首页|期刊导航|电子学报|攻击技战术双层关联建模的个性化风险评估方法

攻击技战术双层关联建模的个性化风险评估方法OA

A Personalized Risk Assessment Approach for Two-Layer Association Modeling of Attack Techniques and Tactics

中文摘要英文摘要

以MITRE ATT&CK框架为指导,通过刻画攻击者的战术目标与技术手段,利用攻击图进行网络安全风险建模与评估,已成为当前应对复杂多步攻击威胁的重要手段之一.然而,随着攻击场景和攻击链条日益复杂,现有基于ATT&CK的攻击路径建模与风险评估方法仍存在一定局限性.一方面,现有攻击路径建模过程仅考虑ATT&CK框架中攻击技术间的直接转移关系,忽略了战术层面的攻击语义,削弱了对复杂多阶段攻击路径的高层次语义约束能力.另一方面,依赖通用漏洞特征的攻击图风险量化评估方法,忽略了不同组织对关键资产的关注差异,导致评估结果缺乏资产个性化适配.针对上述挑战,本文提出攻击技战术双层关联建模的个性化风险评估方法.首先,通过构建技战术双层关联模型对技战术间潜在关系建模,结合维特比算法求解攻击战术阶段演变路径,在路径推理过程中引入战术层面的阶段约束.随后,构建融合攻击行为属性与资产个性化的定制化威胁量化模型,通过前向算法将状态转移概率与威胁量化指标耦合,实现对网络整体安全风险评估.实验结果表明,所提出的方法在实际网络环境中,路径建模与风险评估能力均优于其他现有主流评估模型,其综合风险评估准确率相较对比方法平均提升48.95%,验证了该方法在复杂攻击场景下的有效性与实用价值.

Guided by the MITRE ATT&CK framework,modeling and assessing cybersecurity risks by modeling at-tackers'tactical objectives and technical methods through attack graphs have become one of the key approaches to counter-ing complex multi-step attack threats.However,as attack scenarios and attack chains grow increasingly intricate,existing ATT&CK-based attack path modeling and risk assessment methods exhibit certain limitations.On the one hand,current at-tack path modeling processes only consider direct transition relationships between attack techniques within the ATT&CK framework,overlooking tactical-level attack semantics and weakening the ability to impose high-level semantic constraints on complex multi-stage attack paths.On the other hand,attack graph-based risk quantification methods relying on generic vulnerability characteristics overlook differences in organizational focus on critical assets,resulting in assessment outcomes that lack personalized asset adaptation.To address these challenges,this paper proposes a personalized risk assessment meth-od based on dual-layer association modeling of attack techniques and tactics.First,a dual-layer association model is con-structed to capture potential relationships between techniques and tactics.Combined with the Viterbi algorithm,this model infers the evolution paths of attack tactics,introducing tactical-level stage constraints during path inference.Subsequently,a customized threat quantification model is developed by integrating attack behavior attributes with asset-specific characteris-tics.Through a forward algorithm,state transition probabilities are coupled with threat quantification metrics to achieve ho-listic network security risk assessment.Experimental results demonstrate that the proposed method outperforms existing mainstream assessment models in both path modeling and risk evaluation capabilities in real-world network environments.Compared with competing approaches,the proposed method achieves an average improvement of 48.95%in comprehensive risk assessment accuracy,validating its effectiveness and practical value in complex attack scenarios.

仇晶;农李晨;孙一飞;操晓春;陈玺名;张睿智

广州大学网络空间安全学院,广东 广州 510006广州大学网络空间安全学院,广东 广州 510006广州大学网络空间安全学院,广东 广州 510006中山大学网络空间安全学院,广东 深圳 519082广州大学网络空间安全学院,广东 广州 510006广州大学网络空间安全学院,广东 广州 510006

信息技术与安全科学

网络安全逻辑攻击图风险评估隐马尔可夫模型ATT&CK框架风险路径识别

cybersecuritylogical attack diagramrisk assessmenthidden Markov modelATT&CK frameworkrisk path identification

《电子学报》 2026 (1)

1-18,18

国家自然科学基金(No.U24A20336)国家科技重大专项(No.2022ZD0119602)广州市科技计划项(No.2024A03J0399)鹏程实验室重大重点项目(No.PCL2024A05) National Natural Science Foundation of China(No.U24A20336)National Science and Tech-nology Major Project of China(No.2022ZD0119602)Guangzhou Science and Technology Program(No.2024A03J0399)Major Key Project of Pengcheng Laboratory(No.PCL2024A05)

10.12263/DZXB.20250681

评论