Research On Network Risk Evaluation Based On The Processed Attack Scenarios Reconstructing

With the rapid development of network technology, attack whose damage to the network is growing is more and more hidden, In order to effectively guarantee the quality of network service and the efficiency of business,people deploys a lot of network security products to the actual network for ascend the network security,such as firewalls, IDS(intrusion detection system),anti-virus software, vulnerability scanning system and so on. Due to these network security products which have functional limitations are difficult to make the unified effective correlation analysis and the aappropriate response treatment for different levels of attack, and can not give full play to theirs effectiveness. So many domestic and foreign companies launched a lot of network security management system, but these products are most only pay attention to the function of technical level, lack of effective and scientific alarm event handling procedures and methods. So the system is hard to analysis mass warning information in limited time and find hidden attack intentions, it is not really improve the efficiency of business and the service quality of enterprise.In this thesis, the author introduces the thought of workflow in the Platform of Unified Network Security Management,according to the process of the predefined construction attack scene, using different correlation model to complete alarm correlation analysis based on the warning sources, dig out the hidden attack intentions, built into attack sequence for interrelated independent alarm, finally reconstruct attack scene graph by the drawing tool. Thus this way make network administrator separate the work from the analysis alarm event, and can make them focus on handing the department's core business, also can track business processes, timely feedback the result of its handling to the usersIn addition to predict the whole security trend of, the network, this paper adopts risk evaluation model based on the attack scene graph, design the response strategies library on the base of risk value rating and the classification of cyber attacks behavior, achieve the attack-response mechanism for different risk value, and reach the purposes of full use of computer network resources and improve the quality of network security service.