CN114362990B - Attack path determining method and device, electronic equipment and readable storage medium - Google Patents
Attack path determining method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN114362990B CN114362990B CN202111339998.4A CN202111339998A CN114362990B CN 114362990 B CN114362990 B CN 114362990B CN 202111339998 A CN202111339998 A CN 202111339998A CN 114362990 B CN114362990 B CN 114362990B
- Authority
- CN
- China
- Prior art keywords
- target
- node
- path
- nodes
- paths
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application discloses an attack path determining method, an attack path determining device, electronic equipment and a readable storage medium, relates to the technical field of network security, and aims to improve the accuracy of predicting or reproducing threat events. The method comprises the following steps: using the non-traversed node directly connected with the current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node; forming an alternative path from the source node to the first target node set under the condition that the neighbor node set comprises at least one target node, and optimizing the target path set by using the alternative path; and under the condition that all the target nodes are not found, marking the neighbor nodes as traversed nodes, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, and carrying out loop iteration until the target nodes are found. The application is applicable to predicting or reproducing threat events.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and apparatus for determining an attack path, an electronic device, and a readable storage medium.
Background
With the rapid development of the internet, people enjoy the network to bring convenience and also bring potential safety hazards. In a network environment, a threat attacks other target assets through one source asset, but due to the complexity of the network environment, it is difficult to determine the path between the source asset and the target, but from the viewpoint of saving attack cost, the threat usually attacks the target asset through the attack path with the lowest attack cost.
In order to conduct intensive research on the attack characteristics of the threat, the attack path of the threat can be reproduced. In the prior art, the shortest paths from the source asset to each target asset are respectively determined, and then a plurality of shortest paths are used as attack paths from the source asset to the target asset, wherein each target asset in the attack paths corresponds to a single path or more intermediate assets exist except the source asset and the target asset in the attack paths, namely, the attack paths from the source asset to the plurality of target assets determined by the prior art are complex, so that the accuracy of predicting or reproducing threat events is lower.
Disclosure of Invention
In view of this, embodiments of the present application provide a method, an apparatus, an electronic device, and a readable storage medium for determining an attack path, which can improve accuracy of predicting or reproducing a threat event.
In a first aspect, an embodiment of the present application provides a method for determining an attack path, including: the method comprises the steps of taking a source node as a current node, taking an un-traversed node directly connected with the current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node; when the neighbor node set comprises at least one target node, taking all neighbor nodes in the neighbor node set as a first target node set, and forming an alternative path from the source node to the first target node set; the sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is the shortest path; comparing the alternative path with paths in a target path set to optimize the target path set by using the alternative path; wherein the target path set is used for recording optimized paths from the source node to all the target nodes; determining whether all of the target nodes are found; and under the condition that all the target nodes are not found, marking the neighbor nodes as traversed nodes, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, and carrying out loop iteration until all the target nodes are found or the new current nodes do not exist.
According to a specific implementation manner of the embodiment of the present application, the alternative path includes the source node, a first intermediate node set and the first target node set, and the first target node set includes the at least one target node; the comparing the alternative path with the paths in the target path set to optimize the target path set by using the alternative path includes: traversing each target node in the first target node set, and determining whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set; determining a first path corresponding to the first target node in the target path set under the condition that the first target node in the first target node set exists in the target node set corresponding to all paths in the target path set; determining whether to add the first target node to a third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path; adding a first target node in the first target node set to the third target node set under the condition that the first target node in the first target node set does not exist in target node sets corresponding to all paths in the target path set; if the third target node set is empty, not adding the new alternative path to the target path set; and under the condition that the third target node set is not empty, replacing the first target node set in the alternative path with the third target node set to form a new alternative path, and adding the new alternative path into the target path set.
According to a specific implementation manner of the embodiment of the present application, the determining whether to add the first target node to the third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path includes: determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition number of 0 in the first path; determining the number num of intermediate nodes of the intermediate node set corresponding to all paths in the target path set, wherein the intermediate nodes in the first intermediate node set are not in the intermediate node set corresponding to all paths in the target path set; or determining the number num of intermediate nodes in the first intermediate node set and existing in the second intermediate node set; removing the first target node from the set of target nodes in the first path if m is greater than num; and removing the first path from the target path set and adding the first target node to a third target node set under the condition that the target node set in the first path after the first target node is removed is empty.
According to a specific implementation of an embodiment of the present application, after adding the new alternative path to the target path set, the method further includes: and adding the first intermediate node set in the new alternative path into the intermediate node sets of all paths, and recording the repetition times of the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
According to a specific implementation of an embodiment of the present application, before forming an alternative path from the source node to the first set of target nodes, the method further includes: adding the source node to a path attribute of the source node; copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node to serve as the path attribute of the neighbor node; the sub-paths from the source node to one of the target nodes in the first set of target nodes in the alternative path are determined as follows: a sub-path from the source node to one of the target nodes in the first set of target nodes is a path attribute of the target node corresponding to the sub-path.
In a second aspect, an embodiment of the present application provides an attack path determining device, including: the first determining module is used for taking a source node as a current node, taking an un-traversed node directly connected with the current node as a neighbor node, forming a neighbor node set and determining whether the neighbor node set comprises at least one target node or not; an alternative path forming module, configured to, when the set of neighboring nodes includes at least one target node, form an alternative path from the source node to the first target node set by using all neighboring nodes in the set of neighboring nodes that are the target nodes as the first target node set; the sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is the shortest path; the optimization module is used for comparing the alternative path with paths in a target path set so as to optimize the target path set by utilizing the alternative path; wherein the target path set is used for recording optimized paths from the source node to all the target nodes; a second determining module, configured to determine whether all the target nodes are found; and the loop iteration module is used for marking the neighbor nodes as traversed nodes under the condition that all the target nodes are not found, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node or not, and carrying out loop iteration until all the target nodes are found or the new current nodes do not exist.
