| Assure the network security is an urgent affair now because the attack incidents become more and more. It is necessary to make a deep research on the technology of network attack above of all. A good research method is to abstract the technology of the different kinds of network attack, distill the essence character, and sum up the basic law. Modeling network attack just is such a method.Currently, there are many influential network attack models, such as attack tree model, ATiki attack model, attack graph model, privilege graph model, and so on. The attack tree model is the first attack model presented by a scientist. Thanks to its simplicity, the model was given to a lot of attention by other scientist soon after it was been presented and, it is an attack model now which get the most researchers'interesting and is applied mostly.However, the attack tree model is not perfect. It couldn't be used to describe the attack course of which attack steps depend on each other recursively. It lean to product a lot of redundant nodes. Its operation ability is not enough to be used to describe the denial of service in details. It can't be used to describe the attack course which is sensitive to time. Unfortunately the fist two faults derive from its tree structure and can't be made up.To overcome the faults whith attack tree, a new attack model—attack lists model is presented. The model is the superset of the attack tree model, and inherits all advantages of the attack tree model. What is more, direct loop is legal and used to describe the attack course of which some attack steps depend on each other, sharing nodes is common and used to avoid to produce redundancy,"not"operation has been introduced to facilitate description the denial of service in details, the time factor has been considered to facilitate description the time-sensive attack course. So, the new model overcomes the faults with attack tree. The formal defining of attack path is presented firstly, which provide the scientific basis for the comparison of the description ability of the attack model. The description of the new model and attack path in math was given, which provide a more concise and precise expression method for them.The calculation formulas of some kinds of problems in network risk analysis are given, which are deduced from the algebra equations of the attack path and make network risk analysis easier. An Intrusion detection system based on attack lists model was presented. It holds a view which can perceive the relation of incidents. So it is capable to detect the attack course composed of legal operation and the attack cousre composed of apparently unrelated attack incidents. What is more, by checking the attack paths, this system can foresee the next step which an attacker will take and know well the degree of him achieved in his goal, so it holds a good ability in predicting potential threats. An attack system base on this model is presented. To find an attack path which meets some special restrictions is easy. So it is very flexible and it holds a good ability in escaping detection. What is more, it coud take intercurrent attack to reduce the time consumption. |
PDF Full Text Request