CN114362990A - Attack path determination method and device, electronic equipment and readable storage medium - Google Patents
Attack path determination method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN114362990A CN114362990A CN202111339998.4A CN202111339998A CN114362990A CN 114362990 A CN114362990 A CN 114362990A CN 202111339998 A CN202111339998 A CN 202111339998A CN 114362990 A CN114362990 A CN 114362990A
- Authority
- CN
- China
- Prior art keywords
- target
- node
- path
- nodes
- paths
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application discloses an attack path determining method, an attack path determining device, electronic equipment and a readable storage medium, relates to the technical field of network security, and aims to improve the accuracy of predicting or reproducing a threat event. The method comprises the following steps: taking an unretraversed node directly connected with a current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node; under the condition that the neighbor node set comprises at least one target node, forming an alternative path from a source node to a first target node set, and optimizing the target path set by using the alternative path; and under the condition that all target nodes are not found, marking the neighbor nodes as traversed nodes, taking the neighbor nodes in the neighbor node set as a new current node, continuously determining whether the neighbor node set of the new current node comprises at least one target node, and repeating iteration until the target nodes are found. The present application is applicable to predicting or recurring threat events.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for determining an attack path, an electronic device, and a readable storage medium.
Background
With the rapid development of the internet, people enjoy the network to bring convenience and potential safety hazards. In a network environment, a threat often attacks other multiple target assets through one source asset, but due to the complexity of the network environment, it is difficult to determine a path that passes between the source asset and the target, but from the viewpoint of saving attack cost, the threat usually selects an attack path with the lowest attack cost, i.e. the attack path that passes through the least assets, to attack the target asset.
In order to investigate the attack characteristics of a threat in depth, the attack path of the threat can be reproduced. In the prior art, the shortest paths from a source asset to each target asset are respectively determined, and then the shortest paths are used as attack paths from the source asset to the target assets, wherein each target asset in the attack paths corresponds to a single path or more intermediate assets exist on the attack paths except the source asset and the target asset, that is, the attack paths from the source asset to the target assets determined by the prior art are more complex, so that the accuracy of predicting or reproducing threat events is lower.
Disclosure of Invention
In view of this, embodiments of the present application provide an attack path determining method, an attack path determining apparatus, an electronic device, and a readable storage medium, which can improve accuracy of predicting or reproducing a threat event.
In a first aspect, an embodiment of the present application provides an attack path determining method, including: taking a source node as a current node, taking an unretraversed node directly connected with the current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node; under the condition that the neighbor node set comprises at least one target node, taking all neighbor nodes which are the target nodes in the neighbor node set as a first target node set, and forming an alternative path from the source node to the first target node set; a sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is a shortest path; comparing the alternative paths with paths in a target path set so as to optimize the target path set by using the alternative paths; wherein the target path set is used for recording the optimized paths from the source node to all the target nodes; determining whether all of the target nodes are found; and under the condition that all the target nodes are not found, marking the neighbor nodes as traversed nodes, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, and repeating the iteration until all the target nodes are found or the new current nodes do not exist.
According to a specific implementation manner of the embodiment of the present application, the alternative path includes the source node, a first intermediate node set, and the first target node set, where the first target node set includes the at least one target node; the comparing the alternative paths with the paths in the target path set to optimize the target path set by using the alternative paths includes: traversing each target node in the first target node set, and determining whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set; determining a first path corresponding to a first target node in the target path set when the first target node in the first target node set exists in the target node set corresponding to all paths in the target path set; determining whether to add the first target node to a third target node set according to the number of the target nodes in the first path and the number of nodes in the first target node set in the alternative path; adding a first target node in the first target node set to the third target node set if the first target node does not exist in the target node sets corresponding to all paths in the target path set; in the case that the third set of target nodes is empty, not adding the new alternative path into the set of target paths; and under the condition that the third target node set is not empty, replacing the first target node set in the alternative paths with the third target node set, forming a new alternative path, and adding the new alternative path into the target path set.
According to a specific implementation manner of the embodiment of the present application, determining whether to add the first target node to a third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path includes: determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition frequency of 0 in the first path; determining the number num of intermediate nodes of the intermediate node set which are not corresponding to all paths in the target path set by the intermediate nodes in the first intermediate node set; or determining the number num of the intermediate nodes in the first intermediate node set and the second intermediate node set; removing the first target node from the set of target nodes in the first path if m is greater than num; removing the first path from the target path set and adding the first target node to a third target node set when the target node set in the first path after removing the first target node is empty.
According to a specific implementation manner of the embodiment of the present application, after adding the new alternative path into the target path set, the method further includes: and adding the first intermediate node set in the new alternative path into the intermediate node sets of all paths, and recording the times of the repetition of the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
According to a specific implementation manner of the embodiment of the present application, before forming an alternative path from the source node to the first target node set, the method further includes: adding the source node to a path attribute of the source node; copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node as the path attribute of the neighbor node; the sub-path from the source node to one of the target nodes in the first set of target nodes in the alternative path is determined as follows: a sub-path from the source node to one of the target nodes in the first set of target nodes is a path attribute of the target node corresponding to the sub-path.
In a second aspect, an embodiment of the present application provides an attack path determining apparatus, including: the first determining module is used for taking a source node as a current node, taking an unretraversed node directly connected with the current node as a neighbor node, forming a neighbor node set and determining whether the neighbor node set comprises at least one target node; a candidate path forming module, configured to form a candidate path from the source node to the first target node set by using all neighbor nodes in the neighbor node set that are the target nodes as the first target node set when the neighbor node set includes at least one target node; a sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is a shortest path; the optimization module is used for comparing the alternative paths with the paths in the target path set so as to optimize the target path set by using the alternative paths; wherein the target path set is used for recording the optimized paths from the source node to all the target nodes; a second determining module, configured to determine whether all of the target nodes are found; and the loop iteration module is used for marking the neighbor nodes as traversed nodes under the condition that all the target nodes are not found, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node or not, and looping and iterating until all the target nodes are found or the new current nodes do not exist.
