基于IPFS-DEMATEL-ISM的容器安全威胁关键战术要素研究

扫码查看

原文链接

万方数据
维普

中文摘要：为解决电力能源企业"上云"引发的云原生容器安全威胁问题,提出融合区间毕达哥拉斯模糊集(IPFS)、决策试验与评价实验室(DEMATEL)和解释结构模型法(ISM)识别容器安全关键战术要素.首先,基于 IPFS 提取安全专家对容器入侵威胁战术要素的经验判断,其次,应用DEMATEL和ISM识别容器安全威胁的关键战术要素及要素间的层级拓扑关系.结果表明:持久化和权限提升2 个战术阶段的中心度和原因度较高,在整个云原生安全威胁体系中居于核心地位,这2 个阶段的安全攻击行为需持高优先级关注;执行和持久化战术阶段的威胁攻击是云原生容器安全的本质要素,初始访问、窃取凭证以及横向移动战术阶段的威胁最直接影响云原生容器安全.研究提出的IPFS-DEMATEL-ISM法相较DEMATEL-ISM和集成三角模糊数的DEMATEL-ISM法在识别容器安全威胁关键战术要素时具有更好区分度和简约解释性.

外文标题：Study on key tactical factors of container security threats based on IPFS-DEMATEL-ISM Method

外文摘要：In order to address the increasingly serious cloud-native container security threats arising from large-scale cloud migration of systems,the ISM method merging IPFS,DEMATEL,and method were proposed to identify the key tactical factors influencing cloud-native container security threats and their hierarchical logical relationships from the security intruder perspective.The findings of this research are as follows:the centrality and causality of the persistence and privilege escalation tactical phases are high,positioning them at the core of the entire cloud-native security threat landscape.Security attacks during these two phases require high-priority attention.Threat attacks during the execution and persistence tactical phases constitute essential factors in cloud-native container security.The threats during the initial access,credential theft,and lateral movement tactical phases have the most direct impact on cloud-native container security.In comparison with traditional and triangular fuzzy sets improved DEMATEL-ISM,our proposed method has better performance in identifying container security-related critical factors.

外文关键词：

interval pythagorean fuzzy set(IPFS)decision-making trial and evaluation laboratory(DEMATEL)interpretative structural modeling(ISM)container security threatscritical tactical factors

作者：

盛剑桥、曾丽帆、方圆、吴俊

展开 >

作者单位：

国网安徽省电力有限公司信息通信分公司,安徽合肥 230041

北京邮电大学经济管理学院,北京 100876

关键词：

区间毕达哥拉斯模糊集(IPFS) 决策试验与评价实验室(DEMATEL) 解释结构模型(ISM) 容器安全威胁关键战术要素

基金：

科技部国家重点研发计划项目

项目编号：

2018YFB1403602

出版年：

2024

DOI：

10.16265/j.cnki.issn1003-3033.2024.06.0074

中国安全科学学报

中国职业安全健康协会

中国安全科学学报

CSTPCD北大核心

影响因子：1.548

ISSN：1003-3033

年,卷(期)：2024.34(6)

参考文献量13