Method and device for evaluating system security based on correlation analysis

A technology of system security and correlation analysis, applied in the field of network security assessment, can solve problems such as rising network security costs and ignoring network risk sources, and achieve the effect of facilitating network security protection, efficient network security assessment, and improving work efficiency

Inactive Publication Date: 2015-02-11
CHANGSHU RES INSTITUE OF NANJING UNIV OF SCI & TECH
View PDF2 Cites 47 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Traditional vulnerability assessment tools only analyze the vulnerability itself in isolation, and the assessment of network security simply su

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for evaluating system security based on correlation analysis
  • Method and device for evaluating system security based on correlation analysis
  • Method and device for evaluating system security based on correlation analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] The system security assessment method based on correlation analysis is characterized in that it is carried out according to the following steps:

[0031] a. OVAL-based vulnerability detection collects network host configuration information and topology information;

[0032] b. Organize and analyze the collected network information, obtain network security elements, which constitute the initial state of the network, and put the initial state into the security state queue;

[0033] c. Collect network vulnerability information, analyze and establish conversion rules through the vulnerability information database, and convert vulnerability information into attack status queues;

[0034] d. The attack graph generation algorithm through the forward and backward search traverses the attack state node queue, and a complete network attack graph will be generated after the forward search, and the attack sequence and redundant sequence of the unreachable target state nodes in ...

Embodiment 2

[0038] On the basis of Embodiment 1, there are two establishment methods for the conversion rules established by the vulnerability information base in step c:

[0039] (1) Establish vulnerability rules based on prior knowledge by analyzing known attack methods;

[0040] (2) Using the privilege escalation method, analyze the vulnerability privilege escalation ability and establish the rules for exploiting the vulnerability.

Embodiment 3

[0042] On the basis of Embodiment 1, the attack graph generation algorithm of the forward and backward search in the described step d sets the maximum number of hops, and uses the forward search to perform a breadth-first search traversal from the initial state node. If the forward search extends the path If the maximum number of hops is exceeded, the target is considered unreachable and the attack sequence is abandoned; then the backward search algorithm is used to set the set of target state nodes concerned, and the backward search is performed sequentially to exclude the attack of the unreachable target state nodes in the attack graph Sequential and redundant sequences, simplifying the network attack graph as a specified target attack graph.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for evaluating system security based on correlation analysis. The method comprises the following steps of using an attack graph model to perform the correlation analysis on the network security condition, adopting an attack graph generation algorithm based on breadth-first search, introducing a PageRank calculation model to quantize the weights of state nodes of the attack graph, utilizing the difference of the weights to judge the critical attack nodes of the attack graph, utilizing a depth-first search algorithm to find the critical attack path in the attack graph, finally providing the network security amount based on the attack graph, quantizing the risk value of the critical attack path of the attack graph, and quantizing the security of the whole network.

Description

technical field [0001] The invention belongs to the field of network security assessment, and in particular relates to a system security assessment method and device based on correlation analysis. Background technique [0002] The security incidents that have occurred continuously in recent years are all caused by known network vulnerabilities. Hackers mostly use the characteristics of existing vulnerabilities to develop corresponding hacking tools to gradually infiltrate. Hackers use vulnerability scanning tools to detect target hosts with vulnerabilities in the target network, launch attacks on the vulnerabilities of the target hosts, obtain part of the permissions on the hosts after success, and start from the compromised hosts to other hosts through the network if the permissions and conditions permit. After the attack is successful, the authority is elevated, and the attack process is repeated many times, so as to enter the network and directly reach the target resource...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24H04L29/06
Inventor 戚湧李千目汪欢侍球干刘振侯君丁玲玲陈俊高双双李文娟刘敏
Owner CHANGSHU RES INSTITUE OF NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap