采用混和路径攻击图的防御方案生成方法

通过分析已知漏洞的共性，给出漏洞及其利用规则的形式描述.构造混合路径攻击图（MPAG）模型，扩展攻击图的描述语义.将0-day漏洞利用产生的隐式攻击路径和已知漏洞产生的显式攻击路径描述在同一攻击图中，并计算0-day漏洞利用率的风险.基于混合路径攻击图和多目标优化理论，给出防御方案生成方法及均衡生成成本和风险的防御方案.实验结果表明：混合路径攻击图能描述隐式攻击路径，同时可能引入同一场景下传统攻击图中没被利用过的已知漏洞；基于混合路径攻击图生成的防御方案具有更好的路径覆盖率，能够帮助安全管理员找出防御措施库存在的遗漏.
Abstract: The common properties of known vulnerability were discussed; the formal description of vulnerability and its exploiting rule were proposed. A mixed path attack graph (MPAG) model was constructed to extend the description semantic of attack graph. MPAG could describe the hidden attack path introduced by 0-day vulnerability and the explicit one introduced by known vulnerability in the same attack graph. Also, the risk of 0-day vulnerability exploiting ratio was calculated. At last, based on MPAG and multi-objective theory, the method of defense scheme generation was proposed, which could generate defense scheme cost and risk balanced. The experiment shows that MAPG could describe hidden attack path, and new known vulnerabilities, which are not exploited in traditional attack graph, may be introduced in MPAG; the ratio of path cover of defense scheme generated based on MPAG is better, and the method can help the security manager find out the omission of defense measure library.