The Research On Key Technologies Of Multi-dimensional And Dynamic Risk Assement Of Network Security

With the rapid development of new technologies, such as the Internet of things, cloud computing and mobile Internet, network security has new characteristics of the wide coverage and the high complexity. How to enhance the network security, which has risen to the height of national strategy, becomes an important problem to be resolved urgently. With the development trends of integration of land, sea, air, space and cyberspace, the high integration of cyberspace and national security is formed. Network security risk assessment is the foundation and the precondition to guarantee the network security and has been listed as an important task in our national network security work. The research on network security risk assessment methods has important realistic meaning and wide application foreground to improve the network security guaranty.Most of the traditional methods for network security risk assessment make statically a rough assessment of the security risk, and it is rarely considered that the security risk is influenced dynamically by the factors such as observed attack events, the patch remediation level and the code exploitability. Based on the above background, a new framework of multi-dimensional and dynamic risk assessment of network security NSMDRA is proposed, which involves three assessment stages (i.e. risk identification, risk assessment and risk management) and nine assessment steps. In addition, the study goes further in the key technologies corresponding to the new framework, which is built the dynamic risk assessment and the dynamic risk management from two dimensionalities of host and network. This paper makes four major specific contributions and findings:(1) Propose two risk identification models based on the deep learning approach. In order to solve the problem of low speed detection of huge amounts of data in the intrusion detection system, an intrusion detection model of support vector machine based on autoencoder network (AN-SVM) is proposed in this paper. First, the multilayer unsupervised restricted boltzmann machine (RBM) in our model is employed in mapping the vector of raw dada from high-dimensional nonlinear space to low-dimensional space, and a mutual mapping autoencoder network of high-dimensional space and low-dimensional space is constructed. Second, autoencoder network weights of fine-tuning algorithm based on back propagation network is employed to reconstruct the new optimal high-dimensional representation of data in low-dimensional space, and the corresponding optimal low-dimensional representation of raw data can be obtained. Finally, SVM classification algorithm is employed to detect the intrusion from the optimal low-dimensional data. The experimental results demonstrate that the AN-SVM model can reduce the training time and testing time of classifier in the intrusion detection model effectively.In order to solve the problem that intrusion huge amounts of data is not effectively classified using traditional machine learning methods, an intrusion detection model based on deep belief nets (DBNIDM) is proposed. First, the contrastive divergence algorithm is employed to train each RBM at a time by a bottom-up approach, through which large amounts of nonlinear high-dimensional unlabeled input data can be sampled as optimal low-dimensional feature representations. Second, the supervised BP algorithm is employed in classifying the learned low-dimensional representations. Comparing with the traditional shallow learning methods, the DBNIDM model raised classification accuracy of intrusion huge amounts of data for the nonlinear high-dimensional space. (2) Propose a hierarchical vulnerability remediation model based on vulnerability type clustering. First, in order to solve the problem that vulnerability severity assessment is influenced dynamically by the patch remediation level and the code exploitability, a method of vulnerability dynamic severity scoring (VDSS) is proposed. This method can assess vulnerability severity accurately, which provides exact data for vulnerability remediation measures selection. Second, the vulnerability information clustering method based on the PSO-Kmeans algorithm is proposed. The PSO algorithm is used to get the global cluster centers, and the K-means algorithm is used to achieve clustering of vulnerability information. Then the vulnerability type threat factor is calculated. Finally, In order to solve the problem that the traditional vulnerability remediation strategy is difficult to determine the prioritization of the same vulnerability severity level, the hierarchical vulnerability remediation method based on vulnerability type is proposed to hierarchically model the vulnerability of the target host. The experimental results demonstrate that the model can generate the fine-grained vulnerability remediation strategy to the user.(3) Propose a dynamic risk assessment model based on Bayesian attack graph. In order to solve the problem that all attribute node beliefs are influenced dynamically by the observed attack events in attack graph model, based on Bayesian attack graph, a dynamic risk assessment model is presented. The probability attack graph, which describes the cause-consequence relationships among the steps in one attack progress, is built by using Bayesian belief networks. The probability of vulnerabilities, which is successfully executed by an attacker, is computed by using index of common vulnerability scoring system, and the static security risk of the property node is assessed by introducing local conditional probability tables. Then, combining real-time attack events being observed by intrusion detection system, the posterior probability is calculated dynamically when the attack occurs by applying Bayesian inference. Finally, the security risk of the target networks is evaluated. Experimental results show that the model can more accurately and effectively assess dynamical security risk and deduce attack path with the maximum cumulative probability, and provides effective guidance for taking security hardening strategy.(4) Propose an optimal hardening measures selection model based on Bayesian attack graphs. In order to solve optimal security hardening measures selection problem using the effective optimization algorithm, an optimal hardening measures selection model based on Bayesian attack graphs is presented in this paper. First, based on the dynamic risk assessment results, the Bayesian attack graph based on countermeasure and the four defensive operations is defined, and the probability is calculated after implementing countermeasure. Secondly, the economics indexes of hardening-cost and attack-benefit are built, and those indexes quantification method is presented. Finally, the formalization of the hardening measures selection problem is described by using cost-benefit analysis method. The optimal hardening measures selection algorithm based on particle swarm optimization is presented to implement the optimal hardening measures for attack path with the maximum cumulative probability. Experimental results validate the feasibility and effectiveness of our model in the decision of optimal hardening measures to reduce the network security risk.