Research On Network Attack Prediction Technology Based On Bayesian Attack Graph

Along with the rapid development of the Internet industry,the architecture of the network has become diversified.Among them,software-defined network(SDN),by separating the control layer and data layer and programmable features,not only can reduce the load on the equipment,but also reduce the operating costs of the network,and become the focus of the new network.However,the security issues of both SDN networks and traditional networks are currently the focus of research due to the characteristics of the different networks themselves.In the past,the intrusion detection of the network only used the vulnerability of the device and device vulnerability to model the threat to the device,so as to determine the risk of intrusion of the device in the network.However,the importance of the device and the dependencies that exist between vulnerabilities and the impact of controller vulnerabilities in SDN networks are ignored.Based on the above mentioned issues,this thesis investigates the traditional network and SDN network from the following aspects according to their different characteristics.First,a Bayesian attack intent assessment method based on Bayesian attack graphs is proposed for SDN security prediction methods that do not consider the cost of attack and the impact of controller vulnerabilities on SDN network security.Considering that the attacker’s attack behavior is purposeful,this thesis first uses the PageRank algorithm to calculate the importance of each device,and then combines it with the attack experience to calculate the cost of attack on the device,and then calculates the probability of attack on the device with four indicators such as attack gain,attack preference and device vulnerability,which more accurately predicts the probability of the attacker’s attack on each device.By combining Bayesian belief networks and attack graphs,risk assessment of the network as well as model building is performed,and the overall achievable probability obtained from the calculation is used to perform prediction of attack paths and effectively improve the accuracy of the prediction.Second,a traditional network attack intent assessment method based on Bayesian attack graph is proposed to address the incomplete consideration of node correlation in the current traditional network risk assessment model.The vulnerability value is calculated through CVSS3.1,the node criticality is calculated using the PageRank algorithm,the attack cost is obtained by combining with the exploitability in the vulnerability value,the node invasion probability is obtained by analyzing the three indicators such as the obtained attack benefit,and the possibility of the node being invaded is analyzed using the static and dynamic reachable probabilities,all possibilities of reaching the target node are calculated,and finally the most likely The most likely intrusion path.Finally,the attack intent evaluation strategy proposed in this thesis is validated by detailed experiments.