Node vulnerability estimation method and system based on heterogeneous information network

Abstract

The invention discloses a node vulnerability estimation method based on a heterogeneous information network. The node vulnerability estimation method comprises the following steps: step 1, constructing the heterogeneous information network; 2, setting a virtual host with a known vulnerability value; 3, obtaining an adjacent matrix of the network host and the virtual host under each meta-path; 4, calculating a similarity value between each network host and the virtual host under each meta-path; step 5, performing weighted summation on similarity values between the corresponding network hosts and virtual hosts under each meta-path; step 6, extracting the mutual access relationship among the network hosts from the computer network, then constructing an access relationship matrix among the network hosts, and carrying out normalization processing; and step 7, performing node vulnerability iterative processing on each network host. The invention further discloses a storage medium, a system and calculation equipment. According to the invention, the accuracy of the node vulnerability estimation result is ensured.

Description

technical field [0001] The invention belongs to the technical field of computer network security, and in particular relates to a node vulnerability estimation method and system based on heterogeneous information networks. Background technique [0002] With the popularity of computers and the rapid development of communication technology, computer networks have penetrated into people's daily life. All kinds of software and hardware products and network information systems are generally vulnerable in planning, design, development, maintenance, configuration, management and other links. Network vulnerability assessment provides quantitative assessment results for network security status through comprehensive analysis of computer network vulnerabilities, topology and other elements, providing a basis for network security optimization. The assessment of network vulnerability has become one of the research hotspots in the field of security, and many valuable research results have...

AI Technical Summary

Problems solved by technology

However, it is difficult for dynamic network analysis and for attack graphs generated by large-scale networks, too many nodes are not conducive to analysis

Combined with the Bayesian network and the attack graph for precise reasoning, the probability of each node being successfully attacked can be accurately calculated, but accurate reasoning for each node is an NP-hard problem and the application of the Bayesian network requires some premise assumptions ( independence assumptions, prior probabilities, etc.)

Moreover, the attack graph only considers the vulnerability-based attack behavior modeling, and does not take into account the impact of other factors on node vulnerability, which leads to the limited ability of the attack graph to express the attack behavior, and the scalability and flexibility of other elements are not strong enough.

Therefore, it is not possible to analyze new forms of network attacks, such as APT attacks.

Images