Network security evaluation device based on attack graph adjacent matrix

Abstract

The invention provides a network security evaluation device based on an attack graph adjacent matrix. The network security evaluation device comprises an information collection device, an atom attack graph generation device, a matrix calculation device, a network safety analyzing device and a result appearing device, wherein the information collection device is used for collecting all information in a network; the atom attack graph generation device is used for generating an initial atom attack graph between a main engine pair needed for carrying out subsequent analysis on network safety; the matrix calculation device is used for converting the generated atom attack graph into the corresponding adjacent matrix and is also used for calculating a corresponding iteration matrix of the adjacent matrix through setting iteration times; the network safety analyzing device is used for obtaining information including a key main engine, a key path and the like on the basis of the finally-generated iteration matrix; the result appearing device is used for visually appearing the found key main engine and key path and a network vulnerability index. The network security evaluation device disclosed by the invention is high in efficiency and is suitable for large-scale and high-speed networks. The network security evaluation device can improve the instantaneity of evaluating a target network. The evaluation accuracy rate is high, and the key path and the key main engine can be accurately recognized. The visualization degree is high so that the network security evaluation device is convenient for a manager to check, analyze and maintain.

Description

technical field [0001] A network security assessment device based on an attack graph adjacency matrix proposed by the invention belongs to the technical field of computer network security. Background technique [0002] With the promotion of informatization, the number of Internet users in our country continues to rise. According to the 31st Statistical Report on Internet Development in China released by China Internet Network Information Center (CNNIC) in January 2013, by the end of December 2012, my country had 564 million Internet users, an increase compared with the statistics at the end of June 2012. 26 million people; the Internet penetration rate has reached 42.1%, an increase of 3.8 percentage points compared with the end of 2011. Industrialization and network technology are constantly updated and improved. Computer networks have penetrated into all aspects of our work, life and study, bringing great convenience to our daily life. For example, we can use the Internet ...

AI Technical Summary

Problems solved by technology

[0015] This patent uses each node to store the top K attack paths with the highest cumulative probability, mainly to solve the problem in the network security assessment algorithm based on the access level vector: only the path with the highest probability of generating an attack on each node of the network can be identified but cannot generate an attack The top K attack paths with the highest probability of network nodes

The patent does not identify important information such as critical paths and critical hosts

Images