计算机应用研究2018,Vol.35Issue(2):511-514,551,5.DOI:10.3969/j.issn.1001-3695.2018.02.041
基于攻防树的APT风险分析方法
Risk analysis method for advanced persistent threat based on attack-defense trees
摘要
Abstract
Considering the lack of theoretical analysis for systems under APT network attacks,this paper proposed a method to analyze attack risks based on attack-defense trees.This method divided the attack period into attack phase and defense phase and defined respective metrics as well.First,this method constructed behavior nodes by collecting system vulnerabilities and capturing invasive events,and mapped defense strategies to the defense nodes in the tree structure.Besides,it proposed the formal definitions of probability of success for threat,attack cost,defense cost and system impact,and constructed attack-defense tree with metrics using ADTool.In addition,it introduced the concepts of ROA (return on attack) and ROI (return on investment) to analyze system risk.Finally,this paper established a risk analysis framework based on attack-defense trees and demonstrated the proposed approach through a case of APT attack.The calculated results show that it can evaluate countermeasures through the change of metrics.The approach can clearly describe the practical scenario of the interaction between attacks and defenses,and can achieve the goals of risk analysis and countermeasures evaluation.关键词
高级持续威胁(APT)/攻防树/风险分析/网络攻击Key words
advanced persistent threat(APT)/attack-defense trees/risk analysis/cyber attack分类
信息技术与安全科学引用本文复制引用
孙文君,苏旸..基于攻防树的APT风险分析方法[J].计算机应用研究,2018,35(2):511-514,551,5.基金项目
国家自然科学基金资助项目(61572521) (61572521)
