Matrix visualization method based on state transition graph

Abstract

The invention discloses a matrix visualization method based on a state transition graph. The method comprises the following steps: establishing a reachable matrix according to the connectivity of all host nodes in a network topology; scanning the host nodes in a network through vulnerability scanning tools (Nessus, ISS and SARA), so that a vulnerability set for each host node is obtained; constructing the state transition graph according to the vulnerability sets of the host nodes and exploitation rules of vulnerabilities; constructing an attack path vulnerability matrix according to the state transition graph; calculating host penetration risk values of the vulnerabilities in the state transition graph based on a common vulnerability scoring system (CVSS); calculating a host vulnerability risk matrix of the state transition graph through matrix operation; and representing host vulnerability risks through a pie chart, so that a network security administrator can search for a host with the highest risk value and carry out maintenance. The method provided by the invention has the advantages that vulnerability risk information of hosts in the network can be visually and clearly described, so that a new thread of thought is provided for the visualization of risk results of the state transition graph.

Description

technical field [0001] The invention relates to the technical field of network security attack and defense visualization, in particular to a matrix visualization method based on a state attack and defense graph. Background technique [0002] With the advent of the big data era, the network is developing towards intelligence and collaboration, and multi-step combined penetration attacks have become the main form of threatening network security, which has brought great difficulties to network security administrators. Especially in recent years, there have been more and more violent problems in network security. In order to evaluate the security of the network, the research and analysis of attack-defense graph has become one of the main means. Using the attack-defense diagram to conduct security analysis on the network can improve the ability of the network system to respond to emergencies and improve network security. [0003] At present, some research results have been obtai...

AI Technical Summary

Problems solved by technology

According to the existing attack templates, the depth-first search strategy is used to generate network attack graphs to make a more comprehensive evaluation of the network security situation. However, the generation process of attack graphs is completely manual, and the evaluation efficiency is low and cannot adapt to larger-scale networks ( C.A.Phillips, L.P.Swiler, A Graph Based System for NetworkVulnerability Analysis, In the ACM Proceedings from the 1998 New Security Paradigms Workshop, 71-79.)

Ammann et al. adopted a method based on graph theory and introduced a monotonicity assumption, which solved the state explosion problem of the attack graph to a certain extent, but it was still difficult to apply to a slightly larger network (AmmannP, WijesekeraD, KaushikS. Scalable, Graph- based Network Vulnerability Analysis[C]Proceedings of the 9 th ACM Conference on Computer and Communications Security (CCS'02), Washington DC, ACM, 2002: 217-224.)

With the help of the existing attack graph, Pan Xiaozhong used the matrix to analyze the security of large-scale networks, and expressed the network risks through histograms, realizing the visualization of risks in large-scale networks. The probability of the vulnerability is not quantitatively calculated, but the corresponding value is given based on the description, which is uncertain

Images