Computer Science

Computer Science ›› 2026, Vol. 53 ›› Issue (5): 435-445.doi: 10.11896/jsjkx.250300130

• Information Security • Previous Articles     Next Articles

Technologies for Evaluating Defense Effectiveness of Endogenous Security Information Systems Based onAttack Graphs

CUI Tao1, SHEN Junxia1, CHEN Lin1, ZHANG Yuntao2, CHEN Monan2   

  1. 1 China Academy of Information and Communications Technology, Beijing 100191, China
    2 School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2025-03-24 Revised:2025-06-26 Published:2026-05-08
  • About author:CUI Tao,born in 1984,postgraduate,senior engineer,is a member of CCF(No.U3123M).His main research interest is network security.
    ZHANG Yuntao,born in 1993,Ph.D.His main research interests include software security and blockchain security,and so on.
  • Supported by:
    National Key Research and Development Program of China(2022YFB3102800).

PDF (PC)

204

Abstract: With the increasing complexity and diversity of cybersecurity threats,traditional defense techniques are struggling to cope with evolving attack methods.Endogenous security technologies,especially those based on metamorphic defense,exhibit strong defense capabilities due to their dynamic adaptability,heterogeneity,and redundancy.This paper proposes an evaluation method for the defense effectiveness of endogenous security technologies based on attack graph modeling.By constructing network attack path models,the method quantifies the defense effects of endogenous security technologies in various attack scena-rios.Firstly,attack graph modeling is employed to describe network node vulnerabilities,attack paths,and their evolution,enabling the quantitative analysis of attacker behavior.Next,the impact of endogenous security technologies on attack paths is examined,with pre-implementation and post-implementation comparisons to assess defense effectiveness.The paper establishes a hierarchical security measurement framework,assessing the defense capabilities of inherent security technologies in terms of static defense at the node level,dynamic defense at the attack path level,and resilience recovery at the system level.Finally,simulation experiments demonstrate the effectiveness of the proposed evaluation method,providing a scientific basis for the quantitative evaluation of endogenous security technologies.

Key words: Endogenous security, Metamorphic defense, Attack graph, Defense effectiveness evaluation, Security measurement

CLC Number: 

