【作者】 叶云；

【导师】 齐治昌；

【作者基本信息】 国防科学技术大学 ， 计算机软件与理论， 2012， 博士

【摘要】 当前，随着计算机技术和网络通信技术的飞速发展，以互联网为代表的计算机网络应用日趋广泛与深入。探寻科学、合理、实用的网络安全风险计算方法已成为网络安全领域研究的热点，并取得了大量的研究成果，但是由于网络安全风险计算的复杂性，现有研究仍然面临诸多挑战。针对传统网络安全风险计算方法的不足，本文重点研究基于攻击图的网络安全风险计算方法。本文将网络安全风险计算对象界定为传统计算方法不能适用的网络攻击造成的安全风险，并在此基础上提出了网络安全计算模型和基于攻击图的网络安全风险计算框架AG-SRC，阐述了计算过程所包含的计算阶段以及计算流程，并深入研究了该框架所涉及的各项关键技术。首先，采用AGML建模语言形式化描述漏洞知识库和目标环境，在深入研究开放漏洞数据库和CAPEC分类方法的基础上，提出了攻击模式的提取方法和攻击模式的分类方法，从而有效支持了大规模目标网络的攻击图的自动构建。其次，通过深入分析传统构建算法的不足和目标环境的特点，本文提出了目标环境的预处理技术，为目标环境中的属性建立索引，然后利用攻击模式的实例化技术构建攻击图；通过对该算法的时间复杂度分析和模拟实验验证，表明该算法具有良好的可扩展性，能够为具有复杂网络拓扑结构的大规模目标网络构建攻击图。再次，通过分析攻击图中循环路径的特点，提出了最大可达概率计算算法和累计概率计算算法，成功地解决了在计算攻击图中各节点被攻击者成功到达的概率时，因为循环路径导致的重复计算问题，并从不同的角度表示节点被攻击者成功到达的可能性；通过深入分析攻击图中节点间的相关性对计算节点被攻击者成功到达的累计概率产生的影响，提出了节点间的独立假定；通过对这两种概率计算算法的时间复杂度分析和模拟实验验证，表明这两种算法具有良好的可扩展性，能够高效地计算大规模复杂攻击图中各个节点被攻击者成功到达的概率。最后，提出了基于攻击图的网络安全风险计算方法，它利用攻击图有效地识别目标网络面临的潜在威胁，以资产的重要性、主机的重要性、威胁发生的概率和威胁产生的后果为基础数据，按照我们制定的风险计算指标体系从底层向上层层聚合，最后计算出主机的风险指数和网络的风险指数，并利用风险邻接矩阵从更细的粒度展示了主机面临的安全风险；按照不同的威胁发生的概率类型和威胁对资产不同安全属性的破坏程度，我们将风险分类，按照粒度的大小从不同的角度来刻画目标网络面临的风险。总之，通过对基于攻击图的网络安全风险计算中关键技术的深入研究，不仅有效支撑和完善了基于攻击图的网络安全风险计算方法，也对攻击图技术的完善和发展起到了积极推动作用。更多还原

【Abstract】 At present, with the rapid development of computer technology and networkcommunication technology, the application of computer network represented by internetis used more and more widely and deeply. Seeking for the scientific, reasonable, andpractical network security risk computation method has become a hotspot in networksecurity areas, and has achieved great results, but because of the complexity of thenetwork security risk computation, the existed researches still face many challenges.According to the shortcomings of the traditional methods, this paper focuses on theresearch on network security risk computation approach based on attack graphs. In thispaper, the object of the network security risk computation is defined as security riskcaused by network attack which is cannot be applied to the traditional computationmethods. Furthermore, a hierarchical network security risk computation frameworkbased on attack graphs AG-SRC is developed, which involves the computation stagesand computation process. In addition, the study goes further in the key technologiescorresponding to the computation stages.Firstly, the modeling language AGML is designed to formally describe the modelsof the given network environment and vulnerability knowledge base. The methods ofextraction and classification for attack patterns are put forward to model the attacker’sability on the basis of the study of the open vulnerability database and vulnerabilityclassification of CAPEC, which effectively support to build attack graphs for the actuallarge-scale network system automatically.Secondly, a pretreatment technology for network environment is proposed tosustain the novel attack graphs generation algorithm, through the in-depth analysis ofthe models’ features of the network environment and the limitation of previousalgorithms. The facts in network environment are indexed by this pretreatmenttechnology, and then attack graphs are generated by instantiating the attack patterns.Moreover, the algorithm’s scalability is explored by analyzing the time complexity andcomputing simulated networks. The experimental result shows the algorithm could beapplied to the large network system.Thirdly, through the analysis of the features of the cyclic paths in attack graphs,maximum reachable probability algorithm and cumulative probability algorithm areproposed to successfully solve the problem of probabilistic re-computing in computingthe probability of nodes in attack graphs, and the likelihood of nodes are showed fromthe perspective of different perspective; The independence assumption between nodes isproposed, through the in-depth analysis of the affect for computing probability of nodescaused by shared dependencies in nodes; Moreover, these two algorithms’ scalability isexplored by analyzing the time complexity and computing simulated networks. The experimental result shows the algorithms could be applied to the large attack graphs.Finally, a network security risk computation approach based on attack graphs isproposed, which utilizes attack graphs to identify the potential threats, and make use ofthe basic data such as importance of asset, importance of host, threats occurrenceprobability and threats impact, and then compute host risk index and network risk indexfrom the bottom to the top according to the risk index system, and use risk adjacencymatrix to show the more granular security risk suffered by the host; Risk is classifiedaccording to different type of threats occurrence probability and threats impact, and riskfaced by the network is characterized from different granularity and perspective.In a word, the above study of the key technologies not only supports thedevelopment of the network security risk computation approach based on attack graphsAG-SRC, but also plays a crucial role in promoting the improvement and developmentof the attack graphs technology.更多还原