CN104539601A - Reliability analysis method and system for dynamic network attack process - Google Patents

Abstract

The invention relates to a reliability analysis method and system for a dynamic network attack process. The method includes the steps that S1, a petri net model of the network attack process is set up; S2, changes are motivated through a change motivating rule, and the believability of a conclusion proposition is calculated; S3, according to the believability of the conclusion proposition, the resource consumption of the petri net model of the network attack process is adjusted by the adoption of a granule algorithm; S4, the reliability of the system instantaneous state when attacks happen is evaluated according to the resource consumption. As the petri net model of the network attack process is set up, and the resource consumption in the model is adjusted, reliability ordering of all attack paths can be obtained, and a basis is supplied to network managers for predicting the attack paths.

Description

Dynamic network attack process analysis method for reliability and system

Technical field

The present invention relates to technical field of network security, particularly relate to a kind of dynamic network attack process analysis method for reliability based on two stage optimization algorithm and system.

Background technology

Network attack process be an assailant according to Prerequisite and target, carried out the process of acquisition of information and privilege-escalation by implementation Process.In network attack process, attack graph is a kind of analytical method of application network weakness, analyze the dependence between weakness, be beneficial to network manager know in advance or predict contingent attack sequence (attack path), thus can take preventive measures in time, improve the fail safe of network, reduce the generation of network attack.In specific business scenario, due to factor impacts such as each node importance and resources costs, the resource consumption of each weakness analyzed further by frequent needs, generate the attack graph in each corresponding resource consumption path, determine the attack path reliability ordering of the corresponding each resource consumption of weakness, with reasonable distribution secure resources, and improve the success rate in Forecast attack path.But analyzing in attack graph in the process of the corresponding each resource consumption of weakness, often there is a large amount of ambiguity information in consumed resource.In these cases, be more suitable for being estimated by the reliability of fuzzy operation to network attack process of fuzzy number.System ambiguous reliability theory is that fuzzy mathematics combines with system reliability the product produced, research be blooming in systems reliability analysis, to a beneficial complement of common reliability design, it is also the method for the process fuzzy uncertain sex chromosome mosaicism accounting for main flow at present.Therefore leaving for process large-scale complicated system from fuzzy theory will one of the emphasis becoming system Reliability Research, and it has become the direction that numerous scholar endeavours to study.

In network attack process reliability, in recent years, people have carried out large quantifier elimination and test, propose multiple analysis method for reliability, and the technology of other field is incorporated in fail-safe analysis, these methods have certain applicability for the fail-safe analysis of network attack process.But generally speaking, network attack process reliability analytical method need further research and perfect, in the face of day by day complicated network attack process and more and more accurate analysis method for reliability, the accuracy of network attack procedure parameter value becomes the principal element affecting network attack process reliability, and the parameter value optimization of network attack process dynamics variable condition remains the key difficulties problem of network attack process reliability analysis.

Network attack process reliability analytical method based on parameter evaluation is the newer network attack process reliability analytical method based on parameter optimal value proposed in recent years, it is mainly through the blur parameter value of computing intelligence critic network attack process, then the analysis of network attack process reliability is carried out by certain technological means, but still not mature enough based on the network attack process reliability analysis of blur parameter value at present, mainly face following problem:

(1) due to the existence of network attack process dynamics variable condition, when network attack process status changes, the various parameters of original model are as no longer applicable in threshold value etc., again must mark on model network attack procedure parameter, therefore the adaptability of network attack process model has much room for improvement, need systematized model to support, the dynamic model that the feature of therefore attack process dynamic change Network Based sets up network attack process has important Research Significance and supports each stage that multi-state System Reliability analyzes.

(2) parameter value of network attack process reliability model itself is generally rely on artificial experience to determine, the uncertainty of artificial experience is added in the algorithm like this, affect the accuracy of algorithm with regard to easy.Therefore, research can just seem particularly important according to the method for sample Automatic adjusument network attack procedure parameter value.

(3) generally speaking, though network attack procedural theory framework first meeting clue, but general model is also lacked for the fail-safe analysis of the various network attack processes of reality.Some special technical methods only can be adopted to solve the network attack process of some classifications at present.Fuzzy Reliability Theory is all also in preliminary development stage in theoretical research or in engineer applied, and the fuzzy Reliability Model of General System does not still have clear and definite physical definition.Fuzzy Reliability for network attack process is more complicated, does not also have general rational computational analysis model.The application background of large complicated network attack process, properity and the relation between it and subsystems must be understood in depth, modeling and fail-safe analysis are carried out to its Fuzzy Reliability.