According to a specific implementation manner of the embodiment of the present application, the alternative path includes the source node, a first intermediate node set and the first target node set, and the first target node set includes the at least one target node; the optimization module comprises: a first determining submodule, configured to traverse each target node in the first target node set, determine whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set; a second determining submodule, configured to determine, when a first target node in the first target node set exists in a target node set corresponding to all paths in the target path set, a first path corresponding to the first target node in the target path set; a third determining submodule, configured to determine whether to add the first target node to a third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path; a first adding sub-module, configured to add a first target node in the first target node set to the third target node set when the first target node does not exist in the target node set corresponding to all paths in the target path set; a second adding sub-module, configured to not add the new alternative path to the target path set if the third target node set is empty; and under the condition that the third target node set is not empty, replacing the first target node set in the alternative path with the third target node set to form a new alternative path, and adding the new alternative path into the target path set.
According to a specific implementation manner of the embodiment of the present application, the third determining sub-module is specifically configured to: determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition number of 0 in the first path; determining the number num of intermediate nodes of the intermediate node set corresponding to all paths in the target path set, wherein the intermediate nodes in the first intermediate node set are not in the intermediate node set corresponding to all paths in the target path set; or determining the number num of intermediate nodes in the first intermediate node set and existing in the second intermediate node set; removing the first target node from the set of target nodes in the first path if m is greater than num; and removing the first path from the target path set and adding the first target node to a third target node set under the condition that the target node set in the first path after the first target node is removed is empty.
According to a specific implementation manner of the embodiment of the present application, the apparatus further includes: and the recording module is used for adding the first intermediate node set in the new alternative path into the intermediate node set of all paths after the second adding sub-module adds the new alternative path into the target path set, and recording the repetition times of the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
According to a specific implementation manner of the embodiment of the present application, the apparatus further includes: an adding module, configured to add the source node to a path attribute of the source node before the alternative path forming module forms an alternative path from the source node to the first target node set; the copying module is used for copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node to serve as the path attribute of the neighbor node; and a third determining module, configured to use a sub-path from the source node to one of the target nodes in the first target node set as a path attribute of the target node corresponding to the sub-path.
In a third aspect, an embodiment of the present application provides an electronic device, including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the attack path determination method according to any one of the foregoing implementations.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium storing one or more programs executable by one or more processors to implement the attack path determination method according to any of the foregoing implementations.
The attack path determining method, the attack path determining device, the electronic equipment and the readable storage medium take a source node as a current node, take an un-traversed node directly connected with the current node as a neighbor node, form a neighbor node set and determine whether the neighbor node set comprises at least one target node; under the condition that the neighbor node set comprises at least one target node, all neighbor nodes in the neighbor node set are used as a first target node set, one alternative path from a source node to the first target node set is formed, then the alternative path is compared with the paths in the target path set to optimize the target path set by using the alternative path, wherein the target path set is used for recording optimized paths from the source node to all the target nodes, as the sub-paths from the source node in the alternative path to each target node in the first target node set are shortest paths, and the alternative path is compared with the paths in the target path set to optimize the target path set by using the alternative path, so that the paths in the target path set can be optimized, under the condition that all the target nodes are not found, the neighbor nodes in the neighbor node set are marked as traversed nodes, whether the neighbor nodes in the neighbor node set comprise at least one target node is continuously determined, so that the paths of the target path are optimized again, the paths are recycled until the paths in the target node set are shortest paths are reduced, or the paths are not found, the optimal paths are accurately predicted until the paths are all the current nodes, and the paths are the optimal paths are found, and the optimal paths are more than the current paths are found.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of an attack path determining method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of comparing an alternative path with a path in a target path set to optimize the target path set by using the alternative path according to another embodiment of the present application;
FIG. 3 is a schematic diagram of a path in a target path set according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an attack path determining device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be understood that the described embodiments are merely some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In order that those skilled in the art will better understand the technical concepts, embodiments and advantages of the embodiments of the present application, a detailed description will be given below with reference to specific examples.
The attack path determining method provided by the embodiment of the application comprises the following steps: the method comprises the steps of taking a source node as a current node, taking an un-traversed node directly connected with the current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node; when the neighbor node set comprises at least one target node, taking all neighbor nodes in the neighbor node set as a first target node set, and forming an alternative path from the source node to the first target node set; the sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is the shortest path; comparing the alternative path with paths in a target path set to optimize the target path set by using the alternative path; wherein the target path set is used for recording optimized paths from the source node to all the target nodes; determining whether all of the target nodes are found; and under the condition that all the target nodes are not found, marking the neighbor nodes as traversed nodes, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, and carrying out loop iteration until all the target nodes are found or the new current nodes do not exist, so that the attack paths from the source asset to a plurality of target assets can be simplified, and the accuracy of predicting or reproducing threat events is improved.
Fig. 1 is a flow chart of an attack path determining method according to an embodiment of the present application, as shown in fig. 1, where the attack path determining method according to the present embodiment may include:
s101, taking a source node as a current node, taking an un-traversed node directly connected with the current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node.
In a network environment, a source node, a neighbor node, and a target node may correspond to one asset in the network environment. In some examples, the method of the present embodiment may be described by means of a network topology. In this embodiment, before a source node is a current node, the source node and two or more target nodes may be determined in the network topology. It is understood that the number of source nodes may be one.
In this embodiment, the source node is used as the current node, and the node after the traversed node is removed from the nodes directly connected with the source node is used as the neighbor node, so that the calculation amount can be reduced, and the calculation efficiency can be improved.
The neighbor node set includes non-traversed nodes, i.e., non-traversed neighbor nodes, that are directly connected to the current node.
It is determined whether at least one target node is included in the non-traversed neighbor nodes in the set of neighbor nodes.
The at least one target node includes one target node, two target nodes, five target nodes, and so on.
