Attack Graph Generation Technology Based On Attack Pattern

Attack graph is a model-based network vulnerability assessment method. From the attacker's point of view and based on comprehensive analysis at a variety of network configuration and vulnerability information, it enumerates all possible attack paths in order to assist the defenders to get intuitive understanding of all relationship between the vulnerability of the network, network security and the relationship between the configuration and the resulting potential threat. The earliest map of the attack can only be carried out by a network expert by hand, yet as the network size and vulnerability of the explosive growth in quantity, the hand-building of a large-scale network attack graph has become a "mission impossible". Therefore, current attack graph research focuses on its automatic construction.This article firstly introduces the key technologies and the existence of a weak link in the study of attach graph, then it studies in detail the vulnerability methods of description and classification methods against to the need of the construction of attack graph. On the basis of studying relevant overseas research finding and massive analysis on vulnerability, it proposes comprehensive analysis of attack graph for attack patterns based on the vulnerability of classification, defines 20 different types of attack patterns, designs and implements the knowledge Base of attack mode. This article also presents a new attack plan Modeling Language named AAGML. This language is not only an accurate description of the attack mode, but also a good support for network modeling and increasing attackers'ability to model. We proved theoretically that the monotonicity assumpiton of AAGML language when it supports attackers. Through our deep semantic study of AAGML, we proposed the algorithm, which greatly improved the efficiency of building attack graph by taking advantage of attacker's monotonicity assumpiton.Finally, based on theoretical analysis, we design and implement a attack graph that automatically generate model system. This model system is testified to quickly result in attack graph of target network and approved to be complete and accurate by a simulated scenario.