CN114363095A - System vulnerability analysis method, system and medium based on petri net - Google Patents

System vulnerability analysis method, system and medium based on petri net Download PDF

Info

Publication number
CN114363095A
CN114363095A CN202210270176.3A CN202210270176A CN114363095A CN 114363095 A CN114363095 A CN 114363095A CN 202210270176 A CN202210270176 A CN 202210270176A CN 114363095 A CN114363095 A CN 114363095A
Authority
CN
China
Prior art keywords
probability
node
attack
series
parallel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210270176.3A
Other languages
Chinese (zh)
Other versions
CN114363095B (en
Inventor
戚建淮
杜玲禧
周杰
宋晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Y&D Electronics Information Co Ltd
Original Assignee
Shenzhen Y&D Electronics Information Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Y&D Electronics Information Co Ltd filed Critical Shenzhen Y&D Electronics Information Co Ltd
Priority to CN202210270176.3A priority Critical patent/CN114363095B/en
Publication of CN114363095A publication Critical patent/CN114363095A/en
Application granted granted Critical
Publication of CN114363095B publication Critical patent/CN114363095B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/18Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computational Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • Probability & Statistics with Applications (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Operations Research (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a petri net-based system vulnerability analysis method, a petri net-based system and a computer-readable storage medium. The method comprises the steps of simulating an infection process from an initial node to a target node based on an attack sequence of series connection, parallel connection and series-parallel connection mixing to construct a Petri net infection model; calculating the probability that the target node is successfully attacked in different states based on the Petri network infection model and different infection probabilities and repair probabilities; and adjusting the network structure based on the probability that the target node is successfully attacked in the different states. The invention utilizes the petri net to model the dynamic flow of the attack behavior of the network node, and can dynamically depict the state of each node of the network; the security analysis is carried out aiming at the connection condition of network nodes of different systems, and the influence on the vulnerability of the system is obtained according to different attack probabilities and repair probabilities; the network architecture can thus be tailored to enhance protection and improve system security.

