Metrics for network attack and defense effectiveness based on differential manifolds

被引：0

作者：

Zhao X. ^{[1
]}

Jiang X. ^{[1
]}

Zhao J. ^{[1
]}

Xu H. ^{[1
]}

Guo J. ^{[1
]}

机构：

[1] School of Computer Science and Technology, Beijing Institute of Technology, Beijing

来源：

Qinghua Daxue Xuebao/Journal of Tsinghua University | 2020年 / 60卷 / 05期

关键词：

Attack and defense effectiveness; Differential manifold; Indicator dimension reduction; Network security metrics;

D O I：

10.16511/j.cnki.qhdxxb.2020.26.002

中图分类号：

学科分类号：

摘要：

Network security methods lack effective metrics to measure attack risks and defense capabilities in dynamic networks, especially since they have high dimensionality and are difficult to analyze since there are many indicators. This paper presents a method to quantify network attack and defense capabilities. Clustering and principal component analyses are used to reduce the dimensionality and allocate weights to the indicator groups. These indexes are embedded in differential manifolds that change with time with the network risk evaluated based on the attack risks and defense capabilities to quantify the network security effectiveness. The CIC2017 dataset is used as an example to show that this method can indicate the attach and defense risks for dynamic networks. The results show that this method can provide a dynamic method for network security measurements. © 2020, Tsinghua University Press. All right reserved.

引用

页码：380 / 385

页数：5

共 16 条

[1] Burke D.A., Towards a game theory model of information warfare, (1999)
[2] Zakeri R., Jalili R., Shahriari H.R., Et al., Using description logics for network vulnerability analysis, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies, pp. 78-83, (2006)
[3] Lye K.W., Wing J.M., Game strategies in network security, International Journal of Information Security, 4, 1-2, pp. 71-86, (2005)
[4] Yin F., Ai Z.L., Network confrontation deduction system based on offensive and defensive action chain, Computer and Modernization, 2, (2019)
[5] Jiang W., Fang B.X., Tian Z.H., Et al., Evaluating network security and optimal active defense based on attack-defense game model, Chinese Journal of Computers, 32, 4, pp. 817-827, (2009)
[6] Zhang H.W., Li T., Huang S.R., Network defense decision-making method based on attack-defense differential game, Acat Electronica Sinica, 46, 6, pp. 151-158, (2018)
[7] Xian M., Bao W.D., Wang Y.J., Et al., Introduction to Network Attack Effectiveness Evaluation, (2007)
[8] Wang Y.J., Xian M., Wang G.Y., Et al., Study on effectiveness evaluation of computer network attacks, Computer Engineering and Design, 26, 11, (2005)
[9] Zou H.Y., Evaluation of the attack effect of the network based on grey system theory, Computer Knowledge and Technology, 7, 4, pp. 795-799, (2011)
[10] Hu C.Z., Liu Z., Shan C., Et al., Differential manifold-based network state model construction and state assessment

← 1 2 →