Computer networks face a variety of cyberattacks.Most network attacks are contagious and destructive,and these types of attacks can be harmful to society and computer network security.Security evaluation is an effecti...Computer networks face a variety of cyberattacks.Most network attacks are contagious and destructive,and these types of attacks can be harmful to society and computer network security.Security evaluation is an effective method to solve network security problems.For accurate assessment of the vulnerabilities of computer networks,this paper proposes a network security risk assessment method based on a Bayesian network attack graph(B_NAG)model.First,a new resource attack graph(RAG)and the algorithm E-Loop,which is applied to eliminate loops in the B_NAG,are proposed.Second,to distinguish the confusing relationships between nodes of the attack graph in the conversion process,a related algorithm is proposed to generate the B_NAG model.Finally,to analyze the reachability of paths in B_NAG,the measuring indexs such as node attack complexity and node state transition are defined,and an iterative algorithm for obtaining the probability of reaching the target node is presented.On this basis,the posterior probability of related nodes can be calculated.A simulation environment is set up to evaluate the effectiveness of the B_NAG model.The experimental results indicate that the B_NAG model is realistic and effective in evaluating vulnerabilities of computer networks and can accurately highlight the degree of vulnerability in a chaotic relationship.展开更多
基金This work was partially supported by the National Natural Science Foundation of China(61300216,Wang,H,www.nsfc.gov.cn).
文摘Computer networks face a variety of cyberattacks.Most network attacks are contagious and destructive,and these types of attacks can be harmful to society and computer network security.Security evaluation is an effective method to solve network security problems.For accurate assessment of the vulnerabilities of computer networks,this paper proposes a network security risk assessment method based on a Bayesian network attack graph(B_NAG)model.First,a new resource attack graph(RAG)and the algorithm E-Loop,which is applied to eliminate loops in the B_NAG,are proposed.Second,to distinguish the confusing relationships between nodes of the attack graph in the conversion process,a related algorithm is proposed to generate the B_NAG model.Finally,to analyze the reachability of paths in B_NAG,the measuring indexs such as node attack complexity and node state transition are defined,and an iterative algorithm for obtaining the probability of reaching the target node is presented.On this basis,the posterior probability of related nodes can be calculated.A simulation environment is set up to evaluate the effectiveness of the B_NAG model.The experimental results indicate that the B_NAG model is realistic and effective in evaluating vulnerabilities of computer networks and can accurately highlight the degree of vulnerability in a chaotic relationship.