Abstract:
How to identify successful threat activities and current security state, is the prerequisite and key to network real-time threat assessment. To do this, all the detected threats need to be associated and studied in many ways and multiple directions. Aiming at this issue, a network real-time threat identification and quantitative assessment approach is proposed based on the association analysis from two dimensions of time and space. This approach fully considers spatial complexity and temporal dynamic under network attack-defense confrontation environment. Firstly threat state transition graph is constructed to simulate intruding process and model threat scenarios. Based on the graph, by associating threat spreading paths in temporal dimension and correlating with threat state features in spatial dimension, valid threats can be filtered out and current threat state can be recognized. Then a multi-granularity hierarchical assessment method is put forward to evaluate network threat. This method takes entity value, threat weight and threat success probability as evaluation indexes in order to quantitatively analyze threat indexes of single state, path and the whole network respectively. Therefore, the results report network real-time risk situation in different levels. Finally simulation experiment verifies the effectiveness and advantage of the approach, and the approach can reveal threat situation more thoroughly and provide valuable guide for intrusion response decision-making and dynamic defense strategy adjusting.