Description

System vulnerability analysis method, system and medium based on petri net
Technical Field
The invention relates to the field of network security, in particular to a petri net-based system vulnerability analysis method, a petri net-based system vulnerability analysis system and a computer-readable storage medium.
Background
The safety evaluation is an important basis of system network safety, the attack process is modeled based on the petri net, network attack behaviors can be well described, and the petri net is constructed according to three network node connection modes. And solving the probability that the final node is successfully attacked according to the attacked probability and the gray level probability of each node. And the probability that the final target node is successfully attacked is used for describing the vulnerability of the network. However, in the prior art, most of modeling methods related to network security are event-based, and data flow analysis of system states is lacked. And the traditional detection methods are static passive, so that potential threats cannot be found in time, and the network structure cannot be adjusted and enhanced in time.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a petri net based system vulnerability analysis method, system and computer readable storage medium, aiming at the above defects in the prior art, and by simulating the attack and recovery process, the probability of successful attack on the target node is calculated, so that the potential threat can be found in time, and the network structure can be adjusted and the protection capability can be enhanced according to the protection requirement.
The technical scheme adopted by the invention for solving the technical problems is as follows: a system vulnerability analysis method based on a petri net is constructed, and the method comprises the following steps:
s1, simulating the infection process from the initial node to the target node based on the attack sequence of series connection, parallel connection and series-parallel connection mixture to construct a Petri net infection model;
s2, calculating the probability that the target node is successfully attacked in different states based on the Petri net infection model and different infection probabilities and repair probabilities;
and S3, adjusting the network structure based on the probability of successful attack of the target node under different states.
In the petri net-based system vulnerability analysis method of the present invention, the step S1 includes the following steps:
s11, simulating the infection process from the initial node to the target node based on the serial sequence to construct a Petri net serial infection model;
s12, simulating the infection process from the initial node to the target node based on the parallel sequence to construct a Petri network parallel infection model;
s13, simulating the infection process from the initial node to the target node based on the series-parallel mixed sequence to construct a Petri net series-parallel mixed infection model.
In the petri net-based system vulnerability analysis method of the present invention, the step S2 includes the following steps:
s21, obtaining a series state transition diagram, a parallel state transition diagram and a series-parallel mixed state transition diagram respectively based on the Petri net series infection model, the Petri net parallel infection model and the Petri net series-parallel mixed infection model;
and S22, calculating the probability that the target node is successfully attacked in different states based on the series state transition diagram, the parallel state transition diagram, the series-parallel mixed state transition diagram, the multiple evaluation attack probabilities and the multiple evaluation recovery probabilities.
In the petri net-based system vulnerability analysis method of the present invention, the step S22 includes the following steps:
s221, calculating the attack probability and the recovery probability of each node based on the evaluation attack probability and the evaluation recovery probability given to each node by m experts, wherein m is a positive integer;
s222, respectively calculating the probability that the target node is successfully attacked in the serial state, the probability that the target node is successfully attacked in the parallel state and the probability that the target node is successfully attacked in the serial and parallel mixed state based on the serial state transition diagram, the parallel state transition diagram, the serial and parallel mixed state transition diagram and the attack probability and recovery probability of each node;
and S223, assuming that the attack probability and the recovery probability of each node are the same, and under the condition of supposing that the number of the same nodes is the same, the probability that the target node is successfully attacked in the serial state is the lowest.
In the method for analyzing vulnerability of a petri net-based system, the step S221 further includes the following steps:
s2211, constructing a probability matrix based on the evaluation attack probability and the evaluation recovery probability given by m experts to each node:
Figure DEST_PATH_IMAGE001
wherein Z1 … Zm represents m experts, lambda1…λkRepresenting the probability of attack of k nodes, u1…ukDenotes the recovery probability of l nodes, Z λ11…1kExpress expert 1 vs. lambda1…λkEvaluation of the probability of attack, Zu11…Zu l1Representing expert 1 vs u1…u l Evaluation of attack probability, …, Z λm1…mkRepresenting expert m vs. lambda1…λkEvaluation of the probability of attack, Zum1… Zu lmRepresenting m pairs u of experts1…u l Evaluating the attack probability; wherein the evaluation attack probability and the evaluation recovery probability take values of [ 0-1%]To (c) to (d);
