Abstract :
In order to comprehend and accurately estimate the current network security situation to preferably guide dynamic defense, an awareness and analysis method for network real-time threats is proposed. The method recognizes current real-time threats and predicts subsequent threats by modelling attack scenario and simulating intrusion state transferring. The threat awareness model is constructed with Expanded Finite-State Automata, which is defined as Attack State Transition Graph and Real-Time Attack State Graph. Based on the former all possible intruding paths and state transformation can be illustrated, and based on the latter really happening threats and intruding path are described. Then a threat awareness algorithm is presented based on the above model. With this algorithm, various kinds of invalid threats are filtered, current valid threats are obtained by correlating dynamic alarms with static attack scenario. Further, combining Attack State Transition Graph with Real-Time Attack State Graph, subsequent threat and possible threat path is identified and intrusion target is predicted. Finally the results of experiment in a simulated network verify the feasibility and validity of the model and algorithm. Therefore, it provides a novel solution to recognize and analyze network security situation.
