| Network is penetrating into various area of the world, such as political, economic, social and cultural. The problem of network security is protruding gradually. Network security root lies in its existing vulnerability. The network vulnerability is studied in this dissertation.The existing node importance evaluation method based on removing node or node contraction, comparing the performance of the network changes to determine the importance of nodes, it will lead to change or damage the structure of the network topology. In view of the above algorithms, a node importance evaluation algorithm is proposed in this dissertation based on improved topological potential. This algorithm pays attention to the dependence between the two nodes and the resources control ability of the node in the whole network. The node importance evaluation of a simple network and ARPA network are simulated based on this algorithm. The result shows that this algorithm not only takes the advantages of low complexity and high precision, but also keeps the network topology's structural integrity.Network attack graph can describe the attack path from the initial state to the termination state. In view of its excellent characteristics, this paper studies the attack graph automatic generation technology based on privilege ascension. We use Visual Prolog to establish attack prototypes and inference attack path, and use Graphviz to realize the visualization of the attack graph.Based on the research contents of the last two parts, realize network vulnerability analysis and evaluation. The whole system consists of five parts. They are information collection module, information storage module, attack graph automatic generation module, attack graph drawing and visualization module, and the topological structure vulnerability assessment module. Finally, the network vulnerability is measured by using the attack path harm degree, probability of success and attack strength. |
PDF Full Text Request