Business system's security management needs to assess the system security situation by using network attack graph. It also needs to analyze the threats exploiting security vulnerabilities. Current security threat identification and analysis methods cannot handle the upper two problems very well at the same time. It cannot handle uncertainties occurred in the process of vulnerability exploiting threat analysis, either. A security threat identification and analysis method is proposed in this paper. The network attack graph is defined via Colored Petri Net (CPN) and an algorithm named NAGG is proposed to construct network attack graph based on the simulation results. We also give an algorithm named NAGD to simultaneously decompose network attack graph into several sub-attack-graphs, each corresponding to a specific vulnerability exploiting threat. The graph is loop-free and its longest attack path is limited to a certain predefined value. In order to prioritize all security threats for disposal, a vulnerability exploiting threat evaluating method named VETE is given to convert sub-attack graph into uncertain inference rule set. This method uses D-S evidence inference engine to calculate threat degree of each threat corresponding to the sub-attack-graph. At last, a typical Web application system is used as an example to validate the effectiveness of the proposed method.%业务系统安全管理需要网络攻击图来评估系统整体安全性或态势,同时又需要对那些可能严重危害系统安全的脆弱性利用威胁进行重点分析和优先处置.现有安全威胁识别和分析方法无法兼顾这两个方面,也无法处理脆弱性利用威胁分析过程中的不确定性问题.作者提出了一种安全威胁识别和分析方法.利用颜色Petri网(CPN)定义网络攻击图,并给出了网络攻击图生成NAGG算法,根据攻击模型分析结果生成网络攻击图;给出了基于CPN仿真的网络攻击图分解NAGD算法,可一次性分解出各脆弱性利用威胁对应的子攻击图,所述子攻击图不存在循环路径且最长攻击路径不超过预设值.并给出了一种脆弱性利用威胁度评估VETE算法,将子攻击图转换为不确定性推理规则集,采用D-S证据推理计算各子攻击图所对应安全威胁的威胁度,以确定安全威胁处置优先级.最后以一个典型Web应用系统为例,验证了所述安全威胁识别和分析方法的有效性.
展开▼
