Research On Network Vulnerability Assessment Method Based On BNAG Model

With the rapid development of Internet technology and the continuous expansion of the network scale,there are more and more security incidents such as malicious attacks and illegal intrusions related to the Internet.How to make an accurate assessment of network vulnerability and make timely detection and prevention of network security vulnerabilities is particularly important.At present,research on network vulnerability assessment has become one of the research hotspots in the field of network security.Based on the analysis and research of existing network vulnerability assessment methods,this paper proposes an attack graph BNAG model,and introduces the concept of node attack difficulty metrics and weight set to optimize the attack graph.After the conversion,Based on the BNAG attack graph,the node reachability probability and path reachability probability of the attack graph are calculated and analyzed,and then the vulnerability of the entire network is evaluated.The main work and innovations of this paper are as follows:(1)For the network vulnerability assessment,this paper proposes a Bayesian-based attack graph ternary BNAG model.The relationship between the resource state node and the attack behavior node is clearly described in the model,and the node state judgment function attribute and the node logic relationship attribute are introduced to make the model analysis clearer.(2)For the problem of loops in the attack graph generation process,this paper proposes a loop elimination E-Loop algorithm.In the algorithm,the node attack difficulty metric is introduced to eliminate the loop in the attack graph,and the generation steps and specific optimization process of the attack graph are given.(3)For the quantification and analysis of attack reachability in the attack graph,this paper proposes the attack graph conversion algorithm Alg-AGTrans and the path reachability probability algorithm IterAlg-AccPro.In the algorithm implementation,the concepts of attack weight set and state transition index are introduced,and the specific conversion and calculation process is given.