s2212, calculating attack probability of each node
Figure 854619DEST_PATH_IMAGE002
And probability of recovery
Figure DEST_PATH_IMAGE003
In the method for analyzing vulnerability of petri net-based system, the step S222 further includes the following steps:
s2221, based on the series state transition diagram and the attack probability and the recovery probability of each node, calculating the probability that the target node is successfully attacked in the series state
Figure 378004DEST_PATH_IMAGE004
Where n represents the number of nodes in series,
Figure DEST_PATH_IMAGE005
the probability of attack of each node is represented,
Figure 870165DEST_PATH_IMAGE006
representing a recovery probability for each node;
s2222, based on the parallel state transition graph and the attack probability and the recovery probability of each node, calculating the probability that the target node is successfully attacked in the parallel state
Figure DEST_PATH_IMAGE007
Where n denotes the number of branches in parallel, each branch having
Figure 846211DEST_PATH_IMAGE008
Each node having an attack probability of each intermediate node
Figure DEST_PATH_IMAGE009
The recovery probability is
Figure 449231DEST_PATH_IMAGE010
S2223, based on the series-parallel mixed state transition diagram and the attack probability and the recovery probability of each node, calculating the probability that the target node is successfully attacked in the series-parallel mixed state
Figure DEST_PATH_IMAGE011
(ii) a WhereinlRepresenting the number of nodes in series, each node in series having an attack probability of
Figure 155019DEST_PATH_IMAGE012
The recovery probability is
Figure DEST_PATH_IMAGE013
(ii) a n represents the number of branches in parallel, each branch having
Figure 552502DEST_PATH_IMAGE014
Each node having an attack probability of each intermediate node
Figure 281424DEST_PATH_IMAGE009
The recovery probability is
Figure 360238DEST_PATH_IMAGE010
In the method for analyzing vulnerability of petri net-based system, step S223 further includes:
s2231, assuming that attack probabilities of each node are the same and are respectively lambda, recovery probabilities are the same and are respectively u, and the number of nodes is the same, respectively calculating the probability that a target node is successfully attacked in a serial state, the probability that the target node is successfully attacked in a parallel state and the probability that the target node is successfully attacked in a serial-parallel mixed state as follows:
Figure DEST_PATH_IMAGE015
and S2232, judging that the number of the nodes is the same, and the probability that the target node is successfully attacked in the serial state is the lowest.
In the method for analyzing vulnerability of a petri net-based system, in step S3, when the number of nodes is the same, the network structure is adjusted based on the lowest probability that the target node is successfully attacked in the series state.
Another technical solution adopted by the present invention to solve the technical problem is to construct a petri net based system vulnerability analysis system, which includes a plurality of network nodes that communicate with each other to form a communication network, wherein the plurality of network nodes include a processor and a memory, and a computer-readable storage medium is stored in the memory, and when the computer-readable storage medium is executed by the processor, the petri net based system vulnerability analysis method is implemented.
In order to solve the technical problem, a computer-readable storage medium is constructed, and when the computer-readable storage medium is executed by a processor, the petri net-based system vulnerability analysis method is implemented.
By implementing the petri net-based system vulnerability analysis method, the petri net-based system vulnerability analysis system and the computer-readable storage medium, the dynamic process of the attack behavior of the network nodes is modeled by using the petri net, and the states of various nodes of the network can be dynamically described; the security analysis is carried out aiming at the connection condition of network nodes of different systems, and the influence on the vulnerability of the system is obtained according to different attack probabilities and repair probabilities. Therefore, the network structure can be adjusted in a targeted manner, the protection capability is enhanced, and finally the system safety is improved.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flow diagram of a preferred embodiment of the petri net based system vulnerability analysis method of the present invention;
FIGS. 2A-2C are schematic diagrams illustrating simulation of connection of an initial node A to a target node E based on a series order, a parallel order, and a mixed series-parallel order, respectively;
FIGS. 3A-3C show schematic diagrams of a Petri net series infection model, a Petri net parallel infection model, and a Petri net series parallel hybrid infection model, respectively;
