Petri Net-based Network Security Defense System Assessment Model

As people access to the Internet is increasing, network security is very importantto people, how to evaluate network security is an important research topic. There arestill many deficiencies for the network security evaluation. Most of the statictraditional risk assessment often separate evaluation for security and defensecomponents. Then a simple superposition assessment of the entire network securityassessment conclusions drawn. Rarely consider the intrinsic link between the structureof the entire network system and network security devices (components) contributionto the network security defense. In fact the complex relationship between the logicalcomponents of network security has an important impact on the defense capacity ofthe entire network system.(1) The background and related technology of network security system are studied.We analyzed some security technologies and studied the current information networkdefense system. Describes the generation, definition, nature and extension of petrinets, to provide a basis for the subsequent petri network security defense systemevaluation model.(2) Through analyzing component combination series-parallel strength, at thesame time, combining with the characteristics of petri net, we proposes a networksecurity defense system evaluation model based on petri net.(3) Through the theory and simulation testing of the proposed model, proved theevaluation model based on petri network security defense system is effective. ByMonte Carlo algorithm simulation modeling process, we compare safety aspects ofnetwork security of the network security defense system evaluation model based onpetri net and traditional P2P network system.The main innovation of this paper is to fully consider the various factors betweenlayers and defenses parts of network defense function, presents a more realistic modelof network defense capabilities, and finally analyzed using petri modeling and themodel are proved. Due to the access path generated in the process of fully consideringthe real network topology and defense components, can be avoided in some part ofexcessive defense and another part of the defense is insufficient, so it has practicalsignificance and guidance for network security planning.