A Novel Assessment Approach Based On Logial Exploitation Graph Model For Network Security

With the development of global informatization and the popularization of Internet, network system became the important strategic resource which organization depends to survive. Once the security of organization network system has been destroyed, it would not only compromise the information assets of organization but also affect organization business. The affections include economic loss, organization's image damnification and even strategic competitive predominance. Therefore, it is very essential to perform network security risk assessment upon network system.However, there are some common problems in existing network security risk assessment method. For example, these methods often separate the risk analysis and assessment of network system from the concrete organization environment and business background, or lack analysis and description of the risk process, or merely take technical factor into account when they make security decision. To solve these problems, this thesis presents a network security risk assessment method named LEG-NSRA which provides a new way for network security risk assessment. The main contents and fruits of this thesis are outlined as follows:(1) A method of the network security risk assessment based on the logical exploitation graph model is presented.According to the description of basic ideas, conceptual frameworks, assessment cycle and process, it establishes overall framework of LEG-NSRA. The core of the method is logical exploitation graph. Simulating to threat agent behavior is characteristic of this method, accurately depicts the formation process and to support the probability of quantitative calculation of occurrence and provides helpful information for decision-making in auxiliary security improvements scientific activities. LEG-NSRA method has oriented to analyze the key organization information assets, to support analysis of automation correlation between the vulnerability, and to adopt "white box" type risk identification method.(2) Computer vulnerability ontology CVO is constructed.CVO adopts DL to describe and has expanded computer vulnerability semantic content from outline of vulnerability, pre-condition set and post-condition aspects. So it is able to reveal the deeper character of vulnerability and support vulnerability analyses. CVO has provided reference information for vulnerability and knowledge support for risk process. Meanwhile, CVO has the ability of sharing knowledge. Except for applying to risk estimation, it can be applied to IDS, anti-virus, network security modeling and other fields.(3) A method of network security risk process modeling based on logic reasoning is presented.Automation degree is not so high and large-scale network system has no way to fit in with specialization at present. It has brought forward a method LR-NSRPM which is a logic reasoning-based network security risk process modeling based on LEG. The method adopts the formalized logic language to describe network system parameters, uses the Prolog logic reasoning engine to construct LEG. Specially for large-scale network environment, it proposes a simplified algorithm called LEGSA.(4) A model of calculating network security risk probability based on MDP is proposed.Calculating network security risk probability is the core work of quantizationappraising works. This thesis brought up the risk calculated Model PLEG-MDP which is based on MDP. At first, draws the atomic seeps into executing probabilistic matrix and transferring probabilistic matrix. Change LEG for probability logic seeps through picture of probabilistic logical exploitation graph PLEG, then explains the PLEG problem to the solution of MDP value function and optimal policy. In order to guide the appraiser to Gain and amend the probability data correctly, this method brings up the idea and calculating method of susceptibility and confidence, and collects data and feedback to accurate basic probability data step by step.(5) A method of security measures optimization and hypothetical assessment based on LEG is put forward.In order to make the findings more effectively support to the improvement of security measures, the paper proposes a kind of security measures optimization and hypothetical assessment method based on LEG Through solving problems MCSE to calculate the minimum critical set of exploitation; through solving the problem MCCSM to find minimum cost critical set of measures; through hypothetical assessment to make the decision-makers to adjust the security program in time.(6) Security risk assessment aid system named RAIS based on LEG-NSRA is designed and implemented. And a real network system is used to illustrate key methodologies presented in this thesis.