CN113746843B - Method for quantifying attack success rate of mimicry switch - Google Patents
Method for quantifying attack success rate of mimicry switch Download PDFInfo
- Publication number
- CN113746843B CN113746843B CN202111033891.7A CN202111033891A CN113746843B CN 113746843 B CN113746843 B CN 113746843B CN 202111033891 A CN202111033891 A CN 202111033891A CN 113746843 B CN113746843 B CN 113746843B
- Authority
- CN
- China
- Prior art keywords
- attack
- success rate
- mimicry
- quantifying
- controllers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012360 testing method Methods 0.000 claims abstract description 35
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000013139 quantization Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 4
- 238000011158 quantitative evaluation Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011002 quantification Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/18—Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Optimization (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- Computer Networks & Wireless Communication (AREA)
- Mathematical Analysis (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computational Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Algebra (AREA)
- Probability & Statistics with Applications (AREA)
- Bioinformatics & Computational Biology (AREA)
- Operations Research (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for quantifying the attack success rate of a mimicry switch, which utilizes an attack test case to attack the mimicry switch, records the related data of each controller when the controller is attacked, and integrates the related data to obtain the attack success rate. The method for quantifying the attack success rate of the mimicry switch solves the problem of quantifying the attack success rate of the mimicry switch on the premise of not depending on the technical level of a tester in the aspect of network security.
Description
Technical Field
The invention belongs to the technical field of security quantization of mimicry architecture equipment, and particularly relates to a method for quantifying attack success rate of a mimicry switch.
Background
In evaluating the security of a security function or security device, an attack test is typically performed and a quantified result is given. The mimicry switch has endogenous security attributes, and attack tests and attack success rates are required to be calculated in the evaluation of security of the mimicry switch. However, unlike the single controller architecture of a traditional switch, a mimicry switch has a unique heterogeneous redundancy architecture, incorporating three functionally equivalent, structurally heterogeneous controllers. Therefore, the attack success rate calculation mode for the traditional switch is not applicable any more, and a new calculation method is required to be designed aiming at the structural characteristics of the mimicry switch.
After the attack test case of the mimicry switch is executed, one controller may be broken or two or three controllers may be broken. The difficulty and probability of one controller being breached is different from two and three controllers, which need to be taken into account in the success rate calculation. The point to be reminded is that because of the judging mechanism of the mimicry switch, when one controller is broken, the attack is unsuccessful, and only two or three controllers are broken at the same time, the attack is possible to succeed, and the method for quantifying the success rate of the mimicry switch attack is lacking at present.
Disclosure of Invention
In view of this, the present invention aims to propose a method for quantifying the attack success rate of a mimicry switch, so as to solve the problem that a method for quantifying the attack success rate of a mimicry switch is lacking at present.
In order to achieve the above purpose, the technical scheme of the invention is realized as follows:
the invention provides a method for quantifying the attack success rate of a mimicry switch, which utilizes an attack test case to attack the mimicry switch, records the related data of each controller when the controller is attacked, and integrates and normalizes the related data to obtain the attack success rate.
Further, the related data includes the number of attacks and the number of successful attacks.
Further, the specific calculation process is as follows:
aiming at a specific attack test case, implementing attack test, recording attack times and attack success times, traversing all attack test cases, recording results, and calculating attack success rate by using the following formula:
wherein C is i For attack test cases, N Ti N is the number of attacks Si R is the number of successful attacks i Is a correlation coefficient.
Further, when the controllers with different numbers attack at the same time, the correlation coefficients are different, and the specific calculation method of the correlation coefficients is as follows:
for the test case of simultaneous attack of 3 controllers, the correlation coefficient is:
for the test case of simultaneous attack of 2 controllers, the correlation coefficient is:
for 1 test case of controller attack, the correlation coefficient is:
where n is determined according to the isomerism among the plurality of controllers, n=32 is generally set.
The invention further provides a security quantization method of the mimicry architecture device, and the reference factors used by the mimicry architecture device comprise attack success rate when the mimicry architecture device performs security quantization evaluation;
the attack success rate is calculated by using the method for quantifying the attack success rate of the mimicry switch in the first aspect.
Compared with the prior art, the method for quantifying the attack success rate of the mimicry switch has the following advantages:
(1) The method for quantifying the attack success rate of the mimicry switch accords with the structural characteristics of the mimicry switch, and can embody the difficulty and probability difference of simultaneous attack of different numbers of controllers.
(2) The method for quantifying the attack success rate of the pseudo-switch effectively integrates the results of a plurality of test cases and finally summarizes the results into a normalized value, namely the attack success rate.
(3) The method for quantifying the attack success rate of the mimicry switch does not need personnel to be familiar with the internal structure of the mimicry switch and the difference between the internal structure and the traditional switch.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention. In the drawings:
fig. 1 is a schematic diagram of a mimetic switching architecture according to an embodiment of the present invention.
