Research On Dynamic Attack Network Evolutionary Modeling And Defense Strategy

Under the background of information technology revolution,some new technologies such as computer,network communication and so on has made a radical change in the way the world works.Especially in recent years,the further research and industrialization on cloud computing,big data,networking and other ideas has made the control of information become a new strategic commanding height,but at the same time the various types of network security incidents also began to see the press frequency.The prism plan on June 2013 has made the information security from the economic benefits driven up to the national security level,In February 2014,the central network security and information technology group set up,which marks the awakening of the national consciousness of the Internet in china and demonstrates the importance of national information security strategy.The attack strategy is diverse,which makes the traditional passive detection technology is difficult to achieve the purpose of protecting the network space security,the active analysis method based on attack model which does the overall safety evaluation before the attacks,means to ensure the security and robustness of the system under the condition of insecurity and make the network have the ability to resist the risk of organized attack.From the attacker's point of view,the attack model which forecasts the possible attacks and then gets the reasonable inference and the corresponding safety improvement measures for the network is a hot research topic in the world and also a very promising area of research on network security currently.This paper summarizes the research status and progress of attack model and vulnerability risk assessment in detail firstly,and based on the dynamic characteristic and uncertainty of network attack process improves the accuracy of network security evaluation and promotes its usefulness in large-scale network through the fine-grained modeling,visualization of the logic association analysis and efficient quantitative mining algorithm.The main research contents include the following aspects:First of all,to solve the problem that the traditional quantitative analysis model can not show the dynamic interaction between the entities,and most of them can not get the global result of the risk diffusion,according to the influence propagation process in social network,this paper provides a new network vulnerability diffusion analysis method based on cumulative effect in which vulnerability diffusion analysis model with fine grained structure of the main componment is defined and based on the theory of the influence of the linear threshold propagation model of social network,vulnerability cumulative diffusion algorithm is put forward,which can comprehensively consider the network characteristics and diffusion characteristics to deduce the final impact range of the attacker.The example and analysis results shows that it can improve the accuracy of risk assessment,find the most vulnerable set of threats,and make the lowest cost safety measures in the end.Secondly,propose a new framework for Event-Based risk assessment in dynamic network in which the evolution idea of dynamic network is used in the risk assessment of computer network.The framework constructs dynamic access relation network on the basic of static physical link.Using time characteristics,the timeline algorithm can effectively describe the trend of attack evolution and discover important attack events,Graph approximation algorithm can simplify the analysis process to be the analysis between the approximate graphs of time periods,which can effectively reduce the noise behavior.In addition the framkework can do evolution tracking and correlation analysis on network segment.The analysis results can reveal the close relationship between the attacker's attack strategy and the important attack events,and the comprehensive effect of the attack events on the network system.Third,according to the dynamic evolution process of social network,a new dynamic attack network evolution and analysis model is proposed.Baed on the evolution graph,this model extends the attack graph to the evolving attack graph which is simultaneous changed in time domain and spatial domain both.Based on the definition of similarity subgraph,this model constructs the attack evolution model,analyzes the transient change in each mode and combined with time series data,analyzes the the connection change relationship between patterns.Model application analysis process whose core is the attack evolution mining algorithm can determine the number of attack patterns throughout the process,clear the typical attack structure of each model and effectively simulate the process of attack.When defense means is needed,admin can choose harmful stage or node to prevent the attack.Fourth,Combined with the concept of uncertain graph and possible semantic world model,this paper provide a new possible attack graph,which adds the formal representation and consideration on some uncertainty factors such as network link,network congestion,intrusion and so on in the process of construction and analysis of network attack graph.The model gives out the detailed definition and construction method for PAG,at the same time provides attack graph generation and simplification algorithm,Maximum reachable probability solving algorithm,Maximum attack sub graph generation and maximum possible attack path selection algorithm.The example shows that the model can generate the attack graph in a reasonable time,and can effectively infer the attack intention,provide the decision basis for the management of the network administrator.Fifth,the randomness of network attack and defense strategy selection will lead to the randomness of the system state changes;the process of network attack is certainly a multi state confrontation in which the gain matrix is different.Using the Markov decision-making process to describe the stochastic dynamic characteristics,this paper extends the game model from single state to multi state,and proposes a new Markov evolutionary game model with multi state and multi agent.After the basis of formal modeling,the existence of equilibrium strategy is proved,and the attack and defense strategy is obtained by solving a corresponding nonlinear programming method,network attack and defense simulation experiment and deduction analysis show that the model is conform to the practical application,the evaluation results are accurate and helpful to the development of offensive and defensive game.Sixth,according to the coarse granularity and limitations of the current attack graph model and the concept of complex network controllability,a new model is proposed in which the coarse granularity of the traditional attack graph is refined to the component level.The model uses the weighted directed graph to represent the attacker's permission diffusion process,and gives a complete definition of network attacks and the transfer matrix.At the same time through rigorous theoretical deduction,the rule conditions of complete probability control or partial probability control of complex attack networks is concluded.The relationship between probability controllability and the controllability of the traditional structure is demonstrated also.The analysis results show that it can be used in the security situation for large scale network in polynomial time complexity,provide an effective way to choose defense nodes,and give the defense strategy validation method.The most important is it is proved that with the finite network defense the network can have the anti attack capability.Finally,In order to do the robust inhibitions of diffusion range of attack under limited defense,for two cases: uncertainty or known attack policy set,this paper puts forward a new multi view analysis method for robust suppression of attack diffusion.In this method,formal definition is done for the optimal defense effectiveness in the process of offensive and defensive.Based on the LDAG high approximate estimate put forward the defense subset mining algorithm for uncertainty attack policy set and the stochastic defense measure algorithm for known attack policy set.Also it is proved that both of the algorithms are polynomial time range through mathematical deduction,finally,a multi view and visual prototype system is designed and implemented.Simulation experiment and multi dimension analysis show that the method can achieve a good compromise between the optimal effect and efficiency.There are four statges in network active risk assessment method based on attack model,they are vulnerability knowledge acquisition,formal model construction,evaluation index system construction,and model analysis,the first three stages have some suscussfully results in small scale experimental network,but the model analysis stage is still in the exploratory stage in the true sense.Based on the dynamic evolution of complex networks and dynamic attack graph with components nodes,this paper break the limit that the traditional attack graph is always based on the static abstract model;for the first time synchronization evolution trend in time domain and space domain is considered together,which can greatly improve the practicability of existing attack model for large scale network,and simply the analysis of large scale network complexity;through the combination of advanced stochastic models such as game theory and controllability theory,the accuracy of the analysis can be improved,the method in this paper can provide decision basis for the management of network administrators.The new ideas,new methods and the theoretical proof that the network can provide the capacity of scheduled service under the limited defense all have important practical application value in the network active security analysis.