According to a specific implementation manner of the embodiment of the present application, the alternative path includes the source node, a first intermediate node set, and the first target node set, where the first target node set includes the at least one target node; the optimization module comprises: a first determining submodule, configured to traverse each target node in the first target node set, and determine whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set; a second determining submodule, configured to determine, when a first target node in the first target node set exists in a target node set corresponding to all paths in the target path set, a first path corresponding to the first target node in the target path set; a third determining sub-module, configured to determine whether to add the first target node to a third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path; a first adding sub-module, configured to add a first target node in the first target node set to the third target node set when the first target node does not exist in a target node set corresponding to all paths in the target path set; a second adding submodule, configured to not add the new alternative path to the target path set when the third target node set is empty; and under the condition that the third target node set is not empty, replacing the first target node set in the alternative paths with the third target node set, forming a new alternative path, and adding the new alternative path into the target path set.
According to a specific implementation manner of the embodiment of the present application, the third determining submodule is specifically configured to: determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition frequency of 0 in the first path; determining the number num of intermediate nodes of the intermediate node set which are not corresponding to all paths in the target path set by the intermediate nodes in the first intermediate node set; or determining the number num of the intermediate nodes in the first intermediate node set and the second intermediate node set; removing the first target node from the set of target nodes in the first path if m is greater than num; removing the first path from the target path set and adding the first target node to a third target node set when the target node set in the first path after removing the first target node is empty.
According to a specific implementation manner of the embodiment of the present application, the apparatus further includes: and the recording module is used for adding a first intermediate node set in the new alternative paths into the intermediate node sets of all paths after the second adding submodule adds the new alternative paths into the target path set, and recording the number of times of repetition of intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
According to a specific implementation manner of the embodiment of the present application, the apparatus further includes: an adding module, configured to add the source node to the path attribute of the source node before the alternative path forming module forms an alternative path from the source node to the first set of target nodes; the copying module is used for copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node as the path attribute of the neighbor node; a third determining module, configured to determine, as a path attribute of the target node corresponding to a sub-path from the source node to one of the target nodes in the first target node set, a path from the source node to the target node.
In a third aspect, an embodiment of the present application provides an electronic device, including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the attack path determination method according to any one of the foregoing implementation modes.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs are executable by one or more processors to implement the attack path determination method according to any one of the foregoing implementation manners.
In the attack path determining method, the attack path determining device, the electronic device and the readable storage medium of the embodiment, a source node is used as a current node, an unretraversed node directly connected with the current node is used as a neighbor node, a neighbor node set is formed, and whether the neighbor node set comprises at least one target node is determined; under the condition that the neighbor node set comprises at least one target node, taking all neighbor nodes which are target nodes in the neighbor node set as a first target node set, forming an alternative path from a source node to the first target node set, and then comparing the alternative path with the paths in the target path set to optimize the target path set by using the alternative paths, wherein the target path set is used for recording optimized paths from the source node to all the target nodes, because the sub-paths from the source node to each target node in the first target node set in the alternative paths are shortest paths, and the alternative paths are compared with the paths in the target path set to optimize the target path set by using the alternative paths, the paths in the target path set can be optimized, and under the condition that all the target nodes are not found, the neighbor nodes are marked as traversed nodes, and continuously determining whether the neighbor node set of the new current node comprises at least one target node by taking the neighbor nodes in the neighbor node set as the new current node, optimizing paths in the target path set, and performing loop iteration until all the target nodes are found or the new current node does not exist, so that the paths in the target path set are optimized on the basis of the shortest paths from the source node to all the target nodes, thereby simplifying the paths from the source node to a plurality of target nodes and improving the accuracy of predicting or reproducing the threat event.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flowchart of an attack path determining method according to an embodiment of the present application;
fig. 2 is a schematic flowchart illustrating a process of comparing alternative paths with paths in a target path set to optimize the target path set by using the alternative paths in another embodiment of the present application;
FIG. 3 is a schematic diagram of a structure of a path in a target path set according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an attack path determining apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be understood that the embodiments described are only a few embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to make those skilled in the art better understand the technical concepts, embodiments and advantages of the examples of the present application, the following detailed description is given by way of specific examples.
An attack path determining method provided by an embodiment of the present application includes: taking a source node as a current node, taking an unretraversed node directly connected with the current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node; under the condition that the neighbor node set comprises at least one target node, taking all neighbor nodes which are the target nodes in the neighbor node set as a first target node set, and forming an alternative path from the source node to the first target node set; a sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is a shortest path; comparing the alternative paths with paths in a target path set so as to optimize the target path set by using the alternative paths; wherein the target path set is used for recording the optimized paths from the source node to all the target nodes; determining whether all of the target nodes are found; under the condition that all the target nodes are not found, the neighbor nodes are marked as traversed nodes, the neighbor nodes in the neighbor node set are used as new current nodes, whether the neighbor node set of the new current nodes comprises at least one target node or not is continuously determined, iteration is carried out in a circulating mode until all the target nodes are found or the new current nodes do not exist, attack paths from source assets to a plurality of target assets can be simplified, and accuracy of prediction or recurrence of threat events is improved.
Fig. 1 is a schematic flowchart of an attack path determining method provided in an embodiment of the present application, and as shown in fig. 1, the attack path determining method of the present embodiment may include:
s101, taking a source node as a current node, taking an unretraversed node directly connected with the current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node.
In a network environment, a source node, a neighbor node, and a target node may correspond to an asset in the network environment. In some examples, the method of the present embodiment may be illustrated by means of a network topology. In this embodiment, before a source node is a current node, the source node and two or more target nodes may be determined in the network topology. It is understood that the number of source nodes may be one.
