If the number of network hosts is n, with m different types of resources in each host, the computational complex of MNRG construction and update is shown in Table 1.
What's more, we define attack path based on MNRG, whose formal description is shown in Definition 3.
The change-point detection and the standardized measurement algorithm are shown in Algorithm 1, with the input being [MNRG.sub.t] and [MNRG.sub.t+1], which is the MNRG before and after one period of attack.
Input: [MNRG.sub.t](V, E): MNRG before attack intrusion [MNRG.sub.t+1] (V', E'): MNRG after attack intrusion Output: [Exploit.sub.+] [subset or equal to] (V' - V [intersection] V') new resource vulnerability added in [MNRG.sub.t+1] P([n.sub.cg]): probability of successfully intrusion after MTND implementation <V, E> [left arrow] MST ([G.sub.t]); // Apply minimum spanning tree algorithm (MST) to traverse MNRG.
On the one hand, the construction and update of MNRG follow the monotonic hypothesis, which is the basis for preventing state space explosion.
The resource vulnerabilities scanned by Nessus are shown in Table 4, by which the MNRG is constructed.