《level里面放置的主要是攻击者尝试利用系统的弱点以进课件.ppt》由会员分享,可在线阅读,更多相关《level里面放置的主要是攻击者尝试利用系统的弱点以进课件.ppt(14页珍藏版)》请在三一办公上搜索。
1、A Structural Framework for Modeling Multi-Stage Network Attacks,Daley,Larson,DawkinsUniversity of Tulsa2002 IEEE,Outline,IntroductionStratified Node TopologyAttack Node CorrelationContext Sensitive NodesExample Attack ScenariosApplicationsRelated WorkConclusions,Introduction,Attack trees represent g
2、oal-oriented attack behaviors multistagecasual relationships between events or states“AND”,“OR”nodes can be weighted to reflect the likelihood of success for a particular attack,Introduction(cont.),Disadvantagedo not provide a comprehensive model for the analysis of network vulnerabilityExtended att
3、ack tree paradigmintroduce functionality to allow for a comprehensive representation of attackstratified node topologyevent-level,state-level,top-level nodes,Stratified Node Topology(SNT),Stratified Node Topology,Three layers partition attack tree based on functionality and allow for a more precise
4、portrayal of the mechanics of an attack.Event-Leveldirect activities of an attackernodes correspond directly to intrusion detection system alerts,Stratified Node Topology(cont.),State-Levelgeneralized intermediate objectives in an attackconceptual steps(abstract goals)fairly constantex:“execute arbi
5、trary code”,“modify protected file”Top-Levelultimate intentions of an attackertop-level nodes may also be starting points for other attacks,Attack Node Correlation,relationship between nodesimplicit linkallow individual nodes in the tree to imply another nodeex:perform a buffer overflow exploit to e
6、xecute arbitrary codeexplicit linkwhen an attack provides a capability to execute additional nodes but does not actually invoke an instance of a new nodeex:obtain root access,next to compromise additional systems or steal information,Context Sensitive Nodes,Assign parameter values to attack nodeboun
7、d the search space of attacksreduce the likelihood of false positives,Example Attack Scenarios,Example Attack Scenarios(cont.),The composable goal-oriented behavior of the Stratified Node Topology lends the ability to describe the events that enable an attack.,Applications,To express this model,two
8、languages have been designed:Attack Modeling Language(AML)express requirements and results of attackrelationships between attacksNetwork Modeling Language(NML)An analytical vulnerability engine utilizes NML specifications in conjunction with AML definitions to construct vulnerability attack trees.,R
9、elated Work,IDIOT project adaptation of Colored Petri Netsview a single attack as a pattern of states rather than linking multiple attacks togetherthis tool was not meant for attack correlation across a network,Conclusions,The modeling framework classify multistage network attacks in a composable,functional structureThe approach provides a method for correlating attacks and expressing the capabilities they permit,
