Attack-oriented network security situation prediction method, device and system
A technology of network security and prediction method, applied in the field of network security, can solve the problems of lack of dynamic correlation, weak prediction of emergencies, and many unpredictable factors, and achieve high prediction efficiency, optimize storage scale and timeliness
Active Publication Date: 2021-01-26
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF7 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
The current mainstream network security situation prediction methods are generally divided into the following three types: 1) Method based on time-space sequence analysis. The assumption of this method is that the change of security situation value has regularity and periodicity. The analysis of the security situation value, so as to realize the prediction of the network security trend, this method does not analyze the changes of the network security situation elements and the interaction between the dynamic security situation elements, so the mode is fixed, and the prediction of emergencies is not strong
2) A method based on game theory. In the offensive and defensive confrontation environment, this method uses game theory to dynamically select the optimal strategy selection for the attacker and the defender, and comprehensively analyzes the changes in the attacker, defender, and network environment information. The selection of elements is relatively comprehensive, and the application of game theory in the military field is relatively mature, but in the network environment, there are strong suddenness and too many unpredictable factors, so it is difficult to establish a game theory model for network attack and defense; and this method can only be used for Short-term forecasts of security trends, unable to give long-term forecasts of network situation
However, this method only considers the information of the attacker and the network environment, and the attack graph established by it is a static attack graph, ignoring the impact of the defender's strategy choice on the future security situation of the network.
In summary, there are some problems that need to be solved urgently in the existing methods: 1) Lack of dynamic correlation between the defender, the attacker and the environmental information and other situational elements
Existing methods are all predictions of the network for a period of time in the future, and the prediction is the next stage, which is ambiguous in time and lacks the quantitative prediction of the successful intrusion time of the attack
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0054] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions. The technical term involved in the embodiment is as follows:
[0055] In the existing network security situation prediction, attack threats and network vulnerabilities are mainly used as the prediction factors. Due to the single prediction factor, it cannot meet the needs of managers to grasp the overall security of the network. Large, the model is immature, the prediction time period is relatively vague, and there is a lack of quantitative prediction of the successful attack time. In view of this, the embodiment of the present invention provides an attack-oriented network security situation prediction method, see figure 1 shown, including:
[0056] S101. Detect and collect alarm data and network environment operation...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more PUM
Login to view more Abstract
The invention belongs to the technical field of network security and particularly relates to an attack-oriented network security situation prediction method, device and system. The method comprises the following steps: detecting and collecting alarm data and network environment operation and maintenance information in a network countermeasure environment, obtaining an element set required by network security situation prediction, wherein the element set comprises three types of information of an attacker, a defense party and a network environment; evaluating the attacker capability and the level of the defense party, establishing a dynamic Bayesian attack graph, and calculating an attack phase number and an attack state occurrence probability vector; and combining a vulnerability scoring standard and network asset information, and performing time-space dimension quantification on the network security situation value. According to the method, dynamic association of the situation elements of the defense party, the attacker, the environment information and the like is achieved, the actual environment of the network is better conformed to, the future situation and the attack occurrencetime can be accurately predicted, higher prediction efficiency is achieved, and storage scale and timeliness of network security situation awareness are optimized, so as to provide more effective guidance for network protection.
Description
technical field [0001] The invention belongs to the technical field of network security, and in particular relates to an attack-oriented network security situation prediction method, device and system. Background technique [0002] With the continuous expansion of the network scale, the combination of traditional industries and the Internet has become more and more extensive, and people's lives have been highly dependent on the network. The current network security environment is not optimistic, network attacks are becoming more and more frequent, and the threats and losses caused are also increasing. Therefore, knowing, understanding and predicting the security status and development trend of the network in a complex and changeable network environment will help managers grasp the security status of the network in a timely manner, and prevent possible future threats in advance to reduce attacks. hazards to the network. Network security situation prediction is an important ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more Application Information
Patent Timeline
Login to view more Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24H04L12/26
CPCH04L9/0656H04L41/142H04L41/147H04L43/045H04L63/0245H04L63/1416H04L63/1433H04L63/20
Inventor 张玉臣胡浩邱辉张红旗汪永伟范钰丹何淼汪涛
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
- R&D Engineer
- R&D Manager
- IP Professional
Why Eureka
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Social media
Try Eureka
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap