| With the rapid development of the computer science and network technology, computer networks have become the economic foundation and lifeline of the country. At the same time a wide range of security issues brought by the network itself are becoming increasingly severe. How to conduct a comprehensive security assessment of computer network system, fix security flaw in time, and minimize the risk level of security to ensure the security, stability, and high-efficient operation of the system, has become the developing direction of the research of network security. The traditional passive defense can not meet the current security situation, so proactive network security test and evaluation theory emerges as the times require. To achieve the system security, according to the scientific procedures and methods, the network security evaluation model is designed to test the computer system and the network devices, analyze the dangerous elements qualitatively and quantitatively, in order to find security hidden troubles and security flaw used by hackers, and to make a comprehensive evaluation and take measures to protect the system or network as early as possible.A majority of attacks on computer systems result from a combination of vulnerabilities exploited by an intruder. An Attack Graph is a general form used to reveal the weakness of system and all the possible methods used by the attackers for a invading purpose, and it is of real significance in the establishment in the network security strategy. Based on the analysis of a lot of network vulnerabilities and the characteristic of computer network, in this paper the model of network security status was built, and attack graphs were generated. However, for real systems, the size and complexity of Attack Graphs go greatly beyond the imagination and analysis of human beings. Therefore, we propose a ranking scheme for the states of an Attack Graph. This algorithm is similar to the PageRank algorithm used by Google Search Engine. It is effective enough to rank the error states of an attack graph, then offer the ranks to the security estimator. Based on the Attack Graph we processed the Network Security System. The design of this system is totally at the request of soft project, which is mainly divided into the following several steps: 1. to carry no the feasibility study and the analysis; 2. to investigate the detailed system; 3. to establish the design of the overall systematic structure; 4. to design the system in detail, and to encode all the data of software and test the system. The system proved that the idea of Pagerank algorithm could be used widely. |
PDF Full Text Request