Method and system for generating network attack graph

Abstract

The present invention provides a method and system for generating a network attack graph. The method includes: generating a plurality of subtasks according to a subnet reachable relationship of a power information network; allocating the plurality of subtasks to multiple processors for processing, and generating a plurality of sub attack graphs; according to the plurality of sub attack graphs, theinitial authority of an actual attacker, and the authority of the actual attacker obtained during an attack process, determining tenable authority premise attack paths in the sub attack graphs; and constituting the network attack graph by all attack paths. Compared with the prior art, the method can express all reachable network states and their corresponding attack paths, decomposes an attack graph generation process into the plurality of subtasks by distributed processing technology, improves attack graph generation efficiency, reduces attack graph redundancy information, reduces system resource consumption when the attack graph is generated, and can be used for evaluating the overall security of a large-scale complex network system.

Description

technical field [0001] The invention belongs to the field of power system network security, and in particular relates to a method and system for generating a network attack graph. Background technique [0002] Since the network is composed of a large number of hosts connected to each other, in network security analysis, there are certain limitations in analyzing the vulnerability of a host in isolation. Only by analyzing the vulnerabilities in the network together can we better discover Potential attacks that may exist on the network. The attack graph technology can correlate the vulnerabilities of each host in the network for in-depth analysis, so as to obtain potential security threats in the network, and display the attack paths that threaten network security in a graph, so that security managers can Intuitively grasp the relationship between the vulnerability of the network. By analyzing all attack paths in the attack graph, security managers can choose the method with...

AI Technical Summary

Problems solved by technology

[0003] At present, a variety of attack graph construction methods have emerged. Through the summary and analysis of the existing methods, it is found that there are two deficiencies in the following two aspects when using the existing methods to construct the attack graph: First, in practical applications, network security managers not only It is necessary to know from which paths the attacker may intrude into the target host, and which hosts in the network the attacker can intrude, but most of the existing attack graph construction methods can only be used to analyze the security of a single attack target

Second, the attack graph construction process has problems such as high complexity, low scalability, and state explosion, which lead to a large consumption of system resources when generating the attack graph, making it difficult to apply to large-scale complex network systems

Images