A Network Security Prediction Method Based on Attack Defense Tree

Abstract

Modern networks are vulnerable to coordinated assaults. To perform threat analysis on individual and combined attack behaviors, it is essential to establish a security situation analysis model based on offensive and defensive decisions. The standard attack tree model used in this study ignores the impact of defenses, and the defensive tree model is not well scalable. Game theory is introduced into the attack tree model to describe specific network attack and defense event scenarios. First, analyze the logical relationship of different levels of attack behaviors in the network, integrate the offensive and defensive trees corresponding to different levels of attack events, to obtain a complete network offensive and defensive behavior tree, and then build a network offensive and defensive behavior tree model. Second, the basic offensive and defensive behavior tree extends from network offensive and defensive behavior, network detection equipment, and network defense measures. Propose an algorithm for the success rate of the attack target and calculate its attack probability. Based on these findings, we assess the potential for an attack and investigate the current state of network defenses. An offensive and defensive behavior tree model based on the BGP (Border Gateway protoc01) attack tree was developed in order to test the viability and efficacy of the network offensive and defensive behavior tree model. The network attack and defensive behavior tree model brought out in this study is capable of performing a wide range of calculations. The effect of defensive measures, as well as the ability to add and delete offensive and defensive behaviors at any node, has strong scalability and can provide a scientific basis for decision-making for network managers and operators.