Summary of the invention

Based on the problems referred to above, the invention provides a kind of dynamic network attack process analysis method for reliability and system, by setting up networking attack process petri pessimistic concurrency control, consumed resource in model is adjusted, thus the reliability ordering of each attack path can be provided, for network management personnel's Forecast attack path provides foundation.

According to above-mentioned purpose, one aspect of the present invention provides a kind of dynamic network attack process analysis method for reliability, and it is characterized in that, described method comprises:

S1, set up network attack process petri pessimistic concurrency control;

S2, excite transition by transition firing rules, calculate the confidence level of conclusion proposition;

S3, particle algorithm is adopted to adjust according to the confidence level of described conclusion proposition to the consumed resource of network attack process petri pessimistic concurrency control;

S4, according to the assessment of described consumed resource attack occur time system instantaneous state reliability.

Wherein, described network attack process petri pessimistic concurrency control is established as:

S _MSPN＝<P,D,T,I,O,α,T _h,τ>，

Wherein, P={P ₁, P ₂... .P _nfor storehouse finite aggregate; T={t ₁, t ₂... .t _mit is the finite aggregate changed; D represents the finite aggregate of proposition; I is input matrix, and O is the confidence level of output matrix, proposition corresponding to α library representation, T _hrepresent the consumed resource in state change process; τ represents the average enforcement speed of transition.

Wherein, described step S3 specifically comprises:

S31, set first iterations d ₁, and first permissible error ε is set ₁, initial resource consumption vector is t _h01;

S32, calculating confidence level error vector: wherein, library representation institute p respectively _ithe actual confidence level mark value that exports of z lot sample notebook data and Expected confidence mark value, b is storehouse institute number, altogether g lot sample notebook data,

S33, judgement if so, then perform step S6, otherwise perform next step;

S34, utilize particle cluster algorithm to adjust consumed resource, described adjustment equation is:

$\left\{\begin{array}{c}{v}_{\mathrm{id}}^{r+1}=\mathrm{\&omega;}{v}_{\mathrm{id}}^r+c_1{\mathrm{\&gamma;}}_1^r(p_{\mathrm{ld}}^r-t_{\mathrm{hid}}^r)\\ +c_2{\mathrm{\&gamma;}}_2^r(p_{\mathrm{gd}}^r-t_{\mathrm{hid}}^r)\\ t_{\mathrm{hid}}^{r+1}=t_{\mathrm{hid}}^r+v_{\mathrm{id}}^{r+1}\end{array}\right.$

Wherein, v ^idfor storehouse institute p _ithe regulating the speed of the d time iteration, t _hidfor storehouse institute p _ithe consumed resource of the d time iteration, p _ld, p _gdrepresent the history optimal value of each particle and the optimal value of all particles respectively; ω represents the coefficient keeping original speed; c ₁, c ₂particle tracking oneself history optimal value and tracking colony optimal value respectively; γ ₁, γ ₂it is [0,1] interval interior equally distributed random number; R is adjustment number of times;

S35, judgement be, then d ₁=d ₁+ 1, return step S33, if $\left|E\left({t_{\mathrm{hd}}}_1\right)\right|=\left|E\left(t_{{\mathrm{hd}}_1+1}\right)\right|,$ Then perform step S34;

S36, adjustment terminate, become for the first time consumed resource vector into then consumed resource parameter is

Wherein, described step S3 also comprises:

S37, setting second iteration number of times d ₂, secondary permissible error ε is set ₂, initial resource consumption vector is t _h02;

S38, calculating confidence level error vector: $E\left(t_{{\mathrm{hd}}_2}\right)|=\frac{1}{2}\underset{z=1}{\overset{g}{\mathrm{\&Sigma;}}}\underset{i=1}{\overset{b}{\mathrm{\&Sigma;}}}{({\mathrm{\&theta;}}_i^z-\left({\mathrm{\&theta;}}_i^z\right))}^2;$

S39, judgement if so, then perform step S6, otherwise perform next step;

S310, utilize modified particle swarm optiziation to adjust consumed resource, the adjustment equation of described modified particle swarm optiziation is:

