Research On Network Security Risk Assessment Based On Stochastic Model

With the rapid development of computer and network technology, network security problems become increasingly severe. Network security risk assessment is an important means of acquiring and mastering the current and future state of network, which is of great significance to maintain the safe operation of the network. The assessment methods which are based on rule or scanning tools generally only do a partial assessment of the network. They can only examine whether the network system has the known weakness. If we want to conduct a comprehensive risk assessment of the system and find some new potential vulnerabilities, we need to rely on network security evaluation method based on stochastic models.In this paper, we put focuse on the problem that traditional quantitative evaluation methods often neglect the correlations and differences of the nodes, have low computational efficiency and are not suitable for large-scale network assessment. Three aspects of research works are maillly conducted in this dissertation. O ne aspect is to study the risk assessment method based on the hidden Markov model which can characterize the state of each node in the network. The second aspect is to improve the quantitative evaluation method based on game theory which focused on human factors on network security situation. The third aspect is to design an improved network risk evaluation method based on Markov Game. The main work of this paper is as follows:1. Presented a real-time network security quantification assessment based on the correlations of nodes. By using network security risks quantitative evaluation method based on the hidden Markov model, we introduce the correlations of nodes to improve the network security risks quantitative e valuation methods in which the affinity of nodes is generally ignored. In addition, the relative importance of the hosts is taken into account to distinguish the contribution of different hosts on the network risk. Simulation results show that the proposed method can quantify the value of network security risks more accurately, discover the vulnerability of the network, and then can provide the basis for the adjustment of network security strategy.2. Improved the network security risk quantification assess ment based on the game model. The analysis method based on game theory can be used to describe the human factor of network risk better. We use two-person zero-sum game model to characterize the process of network attack game. By refining the model of offensive and defensive strategies, we can calculate both players’ gain accurately with lower complexity; In addition, distinguishing the different nodes in the network, considering the relative importance of the nodes, we can characterize the different nodes contribution to the risk adequately. Simulation results demonstrate the feasibility and effectiveness of our method.3. Designed an improved network risk evaluation method based on Markov game. we present an improved risk assessment method based on Markov game that has simply changed the past, in which the risk status of the network assets were classified into fixed categories. Depending on the game relationship between vulnerabilities fixing and threat attacking, this method has more detailed characterization of the network risk. Network attacks and vulnerabilities are sorted, which reduces the state space, making the scale of model input greatly reduced, improving the assessment of large-scale network efficiency. In addition, the relative importance of the hosts is taken into account to distinguish the contribution of different hosts on the network risk. Simulation results demonstrate the feasibility and effectiveness of this method.