Network Security Risk Assessment Based On Intelligent Planning

Owing to the complex network structure and the increasingly diversified network applications, the network security is faced with numerous risks. In passive single ways for a particular aspect of defense purpose, traditional tools and equipment like firewalls and intrusion detection systems are difficult to guarantee a network systems completely secure. How to protect the computer network system effectively with integrated defense of Internet security, network security assessment is an important way and hotspot of how to conduct proactive defense in the academe world. It has important value to research in network security assessment to insure network security.This paper applies intelligent planning on the analysis of network security risk. First, we establish a network scene model convenient to apply intelligent planning, then we build a security planning issue based on the model. Second, we design and implement an attack graph generation engine equipped with an intelligent planning algorithm named Fast Forward to finish the process assessment of risk. Then we propose an impact indicator of greatest risk RI innovatively according to attack reward expectations of attack plans for further analysis of the risk process, resulting in a good application in actual networ risk assessment.The main work of this article includes:To fix up the disadvantage that the general single modeling does not reflect fine-grained exploit actions in actual attack scenarios, We proposed a network security model CSC-Model for planning, and integrate multi-level factors to three components of CSC-Model: network model, method of attack and the attacker behavioral model library. On the base of in-depth summary of network security model in perspective of intelligence planning, we mainly put forward the concept of Agent for simulating attacker's penetration attacks in actual networks, and further transmit the process of the network scenario modeling into security planning issues APP, which includes each body of CSC-Model in plan domain, and specific targets for the risk process modeling in problem domain.To exert the versatility of intelligent planning algorithm and its more search-efficiency than the general attack graph generation method, we design and implement a planning engine oriented to security risk assessment, which work include data processing method and grammar translation module, selection of efficient planning algorithms, and design of attack path enumeration algorithm to generate the attack graph. The engine completes the risk process analysis, verifies the availability and effectiveness of intelligent planning methods.An impact indicator of greatest risk RI has been put forward on the base of the discuss that when a node as a threat source impact on network-level security risk under a certain attack goal and plan setting, its biggest attack reward expectation to a network-level security can affect the risk impact indicators RI. Then we can set a reasonable set of parameters, and do quantitative risk analysis of important nodes of the network. Finally we analysis an enterprise-class network security risk assessment case study to verify the RI's rationality and practical value as network security risk assessment methodology.