Research On Attack Impact Assessment Of Representative Attacks

Attack Resistance Test (ART) is a newly emerging technology of network security assessment. In ART test, attack impact assessment is a connecting link between the attack and the anti-attack capability assessment. Proper attack impact assessment method can be used to guide attack impact detection and the results are important foundation of anti-attack capability evaluation.In the context of Attack Resistance Test, this dissertation makes research on the attack impact assessment indexes and evaluation arithmetic of two representative kinds of attack: DoS attack and buffer overflow attack.The main work of this dissertation is as follows:1) Evaluation index system of DoS attack impact is proposed. Based on deeply analysis of DoS attack's attack impact, evaluation index system of DoS attack impact is proposed, which includes quality of service evaluation indexes and attack impact reason indexes.2) Single DoS's attack impact assessment method is established. According the index system, a user-centric three-dimensional attack impact model and arithmetic is established, and the method of making sure the reason of denial of service is also proposed, then single DoS's attack impact assessment method is established.3) A comparatively complete hierarchical DoS attack resistant testing method is proposed. According DoS attack impact's hierarchical characteristic, a comparatively complete hierarchical DoS attack resistant testing method is proposed, then a attack impact evaluation integration algorithm is proposed.4) Process execution profile model is proposed and attack impact detection method based on two-level process execution profile monitor is proposed. Based on refining the characteristic of buffer overflow exploit code and concluding attack impact of buffer overflow attack, we adopt Windows Native API as data resource in buffer overflow attack impact assessment. Process execution profile model is proposed and attack impact detection method based on two-level process execution profile monitor is proposed.5) Buffer overflow attack impact's authorization and privilege escalating evaluation arithmetic is proposed based on the authorization and privilege analysis of Windows Native API.6) Attack impact experiments of DoS and Buffer overflow successfully demonstrate that our method can reflect the actual attack impact objectively and effectively.