Method and system for detecting network security

A security and network technology, applied in the field of network security, which can solve the problems of inaccurate results, incomplete model description, and failure to consider the human behavior of network attacks, and achieves enhanced description capabilities, a wide range of applications, and high accuracy. Effect

Active Publication Date: 2012-04-11
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF3 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, there are many problems in the actual application of this model-based network security analysis method: (1) When conducting security modeling and analysis, it does not take into account that network attacks are a kind of man-made behavior, driven by different interests. Various game processes are generated, which makes the description of the model incomplete; (2) The modeling process is based on the vulnerability of the network equipment itself, and does not discuss the correlation of vulnerabilities between different network equipment, which makes the analysis results inconsistent. Accurate; (3) The security analysis work is basically based on the existing attack behaviors, and lacks effective prediction of unknown threat attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting network security
  • Method and system for detecting network security
  • Method and system for detecting network security

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment

[0039] Specific examples are as follows.

[0040] Algorithm 1 - attack graph generation algorithm, such as figure 2 shown.

[0041] Step S101, first generate an attack graph describing the attack relationship, add the initial device name and authority to the network device queue, and generate an initial state node at the same time.

[0042] Step S102, start from the initial state node, take a device and its authority in the network device queue, and generate a new connected device queue.

[0043] Step S103, query the device connection relationship according to the current device name, obtain all connected device names of the device and add them to the connected device queue, and add the connected device names not in the network device queue to the network device queue.

[0044] Step S104, taking a connected device from the connected device queue to generate a new device vulnerability queue.

[0045] Step S105, take a vulnerability from the device vulnerability queue, query...

specific Embodiment approach 1

[0208] In the first specific embodiment, the network security detection module 500 is further used to

[0209] Calculate the steady-state parameters of the attack-defense game strategy model, the steady-state parameters are the selection of the attack path, and generate a set of attack target locations;

[0210] For the attack-defense game strategy model, for the stochastic Petri net model, there is an arc (p i ,t)(t,p i+1 ), and the loopholes between devices cannot be exploited, then delete the arc (p i ,t)(t,p i+1 ), otherwise, remain unchanged; traverse all transitions, and delete isolated transitions; attack behavior a according to the transitions given in the attack information i The relationship with the current position determines whether there is an attack relationship. If the attack behavior can act on position p, and the set of previous attack target positions of position p is not empty, then add the mark a to all transitions in the set of previous attack target p...

specific Embodiment approach 2

[0220] In the second specific embodiment, the network security detection module 500 is further used to

[0221] Calculate the average number of signs m in each position in the steady state of the attack-defense game strategy model i ;

[0222] Establish the node set {IPi} that appears in the possible attack path, and mark the same node {IPi(1,...,n j )};

[0223] Calculate the vulnerability weight σ according to the following formula i And sort the network nodes according to the vulnerability weight;

[0224] σ i = Σ j = 1 n j m i j

[0225] Among them, IPi(1,...,n j ) means the nth j The node IPi under the path.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for detecting network security. The method comprises the following steps: 1) according to the initial state of equipment in a network, connection relationships among different pieces of equipment and the vulnerability information of the equipment, generating an attack graph comprising an attack node and a state node; 2) by aiming at a set target node, converting the attack graph into a stochastic Petri net model; 3) introducing the strategy and utility information of an attack behavior on the stochastic Petri net model, generating the stochastic game net model of an attack visual angle, and introducing the strategy and utility information of a defensive behavior on the stochastic Petri net model to generate the stochastic game net model of a defensive visual angle; 4) combining the stochastic game net model of the attack visual angle with the stochastic game net model of the defensive visual angle to generate an attack-defense game strategy model; and 5) detecting network security by the attack-defense game strategy model. According to the method and the system, the accuracy for detecting the network security can be improved.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and system for detecting network security. Background technique [0002] In recent years, a large number of "derivatives" of the information age, such as computer viruses, Trojan horses, worms, and hacker attacks, have continuously grown and spread, and have affected important national infrastructures such as finance, transportation, commerce, medical care, communications, and electric power with a high degree of informatization. Cause serious damage and become a new threat to national security. Much targeted work has been done to counter these new threats. [0003] For large-scale and complex cyberspace security issues, the most effective research method is to analyze network protocols, network behaviors, network performance, etc. in real cyberspace, obtain the most authentic and effective data, and apply research results to The most realistic scene. However, it is al...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L12/24H04L12/56H04L29/06
Inventor 王元卓李金明喻民林思明程学旗
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap