A Designing And Implementation Of Network Security Evaluation System Based On Graph Theory

The network world is facing the vulnerabilities that exist everywhere in the network, threats and attacks that come from various aspects. There is security risk inevitably. The security evaluation which is an important active defense technology in network security, has the vital significance to the network security technology research, and is one of present research hotspots.Under some circumstances, the single network node may be safe, or single network behavior will not form threat, but for the complicated network connections, the vulnerability situation is quite different. Network risk is not merely the reflection of node flaw, but the measure of risk degree for the entire network. Network security analysis can evaluate the overall security of the network, which is the foundation for security strategy deployment. The network security evaluation is a systematic project, so we need to overall consider the security questions and seek the optimized solution. Simultaneously we should consider the diversification of analysis methods and the relation among network nodes.This thesis analyzes the main content about network security evaluation, including theory relating to security evaluation and major methods of discovering network information and detecting vulnerability . As the development of the computer network and the depth of the research to security analysis, the method based on security model were bring forward constantly. The thesis also analyzes the main models of network security evaluation.The thesis also discusses in detail the various network security attributes which are closely related network security, including access of attacker and connectivity of hosts and vulnerability of hosts. Aims at attackers usually used one or more known vulnerabilities to intrude the network, the thesis emphatically brings forward the network security evaluation method based on graph theory. The method looks upon the process which attack into practice with the attacker as the changes of network states, therefore being able to analyze the potential attack route .Owing to this model, the thesis has brought forward a network attack graph automated generating method, which combines global graph and goal graph. The method being able to generate all attack routes which can arrive the attack goal when generate global attack graph. Aim at generated attack graph, the thesis has brought forward method of analysis both from qualitative and quantitative.At last, we design and implement a network attack graph generating system, prove the validity of this system through experiment and present the disadvantage of the system now and the prospect for the risk assessment's development.