{"title":"An Integrated Formal Description Method for Network Attacks","authors":"Hanlin Yang, Tianyu Chen, Hang Zhang, Wei Wang","doi":"10.1109/CCPQT56151.2022.00055","DOIUrl":null,"url":null,"abstract":"As the complexity and concealment of network attacks are increasing day by day, construction of a comprehensive and effective defense system calls for modeling and formal description of the scenes, techniques and processes of network attacks. Integrating MITRE ATT&CK and MAL (Meta Attack Language) can be a good orientation for current research on network attack description method. This paper proposes a formal description method for network attacks, in which the assets in an information system and the attackers' techniques summarized in the ATT&CK Matrix serve as the vocabulary and an extended MAL serves as the syntax. First, this method differentiates various instances of the same asset category and involves formal description of the attack scene, including the hosts, network environment and their configurations. Second, this method uses a more reasonable classification system for the assets of an information system and a more simplified set of MAL symbols. As is verified by our experiment, this method can generate a comprehensive and clear formal description for the attack scene, attack techniques and attack process of a network attack on a real-world information system, which brings the description level of this kind of integrated method from attacker strategies to network nodes, and can be a guide to defense construction for a real-world information system.","PeriodicalId":235893,"journal":{"name":"2022 International Conference on Computing, Communication, Perception and Quantum Technology (CCPQT)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Computing, Communication, Perception and Quantum Technology (CCPQT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCPQT56151.2022.00055","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
As the complexity and concealment of network attacks are increasing day by day, construction of a comprehensive and effective defense system calls for modeling and formal description of the scenes, techniques and processes of network attacks. Integrating MITRE ATT&CK and MAL (Meta Attack Language) can be a good orientation for current research on network attack description method. This paper proposes a formal description method for network attacks, in which the assets in an information system and the attackers' techniques summarized in the ATT&CK Matrix serve as the vocabulary and an extended MAL serves as the syntax. First, this method differentiates various instances of the same asset category and involves formal description of the attack scene, including the hosts, network environment and their configurations. Second, this method uses a more reasonable classification system for the assets of an information system and a more simplified set of MAL symbols. As is verified by our experiment, this method can generate a comprehensive and clear formal description for the attack scene, attack techniques and attack process of a network attack on a real-world information system, which brings the description level of this kind of integrated method from attacker strategies to network nodes, and can be a guide to defense construction for a real-world information system.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
