Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (4): 48-55.doi: 10.11959/j.issn.2096-109x.2018031

• Papers • Previous Articles     Next Articles

Host security threat analysis approach for network dynamic defense

Lixun LI1,2,Bin ZHANG1,2,Shuqin DONG1,2   

  1. 1 Information Engineering University,Zhengzhou 450001,China
    2 Henan Province Information Security Key Laboratory,Zhengzhou 450001,China
  • Revised:2018-03-28 Online:2018-04-01 Published:2018-05-30
  • Supported by:
    The Foundation and Frontier Technology Research Project of Henan Province(2014302903);Infor-mation Protection Technology Key Laboratory Open Fund Project(KJ-15-109);New Research Direction Cultivation Fund of Information Engineering University(2016604703)

Abstract:

Calculating the host security threat in network dynamic defense (NDD) situation has to consider the vulnerabilities’ uncertainty because of dynamic mutation.Firstly,the vulnerabilities’ uncertainty caused by the mutation space and the mutation period was calculated by random sampling model,and combined with the CVSS,the attack success probability formula of single vulnerability was derived.Secondly,to avoid self-loop during the path searching process in multiple vulnerabilities situation,an improved recursive depth first algorithm which combined with node visited queue was proposed.Then,the host security threat was calculated based on attack success probability in the situation of multiple vulnerabilities and paths.Finally,approach’s availability and effectiveness were verified by an experiment conducted in a typical NDD situation.

Key words: cyber security, network dynamic defense, host security threat analysis, attack success probability, at-tacker privilege transfer graph

CLC Number: 

No Suggested Reading articles found!