基于IPFS-DEMATEL-ISM的容器安全威胁关键战术要素研究

doi:10.16265/j.cnki.issn1003-3033.2024.06.0074

摘要/Abstract

摘要：

为解决电力能源企业“上云”引发的云原生容器安全威胁问题,提出融合区间毕达哥拉斯模糊集(IPFS)、决策试验与评价实验室(DEMATEL)和解释结构模型法(ISM)识别容器安全关键战术要素。首先,基于IPFS提取安全专家对容器入侵威胁战术要素的经验判断,其次,应用DEMATEL和ISM识别容器安全威胁的关键战术要素及要素间的层级拓扑关系。结果表明:持久化和权限提升2个战术阶段的中心度和原因度较高,在整个云原生安全威胁体系中居于核心地位,这2个阶段的安全攻击行为需持高优先级关注;执行和持久化战术阶段的威胁攻击是云原生容器安全的本质要素,初始访问、窃取凭证以及横向移动战术阶段的威胁最直接影响云原生容器安全。研究提出的IPFS-DEMATEL-ISM法相较DEMATEL-ISM和集成三角模糊数的DEMATEL-ISM法在识别容器安全威胁关键战术要素时具有更好区分度和简约解释性。

关键词: 区间毕达哥拉斯模糊集(IPFS), 决策试验与评价实验室(DEMATEL), 解释结构模型(ISM), 容器安全威胁, 关键战术要素

Abstract:

In order to address the increasingly serious cloud-native container security threats arising from large-scale cloud migration of systems, the ISM method merging IPFS, DEMATEL, and method were proposed to identify the key tactical factors influencing cloud-native container security threats and their hierarchical logical relationships from the security intruder perspective. The findings of this research are as follows: the centrality and causality of the persistence and privilege escalation tactical phases are high, positioning them at the core of the entire cloud-native security threat landscape. Security attacks during these two phases require high-priority attention. Threat attacks during the execution and persistence tactical phases constitute essential factors in cloud-native container security. The threats during the initial access, credential theft, and lateral movement tactical phases have the most direct impact on cloud-native container security. In comparison with traditional and triangular fuzzy sets improved DEMATEL-ISM, our proposed method has better performance in identifying container security-related critical factors.

Key words: interval pythagorean fuzzy set (IPFS), decision-making trial and evaluation laboratory (DEMATEL), interpretative structural modeling (ISM), container security threats, critical tactical factors

中图分类号:

盛剑桥, 曾丽帆, 方圆, 吴俊. 基于IPFS-DEMATEL-ISM的容器安全威胁关键战术要素研究[J]. 中国安全科学学报, 2024, 34(6): 157-163.

SHENG Jianqiao, ZENG Lifan, FANG Yuan, WU Jun. Study on key tactical factors of container security threats based on IPFS-DEMATEL-ISM Method[J]. China Safety Science Journal, 2024, 34(6): 157-163.

