[1] 新华网. 国家信息中心联合瑞星发布《2019年中国网络安全报告》[EB/OL]. (2020-01-15)[2020-07-04]. http://www.xinhuanet.com/politic s/202001/15/ c_1125466263.htm
[2] 深信服科技. 关于某黑客组织利用深信服SSL VPN设备漏洞事件的说明. [EB/OL]. (2020-04-07)[2020-07-04]. https://mp.weixin.qq.com/s /lKp_3kPNEycXqfCnVPxoDw
[3] Schneier B . Attack Trees[J]. Doctor Dobbs Journal, 1999, 24(12): 21-29
[4] Phillips C, Swiler L P. A graph-based system for network-vulnerability analysis[C]//Proceedings of the 1998 workshop on New security paradigms. 1998: 71-79.
[5] McDermott J P. Attack net penetration testing[C]//Proceedings of the 2000 workshop on New security paradigms. 2001: 15-21.
[6] Hutchins E M, Cloppert M J, Amin R M. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains[J]. Leading Issues in Information Warfare & Security Research, 2011, 1(1): 80.
[7] Strom B E, Applebaum A, Miller D P, et al. Mitre att&ck: Design and philosophy[J]. Technical report, 2018.
[8] Caltagirone S, Pendergast A, Betz C. The diamond model of intrusion analysis[R]. Center For Cyber Intelligence Analysis and Threat Research Hanover Md, 2013.
[9] Hong J B , Kim D S , Chung C J , et al. A survey on the usability and practical applications of Graphical Security Models[J]. Computer Science Review, 2017, 26(NOV.):1-16
[10代廷合. 一种基于攻击树的网络攻击模型[D]. 重庆: 重庆大学, 2008
[11] Barbara K, Sjouke M, Saša R, et al. Foundations of Attack–Defense Trees[C]// International Workshop on Formal Aspects in Security & Trust. Springer, Berlin, Heidelberg, 2010
[12]陈锋. 基于多目标攻击图的层次化网络安全风险评估方法研究[D]. 长沙:国防科学技术大学, 2009.
[13] Jha S, Sheyner O, Wing J. Two formal analyses of attack graphs[C]//Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15. IEEE, 2002: 49-63.
[14] Kordy B, Piètre-Cambacédès L, Schweitzer P. DAG-based attack and defense modeling: Don’t miss the forest for the attack trees[J]. Computer science review, 2014, 13: 1-38.
[15] Bezawada B, Ray I , Tiwary K . AGBuilder: An AI Tool for Automated Attack Graph Building, Analysis, and Refinement[M]// Data and Applications Security and Privacy XXXIII. Springer, Cham, 2019.
[16] Kumar S, Spafford E H. A pattern matching model for misuse intrusion detection[J]. 1994
[17]高翔. 网络安全评估理论及其关键技术研究. [D]. 郑州:解放军信息工程大学, 2014
[18] Steffan J, Schumacher M. Collaborative attack modeling[C]// Proceedi ngs of the 2002 ACM symposium on Applied computing. 2002: 253-259.
[19]黄光球, 白璐. 基于对象 Petri 网的信任攻击建模与分析[J]. 系统仿真学报, 2017, 29(8): 1702-1711
[20] Wu X Y , Wu X Y . Extended object-oriented Petri net model for mission reliability simulation of repairable PMS with common cause failures[J]. Reliability Engineering & System Safety, 2015, 136(apr.):109-119
[21] Messaoud B I D, Guennoun K, Wahbi M, et al. Advanced Persistent Threat: New analysis driven by life cycle phases and their challenges[C]//2016 International Conference on Advanced Communication Systems and Information Security (ACOSIS). IEEE, 2016: 1-6
[22] Duncan A, Creese S, Goldsmith M. A Combined Attack-Tree and Kill-Chain Approach to Designing Attack-Detection Strategies for Malicious Insiders in Cloud Computing[C]//2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). IEEE, 2019: 1-9
[23] 李汶娟, 张琳琳, 赵楷, 等. 基于攻击树与 Petri 网的软件安全关注点建模[J]. 现代计算机: 中旬刊, 2014 (6): 37-42.
[24]程凯歌. 基于攻击图和 Petri 网的网络攻击模型研究[D]. 西安: 西安建筑科技大学, 2010
[25]胡浩,刘玉岭,张玉臣,张红旗. 基于攻击图的网络安全度量研究综述[J].网络与信息安全学报,2018,4(09):1-16
[26] Qin X, Lee W. Attack plan recognition and prediction using causal networks[C]//20th Annual Computer Security Applications Conference. IEEE, 2004: 370-379.
[27] Poolsappasit N, Dewri R, Ray I. Dynamic security risk management using bayesian attack graphs[J]. IEEE Transactions on Dependable and Secure Computing, 2011, 9(1): 61-74.
[28] Ghani H, Garcia J L, Petkov I, et al. User-centric security assessment of software configurations: A case study[C]//International Symposium on Engineering Secure Software and Systems. Springer, Cham, 2014: 196-212.
[29] Chen Y, Boehm B W. Stakeholder value driven threat modeling for off the shelf based systems[C]//29th International Conference on Software Engineering (ICSE'07 Companion). IEEE, 2007: 91-92.
[30] Khand P A. System level security modeling using attack trees[C]//2009 2nd International Conference on Computer, Control and Communicatio n. IEEE, 2009: 1-6.
[31]陈锋, 张怡, 苏金树, 等. 攻击图的两种形式化分析[J]. 软件学报, 2010, 21(4): 838-848.
[32] Ali H, Khan F A. Attributed multi-objective comprehensive learning particle swarm optimization for optimal security of networks[J]. Applied soft computing, 2013, 13(9): 3903-3921.
[33]阚流星, 鲁鹏俊, 王丽娜, 等. 基于攻击树和 Agent 技术的攻击模型[J].计算机工程, 2003,29(18):80-81
[34]周伟, 王丽娜, 张焕国. 一种基于攻击树的网络攻击系统[J]. 计算机工程与应用, 2006,24:125-128
[35]虞霞. 基于攻击树和模糊层次分析法的网络攻击决策研究[D]. 重庆:重庆大学, 2010.
[36] Sarraute C, Richarte G, Lucángeli Obes J. An algorithm to find optimal attack paths in nondeterministic scenarios[C]//Proceedings of the 4th ACM workshop on Security and artificial intelligence. 2011: 71-80
[37] Idika N , Bhargava B . Extending Attack Graph-Based Security Metrics and Aggregating Their Application[J]. IEEE Transactions on Dependable & Secure Computing, 2012, 9(1):0-85
[38]张继业,谢小权.基于攻击图的渗透测试模型的设计[J]. 计算机工程与设计,2004,06(26),1516-1518
[39] Tidwell T, Larson R, Fitch K, et al. Modeling internet attacks[C]//Proceedings of the 2001 IEEE Workshop on Information Assurance and security. United States Military Academy West Point, NY, 2001, 59.
[40] Noel S, Robertson E, Jajodia S. Correlating intrusion events and building attack scenarios through attack graph distances[C]//20th Annual Computer Security Applications Conference. IEEE, 2004: 350-359.
[41] Qin X, Lee W. Discovering novel attack strategies from INFOSEC alerts[C]//European Symposium on Research in Computer Security. Springer, Berlin, Heidelberg, 2004: 439-456.
[42]王辉, 刘淑芬. 改进的最小攻击树攻击概率生成算法[J]. 吉林大学学報 (工学版), 2007, 37(5): 1142-1147.
[43] Shameli-Sendi A, Ezzati-Jivan N, Jabbarifar M, et al. Intrusion response systems: survey and taxonomy[J]. Int. J. Comput. Sci. Netw. Secur, 2012, 12(1): 1-14.
|