  • TP393
[1]HE Z L,YU G Q.The Response Path for Ransomware Gover-nance in China[J].China Information Security,2024(8):23-27.
[2]WANG H Z,LIU J W.Research Status and Key Technologies of Network Endogenous Security[J].ZTE Technology Journal,2022,28(6):2-11.
[3]WU J X,ZOU H,ZHANG F,et al.Research on Several Issues of Digital Sovereignty and National Security[J].National Security Research,2023,(3):74-90,161.
[4]WU J X,ZOU H.Cultivating and Developing New Quality Security Capabilities:Building Highly Trusted and Reliable Data Infrastructure[J].China Network Information,2024(7):31-35.
[5]WU J X,ZOU H,XUE X Y.Cyber Resilience Enabled by Endogenous Security and Safety:Vision,Techniques,and Strategies[J].Strategic Study of CAE,2023,25(6):106-115.
[6]WU J X.Research on cyber mimic defense[J].Journal of Cyber Security,2016,1(4):1-10.
[7]WU J X.An introduction to principles of mimic defense in cyber-space(Part 2)[J].Civil-Military Integration on Cyberspace,2017(2):43-47.
[8]SHANG X,LIU X Y,FENG Z H,et al.Research on Endogenous Security Technology of IaaS Cloud Platform[J].Information Security and Communications Privacy,2021(7):85-94.
[9]REN Q.The Research of Endogenous Security Control Struc-ture and Key Technologies for Software-Defined Networking[D].Zhengzhou:Information Engineering University,2022.
[10]FENG F.Research of Modeling for Mimic Defense and Mimic Defense Organization Structure in Application Layer Contain Method of Evaluating Security Level[D].Zhengzhou:Zhengzhou University,2019.
[11]LI J J.Research on evaluation method and technology of mimic security information system[J].Information Technology and Network Security,2019,38(4):33-36.
[12]YE Z W,GUO Y B,WANG C D,et al.Survey on application of attack graph technology[J].Journal on Communications,2017,38(11):121-132.
[13]HAN L,MEI Q,LU Y M,et al.Analysis and Study on AHP-Fuzzy Comprehensive Evaluation[J].China Safety Science Journal,2004,14(7):86-89.
[14]YANG X,LI H,WU J X,et al.Two-Dimensional Mimic Security Evaluation Model Integrating Generalized Stochastic Petri Nets[J].Science China Information Sciences,2020,50(12):1944-1960.
[15]MA H L,REN Q,YI P.Research on Modeling and Quantitative Evaluation Technology of Cyber Mimic Defense[J].ZTE Communications Technology,2022,28(6):57-62.
[16]HU H C,CHEN F C,WANG Z P.Discussion on Several Issues and Performance Evaluation of the DHR Model for Mimic Defense[J].Journal of Information Security,2016,1(4):40-51.
[17]DONG H,SHI Y,CHEN L.Research for cloud service platform safety metric index system based on endogenoussecurity[J].Information and Communications Technology and Policy,2023,49(2):75-81.
[18]DING S H,QI N,GUO Y W.Evaluation of mimic defense stra-tegybased on M-FlipIt game model[J].Journal on Communications,2020,41(7):186-194.
[19]DING S H.Research on Mimic Defense Mechanismand KeyTechnologies in InformationCommunication Networks[D].Zhengzhou:Information Engineering University,2020.
[20]OU Y S,HU W Y.Research and Application of Several Classical Search Algorithms[J].Computer Systems & Applications,2011,20(5):243-247.
[21]QIN Y Y,ZHU G Y,TIAN X N,et al.Research on Industrial Control Vulnerability Discovery and Analysis System Based on CVE Vulnerability Database[J].Information and Communications Technologies,2017,11(3):54-59.
[22]ZHANG B Y,WANG M.Research on Quantization Method of Network Attack and Defense Based on CVSS Vulnerability Score[J].Journal of Ordnance Equipment Engineering,2018,39(4):147-150.
[1] ZHOU Deqiang, JI Xinsheng, YOU Wei, QIU Hang , YANG Jie. Attack Graph-assisted Deep Reinforcement Learning-based Service Function Chain AttackRecovery Method [J]. Computer Science, 2026, 53(1): 371-381.
[2] LI Panpan, WU Hao, LIU Jiajia, DUAN Li, LU Yunlong. Overview of Security Technologies and Strategies for Intelligent Railway 5G [J]. Computer Science, 2024, 51(5): 1-11.
[3] WANG Yan, WANG Tianjing, SHEN Hang, BAI Guangwei. Optimal Penetration Path Generation Based on Maximum Entropy Reinforcement Learning [J]. Computer Science, 2024, 51(3): 360-367.
[4] ZENG Kunlun, ZHANG Ni, LI Weihao, QIN Yuanyuan. Network Asset Security Assessment Model Based on Bayesian Attack Graph [J]. Computer Science, 2023, 50(12): 349-358.
[5] LI Jia-rui, LING Xiao-bo, LI Chen-xi, LI Zi-mu, YANG Jia-hai, ZHANG Lei, WU Cheng-nan. Dynamic Network Security Analysis Based on Bayesian Attack Graphs [J]. Computer Science, 2022, 49(3): 62-69.
[6] YANG Ping, SHU Hui, KANG Fei, BU Wen-juan, HUANG Yu-yao. Generating Malicious Code Attack Graph Using Semantic Analysis [J]. Computer Science, 2021, 48(6A): 448-458.
[7] ZHANG Kai, LIU Jing-ju. Attack Path Analysis Method Based on Absorbing Markov Chain [J]. Computer Science, 2021, 48(5): 294-300.
[8] YE Zi-wei, GUO Yuan-bo, LI Tao, JU An-kang. Extended Attack Graph Generation Method Based on Knowledge Graph [J]. Computer Science, 2019, 46(12): 165-173.
[9] XU Bing-feng, HE Gao-feng. Penetration Testing Method for Cyber-Physical System Based on Attack Graph [J]. Computer Science, 2018, 45(11): 143-148.
[10] ZENG Sai-wen, WEN Zhong-hua, DAI Liang-wei and YUAN Run. Analysis of Network Security Based on Uncertain Attack Graph Path [J]. Computer Science, 2017, 44(Z6): 351-355.
[11] ZHANG Jian,WANG Jin-dong,ZHANG Heng-wei and WANG Na. Network Risk Analysis Method Based on Node-Game Vulnerability Attack Graph [J]. Computer Science, 2014, 41(9): 169-173.
[12] JIAO Jian and CHEN Xin. Analysis for Network Security by Stochastic Petri-net [J]. Computer Science, 2014, 41(7): 119-121.
[13] LIAN Li-quan,PENG Wu and WANG Dong-hai. Method of Network Security Dynamic Assessment Based on Attack-defense Confrontation [J]. Computer Science, 2013, 40(Z11): 214-218.
[14] MA Yan-tu and WANG Lian-guo. Attack Graph Construction Method Based on Intelligent State Transition and Permission Improvement [J]. Computer Science, 2013, 40(9): 156-158.
[15] LI Qing-peng,WANG Bu-hong,WANG Xiao-dong and ZHANG Chun-ming. Approach on Network Security Enhancement Strategies Based on Optimal Attack Path [J]. Computer Science, 2013, 40(4): 152-154.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.