S102, under the condition that the neighbor node set comprises at least one target node, taking all neighbor nodes in the neighbor node set which are the target nodes as a first target node set, and forming an alternative path from a source node to the first target node set.
In the case that the source node is taken as the current node and at least one target node is included in the neighbor node set of the current node, all target nodes included in the neighbor node set are taken as the first target node set, if two target nodes are included in the neighbor node set, the two target nodes are taken as the first target node set, an alternative path from the source node to the first target node set is formed, and in the embodiment, a sub-path from the source node to each target node in the first target node set in the alternative path is the shortest path.
It will be appreciated that in the case where the source node is the current node and the target node is included in a neighbor node of the current node, the alternative path includes the source node and the first set of target nodes.
S103, comparing the alternative paths with paths in the target path set so as to optimize the target path set by using the alternative paths.
In this embodiment, the target path set is used to record the optimized paths from the source node to all the target nodes.
S104, determining whether all target nodes are found.
And S105, under the condition that all the target nodes are not found, marking the neighbor nodes as traversed nodes, taking the neighbor nodes in the neighbor node set as new current nodes, continuing to determine whether the neighbor node set of the new current nodes comprises at least one target node, and iterating until all the target nodes are found or no new current nodes exist.
If all the target nodes are not found, the calculation needs to be continued, and at this time, the neighboring nodes are marked as traversed nodes, so that when the non-traversed node directly connected with the current node is determined to be the neighboring node, the traversed node directly connected with the current node can be removed from all the directly connected nodes.
And continuing to determine whether the neighbor node set of the new current node comprises at least one target node by using the neighbor nodes in the neighbor node set as the new current node, and iterating according to the steps until all the target nodes are found or no new current node exists.
In the loop iteration process, when determining whether all target nodes are found, comparing the target nodes included in the neighbor node set determined by the current loop and the target nodes included in the neighbor node set determined before with all target nodes, if the target nodes included in the neighbor node set determined by the current loop and the target nodes included in the neighbor node set determined before include all target nodes, all target nodes are found, if only part of target nodes are included, continuing the loop iteration until all target nodes are found to finish calculation; or, when there is no new current node, the calculation is ended.
In the process of carrying out loop iteration, the formed alternative path comprises a source node, an intermediate node set and a first target node set, wherein the intermediate node set comprises intermediate nodes except the source node and the first target node set.
When the process is finished on the condition that no new current node exists, according to the calculation process, if there is a target node which is not found, no communication path exists between the target node and the source node.
In this embodiment, a source node is used as a current node, an un-traversed node directly connected with the current node is used as a neighbor node, a neighbor node set is formed, and whether the neighbor node set includes at least one target node is determined; under the condition that the neighbor node set comprises at least one target node, all neighbor nodes in the neighbor node set are used as a first target node set, one alternative path from a source node to the first target node set is formed, then the alternative path is compared with the paths in the target path set to optimize the target path set by using the alternative path, wherein the target path set is used for recording optimized paths from the source node to all the target nodes, as the sub-paths from the source node in the alternative path to each target node in the first target node set are shortest paths, and the alternative path is compared with the paths in the target path set to optimize the target path set by using the alternative path, so that the paths in the target path set can be optimized, under the condition that all the target nodes are not found, the neighbor nodes in the neighbor node set are marked as traversed nodes, whether the neighbor nodes in the neighbor node set comprise at least one target node is continuously determined, so that the paths of the target path are optimized again, the paths are recycled until the paths in the target node set are shortest paths are reduced, or the paths are not found, the optimal paths are accurately predicted until the paths are all the current nodes, and the paths are the optimal paths are found, and the optimal paths are more than the current paths are found.
The method for determining the attack path can be applied to a security analysis technology, and can be particularly applied to known attack source points and a plurality of attacked nodes, but under the condition that a specific attack path is not known, a proper path is determined to help security personnel to analyze; the method can be applied to drawing the attack effect, and particularly can be applied to software for drawing the attack effect on the topological graph, so that a drawing staff can be helped to quickly generate a proper attack path, the drawing staff can conveniently and uniformly configure the attack effect, and the drawing time is saved.
A further embodiment of the application is substantially identical to the above embodiment, except that the alternative path of the present embodiment comprises a source node, a first set of intermediate nodes and a first set of target nodes, the first set of target nodes comprising at least one target node.
Referring to fig. 2, comparing the alternative path with the paths in the target path set to optimize the target path set with the alternative path (S103) may include:
s103a, traversing each target node in the first target node set, and determining whether each target node in the first target node set exists in the target node set corresponding to all paths in the target path set.
Each path in all paths included in the target path set includes a target node subset, where the target node subset includes target nodes, and the target node set in this embodiment includes target nodes in the target node subset of all paths.
Each target node in the first set of target nodes may be compared with a target node in the set of target nodes, the target node being present in the set of target nodes if there is a target node in the set of target nodes that is the same as the target node in the first set of target nodes; if there is no target node in the set of target nodes that is the same as the target node in the first set of target nodes, the target node is not in the set of target nodes.
S103b, when the first target node in the first target node set exists in the target node set corresponding to all paths in the target path set, determining the first path corresponding to the first target node in the target path set.
The paths a in the target path set include source nodes, intermediate node subsets and target node subsets, wherein the target nodes a and B in the target node subsets, the target node sets corresponding to all paths include a, and if the first target node is a, the first target node in the first target node set exists in the target node sets corresponding to all paths in the target path set, and in this case, the first path in the target path set corresponding to the first target node a is the path a.
S103c, determining whether to add the first target node to the third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path.
Initially, the third set of target nodes is empty.
In some examples, determining whether to add the first target node to the third target node set (S103 c) based on the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path may include:
a1, determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in the first target node set in the alternative path.
In this embodiment, the second set of intermediate nodes is a set of intermediate nodes with a repetition number of 0 in the first path. The intermediate node with the repetition number of 0 in the first path may be the intermediate node that is traversed only once from the source node to each of the target nodes in the first path.
