Research Of Network Security Situation Based On Vulnerability State Analysis Perception

In recent years,the proliferation of network and computer applications has led to an increase in the number of network users,resulting in a higher proportion of security information and important assets on the network.As a result,risks and threats to the network have become more severe.In this context,network security situational awareness technology has become an important means to understand the network situation and protect network security.Network security situational awareness provides multi-level and multi-angle insight into security risks and breaks the situation where traditional security technologies work separately.Accurately assessing the overall network environment,predicting attack behavior,and responding promptly using situational awareness is key to ensuring network security.This thesis aims to explore the importance of network security situational awareness and its role in ensuring network security and to provide insights into the current state of network security situational awareness technology.Existing research on network security posture mainly focuses on using network traffic information to build models for assessing and predicting overall network security situations.However,the root cause of threat traffic and attack methods lies in the vulnerabilities in the network that attackers exploit.Therefore,the existence and exploitation of vulnerabilities pose a significant threat to network security,and the state change of vulnerabilities also affects the network security posture.In this context,this thesis proposes a network security situational awareness method based on the state of vulnerabilities.This method provides a point-to-point,multi-level,and all-round network security assessment,taking into account the vulnerabilities that attackers can exploit.The thesis addresses the following research content:(1)This thesis presents a novel vulnerability assessment method based on the absorbing Markov chain model.The proposed method improves upon the existing Common Vulnerability Scoring System(CVSS)by considering multiple factors in vulnerability assessment,including exploitability and influence.It enhances the evaluation index of vulnerabilities by calculating their exploitability and influence scores.The method then uses graph theory combined with the absorbing Markov chain approach to evaluate individual vulnerability nodes and derive their threat levels.By integrating dynamic and static assessment indicators,the method can accurately assess vulnerability hazards and help security protection personnel better understand the vulnerability situation.(2)This thesis proposed a network asset evaluation method based on the AHP-entropy weight-game combination assignment approach,which addresses the issue of varying relative importance of network asset indicators in different environments.First,we determine the subjective and objective weights of network asset importance indicators using the AHP method and entropy weight method to obtain the relative weights of different indicators.Next,we use the game combination assignment method to combine the subjective and objective weights to obtain the comprehensive weights,and then calculate the score value of each network asset based on the net asset evaluation indicators.The proposed method employs objective weight assignments of assessment indexes,which reduces the influence of subjective factors and enhances the accuracy and reliability of the assessment results.This method provides robust support for subsequent network security situational awareness assessments.(3)This thesis proposed a new network security posture assessment model is proposed based on the maximum possible attack path.The model starts from vulnerabilities and assesses the threat value of individual vulnerability nodes by using a vulnerability assessment method based on the absorbing Markov chain model.Network assets are evaluated by a method based on AHP-entropy weight-game combination assignment,which objectively and reasonably assigns weights to the assessment indexes of network assets.The model then combines the attack paths of the state transfer diagram,the paths on the vulnerability node threat value,and the net asset score to evaluate each attack path in the network.The maximum possible attack path,which has the highest posture value,is found to judge the network security posture,and the network security posture evaluation results are displayed through visualization.The proposed model can provide multi-level and multi-angle insight into security risks and can accurately assess vulnerability hazards and network security posture,which helps security personnel to better grasp the network situation and protect network security.The proposed network security situational awareness method based on vulnerability state transfer provides a comprehensive view of the network situation,aiding security personnel in gaining detailed insights into the network’s security status and making informed judgments for network protection.This approach is crucial for maintaining network security and ensuring protection against threats.