| With the rapid development of network technology, people rely more and more on network. At the same time, the security problem in network environment has become an increasing grave issue. Therefore, it’s an important work for network administrators to analyze the network vulnerability. The attack path showing the simulated attack steps reflects the relationship of vulnerabilities in the entire network. It has been an important means for network administrators to analyze the network vulnerabilities.In the past network security assessment by using attack graph, network security administrators usually got a complex attribute attack graph or state attack graph. It was difficult to analyze the relationship of vulnerabilities directly. Administrators needed to analyze the attack graph first to find out the key vulnerability existing in the network, and then, deployed the network security measures. It led to more time cost.In this dissertation, a set of element was used to build the information for modeling the attack path. Meanwhile, it described the content of elements, including topological relations, node information, vulnerability attribute and atomic attack. The exploiting relationship graph combined by simplifying attribute attack graph and state attack graph was used to analyze the attack paths. In this graph, the relationship of vulnerabilities nodes and their pre-order and post-order node were displayed distinctly. The dissertation used Depth-First-Search algorithm and Backward-Selection-Search algorithm to search the attack paths. It was easy for network administrators to find the vulnerabilities needed to fix quickly according to the output of the path list. Therefore, the the network security deployment efficiency had been improved.This dissertation optimized the definition of global vulnerability and quantified the global vulnerability by single vulnerability to calculate the successful using probability of global vulnerability. The global vulnerability list was outputted by the order of probability. An optimized vulnerability availability evaluation method based on CVSS by adding factors of operating system and attack technology and removing environment factors was used to quantify individual vulnerability. The calculation formulas used in the evaluation process were also presented in this dissertation.At the end, the vulnerabilities description in CVE and attribute information were given by analyzing the nodes and topology and scanning the nodes in an simulation environment using OpenVAS. Taking one vulnerability as example, showed the process of calculating the probability. Graphviz technology was used to generate exploiting relationship graph. The list of global vulnerability was given by analyzing the vulnerabilities. It would be used to analyze the security deployment in the network. |
PDF Full Text Request