fig. 4A-4C show a series state transition diagram, a parallel state transition diagram, and a series-parallel hybrid state transition diagram, respectively.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention relates to a petri net-based system vulnerability analysis method, which comprises the following steps: s1, simulating the infection process from the initial node to the target node based on the attack sequence of series connection, parallel connection and series-parallel connection mixture to construct a Petri net infection model; s2, calculating the probability that the target node is successfully attacked in different states based on the Petri net infection model and different infection probabilities and repair probabilities; and S3, adjusting the network structure based on the probability of successful attack of the target node under different states. The invention utilizes the petri net to model the dynamic flow of the attack behavior of the network node, and can dynamically depict the state of each node of the network; the security analysis is carried out aiming at the connection condition of network nodes of different systems, and the influence on the vulnerability of the system is obtained according to the different attack probabilities and the different repair probabilities, so that the network structure can be adjusted in a targeted manner, the protection capability is enhanced, and the system security is finally improved.
FIG. 1 is a flow diagram of a preferred embodiment of the petri net based system vulnerability analysis method of the present invention. As shown in fig. 1, in step S1, the infection process from the initial node to the target node is simulated based on the attack sequence of series connection, parallel connection and series-parallel connection mixture to construct a Petri net infection model.
Preferably, the step S1 further includes simulating the infection process from the initial node to the target node based on the tandem sequence to construct a Petri net tandem infection model; simulating an infection process from the initial node to the target node based on a parallel sequence to construct a Petri network parallel infection model; simulating the infection process from the initial node to the target node based on the series-parallel mixed sequence to construct a Petri net series-parallel mixed infection model.
Fig. 2A-2C show schematic diagrams simulating the connection of an initial node a to a target node E based on a series order, a parallel order, and a series-parallel hybrid order, respectively. Fig. 3A-3C show schematic diagrams of a Petri net series infection model, a Petri net parallel infection model, and a Petri net series-parallel hybrid infection model, respectively. The symbolic meanings in the Petri net tandem infection model shown in FIG. 3A are shown in the following Table 1:
TABLE 1
Figure 920533DEST_PATH_IMAGE016
The symbolic meanings in the Petri net parallel infection model shown in fig. 3B are shown in table 2 below:
TABLE 2
Figure DEST_PATH_IMAGE017
The symbolic meanings in the Petri net series-parallel mixed infection model shown in FIG. 3C are shown in the following table 3:
TABLE 3
Figure 426600DEST_PATH_IMAGE018
In step S2, based on the Petri net infection model and the different infection probabilities and repair probabilities, the probability that the target node is successfully attacked in different states is calculated.
In a preferred embodiment of the present invention, the step S2 includes the steps of: s21, obtaining a series state transition diagram, a parallel state transition diagram and a series-parallel mixed state transition diagram respectively based on the Petri net series infection model, the Petri net parallel infection model and the Petri net series-parallel mixed infection model; and S22, calculating the probability that the target node is successfully attacked in different states based on the series state transition diagram, the parallel state transition diagram, the series-parallel mixed state transition diagram, the multiple evaluation attack probabilities and the multiple evaluation recovery probabilities.
Fig. 4A-4C show a series state transition diagram, a parallel state transition diagram, and a series-parallel hybrid state transition diagram, respectively. The symbols in FIGS. 4A-4C have the following meanings:
Figure 705135DEST_PATH_IMAGE019
indicating that no node of the system is attacked successfully;
Figure 587640DEST_PATH_IMAGE020
indicating that the node A is attacked successfully (attacked and not recovered);
Figure 940124DEST_PATH_IMAGE021
indicating that the node B was attacked successfully (attacked and not recovered);
Figure 944989DEST_PATH_IMAGE022
indicating that the C node is attacked successfully (attacked and not recovered);
Figure 382924DEST_PATH_IMAGE023
indicating that the D node is attacked successfully (attacked and not recovered);
Figure 803541DEST_PATH_IMAGE024
indicating that the E-node was attacked successfully (attacked and not recovered).
The step S22 preferably includes the steps of: s221, calculating the attack probability and the recovery probability of each node based on the evaluation attack probability and the evaluation recovery probability given to each node by m experts, wherein m is a positive integer; s222, respectively calculating the probability that the target node is successfully attacked in the serial state, the probability that the target node is successfully attacked in the parallel state and the probability that the target node is successfully attacked in the serial and parallel mixed state based on the serial state transition diagram, the parallel state transition diagram, the serial and parallel mixed state transition diagram and the attack probability and recovery probability of each node; and S223, assuming that the attack probability and the recovery probability of each node are the same, and under the condition of supposing that the number of the same nodes is the same, the probability that the target node is successfully attacked in the serial state is the lowest.
