Network security domain knowledge graph construction method and device for dynamic threat analysis

Abstract

The invention belongs to the technical field of network security, and particularly relates to a network security domain knowledge graph construction method and device for dynamic threat analysis, andthe method comprises the steps: describing a threat transfer relation caused by a system vulnerability and a network service; constructing a network dynamic threat analysis knowledge graph model by utilizing graph theory knowledge; calculating a threat transfer probability by combining a general vulnerability evaluation standard and Bayesian; and generating a network threat knowledge map by utilizing association rules among threats, vulnerabilities and services, and carrying out loop resolution. According to the invention, network attacks, system vulnerabilities and business applications influence each other; the network threat transfer probability is analyzed in combination with the general vulnerability scoring standard and the Bayesian formula, the constructed knowledge graph is corrected, the threat transfer loop among multiple nodes is eliminated, the attack full view can be completely displayed, the network evidence obtaining efficiency is improved, and a basis is provided for threat clue discovery and traceability evidence obtaining.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a method and device for constructing a knowledge graph in the network security field for dynamic threat analysis. Background technique [0002] The inherent vulnerability of the network information system makes it inevitable to face the impact of external threats. To carry out effective analysis of external dynamic and changing threats, how to quantitatively analyze the threat transfer probability according to the time, importance, environment and other factors of network node vulnerabilities , which plays an important supporting role in the implementation of targeted defense decisions. [0003] At present, there are mainly the following methods for network dynamic threat analysis: (1) The network security analysis method based on the growth of the attacker's ability, by deducing the threat path and combining the threat transition probability to quantify netw...

AI Technical Summary

Problems solved by technology

[0003] At present, there are mainly the following methods for network dynamic threat analysis: (1) The network security analysis method based on the growth of the attacker's ability, by deducing the threat path and combining the threat transition probability to quantify network security, however, the existing attribute attack graph only describes The threat changes caused by system vulnerabilities are not described, and the threat transfer caused by the access relationship between network business applications is not described, which leads to deviations in the quantification of threat transfer probability; (2) the state attack graph method, which represents the vertex as the host, and Edges represent transitions between states. Due to the state space explosion problem in the state attack graph, it is difficult to apply to the threat risk analysis in a large-scale network environment; (3) the attribute attack graph method, which takes the security elements in the network as Independent attribute vertices. The same vulnerability on the same host only corresponds to one attribu

Images