基于吸收Markov链的网络入侵路径分析方法

从攻击者角度对网络进行入侵路径分析对于指导网络安全防御具有重要意义。针对现有的基于吸收Markov链的分析方法中存在的对状态转移情形考虑不全面的问题和状态转移概率计算不合理的问题,提出了一种基于吸收Markov链的入侵路径分析方法。该方法在生成攻击图的基础上,根据攻击图中实现状态转移所利用的漏洞的可利用性得分,充分考虑了非吸收节点状态转移失败的情况,提出了一种新的状态转移概率计算方法,将攻击图映射到吸收Markov链模型;利用吸收Markov链的状态转移概率矩阵的性质,计算入侵路径中节点的威胁度排序和入侵路径长度的期望值。实验结果表明,该方法能够有效计算节点威胁度排序和路径长度期望;通过对比分析,该方法的计算结果相比现有方法更符合网络攻防的实际情况。

Attack Path Analysis Method Based on Absorbing Markov Chain

The analysis of network attack path from the perspective of attackers is of great significance to guide network security defense.The existing analysis methods based on absorbing Markov chain have some problems,such as incomplete consideration of state transition and unreasonable calculation of state transition probability.In order to solve these problems,this paper proposes an attack path analysis method based on absorbing Markov chain.Based on the generation of attack graph and the exploitability score of vulnerability,the situation that the failure state transition of non-absorbing nodes will be fully considered.In order to map the attack graph to the absorbing Markov chain model,this paper proposes a new method to calculate the state transition probability.Then,by using the properties of the state transition probability matrix of the absorbing Markov chain,it calculates the threat ranking of the nodes in the attack path and the expected length of the attack path.Then,the application feasibility of absorbing Markov chain with multi absorbing states is discussed.The results of the experiment show that the proposed method can effectively calculate the node threat ranking and path length expectation.Through comparative analysis,this method is more in line with the actual situation of network attack and defense than the existing methods.