摘要
提出了一种改进的扩充攻击树结构和攻击树算法,依据用户SPRINT计划来识别授权用户的恶意行为。该算法分为3个阶段:剪枝攻击树阶段:针对每个授权用户的SPRINT计划,判断子攻击树是否存在后构造相应子攻击树;最小攻击树阶段:剔除无用分支,判断其存在性后生成最小攻击树;风险分析阶段:动态生成最小攻击树中各节点当前的攻击概率,通过更加精确的量化方法辅助系统安全人员做出决策。
An improved augmented attack tree and attack tree algorithms were proposed, which can identify malicious activities from authorized insiders in terms of their SPRINT plan. The algorithm is divided into three phases: in pruning attack tree phase, SPRINT plan aiming at each insider, an algorithm to verify the existance of a sub-tree is developed. In minimal attack tree phase, by removing invalid branches and checking whether a minimal attack tree still exists, a customized minimal attack tree is generated. In risk analysis phase, the current attack probability for each node of the minimal attack tree is dynamically generated. It can help system administrators make sound decision by a more accurate quantitative approach.
出处
《吉林大学学报(工学版)》
EI
CAS
CSCD
北大核心
2007年第5期1142-1147,共6页
Journal of Jilin University:Engineering and Technology Edition
基金
'十五'国家科技攻关计划项目(2004BA907A20)
吉林省科技发展计划项目(20040304)
作者简介
王辉(1975-),男,博士研究生.研究方向:计算机网络与网络安全技术.E-mail:wanghui_jsj@hpu.edu.cn
刘淑芬(1950-),女,教授,博士生导师.研究方向:计算机网络与网络安全技术.E-mail:liusf@mail.jlu. edu.cn 通讯联系人
