引用本文
  • 章秀,刘宝旭,龚晓锐,于磊,宋振宇.Explore-Exploit:一种模拟真实网络渗透场景的安全竞赛[J].信息安全学报,2020,5(4):55-71    [点击复制]
  • ZHANG Xiu,LIU Baoxu,GONG Xiaorui,YU Lei,SONG Zhenyu.Explore-Exploit: A Security Competition Modeling the Real-world Network Penetration Scenario[J].Journal of Cyber Security,2020,5(4):55-71   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 5021次   下载 7343 本文二维码信息
码上扫一扫!
Explore-Exploit:一种模拟真实网络渗透场景的安全竞赛
章秀1,2, 刘宝旭1,2, 龚晓锐1,2, 于磊1,2, 宋振宇1,2
0
(1.中国科学院信息工程研究所 北京 中国 100093;2.中国科学院大学网络空间安全学院 北京 中国 100049)
摘要:
安全竞赛对网络安全领域人才的培养和选拔至关重要,然而在有限资源条件下如何设计与实现真实度高的竞赛场景是经典难题。本研究围绕着解决该难题的3个关键挑战展开。本研究首先将现实世界中的网络渗透场景建模为多步骤、多跳板、多漏洞组合渗透过程;然后应用攻击图技术对复杂网络信息系统中脆弱点及其关联关系的描述能力进行设计;最后借助于网络靶场平台的大规模复杂异构网络快速复现能力进行实现。本研究以内网攻防渗透赛的形式展开实验,取名为Explore-Exploit,实验中最长的渗透路径包含4个跳板机,组合利用了3个漏洞和1个服务,达到了预期的演训效果。相比现有竞赛场景,Explore-Exploit包含更丰富的场景元素,比如网络拓扑探测、内网横向移动、数据资产发现等,对真实网络渗透场景的还原度更高。
关键词:  真实网络渗透场景  攻击图技术  网络靶场  人才培养  安全竞赛
DOI:10.19363/J.cnki.cn10-1380/tn.2020.07.05
投稿时间:2017-12-19修订日期:2018-04-10
基金项目:本论文获得中国科学院网络测评技术重点实验室和网络安全防护技术北京市重点实验室资助。获得了北京市科学技术委员会(No.D161100001216001,No.Z161100002616032)课题资助。
Explore-Exploit: A Security Competition Modeling the Real-world Network Penetration Scenario
ZHANG Xiu1,2, LIU Baoxu1,2, GONG Xiaorui1,2, YU Lei1,2, SONG Zhenyu1,2
(1.Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)
Abstract:
Security competitions have become increasingly popular events for cultivating and selecting elites in the field of information security. However, how to design a highly realistic scenario under the condition of limited resources is a classic problem. This research revolves around three key challenges in solving this difficult problem. In this paper, we first model the network penetration scenario in the real-world as a multi-step, multi-host infiltration process combined with multiple vulnerabilities. Then the design is performed by making use of attack graph techniques which are capable of describing the dependency between vulnerabilities in a complex network information system. Finally, with the support of a cybersecurity testbed which is born to an experimental platform with the ability to quickly reproduce and reconfigure a large-scale network, we implement the entire design. In this study, the experiment was conducted in the form of an intranet attack-defense network penetration competition, named as Explore-Exploit. The longest penetration path in the experiment included four hosts and combined with three vulnerabilities, along with a service, which achieved the motivated goal. Compared to the existing competitions, Explore-Exploit contains more elements, such as network topology exploring, intranet lateral movement, data asset discovery and more. It’s proved that Explore-Exploit is more faithful to the authenticity of the real-world network penetration scenario.
Key words:  real-world network penetration scenario  attack-graph technique  cybersecurity testbed  talent training  security competition