Network attack graph generation method and device and electronic equipment
A network attack and network connection technology, applied in the field of network attack graph generation method, device and electronic equipment, can solve the problems of computing node explosion, computing time consumption, no computing cost, etc., to achieve fast network attack graph, fast generation. Effect
Active Publication Date: 2020-03-06
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF4 Cites 8 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] Existing methods for generating attack graphs traverse the breadth of the tree structure of network asset nodes, covering some assets that are not connected to the asset of interest, resulting in unnecessary calculation costs; and the premise of generating an attack graph is to perform a maximum Setting of attack depth and setting of maximum attack cost threshold
When the maximum attack depth is set too small, the result of the generated attack graph has certain omissions; when the maximum attack depth is set too large, it will cause unnecessary consumption of computing time and excessive overhead of storage resources in the process of generating the attack graph And there are problems such as computing node explosion
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0029] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.
[0030]It should be clear that the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.
[0031] In the first aspect, this embodiment provides a method for generating a network attack graph, which can generate the network attack graph relatively quickly.
[0032] figure 1 It is a flowchart of a method for generating a network attack graph according to an embodiment of the present invention, such as figure 1 shown.
[0033] The method of this embodiment may include:
[0034] Step 101, determine the target assets that need to be protected in the target network environment.
[0035] In this embodiment, th...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The embodiment of the invention discloses a network attack graph generation method and device and electronic equipment, relates to the field of network information security, and can quickly generate anetwork attack graph. The network attack graph generation method comprises the steps of determining each associated asset node of a target asset in a target network environment; determining vulnerabilities existing in each associated asset node; determining whether there is a logical relationship between vulnerabilities of associated asset nodes with a direct network connection relationship; if so, performing logic association on the vulnerabilities with the logic relationship, and establishing a vulnerability logic relationship between the associated asset nodes; and establishing a network attack graph based on the target network environment and taking the target asset as an attack target according to the vulnerability logic relationship between the associated asset nodes. The device andthe electronic equipment comprise a module for executing the method. The method and device are suitable for generating the network attack graph.
Description
technical field [0001] The invention relates to the field of network information security, in particular to a method, device and electronic equipment for generating a network attack graph. Background technique [0002] With the widespread application of computer networks and the frequent occurrence of security incidents, network security has become an increasingly prominent problem. An effective way to solve network security problems is to evaluate and analyze network security. Most of the existing network asset vulnerability analysis methods traverse all assets in the network where the asset of interest is located, and then obtain the assets connected to the asset of interest, and then extract the assets from the acquired asset information. Assets that have vulnerability associations. [0003] Existing methods for generating attack graphs traverse the breadth of the tree structure of network asset nodes, covering some assets that are not connected to the asset of interest...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433
Inventor 袁广宇孙可人孙晋超肖新光
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD