作为一种基于模型的脆弱性分析技术,攻击图能够识别网络中存在的脆弱性和它们之间的相互关系,分析出可能的攻击路径和潜在威胁.论文在攻击图的基础上提出了警报关联图的概念,利用攻击图中蕴含的脆弱性先验知识,将实时IDS警报信息映射到攻击路径,动态反映攻击进程和攻击者意图.在此基础上提出了一种基于警报关联图的网络脆弱性量化评估方法,通过计算警报关联边的权值对网络脆弱性进行动态分析,这种方法结合了静态的网络脆弱性先验知识和动态变化的攻击者意图,能有效反映网络脆弱性在动态攻击情况下的变化.%As a model-based vulnerability analysis technology, attack graphs can identify network vulnerabilities and their interactions; they can also reveal all possible attack paths and potential threats. Based on the attack graphs, alert correlation graphs are proposed in the paper. An alert correlation graph maps real-time IDS alerts into attack paths using prior knowledge encoded in attack graph, and reveals attack progresses and attackere' intention dynamically. A novel quantitative network vulnerability assessment method is presented based on the alert correlation graph, which analyzes network vulnerabilities by dynamically computing the weight of alert correlation edges. The research also demonstrates, by examples, that the proposed method combines static prior knowledge about network vulnerabilities with dynamic attackers' intentions, and reveals the change of network vulnerability under real-time attacks.
展开▼
