資訊管理學報

楊欣哲;彭勝寶;
頁: 1-38
日期: 2013/01
摘要: 隨著網路技術的快速發展與Web應用系統的普及化,網站系統面臨各種入侵攻擊的威脅,例如:木馬病毒的威脅、DDoS攻擊、系統和應用程式的弱點攻擊等,皆以破壞網站或竊取敏感性資料為目的。針對當前的各種風險評估方法不能有效地找出系統弱點及攻擊手法,造成評估的結果無法完整表現出真正的威脅途徑。因此,本研究以攻擊樹(Attack Tree)為基礎,延伸應用在風險分析上,利用攻擊樹的特性來描繪攻擊情境,並且設計一個改良式威脅計算演算法,亦即考慮攻擊困難度與偵測防禦度以計算威脅的各種攻擊組合,稱之為延伸型攻擊樹分析法。延伸型攻擊樹分析法可針對各種威脅之影響加以評估,此法有別於一般風險評估,是以「威脅」為單位而不是以「資產」為單位來進行風險評估,可改善一般風險分析法之威脅與描述不足的地方。本研究以網站系統為例,進行安全威脅分析,獲得網站安全的風險評估等級,證明延伸型攻擊樹分析法可有效地評估網站系統的風險值,以作為系統管理者對資訊安全風險評估之依據。最後,將延伸型攻擊樹分析法與傳統風險分析法作一比較,說明此風險評估方法可以改善傳統風險分析法不足的地方,增加風險評估的可用性及客觀性。
關鍵字: 攻擊樹;延伸型攻擊樹分析法;風險分析;資訊安全;網站安全;

Extended Attack Tree Analysis Method to Assess the Security Risks on the Website


Abstract: According to the fast development of network technology and the popularization of extensive Web applications, Web information system faces various kinds of attacks, such as Trojan virus threats, DDoS attacks, system and application's vulnerability attacks, etc. The target of these attacks is for destroying Websites or stealing sensitive data. A variety of risk assessments for current systems cannot effectively identify possible paths of attacks and system vulnerabilities. Thus, the assessment results do not demonstrate a real threat path. This paper utilizes the concept of attack trees and extends and applies it to security risk analysis. Hence, we employ the features of attack tree to illustrate the situations of attacks to propose an extended attack tree analysis approach. We design an enhanced threats computing algorithm for extended attack tree analysis to calculate threats measure with consideration of attack difficulties and detective protections for assessing their influence levels. In essence, this method is different from the general risk assessment. We use 'threat' as the security unit instead of 'assets' in the risk assessment. It improves the general risk analysis approach about the poor descriptions of threats.In this paper, we use a Website system as a practical example for the Web system's security threat analysis. We can get a risk grade in Website security risk assessment for system administrator's evaluation basis. It proves that an effective risk value can be obtained from extended attack tree analysis approach for assessing a Website system. We do a comparison for our extended attack tree analysis and the traditional risk analysis approaches. Consequently, the final results indicate that our proposed method can improve the insufficient points of the traditional risk analysis and increase the availability and objectivity in risk assessment.
Keywords: Attack Tree;Extended Attack Tree Analysis;Risk Analysis;Information Security;Web Security;

瀏覽次數: 10808     下載次數: 276

引用     導入Endnote