$\begin{array}{c}{t}_{\mathrm{hid}}^{r+1}=\mathrm{\&omega;}{v}_{\mathrm{id}}^r+c_1{\mathrm{\&gamma;}}_1^r(p_{\mathrm{ld}}^r-t_{\mathrm{hid}}^r)\\ +c_2{\mathrm{\&gamma;}}_2^r({\mathrm{ps}}^r-t_{\mathrm{hid}}^r)\\ t_{\mathrm{hid}}^{r+1}=t_{\mathrm{hid}}^r+v_{\mathrm{id}}^{r+1}\end{array},$

Wherein, ps is weighted total least squares weight;

S311, judgement be, then d ₂=d ₂+ 1, return step S38, if $\left|E\left({t_{\mathrm{hd}}}_2\right)\right|=\left|E\left(t_{{\mathrm{hd}}_2+1}\right)\right|,$ Then perform step S310;

S312, adjustment terminate, and obtaining consumed resource vector is consumed resource parameter is $T_{h2}={t_{\mathrm{hd}}}_{02}.$

Wherein, the computational process of described ps value is:

According to the membership function of the consumed resource of particle, choose fitness transforming function transformation function:

$\mathrm{FS}\left(f\left(x\right)\right)=\frac{a}{a+f\left(x\right)-\mathrm{GM}},$

Wherein, GM is the extreme value of particle consumed resource membership function f (x) estimated, a is the normal number of reflection change of scale, and f (x) is the weighting function value of particle x;

Normalizing is carried out to the adaptive value of particle, obtains the influence degree of each particle:

$\mathrm{SI}\left(j\right)=\frac{\mathrm{FS}\left(f\left(x_j\right)\right)}{\underset{j=1}{\overset{\mathrm{gd}}{\mathrm{\&Sigma;}}}\mathrm{FS}\left(f\left(x_j\right)\right)};$

The influence degree of comprehensive each particle, considers the currency p of preferably particle in standard particle algorithm with weighted total least squares weight ps _gd:

$\mathrm{ps}=\underset{i=1}{\overset{\mathrm{gd}}{\mathrm{\&Sigma;}}}\mathrm{SI}\left(j\right)\&times;x_j.$

According to another aspect of the present invention, provide a kind of dynamic network attack process reliability analysis system, it is characterized in that, described system comprises:

Unit set up by Petri network model, for setting up network attack process petri pessimistic concurrency control;

Confidence level computing unit, for exciting transition by transition firing rules, calculates the confidence level of conclusion proposition;

Consumed resource adjustment unit, adopts particle algorithm to adjust for the confidence level according to described conclusion proposition to the consumed resource of network attack process petri pessimistic concurrency control;

Fail-safe analysis unit, system instantaneous state reliability when occurring for attacking according to described consumed resource assessment.

Dynamic network attack process analysis method for reliability of the present invention and system, by setting up networking attack process petri pessimistic concurrency control, consumed resource in model is carried out to the optimization in two stages, thus can in the incomplete situation of information, provide the reliability ordering of each attack path, for network management personnel's Forecast attack path provides foundation.

Accompanying drawing explanation

Can understanding the features and advantages of the present invention clearly by reference to accompanying drawing, accompanying drawing is schematic and should not be construed as and carry out any restriction to the present invention, in the accompanying drawings:

Fig. 1 shows the flow chart of dynamic network attack process analysis method for reliability of the present invention.

Fig. 2 shows the structured flowchart of dynamic network attack process reliability analysis system of the present invention.

Fig. 3 shows the laboratory network topology diagram of one embodiment of the present of invention.

Fig. 4 shows the Laboratory Network string bag attack graph of one embodiment of the present of invention.

Fig. 5 shows the network attack process petri pessimistic concurrency control schematic diagram of the laboratory network of one embodiment of the present of invention.

Fig. 6 shows the first stage Adjustment effect figure of embodiments of the invention.

Fig. 7 shows the second stage Adjustment effect figure of embodiments of the invention.

Embodiment

For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

Fig. 1 shows the flow chart of dynamic network attack process analysis method for reliability of the present invention.

With reference to Fig. 1, the detailed process of dynamic network attack process analysis method for reliability of the present invention comprises:

S1, set up network attack process petri pessimistic concurrency control.

The information ambiguity that the network attack process reliability assessment that the present invention is directed to dynamic change state exists and uncertain problem, based on Fuzzy Petri Net and state machine Petri network modeling criterion, network attack process Petri network model is set up to the network attack process of state dynamic change, utilizes Petri network model to improve fail-safe analysis efficiency.

