CN103095485A - Network risk assessment method based on combination of Bayesian algorithm and matrix method - Google Patents
Network risk assessment method based on combination of Bayesian algorithm and matrix method Download PDFInfo
- Publication number
- CN103095485A CN103095485A CN2012104184683A CN201210418468A CN103095485A CN 103095485 A CN103095485 A CN 103095485A CN 2012104184683 A CN2012104184683 A CN 2012104184683A CN 201210418468 A CN201210418468 A CN 201210418468A CN 103095485 A CN103095485 A CN 103095485A
- Authority
- CN
- China
- Prior art keywords
- risk
- network
- severity
- order
- assessment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Provided is a network risk assessment method based on the combination of a Bayesian algorithm and a matrix method. The network risk assessment method based on the combination of the Bayesian algorithm and the matrix method comprises the steps of researching network assets and assessing asset value, researching and collecting network threats, scanning system bugs and collecting system vulnerability, assessing occurrence frequency of threats, assessing severity of the vulnerability, combining the Bayesian conditional probability computational formula with the matrix algorithm, thus a factor for judging the severity of risk events is added, namely the probability of occurrence of the risk events brought by internal node relevance, the precision of assessment results of the risk assessment method is improved. When the network risk assessment method based on the combination of the Bayesian algorithm and the matrix method are used for analyzing risks in the network, the relevance of network nodes are taken into consideration, an adjacent deceive of the device is used, and then the conditional probability of risk events caused by attacks on the device serves as a factor of weighing for calculating the severity of the device risk, thus precision of analysis result is improved, and the actual guiding significance of method assessment results to network security protection is promoted.
Description
Technical field
The invention belongs to the network security assessment field, be based on bayesian algorithm and matrix method, carry out the method for Network Risk Assessment in conjunction with Network Node Correlation.
Background technology
Along with the develop rapidly of computer network, network security becomes the focus that people pay close attention to gradually.Aspect the testing evaluation model, foreign study is most widely used is risk evaluation model, mainly comprises the ALE risk evaluation model, OCTAVE relevant risk assessment models of American Bureau of Standards (ABS) issue etc.The model element of these risk evaluation models is taked information assets, security threat, fragility, security control measure substantially, uses above-mentioned factor to portray information approach, and the various risks assessment models has been used different factor compound mode and computational methods.Except risk evaluation model, also have the assessment models for different evaluation criteria exploitations, this class model is generally completed the accordance assessment of information approach fail safe and standard.
Aspect information approach safety test assessment technology, research and the application of risk assessment technology have mainly been carried out, formed a series of information approach security risk assessment achievements in research, also formed ripe information approach assessment tool method, for example Asset-1 assessment tool, the C﹠amp of NIST issue; The XACTA Web C﹠amp of the Ri skWatch risk assessment tool of the COBRA automated risk management instrument that A Systems Security Ltd releases, Ri skWatch company, XACTA company; A comprehensive assessment authentication means etc., the evaluation function that these products provide is main mainly with security risk assessment greatly, the many state government of the U.S. all have been equipped with the product of RiskWatch company, regularly carry out safety evaluation.
Along with risk assessment standard, model, algorithm constantly perfect, the enriching constantly of achievement in research, this field reaches its maturity.2007, country has released " information security technology information security risk evaluation standard ", define the assessment models of assets threat vulnerability in the risk assessment in standard, proposed general data acquisition foundation, and the order of severity of coming calculation risk by matrix algorithm.But this standard also has the following disadvantages in realization: 1, in standard, the collection of threat and fragility considers that mainly in network, single equipment exists fragility by extraneous prestige
The side of body utilizes, and forms risk case; And shortage is to the overall consideration of Network Node Correlation;
2, the algorithm in standard is mainly based on qualitative analysis and artificial judgment, lacks quantitatively, and formula calculates accurately, lacks the consideration for risk time probability of happening.
Summary of the invention
The object of the invention is exactly in order to address the above problem, and based on the assessment models of assets threat vulnerability, has proposed a kind of methods of risk assessment that Bayes's conditional probability computing formula is combined with matrix algorithm.
The present invention has mainly carried out the improvement of two aspects to former evaluating regulation:
1. considered in the risk assessment process due to the node relevance, with isolated weakness, fragility associates, more comprehensively the security risk of phase-split network.
2. when the calculation risk order of severity, Bayes's conditional probability computing formula is combined with matrix algorithm, increased the factor of the judgement risk case order of severity, the risk case probability of happening that namely brings due to the internal node relevance has improved the accuracy of methods of risk assessment assessment result.
