Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A node vulnerability estimation method and system based on heterogeneous information network

A heterogeneous information network, vulnerability technology, applied in transmission systems, electrical components, etc., can solve problems such as inability to analyze network attacks well, unfavorable analysis of a large number of nodes, and difficulties in dynamic network analysis.

Active Publication Date: 2020-09-11
NAT UNIV OF DEFENSE TECH
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, it is difficult for dynamic network analysis and for attack graphs generated by large-scale networks, too many nodes are not conducive to analysis
Combined with the Bayesian network and the attack graph for precise reasoning, the probability of each node being successfully attacked can be accurately calculated, but accurate reasoning for each node is an NP-hard problem and the application of the Bayesian network requires some premise assumptions ( independence assumptions, prior probabilities, etc.)
Moreover, the attack graph only considers the vulnerability-based attack behavior modeling, and does not take into account the impact of other factors on node vulnerability, which leads to the limited ability of the attack graph to express the attack behavior, and the scalability and flexibility of other elements are not strong enough.
Therefore, it is not possible to analyze new forms of network attacks, such as APT attacks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A node vulnerability estimation method and system based on heterogeneous information network
  • A node vulnerability estimation method and system based on heterogeneous information network
  • A node vulnerability estimation method and system based on heterogeneous information network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] The specific implementation manners of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0061] This embodiment provides a node vulnerability estimation method based on heterogeneous information network, refer to figure 1 , the node vulnerability estimation method includes the following steps:

[0062] Step 1, extracting from the computer network the mutual influence relationship between each network host and each corresponding vulnerability element, and each vulnerability element, and constructing a heterogeneous information network.

[0063] The vulnerability elements in this embodiment include host H, operating system O, port P, service S, vulnerability V, and attack type A. In this embodiment, the host H, the operating system O, the port P, the service S, the vulnerability V, and the attack type A (attack caused by the vulnerability) are used as the node types, and through 11 different mutual influence relatio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a node vulnerability estimation method based on a heterogeneous information network. The node vulnerability estimation method comprises the following steps: step 1, constructing the heterogeneous information network; 2, setting a virtual host with a known vulnerability value; 3, obtaining an adjacent matrix of the network host and the virtual host under each meta-path; 4, calculating a similarity value between each network host and the virtual host under each meta-path; step 5, performing weighted summation on similarity values between the corresponding network hosts and virtual hosts under each meta-path; step 6, extracting the mutual access relationship among the network hosts from the computer network, then constructing an access relationship matrix among the network hosts, and carrying out normalization processing; and step 7, performing node vulnerability iterative processing on each network host. The invention further discloses a storage medium, a system and calculation equipment. According to the invention, the accuracy of the node vulnerability estimation result is ensured.

Description

technical field [0001] The invention belongs to the technical field of computer network security, and in particular relates to a node vulnerability estimation method and system based on heterogeneous information networks. Background technique [0002] With the popularity of computers and the rapid development of communication technology, computer networks have penetrated into people's daily life. All kinds of software and hardware products and network information systems are generally vulnerable in planning, design, development, maintenance, configuration, management and other links. Network vulnerability assessment provides quantitative assessment results for network security status through comprehensive analysis of computer network vulnerabilities, topology and other elements, providing a basis for network security optimization. The assessment of network vulnerability has become one of the research hotspots in the field of security, and many valuable research results have...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1433H04L63/20
Inventor 张旻王文瑞郑敬华薛鹏飞施凡郑超
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products