In one embodiment of the present of invention, network attack process petri pessimistic concurrency control is defined as eight tuples a: S _mSPN=<P, D, T, I, O, α, T _h, τ >,

Wherein, P={P ₁, P ₂... .P _nbe the finite aggregate of storehouse institute (state), represent each possible state, P _irepresent the state set of node;

T={t ₁, t ₂... .t _mfor changing the finite aggregate of node, represent the annexation between network attack process status;

$D=\left\{\begin{array}{c}{d}_{11},d_{12}....d_{1N};d_{i1},d_{i2}....d_{\mathrm{iN}};.......d_{n1},d_{n2}....d_{\mathrm{nN}};\\ d_{11}^{\&prime;},d_{12}^{\&prime;}....d_{1N}^{\&prime;};d_{i1}^{\&prime;},d_{i2}^{\&prime;}....d_{\mathrm{iN}}^{\&prime;};.......d_{r1}^{\&prime;},d_{r2}^{\&prime;}....d_{\mathrm{rN}}^{\&prime;}\end{array}\right\}$ Represent the finite aggregate of node proposition, each node status information is expressed as a token (token), a corresponding proposition, proposition d _ijrepresent from storehouse institute P _ito transition t _j;

I:P → T is input matrix, reflection storehouse institute arrive change mapping, I={ δ _iJ, δ _iJamount of logic, δ _iJ{ 0,1} works as P to ∈ _it _jinput (namely there is P _ito T _jdirected arc) time, δ _iJ=1, work as P _inot T _jinput (namely there is not P _ito T _jdirected arc) time, δ _iJ=0, i=1,2 ... .n, j=1,2 ... .m;

O:T → P is output matrix, reflection be transitted towards storehouse mapping, O={ γ _iJ, γ _ijamount of logic, γ _ij{ 0,1} works as P to ∈ _it _joutput (namely there is T _jto P _idirected arc) time, γ _ij=1, work as P _inot T _joutput (namely there is not T _jthe P arrived _idirected arc) time, γ _ij=0, i=1,2 ... .n, j=1,2 ... .m;

$\begin{array}{c}\mathrm{\&alpha;}(d_{\mathrm{ij}},t_k)\&RightArrow;\left[\mathrm{0,1}\right]\\ \mathrm{\&alpha;}(t_k,d_{\mathrm{ij}}^{\&prime;})\&RightArrow;\left[\mathrm{0,1}\right]\end{array}$ For the fuzzy number that [0,1] is interval, the confidence level of proposition corresponding to library representation, β: P → D, when having a token in the institute of storehouse _ijtime, then β (token _ij, p _i)=d _ij, proposition d _ijconfidence level be expressed as α (d _ij, t _k) → [0,1], proposition d' _ijconfidence level be expressed as α (t _k, d' _ij) → [0,1], represent the importance degree of node.As transition t _joccur time, in multistate system storehouse proposition d _ijthe generation precondition that must meet be expressed as α (d _ij, t _k);

T _h: T _h=diag{ λ ₁, λ ₂... λ _m, λ _ithe fuzzy number of ∈ [0,1], represents transition t _jstartup threshold value, in addition, in network attack process status change procedure, can be used for representing the consumed resource in state change process;

τ={ τ ₁, τ ₂.... τ _n, be transition t _javerage enforcement speed, represent under enable condition, the average initiation number of times in the unit interval, unit is time/time per unit.Initiation number of times is a positive real fuzzy number.

The network attack process Petri network model that patent of the present invention proposes, network attack process Petri network model is set up based on Fuzzy Petri Net and state machine Petri network, the input and output of transition represent each node state, multiple fuzzy proposition can be had in each node state, each fuzzy proposition has different confidence levels, be used for limiting different state variation and the precondition that must meet occurs, transition threshold value has [0,1] interval fuzzy number, is used for representing the consumed resource in state change process.

S2, excite transition by transition firing rules, calculate the confidence level of conclusion proposition;

As transition t _kwhen exciting, its input magazine in mark value do not change, and to output storehouse institute p _itransmitting new confidence value is:

$\begin{array}{c}\mathrm{\&alpha;}(t_k,d_{\mathrm{ij}}^{\&prime;})=\\ \underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}\mathrm{\&alpha;}(d_{\mathrm{ij}},t_k)-{\mathrm{\&omega;}}_{\mathrm{ik}}+\mathrm{\&alpha;}(t_k,d_{\mathrm{ij}}^{\&prime;})\end{array}$

Wherein, j=1,2 ... n, k=1,2 ... m.