Further, the attack probability and recovery probability calculation step (i.e., step S221) for each node includes the following steps S2211 to S2212.
In step S2211, a probability matrix is constructed based on the estimated attack probability and the estimated recovery probability given to each node by the m experts:
Figure 338427DEST_PATH_IMAGE025
wherein Z1 … Zm represents m experts, lambda1…λkRepresenting the probability of attack of k nodes, u1…ukDenotes the recovery probability of l nodes, Z λ11…Zλ1kExpress expert 1 vs. lambda1…λkEvaluation of the probability of attack, Zu11…Zu l1Representing expert 1 vs u1…u l Evaluation of attack probability, …, Z λm1…ZλmkRepresenting expert m vs. lambda1…λkEvaluation of the probability of attack, Zum1…Zu lmRepresenting m pairs u of experts1…u l Evaluating the attack probability; wherein the evaluation attack probability and the evaluation recovery probability take values of [ 0-1%]In the meantime.
In step S2212, the attack probability of each node is calculated
Figure 186298DEST_PATH_IMAGE026
And probability of recovery
Figure 111528DEST_PATH_IMAGE027
Further, the attack probability and recovery probability calculation step (i.e., step S222) of the target node in each state includes the following steps S2221 to S2223.
In step S2221, the probability that the target node is successfully attacked in the series state is calculated based on the series state transition diagram and the attack probability and the recovery probability of each node
Figure 335836DEST_PATH_IMAGE028
Where n represents the number of nodes in series,
Figure 725229DEST_PATH_IMAGE029
the probability of attack of each node is represented,
Figure 9580DEST_PATH_IMAGE030
representing the probability of recovery for each node.
Taking nodes a-E as an example, the specific calculation process is as follows.
Probability P of each node being attacked in series1(A)…P1(E) The calculation is as follows:
Figure 422107DEST_PATH_IMAGE031
therefore, the probability of successful attack of the target node in the serial state can be calculated
Figure 246844DEST_PATH_IMAGE032
Where n represents the number of nodes in series,
Figure 428426DEST_PATH_IMAGE033
the probability of attack of each node is represented,
Figure 945995DEST_PATH_IMAGE034
representing the probability of recovery for each node.
In step S2222, the probability that the target node is successfully attacked in the parallel state is calculated based on the parallel state transition diagram and the attack probability and the recovery probability of each node
Figure 845818DEST_PATH_IMAGE035
Where n denotes the number of branches in parallel, each branch having
Figure 411929DEST_PATH_IMAGE036
Each node having an attack probability of each intermediate node
Figure 448018DEST_PATH_IMAGE009
The recovery probability is
Figure 136488DEST_PATH_IMAGE010
Taking nodes a-E as an example, the specific calculation process is as follows.
Probability P of each node being attacked in parallel1(A)…P1(E) The calculation is as follows:
Figure 523607DEST_PATH_IMAGE037
Figure 627829DEST_PATH_IMAGE038
therefore, the attack probability and the recovery probability of each node can be conjectured to calculate the probability that the target node is successfully attacked in the parallel state
Figure 846321DEST_PATH_IMAGE007
Where n denotes the number of branches in parallel, each branch having
Figure 643376DEST_PATH_IMAGE039
Each node having an attack probability of each intermediate node
Figure 252212DEST_PATH_IMAGE009
The recovery probability is
Figure 488021DEST_PATH_IMAGE010
In step S2223, the probability that the target node is successfully attacked in the series-parallel hybrid state is calculated based on the series-parallel hybrid state transition diagram and the attack probability and the recovery probability of each node
Figure 498702DEST_PATH_IMAGE040
(ii) a WhereinlRepresenting the number of nodes in series, each node in series having an attack probability of
Figure 466658DEST_PATH_IMAGE012
The recovery probability is
Figure 625107DEST_PATH_IMAGE013
(ii) a n represents the number of branches in parallel, each branch having
Figure 71132DEST_PATH_IMAGE036
Each node having an attack probability of each intermediate node
Figure 201899DEST_PATH_IMAGE009
The recovery probability is
Figure 340756DEST_PATH_IMAGE010
Taking nodes a-E as an example, the specific calculation process is as follows.
Figure 980642DEST_PATH_IMAGE041
The attack probability and the recovery probability of each node calculate the probability that the target node is successfully attacked in a series-parallel mixed state
Figure 230358DEST_PATH_IMAGE040
(ii) a WhereinlRepresenting the number of nodes in series, each node in series having an attack probability of
Figure 215631DEST_PATH_IMAGE012
The recovery probability is
Figure 587707DEST_PATH_IMAGE042
(ii) a n represents the number of branches in parallel, each branch having
Figure 658431DEST_PATH_IMAGE043
Each node having an attack probability of each intermediate node
Figure 711838DEST_PATH_IMAGE009
The recovery probability is
Figure 613934DEST_PATH_IMAGE010
Under the condition that the attack probability and the recovery probability of each node are the same and the number of the same nodes is presumed, the specific steps that the probability that the target node is successfully attacked in the serial state is the lowest are as follows.
