| Network privilege escalation graph describes all the possible attack path in the network, which is a derivative of attack graph, but also different from the attack graph ,because it does not specify the attacking source host and destination host, however,it analyzes global network privilege escalation to improve the situation. Compare with traditional security assessment,privilege escalation graph method concern more about the superposition of various network logical connection between the hosts and the threats,so it describe the risk faced more accurately.Graph-based network access security nowadays safety is mainly a man-made analysis. CVE dictionary which describes loopholes in the network and is usually used to find the possible attack path, by the description of the evaluation we could be used to determine whether the vulnerability can generate a path in the graph. Some academics have proposed it is possible to use data mining to learn the rules of whether the vulnerability in a very environment could generate a certain edge in the graph. Data mining could be used for KDD by a large amount of statistic vulnerability data in real world. Whatever the analysis method, its description is host-based, network vulnerability is the host of vulnerabilities, and privilege escalation path is the link between the host and the host.In this paper we present a definition of privilege escalation method graph based on the connections, this method is not like traditional host-based analysis of network safety assessment, however, it use the connection between the hosts to describe the vulnerability resulting in elevation of privilege . It is the vulnerability described in the CVE dictionary which is used to determine whether and how it generates a privilege escalation path. While in this paper we also present the connection-based network privilege graph generation algorithm, and the safety assessment model based on this algorithm. There is detailed description and analysis from vulnerability detection to generate privilege escalation paths throughout the whole process.After generating the global network privilege graph, a particular escalation path could be given by the model, when we initial the host privileges. Meanwhile, when the two networks combined, a corresponding algorithm is given in this paper to combine the privilege escalation paths.In this paper we first describe the development of the network security assessment, technology classification, and privilege graph-based network security assessment model. Then a connection-based security assessment model is introduced, with its definition method, algorithms and the analysis feasibility of this method, which including the structural framework, modeling, analysis, adaptation, and then verified the validity of model and algorithm in an experiment. At last it gives the time complexity analysis. |
PDF Full Text Request