题名

兩類型入侵偵測攻擊圖與警報關連配對之研究

作者

王智弘;宋孝謙;邱業宸;楊吉閔;陳彥學

关键词

攻擊圖 ; 入侵偵測 ; 警報配對 ; 警報關聯

期刊名称

資訊安全通訊

卷期/出版年月

20卷4期(2014 / 10 / 01)

页次

41 - 53

内容语文

繁體中文
中文摘要

網路攻擊與軟體漏洞(Vulnerability)近年來快速成長,修補甚至預防系統漏洞的工作愈顯重要,尤其在雲端環境中,系統管理者無法有效地逐一檢視大量虛擬機器,並找出潛在的安全漏洞;因此,自動化安全分析工具成為許多專家學者之研究方向與目標。網路攻擊的產生可能源於系統環境參數設定瑕疵,或提供網路服務之軟體本身存在系統漏洞。攻擊圖(Attack Graph)即為掃描現有系統架構之設定後,繪製網路攻擊策略圖,協助管理者針對系統弱點進行修補,提高網路安全之可靠性。入侵偵測系統(Intrusion Detection System)為一種檢驗網路封包內容之工具,若封包內容符合攻擊特徵,將產生對應警報並通知系統管理員。攻擊圖通常與警報關聯有著相互依存的關係。攻擊圖依產生方式概略可分成兩類,本研究擬進行探討與說明。第一類是以系統本身產生的漏洞(Vulnerability)為繪製攻擊圖的依據。第二類是依入侵偵測系統產生的警報為主體所繪製之攻擊情境(Attack Scenario)。本研究在第一類型中運用現有攻擊圖產生工具繪製攻擊圖後,將入侵偵測器產生之警報與攻擊圖配對,當網路攻擊發生時,可藉由警報所對應的節點,得知可能的攻擊過程與進度,達到預測或預防多步驟網路攻擊的效果。警報與攻擊圖配對之結果能用於警報分類,做更進一步之分析應用。而在第二類的研究中則介紹警報關聯之方法概念,利用警報與警報之間的前後關係,分析出攻擊者可能的入侵攻擊策略。
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. MIT Lincoln Laboratory, 2000 Darpa Intrusion Detection Scenario Specific Data Sets, 2000. Available:http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/.http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/
  2. Ahmadinejad, S. H.,Jalili, S.,Abadi, M.(2011).A Hybrid Model for Correlating Alerts of Known and Unknown Attack Scenarios and Updating Attack Graphs.International Journal of Computer and Telecommunications Networking,55(9),2221-2240.
  3. Alserhani, F.,Akhlaq, M.,Awan, I. U,Cullen, A. J.(2010).MARS: Multi-stage Attack Recognition System.24th IEEE International Conference on Advanced Information Networking and Applications (AINA)
  4. Artz, M.(2002).Massachusetts Institute of Technology.
  5. Jajodia, S.,Noel, S.,O'Berry, B.(2005).Topological Analysis of Network Attack Vulnerability.Massive Computing,5,247-266.
  6. Ou, X.,Boyer, W. F.,McQueen, M. A.(2006).A Scalable Approach to Attack Graph Generation.13th ACM conference on Computer and communications security
  7. Ou, X.,Govindavajhala, S.,Appel, A. W.(2005).MulVAL: A Logic-based Network Security Analyzer.14th USENIX Security Symposium
  8. Rao, P.,Sagonas, K. F.,Swift, T.,Warren, D. S.,Freire, J.(1997).XSB: A System for Efficiently Computing Well-founded Semantics.4th International Conference on Logic Programming and Non-Monotonic Reasoning (LPNMR'97)
  9. Ren, H. L.,Stakhanova, N.,Ghorbani, A.(2010).An Online Adaptive Approach to Alert Correlation.Proc. 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
  10. Wang, C. H.,Yang, J.M.(2013).Department of Computer Science and Information, Engineering National Chiayi University.
  11. Wang, L.,Liu, A.,Jajodia, S.(2006).Using Attack Graphs for Correlating, Hypothesizing, and Predicting Intrusion Alerts.Computer Communications,29(15),2917-2933.
  12. Zali, Z.,Hashemi, M. R.,Saidi, H.(2012).Real-Time Attack Scenario Detection via Intrusion Detection Alert Correlation.9th International ISC Conference on Information Security and Cryptology (ISCISC)
  13. Zhang, S.,Li, J.,Chen, X.,Fan, L.(2008).Generating Network Attack Graphs for Security Alert Correlation.The 3rd International Conference on Communications and Networking
  14. Zhu, B.,Ghorbani, A. A.(2006).Alert correlation for extracting attack strategies.International Journal of Network Security,3(3),244-258.
print cancel