Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Method for Identifying Critical Attack Paths in Business Systems

A business system and attack path technology, applied in the field of network information security, can solve problems such as high complexity, unsuitable attack path identification, unavailable key attack path identification methods, etc., and achieve good scalability

Inactive Publication Date: 2015-12-09
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing key attack path identification methods are very complex and are not suitable for attack path identification in large-scale attack graphs, or a large number of parameters need to be preset when identifying key attack paths, which makes the key attack path identification methods impossible in actual scenarios. use

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Method for Identifying Critical Attack Paths in Business Systems
  • A Method for Identifying Critical Attack Paths in Business Systems
  • A Method for Identifying Critical Attack Paths in Business Systems

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0108] The experimental environment of the WEB application business system referred to in this embodiment is as attached Figure 9 As shown, the following security policy is configured: the firewall deployed at the boundary of the network trust zone divides the network into three security zones: the Internet, the intranet, and the DMZ zone. The WEB server deployed in the DMZ provides WEB services for users. Internal users on the intranet are not allowed to directly connect to the external network to prevent attacks such as external worms from directly entering the internal network and ensure that the WEB server provides external services. The access control strategy between each security domain is as follows: 1) Only Internet users are allowed to access DMZ area H 2 IISWEB service on and H 3 DNS domain name service on the Internet; 2) H in the DMZ area 2 Allow access to H 3 Sendmail service on the Internet and intranet H 4 MYSQL service on; 3) Prohibit H 2 and H 3 Direc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for identifying the key attack path in a service system and belongs to the technical field of network information safety. The method comprising the steps as follows: 1, synthesizing data stream of the service system, vulnerability of the system, security threat, security measures and other factors to establish an attack model of the service system; 2, analyzing the established attack model and building a vulnerability exploitation map comprising all attack paths based on the model analysis result; and 3, converting the vulnerability exploitation map into a standard directed graph and analyzing the standard directed graph through a shortest path method to identify the key attack path that an attacker can reach all targets. The method has the advantages that the expandability is better than that of a traditional attack map, and the computation complexity of identification of the key attack path can be reduced effectively.

Description

technical field [0001] The invention belongs to the technical field of network information security, and in particular relates to a method for identifying a key attack path in a business system. Background technique [0002] The information system carries important business functions of the organization. In order to ensure the security of the information system, the organization often applies various security measures in the system. At the same time, there are inevitably vulnerabilities in the business system. These vulnerabilities may be exploited by attackers, making it possible for attackers to control key nodes in the business system, thereby affecting the continuity of the business system and the confidentiality and integrity of data in the business system. and usability hazards. The various security measures implemented in the business system should not only be able to realize the security functions planned by the business system, but also be able to successfully defe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 吴迪冯登国连一峰陈恺
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com