Based On Bayesian Attack Graph And Markov Process Network Attack Defense Analysis

With the development of information technology is the increasingly serious problem of network security.The early intrusion detection technology only quantifies the vulnerability of network nodes and the depend encies between nodes to predict the risk of system intrusion.However,it ignores the impact of the attacker's intention on network security,especially the large-scale coordinated multi-step attack.The attacker's choice of attack at each step will have an impact on the subsequent network nodes.In addition,the intrusion detection model cannot achieve 100% accuracy,that is to say,network intrusion will inevitably occur,so we cannot only consider the detection of intrusion behavior,how to ensure that the system can still provide services for legitimate users after the occurrence of attack behavior is also a problem that needs to be solved.Based on this,this paper studies the defense of network attack behavior from two aspects of network security situation analysis before the attack and how to maintain the ability of the system to still provide services after the attack.Firstly,in order to accurately analyze the network security situation before the attack,this paper studies the network intrusion behavior from the pe rspective of the attacker,and analyzes three factors that will affect the att acker's willingness to attack: vulnerability value,attack cost and attack benefit.The probability of atomic attack is calculated by using these three indexes,which can truly reflect the probability that a certain network node is occupied under one-step attack.Then,a static network risk assessment model is established by combining bayesian belief network and attack graph,and then a dynamic risk assessment model is established by combining the attack intention of the attacker to deal with the complex network with constantly changing security elements,which improves the accuracy of risk assessment.In order to predict the attacker's attack path,this paper also calculates the overall reachable probability of the attack path,avoids the impact of the vulnerability of a single network node on the path selection,and improves the accuracy of the prediction.Secondly,the intrusion tolerance system is constructed to ensure the service capability of the system when the attack behavior inevitably occurs.By establishing an optimized intrusion tolerance model and using marko v process to quantify the established model,the key factors affecting the tolerance of the system are found out,and the purpose of enhancing the availability and reliability of the system is achieved through the maintenance of key nodes.In addition,this paper analyzes the influence of different intrusion factors on the tolerance of the system,and proposes the solution to enhance the tolerance of the system.Finally,the effectiveness of the network attack defense strategy designed in this paper is verified through experiments.