S3, particle algorithm is adopted to adjust according to the confidence level of described conclusion proposition to the consumed resource of network attack process petri pessimistic concurrency control;

In one embodiment, the adjustment of step S3 is divided into two stages to carry out, and the detailed process of first stage comprises:

S31, set first iterations d ₁, and first permissible error ε is set ₁, initial resource consumption vector is t _h01;

S32, calculating confidence level error vector: $E\left({t_{\mathrm{hd}}}_1\right)|=\frac{1}{2}\underset{z=1}{\overset{g}{\mathrm{\&Sigma;}}}\underset{i=1}{\overset{b}{\mathrm{\&Sigma;}}}{({\mathrm{\&theta;}}_i^z-\left({\mathrm{\&theta;}}_i^z\right))}^2,$ Wherein, library representation institute p respectively _ithe actual confidence level mark value that exports of z lot sample notebook data and Expected confidence mark value, b is storehouse institute number, altogether g lot sample notebook data,

S33, judgement if so, then perform step S6, otherwise perform next step;

S34, utilize particle cluster algorithm to adjust consumed resource, described adjustment equation is:

$\left\{\begin{array}{c}{v}_{\mathrm{id}}^{r+1}=\mathrm{\&omega;}{v}_{\mathrm{id}}^r+c_1{\mathrm{\&gamma;}}_1^r(p_{\mathrm{ld}}^r-t_{\mathrm{hid}}^r)\\ +c_2{\mathrm{\&gamma;}}_2^r(p_{\mathrm{gd}}^r-t_{\mathrm{hid}}^r)\\ t_{\mathrm{hid}}^{r+1}=t_{\mathrm{hid}}^r+v_{\mathrm{id}}^{r+1}\end{array}\right.$

Wherein, v ^idfor storehouse institute p _ithe regulating the speed of the d time iteration, t _hidfor storehouse institute p _ithe consumed resource of the d time iteration, p _ld, p _gdrepresent the history optimal value of each particle and the optimal value of all particles respectively; ω represents the coefficient keeping original speed; c ₁, c ₂particle tracking oneself history optimal value and tracking colony optimal value respectively; γ ₁, γ ₂it is [0,1] interval interior equally distributed random number; R is adjustment number of times;

S35, judgement be, then d ₁=d ₁+ 1, return step S33, if $\left|E\left({t_{\mathrm{hd}}}_1\right)\right|=\left|E\left(t_{{\mathrm{hd}}_1+1}\right)\right|,$ Then perform step S34;

S36, adjustment terminate, become for the first time consumed resource vector into then consumed resource parameter is

In first stage adjustment, after utilizing the particle algorithm successive ignition improved, population is tended towards stability substantially, p _gddirectly determined by the most successful current particle, but the super particle that its direction of search tends to be had by a few absolute predominance controls, population might not be guided to the direction of global optimum by these particles, and this is just easy to occur premature convergence problem.In order to avoid this phenomenon, carry out the adjustment of first stage, in second stage, adopt a transforming function transformation function, ensure that a particle is chosen as p _gdprobability be inversely proportional to its target function value, and the adaptive value after conversion is not less than zero.And due to number of particles in modified hydrothermal process numerous, influencing factor is complicated, and according to the membership function of the consumed resource of particle, the fitness transforming function transformation function that we choose is:

wherein, GM is the extreme value of particle transition weight membership function f (x) estimated, a is the normal number of a reflection change of scale, and f (x) is the weighting function value of particle x.Then normalizing is carried out to the adaptive value of particle, obtains the influence degree of each particle:

$\mathrm{SI}\left(j\right)=\frac{\mathrm{FS}\left(f\left(x_j\right)\right)}{\underset{j=1}{\overset{\mathrm{gd}}{\mathrm{\&Sigma;}}}\mathrm{FS}\left(f\left(x_j\right)\right)};$

The influence degree of comprehensive each particle, considers the currency p of preferably particle in standard particle algorithm with weighted total least squares weight ps _gd.