Assuming that the attack probability of each node is the same and is λ, the recovery probability is the same and is u, and the number of nodes is the same, that is, the 5 nodes a-E respectively calculate the probability that the target node is successfully attacked in the serial state, the probability that the target node is successfully attacked in the parallel state, and the probability that the target node is successfully attacked in the mixed state of the serial and parallel states as follows:
Figure 94594DEST_PATH_IMAGE044
and when the number of the nodes is judged to be the same, the probability that the target node is successfully attacked is the lowest in the serial state.
Returning to fig. 1, in step S3, it is determined that the network configuration is adjusted based on the lowest probability that the target node is successfully attacked in the tandem state when the number of nodes is the same. Based on the conclusion, when the network is constructed, the serial network structure can be adopted as much as possible when the number of the nodes is the same. When the number of the nodes is different, the suitable series, parallel or series-parallel hybrid network structure can be selected by calculating the probability of successful attack of the target node based on the different states.
The invention utilizes the petri net to model the dynamic flow of the attack behavior of the network node, and can dynamically depict the state of each node of the network. The security analysis is carried out aiming at the connection condition of network nodes of different systems, and further, the influence on the vulnerability of the system is obtained according to different attack probabilities and repair probabilities. Therefore, the network structure can be adjusted in a targeted manner, the protection capability is enhanced, and finally the system security is improved.
A further preferred embodiment of the present invention also relates to a petri net based system vulnerability analysis system, comprising network nodes communicating with each other to form a communication network, wherein the plurality of network nodes comprise a processor and a memory, and a computer readable storage medium is stored in the memory, and when the computer readable storage medium is executed by the processor, the petri net based system vulnerability analysis method is implemented.
Further preferred embodiments of the present invention also relate to a computer-readable storage medium that, when executed by a processor, implements the petri net-based system vulnerability analysis method.
Accordingly, the present invention can be realized in hardware, software, or a combination of hardware and software. The present invention can be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods of the present invention is suited. A typical combination of hardware and software could be a general purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
The present invention may also be implemented by a computer program product, comprising all the features enabling the implementation of the methods of the invention, when loaded in a computer system. The computer program in this document refers to: any expression, in any programming language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to other languages, codes or symbols; b) reproduced in a different format.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A petri net-based system vulnerability analysis method is characterized by comprising the following steps:
s1, simulating the infection process from the initial node to the target node based on the attack sequence of series connection, parallel connection and series-parallel connection mixture to construct a Petri net infection model;
s2, calculating the probability that the target node is successfully attacked in different states based on the Petri net infection model and different infection probabilities and repair probabilities;
and S3, adjusting the network structure based on the probability of successful attack of the target node under different states.
2. The petri net based system vulnerability analysis method of claim 1, wherein the step S1 comprises the steps of:
s11, simulating the infection process from the initial node to the target node based on the serial sequence to construct a Petri net serial infection model;
s12, simulating the infection process from the initial node to the target node based on the parallel sequence to construct a Petri network parallel infection model;
s13, simulating the infection process from the initial node to the target node based on the series-parallel mixed sequence to construct a Petri net series-parallel mixed infection model.
3. The petri net based system vulnerability analysis method of claim 2, wherein the step S2 comprises the steps of:
s21, obtaining a series state transition diagram, a parallel state transition diagram and a series-parallel mixed state transition diagram respectively based on the Petri net series infection model, the Petri net parallel infection model and the Petri net series-parallel mixed infection model;
and S22, calculating the probability that the target node is successfully attacked in different states based on the series state transition diagram, the parallel state transition diagram, the series-parallel mixed state transition diagram, the multiple evaluation attack probabilities and the multiple evaluation recovery probabilities.
4. The petri net based system vulnerability analysis method of claim 3, wherein the step S22 comprises the steps of:
s221, calculating the attack probability and the recovery probability of each node based on the evaluation attack probability and the evaluation recovery probability given to each node by m experts, wherein m is a positive integer;
