| With the popularity of the Internet,cyber attacks have become an important security issue that restricts the development of the Internet.New attacks,such as social engineering and APT,represent a new trend of cyber-attacks.Cyber-attacks are no longer limited to software vulnerabilities in terms of exploiting vulnerabilities,but are gradually enhancing the utilization of security management vulnerabilities and security configuration vulnerabilities.By initiating multi-stage cyber attacks,it poses a serious threat to the existing network security and defense mechanisms.In order to identify the attacked path and risk existing in the network information system,the security management vulnerability and the security configuration vulnerability need to be described in the construction of the network security model and incorporated into the analysis scenario.In this paper,ontology taxonomy are constructed from information systems,vulnerabilities,attackers,attack vector and security properties.In the vulnerabilities,ontology classes such as the configuration ontology class and the security management vulnerability class are explicitly constructed to describe security management vulnerabilities and security configuration vulnerabilities.This model can analyze network attack scenarios including new cyber attacks.This paper further proposes a method of ontology-based potential network attack path discovery that describes attackers,vulnerabilities and attack methods.Then SWRL rules are used to characterize the attackers' abilities,and the ontology reasoning engine is used to automatically identify potential multistage network attack path on the information systems.Finally,this article demonstrates the rationality and feasibility of model that be built through some cases. |
PDF Full Text Request