ISSN 1000-1239 CN 11-1777/TP

### A Real-time Network Threat Recognition and Assessment Method Based on Association Analysis of Time and Space

Lü Huiying1, Peng Wu2, Wang Ruimei1, and Wang Jie1

1. 1(School of Management, Capital Normal University, Beijing 100089) 2(Academy of Electronics and Information Technology, China Electronics Technology Group Corporation, Beijing 100041)
• Online:2014-05-15

Abstract: How to identify successful threat activities and current security state, is the prerequisite and key to network real-time threat assessment. To do this, all the detected threats need to be associated and studied in many ways and multiple directions. Aiming at this issue, a network real-time threat identification and quantitative assessment approach is proposed based on the association analysis from two dimensions of time and space. This approach fully considers spatial complexity and temporal dynamic under network attack-defense confrontation environment. Firstly threat state transition graph is constructed to simulate intruding process and model threat scenarios. Based on the graph, by associating threat spreading paths in temporal dimension and correlating with threat state features in spatial dimension, valid threats can be filtered out and current threat state can be recognized. Then a multi-granularity hierarchical assessment method is put forward to evaluate network threat. This method takes entity value, threat weight and threat success probability as evaluation indexes in order to quantitatively analyze threat indexes of single state, path and the whole network respectively. Therefore, the results report network real-time risk situation in different levels. Finally simulation experiment verifies the effectiveness and advantage of the approach, and the approach can reveal threat situation more thoroughly and provide valuable guide for intrusion response decision-making and dynamic defense strategy adjusting.