Research On Complex Network Attack Modeling And Security Assessment Method

With the constant enhancement of attack technology, the problem of network security is increasingly serious. Traditional security tools such as firewall, IDS, anti-virus software and so on are passive defense measures after the event, which have limited defense ability when facing covert and hugely destructive attack action. Therefore, detecting network vulnerability and predicting hacker’s action ahead of schedule to establish active defense system becomes a new subject in network security domain. As the foundation, network attack model play important role in building active defense system, which must be suited for diverse attack technique simulation and complexity network attack modeling. Meanwhile, the accuracy of network security assessment based on attack model will have a great influence on defense strategy establishment. Therefore, proposing a reasonable, scientific attack model and security assessment method for complex network system is urgently required. Aimed at the deficiency of existing methods and technology,this dissertation propose a global network attack model to analyze vulnerability relation and threat propagation. Moreover, the interplay of attack and defense strategy is also researched deeply.Firstly, a global network attack model based on Hierarchical Expanded Stochastic Petri Net is presented. The model is suitable for the cooperative attack simulation and can describe both macroscopic network attack and microcosmic host attack synthetically. The dissertation represents model generation algorithm and digs for potential attack relationships among hosts according to the definition of rough path. Then utilize ant colony algorithm to find k-critical vulnerable paths after expanding sub Petri net. By analyzing rough paths and accurate paths synthetically, a network risk evaluation method is proposed.Secondly, by considering network attack system as fuzzy system, a network attack model based on fuzzy reliability is presented. According to the comprehensive analysis of various indexes, such as place’s fuzzy factually, fuzzy survivability, and node’s fuzzy critical degree, search for k attack routes which have maximal fuzzy attack efficiency and fuzzy reliability. The contrast and evaluation of k attack routes can help network administrator make defense decision.The third, a vulnerability relation model based on object time Petri net is proposed for threat evaluation. Combined with Object Oriented technology, the definition of network node object and node class is given, which can help attack information modularize design. By defining the threat of an attack and each index’s quantization method, introduce complexity and harmfulness of network attack into the model, and then utilize and improve Dijkstra algorithm to propose non-target oriented and target oriented network threat analysis method.The fourth, in order to solve the redundance question in complex network which is caused by similar attack method and similar node object in attack model, the node domain and transition domain of Petri Net are divided into equivalence classes, and then the construction method of rough vulnerability relation model is given. By defining similar degree of path, search for all of the characteristic attack path which can attain attack object by use of ant algorithm, and calculate the maximal threat of object node which is brought by characteristic strategy. In order to ensure threat prediction suit for attack scene, dynamic perception method of network threat is proposed, which relies on IDS warning to amend threat value constantly.The fifth, in order to solve the strategy interdependence question during the attack and defense process in complex network, the dissertation proposes an analysis method based on rough attack-defense Bayes game model. After defining the inner structure of attack agent and defense agent, the dissertation extends traditional object Petri Net and introduce rough set theory into node domain and transition domain, then propose the network attack-defense confrontation model. By dividing domain attack strategy set into equivalence classes, the extraction method of characteristic attack strategy set is given. Then the rough game model and utility function of attack and defense agents are defined, accordingly, the solution of Bayse equilibrium strategy and maximal attack and defense strategy set are proposed. The analysis method can reduce the scale of strategy space of game model, and suit for researching on complex network attack and defense action.Finally, multistage attack-defense confrontation action is researched. By defining attack-defense action sequence and utility function of both sides, combine with dynamic Bayes game theory to analyze the confrontation and interdependence between the two agents’strategies. Dynamic Bayes attack-defense game model can describe each possible strategy in every stage. This chapter proposes the construction method of game extensive form by utilizing attack-defense confrontation model, and presents the equilibrium strategy solution algorithm.At present, there are some heartening achievements in network vulnerability and risk evaluation domain, but the research on attack-defense action and modeling method in complex network system are still in exploration stage. Aiming at complex network attack system, this dissertation offers series of technical methods to solve the problem of model scale, indeterminacy of attack knowledge, network dynamic threat perception and interdependence of attack and defense strategy, which cover the shortage of present research and offer new thoughts to establish active defense system in network security field.