$\mathrm{ps}=\underset{i=1}{\overset{\mathrm{gd}}{\mathrm{\&Sigma;}}}\mathrm{SI}\left(j\right)\&times;x_j.$

Then upgrade after particle algorithm speed/positional more new formula be:

$\begin{array}{c}{t}_{\mathrm{hid}}^{r+1}=\mathrm{\&omega;}{v}_{\mathrm{id}}^r+c_1{\mathrm{\&gamma;}}_1^r(p_{\mathrm{ld}}^r-t_{\mathrm{hid}}^r)\\ +c_2{\mathrm{\&gamma;}}_2^r({\mathrm{ps}}^r-t_{\mathrm{hid}}^r)\\ t_{\mathrm{hid}}^{r+1}=t_{\mathrm{hid}}^r+v_{\mathrm{id}}^{r+1}\end{array}$

Based on the equation of the particle algorithm after above-mentioned renewal, carry out the adjustment of second stage, detailed process is:

S37, setting second iteration number of times d ₂, secondary permissible error ε is set ₂, initial resource consumption vector is t _h02;

S38, calculating confidence level error vector: $E\left({t_{\mathrm{hd}}}_2\right)|=\frac{1}{2}\underset{z=1}{\overset{g}{\mathrm{\&Sigma;}}}\underset{i=1}{\overset{b}{\mathrm{\&Sigma;}}}{({\mathrm{\&theta;}}_i^z-\left({\mathrm{\&theta;}}_i^z\right))}^2;$

S39, judgement | E (t _hd2) | < ε ₂, if so, then perform step S6, otherwise perform next step;

S310, utilize modified particle swarm optiziation to adjust consumed resource, the adjustment equation of described modified particle swarm optiziation is:

$\begin{array}{c}{t}_{\mathrm{hid}}^{r+1}=\mathrm{\&omega;}{v}_{\mathrm{id}}^r+c_1{\mathrm{\&gamma;}}_1^r(p_{\mathrm{ld}}^r-t_{\mathrm{hid}}^r)\\ +c_2{\mathrm{\&gamma;}}_2^r({\mathrm{ps}}^r-t_{\mathrm{hid}}^r)\\ t_{\mathrm{hid}}^{r+1}=t_{\mathrm{hid}}^r+v_{\mathrm{id}}^{r+1}\end{array},$

Wherein, ps is weighted total least squares weight;

S311, judgement be, then d ₂=d ₂+ 1, return step S38, if $\left|E\left({t_{\mathrm{hd}}}_1\right)\right|=\left|E\left(t_{{\mathrm{hd}}_1+1}\right)\right|,$ Then perform step S310;

S312, adjustment terminate, and obtaining consumed resource vector is consumed resource parameter is $T_{h2}={t_{\mathrm{hd}}}_{02}.$

In above-mentioned two stage optimization algorithm, when parameter optimization, in order to avoid convergence rate slowly and be easily absorbed in the problem of local minimum, each input amendment is to the not generation effect immediately of the Weighted Fuzzy Petri Net model of network attack process, by the time after whole input amendment of a cycle of training input all successively, whole error is obtained total error, then concentrates amendment parameter.And, in order to avoid there is precocious phenomenon, adopting a transforming function transformation function in the second stage of algorithm, ensureing that a particle is chosen as p _gdprobability be inversely proportional to its target function value, and the adaptive value after conversion is not less than zero.

S4, according to the assessment of described consumed resource attack occur time system instantaneous state reliability.

Fig. 2 shows the structured flowchart of dynamic network attack process reliability analysis system of the present invention.

With reference to Fig. 2, an alternative embodiment of the invention provides a kind of dynamic network attack process reliability analysis system, specifically comprises:

Unit 10 set up by Petri network model, for setting up network attack process petri pessimistic concurrency control;

Confidence level computing unit 20, for exciting transition by transition firing rules, calculates the confidence level of conclusion proposition;

Consumed resource adjustment unit 30, adopts particle algorithm to adjust for the confidence level according to described conclusion proposition to the consumed resource of network attack process petri pessimistic concurrency control;

Fail-safe analysis unit 40, system instantaneous state reliability when occurring for attacking according to described consumed resource assessment.

Below by way of specific embodiment, dynamic network attack process analysis method for reliability of the present invention is described.

Fig. 3 shows the laboratory network topology diagram of one embodiment of the present of invention.Fig. 4 shows the Laboratory Network string bag attack graph of one embodiment of the present of invention.

One embodiment of the present of invention are implemented by the laboratory network model of, and laboratory network model as shown in Figure 3.

