Font Size: a A A

Research On Network Security Evalutation Technology Based On Attack Graph Model

Posted on:2013-11-05Degree:MasterType:Thesis
Country:ChinaCandidate:Y X ChengFull Text:PDF
GTID:2248330392461049Subject:Electronic and communication engineering
Abstract/Summary:PDF Full Text Request
With the rapid development and popularity of computer network,netwok plays more and more important role for country, enterprise aswell as individual and the scale of network is larger and larger. Theaccompanied network security problem has become the important factorthat affects the development of country and enterprise. As for networksecurity, the evalutaion of network security is the critical step regarding tosecurity management. In order to improve network security and takeevaluation to give security solution, a novel method of network securityevaluation based on attack graph model is proposed.For attack graph, firstly it begins with modeling network attack anddefining related components, and then proposing automated methods ofextracting information about vulnerability, topology, host etc. In order togenerate attack graph, model checking principle and the binary decisiondiagram (BDD) for solving space explosion issue are both studied. UsingBüchi model in Symbolic Model Checking Alogrithm to describenetwork attack, the attack graph is generated automatedly. Meanwhile thenumber of attack steps can be used to control its scale.The research on the multi-objective security evaluation based onattack graph is taking on. Combining with a few probability models ofattack graph, we propose some security evaluation metrics are proposedtogether with the mothod to compute them, so that multi-objectivesecurity evaluations can take effect. They include evaluation of attackgraph critical nodes based on connectivity, quantified analysis based onMarkov Chain, evaluation based on attack sequence, mean cost tosecurity goal based on Exponential Distribution, vulnerability level basedon Bayesian Network. That is to say to evaluate security from these fiveobjectives.Besides, the prototype of network security evaluation system based on attack graph model is designed with system design flow chart and systemfunction modules division. There are such three modules as modules ofinformation gathering and preprocessing, attack graph generating andvisualizing, attack graph multi-objective security evaluation. The detaileddesign of their child modules and functions are also given.Network security evaluation system based on attack graph model canhelp network security administrators control the global network moreeffectively with security enhancement suggestions. The method is well inexpansibility and practicality.
Keywords/Search Tags:attack graph, security evaluation, model checking, Markov Chain, Bayesian Network, vulnerability, automatic modeling
PDF Full Text Request
Related items