Research And Achievement On Multi-metrics Risk Assessment Model Based On Extended Bayesian Attack Graph

With the popularity of network application and the complexity of network structure,the network security problems are increasingly grim.Risk assessment is an effective change of network security technology from passive defense to active defense,which has significant implications in solving network security problem.However,most of the early risk assessment methods are used to evaluate the risk level of a single vulnerability,which ignores attackers may use the multi-step attack to harm the network through the weaknesses dependency and host connectivity in a real network environment.Therefore,attack graph is applied to the network security risk assessment because it can well simulate weaknesses dependency and host connectivity.However,most of the risk assessment method based on attack graph ignores the possibility of attack implementation when calculating node probability,which resulting in a deviation from the assessment results;Meanwhile,evaluation metrics are single in most of the risk assessment method based on attack graph,which reflects one side of the current network security status resulting in inaccurate risk assessment thereby the late defensive work has brought difficulties.Regarding the issue above,this paper firstly proposed an extended bayesian attack graph model through combining OVAL,MulVAL,attack graph model,CVSS scoring and bayesian network;then probability safety metrics is formed by combining node probability of extended bayesian attack graph and basic safety metrics;finally a multi-metrics risk assessment method based on extended bayesian attack graph is proposed by merging probability safety metrics.This method not only takes into account the probability of attack implementation,but also improves and merges the basic security metrics,which makes the node probability and assessment results more accurate thereby providing a basis for defense work in the future.The main work in this paper is included in the following aspects:(1)Elaborated in detail the three schemas of OVAL and their standard format,and researched in depth system feature information and weaknesses information on OVAL results file.Afterwards researched in depth workflow of generating attack graphs by an attack graph automatic build tool called MulVAL,which lays the foundation for constructing extended bayesian attack graph in the later stage.(2)The calculation method of the bayesian network is researched deeply,which combined with the probability of attack implementation and the probability of attack success are calculated by CVSS scoring,expertise and the rules of MulVAL puts forward an extended bayesian attack graph model,which makes the calculation of node probability more accurate and lays the foundation for risk assessment in the later stage.(3)Elaborate in detail advantages and shortages of basic security metrics,which combined with node probability puts forward probability security metrics,such as Maximum Cumulative Probability Metrics,Normalized Mean of Path Probability Metrics and so on.Further,a multi-metrics risk assessment method based on extended bayesian attack graph is proposed merging probability security metrics by algorithms,which can show the overall network security status and infer attack intentions accurately thereby improving the accuracy of the risk assessment results.(4)Based on the above research,a multi-metrics risk assessment system based on extended bayesian attack graph is implemented on Linux RedHat5 system in this paper,and verified the feasibility and effectiveness of the multi-metrics risk assessment method based on extended bayesian attack graph is applied in the system by method testing and functional testing.