A Network Vulnerability Assessment Method Based on Attack Graph

In order to solve the problem that the current network vulnerability assessment is separated from the essence of network defense, a network vulnerability assessment method based on attack graph is proposed. The method utilizes the attack graph to model the network vulnerabilities, defines the network value and threat value and links network vulnerability assessments to network threat values. Furthermore, the threat degree of network vulnerability is indirectly reflected by evaluating the change of the target network value and threat value under different vulnerability conditions. The experimental results show that the proposed method can effectively assess network vulnerability and provide important decisions for network security defense. In addition, the method can assess the threat coming from internal attackers and can assess combined vulnerability threats.