Research On Network Security Metrics Based On Attack Graph

The research on network system security assessment metrics has always been an important research direction of cyberspace security.At present,the research of security metrics really develops from rough estimation to accurate measurement.The attack graph model can describe the association dependencies between the vulnerabilities in the network.It is a description of the network attack behavior.It can reflect the dependencies between exploits using the attack graph model to measure network security.However,there are still many shortcomings in the research on security metrics,which are reflected in two aspects:(1)metrics are difficult to formulate,and complex network attributes need to be considered;(2)complex network topology,high complexity of attack graph generation,and cyber attacks complex and changeable.In view of the above problems,this paper proposes a host-based attack graph structure,combined with metrics and analytic hierarchy analysis,analyzes network security attributes layer by layer,and combines metrics to show network security status.The specific innovations and main work are as follows:1.Propose a host-based attack graph model.First,the network scenario is defined by topology,subnet,host,and connectivity,indicating network security related attributes.Then study the network attack attributes,combined with the vulnerability database information,give a general attack model,which is divided into preconditions and post-impact,where the postimpact includes the loss and the permission that the attacker can obtain.In order to reduce the complexity of the attack graph,a single host is used as a unit node,and the corresponding attack graph generation algorithm is described in detail.Finally,an example analysis of the entire attack graph generation structure is given,showing the association dependencies between network vulnerabilities in detail.2.Construct a metric evaluation method based on the attack graph to solve the loop problem encountered in the security analysis process.The analytic hierarchy process is used to divide the complex attack graph model into four levels: attack template,unit node,association relationship and network system.Bottom-up analysis,layer-by-layer measurement of related security attributes and metrics.The attack template layer proposes the exploit and impact metrics according to the CVSS.The unit node layer uses the degree of penetration and node value analysis.The association relationship can be divided into continuous probability and cumulative probability,and the number of attack paths of the subnet.Finally,calculate the network security value to indicate the current network security status.Combine the entire metrics system as a cybersecurity metric.During the analysis,the attack graph loop problem will be encountered,which is solved by finding all attack paths between nodes.3.Design and complete a network security metric based on attack graphs.The storage and traversal of the graph structure is an almost complex problem.This paper uses the high-performance graph database neo4 j to design the attack graph database structure and implement the attack graph generation algorithm.Design a test network environment that explains the entire measurement process.Displayed through the visual attack map path,showing the possible intrusion of the attacker.A scatter plot is used to indicate the degree of node outdegrees.The pie chart represents the number of attack paths and shows the attack hotspot area.Finally,visualize the combination of attack paths,charts,and metrics to visualize the threats and impacts of the network.