s222, respectively calculating the probability that the target node is successfully attacked in the serial state, the probability that the target node is successfully attacked in the parallel state and the probability that the target node is successfully attacked in the serial and parallel mixed state based on the serial state transition diagram, the parallel state transition diagram, the serial and parallel mixed state transition diagram and the attack probability and recovery probability of each node;
and S223, assuming that the attack probability and the recovery probability of each node are the same, and under the condition of supposing that the number of the same nodes is the same, the probability that the target node is successfully attacked in the serial state is the lowest.
5. The petri net based system vulnerability analysis method of claim 4, wherein the step S221 further comprises the steps of:
s2211, constructing a probability matrix based on the evaluation attack probability and the evaluation recovery probability given by m experts to each node:
Figure 94661DEST_PATH_IMAGE001
wherein Z1 … Zm represents m experts, lambda1…λkRepresenting the probability of attack of k nodes, u1…ukDenotes the recovery probability of l nodes, Z λ11…1kExpress expert 1 vs. lambda1…λkEvaluation of the probability of attack, Zu11…Zu l1Representing expert 1 vs u1…u l Evaluation of attack probability, …, Z λm1…mkRepresenting expert m vs. lambda1…λkEvaluation of the probability of attack, Zum1… Zu lmRepresenting m pairs u of experts1…u l Evaluating the attack probability; wherein the evaluation attack probability and the evaluation recovery probability take values of [ 0-1%]To (c) to (d);
s2212, calculating attack probability of each node
Figure 210384DEST_PATH_IMAGE002
And probability of recovery
Figure 50164DEST_PATH_IMAGE003
6. The petri net based system vulnerability analysis method of claim 5, wherein the step S222 further comprises the steps of:
s2221, based on the series state transition diagram and the attack probability and the recovery probability of each node, calculating the probability that the target node is successfully attacked in the series state
Figure 593141DEST_PATH_IMAGE004
Where n represents the number of nodes in series,
Figure 885582DEST_PATH_IMAGE005
the probability of attack of each node is represented,
Figure 742680DEST_PATH_IMAGE006
representing a recovery probability for each node;
s2222, based on the parallel state transition graph and the attack probability and the recovery probability of each node, calculating the probability that the target node is successfully attacked in the parallel state
Figure 436966DEST_PATH_IMAGE007
Where n denotes the number of branches in parallel, each branch having
Figure 150844DEST_PATH_IMAGE008
Each node having an attack probability of each intermediate node
Figure 196161DEST_PATH_IMAGE009
The recovery probability is
Figure 591370DEST_PATH_IMAGE010
S2223, based on the series-parallel mixed state transition diagram and the attack probability and the recovery probability of each node, calculating the probability that the target node is successfully attacked in the series-parallel mixed state
Figure 202480DEST_PATH_IMAGE011
(ii) a WhereinlRepresenting the number of nodes in series, each node in series having an attack probability of
Figure 290522DEST_PATH_IMAGE012
The recovery probability is
Figure 557555DEST_PATH_IMAGE013
(ii) a n represents the number of branches in parallel, each branch having
Figure 818772DEST_PATH_IMAGE014
Each node having an attack probability of each intermediate node
Figure 222071DEST_PATH_IMAGE009
The recovery probability is
Figure 481014DEST_PATH_IMAGE010
7. The petri net based system vulnerability analysis method of claim 6, wherein the step S223 further comprises:
s2231, assuming that attack probabilities of each node are the same and are respectively lambda, recovery probabilities are the same and are respectively u, and the number of nodes is the same, respectively calculating the probability that a target node is successfully attacked in a serial state, the probability that the target node is successfully attacked in a parallel state and the probability that the target node is successfully attacked in a serial-parallel mixed state as follows:
Figure 297661DEST_PATH_IMAGE015
and S2232, judging that the number of the nodes is the same, and the probability that the target node is successfully attacked in the serial state is the lowest.
8. The petri net based system vulnerability analysis method of claim 6, wherein in the step S3, the network structure is adjusted based on the lowest probability of successful attack of the target node in the series state when the number of nodes is the same.
9. A petri net based system vulnerability analysis system, comprising a plurality of network nodes communicating with each other to form a communication network, wherein the plurality of network nodes comprise a processor and a memory, and the memory stores a computer readable storage medium, and when the processor executes the computer readable storage medium, the petri net based system vulnerability analysis method according to any one of claims 1-8 is implemented.
10. A computer readable storage medium which, when executed by a processor, implements the petri net-based system vulnerability analysis method of any of claims 1-8.
CN202210270176.3A 2022-03-18 2022-03-18 System vulnerability analysis method, system and medium based on petri net Active CN114363095B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210270176.3A CN114363095B (en) 2022-03-18 2022-03-18 System vulnerability analysis method, system and medium based on petri net

