Research Of On-the-Fly Verification And Assessment Method Of Network Security Based On Attack Graph

The rapid development of computer network technology has made it inextricably linked to people's working lives.The explosive growth of Internet users,the dramatic expansion of application,and the poor awareness of users to take precautions have led to increasingly prominent network security issues.Attackers find and exploit vulnerabilities in the network to penetrate network systems.As an important tool for network vulnerability analysis,attack graph can correlate otherwise isolated vulnerabilities and reflect the intrinsic linkage of cyber attack.However,there are still many deficiencies in current research on attack graph-based security assessment: poor generality,state-space explosion,inefficient analysis,and impartial quantification.To address the above problems,this paper proposes an attack graph-based on-the-fly verification and assessment method for network security,which combines on-the-fly verification method and CVSS metric to demonstrate the network security status.The main results of this paper are as follows:1.This paper provides a modeled representation of vulnerability information,network topology,node association relationships,and attacker information,increasing the readability of network security elements and simplifying attack graph modeling.A generic template for attack is constructed that clearly describes the conditions under which the attack occurs and the effects of the attack,reflecting the correlations of the attack.Combining the benefits of attribute attack graph and state attack graph defines a complete attack path as a carrier for evaluation work.2.In this paper,we propose a new method of on-the-fly verification of network security with attack at its core,which can quickly and accurately give a complete security counter-example by simply constructing a partial state space of the network system,alleviating the state space explosion problem.The need for a breadth-first based search algorithm and a fix algorithm is described in detail,and the feasibility of applying this method to large networks is illustrated with examples.3.This paper uses CVSS metric as the cornerstone,combined with the time factor and environmental factor correction,and uses the attack scenario as the final unit of assessment to measure the security status of network systems.A computational approach to availability and influence of node is proposed,and the cumulative effect of attack behavior is described.From the perspective of the attacker,the timeliness of the attack behavior and the impact of the network environment are considered.Combining multiple metrics results in an attack threat metric that provides an objective and accurate assessment of the security status of the emulated network.