一种基于弱点的攻击模式建模与关联分析方法

2014 IEEE 17th International Conference on Computational Science and Engineering Pub Date : 2014-12-19 DOI:10.1109/CSE.2014.203

Lili Lu, Song Huang, Zhengping Ren

{"title":"一种基于弱点的攻击模式建模与关联分析方法","authors":"Lili Lu, Song Huang, Zhengping Ren","doi":"10.1109/CSE.2014.203","DOIUrl":null,"url":null,"abstract":"With growing popularity of online services, the amount of information on web increases dramatically, which has resulted in increasingly concerns on web application security. Subject knowledge is in desperate need to guide security testing against advanced attacks. Unlike common software security weakness study pattern, a combination analysis method based on Colored Petri Net is presented in this paper. An Attack Pattern is modeled to describe a single weakness's specific exploiting process. Then attack nets are constructed as a result of their relational analysis. The method is verified by a case study.","PeriodicalId":258990,"journal":{"name":"2014 IEEE 17th International Conference on Computational Science and Engineering","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Weakness-Based Attack Pattern Modeling and Relational Analysis Method\",\"authors\":\"Lili Lu, Song Huang, Zhengping Ren\",\"doi\":\"10.1109/CSE.2014.203\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With growing popularity of online services, the amount of information on web increases dramatically, which has resulted in increasingly concerns on web application security. Subject knowledge is in desperate need to guide security testing against advanced attacks. Unlike common software security weakness study pattern, a combination analysis method based on Colored Petri Net is presented in this paper. An Attack Pattern is modeled to describe a single weakness's specific exploiting process. Then attack nets are constructed as a result of their relational analysis. The method is verified by a case study.\",\"PeriodicalId\":258990,\"journal\":{\"name\":\"2014 IEEE 17th International Conference on Computational Science and Engineering\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE 17th International Conference on Computational Science and Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSE.2014.203\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 17th International Conference on Computational Science and Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSE.2014.203","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

随着在线服务的日益普及，web上的信息量急剧增加，这导致人们对web应用程序安全性的关注日益增加。我们迫切需要学科知识来指导针对高级攻击的安全测试。不同于常用的软件安全漏洞研究模式，本文提出了一种基于有色Petri网的组合分析方法。对攻击模式进行建模，以描述单个弱点的特定利用过程。然后通过对攻击网络的关联分析，构建攻击网络。通过实例验证了该方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Weakness-Based Attack Pattern Modeling and Relational Analysis Method

With growing popularity of online services, the amount of information on web increases dramatically, which has resulted in increasingly concerns on web application security. Subject knowledge is in desperate need to guide security testing against advanced attacks. Unlike common software security weakness study pattern, a combination analysis method based on Colored Petri Net is presented in this paper. An Attack Pattern is modeled to describe a single weakness's specific exploiting process. Then attack nets are constructed as a result of their relational analysis. The method is verified by a case study.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE 17th International Conference on Computational Science and Engineering

自引率

0.00%

发文量