安全性是許多使用云計算的組織所關注的一個重要問題。隨著電子政務的出現(xiàn),許多政府也開始關注和使用云計算技術,這無意中吸引了以大公司和政府為目標的高級持續(xù)威脅（APT）攻擊者。云計算組件和大型網絡中存在的安全漏洞（不限于虛擬機監(jiān)控程序、虛擬機和虛擬化）是首要的安全問題。為了對這些網絡中的APT攻擊進行建模和檢測,主要的挑戰(zhàn)是勾畫出高級持久威脅（APT）攻擊者在利用云組件漏洞進行攻擊的關聯(lián)路徑。為了填補現(xiàn)有文獻中的空白,本文介紹了云計算和大型網絡中APT攻擊的建模和檢測過程。在建模和檢測過程中,考慮了兩大類APT,即基于間諜的APT和有組織犯罪的APT。建模過程針對利用漏洞的攻擊路徑和后續(xù)攻擊路徑的生成,提出了一種基于動態(tài)貝葉斯網絡的加權攻擊路徑建模技術。以及提出了一種基于關鍵節(jié)點和關鍵邊緣的多源最短攻擊路徑優(yōu)化算法。以云計算中的GameOver-Zeus僵尸網絡為場景,將其建模為具有動態(tài)復雜網絡特征的無標度網絡。為了克服目前APT研究所面臨的攻擊網絡動力學的局限性,提出了一種基于半監(jiān)督學習方法和復雜網絡特性的新型APT攻擊檢測模型。因此,整個目標網絡隨機建�？梢暈橐粋�小世界網絡,而其中的A... 

【文章來源】：北京科技大學北京市 211工程院校 教育部直屬院校

【文章頁數】：151 頁

【學位級別】：博士

【文章目錄】：
Acknowledgements
Dedication
摘要
Abstract
List of Abbreviations
1 Introduction
    1.1 Background
    1.2 APT Attacks in Cloud Computing
    1.3 Modeling APT Attacks in Cloud Computing Networks
    1.4 Problem Statement and Research Questions
    1.5 Innovations and Contributions
    1.6 Scope and Significance of the study
    1.7 Organization of the dissertation
2 Literature Review
    2.1 Cyber-attacks in Cloud Computing Service Models
    2.2 Cyber-attacks on Cloud Computing Deployment Models
    2.3 Cyber and APT Attacks Modeling
        2.3.1 Cyber-attacks Modeling Approaches
        2.3.2 APT Attacks Modeling Approaches
    2.4 Literature Review Summary
3 Design of the Modeling Methodology
    3.1 Finite State Machines Model-APT States Modeling
    3.2 Bayesian Networks Model-Vulnerability Exploitation
    3.3 Complex Networks Model-Detection Modeling
    3.4 APTs Botnets Utilization
    3.5 Datasets
        3.5.1 Data Processing and Analysis Methods
        3.5.2 CVEs Datasets Processing
        3.5.3 LANL Datasets Processing
    3.6 Tools and Hardware Considerations
        3.6.1 Data Processing Tools
        3.6.2 Data Manipulation and Evaluation Tools
        3.6.3 Network Graphing and Visualization Tools
        3.6.4 Data Clustering and Classification Tools
        3.6.5 Hardware and Testbed Environments
        3.6.6 Scope and Limitations
4 The Bayesian Networks APT Attack Model
    4.1 APT Attackers Profiling
    4.2 Attacker's perception vs Actual system exploitability
    4.3 Cloud Infrastructure Layer Partitioning
        4.3.1 Attack Paths Formalizations
        4.3.2 The Bayesian Attack Network
        4.3.3 Conditional Probabilities with detection
        4.3.4 Path Derivations and Conditional Probability Assignments
        4.3.5 Optimized Shortest Path Algorithm and Edge Weighting
        4.3.6 Attack Complexity and Time Cost
5 Finite State Machine Model for APT Attacks
    5.1 FSM Model for APT Attacks on Discrete Hosts
        5.1.1 Security States and Transitions of a Discrete Host
        5.1.2 Formulation of the APT Attack Model
        5.1.3 Attack Tree Integration and Analysis
    5.2 FSM Model for Bayesian Networks APT Attacks
        5.2.1 APT Attack Source
        5.2.2 APT Attack State
        5.2.3 APT Attack Nodes
    5.3 Global FSM Model for APT Attacks
        5.3.1 APT Attack State Transition Table
        5.3.2 APT Attacks K-maps
6 Complex Networks Model for APT Attacks Detection
    6.1 Unpredictability of APT Attack Lifecycle Stages
    6.2 Dynamism of APT-ANs and Communication Networks
    6.3 Imbalanced Data Distribution
    6.4 Small World Communication Network Model
    6.5 Scale-Free APT-AN Network Model
    6.6 Scarcity of Public APT Data
    6.7 FSM State Changes of Complex Network Nodes in APT-ANs
7 Data Preprocessing and Formatting
    7.1 CVEs and Base Scores
    7.2 Network flows and DNS
    7.3 Feature Normalization
8 Modeling Results and Analyses
    8.1 Bayesian Network Based APT Attack Paths
    8.2 Detection of Multi-stages APTs by a Semi-supervised LearningApproach
        8.2.1 Detection in the Infiltration Phase
        8.2.2 Detection in the Lateral Movement Phase
        8.2.3 Detection in the C2 Beaconing and Exfiltration Phase
        8.2.4 Application of the Clustering and Classification Algorithms
9 Conclusion and Future Directions
    9.1 Conclusion and Significance
    9.2 Future Directions
References
作者簡歷及在學研究成果
學位論文數據集



本文編號：3309321