Research On The Theories And Key Technologies Of Network Security Assessment

With the rapid development of internet, various kinds of new network attack methods have emerged, which makes the issue of network information security increasingly severe.Confronting with various network threats, we must take effective measures to ensure the normal operation of network. However, the traditional passive security defense techniques could not meet the needs of users. In order to actively analyze the potential security hazard, both domestic and abroad researchers have focused on the research of initiative methods to analyze and evaluate network security. The aim is to actively analyze the security problems hidden in the network, and take appropriate measures to reduce the network security risk according to the analysis results. So how to exactly and efficiently evaluate the network security becomes an important problem, and it has become a research focus in the field of network security.Focusing on computer network security, we use Petri net, game theory, stochastic process and fuzzy mathematics. The key technologies related to assessment model building and assessment methods in network security assessment are researched deeply. The main contribution of this paper includes the following four aspects:Firstly, the modeling technologies for network attacks are studied. In order to overcome the disability of existing models to describe the concurrent and collaborative attack process, the network security assessment model based on generalized stochastic colored Petri net(GSCPN-NSAM) is proposed. The model is suitable for describing the concurrent and collaborative attack process, which can not only use the color sets of colored Petri net to represent attack related attributes, but also evaluate the performance of networks based on stochastic Petri net. Some properties of the model are studied. Meanwhile, the algorithm to build model and the method to verify the correctness of the model are delivered. The complexity of the model is measured as well. Considering with the problem that the model is generated with too many nodes, which is caused by the large scale of real network, we have introduced the idea of hierarchy while constructing the model. The complexity of the model can be reduced through the performance equivalent simplification.Secondly, the analysis methods for network vulnerability are studied. According to the shortcomings of the traditional methods, this paper focuses on the research on network vulnerability analysis methods based on GSCPN-NSAM. In the first place, an analysis method of selecting the optimal attack path based on GSCPN-NSAM is proposed. The method is to predict the optimal attack path by computing the time cost of each attack path, which can avoid thecommon problems while analyzing success probability in the existing methods. The analytical results can guide the network managers to strengthen defence in the path with the highest security risk level. Besides, a method of making strategies for network security reinforcement based on GSCPN-NSAM is proposed. The concepts of host node utilization index and host node key degree are introduced, which enables the vulnerable nodes that need repairing sorted by the value of host node key degree. On this basis, security level of the target network has been increased by the reinforcement according to the principle of maximum node key degree first.Thirdly, the assessment methods for network security risk are studied. We point out a problem of existing methods is that the fuzzy factors are difficult to count and the experience knowledge is not suitable for modeling and reasoning. To solve this problem, we propose an assessment method for network security risk based on fuzzy Petri net. Since the network risk assessment index system is built, the fuzzy Petri net model is constructed according to the assessment index system. The system risk fuzzy reasoning algorithm based on fuzzy Petri net is also proposed. The reasoning algorithm using matrix operation takes advantage of the parallel processing ability of fuzzy Petri net, making full use of fuzzy Petri net method join together with the analytic hierarchy process to analyze the question, and qualitative analysis and quantitative analysis are combined together. The credibility of risk factors is also analyzed in this method, so the obtained results are more accurate and more objective compared with traditional assessment methods.Finally, the issue of optimal defense strategy selection is studied from the perspective of offensive and defensive game. The concept of the triangular fuzzy number is introduced to the game model, in order to solve the problem of inaccurate judgments making on both offense and defense payoffs in game analysis. Moreover, a selection method for optimal defense strategy based on triangular fuzzy matrix game is proposed. The game algorithm based on triangular fuzzy matrix is put forward. It can help to predict the possible attack behavior and provide the optimal defense strategy for the defender by solving the Nash equilibrium of triangular fuzzy matrix game. In addition, the long-term adversarial relationship between both sides is analyzed based on repeated game theory. Case study shows that the introduction of triangular fuzzy number has increased not only the practicality of strategy selection, but also the accuracy and validity of analysis results.