Abstract:Network security methods lack effective metrics to measure attack risks and defense capabilities in dynamic networks, especially since they have high dimensionality and are difficult to analyze since there are many indicators. This paper presents a method to quantify network attack and defense capabilities. Clustering and principal component analyses are used to reduce the dimensionality and allocate weights to the indicator groups. These indexes are embedded in differential manifolds that change with time with the network risk evaluated based on the attack risks and defense capabilities to quantify the network security effectiveness. The CIC2017 dataset is used as an example to show that this method can indicate the attach and defense risks for dynamic networks. The results show that this method can provide a dynamic method for network security measurements.
[1] BURKE D A. Towards a game theory model of information warfare[D]. Dayton:Air force Institute of Technology, 1999. [2] ZAKERI R, JALILI R, SHAHRIARI H R, et al. Using description logics for network vulnerability analysis[C]//International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies. Morne, Mauritius:IEEE, 2006:78-83. [3] LYE K W, WING J M. Game strategies in network security[J]. International Journal of Information Security, 2005, 4(1-2):71-86. [4] 尹发, 艾中良. 基于攻防行动链的网络对抗推演系统[J]. 计算机与现代化, 2019(2):107-111, 117.YIN F, AI Z L. Network confrontation deduction system based on offensive and defensive action chain[J]. Computer and Modernization, 2019(2):107-111, 117. (in Chinese) [5] 姜伟, 方滨兴, 田志宏, 等. 基于攻防博弈模型的网络安全测评和最优主动防御[J]. 计算机学报, 2009, 32(4):817-827.JIANG W, FANG B X, TIAN Z H, et al. Evaluating network security and optimal active defense based on attack-defense game model[J]. Chinese Journal of Computers, 2009, 32(4):817-827. (in Chinese) [6] 张恒巍, 李涛, 黄世锐. 基于攻防微分博弈的网络安全防御决策方法[J]. 电子学报, 2018, 46(6):151-158.ZHANG H W, LI T, HUANG S R. Network defense decision-making method based on attack-defense differential game[J]. Acat Electronica Sinica, 2018, 46(6):151-158.(in Chinese) [7] 鲜明, 包卫东, 王永杰, 等. 网络攻击效果评估导论[M]. 长沙:国防科技大学出版社, 2007.XIAN M, BAO W D, WANG Y J, et al. Introduction to network attack effectiveness evaluation[M]. Changsha:National Defense Science and Technology University Press, 2007.(in Chinese) [8] 王永杰, 鲜明, 王国玉, 等. 计算机网络攻击效能评估研究[J]. 计算机工程与设计, 2005, 26(11):2868-2870, 2901.WANG Y J, XIAN M, WANG G Y, et al. Study on effectiveness evaluation of computer network attacks[J]. Computer Engineering and Design, 2005, 26(11):2868-2870, 2901. (in Chinese) [9] 邹海洋. 基于灰色系统理论的网络攻击效果评估[J]. 电脑知识与技术, 2011, 7(4):795-799.ZOU H Y. Evaluation of the attack effect of the network based on grey system theory[J]. Computer Knowledge and Technology, 2011, 7(4):795-799. (in Chinese) [10] 胡昌振, 刘臻, 单纯, 等. 基于微分流形的网络状态模型构建方法和状态评估方法:2018106493246[P]. 2018-12-11.HU C Z, LIU Z, SHAN C, et al. Differential manifold-based network state model construction and state assessment:2018106493246[P]. 2018-12-11. (in Chinese) [11] HU C Z. Calculation of the behavior utility of a network system:Conception and principle[J]. Engineering, 2018, 4(1):78. [12] 赵小林, 陈全保, 薛静锋, 等. 一种基于Lie群的网络系统风险度量方法:CN108777641A[P]. 2018-11-19.ZHAO X L, CHEN Q B, XUE J F, et al. A network system risk measurement method based on Lie group:CN108777641A[P]. 2018-11-19. (in Chinese) [13] IRVINE. KDD Cup 1999 Data[DS/OL].[2019-08-10]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. [14] Canadian Institute for Cybersecurity. Intrusion detection evaluation dataset (CICIDS2017).[DS/OL].[2019-08-10]. https://www.unb.ca/cic/. [15] LEE J M. Smooth manifolds[M]. New York:Springer, 2013. [16] 史忠植, 胡宏. 基于微分流形的神经计算[J]. 计算机研究与发展, 1994, 31(8):28-32.SHI Z Z, HU H. Neural computing based on differential manifold[J]. Computer Research and Development, 1994, 31(8):28-32. (in Chinese)