Network attack path prediction method based on attacker characteristic indexes

Abstract

The invention provides a network attack path prediction method based on an attacker characteristic index, and the method comprises the steps: firstly, providing a quantitative index of a network attack path from the perspective of an attacker in combination with an attack graph and a hidden Markov model, wherein the attack cost, the attack income and the attack profit reflect different optimal attack path selections of attackers with different intentions; secondly, an attack path in the attack graph being quantified and analyzed based on a quantitative index, and a network attack and defense scene being described more effectively; and finally, respectively adding the attack cost, the attack income and the attack profit of all vulnerabilities on each attack path to obtain the total attack cost, the total attack profit and the total attack profit of the whole attack path, and comparing the index values of the attack paths to obtain the attack cost, the total attack profit and the total attack profit of the whole attack path. Therefore, one or more attack paths which may be attacked by an attacker with relatively high risk can be found more accurately, a network administrator can be helped to know the network security condition more comprehensively, and the security of a network system can be ensured more efficiently.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a network attack path prediction method based on an attacker's characteristic index. Background technique [0002] A computer network contains many assets, such as hardware, software, databases, etc., and there are usually some loopholes or vulnerabilities in these assets. Vulnerabilities of network systems include software and hardware vulnerabilities, protocol defects, and configuration errors. Attackers can take advantage of these vulnerabilities to attack, causing key information leakage, system failure, etc., and causing damage to the security of the network system. Although these loopholes can be repaired, with continuous development, the scale of the network system is getting bigger and bigger, and there are more and more loopholes in it, and the cost of maintaining the network system is often limited, so administrators must monitor the network and T...

AI Technical Summary

Problems solved by technology

From the attacker's point of view, after exploiting the first vulnerability, when facing the same vulnerability to be used again, the attacker must combine experience (knowledge of the vulnerability and attack proficiency, etc.) and ability (tools and techniques mastered) etc.), the possibility of the vulnerability being successfully exploited will increase, so the state probability of the node will be affected by nodes other than its parent node, but the Bayesian network cannot accurately describe this Happening

In addition, there are some studies that capture the attacker's attack data to analyze the characteristics of the attacker, but these methods cannot predict the attack behavior before the attack occurs, nor can they quickly detect the network topology after the network topology changes. Analyze the vulnerability in the network, so the practicability has certain limitations

Images