Graph-Based Real-Time Security Threats Awareness and Analysis in Enterprise LAN

Abstract

In order to dynamically and accurately recognize real-time networksecurity situation in an enterprise LAN, an awareness and analysismethod for network threats is proposed. The method recognizes currentreal-time threats and predicts subsequent threats by modeling attackscenario and simulating intrusion state transferring. The threatawareness model is constructed with Expanded Finite-State Automata,which is defined as Attack State Transition Graph and Real-Time AttackState Graph. The former visually describes all possible intruding pathsand state transitions, and the latter illustrates really happeningthreats and real-time state transition. Then threat awareness algorithmis presented, of which various kinds of invalid threats are filtered,and current valid threats are obtained by correlating dynamic alarmswith static attack scenario. Further, combining ASTG with RASG,subsequent threat and possible threat path is identified, which providesa useful evidence and guidance for intrusion response and securitydecision. Finally the results of experiment in a simulated networkverify validity of the method.