计算机技术 |
|
|
|
|
采用混和路径攻击图的防御方案生成方法 |
余洋, 夏春和, 胡潇云 |
北京航空航天大学 计算机学院 网络技术北京市重点实验室, 北京 100191 |
|
Defense scheme generation method using mixed path attack graph |
YU Yang, XIA Chun-he, HU Xiao-yun |
School of Computer Science and Engineering, Key Laboratory of Beijing Network Technology, Beijing University of Aeronautics and Astronautics, Beijing 100191, China |
[1] KENNEY M. Cyber-Terrorism in a Post-Stuxnet world[J]. Orbis, 2015, 59(1):111-128.
[2] RITCHEY R W, AMMANN P. Using model checking to analyze network vulnerabilities[C]//Proceeding of the IEEE Symposium on Security and Privacy. New Jersey:IEEE, 2000:156-165.
[3] SHEYNER O, HAINES J, JHA S, et al. Automated generation and analysis of attack graphs[C]//Proceeding of the IEEE Symposium on Security and Privacy. New Jersey:IEEE, 2002:273-284.
[4] SHEYNER O, WING J. Tools for generating and analyzing attack graphs[C]//Proceeding of the International Symposium on Formal Methods for Components and Objects. Berlin:Springer, 2003:344-371.
[5] INGOLS K, CHU M, LIPPMANN R, et al. Modeling modern network attacks and countermeasures using attack graphs[C]//Proceeding of the IEEE International Conference on Computer Security Applications. New Jersey:IEEE, 2009:117-126.
[6] TRIPATHI A, SINGH U K. Taxonomic analysis of classification schemes in vulnerability databases[C]//Proceeding of the 6th IEEE International Conference on Computer Sciences and Convergence Information Technology. New Jersey:IEEE, 2011:686-691.
[7] MCQUEEN M A, MCQUEEN T A, BOYER W F, et al. Empirical estimates and observations of 0-day vulnerabilities[C]//Proceeding of the 42nd IEEE International Conference on System Sciences. New Jersey:IEEE, 2009:1-12.
[8] ZHANG S, CARAGEA D, OU X. An empirical study on using the national vulnerability database to predict software vulnerabilities[C]//Proceeding of the international Conference on Database and Expert Systems Applications. Berlin:Springer, 2011:217-231.
[9] WANG L, JAJODIA S, SINGHAL A, et al. K-zero day safety:a network security metric for measuring the risk of unknown vulnerabilities[J]. IEEE Transactions on Dependable and Secure Computing, 2014, 11(1):30-44.
[10] WANG L, JAJODIA S, SINGHAL A, et al. K-zero day safety:measuring the security risk of networksagainst unknown attacks[C]//Proceeding of the International Symposium on Research in Computer Security. Berlin:Springer, 2010:573-587.
[11] NOEL S, JAJODIA S, O'BERRY B, et al. Efficient minimum-cost network hardening via exploit dependency graphs[C]//Proceeding of the 19th IEEE International Conference on Computer Security Applications. New Jersey:IEEE, 2003:86-95.
[12] WANG L, NOEL S, JAJODIA S. Minimum-cost network hardening using attack graphs[J]. Computer Communications, 2006, 29(18):3812-3824.
[13] ALBANESE M, JAJODIA S, NOEL S. Time-efficient and cost-effective network hardening using attack graphs[C]//Proceeding of the 42nd IEEE International Conference on Dependable Systems and Networks. New Jersey:IEEE, 2012:1-12.
[14] SERRA E, JAJODIA S, PUGLIESE A, et al. Pareto-optimal adversarial defense of enterprise systems[J]. ACM Transactions on Information and System Security, 2015, 17(3):11-15.
[15] DEWRI R, RAY I, POOLSAPPASIT N, et al. Optimal security hardening on attack tree models of networks:a cost-benefit analysis[J]. International Journal of Information Security, 2012, 11(3):167-188.
[16] 闫峰.基于攻击图的网络安全风险评估技术研究[D].吉林:吉林大学,2014:12-31. YAN Feng. Research on the technology of network security risk evaluation based on attack graph[D]. Jiling:Jiling University, 2014:12-31.
[17] 吴金宇,金舒原,杨智.基于网络流的攻击图分析方法[J].计算机研究与发展.2011, 48(8):1497-1505. WU Jin-yu, JIN Shu-yuan, YANG Zhi. Analysis of attack graphs based on network flow method[J]. Journal of Computer Research and Development, 2011,48(8):1497-1505.
[18] KHOSRAVI-FARMAD M, REZAEE R, HARATI A, et al. Network security risk mitigation using Bayesian decision networks[C]//Proceeding of the 4th IEEE International Conference on Computer and Knowledge Engineering. New Jersey:IEEE, 2014:267-272.
[19] 陈小军,时金桥,徐菲,等.面向内部威胁的最优安全策略算法研究[J].计算机研究与发展.2014(7):1565-1577. CHEN Xiao-jun, SHI Jin-jiao, XU Fei, et al. Algorithm of optimal security hardening measures against insider threat[J]. Journal of Computer Research and Development, 2014(7):1565-1577.
[20] WANG S, ZHANG Z, KADOBAYASHI Y. Exploring attack graph for cost-benefit security hardening:a probabilistic approach[J]. Computers and Security, 2013, 32(2013):158-169.
[21] POOLSAPPASIT N, DEWRI R, Ray I. Dynamic security risk management using bayesian attack graphs[J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9(1):61-74.
[22] LI Y L. An approach towards standardising vulnerability categories[D]. Pretoria:University of Pretoria,2008.
[23] OU X, GOVINDAVAJHALA S, APPEL A W. MulVAL:a logic-based network security analyzer[C]//Proceedings of the 14th Conference on USENIX Security Symposium-Volume 14. Berkeley:USENIX Association, 2005:8-12.
[24] MELL P, SCARFONE K, ROMANOSKY S, et al. Common vulnerability scoring system[J]. IEEE Security and Privacy, 2006, 4(6):85-89.
[25] ALHAZMI O H, MALAIYA Y K, RAY I. Measuring, analyzing and predicting security vulnerabilities in software systems[J]. Computers and Security, 2007, 26(3):219-228.
[26] SERRA E, JAJODIA S, PUGLIESE A, et al. pareto-optimal adversarial defense of enterprise systems[J]. ACM Transactions on Information and System Security, 2015, 17(3):11-15.
[27] DEB K, PRATAP A, AGARWAL S, et al. A fast and elitist multiobjective genetic algorithm:NSGA-Ⅱ[J]. IEEE Transactions on Evolutionary Computation, 2002, 6(2):182-197. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
|
Shared |
|
|
|
|
|
Discussed |
|
|
|
|