A Method of Network System Risk Measurement Based on Lie Group

Abstract

The invention discloses a risk measuring method for a network system based on the Lie group. The method can achieve the complete and objective measurement of the safety risk of the network system. Themethod comprises the steps: mapping the network system from a low-dimensional Euclidean space to a high-dimensional Riemannian manifold by using the Lie group changes, and transforming a network state index change value to a high dimension, thereby achieving the more subtle depiction of the state dynamic changes during a network attack, and the calling relationship between the devices is transformed into the distance between the corresponding points of the Riemannian manifold; and achieving the dynamic evaluation of the attack and defense process of the network system through a utility function of the adjacent nodes in a service calling path and the Riemann distances. The method gives complete and overall consideration to the usability, connectivity and reliability of the network system during index selection, is more complete for the risk evaluation, and achieves the more objective of the attack risks according to the dynamic changes of device indexes in an attack process.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a Lie group-based network system risk measurement method. Background technique [0002] In network system security assessment, the method of utility calculation can simulate the attack generation process, which has a good effect on network security assessment. The purpose of attack-defense utility calculation is to calculate whether the energy consumed by the attack and defense parties reaches a certain balance, so as to measure the security status of the network. The methods of network security assessment based on attack and defense mainly include game-based model, attack-defense graph model and complex network attack model. [0003] Most of the methods based on attack-defense confrontation game have the problem of state explosion. For a network with a large number of nodes, there are many factors that affect security, which will cause the model to be too large and in...

AI Technical Summary

Problems solved by technology

The advantage of this method is that it describes the complex characteristics of the network system and conducts offensive and defensive modeling to obtain the overall safety factor. The disadvantage is that it only describes the connectivity characteristics of the network and does not measure the overall network system from other perspectives. It is one-sided and only can give a vague result

Cai Zhiqiang et al. described a network assessment method using the AHP in the patent "A Bayesian Network Assessment Method for Information Security Based on the Analytic Hierarchy Process" (public number: CN201410267853), but it needs to set many parameters, and there are too many human factors , the evaluation is less objective

Images