A2, determining the number num of intermediate nodes of the intermediate node set corresponding to all paths in the target path set, wherein the intermediate nodes in the first intermediate node set are not in the target path set.
And comparing the intermediate nodes in the first intermediate node set with the intermediate nodes in the intermediate node set corresponding to all paths in the target path set, and determining the number num of the intermediate nodes in the intermediate node set corresponding to all paths in the target path set, which are not included in the intermediate nodes in the first intermediate node set.
For determination of num, as an alternative, the number num of intermediate nodes present in the second set of intermediate nodes in the first set of intermediate nodes is determined.
A3, in the case that m is larger than num, removing the first target node from the target node set in the first path.
It will be appreciated that in the case where m is less than num, the first target node is not removed from the set of target nodes in the first path.
A4, removing the first path from the target path set and adding the first target node to the third target node set under the condition that the target node set in the first path after removing the first target node is empty.
It may be appreciated that in the case where the set of target nodes in the first path after the removal of the first target node is not empty, the first path after the removal of the first target node is reserved.
And S103d, adding the first target node to a third target node set when the first target node in the first target node set does not exist in the target node sets corresponding to all paths in the target path set.
When the first target node does not exist in the target node sets corresponding to all paths in the target path set, the first target node can be added to the third target node set.
S103e, if the third target node set is empty, not adding the new candidate path to the target node set.
After traversing each target node in the first set of target nodes, the determined third set of target nodes is empty, indicating that the alternative path can reach the target nodes more succinctly than the alternative path compared to the paths in the set of target paths, and therefore, the alternative path does not need to be added to the set of target paths.
And S103f, under the condition that the third target node set is not empty, replacing the first target node set in the alternative paths with the third target node set to form new alternative paths, and adding the new alternative paths into the target path set.
And replacing the first target node set with the target nodes in the third target node set determined through the steps, wherein the obtained new alternative path is used as one path in the target path set.
A further embodiment of the present application is basically the same as the above embodiment, except that the attack path determination method of the present embodiment may further include, after adding the new candidate path to the target path set:
s106, adding the first intermediate node set in the new alternative path into the intermediate node sets of all paths, and recording the repetition times of the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
In this embodiment, by adding the first intermediate node set in the new alternative path to the intermediate node sets of all paths and recording the number of repetition times of the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set, data support can be provided for optimizing the target path set for the next iterative computation, thereby improving the computation efficiency.
To determine the shortest sub-path of the source node to each of the target nodes in the first set of nodes in the alternative path, in some examples, prior to forming one of the alternative paths of the source node to the first set of target nodes, the method may further comprise:
and S107, adding the source node into the path attribute of the source node.
Path attributes may be added for each source node in the topology map, with an initial value of null.
At the beginning of the computation, the source node may be added to the path attributes of the source node.
S108, copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node to serve as the path attribute of the neighbor node.
When the source node is used as the current node, the path attribute of the current node in this embodiment is used as the source node.
The path attribute of the neighbor node of the source node is the path attribute inherited by the source node and the neighbor node is added into the path attribute to form the path attribute of the neighbor node.
In the iterative loop process, the neighbor node inherits the path attribute of the current node, and adds itself into the path attribute to form the path attribute of the neighbor node.
S109, determining a sub-path from a source node to one target node in the first target node set in the alternative path according to the following method:
the sub-path from the source node to one of the first set of target nodes is a path attribute of the target node corresponding to the sub-path.
The following describes the embodiment of the present application in detail with reference to a specific example.
For convenience of explanation, the symbols in the present embodiment will be explained:
id: a unique identification of the node; links: and the adjacent node set has direct connection relation with the nodes.
Referring to fig. 3, each of the optimal paths of the source node to the plurality of target nodes includes: start: a source node of the path; middle: a set of intermediate nodes (nodes other than the source node and the target node) of the path; ends: a set of target nodes of the path.
After acquiring the source node id and the target node id set according to the interaction, the method for searching the optimal path between the source node and the plurality of target nodes may include:
step 1, creating a new empty set, marking the new empty set as a marked node set ready, and adding a source node into the ready.
And 2, creating a copy of the target node set, and recording as domain.
The domain includes all target nodes.
And 3, adding path attributes path to all nodes, wherein the path attributes path represent node sets (including the source node and the current node) passing through the shortest path from the source node to the current node, and the node sets are all empty sets initially.
And 4, adding the source node into the path attribute of the source node, creating a current node set, and adding the source node into the current node set.
And 5, traversing the current node set, and finding all adjacent points which are not in ready (not marked) for each current node through link attributes of the current node, and recording as next. Find all nodes in the domain in next, and record as es. If es is not null, a new path is added by using an addPath method, the start of the new path is the source node, the middle is the path set of the current node, the set after the source node is removed is used, and the ends is es. For each node in next, the node inherits the path attribute stored by the current node and then adds the node into the path to obtain the shortest path from the source node to the node.
Before the addPath method is used, a path set is created, and each time a path is added to the path set, the addPath method is adopted, and the parameters of the method are as follows:
paths: representing the added path set;
EndNOdes: representing the added set of target nodes, and each target node in the ends is mapped to the corresponding path;
middleNodes: represents the set of intermediate nodes for all paths and records the number of repetitions of each intermediate node.
