Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13–14, 2019, Proceedings

Research Article

Network Risk Assessment Based on Improved MulVAL Framework and HMM

  • @INPROCEEDINGS{10.1007/978-3-030-21373-2_22,
        author={Chundong Wang and Kongbo Li and Yunkun Tian and Xiaonan He},
        title={Network Risk Assessment Based on Improved MulVAL Framework and HMM},
        proceedings={Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13--14, 2019, Proceedings},
        proceedings_a={SPNCE},
        year={2019},
        month={6},
        keywords={Network security assessment HMM MulVAL Attack graph},
        doi={10.1007/978-3-030-21373-2_22}
    }
    
  • Chundong Wang
    Kongbo Li
    Yunkun Tian
    Xiaonan He
    Year: 2019
    Network Risk Assessment Based on Improved MulVAL Framework and HMM
    SPNCE
    Springer
    DOI: 10.1007/978-3-030-21373-2_22
Chundong Wang, Kongbo Li,*, Yunkun Tian1, Xiaonan He1
  • 1: Tianjin E-Hualu Information Technology Co., Ltd.
*Contact email: vincy3319833@163.com

Abstract

With the increasingly extensive applications of the network, the security of internal network of enterprises is facing more and more threats from the outside world, which implies the importance to master the network risk assessment skills. In the big data era, there are various security protection techniques and different types of group data. Meanwhile, Online Social Networks (OSNs) and Social Internet of Things (SIoT) are becoming popular patterns of meeting people and keeping in touch with friends [2, 5]. However, risk assessment, as a bridge between security experts and network administrators, to some extent, whose accuracy can influence the judgment of administrators to the entire network state. In order to solve this problem, this essay proposes the improved MulVAL framework to optimize the risk assessment process by establishing the HMM model and the Bayesian model, which can improve the accuracy of the evaluation value. Firstly, behavior of the attacker is described in-depth by the attack graph generated through MulVAL. Then, with the quantitative evaluation conducted by the Common Vulnerability Scoring System, the nodes on the attack path can will be evaluated and the value will be further evaluated by the Bayesian model. Finally, by establishing the hidden Markov model, the corresponding parameters can be defined and the most likely probabilistic state transition sequence can be calculated by using the Viterbi algorithm to deduce the attack intent with the highest possibility.