The Research Of Network Security Risk Analysis And Control Method Based On Attack Graph

The network world is facing the vulnerabilities that exist everywhere in the network, threats and attacks that come from various aspects. Security risk exists inevitably. The security risk assessment which is an important and actively defense technology in network security, has the vital significance to the network security technology research, and is one of present research hotspots.The network security risk analysis will understand as far as possible whether there are risks at present or at the future network, and it fully analyses influence degree of these risks, so that we may achieve acts appropriately to the situation, prevent accidents before they occur, and protect the computer and the network security on own initiative, and make the possibility of system attacked and the destroyed lowers to the most mild degree.Firstly this paper concludes the relationship between the traditional risk assessment and risk analysis. Secondly it analyses some of general risk analysis methods of network security, and each of their advantages and disadvantages analysis included. In light of the actual work, it concludes that the method of traditional risk assessment has the advantage of relevance of assets and loopholes, and has the disadvantage of subjective judgments on the threat; and the current research of method based on attack can not associate the value of assets to risk analysis. So it raises a model of security risk analysis and control, in the model it takes the method of risky analysis based on attacks, and the information about target network and intruder is studied and described. By correlating the system's vulnerabilities and attacker's behaviors, attack state graph (A S G) is introduced, and its generating algorithm presented. In ASG the state transfer during the attack process is simulated. Then the ASG is used to find out all the routes of the attacker's pervasion, and then to evaluate the threatened location and risk degree, which provides a useful evidence and guidance for making risk decision. Following the result of risky analysis, it uses the method of mending loopholes for controlling the risk, and verifies the effectiveness of vulnerability patch through quantitative method.Finally a virtual network environment is given to illustrate the applicability of this risk analysis method, then it validates its effectiveness to network security analysis and quantitative assessment, and also the process of analysis is verified scientifically through the simulating experiments.