In this embodiment, the source node is used as the current node, and the node from which the traversed node is removed from the nodes directly connected to the source node is used as the neighbor node, so that the calculation amount can be reduced and the calculation efficiency can be improved.
The neighbor node set comprises non-traversed nodes directly connected with the current node, namely non-traversed neighbor nodes.
It is determined whether at least one target node is included in the non-traversed neighbor nodes in the set of neighbor nodes.
The at least one target node includes one target node, two target nodes, five target nodes, and so on.
S102, under the condition that the neighbor node set comprises at least one target node, taking all neighbor nodes which are the target node in the neighbor node set as a first target node set, and forming an alternative path from a source node to the first target node set.
In a case where a source node is a current node and at least one target node is included in a neighbor node set of the current node, all target nodes included in the neighbor node set are taken as a first target node set, for example, two target nodes are included in the neighbor node set, and then the two target nodes are taken as the first target node set, so that an alternative path from the source node to the first target node set is formed, and in this embodiment, a sub-path from the source node to each target node in the first target node set in the alternative path is a shortest path.
It is to be understood that, in the case where the source node is the current node and the target nodes are included in the neighbor nodes of the current node, the alternative path includes the source node and the first set of target nodes.
S103, comparing the alternative paths with the paths in the target path set to optimize the target path set by using the alternative paths.
In this embodiment, the target path set is used to record the optimized paths from the source node to all the target nodes.
And S104, determining whether all target nodes are found.
S105, under the condition that all target nodes are not found, the neighbor nodes are marked as traversed nodes, the neighbor nodes in the neighbor node set are used as new current nodes, whether the neighbor node set of the new current nodes comprises at least one target node or not is continuously determined, and iteration is carried out in a circulating mode until all target nodes are found or no new current nodes exist.
When all target nodes are not found, the calculation is needed to be continued, at this time, the neighbor nodes are marked as traversed nodes, and therefore, the traversed nodes directly connected with the current node can be removed from all the nodes directly connected with the current node when the non-traversed nodes directly connected with the current node are determined to be the neighbor nodes in the follow-up process.
And continuously determining whether the neighbor node set of the new current node comprises at least one target node by using the neighbor nodes in the neighbor node set as the new current node, and circularly iterating according to the steps until all the target nodes are found or the new current node does not exist.
In the process of loop iteration, when determining whether all target nodes are found, comparing the target nodes included in the neighbor node set determined by the current loop and the target nodes included in the neighbor node set determined before with all the target nodes, if the target nodes included in the neighbor node set determined by the current loop and the target nodes included in the neighbor node set determined before include all the target nodes, all the target nodes are found, if only part of the target nodes are included, continuing loop iteration until all the target nodes are found, and ending calculation; or when no new current node exists, the calculation is finished.
In the process of performing loop iteration, the formed alternative path comprises a source node, an intermediate node set and a first target node set, wherein the intermediate node set comprises intermediate nodes except the source node and the first target node set.
When the process is finished under the condition that no new current node exists, according to the calculation process, if a target node which is not found exists, a communication path does not exist between the target node and the source node.
In this embodiment, a source node is used as a current node, an unretraversed node directly connected to the current node is used as a neighbor node, a neighbor node set is formed, and whether the neighbor node set includes at least one target node is determined; under the condition that the neighbor node set comprises at least one target node, taking all neighbor nodes which are target nodes in the neighbor node set as a first target node set, forming an alternative path from a source node to the first target node set, and then comparing the alternative path with the paths in the target path set to optimize the target path set by using the alternative paths, wherein the target path set is used for recording optimized paths from the source node to all the target nodes, because the sub-paths from the source node to each target node in the first target node set in the alternative paths are shortest paths, and the alternative paths are compared with the paths in the target path set to optimize the target path set by using the alternative paths, the paths in the target path set can be optimized, and under the condition that all the target nodes are not found, the neighbor nodes are marked as traversed nodes, and continuously determining whether the neighbor node set of the new current node comprises at least one target node by taking the neighbor nodes in the neighbor node set as the new current node, optimizing paths in the target path set, and performing loop iteration until all the target nodes are found or the new current node does not exist, so that the paths in the target path set are optimized on the basis of the shortest paths from the source node to all the target nodes, thereby simplifying the paths from the source node to a plurality of target nodes and improving the accuracy of predicting or reproducing the threat event.
The method for determining the attack path can be applied to a security analysis technology, and can be particularly applied to known attack source points and a plurality of attacked nodes, but a proper path is determined to help security personnel to analyze under the condition that a specific attack path is unknown; the method can be applied to drawing attack effects, particularly to software for drawing attack effects on a topological graph, helps a drawing person to quickly generate a proper attack path, facilitates the drawing person to uniformly configure the attack effects, and saves drawing time.
The present application further includes a third embodiment, which is substantially the same as the foregoing embodiments, and is different in that the alternative path of the present embodiment includes a source node, a first intermediate node set, and a first target node set, where the first target node set includes at least one target node.
Referring to fig. 2, comparing the alternative paths with the paths in the target path set to optimize the target path set using the alternative paths (S103), which may include:
s103a, traversing each target node in the first target node set, and determining whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set.
Each path in all paths included in the target path set includes a target node subset, where the target node subset includes a target node, and the target node set in this embodiment includes target nodes in the target node subsets of all paths.
Each target node in the first set of target nodes may be compared to a target node in the set of target nodes, and if a target node in the set of target nodes that is the same as the target node in the first set of target nodes exists, the target node exists in the set of target nodes; if there is no target node in the set of target nodes that is the same as the target node in the first set of target nodes, then the target node is not present in the set of target nodes.
S103b, when a first target node in the first target node set exists in the target node set corresponding to all the paths in the target path set, determining a first path corresponding to the first target node in the target path set.
A path a in the target path set includes a source node, a subset of intermediate nodes, and a subset of target nodes, where the target nodes a and B in the subset of target nodes, and the target node set corresponding to all paths includes a, and if the first target node is a, a first target node in the first target node set exists in the target node set corresponding to all paths in the target path set, in which case, the first path corresponding to the first target node a in the target path set is path a.
