Research On Dynamic Risk Assessment Method Based On Bayesian Network Attack Diagram

Currently,as the number of vulnerabilities continues to grow,network security is facing more and more serious challenges.The cyberattack behavior has also evolved from a previously isolated incident to a large-scale coordinated attack.How to accurately describe the multi-step attack behavior and quantify the network security risk in real time is an urgent problem for the relevant researchers.Therefore,this paper has done the following research on this issue.Firstly,the intrusion detection system is combined with the attack graph to propose a construction algorithm for generating a Bayesian network attack graph model.The algorithm combines host vulnerability enumeration with all possible attack paths to build an attack graph model.The model can not only visually describe the multi-step attack process,but also combine the alarm information of the intrusion detection system to quantify the network security risk in real time through the Bayesian network probability formula.Secondly,it is further studied how the intrusion detection system performs attack behavior detection on nodes in the Bayesian network attack graph.In order to ensure that the intrusion detection system can effectively detect the abnormal behavior in the network,this paper proposes an anomaly detection algorithm combining genetic algorithm and random forest.The method proposed in this paper can effectively detect the attack behavior in the network and ensure the rationality and accuracy of the subsequent assessment of network security risks.Thirdly,in order to realize the real-time dynamic risk assessment of the whole network,this paper proposes a dynamic risk assessment method based on Bayesian network attack graph,which quantifies the node information in the Bayesian network attack graph and the alarm information combined with the intrusion detection system.The attack threat degree of the node in the attack graph is calculated in real time,and then the weight of the host node is quantified by using the importance weight of the host node and the node risk index,and the network risk is dynamically evaluated in real time.Finally,the experiment is implemented in the Python language on the Windowsplatform to verify the validity and feasibility of the proposed method.