Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network security analytical method for solving K maximum probability attack graph

A technology of network security analysis and maximum probability, which is applied in the field of network security analysis for solving the K maximum probability attack graph. The problem of monotonous non-increasing multiplication

Active Publication Date: 2015-02-11
SHANGHAI MARITIME UNIVERSITY
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method can be used to calculate the multi-step cascade attack existing in the network, but there are certain problems in this method: 1. The attack graph constructed by this method contains all the multi-step cascade attack paths existing in the network. When the number of network nodes such as hosts, servers, and routers is large, the generated attack graph contains a large number of attack paths. On the one hand, the attack graph becomes complicated and difficult to understand; 2. The attack graph generated by this method does not consider the difficulty of attacking each vulnerability. This method can give the attack steps of attacking each network node, but cannot directly calculate the success probability value of attacking each node
[0004] In the prior art, people such as Li Kai published "Network Security Evaluation Algorithm Based on Access Level Vectors" ("The Ninth Youth Computer Scientists" on "Proceedings of the 9th International Conference for Young Computer Scientists" 2008, 1538-1544 pages) Scientific Conference Proceedings, Network Security Assessment Algorithm Based on Access Level Vector), considering the difference in the availability probability value of each vulnerability in the system, and using the characteristic that the probability product is monotonically non-increasing, a method that can calculate the access level to each node in the network is proposed. The maximum probability attack path method, which can calculate the maximum probability attack path for each node without generating a complete attack graph, but this method still has certain problems: this method can only generate attack paths for each network node The maximum probability attack path, and the network security administrator usually needs to know the top K attack paths with the highest probability of attacking each network node (K is a positive integer variable, which can be customized by the administrator according to needs. When K=1, is the maximum probability attack path), by solving the K maximum probability attack path, we can better understand and analyze the security vulnerabilities existing in the system, evaluate the security situation of the system, and provide reference for system vulnerability repair

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security analytical method for solving K maximum probability attack graph
  • Network security analytical method for solving K maximum probability attack graph
  • Network security analytical method for solving K maximum probability attack graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] In order to make the technical means, creative features and objectives of the present invention easy to understand, the present invention will be further elaborated below in conjunction with specific examples

[0041] The network topology diagram of the present invention is as figure 2 As shown, node A represents the attacker, node B, node C, node D, node E and node F represent nodes in a given computer network system, and A can access node B, node C Like node D, the connection lines between node B, node C, node D, node E and node F represent the connection relationship between nodes.

[0042] The access relationship between each node in the present invention is as follows: image 3 As shown, starting from the second line, each line represents the set of nodes that a node can access, "√" means that it can be directly accessed, and "X" means that it cannot be directly accessed. The attacker itself, node B, node C and node D, but cannot access node E and node F. The a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention disclose a network security analytical method for solving a K maximum probability attack graph. The method specially includes: step (1) typing in system information and inputting the value of a parameter K; step (2) initializing a system; step (3) counting nodes which can be attacked by an attacker currently; step (4) judging whether a loophole table is empty, entering the step (5) if the loophole table is empty, taking out head-of-line nodes of an available loophole table otherwise for loophole using, judging whether the number of existing attack paths of the nodes is smaller than K, updating loophole using information and the position of the attacker and entering the step (3) for executing if the number of existing attack paths of the nodes is smaller than K, and entering the beginning position of the step (4) for continuing executing otherwise; and step (5) generating front K paths with the maximum probability of all attack nodes and finishing operation. By storing and accumulating the front K attack paths with the maximum probability at the nodes, the problem of the front K attack paths with the maximum probability at the attack nodes is solved.

Description

technical field [0001] The invention relates to a network security analysis method, in particular to a network security analysis method for solving a K maximum probability attack graph. Background technique [0002] Network security is one of the key concerns of companies providing network services. Hacking incidents are on the rise. Service interruption or data leakage caused by hacking attacks has brought immeasurable losses to both enterprises and individual users. At present, stand-alone security scanning technology and network security scanning technology are relatively mature, which can find security vulnerabilities on a given computer and provide vulnerability repair patches. However, these security scanning tools lack the security correlation between various vulnerabilities in the system. The current attack method of hackers has developed from a single-step attack using a single system vulnerability to a multi-step cascading attack that gradually uses multiple system...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 毕坤韩德志
Owner SHANGHAI MARITIME UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com