Referring to fig. 4, the added paths all satisfy a pair of multipath formats, and each time a new path is added, the following procedure is performed:
b1, creating a new empty set new;
b2, traversing end attributes in the new path, and determining whether t is in the endNodes for each target node t;
b3, if yes, finding a path of t mapping in the endNodes, and acquiring the node number n of an ends set of the path;
b4, judging whether n is smaller than the number of nodes of the ends set of the new path;
b5, if the number of nodes in the end set of the new path is smaller than the number of nodes in the end set of the new path, counting an intermediate node set m with the repetition number of 0 in the middle attribute of the path, and counting the number num of nodes which are not in the middleNodes set or in the middleNodes set m in the middle attribute of the new path;
b6, judging whether the number of nodes in the set m is larger than num;
b7, if the number of nodes in the set m is greater than num, removing t from the ends set of the path, if the ends set of the path after removal is empty, removing the path from the paths, changing the path mapped by t into a new path, and adding t into new;
B8, if t is not in the endNodes, then add t to new.
After traversing all t, if new is not null, changing the end attribute of the new path into new, adding the new path into paths, adding the middle of the new path into middleNodes, and recording the repetition times of each intermediate node.
And 6, removing the es nodes of all the current nodes from the domain. And (3) changing the current node set into the next node set of all the current nodes as long as the domain set is not empty, and repeating the operation of 6 until the domain set is empty or the current node set is empty.
And 7, if the domain set is not empty after stopping, the rest target nodes in the domain set are nodes without communication paths with the source node. The paths of the remaining target nodes and source nodes are all in paths.
Through the steps, the optimal paths between the source node and the plurality of target nodes are satisfied: 1. the shortest path is between the source node and each target node; 2. the least paths, namely more target nodes are in the same path as much as possible under the condition that the first condition is met; 3. the least nodes are traversed, i.e. as all paths as possible traverse the same nodes if the above two conditions are met.
The shortest path from the source node to each target node is obtained by adding the shortest path from the source node to each node in the next in the steps 1-4 and 5 into the path after the node inherits the path attribute stored by the current node.
The complete method for determining the shortest path from the source node to one target node is as follows:
step 1, obtaining a source node id and a target node id according to interaction.
And 2, creating a new empty set, marking the new empty set as a marked node set ready, and adding the source node into the ready.
And 3, adding path attributes path to all nodes, wherein the path attributes path represent node sets (including the source node and the current node) passing through the shortest path from the source node to the current node, and the node sets are all empty sets initially.
And 4, adding the source node into the path attribute of the source node, creating a current node set, and adding the source node into the current node set.
And 5, traversing the current node set, and finding all adjacent points which are not in ready (not marked) for each current node through link attributes of the current node, and recording as next. For each node in next, the node inherits the path attribute stored by the current node and then adds the node into the path, so that the shortest path from the source node to the node is obtained, if the node is a target node, the searching is finished, and otherwise, the searching is continued.
And 6, if the target node is not in the next, adding all nodes in the next into ready. And changing the current node set into a next node set of all the current nodes, repeating the operation of 4 until the target node is found or the current node set is empty.
And 7, if the target node is not found after stopping, the source node and the target node have no communication path.
In this embodiment, by using a source node as a current node, using an un-traversed node directly connected to the current node as a neighbor node, and forming a neighbor node set, determining whether the neighbor node set includes at least one target node; under the condition that the neighbor node set comprises at least one target node, all the neighbor nodes in the neighbor node set are used as a first target node set, one alternative path from the source node to the first target node set is formed, then the alternative path is compared with the paths in the target path set to optimize the target path set by using the alternative path, wherein the target path set is used for recording optimized paths from the source node to all the target nodes, as the sub-paths from the source node in the alternative path to each target node in the first target node set are shortest paths, and the alternative path is compared with the paths in the target path set to optimize the target path set by using the alternative path, so that the paths in the target path set can be optimized, under the condition that all the target nodes are not found, the neighbor nodes in the neighbor node set are marked as traversed nodes, whether the neighbor nodes in the neighbor node set are used as new current nodes is continuously determined, so that whether the paths of the target path set comprise at least one target node is optimized is further determined, and the paths are optimized again, as to the paths in the target node set is not optimized, the current node is not needed, the path is not completely optimized until all the new nodes are completely found, the new paths are completely optimized, the paths are completely optimized by the target nodes are completely, and the optimal paths are completely is completely or completely calculated, and the path is completely is improved, and the path is completely optimized by the target path is completely, and the target path is completely or completely optimized, determining the number m of intermediate nodes in a second intermediate node set and the number num of intermediate nodes of intermediate node sets corresponding to all paths in the target path set, wherein the intermediate nodes in the first intermediate node set are not determined to be in the target path set under the condition that the number of target nodes in the first path is smaller than the number of nodes in the first target node set in the alternative path; or, determining the number num of intermediate nodes in the first intermediate node set and existing in the second intermediate node set, removing the first target node from the target node set in the first path and removing the first path from the target path set if m is greater than num, adding the first target node to the third target node set, so that more target nodes are on the same path, and more paths pass through the same intermediate node, the path from the source node to the target node is simplified, and the path attribute of the target node corresponding to the sub-path is taken as the sub-path from the source node to one of the target nodes in the first target node set before forming an alternative path from the source node to the first target node set.
An attack path determining device provided in an embodiment of the present application is characterized by comprising: the first determining module is used for taking a source node as a current node, taking an un-traversed node directly connected with the current node as a neighbor node, forming a neighbor node set and determining whether the neighbor node set comprises at least one target node or not; an alternative path forming module, configured to, when the set of neighboring nodes includes at least one target node, form an alternative path from the source node to the first target node set by using all neighboring nodes in the set of neighboring nodes that are the target nodes as the first target node set; the sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is the shortest path; the optimization module is used for comparing the alternative path with paths in a target path set so as to optimize the target path set by utilizing the alternative path; wherein the target path set is used for recording optimized paths from the source node to all the target nodes; a second determining module, configured to determine whether all the target nodes are found; and the loop iteration module is used for marking the neighbor nodes as traversed nodes under the condition that all the target nodes are not found, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, and carrying out loop iteration until all the target nodes are found or the new current nodes do not exist, so that the attack paths from the source asset to a plurality of target assets can be simplified, and the accuracy of predicting or reproducing threat events is improved.
