Abstract:
Network system is generally faced with invasion of the external and internal threat agents. Moreover, threat agents have the capability of spreading threats via the interrelation among vulnerabilities and components in the network, bringing about potential threats. Designing a reasonable model to identify, analyze and quantitatively measure the consequences resulting from potential threats is one of the main challenges that the research of network security evaluation faces. For this issue, a hierarchical evaluation approach based on the threat spread model for the network security is proposed. Firstly the threat spread model is put forward to identify the threat agents, analyze the spread paths of threats, and predict potential threats. The threat spread model includes target network model, threat agent model, threat spread graphs and threat spread algorithm. On this basis, the security measure model is presented to compute the danger indexes of services, hosts and network system respectively. The security measure model is composed of spread graphs, metrics, metric computing functions and index computing functions. Based on the novel approach, the prototype system is implemented and applied by an enterprise local network system. The result demonstrates the correctness of the threat spread model and the advantage of the approach compared with traditional methods.