In practical application scenarios, direct attacking on a target system to test the impact of attack methods may expose an attacker's intent and result in the difficulty in evaluating the attack method. Therefore, it is essential to design a controllable target range for testing and evaluating the attack impact. In this paper, we construct an attack test platform in order to evaluate the attack impact from different attack tools or the combinations of these attack tools. According to "vulnerability-asset-service-mission" (VASM) relationship, we design a multilayered evaluation model VASM, which includes a four-layer information structure: vulnerability layer, asset layer, service layer, and mission layer, from bottom to top. Considering that each asset may have one or more vulnerabilities, we score the attack impact on each asset based on attack probability and vulnerability and calculate the operational capacity of an asset after an attack. Since services may be provided jointly by one or more assets, we calculate the attack impact on services utilizing the dependencies among assets. The attack impact can be transmitted layer by layer from bottom to top through the dependencies among nodes. Finally, we can obtain the attack impact on missions. We use an actual logistics management and tracking system as the target range and verify the effectiveness and validity of our evaluation model, i.e., VASM, on goods delivery. Experimental results show that VASM cannot only assess the attack impact directly but also conform to the actual situations accurately.

• 出版日期2016-12
• 单位北京邮电大学