Fig. 5 is a schematic structural diagram of an attack path determining device according to an embodiment of the present application, as shown in fig. 5, where the attack path determining device according to the present embodiment may include: a first determining module 11, configured to take a source node as a current node, take an un-traversed node directly connected to the current node as a neighboring node, and form a neighboring node set, and determine whether the neighboring node set includes at least one target node; an alternative path forming module 12, configured to, in a case where the set of neighboring nodes includes at least one of the target nodes, form an alternative path from the source node to the first target node set by using all neighboring nodes in the set of neighboring nodes that are the target nodes as the first target node set; the sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is the shortest path; an optimizing module 13, configured to compare the alternative path with a path in a target path set, so as to optimize the target path set by using the alternative path; wherein the target path set is used for recording optimized paths from the source node to all the target nodes; a second determining module 14 for determining whether all the target nodes are found; and a loop iteration module 15, configured to, if all the target nodes are not found, mark the neighboring nodes as traversed nodes, use the neighboring nodes in the neighboring node set as new current nodes, and continuously determine whether the neighboring node set of the new current nodes includes at least one target node, and loop iterate until all the target nodes are found or the new current nodes do not exist.
The device of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 1, and its implementation principle and technical effects are similar, and are not described here again.
The device of the embodiment takes a source node as a current node, takes an un-traversed node directly connected with the current node as a neighbor node, forms a neighbor node set, and determines whether the neighbor node set comprises at least one target node; when the neighbor node set comprises at least one target node, taking all neighbor nodes in the neighbor node set as a first target node set, and forming an alternative path from the source node to the first target node set; the sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is the shortest path; comparing the alternative path with paths in a target path set to optimize the target path set by using the alternative path; wherein the target path set is used for recording optimized paths from the source node to all the target nodes; determining whether all of the target nodes are found; and under the condition that all the target nodes are not found, marking the neighbor nodes as traversed nodes, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, and carrying out loop iteration until all the target nodes are found or the new current nodes do not exist, so that the attack paths from the source asset to a plurality of target assets can be simplified, and the accuracy of predicting or reproducing threat events is improved.
As an alternative embodiment, the alternative path includes the source node, a first set of intermediate nodes, and the first set of target nodes, the first set of target nodes including the at least one target node; the optimization module comprises: a first determining submodule, configured to traverse each target node in the first target node set, determine whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set; a second determining submodule, configured to determine, when a first target node in the first target node set exists in a target node set corresponding to all paths in the target path set, a first path corresponding to the first target node in the target path set; a third determining submodule, configured to determine whether to add the first target node to a third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path; a first adding sub-module, configured to add a first target node in the first target node set to the third target node set when the first target node does not exist in the target node set corresponding to all paths in the target path set; a second adding sub-module, configured to not add the new alternative path to the target path set if the third target node set is empty; and under the condition that the third target node set is not empty, replacing the first target node set in the alternative path with the third target node set to form a new alternative path, and adding the new alternative path into the target path set.
As an alternative embodiment, the third determining sub-module is specifically configured to: determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition number of 0 in the first path; determining the number num of intermediate nodes of the intermediate node set corresponding to all paths in the target path set, wherein the intermediate nodes in the first intermediate node set are not in the intermediate node set corresponding to all paths in the target path set; or determining the number num of intermediate nodes in the first intermediate node set and existing in the second intermediate node set; removing the first target node from the set of target nodes in the first path if m is greater than num; and removing the first path from the target path set and adding the first target node to a third target node set under the condition that the target node set in the first path after the first target node is removed is empty.
As an alternative embodiment, the apparatus further comprises: and the recording module is used for adding the first intermediate node set in the new alternative path into the intermediate node set of all paths after the second adding sub-module adds the new alternative path into the target path set, and recording the repetition times of the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
As an alternative embodiment, the apparatus further comprises: an adding module, configured to add the source node to a path attribute of the source node before the alternative path forming module forms an alternative path from the source node to the first target node set; the copying module is used for copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node to serve as the path attribute of the neighbor node; and a third determining module, configured to use a sub-path from the source node to one of the target nodes in the first target node set as a path attribute of the target node corresponding to the sub-path.
The device of the above embodiment may be used to implement the technical solution of the above method embodiment, and its implementation principle and technical effects are similar, and are not repeated here.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application, as shown in fig. 5, may include: the processor 62 and the memory 63 are arranged on the circuit board 64, wherein the circuit board 64 is arranged inside a space surrounded by the shell 61; a power supply circuit 65 for supplying power to the respective circuits or devices of the above-described electronic apparatus; a memory 63 for storing executable program code; the processor 62 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 63, so as to perform any of the attack path determination methods provided in the foregoing embodiments, and thus, the corresponding advantageous technical effects can also be achieved, which have been described in detail above and will not be repeated here.
Such electronic devices exist in a variety of forms including, but not limited to:
(1) Ultra mobile personal computer device: such devices are in the category of personal computers, having computing and processing functions, and generally also having mobile internet access characteristics. Such terminals include: PDA, MID, and UMPC devices, etc., such as iPad.
(2) And (3) a server: the configuration of the server includes a processor, a hard disk, a memory, a system bus, and the like, and the server is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing capacity, stability, reliability, security, scalability, manageability, and the like.
(3) Other electronic devices with data interaction functions.
Accordingly, embodiments of the present application further provide a computer readable storage medium storing one or more programs executable by one or more processors to implement any one of the attack path determination provided in the foregoing embodiments, so that corresponding technical effects can be achieved, which have been described in detail above and are not repeated herein.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
For convenience of description, the above apparatus is described as being functionally divided into various units/modules, respectively. Of course, the functions of the various elements/modules may be implemented in the same piece or pieces of software and/or hardware when implementing the present application.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present application should be included in the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.
