A Progressive Calculation Method of K-Maximum Probability Attack Paths for a Specified Target Node Set

Abstract

The invention discloses a progressive solving method for a K maximum probability attack path of a specified target node set. After a target node set is specified, the K maximum probability attack pathof each target node in an attack target node set can be solved according to the rounds by using the method, each target node can separately set different K values, and in each round, each target nodehas the opportunity to calculate and output the attack path. According to the method, access tags of corresponding available vulnerability information tables of each node are set in a calculation process, vulnerabilities are only selected and used from all available vulnerability information tables of which the access tags are 'non-accessed', the target nodes are tagged, and the access tags of the corresponding available vulnerability information tables can be reset after all the target nodes in a node set to be solved are tagged, and thus the purpose of outputting the attack paths accordingto the rounds can be achieved; and according to the method, the calculation amount in an attack path solving process can be effectively reduced.

Description

technical field [0001] The invention relates to a network security analysis method, in particular to a progressive solution method for the K maximum probability attack path of a designated target node set. Background technique [0002] Network security is an important concern of enterprises. Given a network system, analyzing potential attack paths inside the system is very valuable for understanding the security status of a network. Nodes in a network system include network devices such as servers, computers, firewalls, routers, and switches. There are usually key nodes in the network system. The key nodes run the core services of the enterprise or store confidential data. They are important targets for attackers to attack. Administrators are particularly concerned about the security status of such target nodes. For target nodes that cannot be directly attacked in the network, attackers will find and exploit vulnerabilities on multiple intermediate nodes in the network, gra...

AI Technical Summary

Problems solved by technology

[0003] In the prior art, such as Bi Kun et al. in the invention patent "A Method for Gradually Solving the K-Maximum Probability Attack Path" (CN 107135221 A, 2017.09.05, hereinafter referred to as patent 1), proposed a progressive A method for solving the top K attack paths with the highest probability of attacking each node in the network. This method realizes the round-by-round output of each node’s attack path by setting the access flag of the available vulnerability information table. In each round In this process, each node has the opportunity to output an attack path, which solves the problem that the node corresponding to the attack path with a small cumulative probability value of vulnerability availability may not be able to output an attack path for a long time. This method can also The K maximum probability attack path of each target node in the attack target node set is output in rounds, but this method is to calculate the K maximum probability attack path for each node in the network, and the nodes in the target node set When the number of nodes is less than the total number of network nodes, this method will still calculate the K maximum probability attack path for each node that is not in the target node set, which adds a lot of unnecessary calculations, thereby increasing the calculation time. It affects the real-time performance of the attack path output, and the problem will be more serious when the number of target nodes is far less than the total number of network nodes; on the other hand, this method is to output the attack path of attacking each node in rounds , the value K of the number of attack paths output by each node is uniform. If it is necessary to solve different numbers of attack paths for each target node, set according to the maximum value of the number of attack paths that all target nodes need to solve. The value of K wastes computing resources and increases computing time

[0004] In the prior art, for example, Bi Kun et al. proposed a method for solving The method of the top K attack paths with the highest probability of attacking each node in the network. This method can directly calculate the top K attack paths with the highest probability of attacking each node in the network without calculating and generating a complete attack graph. However, this method also calculates the K maximum probability attack path for each node in the network, and cannot effectively reduce the amount of calculation by using the information of the specified target node set, nor can it realize the output of the attack path in rounds

Images