For reaching aforementioned purpose, realize that concrete steps of the present invention are as follows:
Step 1: the investigation networked asset, appraise assets is worth;
Step 2: by questionnaire, the forms such as field investigation are collected Cyberthreat;
Step 3: by hole scanner scanning system leak, acquisition system fragility;
Step 4: assessment threatens occurrence frequency;
Step 5: the assessment fragility order of severity;
Step 6: according to assets value and the fragility order of severity, utilize the matrix algorithm computationally secure event order of severity;
Step 7: according to the security incident order of severity and threat occurrence frequency, utilize the matrix algorithm calculation risk order of severity;
Step 8: by Bayes's conditional probability computing formula, calculate because network node is related, cause the network equipment around node be utilized, cause this network equipment to be attacked, thereby bring the probability of risk.And divide one to five grade according to the probability size;
Step 9: the result of integrating step 7 and step 8, again utilize matrix algorithm, calculate the order of severity (considering that all mid-side nodes are related) of every risk case.
The present invention considers the relevance of network node in the phase-split network risk, this equipment neighbouring device is utilized and then this equipment is attacked the conditional probability of generation risk case as a factor that calculates this equipment Risk order of severity weighting; Thereby improved precision of analysis, promoted the actual directive significance of method assessment result for network safety prevention.
Description of drawings:
Accompanying drawing 1 is main flow chart of the present invention.
Accompanying drawing 2 is topology diagram
Embodiment
Below in conjunction with flow chart, preferred embodiment is described further:
Step 1: by the topological automatic discovering instrument, utilize snmp protocol, the automatic detection network equipment, build network topology. the essential information of collection network equipment, according to the equipment confidentiality that collects, integrality, availability are utilized matrix algorithm or geometrical mean algorithm evaluation apparatus value.
Step 2: set up and threaten knowledge base.Method is automatically set up according to knowledge base and is threatened the questionnaire collection network to threaten and threaten occurrence frequency.
Step 3: set up vulnerability knowledge base.Fragility mainly is divided into technology type fragility and administrative class fragility.Technology type fragility is mainly found and identification automatically by the vulnerability scanning scanning tools.Administrative class fragility is automatically set up the fragility questionnaire by knowledge base and is gathered fragility.
Step 4: threaten occurrence frequency to assess the threat order of severity by following table according to gathering;
Step 5: according to the fragility variety classes order of severity that presets, carry out vulnerability assessment, fragility order of severity specific standards is as shown in the table;
| Grade | Sign | Definition |
| 5 | High | If be utilized, assets are caused infringement fully |
| 4 | High | If be utilized, assets are caused extensive damage |
| 3 | Medium | If be utilized, assets are caused general infringement |
| 2 | Low | If be utilized, assets are caused minor harm |
| 1 | Extremely low | If being utilized the infringement that assets are caused can ignore |
Simultaneously, the present invention calculates the probability that causes risk case due to the node association by the bayesian algorithm condition probability formula, therefore needs definition fragility in the situation that existence threatens, the probability that is utilized, again, it is defined as fragile degree, shown in the specific definition standard sees the following form:
| Grade | Sign | Definition |
| 5 | High | Occur in case threaten, fragility is utilized almost inevitable |
| 4 | High | Occur in case threaten, fragility greatly may be utilized |
| 3 | Medium | Occur in case threaten, fragility may be utilized |
| 2 | Low | Occur in case threaten, fragility is less may be utilized |
| 1 | Extremely low | Occur in case threaten, fragility is utilized possibility and can ignores |
Step 6: according to the security incident storehouse, assets and fragility are carried out related formation security incident, utilize matrix algorithm, in conjunction with the outcome evaluation security incident order of severity in 1,5 liang of step, evaluating matrix is with reference to shown in following table:
| The security incident order of severity | 1-3 | 4-10 | 11-19 | 20-23 | 24-25 |
| Grade | Extremely low | Low | In | High | High |
[0036]Step 7: utilize matrix algorithm, in conjunction with 4,6 liang of step outcome evaluation risk case orders of severity.
Evaluating matrix is with reference to shown in following table:
The risk case order of severity is calculated with reference to shown in following table:
| The risk case order of severity | 1-3 | 4-10 | 11-19 | 20-23 | 24-25 |
| Grade | Extremely low | Low | In | High | High |
Step 8: Bayes's condition probability formula is:
P (A, B)=P (A) * P (B/A), namely event A and the simultaneous probability of event B are that the probability that event A occurs descends the product of event B probability of happening with a situation arises at event A.
For the circular of risk case probability of happening is described, take topology diagram shown in Figure 2 as example.
