跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.172) 您好!臺灣時間:2025/01/16 07:09
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:劉仁暐
研究生(外文):Ren-Wei Liou
論文名稱:使用可靠的機率估計及證據對應於攻擊圖以開發攻擊早期預測系統
論文名稱(外文):Development of Early Attack Prediction Using Trustworthy Probability Estimation and Evidence Mapping on Attack Graph
指導教授:王智弘王智弘引用關係
指導教授(外文):Chih-Hung Wang
學位類別:碩士
校院名稱:國立嘉義大學
系所名稱:資訊工程學系研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2018
畢業學年度:107
語文別:英文
論文頁數:39
中文關鍵詞:攻擊圖入侵偵測系統證據映對弱點分析
外文關鍵詞:Attack GraphIntrusion Detection SystemEvidence MappingNetwork Vulnerability Analysis
相關次數:
  • 被引用被引用:0
  • 點閱點閱:153
  • 評分評分:
  • 下載下載:11
  • 收藏至我的研究室書目清單書目收藏:0
隨著資訊技術的日新月異以及知識的普及化,網路攻擊的數量日益增加且他們的攻擊手段也越來越複雜,資訊安全的議題就顯得格外的重要。大部分的系統管理者選擇在機器上架設入侵偵測系統(IDS)來監控系統的網路環境。入侵偵測系統會透過分析網路流量或是系統日誌檔 (log) 來發覺是否有異常現象發生,當發現可疑的情況時,入侵偵測系統會發出大量的警報通知系統管理者。資訊含量低且冗贅的警報,會造成分析上的困擾;況且如果只知道系統的現況是無法成功進行防禦的,所以單只依靠入侵偵測系統是不足的。
另一方面,攻擊圖(Attack graph)可以分析資訊系統並於攻擊發生前將該系統可能遭受的攻擊手段提供給系統的管理者,管理者有權可以決定是否修復這些漏洞;但是基於經費及公司其他內部因素考量,並非所有的系統漏洞都可以被修正。在這種情況下攻擊圖可以協助管理者進行預測攻擊。但由於目前所發展的攻擊圖主要應用在事前分析之用途,並不考慮漏洞被利用的機率問題,所以這是我們試圖改進的一個重要議題。
在這篇論文中,我們提出了一個基於攻擊圖的網路攻擊預測架構。透過預先繪出之攻擊圖,管理者可以事先知道各種系統弱點以及攻擊路徑。為了改善機率的問題,我們設計了兩個機率傳遞公式。此外,為了讓攻擊圖可以隨時間及攻擊步驟更新機率,我們設計了證據映對公式來達到此目的,讓攻擊預測更精準,使成功防禦的機率提升。
With the advance on computer science technology, the abilities of attackers have continuously improved as well, and their artifices are getting more and more sophisticated. To secure the system, an intrusion detection system is usually deployed to notice the administrator when abnormal events happen. However, due to the poor quality of IDS alerts, massive quantity of alerts will decrease the analysis performance, let alone most of them are false positive. Furthermore, it is not enough to avoid the attacking threats only knowing current crisis.
On the other hand, attack graph can analyze the information system and provide the administrator some valuable information about which attack tricks the system may suffer. The administrators have the authority to decide whether these system vulnerabilities should be repaired. However, not all vulnerabilities can be fixed under the considerations of funding and other internal factors of the company; hence in this situation, attack graph can assists the administrators predicting attacks. Nevertheless, since currently developed attack graphs are mainly applied on the pre-analysis, they do not concern about the exploitable probability of each vulnerability. Therefore, this thesis focuses on this important issue and tries to improve it.
In this thesis, we proposed a network attack prediction framework based on the improved attack graph with precisely estimated probabilities. According to the pre-drawn probability attack graph, the administrator can realize all possible weak spots and attack paths in the system. For improving probability issue, two probability propagation functions were designed to update the probabilities for the next connected nodes. Moreover, this thesis provides a mapping function to map the exact alert as an evidence to the node of the attack graph and predict the most likely attacking paths for the current situation. This allows the attack prediction more precisely in order to increase the success rate of defense.
摘要 i
Abstract ii
致謝 iv
CONTENTS v
LIST OF FIGURES vii
LIST OF TABLES viii
Chapter 1. Introduction 1
1.1 Overview 1
1.2 Motivation 2
1.3 Contribution 3
1.4 Organization 5
Chapter 2. Preliminaries 6
2.1 Intrusion detection system overview 6
2.2 Common Vulnerabilities and Exposure (CVE) 7
2.3 Common Vulnerability Scoring System (CVSS) 7
2.4 Related Works 8
2.4.1 MulVAL attack graph 8
2.4.2 Attack graph with probability 9
Chapter 3. Proposed Scheme 11
3.1 Alert aggregation 12
3.2 Attack graph preprocess 12
3.3 Evidence mapping 17
Chapter 4. Experiment Results 18
4.1 DARPA 2000 Intrusion Dataset [9] 18
4.1.1 Snort alerts 20
4.1.2 Attack Graph of LLDoS scenario 2 21
4.1.3 Mapping alerts 24
4.2 UNB ISCX-IDS-2012 [25] 27
4.2.1 Attack Graph of ISCX-IDS-2012 30
4.2.2 Mapping alerts 32
Chapter 5. Conclusion 36
References 37
[1] M. U. Aksu, M. H. Dilek, E. I. Tatlı, K. Bicakci, H. I. Dirik, M. U. Demirezen and T. Aykır, “A quantitative CVSS-based cyber security risk assessment methodology for IT systems,” 2017 International Carnahan Conference on Security Technology (ICCST), IEEE, pp. 1-8, 2017.