Detailed Description
It should be noted that, without conflict, the embodiments of the present invention and features of the embodiments may be combined with each other.
The invention will be described in detail below with reference to the drawings in connection with embodiments.
Example 1:
a method for quantifying the attack success rate of a mimicry switch includes such steps as respectively recording the attack test results of one, two and three controllers, and integrating to obtain a normalized value.
The invention aims to solve the problem of quantifying the success rate of the attack of the mimicry switch on the premise of not depending on the technical level of the tester in the aspect of network security. The architecture diagram of the mimicry switch is shown in fig. 1, and the computing method includes several data sources and computing processes.
The data source comprises an attack test case implementation result and a correlation coefficient, wherein the implementation result comprises attack times and attack success times.
The calculation process is as follows:
first, for a specific attack test case, an attack test is performed, i.e. the attack is performed several times, and it is observed that the attack is successful several times. Then, all attack test cases are traversed and the result is recorded. Finally, the attack success rate is calculated using the following formula:
wherein, for each test case Ci, N Ti N is the number of attacks Si R is the number of successful attacks i Is a correlation coefficient.
It should be noted that, how the proposed switch architecture and the attack test case are designed is not the scope of protection of the present patent, and is described herein for understanding convenience only. The present patent uses only the results of the test cases, i.e., the number of attacks and the number of successes.
Calculating a correlation coefficient:
for the test case of simultaneous attack of 3 controllers, the correlation coefficient is:
for the test case of simultaneous attack of 2 controllers, the correlation coefficient is:
for 1 test case of controller attack, the correlation coefficient is:
where n is determined according to the isomerism among the plurality of controllers, n=32 is generally set.
It should be noted that, the protection scope of the present application is not limited to the mimicry switch provided with 3 controllers, the number of the controllers is not the point that the present application mainly wants to protect, the correlation coefficient can be adaptively adjusted according to the number change of the controllers, and the present application mainly protects the quantization method.
In order to enable those skilled in the art to better understand the technical solutions of the present invention, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to specific examples.
The test steps are as follows:
first, according to the 4 existing test cases, implementing attack test to the mimicry switch, and recording the attack times and success times. The following table shows:
second, taking n=32, calculating the correlation coefficient:
R(3)=5.42×10 -20
R(2)=6.98×10 -10
R(1)=0.9999999993≈1
third, calculating the success rate according to the formula
Finally, the attack success rate p is obtained v =4.79×10 -10 。
Example 2:
the invention also provides a security quantification method of the mimicry architecture device, which is mainly applied to security assessment of the mimicry architecture device, and when the mimicry architecture device carries out security quantification assessment, reference factors used include but are not limited to attack success rate;
the attack success rate is calculated by using the method for quantifying the attack success rate of the mimicry switch in the embodiment. Other hardware and software structures for the mimicry architecture device can employ the prior art.
Those of ordinary skill in the art will appreciate that the elements and method steps of each example described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the elements and steps of each example have been described generally in terms of functionality in the foregoing description to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided in this application, it should be understood that the disclosed methods and systems may be implemented in other ways. For example, the above-described division of units is merely a logical function division, and there may be another division manner when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted or not performed. The units may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention, and are intended to be included within the scope of the appended claims and description.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.
Claims (2)
1. A method for quantifying the attack success rate of a mimicry switch is characterized by comprising the following steps: the method comprises the steps of utilizing an attack test case to attack a mimicry switch, recording related data of each controller when the controller is attacked, and integrating and normalizing the related data to obtain an attack success rate;
the related data comprises attack times and attack success times;
the specific calculation process is as follows:
aiming at a specific attack test case, implementing attack test, recording attack times and attack success times, traversing all attack test cases, recording results, and calculating attack success rate by using the following formula:
;
wherein,for attack test cases ++>For the number of attacks>For the number of successful attacks>Is a correlation coefficient;
when different numbers of controllers are attacked simultaneously, the correlation coefficients are different, and the specific calculation method of the correlation coefficients is as follows:
for the test case of simultaneous attack of 3 controllers, the correlation coefficient is:
;
for the test case of simultaneous attack of 2 controllers, the correlation coefficient is:
;
for 1 test case of controller attack, the correlation coefficient is:
;
where n is determined according to the isomerism among the plurality of controllers, n=32 is set.
