Network Security Situation Assessment Methods and Tactics Based on Multivariate Spatiotemporal Attack Graph Model

In view of the characteristics of large-scale, coordinated and multi-stage network attacks, a network security situation assessment method based on attack Graph model was proposed. Firstly, the network attack behavior characteristics are constructed by integrating the spatio-temporal characteristics of attack events and multi-source alarm data. Secondly, attack nodes are mapped based on alarm information to associate multi-step attack paths. Thirdly, on the basis of constructing the attack Graph, the transfer probability table of attack nodes is constructed combining with the transfer sequence, and the transfer probability is introduced into the attack graph to infer the attack intention of the attacker. Finally, according to the maximum possible attack path, the security situation of attack nodes with high probability is evaluated, and the security situation of potential attack nodes after network attack is scientifically quantified, providing theoretical support and scientific basis for network security management personnel to do a good job of protection in advance.