S103c, determining whether to add the first target node to the third target node set according to the number of the target nodes in the first path and the number of the nodes in the first target node set in the alternative path.
Initially, the third set of target nodes is empty.
In some examples, determining whether to add the first target node to the third set of target nodes according to the number of target nodes in the first path and the number of nodes in the first set of target nodes in the alternative path (S103c) may include:
and A1, determining the number m of the intermediate nodes in the second intermediate node set when the number of the target nodes in the first path is less than the number of the nodes in the first target node set in the alternative path.
In this embodiment, the second intermediate node set is a set of intermediate nodes with a repetition number of 0 in the first path. The intermediate node having the repetition number of 0 in the first path may pass through the intermediate node only once from the source node to each target node in the first path.
And A2, determining the number num of the intermediate nodes of the intermediate node set corresponding to all the paths, wherein the intermediate nodes in the first intermediate node set are not in the target path set.
And comparing the intermediate nodes in the first intermediate node set with the intermediate nodes in the intermediate node set corresponding to all the paths in the target path set, so as to determine the number num of the intermediate nodes in the intermediate node set, which are not corresponding to all the paths in the target path set, of the intermediate nodes in the first intermediate node set.
For the determination of num, as an alternative, the number num of intermediate nodes in the first set of intermediate nodes and existing in the second set of intermediate nodes is determined.
A3, in case m is larger than num, removing the first target node from the set of target nodes in the first path.
It is to be understood that in case m is smaller than num, the first target node is not removed from the set of target nodes in the first path.
And A4, when the target node set in the first path after the first target node is removed is empty, removing the first path from the target path set, and adding the first target node to the third target node set.
It is understood that in the case that the set of target nodes in the first path after the first target node is removed is not empty, the first path after the first target node is removed is retained.
S103d, if the first target node in the first target node set does not exist in the target node set corresponding to all the paths in the target path set, adding the first target node to the third target node set.
When the first target node does not exist in the target node sets corresponding to all the paths in the target path set, the first target node may be added to the third target node set.
S103e, when the third target node set is empty, not adding the new candidate path into the target path set.
After traversing each target node in the first target node set, the determined third target node set is empty, which indicates that the path in the target path set can reach the target node more simply than the alternative path compared with the path in the target path set, and therefore, the alternative path does not need to be added to the target path set.
S103f, under the condition that the third target node set is not empty, replacing the first target node set in the alternative paths with the third target node set to form a new alternative path, and adding the new alternative path into the target path set.
And replacing the first target node set by the target node in the third target node set determined in the previous step to obtain a new alternative path as one path in the target path set.
The present application further includes, basically the same as the foregoing embodiments, that the method for determining an attack path in this embodiment, after adding the new candidate path into the target path set, may further include:
s106, adding the first intermediate node set in the new alternative path into the intermediate node sets of all paths, and recording the number of times of repeating the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
In this embodiment, by adding the first intermediate node set in the new candidate path to the intermediate node sets of all paths and recording the number of times of repeating the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set, data support can be provided for the next iterative computation to optimize the target path set, thereby improving the computation efficiency.
To determine the shortest sub-path from the source node to each target node in the first set of nodes in the alternative paths, in some examples, before forming an alternative path from the source node to the first set of target nodes, the method may further include:
and S107, adding the source node into the path attribute of the source node.
A path attribute may be added for each source node in the topology map with an initial value of null.
When the computation is started, the source node may be added to the path attributes of the source node.
And S108, copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node as the path attribute of the neighbor node.
When the source node is taken as the current node, the path attribute of the current node of this embodiment is taken as the source node.
The path attribute of the neighbor node of the source node inherits the path attribute of the source node and adds the neighbor node into the path attribute to form the path attribute of the neighbor node.
In the process of iterative loop, the neighbor node inherits the path attribute of the current node and adds the neighbor node into the path attribute to form the path attribute of the neighbor node.
S109, determining a sub-path from the source node to one target node in the first target node set in the alternative paths according to the following method:
a sub-path from the source node to one of the first set of target nodes is a path attribute of the target node corresponding to the sub-path.
The following describes the embodiments of the present application in detail with reference to a specific example.
For convenience of explanation, the symbols in the present embodiment are explained:
id: unique identification of the node; links: and the adjacent node set has direct connection relation with the node.
Referring to fig. 3, each of the optimal paths from the source node to the plurality of target nodes includes: and (3) start: a source node of the path; midle: a set of intermediate nodes (nodes other than the source node and the target node) of the path; ends: a set of target nodes for the path.
After a source node id and a target node id set are obtained according to interaction, a method for finding an optimal path between a source node and a plurality of target nodes may include:
step 1, creating a new empty set, recording the empty set as a marked node set ready, and adding a source node into the ready.
And 2, creating a copy of the target node set and recording the copy as a domain.
The domain includes all target nodes.
And 3, adding path attribute path to all the nodes, wherein the path attribute path represents a node set (including a source node and a current node) through which the shortest path from the source node to the current node passes, and the node set is initially an empty set.
And 4, adding the source node into the path attribute of the source node, creating a current node set, and adding the source node into the current node set.
And 5, traversing the current node set, and for each current node, finding all adjacent points which are not in ready (not marked) according to the links attribute of the current node, and recording the adjacent points as next. All nodes in the next are found, denoted as es. And if the es is not null, adding a new path by using an addPath method, wherein the start of the new path is the source node, the midle is the set of the current node after the path set removes the source node, and the end is the es. For each node in the next, the node inherits the path attribute stored by the current node and then adds the node into the path to obtain the shortest path from the source node to the node.
