Domain Attack Path Research Based On Extended Attack Graph

With the development of network technology,the Internet has become an indispensable part of people’s daily life and business activities,and network architecture has become increasingly complex.At the same time,network security issues are becoming increasingly prominent,and attackers are using vulnerabilities and weaknesses to attack and damage networks in ever-changing ways,making domain network security management increasingly difficult.In this context,attack graph technology,as a proactive network security defense method,has received increasing attention.Attack graph technology can evaluate vulnerabilities and weaknesses in domain networks,analyze and predict network security risks,and achieve proactive defense of network security.Compared with traditional passive network security defense methods,attack graph technology has the following advantages: it can comprehensively evaluate multiple attack points,and the evaluation results are more comprehensive and accurate;it can model the behavior of attackers during the attack process,enhancing the ability to predict network security risks;it can formulate and optimize network security strategies based on the evaluation results,achieving proactive defense of domain network security.However,there are still some research issues with current attack graph technology.First,existing attack graph technology mainly focuses on the evaluation of known vulnerabilities,and there are still shortcomings in the evaluation of unknown vulnerabilities.Moreover,the analysis environment mainly focuses on workgroup networks,and research on domain network analysis is still insufficient.Secondly,existing attack graph technology often ignores the probability of attackers launching attacks when evaluating node probabilities,resulting in biased evaluation results.Finally,the current security risk assessment indicators are too single,and do not supplement new attack methods that appear in domain environments,which cannot fully reflect the domain network security situation,and further exploration of multi-index evaluation methods is needed.To address these issues,this paper proposes a Bayesian attack graph model based on mixed scoring.The contributions of this work are as follows:(1)Detailed elaboration of the various elements and scoring criteria of the Common Vulnerability Scoring System.A scoring method for domain penetration attack patterns is proposed through PACEP(Common Attack Pattern Enumeration and Classification)attack pattern classification,and a mixed scoring calculation method is proposed for the three issues considered by attackers in domain penetration environments through the probability calculation of the AHP(Analytic Hierarchy Process)model,laying the foundation for later attack probability calculation work.(2)Detailed discussion of the principle of the Mul VAL attack graph automation construction tool,and supplementing the inference rules for the lateral movement methods mainly used in actual domain penetration.This method considers attacks caused by configuration errors,thereby expanding the attack surface and increasing the comprehensiveness of attack paths.(3)In-depth research on the principles and calculation methods of Bayesian networks,and based on the above research,combining the attribute attack graph generated by the Mul VAL attack graph automation construction tool with Bayesian networks,a Bayesian attack graph model based on expanded Bayesian is proposed.The model can comprehensively display the network security status and accurately infer attack intentions,thereby improving the accuracy of risk assessment results and providing a basis for future defense work..