Description language oriented to attack tree model
-
摘要: 目前网络安全仿真研究中存在缺乏攻击建模方法以及统一描述的问题,因此在采用攻击树建立攻击模型,描述攻击企图、特征和步骤执行过程的基础上,提出一种攻击描述语言CNADL(Computer Network Attack Description Language).攻击树用于对攻击进行建模,并转化为自动机模型.CNADL采用上下文无关文法,用统一的形式描述攻击的目的、方法和步骤,由解释器生成相应操作的命令交付攻击演练系统执行.利用基于GTNetS仿真平台的攻击演练系统对CNADL进行实验验证.结果表明,该语言能有效地刻画攻击特征,结合仿真平台,实现了拒绝服务、蠕虫、口令窃取和IP欺骗4种攻击仿真.Abstract: A main problem of recent researches on network security simulation is the lack of methods to model attack and uniform description. Hence computer network attack description language(CNADL) was presented, with attack tree adopted to model attacks and describe purpose, characteristic and process of attack. Attack tree was used to model attacks and then transformed to automata model. CNADL, which was attack tree model oriented and designed in context-free grammar, described the goal, means and process of different attacks in uniform format. The interpreter translated CNADL into corresponding orders and sent them to attack drilling system. Based on GTNetS simulator, the attack drilling system tested the validity of CNADL. The experimental results show that CNADL is able to describe attack characteristics efficiently, and simulate denial of service(DoS), worm password attack and IP spoof based on GTNetS.
-
Key words:
- computer network attack /
- attack description language /
- attack tree
-
[1] Ye N, Hosmer C, Giordano J, et al. Critical information infrastructure protection through process modeling and model-based information fusion [J]. Proceedings of the Information Survivability Workshop, 1998 [2] 李肖坚. 一种计算机网络自组织的协同对抗模型[J].计算机研究与发展, 2005,42:618-628 Li Xiaojian. A self-organized model of coordinated computer network operation[J]. Journal of Computer Research and Development, 2005,42:618-628(in Chinese) [3] Schneier B. Attack trees[J]. Dr. Dobb-s Journal of Software Tools, 1999,12(24): 21-29 [4] Cohen F B. Simulating cyber attacks, defenses, and consequences[J]. Computers and Sevurity,1999,18(6):479-518 [5] Chi S D, Park J S, Jung K C, et al. Network security modeling and cyber attack simulation methodology Vijay Varadharajan. Australasian Conference on Information Security and Privacy(ACISP). London: Springer-Verlag ,2001: 320-333 [6] Park E K, Yun J B, In H P. Simulating cyber-intrusion using ordered UML model-based scenarios Lecture Notes in Artificial Intelligence(Subseries of Lectwe Notes in Computer Science). London: Springer, 2005 : 643-651 [7] Vigna G, Eckmann S T, Kemmerer R A. Attack languages[J]. Proceedings of the IEEE Information Survivability Workshop (ISW 2000), 2000:163-166 [8] Eckmann S T,Vigna G, Kemmerer R. STATL:An attack language for state-based intrusion detection[J]. Journal of Computer Security, 2002,10:71-104 [9] Cuppens F, Ortalo R. LAMBDA: A language to model a database for detection of attacks[J]. Recent Advances in Intrusion Detection (RAID 2000), 2000, 1907: 197-216 [10] Ce dric M, Ludovic M. ADele: An attack description language for knowledge-based intrusion detection Proc of the 16th Int-l Conf on Information Security. Dordrecht,Holland:Kluwer,2001:353-368 [11] Kotenko I, Man’kov E. Experiments with simulation of attacks against computer networks[J]. Computer Network Security, 2003, 2776:183–194 [12] Joint Chiefs of Staff. Joint Publication 3-13 . US: Department of Defense Dictionary of Military and Associated Terms, 2006
点击查看大图
计量
- 文章访问数: 3166
- HTML全文浏览量: 135
- PDF下载量: 1549
- 被引次数: 0