Heuristic Network Security Risk Assessment Based on Attack Graph

With the development of attack technology, attackers prefer to exploit multiple vulnerabilities with a combination of several attacks instead of simply using violent cracking and botnets. In addition, enterprises tend to adopt microservices architectures and multi-cloud environments to obtain high efficiency, high reliability and high scalability. It makes modeling attack scenarios and mapping the actions of potential adversaries an urgent and difficult task. There have been many improvements that can automatically generate attack graphs for complex networks. However, extracting enough effective information from such complex attack graphs is still a problem to be solved. Traditional algorithms can’t always accomplish this task because of variable and complex attack graph inputs. In contrast, heuristic algorithms have the advantages of adaptability, self-learning ability, robustness and high efficiency. In this paper, we present heuristic algorithms to complete the analysis of attack graphs, including fusion algorithm of particle swarm optimization (PSO) algorithm and grey wolf optimization (GWO) algorithm for finding the spanning arborescence of maximum weight and improved genetic simulated annealing (GA-SA) algorithm for finding attack path with the biggest risk. Also, we present a method for node importance evaluation based on the interpretive structural modeling (ISM) method. We test our methods on a multi-cloud enterprise network, and the result shows that our methods perform well.