[2] P. Ammann, D. Wijesekera and S. Kaushik, “Scalable, Graph-Based Network Vulnerability Analysis,” Ninth Conf. Computer and Comm. Security, pp. 217-224, 2002.

[3] CVE Details The ultimate security vulnerability datasource, https://www.cvedetails.com/.

[4] R. Dantu, K. Loper and P. Kolan, “Risk management using behavior based attack graphs,” International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004, IEEE, pp. 445-449, 2004.

[5] J. Dawkins, C. Campbell and J. Hale, “Modeling Network Attacks: Extending the Attack Tree Paradigm,” Workshop Statistical Machine Learning Techniques in Computer Intrusion Detection, 2002.

[6] J. Homer, A. Varikuti, X. Ou and M. A. McQueen, “Improving attack graph visualization through data reduction and attack grouping,” Visualization for computer security, Springer, Berlin, Heidelberg, pp. 68-79, 2008.

[7] S. Jajodia and S. Noel, “Topological vulnerability analysis: A powerful new approach for network attack prevention, detection, and response,” Algorithms, architectures and information systems security, pp. 285-305, 2009.

[8] S. Jha, O. Sheyner and J. Wing, “Two formal analyses of attack graphs,” Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15, IEEE, pp. 49-63, 2002.

[9] Lincoln Lab MIT, 2000 DARPA INTRUSION DETECTION SCENARIO SPECIFIC DATASETS, https://www.ll.mit.edu/r-d/datasets/2000-darpa-intrusion-detection-scenario-specific-datasets

[10] Y. Liu, H. Man, “Network vulnerability assessment using Bayesian networks,” Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005, International Society for Optics and Photonics, pp. 61-72, 2005.

[11] C. Liu, A. Singhal and D. Wijesekera, “Mapping evidence graphs to attack graphs,” 2012 IEEE International Workshop on Information Forensics and Security (WIFS), IEEE, pp. 121-126, 2012.

[12] S. Mathew, R. Giomundo, S. Upadhyaya, M. Sudit and A. Stotz, “Understanding Multistage Attacks by Attack-Track based Visualization of Heterogeneous Event Streams,” Proceedings of the 3rd international workshop on Visualization for computer security, ACM, pp. 1-6, 2006.

[13] A.P. Moore, R.J. Ellison and R.C. Linger, “Attack Modeling for Information Survivability,” Technical Note CMU/SEI-2001-TN001, Carnegie Melon Univ. / Software Eng. Inst., Mar. 2001.

[14] NVD CVSS national vulnerability database cvss support. http://nvd.nist.gov/cvss.cfm.

[15] X. Ou, W. F. Boyer, M. A. McQueen, “A scalable approach to attack graph generation,”13th ACM conference on Computer and communications security, ACM, pp. 336-345, 2006.

[16] X. Ou, S. Govindavajhala and A.W. Appel, “MulVAL: A LogicBased Network Security Analyzer,” 14th Conf. USENIX Security Symp., pp. 113-128, 2005.

[17] C. Phillips and L.P. Swiler, “A Graph-Based System for NetworkVulnerability Analysis,” New Security Paradigms Workshop, pp. 71-79, 1998.

[18] N. Poolsappasit, R. Dewri and I. Ray, “Dynamic security risk management using bayesian attack graphs,” IEEE Transactions on Dependable and Secure Computing, 9.1: 61-74, 2012.

[19] I. Ray and N. Poolsappasit, “Using Attack Trees to Identify Malicious Attacks from Authorized Insiders,” 10th European Symp. Research in Computer Security (ESORICS ’05), pp. 231-246, 2005.

[20] S. Roschke, F. Cheng and C. Meinel, “A new alert correlation algorithm based on attack graph,” Computational Intelligence in Security for Information Systems, Springer, Berlin, Heidelberg, pp. 58-67, 2011.

[21] D. Saha, “Extending Logical Attack Graph for Efficient Vulnerability Analysis,” 15th ACM Conf. Computer and Comm. Security, pp. 63-73, 2008.

[22] B. Schneier, “Attack Trees,” Dr. Dobb’s J., Dec. 1999.

[23] J. Sembiring, M. Ramadhan, Y. S. Gondokaryono and A. A. Arman, “Network Security Risk Analysis using Improved MulVAL Bayesian Attack Graphs,” International Journal on Electrical Engineering and Informatics, Volume 7, Number 4, Des. 2015.

[24] O. Sheyner, J. Haines and S. Jha, “Automated generation and analysis of attack graphs,” Proceedings 2002 IEEE Symposium on Security and Privacy, IEEE, pp. 273-284, 2002.

[25] A. Shiravi, H. Shiravi, M. Tavallaee and A. A. Ghorbani, “Toward developing a systematic approach to generate benchmark datasets for intrusion detection,” computers & security, Volume 31, Issue 3, pp. 357-374, 2012.

[26] A. Singhal and X. Ou, “Security risk analysis of enterprise networks using probabilistic attack graphs,” Network Security Metrics, Springer, Cham, pp. 53-73, 2017.

[27] L. Wang, T. Islam, A. Singhal and S. Jajodia, “An attack graph-based probabilistic security metric,” IFIP Annual Conference on Data and Applications Security and Privacy, Springer, Berlin, Heidelberg, pp. 283-296, 2008.

[28] J. Homer, S. Zhang, X. Ou, D. Schmidt and Y. Du, “Aggregating vulnerability metrics in enterprise networks using attack graphs,” Journal of Computer Security, vol. 21, no. 4, pp. 561-597, 2013.

[29] X. Ou and A. Singhal, Quantitative security risk assessment of enterprise networks, Springer, 2011.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top