Research on network vulnerability assessment based on attack graph and security metrics

In recent years, the information security environment is undergoing great changes. On one hand, with the development of technology and the advancement of network integration, network involves in a larger and larger scale, and its structure is becoming more and more complex. On the other hand, the development of attack technology has also taken a qualitative leap. The ability of violent cracking and the scale of botnets are no longer the primary factors that determine the attack effect. On the contrary, attackers are more likely to adopt information-driven complex combination attacks with clear attack targets. These changes have brought great challenges to network security defense. Therefore, from the perspective of building a secure network environment, this paper studies network vulnerability assessment in the field of computer network security, and proposes a method of network vulnerability assessment based on attack graph and security metrics. This method models and constructs the attack graph for the possible network attack behaviors. Besides, taking it as the analysis model, the risk assessment technology is taken to determine the indicators and calculating methods of security metrics so as to realize the evaluation of network vulnerability. Finally, the discussion was conducted based on the results, and a follow-up study was suggested.