Research And Application Of Cyber Attack Prediction Based On Attack Graph

The convenience of the Internet has not only enabled high-speed development of enterprises,but also made the structure of corporate networks increasingly complex and large,which has lowered the threshold for malicious attacks.The complexity of network attacks increases the difficulty of attack prediction.It is difficult for traditional network protection methods to provide effective network protection opinions for network systems.It is particularly important to use new methods to predict network attacks and provide system administrators with corresponding protection strategies.Research results are as follows:Firstly,the existed network security situation prediction algorithms do not consider the coupling between the network security situation and network topology.The network security situation prediction algorithm based on structural features was proposed to solve this problem.For the impact of different attacks on the topological structure,an attack graph model was introduced to describe the correlation between vulnerability nodes of the system.The state of each node was coded,and the state transition of the system was described implicitly by observing the state change of the node.Based on this,the structural state features with significant differentiation were designed and combined with time series to form the multi-dimensional features.There is continuity in the change of topological state characteristics of the network,therefore the equilibrium hybrid kernel function based on the topological state characteristics was proposed for the problem that support vector machine can not comprehensively measure the locality and globality when training topology status data.In the process of optimizing model parameters by particle swarm optimization algorithm,master-slave multi-svm was used to process the fusion data,and the difference between the real network topology structure state and the predicted structure state was dynamically calculated through the fusion of multiple distance measurement indicators.Secondly,the failure of the moving target defence model defense measures would be caused by the existence of internal users with certain authority.Dynamic trilateral game model was proposed to extend the original two-part game model.By materializing internal threats,the uncertainty of the twopart game model was eliminated,which was expressed as the probability equation used by the players in the observation state process.And the relationship between the offensive and defensive sides became indirect.The user strategy,based on mixed strategy game model,was proposed to increase the coupling between stealth attack and internal threats.The income matrix was dynamically constructed to measure the behavioral outcomes of users and attackers.User behavioral references were obtained through dynamic programming.For the defender,the heuristic strategy in the model reduces the complexity of the behavior of the parties through random sampling.The experimental results showed that,the cyber security risks were reduced by 17.9% and 18.8% respectively on the strong structural attack graph and the weak structural attack graph.Finally,the dynamic trilateral game model was applied to design and implementation of the protection strategy generation system,including overall design,module design,key technology implementation,etc.Information collected through the campus network firewall and the attack graph is constructed based on the correlation of the vulnerable nodes through analysis.Predict network security status by analyzed alert information.Corresponding defense strategies are generated through the dynamic trilateral game model to verify the effectiveness of the research in this paper.