| At present,with the development and globalization of information technology,hacker incidents such as network intrusions occur frequently.The network security situation is increasingly severe.Major institutions have tried to assess the security of their networks through various security assessment methods.Attack graph technology is based on the overall network vulnerabilities.From the perspective of the attacker,discovering the possibility of an attack and finding all the attack paths leading to a specific key target can help network security experts take targeted defense measures.However,when the number of hosts in the network increases(more than 10),the complexity tends to increase exponentially,and the current form of attack graphs often lacks a logical form,resulting in little effect in the actual application process.Therefore,this paper proposes a logic attack graph generation technology based on Datalog logic query statement and then proposes a method for generating logical attack graphs.Then,a redundant path deletion method is designed to improve the visualization of attack graphs.The main works in this article are as follows:(1)Based on the Datalog logical query language,the security elements of the target network are modeled,including vulnerability declaration,machine configuration,network configuration,and user principal information.At the same time,inference rules and security policies are defined.Security policies refer to the data access and modification actions allowed by the administrator.Derivation rules have a direct impact on the analysis results.This paper presents three attack forms based on attack predicates,covering most of the attack behavior of the attacker.A host access control list concept was proposed to control the connectivity between hosts.By defining security policies,guidelines are given to determine whether user behavior is an attack.(2)The model structure of logic attack graph is proposed,and rules and facts are derived as nodes to form a logic attack diagram of multi-utility and multi-level attack,which can visually express the connection between each behavior of attackers.An attack path generation algorithm is designed.Define the input data structure AttackTrace for this algorithm.The path generation algorithm loops through the AttackTrace set and generates an attack path based on the dependency relationship,which effectively reduces the time complexity of the algorithm.Experiments have verified the applicability in medium-sized networks.(3)A dual-level undesired path determination method based on aggregated subnets is proposed.By giving the definition of control node,the unwanted paths are found from the two perspectives of subnet and subnet,and then the critical path in the original logic attack graph is extracted.At the same time,the abstract node creation strategy is proposed.It is used to represent an attack mode that points all attack paths of the same attack mode to the same node.Users can clearly understand the attack represented by key attacks and improve the visualization of attack graphs. |
PDF Full Text Request