The Research Of Network Vulnerability Assessment Based On The Exploit Graph

With the rapid development of network technology, network security problem has become the current focus of the network technology research domain. Both theory and practice indicate that the reason why the exploit activities like virus, malicious code and network intrusion can badly compromise computer system is due to the existence of security vulnerabilities in design, implementation and maintenance of computer and software systems. Network vulnerability assessment technology can detect potential security vulnerabilities and assess the security situation of the network system. Therefore, the research of deeply analyses and the study of network vulnerabilities assessment technology is greatly significant for ensuring the security of computer and network system.In some case, single network vulnerability may be safe, or in some single act does not constitute a threat, but in the complex network connection, the attackers can make use of network-related vulnerabilities to exploit, and gradually improve their own power, and ultimately achieve the purpose of controlling objectives the machine or service. Study the association relation between the vulnerabilities is the focus of the network vulnerability assessment theory. Whether the description method for the vulnerability works is well or not has a direct influence on the degree of the relative vulnerability's fusion. The current model of vulnerability assessment based on the graph has some shortcomings such as difficulty to generate the network graph and easily give rise to the "state explosion" and so on. Because of this, the paper presents a Network Vulnerability Assessment Model based on the Exploit Graph (EG_NVAM).Based on the main line of network vulnerability, the model imports the methods such as the OVAL-based vulnerability description, vulnerability fusion, semantic similarity polymerization etc, and collects the network vulnerability, analyses the vulnerability relation, consults network configuration and topology, simulates the produce of the exploitation state change, forms the nodes by the atom's exploitation, forms the edges by the exploitation state's change, builds exploit graph, analyses the key exploit queue and then constructs assessment of network vulnerability.By theoretical analysis and examples of evaluation showed that the application of the model reduced the exploit of atomic base, reduced the exploit graph generated scale, and improved the efficiency of the graph generation and visual displayed the potential weaknesses of each relationship. By using the model we could find the weak network security aspect and give reasonable proposals and measures to improve and perfect, which improved the security of the network's robustness.After improved the model, it can be applied in classified military networks, e-government, e-commerce which network has sensitive information or has a higher degree of safety requirements to execute network vulnerability assessment. The model is expected to build a comprehensive network assessment and defense systems together with security products which interact with based on the OVAL such as IDS, firewall, etc.