Research And Implementation Of Network Security Measurement Technology Based On Attack Path Threat Analysis

Network security measurement is an objective analysis of the security elements in the network,giving a comprehensive description of the security of the network system,thereby guiding the network reinforcement as an active defense method,which can effectively improve the security of the system.Network security measurement based on attack graphs is a relatively mature measurement method,but the measurement methods based on the shortest attack path and the number of attack paths that have been proposed by scholars in related fields cannot clearly describe the specific attack work carried out by the attacker.Therefore,it is difficult to guide targeted defense work.Although the measurement method based on Bayesian attack graph can clearly describe the attack process,it is not suitable for real-time measurement due to its high complexity.In response to the above problems,this thesis proposes a network security measurement technology based on attack path threat analysis,which quantitatively measures network system security based on attack graph technology and ant colony algorithm.The technology first uses network modeling methods and vulnerability knowledge bases to automatically generate network attack graphs.The heuristic factors and pheromone update rules in the classic ant colony algorithm model are improved to adapt them to the attack path optimization scenario.Using the improved ant colony algorithm,based on the pre-defined set of potential attack target nodes,look for the minimum attack cost and optimal attack path corresponding to the attack target node in attack graph.Finally,according to the minimum attack cost set and the attack value of each potential attack target node,the threat level of the target network is quantitatively calculated,and the network administrator can find the existence of the network in time Threat.Based on the proposed network security measurement method,this paper designs and implements a network security measurement system,which includes an attack graph automatic generation and update module,a network attack path optimization module and a network security measurement module.Finally,the simulation network was used to test the functions of the various modules of the system,which confirmed the correctness and effectiveness of the network attack path threat measurement system.Compared with the innovation of existing related technologies,the security measurement technology proposed in this paper can be summarized as the following two points.First,this article innovatively uses Text-CNN text classification technology to construct and automatically update the vulnerability knowledge base in the measurement system,so that it can keep up with the latest disclosed network vulnerabilities and improve the accuracy of the measurement method.Second,this article uses the improved MMAS ant colony algorithm to optimize the attack path,which can effectively shorten the algorithm execution time when comparing to Bayesian attack graph and other path optimization techniques,making the measurement technology proposed in this article suitable for real-time measurement.