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210270176.3A CN114363095B (en) 2022-03-18 2022-03-18 System vulnerability analysis method, system and medium based on petri net

Publications (2)

Publication Number Publication Date
CN114363095A true CN114363095A (en) 2022-04-15
CN114363095B CN114363095B (en) 2022-07-12

Family

ID=81094576

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210270176.3A Active CN114363095B (en) 2022-03-18 2022-03-18 System vulnerability analysis method, system and medium based on petri net

Country Status (1)

Country Link
CN (1) CN114363095B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413003A (en) * 2010-09-20 2012-04-11 中国科学院计算技术研究所 Method and system for detecting network security
CN106100877A (en) * 2016-06-02 2016-11-09 东南大学 A kind of power system reply network attack vulnerability assessment method
US20180032707A1 (en) * 2015-01-19 2018-02-01 Nec Corporation Authentication apparatus, method, system and program, and server apparatus
CN110971565A (en) * 2018-09-29 2020-04-07 全球能源互联网研究院有限公司 Source network load system vulnerability evaluation method and system based on malicious attack modeling
CN112688315A (en) * 2020-12-16 2021-04-20 国网辽宁省电力有限公司经济技术研究院 Attack and defense system and method based on electric vehicle power distribution network information physical system
CN113408114A (en) * 2021-06-04 2021-09-17 中国电力科学研究院有限公司 Method and system for evaluating vulnerability threat degree of power monitoring system equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413003A (en) * 2010-09-20 2012-04-11 中国科学院计算技术研究所 Method and system for detecting network security
US20180032707A1 (en) * 2015-01-19 2018-02-01 Nec Corporation Authentication apparatus, method, system and program, and server apparatus
CN106100877A (en) * 2016-06-02 2016-11-09 东南大学 A kind of power system reply network attack vulnerability assessment method
CN110971565A (en) * 2018-09-29 2020-04-07 全球能源互联网研究院有限公司 Source network load system vulnerability evaluation method and system based on malicious attack modeling
CN112688315A (en) * 2020-12-16 2021-04-20 国网辽宁省电力有限公司经济技术研究院 Attack and defense system and method based on electric vehicle power distribution network information physical system
CN113408114A (en) * 2021-06-04 2021-09-17 中国电力科学研究院有限公司 Method and system for evaluating vulnerability threat degree of power monitoring system equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
兰丽等: "基于随机Petri网的铁路时间同步网协议脆弱性分析", 《铁道学报》 *
李春亮等: "计算机网络攻防建模仿真研究综述", 《计算机仿真》 *

Also Published As

Publication number Publication date
CN114363095B (en) 2022-07-12

Similar Documents

Publication Publication Date Title
Moreno-Centeno et al. The implicit hitting set approach to solve combinatorial optimization problems with an application to multigenome alignment
CN109698823B (en) Network threat discovery method
Wierstra et al. Modeling systems with internal state using evolino
Blount et al. Adaptive rule-based malware detection employing learning classifier systems: a proof of concept
Fischer et al. Adversarial resilience learning-towards systemic vulnerability analysis for large and complex systems
Abd et al. Rao-SVM machine learning algorithm for intrusion detection system
CN111027697A (en) Genetic algorithm packaged feature selection power grid intrusion detection method
CN114844701A (en) Network intrusion intention analysis method based on Bayesian attack graph
CN114363095B (en) System vulnerability analysis method, system and medium based on petri net
WO2022124449A1 (en) Method for optimizing hyper parameter of lightweight artificial intelligence algorithm by using genetic algorithm
Jones et al. Comparison of ant colony optimisation and differential evolution
Herajy et al. An improved simulation of hybrid biological models with many stochastic events and quasi-disjoint subnets
CN115150152B (en) Network user actual authority quick reasoning method based on authority dependency graph reduction
Valencia Cabrera et al. Modeling logic gene networks by means of probabilistic dynamic P systems
CN107430506A (en) It was found that vector in repetition values multiple examples method and apparatus and the application to sequence
CN115169131A (en) Toughness-based combat system node protection method and device and electronic equipment
CN115454473A (en) Data processing method based on deep learning vulnerability decision and information security system
Vescan A metrics-based evolutionary approach for the component selection problem
Katagiri et al. Network Structure Oriented Evolutionary Model: Genetic Network Programming Its Comparison with Genetic Programming
CN104615484A (en) Adaptive sandbox creation method and adaptive sandbox creation system
CN106911462B (en) Wireless router password analysis method based on gene expression programming
Baten et al. Biological sequence data preprocessing for classification: A case study in splice site identification
CN114124726B (en) Data link vulnerability analysis method based on discrete event system paradigm
Liu et al. AAG: A Model for Attack Behavior Judgment in CTF-style Cyber Security Training
Ye et al. Genetic network programming with reconstructed individuals

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant