Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017, Article ID 3407642, 19 pages
https://doi.org/10.1155/2017/3407642
Research Article

Quantitative Method for Network Security Situation Based on Attack Prediction

1Zhengzhou Information Science and Technology Institute, Zhengzhou 450001, China
2Henan Key Laboratory of Information Security, Zhengzhou 450001, China
3Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
4Key Laboratory of Information Network Security, Third Research Institute, Ministry of Public Security, Shanghai 200031, China

Correspondence should be addressed to Hao Hu; moc.361@809_hhjjw

Received 18 January 2017; Accepted 14 May 2017; Published 3 July 2017

Academic Editor: Xiaojiang Du

Copyright © 2017 Hao Hu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Multistep attack prediction and security situation awareness are two big challenges for network administrators because future is generally unknown. In recent years, many investigations have been made. However, they are not sufficient. To improve the comprehensiveness of prediction, in this paper, we quantitatively convert attack threat into security situation. Actually, two algorithms are proposed, namely, attack prediction algorithm using dynamic Bayesian attack graph and security situation quantification algorithm based on attack prediction. The first algorithm aims to provide more abundant information of future attack behaviors by simulating incremental network penetration. Through timely evaluating the attack capacity of intruder and defense strategies of defender, the likely attack goal, path, and probability and time-cost are predicted dynamically along with the ongoing security events. Furthermore, in combination with the common vulnerability scoring system (CVSS) metric and network assets information, the second algorithm quantifies the concealed attack threat into the surfaced security risk from two levels: host and network. Examples show that our method is feasible and flexible for the attack-defense adversarial network environment, which benefits the administrator to infer the security situation in advance and prerepair the critical compromised hosts to maintain normal network communication.