| Network attack graph construction system is a tool for assessing network security. The attack graph can help to assess the vulnerabilities in the network. In the constructing of the attack graph, connectivity analysis plays a very important role. By using connectivity analysis module, we can perform network topology and firewall rule analysis offline, which determines the connectivity between two hosts. The connectivity analysis helps the attack graph construction system to assess the vulnerabilities more entirely and more accurately.This paper introduces and parses the global main trend of the attack graph construct techniques and network connectivity analysis methods, then according to these techniques and the need of attack graph construction system, gives a design of network connectivity analysis module which adapts to advanced firewall rules and NAT. What's more, We have introduced a conception of Critical Entity Collection. Then an effective way of CEC detection is presented on the basis of classic apriori algorithm. In this module, the paper will introduce the implementation of the module in following three parts: address selection, connectivity analysis and graphical user interface. At last, a virtual network topology is established to check the validity of the module. Deep analysis and comparison show that CEC provides effective information for the assessment of the importance of nodes in the network in the process of connectivity analysis. |
PDF Full Text Request