2. A security quantization method of a pseudo-architecture device is characterized in that: when the mimicry architecture equipment carries out security quantitative evaluation, the reference factors used include attack success rate;
the attack success rate is calculated by using the method for quantifying the attack success rate of the mimicry switch according to claim 1.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111033891.7A CN113746843B (en) | 2021-09-03 | 2021-09-03 | Method for quantifying attack success rate of mimicry switch |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111033891.7A CN113746843B (en) | 2021-09-03 | 2021-09-03 | Method for quantifying attack success rate of mimicry switch |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113746843A CN113746843A (en) | 2021-12-03 |
CN113746843B true CN113746843B (en) | 2024-01-05 |
Family
ID=78735559
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111033891.7A Active CN113746843B (en) | 2021-09-03 | 2021-09-03 | Method for quantifying attack success rate of mimicry switch |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113746843B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101388885A (en) * | 2008-07-23 | 2009-03-18 | 成都市华为赛门铁克科技有限公司 | Detection method and system for distributed denial of service |
CN106534063A (en) * | 2016-09-27 | 2017-03-22 | 上海红阵信息科技有限公司 | Device, method and apparatus for encapsulating heterogeneous function equivalent bodies |
CN110519220A (en) * | 2019-07-10 | 2019-11-29 | 中国人民解放军战略支援部队信息工程大学 | Cyberspace mimicry based on loophole concordance rate defends Safety modeling quantization method |
CN111698235A (en) * | 2020-06-03 | 2020-09-22 | 北京润通丰华科技有限公司 | Isomer scheduling method in control unit of mimicry DNS defense system |
CN111865928A (en) * | 2020-06-29 | 2020-10-30 | 中国人民解放军战略支援部队信息工程大学 | Security testing device and method for mimicry switch |
CN113271318A (en) * | 2021-07-19 | 2021-08-17 | 中国科学院信息工程研究所 | Network threat perception system and method |
-
2021
- 2021-09-03 CN CN202111033891.7A patent/CN113746843B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101388885A (en) * | 2008-07-23 | 2009-03-18 | 成都市华为赛门铁克科技有限公司 | Detection method and system for distributed denial of service |
CN106534063A (en) * | 2016-09-27 | 2017-03-22 | 上海红阵信息科技有限公司 | Device, method and apparatus for encapsulating heterogeneous function equivalent bodies |
CN110519220A (en) * | 2019-07-10 | 2019-11-29 | 中国人民解放军战略支援部队信息工程大学 | Cyberspace mimicry based on loophole concordance rate defends Safety modeling quantization method |
CN111698235A (en) * | 2020-06-03 | 2020-09-22 | 北京润通丰华科技有限公司 | Isomer scheduling method in control unit of mimicry DNS defense system |
CN111865928A (en) * | 2020-06-29 | 2020-10-30 | 中国人民解放军战略支援部队信息工程大学 | Security testing device and method for mimicry switch |
CN113271318A (en) * | 2021-07-19 | 2021-08-17 | 中国科学院信息工程研究所 | Network threat perception system and method |
Also Published As
Publication number | Publication date |
---|---|
CN113746843A (en) | 2021-12-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8191149B2 (en) | System and method for predicting cyber threat | |
US6301699B1 (en) | Method for detecting buffer overflow for computer security | |
RU2514140C1 (en) | System and method for improving quality of detecting malicious objects using rules and priorities | |
CN110011965B (en) | Execution body complete non-uniform output arbitration method and device based on credibility | |
EP2026237A1 (en) | Software operation modeling device, software operation monitoring device, software operation modeling method, and software operation monitoring method | |
CN109194684B (en) | Method and device for simulating denial of service attack and computing equipment | |
CN110134700B (en) | Data uplink method, device, computer equipment and storage medium | |
CN111064745A (en) | Self-adaptive back-climbing method and system based on abnormal behavior detection | |
EP3726796A1 (en) | System and method for providing secure in-vehicle network | |
US10783180B2 (en) | Tool for mining chat sessions | |
CN108388814A (en) | Method, detection device and the detecting system of measurement processor | |
CN113746843B (en) | Method for quantifying attack success rate of mimicry switch | |
CN110855658B (en) | Service login method, device, equipment and storage medium | |
US8904533B2 (en) | Determining heavy distinct hitters in a data stream | |
CN112463266A (en) | Execution policy generation method and device, electronic equipment and storage medium | |
KR20030086722A (en) | System for detecting a kernel backdoor, method for detecting a kernel backdoor and method for recovering a kernel data using the same | |
CN111327493B (en) | Data acquisition method and device | |
CN114363048A (en) | Mimicry unknown threat discovery system | |
Gehani | Support for automated passive host-based intrusion response | |
CN118041708B (en) | Data processing method, device and server for access request | |
CN116781389B (en) | Determination method of abnormal data list, electronic equipment and storage medium | |
CN110708353A (en) | Database risk control method based on Mysql agent | |
JP6857627B2 (en) | White list management system | |
US20230252133A1 (en) | Application Security Context from Traces and Snapshots | |
CN114598509B (en) | Method and device for determining vulnerability result |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |