一种基于攻击图的入侵响应方法-CiteSeerX.PDFVIP

ISSN 1000-9825, CODEN RUXUEW E-mail: jos@ Journal of Software , Vol.19, No.10, October 2008, pp.2746−2753 DOI: 10.3724/SP.J.1001.2008.02746 Tel/Fax: +86-10 © 2008 by Journal of Software . All rights reserved. ∗ 一种基于攻击图的入侵响应方法 1+ 2 1 1 石 进 , 郭山清 , 陆 音 , 谢 立 1(南京大学 计算机科学与技术系,江苏 南京 210093) 2( 山东大学 计算机科学与技术学院, 山东 济南 250101) An Intrusion Response Method Based on Attack Graph 1+ 2 1 1 SHI Jin , GUO Shan-Qing , LU Yin , XIE Li 1(Department of Computer Science and Technology, Nanjing University, Nanjing 210093, China) 2(School of Computer Science and Technology, Shandong University, Ji’nan 250101, China) + Corresponding author: E-mail: zgnjack@ Shi J, Guo SQ, Lu Y, Xie L. An intrusion response method based on attack graph. Journal of Software, 2008, 19(10):2746−2753. /1000-9825/19/2746.htm Abstract : System incentive and alternation of attacker’s strategies are not taken into full consideration in current intrusion response research. An intrusion response model (intrusion response based on attack graph, IRAG) based on the attack graph is proposed to solve this problem. IRAG model deals well with the attack’s intent and alternation of strategies, and takes account of incentives of system and attacker across-the-board. The experimental results show that the IRAG model can effectively improve the accuracy and effectiveness of alert response. Key words: attack graph; information security; intrusion response; security metric; game theory 摘 要: 针对当前入侵响应工作中存在的不能充分考虑系统的收益,以及不能充分考虑攻击者策略变化因素等问 题,提出了一种基于攻击图的入侵响应IRAG(intrusion response based on attack graph)模型.该模型较好地解决