|
|
 |
| |
|
|
|
Approach to Security Attack Pattern Networks on the Basis of Bayesian Networks |
|
|
|
PP: 233-241 |
|
|
|
Author(s) |
|
|
|
Chao Xu,
Guangquan Xu,
Xiaohong Li,
Zhiyong Feng,
Zhaopeng Meng,
|
|
|
|
Abstract |
|
|
| Researchers are becoming more and more interested in the security issues of software engineering. It will effectively reduce
the cost of development and maintenance in order to detect and predict security threats. In this paper, attack patterns are analysed in
the field of software engineering, and Bayesian Networks is applied to construct attack networks topology, to find the dependencies
of attack patterns. It helps to find the vulnerable points, locate the path of security threats effectively, and predict probable attacks
reasonably. We use multi-variant statistical analysis for the attack networks, and factor analysis is applied to reduce the relevance. In
Dirichlet distribution, the state transition distribution of each attack node is calculated to detect and predict the security threats. In order
to verify the effectiveness and robustness of the approach, buffer flow is chosen as the analysis domain, and 14 attack patterns are
selected for the experiments. It shows that attack patterns are effectively modelled based on Bayesian Networks and potential attack
patterns are discovered, while threats are predicted and located accurately. |
|
|
|
|
|
|
|