In Fig. 3, network topology structure only has internal network part, and assailant can only implement to attack to the destination node in website by Intranet, and this Intranet is interconnected by router, data center and terminal node and forms, and its sub-attack graph as shown in Figure 4.

Fig. 5 shows the network attack process petri pessimistic concurrency control schematic diagram of the laboratory network of one embodiment of the present of invention.

First suppose that the transition in Fig. 5 are all enable, utilize the consumed resource of the Weighted Fuzzy Petri Net of the particle Algorithm Learning network attack process of above-mentioned improvement, iterations d=0, arranges permissible error ε=0.009, Population Size elects 300 as, initial resource consumption vector ω ₀elect 300 random numbers (representing the various possibility values of attacking transition consumed resource) between 0 and 1 as, for the purpose of justice, each state proposition confidence level is unified is set to 0.9, then the two-tie commit algorithm of the Realization of Simulation consumed resource in matlab.

Fig. 6 shows the first stage Adjustment effect figure of embodiments of the invention.Fig. 7 shows the second stage Adjustment effect figure of embodiments of the invention.

As shown in Figure 6 and Figure 7, from simulation result, second stage optimization is obviously fast than first stage convergence rate, and highly stable after convergence for the two-tie commit algorithm fitness function change curve that the present invention proposes.Can find out, two-tie commit algorithm of the present invention obviously can improve convergence rate and highly stable after convergence, in addition, from simulation process, can find out convergence rate quickly, as shown in Figure 7, just can be optimized result by roughly 90 steps.Therefore, in convergence speedup speed and avoid two-tie commit algorithm in this paper in Premature Convergence to achieve good effect.

Finally, evaluate its instantaneous state reliability performance according to assessment consumed resource to expect, show that method for evaluating reliability in this paper is more accurate in the expectation of calculating multiple-limb attack path instantaneous reliability performance by matlab emulation, in predicted branches attack path, there is good theoretical direction, and its instantaneous reliability expected performance alpha levels cut set of different attack states can be different according to α value difference, for the network attack process reliability evaluation of dynamic change also provides theoretical direction.

Dynamic network attack process analysis method for reliability of the present invention and system, by setting up networking attack process petri pessimistic concurrency control, consumed resource in model is carried out to the optimization in two stages, thus can in the incomplete situation of information, provide the reliability ordering of each attack path, for network management personnel's Forecast attack path provides foundation.

Although describe embodiments of the present invention by reference to the accompanying drawings, but those skilled in the art can make various modifications and variations without departing from the spirit and scope of the present invention, such amendment and modification all fall into by within claims limited range.

Claims (6)

1. a dynamic network attack process analysis method for reliability, is characterized in that, described method comprises:

S1, set up network attack process petri pessimistic concurrency control;

S2, excite transition by transition firing rules, calculate the confidence level of conclusion proposition;

S3, particle algorithm is adopted to adjust according to the confidence level of described conclusion proposition to the consumed resource of network attack process petri pessimistic concurrency control;

S4, according to the assessment of described consumed resource attack occur time system instantaneous state reliability.

2. method according to claim 1, is characterized in that, described network attack process petri pessimistic concurrency control is established as:

S _MSPN＝<P,D,T,I,O,α,T _h,τ>

Wherein, P={P ₁, P ₂... .P _nfor storehouse finite aggregate; T={t ₁, t ₂... .t _mit is the finite aggregate changed; D represents the finite aggregate of proposition; I is input matrix, and O is the confidence level of output matrix, proposition corresponding to α library representation, T _hrepresent the consumed resource in state change process; τ represents the average enforcement speed of transition.

3. method according to claim 1, is characterized in that, described step S3 specifically comprises:

S31, set first iterations d ₁, and first permissible error ε is set ₁, initial resource consumption vector is t _h01;

S32, calculating confidence level error vector: wherein, library representation institute p respectively _ithe actual confidence level mark value that exports of z lot sample notebook data and Expected confidence mark value, b is storehouse institute number, altogether g lot sample notebook data,

S33, judgement if so, then perform step S6, otherwise perform next step;

S34, utilize particle cluster algorithm to adjust consumed resource, described adjustment equation is:

$\begin{array}{}\begin{array}{c}{v}_{\mathrm{id}}^{r+1}={\mathrm{\&omega;v}}_{\mathrm{id}}^r+c_1{\mathrm{\&gamma;}}_1^r(p_{\mathrm{ld}}^r-t_{\mathrm{hid}}^r)\\ +c_2{\mathrm{\&gamma;}}_2^r(p_{\mathrm{gd}}^r-t_{\mathrm{hid}}^r)\end{array}\end{array}$

