Extended Petri Net-Based Advanced Persistent Threat Analysis Model
暂无分享,去创建一个
In order to display the attack scene in the description of the multistep process-oriented attack—advanced persistent threat, a specific model on advanced persistent threat behavior analysis—EPNAM is proposed, which is based on the Petri net and combined with the characteristics of APT. Firstly we carry out hierarchical analysis on the attack scene with AHP method to build the APT architecture and extract scene factors, then associate the attack scene with Petri net to construct extended Petri net, and finally, traverse the extended Petri net to generate the formal expression. The proposed model can achieve the combination of the attack scene, attack process, and state space, and its feasibility is proved by the application on actual case analysis of the RSA SecurID theft attack.
[1] Cynthia A. Phillips,et al. A graph-based system for network-vulnerability analysis , 1998, NSPW '98.
[2] James P. McDermott,et al. Attack net penetration testing , 2001, NSPW '00.
[3] Cynthia A. Phillips,et al. Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.