Research On Network Security Risk Assessment,Control And Prediction Technology

With the rapid development of computer network technology and the improvement of social information level, computer network play an increasingly important role in the field of political, economic, military and life. However, there are a large number of hacker attacks, Trojans, and viruses and other security threats in the network. With the innovation of network attacks technology and the proliferation of new attack tools, the vulnerability of the network become more serious, and the network security issues become more severe. If the network security situation has not been mastered, the information will be theft, destroyed or malicious attacked, which will lead to economic losses and make the entire country’s political, economic or military paralyzed and the social order be out of control.Network security technology is from the traditional intrusion prevention, intrusion detection developed into the intrusion tolerance and sustainability of service, from focusing on a single security problem developed into studying the security state and trend of the entire network. Network security risk assessment, control and prediction technology as the next generation of network security technology, has attracted more and more attention, and is becoming a new hotspot in network security research. This dissertation studies the network security issues from the perspective of security risk, around the network security risk assessment, network security risk control and network security risk prediction three levels to aware the network’s security state and trends. The main research results of the dissertation are as follows:(1) Analysis of network vulnerability. The attack graph is model-based network vulnerability analysis techniques. This paper extends the attack graph model and proposes a state attack-defense graph model. The state attack-defense graph use rules to model the attacker, and display all the threat propagation paths which are generated by the attacker exploiting the dependence relations among vulnerabilities in the target network. Meanwhile, Combined with the prevention and control measures to vulnerability, the corresponding protection solution is given. In order to automatically build the state attack-defense graph, according to the network’s topology information, reachable relationship of nodes and vulnerability information, the build algorithm of state attack-defense graph is proposed.(2) Assessment of security risk. Using bottom—up analysis method, a hierarchical network security risk assessment framework is proposed. The framework divided the network security risk into two parts:vulnerability security risk and attack security risk, then in accordance with the network’s hierarchy to assess network security risk layer by layer. The assessment process is as follows:firstly using vulnerability scanning tool to detect the vulnerability information in the network nodes, as well as associating the vulnerability information which attacks relying on with vulnerability information of the node itself to build the state attack-defense graph, further calculating the vulnerability reliability vector and attack reliability vector of the node, combined with the each vulnerability’s hazard index and the attack hazard index to calculate the vulnerability security risk and the attack security risk of the node, then assessing the security risk value of a single node; Secondly, combined with the weight of each node in the network itself, and eventually to quantify the security risk from the single node to the whole network. Among them, in order to exclude the own uncertainties of vulnerability scanning tools and the unity of the data source, this assessment method fuses several test results of scan tool, and constitutes the data source when calculating the vulnerability reliability. Based on the Dempster-Shafer theory, drawing on the thinking of the European space vector projection, a reliability vector orthogonal projection Decomposition algorithm is proposed, which makes the evaluation results more objective, credible.(3) Guidance of security protection. Through analysis the attack-defense interaction between attacker and defender, based on game theory, a network security risk control method is designed. Firstly, according to the state attack-defense graph, calculating the successful probability and hazard index of each atomic attack in the state attack-defense graph and getting the successful probability and hazard index of all possible attack paths, further computing the utility matrix of different strategies taken by the attacker and the defender at the different network security states. Secondly, based on the non-cooperative non-zero-sum game model, an optimal risk control strategy generation algorithm is proposed to solve the Nash equilibrium, and generate the optimal risk control strategy. The proposed method is able to seek a balance between attacker’s and defender’s costs and benefits, and avoid the administrator’s blind investment on the network security risk control to reduce the enterprise’s loss in the network security risk control.(4) Prediction of risk trends. A Time-Varying Markov Model (TVMM) to real-time risk probability prediction is proposed. The model abandon the traditional Markov forecast assumption that the system’s state transition probability matrix does not change over time. Based on this model, a real-time risk probability forecasting method is presented. According to the different stages of network attack, the network security risk is divided into four states. The simulation experiment use DARPA intrusion detection data as simulation data, and adopt feature extraction and statistical learning method to process the simulation data, through real-time update state transition probability matrix of TVMM to predict the network’s risk probability under different risk level in future time. The experiment result shows that TVMM is more high real-time, objectivity and accuracy than the traditional Markov Model.(5) Build assessment, control and prediction platform. At the end of the thesis, network security risk assessment, control and prediction platform is established. The interaction relationship between the subsystems is analyzed. The implementation method in each security risk assessment, control and prediction stage is introduced. A specific network instance is established to demonstrate the network security risk assessment, control and prediction processes and functions and analyze the result in detail.Network security risk assessment, control and prediction technology as a emerging security technology can portray the target network security state and trend from each side, and provide effective security reinforcement solution for the network administrator. It reflects the dynamic management of network security and plays a very important role in network security information protection.