Wherein, a path set is created before using the addPath method, and the addPath method addPath is needed to be adopted every time a path is added to the path set, and the parameters of the method are described as follows:
the number of the paths: representing the added path set;
end nodes: representing the added target node set, and mapping each target node in ends to the corresponding path;
midlenodes: the intermediate nodes representing all paths are collected, and the number of times each intermediate node is repeated is recorded.
Referring to fig. 4, the added paths all satisfy a pair of multi-path formats, and each time a new path is added, the following process is performed:
b1, creating a new empty set new;
b2, traversing the ends attribute in the new path, and determining whether t is in endNodes for each target node t;
b3, if yes, finding the path of the t mapping in the endNodes, and obtaining the node number n of the ends set of the path;
b4, judging whether n is less than the number of nodes of the ends set of the new path;
b5, if the number of nodes in the ends set of the new path is less than the number of nodes in the ends set of the new path, counting the middle node set m with the repetition number of 0 in the midle attributes of the path, and counting the number num of nodes which are not in the midle sets or in the midle sets in the midle attributes of the new path;
b6, judging whether the number of the nodes in the set m is larger than num;
b7, if the number of nodes in the set m is larger than num, removing t from the path end set, if the path end set after removal is empty, removing the path from the path, finally changing the path mapped by t into a new path, and adding t into new;
b8, if t is not in endNodes, add t to new.
After traversing all t, if new is not null, changing the attribute of the ends of the new path into new, adding the new path into the paths, simultaneously adding midles of the new path into midlenodes, and recording the repeated times of each intermediate node.
And 6, removing all es nodes of the current nodes from the remaining. And as long as the remain set is not empty, changing the current node set into a next node set of all current nodes, and repeating the operation of 6 until the remain set is empty or the current node set is empty.
And 7, if the remaining domain set is not empty after stopping, the remaining target nodes in the remaining domain set are nodes without communication paths with the source nodes. The paths for the remaining target nodes and source nodes are in paths.
Through the steps, the optimal path between the source node and the plurality of target nodes meets the following conditions: 1. the shortest path is formed between the source node and each target node; 2. the minimum path is that more target nodes are in the same path as much as possible under the condition that the first condition is met; 3. the minimum number of nodes is passed, i.e. all paths pass the same node as far as possible if the above two conditions are met.
Wherein, the shortest path from the source node to each target node is obtained by adding the node itself to the path after inheriting the path attribute stored by the current node for each node in the next in the steps 1 to 4 and 5, so as to obtain the shortest path from the source node to the node.
The complete method for determining the shortest path from a source node to a destination node is as follows:
step 1, obtaining a source node id and a target node id according to interaction.
And 2, creating a new empty set, recording the empty set as a marked node set ready, and adding the source node into the ready.
And 3, adding path attribute path to all the nodes, wherein the path attribute path represents a node set (including a source node and a current node) through which the shortest path from the source node to the current node passes, and the node set is initially an empty set.
And 4, adding the source node into the path attribute of the source node, creating a current node set, and adding the source node into the current node set.
And 5, traversing the current node set, and for each current node, finding all adjacent points which are not in ready (not marked) according to the links attribute of the current node, and recording the adjacent points as next. For each node in the next, the node inherits the path attribute stored by the current node and then adds the node into the path, so that the shortest path from the source node to the node is obtained, if the node is the target node, the searching is finished, and if not, the searching is continued.
And 6, if the target node is not in the next, adding all the nodes in the next into ready. And changing the current node set into a next node set of all current nodes, and repeating the operation of 4 until a target node is found or the current node set is empty.
And 7, if the target node is not found after stopping, the source node and the target node have no communication path.
In this embodiment, a source node is used as a current node, an unretraversed node directly connected to the current node is used as a neighbor node, and a neighbor node set is formed to determine whether the neighbor node set includes at least one target node; under the condition that the neighbor node set comprises at least one target node, taking all neighbor nodes which are target nodes in the neighbor node set as a first target node set, forming an alternative path from a source node to the first target node set, and then comparing the alternative path with the paths in the target path set to optimize the target path set by using the alternative paths, wherein the target path set is used for recording optimized paths from the source node to all the target nodes, because the sub-paths from the source node to each target node in the first target node set in the alternative paths are shortest paths, and the alternative paths are compared with the paths in the target path set to optimize the target path set by using the alternative paths, the paths in the target path set can be optimized, and under the condition that all the target nodes are not found, the neighbor nodes are marked as traversed nodes, taking neighbor nodes in a neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, optimizing paths in a target path set, circularly iterating until all the target nodes are found or the new current nodes do not exist, so that the paths in the target path set are optimized on the basis of the shortest paths from a source node to each target node, thereby simplifying the paths from the source node to a plurality of target nodes, improving the accuracy of predicting or recurring threat events, determining whether to use a new alternative path to be added into the target path set by traversing each target node in the first target node set to realize the optimization of the target path set, under the condition that the number of the target nodes in the first path is less than the number of the nodes in the first target node set in the alternative paths, determining the number m of intermediate nodes in a second intermediate node set and determining the number num of intermediate nodes in an intermediate node set corresponding to all paths of the intermediate nodes in the first intermediate node set, wherein the intermediate nodes in the first intermediate node set are not in the target path set; or, determining the number num of intermediate nodes in the first intermediate node set and existing in the second intermediate node set, and if m is greater than num, removing the first target node from the target node set in the first path, removing the first path from the target path set, and adding the first target node to a third target node set, so that more target nodes can be on the same path and more paths pass through the same intermediate node, so that the path from the source node to the target node is more simplified, and before forming an alternative path from the source node to the first target node set, the path attribute of the target node corresponding to the sub-path is taken as a sub-path from the source node to one of the target nodes in the first target node set, since the path attribute is obtained by adding the source node to the path attribute of the source node, and then copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node as the path attribute of the neighbor node, so that the obtained sub-path is the shortest path from the source node to the target node.
