HASN: A Hierarchical Attack Surface Network for System Security Analysis

被引：0

作者：

Huang, Kangyu ^{[1
]}

Yang, Lin ^{[2
]}

Fu, Renfang ^{[3
]}

Zhou, Shengli ^{[4
]}

Hong, Zheng ^{[1
]}

机构：

[1] Army Engn Univ, Coll Command & Control Engn, Nanjing 210007, Jiangsu, Peoples R China

[2] China Elect Equipment & Syst Engn Corp, Beijing 100141, Peoples R China

[3] State Grid Jiangsu Elect Power Co, Res Inst, Nanjing 210019, Jiangsu, Peoples R China

[4] Zhejiang Police Coll, Informat Dept, Hangzhou 310053, Zhejiang, Peoples R China

来源：

CHINA COMMUNICATIONS | 2019年 / 16卷 / 05期

关键词：

attack surface; security analysis; security model; risk assessment; GRAPH;

D O I：

暂无

中图分类号：

TN [电子技术、通信技术];

学科分类号：

0809 ;

摘要：

Attack surfaces, as one of the security models, can help people to analyse the security of systems in cyberspace, such as risk assessment by utilizing various security metrics or providing a cost-effective network hardening solution. Numerous attack surface models have been proposed in the past decade, but they are not appropriate for describing complex systems with heterogeneous components. To address this limitation, we propose to use a two-layer Hierarchical Attack Surface Network (HASN) that models the data interactions and resource distribution of the system in a component-oriented view. First, we formally define the HASN by extending the entry point and exit point framework. Second, in order to assess data input risk and output risk on the HASN, we propose two behaviour models and two simulation-based risk metrics. Last, we conduct experiments for three network systems. Our experimental results show that the proposed approach is applicable and effective.

引用

页码：137 / 157

页数：21

共 50 条

[1] HASN:A Hierarchical Attack Surface Network for System Security Analysis
Kangyu Huang
Lin Yang
Renfang Fu
Shengli Zhou
Zheng Hong
中国通信, 2019, 16 (05) : 137 - 157
[2] Analysis of Network Attack Technologies and Network Security
Pei, Xu
PROCEEDINGS OF THE 2016 7TH INTERNATIONAL CONFERENCE ON EDUCATION, MANAGEMENT, COMPUTER AND MEDICINE (EMCM 2016), 2017, 59 : 111 - 114
[3] An estimation of attack surface to evaluate network (in)security
Atzeni, Andrea
Lioy, Antonio
ICEIS 2007: PROCEEDINGS OF THE NINTH INTERNATIONAL CONFERENCE ON ENTERPRISE INFORMATION SYSTEMS: INFORMATION SYSTEMS ANALYSIS AND SPECIFICATION, 2007, : 493 - 497
[4] Network Security Analysis of Industrial Control System Based on Attack-Defense Tree
He, Sui
Lei, Ding
Shuang, Wang
Liu, Chunbo
Gu, Zhaojun
PROCEEDINGS OF 2020 IEEE INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND INFORMATION SYSTEMS (ICAIIS), 2020, : 651 - 655
[5] Network Security Situation Analysis Aimed at Distributed Attack
Fu Yanming
Chen Wen
Li Lin
Pan Yanxian
MATERIALS SCIENCE AND ENGINEERING, PTS 1-2, 2011, 179-180 : 1005 - +
[6] Analytical Approach to Attack Graph Analysis for Network Security
Kijsanayothin, Phongphun
Hewett, Rattikorn
FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 25 - 32
[7] Cyber attack modeling and simulation for network security analysis
Kuhl, Michael E.
Kistner, Jason
Costantini, Kevin
Sudit, Moises
PROCEEDINGS OF THE 2007 WINTER SIMULATION CONFERENCE, VOLS 1-5, 2007, : 1159 - +
[8] Compressing Network Attack Surfaces for Practical Security Analysis
Everson, Douglas
Cheng, Long
2021 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2021), 2021, : 23 - 29
[9] A Hierarchical Network Security Risk Assessment Method Based on Vulnerability Attack Link Generated
Yang, Jungang
Liang, Li
Yang, Yanfeng
Zhu, Guangliang
2012 INTERNATIONAL SYMPOSIUM ON INFORMATION SCIENCE AND ENGINEERING (ISISE), 2012, : 113 - 118
[10] EFFECT OF WORMHOLE ATTACK IN HIERARCHICAL BODY AREA NETWORK AND NEED FOR STRICT SECURITY MEASURES
Divya, R.
Sundararajan, T. V. P.
Deepak, K. R.
2015 6TH INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND NETWORKING TECHNOLOGIES (ICCCNT), 2015, : 136 - 142

← 1 2 3 4 5 →