图/表 10

图1

表1

表2

表3

表4

图2

图3

表5

图4

图5

参考文献 22

[1]	国家发展改革委, 中央网信办. 关于推进“上云用数赋智”行动培育新经济发展实施方案[EB/OL].[2020-04-07]. https://www.gov.cn/zhengce/zhengceku/2020-04/10/content_5501163.htm.
[2]	Gartner Research. Forecast analysis: container management (software and services),worldwide[EB/OL].[2020-05-29]. https://www.gartner.com/en/documents/3985796.
[3]	RAHAMAN M S, ISLAM A, CERNY T, et al. Static-analysis-based solutions to security challenges in cloud-native systems: systematic mapping study[J]. Sensors, 2023, 23(4):1-27.
[4]	胡俊, 李漫. 容器安全解决方案探讨与研究[J]. 网络空间安全, 2018, 9(12):105-113.
	HU Jun, LI Man. Discussion and research on container security solutions[J]. Cyberspace Security, 2018, 9(12):105-113.
[5]	任兰芳, 庄小君, 付俊. Docker容器安全防护技术研究[J]. 电信工程技术与标准化, 2020, 33(3):73-78.
	REN Lanfang, ZHUANG Xiaojun, FU Jun. Technical research of docker container security protection[J]. Telecom Engineering Technics and Standardization, 2020, 33(3):73-78.
[6]	杨长茂, 冯超, 谷晓剑. 云原生中的容器安全防护和实践[J]. 保密科学技术, 2021(1):36-42.
[7]	宋胜攀, 刘振慧, 庄东燃. 开源容器技术安全分析[J]. 保密科学技术, 2021(1):29-35.
[8]	边曼琳, 王利明. 云环境下Docker容器隔离脆弱性分析与研究[J]. 信息网络安全, 2020, 20(7):85-95.
	BIAN Manlin, WANG Liming. Analysis and research on vulnerability of docker container isolation in cloud environment[J]. Netinfo Security, 2020, 20(7):85-95.
[9]	邢云龙, 严飞, 刘彦孝, 等. 基于系统调用限制的容器安全防护方案[J]. 武汉大学学报:理学版, 2022, 68(1):35-43.
	XING Yunlong, YAN Fei, LIU Yanxiao, et al. Container security protection scheme based on system call restriction[J]. Journal of Wuhan University:Natural Science Edition, 2022, 68(1):35-43.
[10]	周大成, 陈鸿昶, 何威振, 等. 基于深度强化学习的微服务多维动态防御策略研究[J]. 通信学报, 2023, 44(4):50-63. doi: 10.11959/j.issn.1000-436x.2023077
	ZHOU Dacheng, CHEN Hongchang, HE Weizhen, et al. Research on multidimensional dynamic defense strategy for microservice based on deep reinforcement learning[J]. Journal on Communications, 2023, 44(4):50-63. doi: 10.11959/j.issn.1000-436x.2023077
[11]	夏懿航, 张志龙, 王木子, 等. 基于依赖关系的容器供应链脆弱性检测方法[J]. 信息网络安全, 2023, 23(2):76-84.
	XIA Yihang, ZHANG Zhilong, WANG Muzi, et al. Dependency-based vulnerability detection method in container supply chain[J]. Netinfo Security, 2023, 23(2):76-84.
[12]	王海林, 颜颖, 唐旭玥. ATT&CK在安全运营中的应用研究[J]. 网络安全技术与应用, 2022(8):5-6.
[13]	张宇翔, 韩久江, 刘建, 等. ATT&CK框架下基于事件序列关联的网络高级威胁检测系统[J]. 计算机科学, 2023, 50(增1):710-716.
	ZHANG Yuxiang, HAN Jiujiang, LIU Jian, et al. Network advanced threat detection system based on event sequence correlation under ATT&CK framework[J]. Computer Science, 2023, 50(S1):710-716.
[14]	YAGER R R. Pythagorean membership grades in multicriteria decision making[J]. IEEE Transactions on Fuzzy Systems, 2013, 22(4):958-965.
[15]	ATANASSOV K T. Intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 1986, 20(1):87-96.
[16]	ZHANG XiaoLu. Multicriteria Pythagorean fuzzy decision analysis: a hierarchical QUALIFLEX approach with the closeness index-based ranking methods[J]. Information Sciences, 2016, 330:104-124.
[17]	李广利, 严一知, 刘文琦, 等. 基于DEMATEL-ISM的矿工不安全情绪形成因子研究[J]. 中国安全科学学报, 2021, 31(7):30-37. doi: 10.16265/j.cnki.issn 1003-3033.2021.07.005
	LI Guangli, YAN Yizhi, LIU Wenqi, et al. Research on formation factors of miners' unsafe emotions based on DEMATEL-ISM[J]. China Safety Science Journal, 2021, 31(7):30-37. doi: 10.16265/j.cnki.issn 1003-3033.2021.07.005
[18]	缪秀梅, 陈烨天, 米传民. 基于ISM和在线评论的汤山温泉顾客满意度研究[J]. 中国管理科学, 2019, 27(7):186-194.
	MIAO Xiumei, CHEN Yetian, MI Chuanmin. Study on consumer satisfaction of tangshan hot springs based on ISM and online reviews[J]. Chinese Journal of Management Science, 2019, 27(7):186-194.
[19]	赵希男, 肖彤. 基于模糊DEMATEL-ISM方法的员工绿色行为影响因素研究[J]. 科技管理研究, 2021, 41(5):195-204.
	ZHAO Xi'nan, XIAO Tong. Research on factors influencing employee's green behavior based on fuzzy-DEMATEL-ISM method[J]. Science and Technology Management Research, 2021, 41(5):195-204.
[20]	YU Shuaiju, GENG Xiuli, HE Jianjia, et al. Evolution analysis of product service ecosystem based on interval Pythagorean fuzzy DEMATEL-ISM-SD combination model[J]. Journal of Cleaner Production, 2023, 421:1-17.
[21]	郝江锋, 陈华友, 钱云, 等. 基于区间值毕达哥拉斯模糊数的多属性决策方法[J]. 重庆工商大学学报:自然科学版, 2020, 37(3):88-93.
	HAO Jiangfeng, CHEN Huayou, QIAN Yun, et al. Multi-attribute decision making method based on interval value pythagoras fuzzy number[J]. Journal of Chongqing Technology and Business University:Natural Science, 2020, 37(3):88-93.
[22]	张勇, 王祥宇. 基于DEMATEL-ISM-BN的施工人员不安全行为致因研究[J]. 中国安全生产科学技术, 2020, 16(11):110-116.
	ZHANG Yong, WANG Xiangyu. Study on causes of unsafe behaviors of construction workers based on DEMAREL-ISM-BN[J]. Journal of Safety Science and Technology, 2020, 16(11):110-116.

