Research On Network Security Evaluation Based On Attack Graph

As the high development of computer and telecommunication technologies, the scale of network grows accordingly and various network applications are also becoming more and more widely popular. However, different kinds of network security problems are also troublesome. The capabilities of traditional defending technologies are too limited to successfully cope with the huge amount of network security events and the computer's network securities are facing predominated challenges. Network security evaluation can dynamically reflect the network security circumstance before the attack approaches, reveals out the potential threat, and help the security administrator to take timely and efficient steps on one hand. On the other hand, alert correlation technologies can reconstruct the attack scenarios, distinguish the attack intention and make prediction about the future attack steps after the attack has been approached.This paper firstly introduce the relative works about the security evaluation and event correlation in the past years, and then give rise to the network security evaluation and event correlation based on attack graphs. The concept of attack graphs are illustrated with vulnerability correlation. Then based on the analysis of attack graphs, the paper generate the attack graph between two hosts in a network and the access graphs between these two hosts. With the outcome of hosts'access graphs in the network, the paper makes matrix iteration analysis to get the whole network's hosts'access graphs. Finally with the analysis of assets, this paper makes network evaluation and risk priorities, Network evaluation is kind of pre-alert analysis and in real circumstance, we also have to turn to some other security technologies. As a result, this paper also makes some research in alert correlation to reveal the threat after the attack has been approached. The attack graph was first been transformed into queue graph in memory. Using breadth-first search, the forward pointers, which is for attack prediction and the backward pointer which is for the alert correlation and hypothesis are generated. In the end, this paper gives example analysis to prove the efficiency of the technologies proposed by this paper.Network security evaluation can help security administrator to timely get the security situation of the whole network, thus able to take effect and efficient approach accordingly. And alert correlation technologies can detect the attack, reconstruct the attack scenarios, distinguish the attack intention and make further prediction. These two technologies can be combined together to make a more efficient protect of the network.