Claims (10)
1. An attack path determination method, comprising:
the method comprises the steps of taking a source node as a current node, taking an un-traversed node directly connected with the current node as a neighbor node, forming a neighbor node set, and determining whether the neighbor node set comprises at least one target node;
when the neighbor node set comprises at least one target node, taking all neighbor nodes in the neighbor node set as a first target node set, and forming an alternative path from the source node to the first target node set; the sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is the shortest path;
comparing the alternative path with paths in a target path set to optimize the target path set by using the alternative path; wherein the target path set is used for recording optimized paths from the source node to all the target nodes; the alternative path comprises the source node, a first set of intermediate nodes and the first set of target nodes, the first set of target nodes comprising the at least one target node; the comparing the alternative path with the paths in the target path set to optimize the target path set by using the alternative path includes: traversing each target node in the first target node set, and determining whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set; determining a first path corresponding to the first target node in the target path set under the condition that the first target node in the first target node set exists in the target node set corresponding to all paths in the target path set; determining whether to add the first target node to a third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path; adding a first target node in the first target node set to the third target node set under the condition that the first target node in the first target node set does not exist in target node sets corresponding to all paths in the target path set; if the third target node set is empty, not adding the new alternative path to the target path set; under the condition that the third target node set is not empty, replacing a first target node set in the alternative paths with the third target node set to form new alternative paths, and adding the new alternative paths into the target path set;
Determining whether all of the target nodes are found;
and under the condition that all the target nodes are not found, marking the neighbor nodes as traversed nodes, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node, and carrying out loop iteration until all the target nodes are found or the new current nodes do not exist.
2. The method of claim 1, wherein the determining whether to add the first target node to a third set of target nodes based on the number of target nodes in the first path and the number of nodes in the first set of target nodes in the alternate path comprises:
determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition number of 0 in the first path;
determining the number num of intermediate nodes of the intermediate node set corresponding to all paths in the target path set, wherein the intermediate nodes in the first intermediate node set are not in the intermediate node set corresponding to all paths in the target path set; or determining the number num of intermediate nodes in the first intermediate node set and existing in the second intermediate node set;
Removing the first target node from the set of target nodes in the first path if m is greater than num;
and removing the first path from the target path set and adding the first target node to a third target node set under the condition that the target node set in the first path after the first target node is removed is empty.
3. The method of claim 2, wherein after adding the new alternative path to the target path set, the method further comprises:
and adding the first intermediate node set in the new alternative path into the intermediate node sets of all paths, and recording the repetition times of the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
4. The method of claim 1, wherein prior to forming an alternative path from the source node to the first set of target nodes, the method further comprises:
adding the source node to a path attribute of the source node;
copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node to serve as the path attribute of the neighbor node;
The sub-paths from the source node to one of the target nodes in the first set of target nodes in the alternative path are determined as follows:
a sub-path from the source node to one of the target nodes in the first set of target nodes is a path attribute of the target node corresponding to the sub-path.
5. An attack path determination device, comprising:
the first determining module is used for taking a source node as a current node, taking an un-traversed node directly connected with the current node as a neighbor node, forming a neighbor node set and determining whether the neighbor node set comprises at least one target node or not;
an alternative path forming module, configured to, when the set of neighboring nodes includes at least one target node, form an alternative path from the source node to the first target node set by using all neighboring nodes in the set of neighboring nodes that are the target nodes as the first target node set; the sub-path from the source node to each of the target nodes in the first set of target nodes in the alternative path is the shortest path;
the optimization module is used for comparing the alternative path with paths in a target path set so as to optimize the target path set by utilizing the alternative path; wherein the target path set is used for recording optimized paths from the source node to all the target nodes; the alternative path comprises the source node, a first set of intermediate nodes and the first set of target nodes, the first set of target nodes comprising the at least one target node; the optimization module comprises: a first determining submodule, configured to traverse each target node in the first target node set, determine whether each target node in the first target node set exists in a target node set corresponding to all paths in the target path set; a second determining submodule, configured to determine, when a first target node in the first target node set exists in a target node set corresponding to all paths in the target path set, a first path corresponding to the first target node in the target path set; a third determining submodule, configured to determine whether to add the first target node to a third target node set according to the number of target nodes in the first path and the number of nodes in the first target node set in the alternative path; a first adding sub-module, configured to add a first target node in the first target node set to the third target node set when the first target node does not exist in the target node set corresponding to all paths in the target path set; a second adding sub-module, configured to not add the new alternative path to the target path set if the third target node set is empty; under the condition that the third target node set is not empty, replacing a first target node set in the alternative paths with the third target node set to form new alternative paths, and adding the new alternative paths into the target path set;
A second determining module, configured to determine whether all the target nodes are found;
and the loop iteration module is used for marking the neighbor nodes as traversed nodes under the condition that all the target nodes are not found, taking the neighbor nodes in the neighbor node set as new current nodes, continuously determining whether the neighbor node set of the new current nodes comprises at least one target node or not, and carrying out loop iteration until all the target nodes are found or the new current nodes do not exist.
6. The apparatus of claim 5, wherein the third determination submodule is specifically configured to:
determining the number m of intermediate nodes in a second intermediate node set under the condition that the number of target nodes in the first path is smaller than the number of nodes in a first target node set in the alternative path, wherein the second intermediate node set is a set of intermediate nodes with the repetition number of 0 in the first path;
determining the number num of intermediate nodes of the intermediate node set corresponding to all paths in the target path set, wherein the intermediate nodes in the first intermediate node set are not in the intermediate node set corresponding to all paths in the target path set; or determining the number num of intermediate nodes in the first intermediate node set and existing in the second intermediate node set;
Removing the first target node from the set of target nodes in the first path if m is greater than num;
and removing the first path from the target path set and adding the first target node to a third target node set under the condition that the target node set in the first path after the first target node is removed is empty.
