A high-risk attack path dynamic prediction and repair system and method

Abstract

A system and method for dynamic prediction and repair of high-risk attack paths. The high-risk attack path prediction module uses an attack subgraph generation algorithm to generate an attack subgraph according to the attack target, and then uses the improved CVSS scoring strategy and expert knowledge base to estimate the attack launch of each attack node. probability, attack success probability, and confidence of security monitoring points to obtain a probability attack graph, and finally obtain a high-risk attack path through the maximum probability attack path prediction algorithm. The high-risk attack path dynamic correction module uses the system log and security monitoring point alarm information as the data source to establish the Gompertz mathematical model, which dynamically reflects the characteristics of each attack and the utilization probability of the path it is located in over time. The repair strategy module evaluates the objective impact scope of the attack, the objective threat, and the security requirements brought about by the topological position of the attack through the attack comprehensive impact assessment algorithm, and reveals the maximum value repair point. The invention has high prediction accuracy and higher reference degree.

Description

technical field [0001] The invention belongs to the field of information security, and in particular relates to a system and method for dynamic prediction and repair of high-risk attack paths. Background technique [0002] The emergence of the Internet has promoted the rapid development of social productivity and built a new platform for cultural communication and technological innovation. It not only facilitates human work and life, but has now become an indispensable tool. However, due to the complexity and fragility of the network system itself and the malicious use of the network system by malicious users, personal information leakage, malicious tampering of information, malicious occupation of resources and other network security incidents that endanger society and individuals emerge in endlessly. Network system security detection and assessment refers to the inspection of possible high-risk vulnerabilities and attack penetration paths in the network system and the asse...

AI Technical Summary

Problems solved by technology

[0005] To sum up, the problems existing in the existing technology are: probability modeling involves the consideration of the angle of the attacker and the angle of attack, while the level of attackers in the real world is uneven, the attack targets are ever-changing, and the development and spread of attack technologies keep pace with the times. progress, it is difficult to determine the launch probability of each attack

Moreover, the network system vulnerability topological structure and software version are various, and it is difficult to determine the key vulnerability points of the network system under different circumstances.

Therefore, the difficulty in solving the above technical problems lies in the fact that the real world situation is changeable, and the estimation results of the attack launch probability and the key vulnerability points of the network system are not satisfactory.

Images