$t_{\mathrm{hid}}^{r+1}=t_{\mathrm{hid}}^r+v_{\mathrm{id}}^{r+1}$

Wherein, v _idfor storehouse institute p _ithe regulating the speed of the d time iteration, t _hidfor storehouse institute p _ithe consumed resource of the d time iteration, p _ld, p _gdrepresent the history optimal value of each particle and the optimal value of all particles respectively; ω represents the coefficient keeping original speed; c ₁, c ₂particle tracking oneself history optimal value and tracking colony optimal value respectively; γ ₁, γ ₂it is [0,1] interval interior equally distributed random number; R is adjustment number of times;

S35, judgement be, then d ₁=d ₁+ 1, return step S33, if then perform step S34;

S36, adjustment terminate, become for the first time consumed resource vector into then consumed resource parameter is

4. method according to claim 3, is characterized in that, described step S3 also comprises:

S37, setting second iteration number of times d ₂, secondary permissible error ε is set ₂, initial resource consumption vector is t _h02;

S38, calculating confidence level error vector: $E\left(t_{{\mathrm{hd}}_2}\right)|=\frac{1}{2}\underset{z=1}{\overset{g}{\mathrm{\&Sigma;}}}\underset{i=1}{\overset{b}{\mathrm{\&Sigma;}}}{({\mathrm{\&theta;}}_i^z-{\left({\mathrm{\&theta;}}_i^z\right)}^l)}^2;$

S39, judgement if so, then perform step S6, otherwise perform next step;

S310, utilize modified particle swarm optiziation to adjust consumed resource, the adjustment equation of described modified particle swarm optiziation is:

$\begin{array}{c}\begin{array}{c}{t}_{\mathrm{hid}}^{r+1}={\mathrm{\&omega;v}}_{\mathrm{id}}^r+c_1{\mathrm{\&gamma;}}_1^r(p_{\mathrm{ld}}^r-t_{\mathrm{hid}}^r)\\ +c_2{\mathrm{\&gamma;}}_2^r(p_{\mathrm{gd}}^r-t_{\mathrm{hid}}^r)\end{array},\end{array}$

$t_{\mathrm{hid}}^{r+1}=t_{\mathrm{hid}}^r+v_{\mathrm{id}}^{r+1}$

Wherein, ps is weighted total least squares weight;

S311, judgement be, then d ₂=d ₂+ 1, return step S38, if then perform step S310;

S312, adjustment terminate, and obtaining consumed resource vector is consumed resource parameter is $T_{h2}=t_{{\mathrm{hd}}_{02}}.$

5. method according to claim 4, is characterized in that, the computational process of described ps value is:

According to the membership function of the consumed resource of particle, choose fitness transforming function transformation function:

$\mathrm{FS}\left(f\left(x\right)\right)=\frac{a}{a+f\left(x\right)-\mathrm{GM}},$

Wherein, GM is the extreme value of particle consumed resource membership function f (x) estimated, a is the normal number of reflection change of scale, and f (x) is the weighting function value of particle x;

Normalizing is carried out to the adaptive value of particle, obtains the influence degree of each particle:

$\mathrm{SI}\left(j\right)=\frac{\mathrm{FS}\left(f\left(x_j\right)\right)}{\underset{j=1}{\overset{\mathrm{gd}}{\mathrm{\&Sigma;}}}\mathrm{FS}\left(f\left(x_j\right)\right)};$

The influence degree of comprehensive each particle, considers the currency p of preferably particle in standard particle algorithm with weighted total least squares weight ps _gd:

$\mathrm{ps}=\underset{i=1}{\overset{\mathrm{gd}}{\mathrm{\&Sigma;}}}\mathrm{SI}\left(j\right)\&times;x_j.$

6. a dynamic network attack process reliability analysis system, is characterized in that, described system comprises:

Unit set up by Petri network model, for setting up network attack process petri pessimistic concurrency control;

Confidence level computing unit, for exciting transition by transition firing rules, calculates the confidence level of conclusion proposition;

Consumed resource adjustment unit, adopts particle algorithm to adjust for the confidence level according to described conclusion proposition to the consumed resource of network attack process petri pessimistic concurrency control;

Fail-safe analysis unit, system instantaneous state reliability when occurring for attacking according to described consumed resource assessment.