7. The apparatus of claim 6, wherein the apparatus further comprises:
and the recording module is used for adding the first intermediate node set in the new alternative path into the intermediate node set of all paths after the second adding sub-module adds the new alternative path into the target path set, and recording the repetition times of the intermediate nodes of the intermediate node sets corresponding to all paths in the target path set.
8. The apparatus of claim 5, wherein the apparatus further comprises:
an adding module, configured to add the source node to a path attribute of the source node before the alternative path forming module forms an alternative path from the source node to the first target node set;
the copying module is used for copying the path attribute of the current node and adding the neighbor node into the copied path attribute of the current node to serve as the path attribute of the neighbor node;
And a third determining module, configured to use a sub-path from the source node to one of the target nodes in the first target node set as a path attribute of the target node corresponding to the sub-path.
9. An electronic device, the electronic device comprising: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for performing the attack path determination method according to any of the preceding claims 1-4.
10. A computer readable storage medium storing one or more programs executable by one or more processors to implement the attack path determination method of any of the preceding claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111339998.4A CN114362990B (en) | 2021-11-12 | 2021-11-12 | Attack path determining method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111339998.4A CN114362990B (en) | 2021-11-12 | 2021-11-12 | Attack path determining method and device, electronic equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114362990A CN114362990A (en) | 2022-04-15 |
| CN114362990B true CN114362990B (en) | 2023-08-29 |
Family
ID=81095582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111339998.4A Active CN114362990B (en) | 2021-11-12 | 2021-11-12 | Attack path determining method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114362990B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102447695A (en) * | 2011-11-14 | 2012-05-09 | 中国科学院软件研究所 | Method for identifying key attack path in service system |
| CN103354539A (en) * | 2012-11-29 | 2013-10-16 | 北京安天电子设备有限公司 | Method and system for restoring attacking path based on IPv6 network features |
| CN105991639A (en) * | 2015-07-08 | 2016-10-05 | 北京匡恩网络科技有限责任公司 | Network attack path analysis method |
| CN106453217A (en) * | 2016-04-13 | 2017-02-22 | 河南理工大学 | Network attack path behavior prediction method based on path revenue calculation |
| CN108696473A (en) * | 2017-04-05 | 2018-10-23 | 中国移动通信集团广东有限公司 | Attack path restoring method and device |
| CN110138764A (en) * | 2019-05-10 | 2019-08-16 | 中北大学 | A kind of attack path analysis method based on level attack graph |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9369477B2 (en) * | 2014-05-29 | 2016-06-14 | Empire Technology Development Llc | Mitigation of path-based convergence attacks |
| US10637772B2 (en) * | 2016-05-28 | 2020-04-28 | Guardtime Sa | Verification mechanism for network service chain paths |
-
2021
- 2021-11-12 CN CN202111339998.4A patent/CN114362990B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102447695A (en) * | 2011-11-14 | 2012-05-09 | 中国科学院软件研究所 | Method for identifying key attack path in service system |
| CN103354539A (en) * | 2012-11-29 | 2013-10-16 | 北京安天电子设备有限公司 | Method and system for restoring attacking path based on IPv6 network features |
| CN105991639A (en) * | 2015-07-08 | 2016-10-05 | 北京匡恩网络科技有限责任公司 | Network attack path analysis method |
| CN106453217A (en) * | 2016-04-13 | 2017-02-22 | 河南理工大学 | Network attack path behavior prediction method based on path revenue calculation |
| CN108696473A (en) * | 2017-04-05 | 2018-10-23 | 中国移动通信集团广东有限公司 | Attack path restoring method and device |
| CN110138764A (en) * | 2019-05-10 | 2019-08-16 | 中北大学 | A kind of attack path analysis method based on level attack graph |
Non-Patent Citations (1)
| Title |
|---|
| "流量攻击图的建模与生成方法";孙哲、巫中正、李千目;《软件》;第39卷(第4期);第48-52页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114362990A (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Khan et al. | Neighborhood based fast graph search in large networks | |
| CN101751333A (en) | Method, computer program and computer system for assisting in analyzing program | |
| CN108491228A (en) | A kind of binary vulnerability Code Clones detection method and system | |
| CN113259176A (en) | Alarm event analysis method and device | |
| Ferber et al. | Finding Hamilton cycles in random graphs with few queries | |
| CN115618010A (en) | Fusion map storage and processing method and device | |
| CN110730128B (en) | Information propagation path processing method and device, electronic equipment and storage medium | |
| Kumar et al. | Community-enhanced Link Prediction in Dynamic Networks | |
| CN114362990B (en) | Attack path determining method and device, electronic equipment and readable storage medium | |
| Bhattacharya et al. | LAWRA: a layered wrapper feature selection approach for network attack detection | |
| Babu et al. | A distributed approach to weighted frequent Subgraph mining | |
| US8762898B1 (en) | Double patterning aware routing without stitching | |
| CN116361153A (en) | Method and device for testing firmware codes, electronic equipment and storage medium | |
| Miller et al. | Attacking shortest paths by cutting edges | |
| US9063745B2 (en) | Computing reusability index of software assets | |
| Zhang et al. | Continuous matching of evolving patterns over dynamic graph data | |
| Gao et al. | Qos-aware stream federation and optimization based on service composition | |
| CN111736848B (en) | Packet conflict positioning method, device, electronic equipment and readable storage medium | |
| Qian et al. | A Statistical Test of Change‐Point in Mean that Almost Surely Has Zero Error Probabilities | |
| KR102137109B1 (en) | An apparatus for classify log massage to patterns | |
| Shirai et al. | Event prediction using case-based reasoning over knowledge graphs | |
| Shao et al. | Adversarial for social privacy: A poisoning strategy to degrade user identity linkage | |
| KR102462649B1 (en) | Graph reformulation for effective community detection | |
| CN116436846B (en) | Smart grid asset data management method and system based on node search | |
| Zhao et al. | Virtual network embedding on massive substrate networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |