Modern network is subjected to the risk of combined attack.Therefore,a security situation analysis model based on attack and defense behavior is necessary to be build for analyzing the threat of each independent and combined attack behaviors.Aiming at the problems that the defense factors is not taken into account by the traditional attack tree,the defense tree model lacks good scalability and external attacks were hard to be analyzed by fault tree model,in this paper,the game theory was introduced into attack tree model to describe the specific network attack incident scene.Firstly,logical relationship between different levels of aggressive behavior was analyzed.Offensive and defensive attack trees corresponding to different attack levels are then integrated,and the complete network attack behavior tree was lately obtained.Based on the above steps,an algorithm on the network threat offensive behavior tree was proposed.By finding aggression combinations,analyzing its attack probability,and assessing the threat of attack,the network security situation was analyzed.In order to verify the feasibility and effectiveness of the attack behavior tree model,it was built on the basis of BGP(border gateway protocol)attack tree.By calculating the probability,the probability ofPATH1 was largest.Meanwhile,the attack success rates of five attack paths were increased in the case of no defense measures.The probabilities ofPATH2 toPATH5 were increased significantly higher thanPATH1 which is consistent with facts.The experimental analysis showed that the model can calculate the effect of various defensive measures very well,which provides a theoretical basis of carrying out targeted network security defense.
