A Risk Assessment Method of Network Host Node with Host Importance

doi:10.13190/j.jbupt.2021-166

Journal of Beijing University of Posts and Telecommunications ›› 2022, Vol. 45 ›› Issue (2): 16-21.doi: 10.13190/j.jbupt.2021-166

• PAPERS • Previous Articles Next Articles

A Risk Assessment Method of Network Host Node with Host Importance

YANG Hongyu^1,2, YUAN Haihang², ZHANG Liang³

1. College of Safety Science and Engineering, Civil Aviation University of China, Tianjin 300300, China;
2. College of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China;
3. College of Information, University of Arizona, Tucson AZ85721, USA

Received:2021-08-06 Published:2021-12-16

Abstract

Abstract: The existing network host node assessment methods based on attack graph have unreasonable calculation of atomic attack probability and asset protection value, and ignore the impact of the association relationship between host nodes on host node risk value. To solve these problems, a risk assessment scheme based on the importance of hosts in the network is proposed. Firstly, a host-based attack graph based on network information is build, and then the probability of atomic attack is calculated by vulnerability exploitability, code availability and defense intensity. After that, the attack probability of path is calculated based on the attack graph. Furthermore, the host importance is characterized from the attack graph structure and asset protection value. The reciprocal of atomic attack probability is used to weigh the host-based attack graph, and the improved weighted betweenness index is calculated. Moreover, the entropy weight method is used to weigh the asset protection value index of the host nodes and calculate the asset protection value. Finally, the risk value of the network host node is calculated according to the maximum path attack probability and host importance. The experimental results show that the host node risk in the network environmentand the obtained risk value results are more rational.

Key words: network security, host-based attack graph, host importance, entropy weight method, risk assessment

CLC Number:

TP393

YANG Hongyu, YUAN Haihang, ZHANG Liang. A Risk Assessment Method of Network Host Node with Host Importance[J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(2): 16-21.

References

[1] WANG H, ZHU C H, SHEN Z H. A network security risk assessment method based on a B_NAG model[J]. Computer Systems Science and Engineering, 2021, 38(1):103-117.
[2] WANG H, CHEN Z F, ZHAO J P, et al. A vulnerability assessment method in industrial Internet of things based on attack graph and maximum flow[J]. IEEE Access, 2018, 6:8599-8609.
[3] HU H, ZHANG H Q, YANG Y J. Security risk situation quantification method based on threat prediction for multimedia communication network[J]. Multimedia Tools and Applications, 2018, 77(16):21693-21723.
[4] SHAN C, GAO J, HU C Z, et al. Network risk assessment method based on asset correlation graph[C]//Trusted Computing and Information Security (CTCIS). Berlin:Springer, 2019:65-83.
[5] POKHREL N R, TSOKOS C P. Cybersecurity:a stochastic predictive model to determine overall network security risk using Markovian process[J]. Journal of Information Security, 2017, 8(2):91-105.
[6] 李鑫.基于攻击图的网络安全评估技术研究与实现[D].北京:北京邮电大学, 2017. LI X. Research and implementation of network security assessment technology based on attack graph[D]. Beijing:Beijing University of Posts and Telecommunications, 2017.
[7] RUOHONEN J. A look at the time delays in CVSS vulnerability scoring[J]. Applied Computing and Informatics, 2019, 15(2):129-135.
[8] FREI S, MAY M, FIEDLER U, et al. Large-scale vulnerability analysis[C]//Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense (LSAD'06). New York:ACM, 2006:131-138.
[9] 葛海慧,肖达,陈天平,等.基于动态关联分析的网络安全风险评估方法[J].电子与信息学报, 2013, 35(11):2630-2636. GE H H, XIAO D, CHEN T P, et al. Quantitative eva-luation approach for real-time risk based on attack event correlating[J]. Journal of Electronics and Information Technology, 2013, 35(11):2630-2636.
[10] 国家质量监督检验检疫总局,中国国家标准化管理委员会.信息安全技术信息安全风险评估规范:GB/T 20984-2007[S].北京:中国标准出版社, 2007. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China. Information security technology-risk assessment specification for information security:GB/T 20984-2007[S]. Beijing:Standards Press of China, 2007.
[11] JIN X, ZHANG W S. The optimization of objective weighting method based on relative importance[C]//20205th International Conference on Mechanical, Control and Computer Engineering (ICMCCE). Piscataway, NJ:IEEE Press, 2020:1234-1237.

[1]	SHI Zicheng, LI Xin, TANG Ying, HUANG Shanguo. Optical Packet Filtering System Based on All-Optical Pattern Matching [J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(3): 96-101.
[2]	YANG Hong-yu, ZHANG Le, ZHANG Liang. An Information System Risk Assessment Method Based on Risk Propagation [J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(4): 41-48.
[3]	TANG Hong-wei, FENG Sheng-zhong, ZHAO Xiao-fang. TOChain: a High-Performance SFC for Virtual Network Security [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2018, 41(1): 70-80.
[4]	ZHAO Jian, WANG Rui, LI Zheng-min, LEI Min, MA Min-yao. Security Threats and Risk Assessment of IoT System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2017, 40(s1): 135-139.
[5]	LEI Min, LIU Xiao-ming, ZHANG Hong, WANG Mian, YANG Yu. Research on Security Threats and Risk Assessment of Web Information System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(s1): 87-93.
[6]	LI Xu, BAO Jing-jing, LIU Ying. Formation Security: Black Hole Problem [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(1): 12-17.
[7]	BAI Yuan, WANG Qian, JIA Qi-lan, ZHANG Hui-bing. An Efficient and Secured AKA for EPS Networks [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(s1): 10-14.
[8]	LIU Jing, GU Li-ze, Niu Xin-xin, YANG Yi-xian, LI Zhong-xian. Network Security Events Analyze Method Based on Neural Networks and Genetic Algorithm [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(2): 50-54.
[9]	FU Yu, CHEN Yong-qiang, WU Xiao-ping, SONG Yan. Network Attack-Defense Strategies Selection Based on Stochastic Game Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(s1): 35-39.
[10]	CHEN Yong-qiang, WU Xiao-ping, FU Yu, SONG Yan. Network Security Evaluation Based on Stochastic Game and Network Entropy [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(s1): 92-96.
[11]	GE Hai-hui, ZHENG Shi-hui, CHEN Tian-ping, YANG Yi-xian. Fuzzy Risk Assessment of Information Security Threat Scenario [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2013, 36(6): 89-92,107.
[12]	. Network Security Analysis Based on Host-Security-Group [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2012, 35(1): 19-23.
[13]	. Network Security Assessment Based on Node Correlated HMM [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(6): 121-124.
[14]	WU Huan, PAN Lin, WANG Xiao-zhen, XU Rong-sheng. A Risk Assessment Model Using Incomplete Attack Graphs Analysis [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(3): 57-61.
[15]	LuZhenbang,ZHOU Bo. Hierarchical Risk Assessment Based on Shapley Entropies and Choquet Integrals [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 83-87.

A Risk Assessment Method of Network Host Node with Host Importance

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments