摘要
攻击树(AttackTree)是一种具有树表示结构的网络攻击建模工具。它具有结构化、可重用的优点。已有一些工作在它的基础上展开。但总的来说,现有的研究都着重于针对具体的攻击事件进行建模,在利用攻击树进行分析时缺乏系统性和整体性,难以对攻击树进行有效的利用。该文利用攻击树从系统的角度来对攻击进行建模,并尝试利用建模后得到的攻击树对系统整体的安全性进行分析与评估;此外,通过对攻击过程进行阶段划分,大大降低了构造出的攻击树的复杂度,使得攻击树更易于使用、分析和维护。实例分析表明,该方法能很好地刻画网络攻击的特征,可以为系统的安全分析和评估提供比较令人满意的指导,具有较好的实用性。
As the frequency and complexity Internet attacks increase,systems administrators need more sophisticated tools to warn and direct their responses.The foundation for any such effort is a coherent model of exploits and intrusions that is rich enough to capture the behavior and composition of multi-stage attacks.Attack tree is a good analysis tool for network attacks modeling.Previous works mainly focus on using attack tree to modeling specific attack events.In this paper,attack tree is used to model the attacks from a system's perspective.By dividing attacks into several stages and constructing an attack tree for each stage,people can decrease the complexity of the construction of attack trees.Further,these attack trees are used in system's security analysis and the requirements analysis of an intrusion detection system.From the result of the experience,this approach shows good performance and is practical in use.
出处
《计算机工程与应用》
CSCD
北大核心
2003年第27期160-163,共4页
Computer Engineering and Applications
基金
国家973重点基础研究发展规划资助项目(编号:G1998030403)
中科院支持高水平大学建设重点项目
关键词
攻击树
攻击建模
安全分析
入侵检测
Attack Tree,Attack Modeling,Security Analysis,Intrusion Detection
