189A (en) Multi-unmanned aerial vehicle cooperative game decision method and system
CN114244550A (en) Method and system for block chain FAW attack protection based on node consensus behavior
Wang et al. Enhancing targeted attack transferability via diversified weight pruning
CN106533651A (en) Cost-based complex network side attack method under weight changing
CN115022282B (en) Novel domain name generation model establishment and application
Sankhyan et al. PDS-Phishing Detection Systems
Zhang et al. Dynamic loss yielding more transferable targeted adversarial examples

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210629