Method for solving K maximum probability attack paths progressively

Abstract

The invention discloses a method for solving K maximum probability attack paths progressively. The method can output K maximum probability attack paths attacking each node in rounds step by step; in each round, each node has the opportunity to output the attack paths, so that the problem that a node corresponding to an attack path with a smaller vulnerability availability cumulative probability value is possible not be able to output one attack path for a long time is solved; the number of the attack paths outputted by the method can grow dynamically, and the specific value of the number K of the attach paths is not required to be given in advance, so that the balance problem between the attack path calculation real-time performance and the attack path solving number is solved. The method respectively establishes a plurality of available vulnerability information tables for each node in a network, performs visited and unvisited marking on each available vulnerability information table, and performs vulnerability selection and utilization in combination with specific information of each available vulnerability information table, so that the progressive solution and output of the K maximum probability attack paths is realized finally.

Description

technical field [0001] The invention relates to a network security analysis method, in particular to a method for progressively solving the K maximum probability attack path. Background technique [0002] Network security is very important to protect the security of enterprise information. Attackers can take advantage of the loopholes in multiple different nodes in the enterprise information system (the nodes include servers, routers, switches, firewalls, storage devices and personal computers, etc.), Through multi-step attacks, hackers can gradually increase access to the system, steal system confidential information or make the system unable to work normally. Therefore, analyzing the security of the enterprise information system and calculating the potential attack path in the system in advance can provide The next step of network security defense and vulnerability patching provides guidance, which has important practical significance and application value. [0003] In th...

AI Technical Summary

Problems solved by technology

[0003] In the prior art, for example, in the invention patent "A Network Security Analysis Method for Solving the K Maximum Probability Attack Graph" (CN 102724210 B, 2015.02.11, full text), Bi Kun et al. The method of the top K attack paths with the highest probability of each node. This method does not need to calculate and generate a complete attack graph, and can directly calculate the top K attack paths with the highest probability of attacking each node in the network. When K takes When the value gradually increases, the running time of the algorithm will increase accordingly. Since this method arranges the attack paths of all nodes in the network in descending order of the cumulative probability of vulnerability availability, the attack path with a smaller cumulative probability of vulnerability availability The corresponding node outputting the attack path is relatively late. In the worst case, when the value of K is large, the node corresponding to the attack path with a small vulnerability availability cumulative probability value may be out of order for a long time. It is impossible to output an attack path, and the node corresponding to the attack path with a larger cumulative probability of vulnerability availability may have output all the attack paths, so this method cannot guarantee the timeliness of each node outputting the attack path. The balance between K and real-time computing needs further consideration

On the other hand, this method must give the specific value of the parameter K in advance. After solving the first K attack paths with the highest probability of attacking each node, if you want to solve more attack paths, you must reset The specific value of the parameter K and the method will be re-executed, and further operations cannot be performed on the basis of the previous solution results. There is a problem of repeated calculations, which wastes computing resources and computing time.

Images