论文信息 - A Weakness-Based Attack Pattern Modeling and Relational Analysis Method

A Weakness-Based Attack Pattern Modeling and Relational Analysis Method

With growing popularity of online services, the amount of information on web increases dramatically, which has resulted in increasingly concerns on web application security. Subject knowledge is in desperate need to guide security testing against advanced attacks. Unlike common software security weakness study pattern, a combination analysis method based on Colored Petri Net is presented in this paper. An Attack Pattern is modeled to describe a single weakness's specific exploiting process. Then attack nets are constructed as a result of their relational analysis. The method is verified by a case study.

Song Huang | Lili Lu | Zhengping Ren

[1] StakhanovaNatalia,et al. Software fault tree and coloured Petri net based specification, design and implementation of agent-based intrusion detection systems , 2007 .

[2] Duminda Wijesekera,et al. Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[3] Richard P. Lippmann,et al. An Annotated Review of Past Papers on Attack Graphs , 2005 .

[4] Andrew P. Moore,et al. Attack Modeling for Information Security and Survivability , 2001 .

[5] S.T. Redwine,et al. Processes for producing secure software , 2004, IEEE Security & Privacy Magazine.

[6] Rüdiger Valk,et al. Petri nets for systems engineering - a guide to modeling, verification, and applications , 2010 .

[7] Markus Schumacher,et al. Collaborative attack modeling , 2002, SAC '02.

[8] Bruce Schneier,et al. Secrets and Lies: Digital Security in a Networked World , 2000 .

[9] James P. McDermott,et al. Attack net penetration testing , 2001, NSPW '00.