Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for constructing network security domain knowledge map for dynamic threat analysis

A network security and domain knowledge technology, applied in the network security of dynamic threat analysis, network security field, can solve the problem that it is difficult to apply threat risk analysis, affect the accuracy of threat path and probability measurement, and not describe the transfer of network business application threats, etc. question

Active Publication Date: 2021-05-14
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU +1
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, there are mainly the following methods for network dynamic threat analysis: (1) The network security analysis method based on the growth of the attacker's ability, by deducing the threat path and combining the threat transition probability to quantify network security, however, the existing attribute attack graph only describes The threat changes caused by system vulnerabilities are not described, and the threat transfer caused by the access relationship between network business applications is not described, which leads to deviations in the quantification of threat transfer probability; (2) the state attack graph method, which represents the vertex as the host, and Edges represent transitions between states. Due to the state space explosion problem in the state attack graph, it is difficult to apply to the threat risk analysis in a large-scale network environment; (3) the attribute attack graph method, which takes the security elements in the network as Independent attribute vertices. The same vulnerability on the same host only corresponds to one attribute vertex in the graph. Directed edges represent the relationship between nodes. Relative state attack graphs can overcome the problem of state space explosion. However, currently generated attack graphs generally have threats Delivery loop issues, affecting the accuracy of threat paths and probability metrics
Knowledge Graph has received widespread attention due to its superior visualization effects. In the field of natural language processing, the construction technology and application of knowledge graphs are very mature, but in the field of network security, there is no high-quality large-scale open knowledge graph.
How to use the knowledge map to analyze threat dynamics has not yet emerged a mature application method. Combined with the real network environment to generate a threat pattern library, describe the threat transfer caused by the access relationship between network business applications, and accurately measure the threat transfer probability between nodes, it has become Technical problems to be solved urgently in the construction of network threat knowledge graph

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for constructing network security domain knowledge map for dynamic threat analysis
  • Method and device for constructing network security domain knowledge map for dynamic threat analysis
  • Method and device for constructing network security domain knowledge map for dynamic threat analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions. The technical term involved in the embodiment is as follows:

[0031] Knowledge graph, also known as scientific knowledge graph, is called knowledge domain visualization or knowledge domain mapping map in the library and information industry. Resources and their carriers, mining, analyzing, constructing, mapping and displaying knowledge and their interconnections. By combining the theories and methods of applied mathematics, graphics, information visualization technology, information science and other disciplines with metrology citation analysis, co-occurrence analysis and other methods, and using visual maps to vividly display the core structure, development history, and frontiers of disciplines The modern theory that...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network security, and in particular relates to a method and device for constructing a knowledge graph in the network security field for dynamic threat analysis. Dynamic threat analysis knowledge map model; combined with general vulnerability evaluation criteria and Bayesian calculation of threat transition probability; using association rules between threats, vulnerabilities, and services to generate network threat knowledge maps, and resolve loops. Based on the mutual influence relationship between network attacks, system vulnerabilities and business applications, combined with the general vulnerability scoring standard and Bayesian formula to analyze the transfer probability of network threats, the invention corrects the construction of knowledge graphs and eliminates the threat transmission loop between multiple nodes. It can completely display the whole picture of the attack, improve the efficiency of network forensics, and provide a basis for threat clue discovery and traceability and evidence collection.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a method and device for constructing a knowledge graph in the network security field for dynamic threat analysis. Background technique [0002] The inherent vulnerability of the network information system makes it inevitable to face the impact of external threats. To carry out effective analysis of external dynamic and changing threats, how to quantitatively analyze the threat transfer probability according to the time, importance, environment and other factors of network node vulnerabilities , which plays an important supporting role in the implementation of targeted defense decisions. [0003] At present, there are mainly the following methods for network dynamic threat analysis: (1) The network security analysis method based on the growth of the attacker's ability, by deducing the threat path and combining the threat transition probability to quantify netw...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/145H04L63/1441
Inventor 胡浩张玉臣冷强李杰刘玉岭赵昌军鲍旭华王恺王佳宁谢鹏程
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU