Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph

Aiming at the problem of complex multi-step attack detection, the method of attack scenario construction oriented to cloud computing environment was studied.Firstly, a dynamic probabilistic attack graph model was constructed, and a probabilistic attack graph updating algorithm was designed to make i...

Full description

Saved in:
Bibliographic Details
Main Authors: Wenjuan WANG, Xuehui DU, Dibin SHAN
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2021-01-01
Series:Tongxin xuebao
Subjects:
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2021004/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Aiming at the problem of complex multi-step attack detection, the method of attack scenario construction oriented to cloud computing environment was studied.Firstly, a dynamic probabilistic attack graph model was constructed, and a probabilistic attack graph updating algorithm was designed to make it update periodically with the passage of time and space, so as to adapt to the elastic and dynamic cloud computing environment.Secondly, an attack intention inference algorithm and a maximum probability attack path inference algorithm were designed to solve the uncertain problems such as error and fracture of attack scenarios caused by false positive or false negative, and ensure the accuracy of attack scenario.Meanwhile, the attack scenario was dynamically evolved along with the dynamic probability attack graph to ensure the completeness and freshness of the attack scenario.Experimental results show that the proposed method can adapt to the elastic and dynamic cloud environment, restore the penetration process of attacker’s and reconstruct high-level attack scenario, and so provide certain references for building supervised and accountable cloud environment.
ISSN:1000-436X