Maximum attack path generation method and device based on attack tree and time sequence diagram clustering

• Main Authors: LI NIGE, ZHANG TAO, LU ZI'ANG, LI YONG, FANG WENGAO, WANG SHENG, CHEN LU, MA YUANYUAN, ZHOU QIHANG, CHEN MU, DAI ZAOJIAN, WANG TENGYAN
• Format: Patent
• Language: Chinese; English
• Published: 15.03.2024
• Subjects: CALCULATING; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS; COMPUTING; COUNTING; ELECTRIC COMMUNICATION TECHNIQUE; ELECTRIC DIGITAL DATA PROCESSING; ELECTRICITY; PHYSICS; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The invention relates to the technical field of network security, and discloses a maximum attack path generation method and device based on an attack tree and time sequence diagram clustering, and the method comprises the steps: obtaining a mapping table of atomic attack behaviors and vulnerabilities, atomic attack nodes, and a prerequisite set and a subsequent operation set corresponding to the atomic attack nodes; generating a resource-oriented attack tree according to the atomic attack nodes and the precondition set and the subsequent operation set corresponding to the atomic attack nodes; determining the attack probability of a root node in the resource-oriented attack tree according to the mapping table and a preset attack success probability calculation formula; converting the resource-oriented attack tree into an attack sequence diagram according to the mapping table and the attack probability of the root node; and clustering the attack sequence diagrams by using a self-encoder and a self-organizing ma