Research Of Network Security Risk Assessment Technology Based On Attack Graph Theory

Information security environment has been experiencing tremendous shift over the last decade. With the development of technology and the advancement of network convergence, the scale of network is experiencing a growing size and the network environment is becoming more sophisticated. On the other hand, the improvement of attack techniques is undergoing a qualitative leap. The fact that capability of brute force and scale of botnet dominate network attack effect has been brushed into background. On the contrary, adversaries tend to adopt 'smart'attack techniques by combining complicated invasive actions to achieve goal with an information-driven precision instead of blindness of target selection. These environmental changes have brought enormous challenges to effective network security defense. Because although security devices such as firewall, IDS (Intrusion Detection System), anti-virus software and traffic monitor system can provide protection after they detect attacks, today's attack behaviors have gradually gain the characteristics of concealment and intelligence. Once the attack is well hidden or goes bypass the security protections, the internal network will be exposed to huge risk. Therefore, considering from the perspective of constructing a secure network environment, it's of great significance to explore the vulnerabilities of network and perform a proactive risk assessment before attacks take place, thereby grasping the root causes of security incidents and taking possible precautions in time.Among the abovementioned changes, which remains unaltered is the fact that vulnerabilities have always been one of the most favorable means for attackers to utilize when penetrating a network. Therefore, traditional risk assessment methods concentrated on vulnerability analysis. They calculated the risk of an isolated vulnerability and assess its exploitability and impact on information systems. As attack technique evolves, security analysts have witnessed the ever-increasing popularity of complex and combined attack patterns. These attacks have typical features of multi-phase and combined modes, making it easy to evade security measures and gradually gain privilege while approaching the final goal. Under these circumstances, we need not only to calculate the risk of isolated vulnerabilities, but also to analyze their causal relationships under certain attack patterns to estimate the potential risk of entire network. In other words, traditional risk assessment approaches become inefficient in accurately examining vulnerability relationships and pinpointing root-cause risks. Moreover, there exist some problems of generality in traditional methods. For example, their overmuch dependence on data collection may lead directly to assessment results of low quality once the collected data have a high false-positive rate. Relying on experts'knowledge to score may also lead to inaccurate quantitative results. And the evaluation process which gives priority to statically calculation is inefficient in capturing the changes in risk. In order to deal with these problems, an effective way is to combine the modeling of both network environment and typical attack behaviors, thus exploring various possibilities on vulnerability modeling and security risk analysis. Therefore, on basis of research and analysis of existing network security risk assessment methods, this paper proposes a risk assessment model based on attack graph and studies a series of problems of vulnerability analysis, risk assessment and security hardening in this model. Specifically, the main contributions of this paper are as follows:(1) A risk attack graph based fuzzy risk assessment mechanism is presented. The extensible risk attack graph model is proposed against the disadvantages in previous works of model based security assessment. The model takes into account the interactions between risk factors and security statuses of network assets, quantifies and calculates the risk value of potential attack paths. Thus solving the problem of describing the inter-dependent relationship of vulnerabilities and potential risk quantification. The fuzzy risk assement mechanism takes risk attack graph as analysis object. Firstly, it takes advantage of risk attack graph to represent network condition, vulnerability distribution and attack senarios. Then a maximum flow planning method is adopted to identify the potential attack paths in network. Finally, the fuzzy comprehensive assessment is performed based on the maximum risk and risk ratio of each attack path. The proposed mechanism follows the risk path of originating, transferring, redistributing and converging, adopts an attack path augmentation strategy and constructs a global path-planning scheme. It can effectively avoid repeat calculation of complex threat data and realize a quick and accurate solution of potential maximum risk. Simulation experiment results show that the proposed mechanism can search for the maximum risk attack path efficiently and perform objective evalution of security risk by reducing the influence of subjective weight assignment.(2) A multi-objective optimization method based on artificial immune is studied to facilitate evaluation of network security under exploit attacks. The method is based on artificial immune algorithm and takes risk attack graph as analysis platform. It adopts multi-objectice decision-making theory to consider risk factors such as attack strategy, attack effect and target exploitability to perform a comprehensive assessment. The method addresses the problem of balance of conflicts in optimization of multiple security goals under complex combined attacks. In particular, it studies risk assessment parameters of path exploitability, network exploitability, path exploit impact and network exploit impact. By bringing in multi-objective optimization, it extracts an exploit impact objective function and a risk assessment algorithm to construct the multi-objective optimization model. Simulation experiment results show that this approach is capable of balancing network residual damage and attack cost. Meanwhile, the multi-objective risk evaluation process based on artificial immune algorithm meets the demand of achieving a global optimal solution in the solving of risk paths.(3) Optimal security hardening based on genetic algorithm. In order to apply risk assessment results into network security construction, we develop a genetic algorithm based scheme to seek for possible hardening strategies and prioritize them. The scheme mainly includes the harden strategy model and the corresponding strategy selection mechanism. Strategy model encodes attack paths and hardening strategies, and constructs a fitness function to unify the presentation of internal and external factors and measure the performance of solutions. The strategy selection mechanism adopts a genetic algorithm based decision-making method to infer the priority of hardening strategies automatically. It uses the evolution of population individuals to simulate the optimization of fitness function and determine the final security strategy optima. Simulation experiment results show that the method can provide a hierarchical hardening strategy set which is able to work out flexible hardening strategies even if the security goals have been changed dynamically. Our novel approach provides a promising new direction for network and vulnerability analysis to take proper precautions to reduce network risk.