| With the rapid development of the Internet and its applications,network attack techniques have become more diversified,and network security issues have become increasingly severe.The search for practical security risk assessment methods is a research hotspot in the field of network security.Attack graph is a network vulnerability assessment method.It visually shows the possible attack paths in the network for network security managers in the form of graphs.It is an effective tool for analyzing network vulnerability.Traditional attack graphs are based on vulnerabilities,but the attacker's attack method is not only to use traditional network vulnerabilities to attack,but to use social networks to launch social engineering attacks to achieve the purpose of invading the intranet.Aiming at the problem that traditional attack graphs do not consider social network threats,this paper proposes a method of generating attack graphs that integrate social network threats based on knowledge graphs.The main research work and innovations of this article are as follows:(1)Collecting information about users,vulnerabilities,attacks,and defense measures in the built intranet environment and the Internet.Then designing a network security ontology model that integrates social network threats based on the collected data and the construction requirements of the attack graph.On this basis,construct a knowledge graph that integrates social network threats,and store it in the Neo4 j graph database.And by customizing the query rules,the query of the knowledge graph is realized.(2)A method of generating an attack graph fused with social network threats based on the knowledge graph is proposed.This Paper use custom query rules to retrieve the information used to construct the attack graph in the knowledge graph,and use the breadth-first search algorithm to generate an attack graph that integrates social network threats.Through the analysis of the characteristics of the use of internal communication social accounts,three threat information that may exist in the local area network social network are listed,and the calculation method of the success probability of social network threats and exploits.(3)Experiments are conducted based on the laboratory's real network topology and real vulnerability information,and comparing and analyzing the generated attack graph of converged social network threats with traditional attack graphs.The experimental results show that this method can discover potential attack paths that use social network intrusions effectively.In the experimental environment,the number of effective attack paths of the attack graph fused with social network threats is 21 more than that of the traditional attack graph.By further comparing the attack success rate of the effective attack path with FTP server as the attack target,it is found that 60% of the attack paths that uses social network intrusion have a higher attack success rate than the path that simply exploits the vulnerability. |
PDF Full Text Request