An attack path determining apparatus provided in an embodiment of the present application is characterized by including: the first determining module is used for taking a source node as a current node, taking an unretraversed node directly connected with the current node as a neighbor node, forming a neighbor node set and determining whether the neighbor node set comprises at least one target node; a candidate path forming module, configured to form a candidate path from the source node to the first target node set by using all neighbor nodes in the neighbor node set that are the target nodes as the first target node set when the neighbor node set includes at least one target node; a sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is a shortest path; the optimization module is used for comparing the alternative paths with the paths in the target path set so as to optimize the target path set by using the alternative paths; wherein the target path set is used for recording the optimized paths from the source node to all the target nodes; a second determining module, configured to determine whether all of the target nodes are found; and the loop iteration module is used for marking the neighbor nodes as traversed nodes under the condition that all the target nodes are not found, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, and performing loop iteration until all the target nodes are found or the new current nodes do not exist, so that the attack paths from source assets to a plurality of target assets can be simplified, and the accuracy of predicting or reproducing threat events is improved.
Fig. 5 is a schematic structural diagram of an attack path determining apparatus according to an embodiment of the present application, and as shown in fig. 5, the attack path determining apparatus according to the embodiment may include: a first determining module 11, configured to use a source node as a current node, use an unretraversed node directly connected to the current node as a neighbor node, form a neighbor node set, and determine whether the neighbor node set includes at least one target node; a candidate path forming module 12, configured to, when the neighbor node set includes at least one target node, form a candidate path from the source node to the first target node set by using all neighbor nodes in the neighbor node set that are the target node as the first target node set; a sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is a shortest path; an optimization module 13, configured to compare the alternative paths with paths in a target path set, so as to optimize the target path set by using the alternative paths; wherein the target path set is used for recording the optimized paths from the source node to all the target nodes; a second determining module 14, configured to determine whether all the target nodes are found; and a loop iteration module 15, configured to mark the neighbor nodes as traversed nodes when all the target nodes are not found, take the neighbor nodes in the neighbor node set as new current nodes, continue to determine whether the neighbor node set of the new current nodes includes at least one target node, and loop iteration until all the target nodes are found or no new current nodes exist.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 1, and the implementation principle and the technical effect are similar, which are not described herein again.
In the device of this embodiment, a source node is used as a current node, an unretraversed node directly connected to the current node is used as a neighbor node, a neighbor node set is formed, and whether the neighbor node set includes at least one target node is determined; under the condition that the neighbor node set comprises at least one target node, taking all neighbor nodes which are the target nodes in the neighbor node set as a first target node set, and forming an alternative path from the source node to the first target node set; a sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is a shortest path; comparing the alternative paths with paths in a target path set so as to optimize the target path set by using the alternative paths; wherein the target path set is used for recording the optimized paths from the source node to all the target nodes; determining whether all of the target nodes are found; under the condition that all the target nodes are not found, the neighbor nodes are marked as traversed nodes, the neighbor nodes in the neighbor node set are used as new current nodes, whether the neighbor node set of the new current nodes comprises at least one target node or not is continuously determined, iteration is carried out in a circulating mode until all the target nodes are found or the new current nodes do not exist, attack paths from source assets to a plurality of target assets can be simplified, and accuracy of prediction or recurrence of threat events is improved.
As an optional embodiment, the alternative path includes the source node, a first intermediate node set and the first target node set, and the first target node set includes the at least one target node; the optimization module comprises: a first determining submodule, configured to traverse each target node in the first target node set, and determine whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set; a second determining submodule, configured to determine, when a first target node in the first target node set exists in a target node set corresponding to all paths in the target path set, a first path corresponding to the first target node in the target path set; a third determining sub-module, configured to determine whether to add the first target node to a third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path; a first adding sub-module, configured to add a first target node in the first target node set to the third target node set when the first target node does not exist in a target node set corresponding to all paths in the target path set; a second adding submodule, configured to not add the new alternative path to the target path set when the third target node set is empty; and under the condition that the third target node set is not empty, replacing the first target node set in the alternative paths with the third target node set, forming a new alternative path, and adding the new alternative path into the target path set.
As an optional implementation manner, the third determining submodule is specifically configured to: determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition frequency of 0 in the first path; determining the number num of intermediate nodes of the intermediate node set which are not corresponding to all paths in the target path set by the intermediate nodes in the first intermediate node set; or determining the number num of the intermediate nodes in the first intermediate node set and the second intermediate node set; removing the first target node from the set of target nodes in the first path if m is greater than num; removing the first path from the target path set and adding the first target node to a third target node set when the target node set in the first path after removing the first target node is empty.
As an optional embodiment, the apparatus further comprises: and the recording module is used for adding a first intermediate node set in the new alternative paths into the intermediate node sets of all paths after the second adding submodule adds the new alternative paths into the target path set, and recording the number of times of repetition of intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
As an optional embodiment, the apparatus further comprises: an adding module, configured to add the source node to the path attribute of the source node before the alternative path forming module forms an alternative path from the source node to the first set of target nodes; the copying module is used for copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node as the path attribute of the neighbor node; a third determining module, configured to determine, as a path attribute of the target node corresponding to a sub-path from the source node to one of the target nodes in the first target node set, a path from the source node to the target node.
The apparatus of the foregoing embodiment may be configured to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application, and as shown in fig. 5, the electronic device may include: a housing 61, a processor 62, a memory 63, a circuit board 64, and a power circuit 65, wherein the circuit board 64 is disposed inside a space enclosed by the housing 61, and the processor 62 and the memory 63 are disposed on the circuit board 64; a power supply circuit 65 for supplying power to each circuit or device of the electronic apparatus; the memory 63 is used for storing executable program codes; the processor 62 reads the executable program code stored in the memory 63 to run the program corresponding to the executable program code, so as to execute any one of the attack path determining methods provided in the foregoing embodiments, and therefore, corresponding advantageous technical effects can also be achieved.
The above electronic devices exist in a variety of forms, including but not limited to:
(1) ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(2) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(3) And other electronic equipment with data interaction function.
