The Analysis Of Attack Graph Based On Bayesian Network

With the increase of the network security threats, the behavior of which has showed the characteristic of complexity, diversity and uncertainty, etc. The original network security testing tools only detect the existence of security threats of single host, however, the vulnerability of the presence of multi-step, multi-host attack scene of the entire network must be taken into account. The method now is generally establishing attack graph about the given network configuration, which can be used to indicate an attacker trying to attack the network, from the initial state through a continuous series of attacks has made the access and used as a springboard to attack again, eventually reaching the target state. An attack graph contains a series of attack scene, with the increase of attack scenes, the security of the entire network will drop, so it is necessary for a quantitative analysis about a given network.Bayesian network is one of the most effective tools for the uncertainty knowledge representation and reasoning, in this paper, there is an overall security analysis use the attack graph based on the Bayesian network. At the same time common security vulnerability assessment system CVSS is used for a very strong evidence as the CBF to form a Bayesian network to further quantitative analysis of attack graph. The usage of IDS alerts as evidence of Bayesian network reference, so we can quickly and accurately find which path the attacker tried to attack and the ultimate goal of predicting attack.The main features of this article is the introduction of the Intrusion detection system, taking advantage of the network intrusion detection system for illegal intrusion in real-time alerts issue, based on the experiments of Bayesian inference, increasing evidence that the introduction of real-time, which make the network security status update has been greatly improved. At the same time the introduction of Bayesian network algorithm made the analysis of network security more convincing. Comparing with other methods, it can be more easily and quickly to help the network administrator to find the network security threats that exist for timely repair, thereby it can greatly enhancing security and stability of the network.