Critical Vulnerable Nodes Discovery Based on Bayesian Attack Subgraphs and Double Thresholds

In the large-scale network environment, there are still problems that the factors considered are not comprehensive enough and the results are not accurate enough when searching for critical vulnerabilities. To improve the accuracy and comprehensiveness of critical vulnerable node discovery and optimize the storage space of the attack graph, this paper proposes a method of critical vulnerable node discovery based on Bayesian attack subgraphs and double thresholds. Firstly, the network is divided into multiple sub-networks by the community division algorithm. The vulnerability nodes are constructed according to the host vulnerabilities, and the Bayesian attack subgraph is constructed by quantifying the vulnerability nodes. Then, the attack paths inside the Bayesian attack subgraphs are searched and the attack probability of attack paths is calculated. Next, the attack path information in each Bayesian attack subgraph is integrated to calculate the complete path attack probability. Finally, the double thresholds are set based on the complete attack path information to realize the discovery of critical vulnerable nodes. Experiments show that the proposed method can search for the critical vulnerable nodes more accurately and optimize the storage space of the attack graph.