| With the rapid development of technology, computer and network application provides convenience for our social life, but the ensuing network security issues have becoming more and more critical.Therefore, how to analyze and evaluate the network security has become an important issue at present. The network security risk assessment technique based on attack graph can analyze and assess the security risks when the security event does not occur and take full account of the correlation between vulnerabilities, which has been widely studied.This article focuses on the method of network security risk assessment. Through builting the attack graph model of the target network, each isolated vulnerability is linked. With the demand weigh of the host based on the confidentiality?integrity?availability, the importance of the host, the probability of vulnerabilities and the impact of vulnerabilities on the host as the base datas, the method combines the superposition maximum probability adjacency matrix and the single-step maximum risk adjacency matrix, and evaluates the maximum risk value that attackers may impact the target hosts and target network.Further research shows that the influences caused by these key hosts are not exactly the same. Therefore, two types of key hosts in the network are considered, in order to evaluate the risk of the network in a finer granularity.Traditional network security risk assessment methods exploit the easiest attack path to compute the risk values of hosts. However these methods merely analyze the most severe risks that hosts face with.To solve this problem, we propose a maximum host risk assessment method based on the attack graph and adjacency matrix.This method combines the superposition maximum probability adjacency matrix and the single-step maximum risk adjacency matrix, and evaluates the maximum risk value that attackers may impact the target hosts.Simulation results show that the proposed method can obtain more comprehensive and accurate assessments and globally analyze the vulnerabilities of networks. The existing key hosts analysis methods which considering only the possibility of the vulnerability. To solve this problem, we propose the key host analysis method based on the probability of occurrence of the vulnerability and the value of the impact Attributes, so that the assessment results more comprehensive.At last, Network Environment Security Evaluation System is designed and implemented, including its architecture, detailed design of core modules and execution plan. The experimental results show that the proposed method of network security risk computation approach is effective. |
PDF Full Text Request