Key Node Identification Based on Vulnerability Life Cycle and the Importance of Network Topology

Introduction

With the highly complex nature of a network structure, the identification of key network nodes is an important method to analyze and master the complex network structure and function. The key nodes of the network refer to the nodes that play a decisive role in the structure and stability of the network. If a defender loses the authority of such nodes in the process of an attack and defense, it will lead to a rapid decline in network performance and even disrupt the connectivity of the entire network structure.

One of the important topics in network scientific research is how one can identify the influence of each node accurately and efficiently in a complex network. At present, network key node identification technology mainly refers to key node identification based on network topology and key node identification based on network node vulnerability.

However, the existing methods generally measure the influence of nodes from a single angle or a certain aspect, which is not comprehensive enough to consider all the problems. The traditional methods do not consider the aspect of attack and defense and ignore the impact of the network node's vulnerabilities in terms of network security and the difficulty of network attack and defense. Most of the key network nodes are identified by using static methods and the distribution law of the vulnerability utilization probability is not taken into consideration in the time dimension of vulnerability generation.

In order to provide a solution to the aforementioned problems, this paper studies the network key node identification method based on the vulnerability life cycle and the significance of the network topology. The network topology structure and the change of node vulnerability life cycle over time are comprehensively explained, thus dynamically reflect the changes of key network nodes in real-time.

The contributions of this paper are as follows:

• •

  The authors propose a formal description of network key nodes based on vulnerability life cycle.

• •

  The authors propose a calculation method of vulnerability life cycle risk value based on common vulnerability scoring system (CVSS) score.

• •

  The authors propose a method for identifying key network nodes based on the vulnerability life cycle and the importance of network topology.

• •

  The authors designed an example and perform a security analysis on a network abstract model, thereby proving rapid modeling, quantitative calculation, and the final key node identification of the target network.

The rest of this paper is structured as follows. The second section discusses the related work. The third section details the formal description of network key nodes based on the vulnerability life cycle. The fourth section calculates the vulnerability lifecycle risk based on CVSS score. The fifth section proposes the key node identification method based on the vulnerability life cycle and importance of network topology. The sixth section gives an example to illustrate the effectiveness of the method of identification of key network nodes. The seventh section gives a comparison of related work. Finally, the eighth section summarizes the paper and proposes future work.

Related Work

Although a lot of research has been conducted in the fields of vulnerability life cycle, key network nodes, and multi-attribute analysis, a systematic theoretical method has not yet been proposed to incorporate the vulnerability life cycle into the analysis of key network nodes.