Research On Penetration Detection Model Based On The Front Heuristic Method

Nowadays, the Internet and global information technology become more and more prosperous. The network space which takes the Internet as the core has become the important strategic resources in countries and received high attention from every country. Especially, after Snowden "prism door" event which disclosed in 2013, the international communities and the general public pay more attention to network security unprecedentedly. Moved by profit, network penetration attackers invade various network systems silently. How to analyze and detect network penetration attacks and how to develop effective and feasible network security strategy has become an important issue domestic concerned by experts and scholars home and abroad.Network penetration attack is seen as one of new integrated hacking methods, and it brings huge loss to information security of governments and enterprises. Existing assessment methods and defensive measures seem lagging. Besides, the current network penetration models are limited to formal description and lack of quantitative evaluation. To solve the urgent problems above, we make a systematic research on the two aspects of penetration attack model and penetration attack detection in this paper.(1) For network penetration attack models lack of penetration of a comprehensive assessment and quantify the probability of success of the penetration, this paper proposes a new penetration attack model, which adds attack model and the abilities of attacker and others integrated elements. The new model could expound the particularity of penetration attack fully. Among them, the key technology will be decomposed and classified, and their characteristics will also be summarized in the new penetration attack model. We adopt state transition strategy to simulate attack paths, and on this basis, propose program of Markov mathematical model to quantify network security assessment.(2) For the network penetration attack detection lack of timeliness and forensics is too difficult, this paper proposes a heuristic detection method based on virtual victim machine(VVM). In the detection of penetration attack link, VVM simulate execution of malicious programs actively, the virtual victim group as a real reduction attack environment, which could get the real-time evidence of attack.Finally, simulation experiments of typical penetration attacks simulated attack scenarios to verify the validity of penetration attack model and feasibility of penetration attack detection proposed in this paper. The results show that the detection model based on the front heuristic could characterize the attack process accurately and quantify attack intuitively. Moreover, the executive process of attacks can be efficiently performed in the network penetration attacks.