Modern network is subjected to the risk of combined attack.Therefore,a security situation analysis model based on attack and defense behavior is necessary to be build for analyzing the threat of each independent and combined attack behaviors.Aiming at the problems that the defense factors is not taken into account by the traditional attack tree,the defense tree model lacks good scalability and external attacks were hard to be analyzed by fault tree model,in this paper,the game theory was introduced into attack tree model to describe the specific network attack incident scene.Firstly,logical relationship between different levels of aggressive behavior was analyzed.Offensive and defensive attack trees corresponding to different attack levels are then integrated,and the complete network attack behavior tree was lately obtained.Based on the above steps,an algorithm on the network threat offensive behavior tree was proposed.By finding aggression combinations,analyzing its attack probability,and assessing the threat of attack,the network security situation was analyzed.In order to verify the feasibility and effectiveness of the attack behavior tree model,it was built on the basis of BGP(border gateway protocol)attack tree.By calculating the probability,the probability of PA TH1 was largest.Meanwhile,the attack success rates of five attack paths were increased in the case of no defense measures.The probabilities of PATH2 to PATH5 were increased significantly higher than PATH1 which is consistent with facts.The experimental analysis showed that the model can calculate the effect of various defensive measures very well,which provides a theoretical basis of carrying out targeted network security defense.%现代网络面临遭受组合攻击的风险,通过构建基于攻防行为的安全态势分析模型来对每一个独立及组合攻击行为进行威胁分析十分必要.本文针对传统的攻击树模型没有考虑防御因素影响,防御树模型缺乏较好的可扩展性,故障树模型难以对外部攻击进行分析等问题,在攻击树模型中引入博弈论,以描述具体网络攻防事件场景.首先,分析网络中不同层次攻击行为的逻辑关系,整合不同层次攻击事件对应的攻防树,获得完整网络攻防行为树,进而构建网络攻防行为树模型.其次,从网络攻防行为、网络检测设备以及网络防御措施3方面对基本攻防行为树进行扩展,提出攻击目标成功率算法,计算其攻击概率.在此基础上,对攻击威胁进行评估,分析网络安全态势.最后,为验证网络攻防行为树模型的可行性和有效性,在BGP(border gateway protocol)攻击树的基础上构建攻防行为树模型,通过概率计算可知:攻击路径PATH1概率最大;且在没有防御措施的情况下,5条攻击路径的攻击成功率均得到增大,PATH2至PATH5概率增大倍数显著高于PATH1,与实际相符.本文所提的网络攻防行为树模型能很好地计算各种防御措施的效果,且能够在任意节点添加和删除攻防行为,具有较强的可扩展性,可为网络管理者与运营者提供科学的决策依据.
展开▼