语言评价	IPFS数值
极高影响	([0.80,0.95],[0.00,0.10])
高影响	([0.60,0.80],[0.10,0.30])
中影响	([0.40,0.60],[0.30,0.50])
低影响	([0.20,0.40],[0.50,0.70])
无影响	([0.00,0.20],[0.70,0.90])

阶段	初始访问	执行	持久化	权限提升	防御绕过	窃取凭证	探测	横向移动
初始访问	0.000	0.625	0.397	0.245	0.152	0.152	0.152	0.152
执行	0.152	0.000	0.625	0.397	0.397	0.397	0.245	0.152
持久化	0.152	0.152	0.000	0.853	0.625	0.625	0.245	0.245
权限提升	0.152	0.152	0.152	0.000	0.853	0.625	0.397	0.245
防御绕过	0.152	0.152	0.152	0.152	0.000	0.397	0.625	0.245
窃取凭证	0.152	0.152	0.152	0.152	0.152	0.000	0.625	0.397
探测	0.152	0.152	0.152	0.152	0.152	0.152	0.000	0.853
横向移动	0.152	0.152	0.152	0.152	0.152	0.152	0.152	0.000

阶段	初始访问	执行	持久化	权限提升	防御绕过	窃取凭证	探测	横向移动
初始访问	0.110	0.332	0.301	0.290	0.300	0.303	0.296	0.280
执行	0.183	0.161	0.378	0.369	0.420	0.426	0.371	0.343
持久化	0.203	0.234	0.206	0.505	0.525	0.529	0.451	0.417
权限提升	0.179	0.207	0.226	0.203	0.508	0.459	0.439	0.386
防御绕过	0.145	0.168	0.183	0.206	0.185	0.315	0.405	0.312
窃取凭证	0.140	0.161	0.176	0.198	0.226	0.179	0.374	0.341
探测	0.135	0.156	0.170	0.191	0.218	0.221	0.179	0.442
横向移动	0.110	0.127	0.139	0.155	0.177	0.180	0.186	0.132

攻击阶段	影响度	被影响度	中心度	中心度排序	原因度	原因属性
初始访问	2.212	1.206	3.418	8	1.006	原因要素
执行	2.670	1.548	4.218	6	1.121	原因要素
持久化	3.071	1.779	4.850	1	1.293	原因要素
权限提升	2.598	2.117	4.715	2	0.481	原因要素
防御绕过	1.920	2.569	4.478	3	-0.639	结果要素
窃取凭证	1.804	2.612	4.416	4	-0.807	结果要素
探测	1.713	2.731	4.445	5	-1.018	结果要素
横向移动	1.206	2.643	3.849	7	-1.436	结果要素