Abstract:

By applying the evolution theory of dynamic network into the risk assessment of computer network, we propose a new risk assessment framework based on attack events in dynamic networks. We first construct the dynamic access relation network based on static physical links. Then the Timeline algorithm uses its time characteristic effectively to describe the attack evolution trend and find important attacks. The graph approximation algorithm is also adopted to simplify the analysis process as an analysis among approximate graphs and reduce the impact of noise behaviors effectively. In addition, the framework can track the network segment evolution and do correlation analysis. Case study shows that the proposal has good practicability, reveals attackers' attack strategies better, and finds the close ties between important attacks.

Key words: dynamic attack graph, network risk analysis, attack graph, network evolution, risk assessment