Network attack target identification method and network attack target identification system based on attack graph

Abstract

The invention belongs to the technical field of network security, and particularly relates to a network attack target identification method and a network attack target identification system based on an attack graph, wherein the method comprises the following steps: modeling for a state migration process of an attacker in a network, acquiring a network attack graph model and all possible attack paths, and generating a network attack graph; mapping the network attack graph to a Markov chain, and constructing a state transition probability matrix which absorbs the Markov chain; and in combinationwith the state transition probability matrix, acquiring an expectancy for success probability matrix of attack intention of the attacker; through the expectancy for success probability matrix, finding out a state node corresponding to the maximum probability value, and completing attack target identification. With the method and the system provided by the invention, an average probability value of realizing different intentions of the attacker can be evaluated more objectively and accurately, a problem that the conventional method is limited by ideal cumulative probability when evaluating probability of occurrence of attacks is solved, computation complexity is low, operations are simple and convention to execute, and more reliable guidance is provided for assisting a security administrator to make a decision and improving network security performance.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a network attack target identification method and system based on an attack graph. Background technique [0002] As an important part of network security situation awareness, attack target identification can judge the real purpose of the intruder and predict the follow-up behavior of the intruder, which is the premise and basis for threat analysis and decision-making response, and has become the focus of network security administrators. The alarm data is fused and correlated, the probability of the attack intention is calculated, the network security situation information is quantified, and the probability of the attack intention can be reduced through further protective measures or intrusion response, so that the network state can be migrated to a safe direction. However, as the scale of the network continues to increase and the network structure is complex ...

AI Technical Summary

Problems solved by technology

In fact, because the attacker is not familiar with the network structure, the attacker often chooses the most likely attack target as the intrusion intention, and there may be repeated state transition behaviors in the actual attack scenario, resulting in a directed and cyclic attack graph, leading to ideal The realization probability of the attack intention in the scene is often smaller than the actual value, and it is difficult to accurately reflect the behavior intention of the attacker in the real world. How to ensure the accuracy and effectiveness of the intention evaluation, propose a reliable network attack target identification method, and objectively evaluate different attack intentions The probability of success, identifying the most likely attack target, and sorting the threat level of the target has become an urgent technical problem to be solved.

Images