面向复杂网络的威胁度量及聚合方法

doi:10.16511/j.cnki.qhdxxb.2016.25.009

全文: PDF(1327 KB)
输出: BibTeX | EndNote (RIS)

摘要在复杂网络中, 威胁模型结构庞大、行为复杂, 不利于建模后的威胁分析。该文从实现的角度出发, 针对一类利用C程序实现的威胁对象及威胁, 在已有的威胁建模理论的基础上, 基于代数系统理论提出威胁对象及威胁的代数化刻画框架。基于该框架, 采用代数簇理论建立威胁行为相似度度量函数, 通过矩阵理论及非线性约束求解理论进行函数求解, 从而实现相似行为的代数化判定。最后, 针对判定后的相似行为, 基于并发系统等价关系构建威胁行为聚合规则, 实现威胁模型优化, 减少威胁分析复杂度优化。

	服务

	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS

	作者相关文章
	邓辉
	刘晖
	张宝峰
	毛军捷
	郭颖
	熊琦
	谢仕华

关键词 ：威胁建模, 相似度度量, 威胁聚合, 威胁分析

Abstract：The huge structures and the complex behavior of threat models in complex networks are given too much computing effort for threat analyse. This paper presents an algebraic framework for threat modeling using algebraic theory to describe the object and its threats which are all implemented in a C program. An algebraic function measures the similarities among different threats and then expands the analysis using matrixes or nonlinear constraint theory. Finally, an equivalence relation for the concurrent theoretical is used to established a threat polymerization rule for similar threats to optimize the threat model and reduce the threat analysis complexity.

Key words： threat model similarity measure threat polymerization threat analysis

收稿日期: 2016-01-25 出版日期: 2016-05-15

ZTFLH:

TP301.2

引用本文:

邓辉, 刘晖, 张宝峰, 毛军捷, 郭颖, 熊琦, 谢仕华. 面向复杂网络的威胁度量及聚合方法[J]. 清华大学学报（自然科学版）, 2016, 56(5): 511-516.
DENG Hui, LIU Hui, ZHANG Baofeng, MAO Junjie, GUO Ying, XIONG Qi, XIE Shihua. Similarity measures and polymerization to identity threats in complex networks. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 511-516.

链接本文:

http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.25.009 或 http://jst.tsinghuajournals.com/CN/Y2016/V56/I5/511

[1] 王永杰, 鲜明, 刘进, 等. 基于攻击图模型的网络安全评估研究[J]. 通信学报, 2007,28(3):29-34. WANG Yongjie, XIAN Ming, LIU Jin, et al. Study of network security evaluation based on attack graph model[J].Communication Technology, 2007,28(3):29-34. (in Chinese)
[2] 王红兵. Web应用威胁建模与定量评估[J]. 清华大学学报(自然科学版), 2009,49(S2):2108-2112. WANG Hongbin. Web application threat modeling and quantitative assessment[J].Journal of Tsinghua University (Science and Technology), 2009,49(S2):2108-2112. (in Chinese)
[3] WANG Lingyu, Lslam T, LONG Tao, et al. An attack graph-based probabilistic security metric[J].Lecture Notes in Computer Science, 2008,5094:283-296.
[4] 何可, 李晓红, 冯志勇. 面向对象的威胁建模方法[J]. 计算机工程, 2011,37(4):21-23. HE Ke, LI Xiaohong, FENG Zhiyong. Approach to object oriented threat modeling[J].Computer Engineering, 2011,37(4):21-23. (in Chinese)
[5] Bau J, Mitchell J C. Security modeling and analysis[J].Security & Privacy, 2011,9(3):18-25.
[6] 贾凡, 佟鑫. NFC手机支付系统的安全威胁建模[J]. 清华大学学报(自然科学版), 2012,52(10):1460-1464. JIA Fan, TONG Xin. Threat modeling for mobile payments using NFC phones[J].Journal of Tsinghua University (Science and Technology), 2012,52(10):1460-1464. (in Chinese)
[7] Sebastian R, Feng C, Christoph M. A new alert correlation algorithm based on attack graph[J].Lecture Notes in Computer Science, 2011,6694:58-67.
[8] Andreas C, Patrick H, Pierre-Yves S, et al. Symbolic model checking of software product lines[C]//Proceedings of the 33rd International Conference on Software Engineering. New York:ACM, 2011:321-330.
[9] 邓辉. 基于符号与数值混合计算的多项式变迁系统近似互模拟[D]. 北京:北京交通大学, 2014. DENG Hui. Approximate Bisimulation for Polynomial Transition Systems Based on Symbolic-numeric Computation[D]. Beijing:Beijing Jiaotong University, 2014. (in Chinese)
[10] 陈荣茂. 复杂网络威胁建模与检测技术研究[D]. 长沙:国防科学技术大学, 2013. CHEN Rongmao. Modeling and Detection of Sophisticated Network Threats[D]. Changsha:National University of Defense Technology, 2013. (in Chinese)
[11] Wang L Y, Liu A, Jajodia S. Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts[J].Computer Communications, 2006,29(15):2917-2933.
[12] Zhang S J, Song S S. A novel attack graph posterior inference model based on Bayesian network[J]. Journal of Information Security, 2011,2:8-27.