一种基于攻击图的入侵响应方法

微信服务号

微信订阅号

2025年6月13日 9:41 星期五

首页 > 过刊浏览>2008年第19卷第10期 >2746-2753

一种基于攻击图的入侵响应方法
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        石 进石 进
南京大学 计算机科学与技术系,江苏 南京 210093
在期刊界中查找
在百度中查找
在本站中查找
郭山清郭山清
山东大学 计算机科学与技术学院,山东 济南 250101
在期刊界中查找
在百度中查找
在本站中查找
陆 音陆 音
南京大学 计算机科学与技术系,江苏 南京 210093
在期刊界中查找
在百度中查找
在本站中查找
谢 立谢 立
南京大学 计算机科学与技术系,江苏 南京 210093
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:Supported by the National High-Tech Research and Development Plan of China under Grant No.2003AA144010 (国家高技术研究发展计划(863)); the High-Tech Research Plan of Jiangsu Province of China under Grant No.BG2005029 (江苏省高技术研究计划)

An Intrusion Response Method Based on Attack Graph

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [15]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

针对当前入侵响应工作中存在的不能充分考虑系统的收益,以及不能充分考虑攻击者策略变化因素等问题,提出了一种基于攻击图的入侵响应IRAG(intrusion response based on attack graph)模型.该模型较好地解决了攻击意图及策略变化的问题,并全面考虑了系统、攻击者的收益等因素.实验结果表明,IRAG模型有效地提高了响应的准确性和效果.

关键词:攻击图;信息安全;入侵响应;安全尺度;博弈理论

Abstract:

System incentive and alternation of attacker's strategies are not taken into full consideration in current intrusion response research. An intrusion response model (intrusion response based on attack graph, IRAG) based on the attack graph is proposed to solve this problem. IRAG model deals well with the attack's intent and alternation of strategies, and takes account of incentives of system and attacker across-the-board. The experimental results show that the IRAG model can effectively improve the accuracy and effectiveness of alert response.

Key words:attack graph; information security; intrusion response; security metric; game theory

参考文献

[1] Kabiri P, Ghorbani A. Research on intrusion detection and response: A survey. Int’l Journal of Network Security, 2005, 1(2):84-102.

[2] Musman S, Flesher P. System or security managers adaptive response tool. In: Proc. of the Information Survivability Conf. and Exposition 2000. 2000. http://doi.ieeecomputersociety.org/10.1109/DISCEX.2000.821509

[3] Schnackenberg D, Djahandari K, Sterne D. Infrastructure for intrusion detection and response. In: Proc. of the DARPA Information Survivability Conf. and Exposition. 2000. 3-11. http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?isnumber=17794&arnumber=821505

[4] Carver CA, Hill JM, Surdu JR, Pooch UW. A methodology for using intelligent agents to provide automated intrusion response. In: Proc. of the IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop. West Point, 2000. 110-116. http://www.bucksurdu.com/Professional/Documents/IntrusionResponsePaper.pdf

[5] Ragsdale DJ, Carver CA, Humphries JW, Pooch UW. Adaptation techniques for intrusion detection and intrusion response systems. In: Proc. of the IEEE Int’l Conf. on Systems, Man, and Cybernetics at Nashville. Tennessee, 2000. 2344-2349. http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/7099/19129/00884341.pdf?isNumber=19129&arNumber=00884341&isnumber=19129&arnumber=00884341

[6] Lee W, Fan W, Miller M, Stolfo SJ, Zadok E. Toward cost-sensitive modeling for intrusion detection and response. Journal of Computer Security, 2002,10(1-2):5-22.

[7] Foo B, Wu YS, Mao YC, Bagchi S, Spafford E. ADEPTS: Adaptive intrusion response using attack graphs in an e-commerce environment. In: Proc. of the 2005 Int’l Conf. on Dependable Systems and Networks (DSN 2005). 2005. 508-517. http://doi.ieeecomputersociety.org/10.1109/DSN.2005.17

[8] Cuppens F, Miege A. Alert correlation in a cooperative intrusion detection framework. In: Proc. of the IEEE Symp. on Research in Security and Privacy. Oakland, 2002. 202-215. http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1004372

[9] Ning P, Xu D. Learning attack strategies from intrusion alerts. In: Proc. of the 10th ACM Conf. on Computer and Communication Security. Washington, 2003. 200-209. http://doi.acm.org/10.1145/948109.948137

[10] Sheyner O, Joshua H, Jha S, Lippmann R, Wing JM. Automated generation and analysis of attack graphs. In: Proc. of the IEEE Symp. on Security and Privacy. Oakland, 2002. 273-284.

[11] Sheyner O, Wing J. Tools for generating and analyzing attack graphs. LNCS 3188, 2004. 344-371. http://www.cs.cmu.edu/～scenariograph/sheynerwing04.pdf

[12] Debar H, Wespi A. Aggregation and correlation of intrusion-detection alerts. In: Proc. of the Recent Advances in Intrusion Detection: The 4th Int’l Symposium (RAID 2001). Davis: Springer-Verlag, 2001. 85-103. http://portal.acm.org/citation.cfm?id= 645839.670735&coll=GUIDE&dl=GUIDE

[13] Phillip AP, Martin WF, Alfonso V. A mission-impact-based approach to INFOSEC alarm correlation. In: Proc. of the 5th Int’l Symp. on Recent Advances in Intrusion Detection (RAID) 2002. Zurich: Springer-Verlag, 2002. 95-115. http://www.springerlink.com/content/2487wb0an7qq8art/

[14] Osborne MJ, Rubinstein A. A Course in Game Theory. Cambridge, London: MIT Press, 1994.

[15] Kuhn H. Extensive games and the problem of information. Annals of Mathematics Studies, 1953,2(28):193-216.

引用本文

石进,郭山清,陆音,谢立.一种基于攻击图的入侵响应方法.软件学报,2008,19(10):2746-2753

复制

文章指标

点击次数:4848
下载次数: 5733
HTML阅读次数: 0
引用次数: 0

历史

收稿日期:2007-07-30
最后修改日期:2008-02-25
录用日期:
在线发布日期:
出版日期:

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码