Network security situation evaluation method based on attack intention recognition

This paper analyzed the existing network security situation evaluation methods and discovered that they can´t accurately reflect the features of large-scale, synergetic, multi-stage gradually shown by network attack behaviors. For this purpose, under deep analyzing the association between attack intention and network configuration information, a network security situation evaluation method based on attack intention recognition was proposed. Unlike traditional method, the evaluation method was based on intruder. This method firstly made causal analysis of attack event and discovered intrusion path to recognize every attack stages, then realized situation evaluation based on the attack stages. Lastly the method recognized the attack intention of next stage to forecast network security situation based on achieved attack stages, combined with vulnerability and network connectivity. A simulation experiments for the proposed network security situation evaluation model is performed by network examples. The experimental results show that this method is more accurate on reflecting the truth of attack. And the method does not need training on the historical sequence, so the method is more effective on situation forecasting.