| 基于权限提升矩阵的攻击图生成方法 |
| |
| 引用本文: | 秦虎,王建利,彭逍遥. 基于权限提升矩阵的攻击图生成方法[J]. 北京理工大学学报, 2019, 39(1): 101-105. DOI: 10.15918/j.tbit1001-0645.2019.01.017 |
| |
| 作者姓名: | 秦虎 王建利 彭逍遥 |
| |
| 作者单位: | 中国信息安全测评中心,北京,100085;中国信息安全测评中心,北京,100085;中国信息安全测评中心,北京,100085 |
| |
| 摘 要: | 目前的攻击图生成算法的复杂度较高,难以应用于大规模网络环境的攻击图生成.本文对攻击图构建过程进行了研究,在攻击模式库和目标环境描述模型的基础上,提出了基于权限提升矩阵的攻击图生成方法,以矩阵描述攻击过程中攻击者的权限提升过程,能够以较低的算法复杂度生成攻击图.搭建实验网络,验证了本文算法的攻击图生成过程.
|
| 关 键 词: | 风险评估 攻击图 权限提升矩阵 攻击模式 |
| 收稿时间: | 2017-07-30 |
Attack Graph Generation Method Based on Privilege Escalation Matrix |
| |
| QIN Hu,WANG Jian-li and PENG Xiao-yao. Attack Graph Generation Method Based on Privilege Escalation Matrix[J]. Journal of Beijing Institute of Technology(Natural Science Edition), 2019, 39(1): 101-105. DOI: 10.15918/j.tbit1001-0645.2019.01.017 |
| |
| Authors: | QIN Hu WANG Jian-li PENG Xiao-yao |
| |
| Affiliation: | China Information Technology Security Evaluation Center, Beijing 100085, China |
| |
| Abstract: | Attack graph is a visual display of the attack paths. It can reveal the relation of the vulnerabilities and damage may be caused. Attack graph provides a more intuitive and in-depth analysis method for risk assessment and penetration test. The complexity of current attack graph generation algorithms is too high to apply to large-scale network environments. In this paper, studying the process of constructing attack graph, an attack graph generation method was proposed based on privilege escalation matrix, attack pattern bank and describing target model. With the use of matrixes to describe the process of privilege escalation, the complexity of attack graph generation algorithms was lowered greatly. Finally, an experimental network was built as a case to illustrate the attack graph generation process. |
| |
| Keywords: | risk assessment attack graph privilege escalation matrix attack pattern |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《北京理工大学学报》浏览原始摘要信息 |
|
点击此处可从《北京理工大学学报》下载全文 |
|
