Vulnerability utilization process reconstruction method and device based on traceability graph and storage medium

According to the method, log data is taken as a main data basis, and vulnerability library knowledge and ATTamp are introduced at the same time through data acquisition and graph compression technologies; according to a CK model framework, an ontology model emphasizing attack behaviors and vulnerabi...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	YU LIBIN, ZHUANG YI, LIU QI, WANG LIMING, HAO WEI, LEI ZHEN, HUANG HAIDONG, ZHANG XIAO, YUAN DING, FU RAO, SHI XIAOZHEN, DAI PENG, ZHANG WENLONG, MIAO QIU, YU JING, ZHANG KEKE, GAO HAILONG, ZHANG XINZONG
Format:	Patent
Sprache:	chi ; eng
Schlagworte:	ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	According to the method, log data is taken as a main data basis, and vulnerability library knowledge and ATTamp are introduced at the same time through data acquisition and graph compression technologies; according to a CK model framework, an ontology model emphasizing attack behaviors and vulnerability source expression is established through technologies such as knowledge collection, knowledge fusion and knowledge processing, a traceability graph is jointly constructed by applying a knowledge reasoning technology and combining a causal relationship optimized and adjusted for a penetration process, and reconstruction of a vulnerability penetration utilization process is completed based on the traceability graph. According to the invention, ATTamp is fused; the CK attack model can effectively and intuitively discover the attack means of an attacker, and provides knowledge reserve and thought help for subsequent active defense. Meanwhile, the complete penetration process is clearly displayed through the graph,