Network Threat Identification and Analysis Based on a State Transition Graph

With the rapid popularity of Internet and information technology, local area network is becoming insecure. Along with the improving advantages, security threats are emerging continually and bringing great pressure and challenges. An identification and analysis method for network real-time threats is proposed to accurately assess and master the current network security situation, and thereby preferably guide a dynamic defense. This method recognizes the current threats and predicts the subsequent threats by modeling attack scenarios and simulating attack state transferring. The threat identification model is called Attack State Transition Graph and Real-Time Attack State Graph, which is constructed by an Expanded Finite-State Automata. Based on the former possible threat paths, the state transitions can be illustrated and based on the latter, actually successful threats and threat paths are described. Then a threat identification algorithm is presented based on the above model. With this algorithm, various invalid threats are filtered; current valid threats are obtained by correlating the dynamic alarms with a static attack scenario. Further on, combining the Attack State Transition Graph with a Real-Time Attack State Graph, a possible next threat and a threat path can be identified and an attack target can also be predicted. Finally, the simulated results in an experimental network verify the feasibility and validity of the model and algorithm. This method provides a novel solution to evaluate and analyze the network security situation.