Research And Implementation Of Network Vulnerability Assessment Technology Based On Attack Graph

With the rapid development of Internet technology,the application scope of Internet is more and more extensive.The Internet has penetrated into all aspects of human social life and has brought great convenience to human beings.At the same time,it also causes human beings to suffer from all kinds of network security threats.Therefore,it is of crucial importance to solve the problem of network security effectively.The vulnerability assessment technology based on attack graphs proactively analyzes and evaluates the vulnerabilities of the target network system from the perspective of the attacker,fully considers the correlation between the vulnerabilities and can predict the combined attacks that the attacker may launch.Before the malicious attack,it provides security early-warning and defense schemes for network managers in time.In this paper,the automatic construction technology of the attack graph and vulnerability assessment technology are studied.The attack graph is formally defined,and a scientific and reasonable model of target network information and attackers' capability information is established.Then the reverse attack graph building algorithm based on attack pattern is used to generate the attack graph automatically and perform the visualization of the attack graph.Taking the constructed attack graph as the analysis platform,this paper proposes a three-dimensional network vulnerability measurement index to establish a quantitative model of network vulnerability.Set up the simulation network topology environment,use the model and method proposed in this paper to evaluate the vulnerability of the target network,find the key weak points and weaknesses in the network,and provide the security advice to the network managers.The validity of the system model is proved through experiments.On the basis of theoretical research,the network vulnerability assessment system based on attack graph is designed and implemented.Finally,the system verification and display are carried out.The main innovations of this paper are as follows:Firstly,three vulnerability assessment indicators are proposed,namely the importance of nodes,the reachability of nodes and the impact of nodes on the network.Based on these three indicators,vulnerability assessment function is constructed,Measuring the vulnerability of the network.Second,Optimize the attack graph,based on the maximum hop limit policy,increase the limit strategy of reachable probability,delete all the redundant information of the attack graph,keep only the information related to the attack target,and make the generated attack graph more simple and clear,and can be extended to large-scale complex networks.