Accordingly, an embodiment of the present application further provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs may be executed by one or more processors to implement any one of the attack path determinations provided in the foregoing embodiments, so that corresponding technical effects may also be achieved, which has been described in detail above and will not be described herein again.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations when the present application is implemented.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (12)
1. An attack path determination method, comprising:
taking a source node as a current node, taking an unretraversed node directly connected with the current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node;
under the condition that the neighbor node set comprises at least one target node, taking all neighbor nodes which are the target nodes in the neighbor node set as a first target node set, and forming an alternative path from the source node to the first target node set; a sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is a shortest path;
comparing the alternative paths with paths in a target path set so as to optimize the target path set by using the alternative paths; wherein the target path set is used for recording the optimized paths from the source node to all the target nodes;
determining whether all of the target nodes are found;
and under the condition that all the target nodes are not found, marking the neighbor nodes as traversed nodes, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, and repeating the iteration until all the target nodes are found or the new current nodes do not exist.
2. The method of claim 1, wherein the alternative path comprises the source node, a first set of intermediate nodes, and the first set of target nodes, the first set of target nodes comprising the at least one target node;
the comparing the alternative paths with the paths in the target path set to optimize the target path set by using the alternative paths includes:
traversing each target node in the first target node set, and determining whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set;
determining a first path corresponding to a first target node in the target path set when the first target node in the first target node set exists in the target node set corresponding to all paths in the target path set;
determining whether to add the first target node to a third target node set according to the number of the target nodes in the first path and the number of nodes in the first target node set in the alternative path;
adding a first target node in the first target node set to the third target node set if the first target node does not exist in the target node sets corresponding to all paths in the target path set;
in the case that the third set of target nodes is empty, not adding the new alternative path into the set of target paths;
and under the condition that the third target node set is not empty, replacing the first target node set in the alternative paths with the third target node set, forming a new alternative path, and adding the new alternative path into the target path set.
3. The method of claim 2, wherein determining whether to add the first target node to a third set of target nodes based on the number of target nodes in the first path and the number of nodes in the first set of target nodes in the alternative path comprises:
determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition frequency of 0 in the first path;
determining the number num of intermediate nodes of the intermediate node set which are not corresponding to all paths in the target path set by the intermediate nodes in the first intermediate node set; or determining the number num of the intermediate nodes in the first intermediate node set and the second intermediate node set;
removing the first target node from the set of target nodes in the first path if m is greater than num;
removing the first path from the target path set and adding the first target node to a third target node set when the target node set in the first path after removing the first target node is empty.
4. The method of claim 3, wherein after adding the new alternate path into the target path set, the method further comprises:
and adding the first intermediate node set in the new alternative path into the intermediate node sets of all paths, and recording the times of the repetition of the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
5. The method of claim 1, wherein prior to forming an alternative path from the source node to the first set of target nodes, the method further comprises:
adding the source node to a path attribute of the source node;
copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node as the path attribute of the neighbor node;
the sub-path from the source node to one of the target nodes in the first set of target nodes in the alternative path is determined as follows:
a sub-path from the source node to one of the target nodes in the first set of target nodes is a path attribute of the target node corresponding to the sub-path.
6. An attack path determination apparatus, comprising:
the first determining module is used for taking a source node as a current node, taking an unretraversed node directly connected with the current node as a neighbor node, forming a neighbor node set and determining whether the neighbor node set comprises at least one target node;
a candidate path forming module, configured to form a candidate path from the source node to the first target node set by using all neighbor nodes in the neighbor node set that are the target nodes as the first target node set when the neighbor node set includes at least one target node; a sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is a shortest path;
the optimization module is used for comparing the alternative paths with the paths in the target path set so as to optimize the target path set by using the alternative paths; wherein the target path set is used for recording the optimized paths from the source node to all the target nodes;
a second determining module, configured to determine whether all of the target nodes are found;
and the loop iteration module is used for marking the neighbor nodes as traversed nodes under the condition that all the target nodes are not found, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node or not, and looping and iterating until all the target nodes are found or the new current nodes do not exist.
7. The apparatus of claim 6, wherein the alternative path comprises the source node, a first set of intermediate nodes, and the first set of destination nodes, the first set of destination nodes comprising the at least one destination node;
the optimization module comprises:
a first determining submodule, configured to traverse each target node in the first target node set, and determine whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set;
a second determining submodule, configured to determine, when a first target node in the first target node set exists in a target node set corresponding to all paths in the target path set, a first path corresponding to the first target node in the target path set;
a third determining sub-module, configured to determine whether to add the first target node to a third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path;
a first adding sub-module, configured to add a first target node in the first target node set to the third target node set when the first target node does not exist in a target node set corresponding to all paths in the target path set;
a second adding submodule, configured to not add the new alternative path to the target path set when the third target node set is empty; and under the condition that the third target node set is not empty, replacing the first target node set in the alternative paths with the third target node set, forming a new alternative path, and adding the new alternative path into the target path set.
8. The apparatus according to claim 7, wherein the third determining submodule is specifically configured to:
determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition frequency of 0 in the first path;
determining the number num of intermediate nodes of the intermediate node set which are not corresponding to all paths in the target path set by the intermediate nodes in the first intermediate node set; or determining the number num of the intermediate nodes in the first intermediate node set and the second intermediate node set;
removing the first target node from the set of target nodes in the first path if m is greater than num;
removing the first path from the target path set and adding the first target node to a third target node set when the target node set in the first path after removing the first target node is empty.
9. The apparatus of claim 8, further comprising:
and the recording module is used for adding a first intermediate node set in the new alternative paths into the intermediate node sets of all paths after the second adding submodule adds the new alternative paths into the target path set, and recording the number of times of repetition of intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
10. The apparatus of claim 6, further comprising:
an adding module, configured to add the source node to the path attribute of the source node before the alternative path forming module forms an alternative path from the source node to the first set of target nodes;
the copying module is used for copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node as the path attribute of the neighbor node;
a third determining module, configured to determine, as a path attribute of the target node corresponding to a sub-path from the source node to one of the target nodes in the first target node set, a path from the source node to the target node.
11. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the attack path determination method according to any one of the preceding claims 1 to 5.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium stores one or more programs which are executable by one or more processors to implement the attack path determination method of any one of the preceding claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111339998.4A CN114362990B (en) | 2021-11-12 | 2021-11-12 | Attack path determining method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111339998.4A CN114362990B (en) | 2021-11-12 | 2021-11-12 | Attack path determining method and device, electronic equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114362990A true CN114362990A (en) | 2022-04-15 |
| CN114362990B CN114362990B (en) | 2023-08-29 |
Family
ID=81095582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111339998.4A Active CN114362990B (en) | 2021-11-12 | 2021-11-12 | Attack path determining method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114362990B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102447695A (en) * | 2011-11-14 | 2012-05-09 | 中国科学院软件研究所 | Method for identifying key attack path in service system |
| CN103354539A (en) * | 2012-11-29 | 2013-10-16 | 北京安天电子设备有限公司 | Method and system for restoring attacking path based on IPv6 network features |
| US20150350227A1 (en) * | 2014-05-29 | 2015-12-03 | Empire Technology Development Llc | Mitigation of path-based convergence attacks |
| CN105991639A (en) * | 2015-07-08 | 2016-10-05 | 北京匡恩网络科技有限责任公司 | Network attack path analysis method |
| CN106453217A (en) * | 2016-04-13 | 2017-02-22 | 河南理工大学 | Network attack path behavior prediction method based on path revenue calculation |
| US20170346752A1 (en) * | 2016-05-28 | 2017-11-30 | Guardtime Ip Holdings Limited | Verification mechanism for network service chain paths |
| CN108696473A (en) * | 2017-04-05 | 2018-10-23 | 中国移动通信集团广东有限公司 | Attack path restoring method and device |
| CN110138764A (en) * | 2019-05-10 | 2019-08-16 | 中北大学 | A kind of attack path analysis method based on level attack graph |
-
2021
- 2021-11-12 CN CN202111339998.4A patent/CN114362990B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102447695A (en) * | 2011-11-14 | 2012-05-09 | 中国科学院软件研究所 | Method for identifying key attack path in service system |
| CN103354539A (en) * | 2012-11-29 | 2013-10-16 | 北京安天电子设备有限公司 | Method and system for restoring attacking path based on IPv6 network features |
| US20150350227A1 (en) * | 2014-05-29 | 2015-12-03 | Empire Technology Development Llc | Mitigation of path-based convergence attacks |
| CN105991639A (en) * | 2015-07-08 | 2016-10-05 | 北京匡恩网络科技有限责任公司 | Network attack path analysis method |
| CN106453217A (en) * | 2016-04-13 | 2017-02-22 | 河南理工大学 | Network attack path behavior prediction method based on path revenue calculation |
| US20170346752A1 (en) * | 2016-05-28 | 2017-11-30 | Guardtime Ip Holdings Limited | Verification mechanism for network service chain paths |
| CN108696473A (en) * | 2017-04-05 | 2018-10-23 | 中国移动通信集团广东有限公司 | Attack path restoring method and device |
| CN110138764A (en) * | 2019-05-10 | 2019-08-16 | 中北大学 | A kind of attack path analysis method based on level attack graph |
Non-Patent Citations (1)
| Title |
|---|
| 孙哲、巫中正、李千目: ""流量攻击图的建模与生成方法"", 《软件》, vol. 39, no. 4, pages 48 - 52 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114362990B (en) | 2023-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7441582B2 (en) | Methods, devices, computer-readable storage media and programs for detecting data breaches | |
| CN102741845B (en) | URL reputation system | |
| CN111770047B (en) | Abnormal group detection method, device and equipment | |
| CN113259176B (en) | Alarm event analysis method and device | |
| US20130290238A1 (en) | Discovery and grouping of related computing resources using machine learning | |
| US11388196B2 (en) | System and method for analyzing relationships between clusters of electronic devices to counter cyberattacks | |
| CN111090807A (en) | Knowledge graph-based user identification method and device | |
| CN114915475A (en) | Method, device, equipment and storage medium for determining attack path | |
| CN110730128B (en) | Information propagation path processing method and device, electronic equipment and storage medium | |
| CN115830649A (en) | Network asset fingerprint feature identification method and device and electronic equipment | |
| CN115618010A (en) | Fusion map storage and processing method and device | |
| CN113923016B (en) | Attack path analysis method and device, electronic equipment and computer storage medium | |
| CN113689270A (en) | Method for determining black product device, electronic device, storage medium, and program product | |
| CN114362990B (en) | Attack path determining method and device, electronic equipment and readable storage medium | |
| Caliò et al. | Cores matter? An analysis of graph decomposition effects on influence maximization problems | |
| CN110019845B (en) | Community evolution analysis method and device based on knowledge graph | |
| CN116361153A (en) | Method and device for testing firmware codes, electronic equipment and storage medium | |
| CN114064695A (en) | Asset information screening method and device, electronic equipment and storage medium | |
| Qian et al. | A Statistical Test of Change‐Point in Mean that Almost Surely Has Zero Error Probabilities | |
| CN110868382A (en) | Decision tree-based network threat assessment method, device and storage medium | |
| Zhao et al. | Virtual network embedding on massive substrate networks | |
| Mukherjee et al. | Performance tuning of Android applications using clustering and optimization heuristics | |
| CN108599991B (en) | Method for searching key nodes influencing trust transfer in social Internet of things | |
| CN116436846B (en) | Smart grid asset data management method and system based on node search | |
| CN115085984B (en) | Outsourcing slow release method facing routing prefix hijacking and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |