Research On Analysis Methods Of Network Security Based On Attack Graph

With the continuous development of computer communication technology and the increase of network size, network attach techniques also has been developing very fast. Attacker usually take advantage of interlinked vulnerability to gradually enhance their privileges and eventually control the target host. Traditional analysis techniques cannot cope with an endless stream of attacks. Thus our computer system is facing unprecedented challenges to network security.Therefore, this paper starts from network security analysis techniques, mainly introduces the four commonly used network security analysis techniques domestic and abroad, pointed out the advantages of attach graph in demonstrating the vulnerability and interconnectedness of networks. We also introduced the development of attach graph technique. Based on the in-depth research on model checking technique, we point out the problem with common model checking algorithms of making the state space explode. This paper brings binary decision tree into attack graph generation and abstract network attacks as Büchi automata, then generate attack graph and eventually solve the explosion of state space.Then, based on attack graph, a hierarchical network security analysis model is proposed. From service and host, simple network-based and complex network-based perspectives, this model takes quantitative analysis of the network in order to get a comprehensive knowledge of local and global information. In the process of service analysis, it takes weight into consideration, introduces the concept of host security into the process of host modeling and considers the effect of vulnerability to host confidentiality, integrity and availability. It introduces Markov process into networks with less nodes, takes quantitative analysis of the attacker's average cost to reach the secure target, thus makes it more clear which attack path the attacker would choose. In the analysis of complex networks, it combines state attack graph and Bayesian networks. Based on the interdependence between the nodes and the computation by Bayesian probabilistic inference, it defines network reliability to reflect that whether the network is operating correctly. It also provides the algorithm implementation to calculate network reliability based on minimal path set method.Finally we designed three experiments to prove host, simple network and complex network based algorithms respectively, and prove the feasibility of a hierarchical model.