A Network Security Risk Computation Approach Based On Attack Graphs

At present, with the rapid development of computer technology and networkcommunication technology, the application of computer network represented by internetis used more and more widely and deeply. Seeking for the scientific, reasonable, andpractical network security risk computation method has become a hotspot in networksecurity areas, and has achieved great results, but because of the complexity of thenetwork security risk computation, the existed researches still face many challenges.According to the shortcomings of the traditional methods, this paper focuses on theresearch on network security risk computation approach based on attack graphs. In thispaper, the object of the network security risk computation is defined as security riskcaused by network attack which is cannot be applied to the traditional computationmethods. Furthermore, a hierarchical network security risk computation frameworkbased on attack graphs AG-SRC is developed, which involves the computation stagesand computation process. In addition, the study goes further in the key technologiescorresponding to the computation stages.Firstly, the modeling language AGML is designed to formally describe the modelsof the given network environment and vulnerability knowledge base. The methods ofextraction and classification for attack patterns are put forward to model the attacker’sability on the basis of the study of the open vulnerability database and vulnerabilityclassification of CAPEC, which effectively support to build attack graphs for the actuallarge-scale network system automatically.Secondly, a pretreatment technology for network environment is proposed tosustain the novel attack graphs generation algorithm, through the in-depth analysis ofthe models’ features of the network environment and the limitation of previousalgorithms. The facts in network environment are indexed by this pretreatmenttechnology, and then attack graphs are generated by instantiating the attack patterns.Moreover, the algorithm’s scalability is explored by analyzing the time complexity andcomputing simulated networks. The experimental result shows the algorithm could beapplied to the large network system.Thirdly, through the analysis of the features of the cyclic paths in attack graphs,maximum reachable probability algorithm and cumulative probability algorithm areproposed to successfully solve the problem of probabilistic re-computing in computingthe probability of nodes in attack graphs, and the likelihood of nodes are showed fromthe perspective of different perspective; The independence assumption between nodes isproposed, through the in-depth analysis of the affect for computing probability of nodescaused by shared dependencies in nodes; Moreover, these two algorithms’ scalability isexplored by analyzing the time complexity and computing simulated networks. The experimental result shows the algorithms could be applied to the large attack graphs.Finally, a network security risk computation approach based on attack graphs isproposed, which utilizes attack graphs to identify the potential threats, and make use ofthe basic data such as importance of asset, importance of host, threats occurrenceprobability and threats impact, and then compute host risk index and network risk indexfrom the bottom to the top according to the risk index system, and use risk adjacencymatrix to show the more granular security risk suffered by the host; Risk is classifiedaccording to different type of threats occurrence probability and threats impact, and riskfaced by the network is characterized from different granularity and perspective.In a word, the above study of the key technologies not only supports thedevelopment of the network security risk computation approach based on attack graphsAG-SRC, but also plays a crucial role in promoting the improvement and developmentof the attack graphs technology.