Method for identifying key attack path in service system

A business system and attack path technology, applied in the field of network information security, can solve problems such as high complexity, unsuitable attack path identification, unavailable key attack path identification methods, etc., and achieve good scalability

Inactive Publication Date: 2012-05-09
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF5 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing key attack path identification methods are very complex and are not suitable for attack path identification in large-scale attack graphs, or a large number of parameters need to be preset when identifying key attack paths, which makes the key attack path identification methods impossible in actual scenarios. use

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for identifying key attack path in service system
  • Method for identifying key attack path in service system
  • Method for identifying key attack path in service system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0108] The experimental environment of the WEB application business system referred to in this embodiment is as attached Figure 9 As shown, the following security policies are configured: the firewall deployed at the border of the network trust domain divides the network into three security domains: Internet, intranet and DMZ. The WEB server deployed in the DMZ provides WEB services for users. Internal users of the internal network are not allowed to directly connect to the external network, to prevent external worms and other attacks from directly entering the internal network and to ensure that the WEB server provides services to the outside world. The access control policies between the security domains are as follows: 1) Only Internet users are allowed to access the DMZ zone H 2 IIS WEB Service and H 3 DNS domain name service on the DMZ; 2) H in the DMZ 2 Allow access to H 3 Sendmail service on and intranet H 4 MYSQL service on the server; 3) prohibit H 2 and H 3 D...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for identifying the key attack path in a service system and belongs to the technical field of network information safety. The method comprising the steps as follows: 1, synthesizing data stream of the service system, vulnerability of the system, security threat, security measures and other factors to establish an attack model of the service system; 2, analyzing the established attack model and building a vulnerability exploitation map comprising all attack paths based on the model analysis result; and 3, converting the vulnerability exploitation map into a standard directed graph and analyzing the standard directed graph through a shortest path method to identify the key attack path that an attacker can reach all targets. The method has the advantages that the expandability is better than that of a traditional attack map, and the computation complexity of identification of the key attack path can be reduced effectively.

Description

technical field [0001] The invention belongs to the technical field of network information security, and in particular relates to a method for identifying key attack paths in a business system. Background technique [0002] The information system carries the important business functions of the organization. In order to ensure the security of the information system, the organization often applies various security measures in the system. At the same time, business systems inevitably have vulnerabilities, which may be exploited by attackers, making it possible for attackers to control key nodes in the business system, thereby affecting the continuity of the business system and the confidentiality and integrity of data in the business system. and availability hazard. The various security measures implemented in the business system should not only realize the planned security functions of the business system, but also be able to successfully defend against attackers exploiting v...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 吴迪冯登国连一峰陈恺
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap