Description language oriented to attack tree model
-
摘要: 目前网络安全仿真研究中存在缺乏攻击建模方法以及统一描述的问题,因此在采用攻击树建立攻击模型,描述攻击企图、特征和步骤执行过程的基础上,提出一种攻击描述语言CNADL(Computer Network Attack Description Language).攻击树用于对攻击进行建模,并转化为自动机模型.CNADL采用上下文无关文法,用统一的形式描述攻击的目的、方法和步骤,由解释器生成相应操作的命令交付攻击演练系统执行.利用基于GTNetS仿真平台的攻击演练系统对CNADL进行实验验证.结果表明,该语言能有效地刻画攻击特征,结合仿真平台,实现了拒绝服务、蠕虫、口令窃取和IP欺骗4种攻击仿真.Abstract: A main problem of recent researches on network security simulation is the lack of methods to model attack and uniform description. Hence computer network attack description language(CNADL) was presented, with attack tree adopted to model attacks and describe purpose, characteristic and process of attack. Attack tree was used to model attacks and then transformed to automata model. CNADL, which was attack tree model oriented and designed in context-free grammar, described the goal, means and process of different attacks in uniform format. The interpreter translated CNADL into corresponding orders and sent them to attack drilling system. Based on GTNetS simulator, the attack drilling system tested the validity of CNADL. The experimental results show that CNADL is able to describe attack characteristics efficiently, and simulate denial of service(DoS), worm password attack and IP spoof based on GTNetS.
-
Key words:
- computer network attack /
- attack description language /
- attack tree
-
[1] Ye N, Hosmer C, Giordano J, et al. Critical information infrastructure protection through process modeling and model-based information fusion [J]. Proceedings of the Information Survivability Workshop, 1998 [2] 李肖坚. 一种计算机网络自组织的协同对抗模型[J].计算机研究与发展, 2005,42:618-628 Li Xiaojian. A self-organized model of coordinated computer network operation[J]. Journal of Computer Research and Development, 2005,42:618-628(in Chinese) [3] Schneier B. Attack trees[J]. Dr. Dobb-s Journal of Software Tools, 1999,12(24): 21-29 [4] Cohen F B. Simulating cyber attacks, defenses, and consequences[J]. Computers and Sevurity,1999,18(6):479-518 [5] Chi S D, Park J S, Jung K C, et al. Network security modeling and cyber attack simulation methodology Vijay Varadharajan. Australasian Conference on Information Security and Privacy(ACISP). London: Springer-Verlag ,2001: 320-333 [6] Park E K, Yun J B, In H P. Simulating cyber-intrusion using ordered UML model-based scenarios Lecture Notes in Artificial Intelligence(Subseries of Lectwe Notes in Computer Science). London: Springer, 2005 : 643-651 [7] Vigna G, Eckmann S T, Kemmerer R A. Attack languages[J]. Proceedings of the IEEE Information Survivability Workshop (ISW 2000), 2000:163-166 [8] Eckmann S T,Vigna G, Kemmerer R. STATL:An attack language for state-based intrusion detection[J]. Journal of Computer Security, 2002,10:71-104 [9] Cuppens F, Ortalo R. LAMBDA: A language to model a database for detection of attacks[J]. Recent Advances in Intrusion Detection (RAID 2000), 2000, 1907: 197-216 [10] Ce dric M, Ludovic M. ADele: An attack description language for knowledge-based intrusion detection Proc of the 16th Int-l Conf on Information Security. Dordrecht,Holland:Kluwer,2001:353-368 [11] Kotenko I, Man’kov E. Experiments with simulation of attacks against computer networks[J]. Computer Network Security, 2003, 2776:183–194 [12] Joint Chiefs of Staff. Joint Publication 3-13 . US: Department of Defense Dictionary of Military and Associated Terms, 2006 期刊类型引用(5)
1. 李俊乐,黄珅,林文俏,谭健,李典,许月文,汪侃炎,陈聪. 焊缝质量离线检测技术的研究现状与发展前景. 金属加工(热加工). 2024(02): 11-22 . 百度学术
2. 康达,孔庆茹,马啸啸,林珊珊,张宏,马兆光,吴慧慧,陈尧. 超声全聚焦成像的裂纹类缺陷定量误差分析. 中国测试. 2024(02): 136-145 . 百度学术
3. 章盟,樊程广,余孙全. 基于全矩阵椭圆成像法的加筋板结构损伤检测. 北京航空航天大学学报. 2024(06): 2033-2042 . 本站查看
4. 吕明轩,张斌,周超. 螺旋焊缝超声波相控阵检测系统参数调试. 焊管. 2023(01): 37-41 . 百度学术
5. 王哲,张超,龙浩南,黎洋. 基于全聚焦相控阵超声的列车轮辋缺陷检测. 自动化应用. 2022(03): 7-9 . 百度学术
其他类型引用(5)
-

计量
- 文章访问数: 3208
- HTML全文浏览量: 140
- PDF下载量: 1549
- 被引次数: 10