A equipment is carried out risk assessment, due to existence
P (r (A))=P (t (C)) * P (v (C)/t (C)), wherein P (t (C)) is utilized the probability that A is attacked for the C node, P (v (C)/t (C)) is that threat occurs in the situation that attack namely, the probability that C fragility is utilized, P (r (A)) are the A node quilt probability of node attack on every side.If exist a plurality of nodes on every side to have risk case, according to types of network equipment, the node weights are defined, then be weighted calculating according to following formula
P(r(A))=[P(r(BA))*w1+P(r(CA))*w2+…]/(w1+w2+…)。
Wherein, node A exists the probability that in situation, fragility is utilized to be determined by fragile degree in threat, concrete corresponding relation see the following form (concrete numerical value can be according to the network actual conditions, the historical data definition):
| The fragility degree | Probability of happening |
| 1 | 10% |
| 2 | 30% |
| 3 | 50% |
| 4 | 70% |
| 5 | 90% |
Then the probability that calculates is carried out section definition, be divided into five ranks, concrete corresponding relation sees the following form:
| Probability | Respective value |
| 0-20% | 1 |
| 20%-40% | 2 |
| 40%-60% | 3 |
| 60%-80% | 4 |
| 80%-100% | 5 |
Step 9: in conjunction with 7,8 liang of step results, again by the matrix algorithm calculation risk event order of severity, this order of severity considers that all mid-side nodes are related, and the probability based on risk case occurs is defined as risk with it.
Matrix algorithm is defined as follows shown in table:
| Risk | 1-3 | 4-10 | 11-19 | 20-23 | 24-25 |
| Grade | Extremely low | Low | In | High | High |
It should be noted that at last: above embodiment is only in order to illustrate the present invention and unrestricted technical scheme described in the invention; Therefore, although this specification is illustrated the present invention with reference to each above-mentioned embodiment,, those of ordinary skill in the art should be appreciated that still and can modify or be equal to replacement the present invention; And all do not break away from technical scheme and the improvement thereof of the spirit and scope of invention, and it all should be encompassed in the middle of claim scope of the present invention.
Claims (1)
1. network risk assessment method that combines based on bayesian algorithm and matrix method when carrying out Network Risk Assessment, includes following concrete steps:
Step 1: the investigation networked asset, appraise assets is worth;
Step 2: by questionnaire, the forms such as field investigation are collected Cyberthreat;
Step 3: by hole scanner scanning system leak, acquisition system fragility;
Step 4: assessment threatens occurrence frequency;
Step 5: the assessment fragility order of severity;
Step 6: according to assets value and the fragility order of severity, utilize the matrix algorithm computationally secure event order of severity;
Step 7: according to the security incident order of severity and threat occurrence frequency, utilize the matrix algorithm calculation risk order of severity;
Step 8: by Bayes's conditional probability computing formula, calculate because network node is related, cause the network equipment around node be utilized, cause this network equipment to be attacked, thereby bring the probability of risk;
Step 9: the result of integrating step 7 and step 8, consider that all mid-side nodes are related, again utilize matrix algorithm, calculate the order of severity of every risk case.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104184683A CN103095485A (en) | 2012-10-26 | 2012-10-26 | Network risk assessment method based on combination of Bayesian algorithm and matrix method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104184683A CN103095485A (en) | 2012-10-26 | 2012-10-26 | Network risk assessment method based on combination of Bayesian algorithm and matrix method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103095485A true CN103095485A (en) | 2013-05-08 |
Family
ID=48207645
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012104184683A Pending CN103095485A (en) | 2012-10-26 | 2012-10-26 | Network risk assessment method based on combination of Bayesian algorithm and matrix method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103095485A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103366244A (en) * | 2013-06-19 | 2013-10-23 | 深圳市易聆科信息技术有限公司 | Method and system for acquiring network risk value in real time |
| WO2015070466A1 (en) * | 2013-11-18 | 2015-05-21 | 国家电网公司 | Security risk assessment method and apparatus |
| CN106576052A (en) * | 2014-08-13 | 2017-04-19 | 霍尼韦尔国际公司 | Analyzing cyber-security risks in industrial control environment |
| CN106650232A (en) * | 2016-11-09 | 2017-05-10 | 北京好运到信息科技有限公司 | Method for calculating probability of occurrence of disease according to drugs and system thereof |
| CN107301283A (en) * | 2017-06-12 | 2017-10-27 | 西北工业大学 | Product scheme design stage Risk appraisal procedure based on design variation matrix |
| CN108229826A (en) * | 2018-01-04 | 2018-06-29 | 中国计量大学 | A kind of net purchase risk class appraisal procedure based on improvement bayesian algorithm |
| CN108665003A (en) * | 2018-05-14 | 2018-10-16 | 中国人民解放军军事科学院系统工程研究院 | A kind of system fragility discovery method and system based on topology measurements relationship |
| CN109094482A (en) * | 2018-07-25 | 2018-12-28 | 哈尔滨工业大学 | Vehicle operation risk assessment information acquisition system, risk evaluating system and method |
| CN109151525A (en) * | 2018-09-22 | 2019-01-04 | 肖鑫茹 | A kind of video sharing system based on information network |
| CN110289995A (en) * | 2019-06-11 | 2019-09-27 | 同济大学 | Based on the social networks behavior monitoring method and device using attribute attack graph |
| CN111212067A (en) * | 2019-12-31 | 2020-05-29 | 南京联成科技发展股份有限公司 | Industrial network security risk assessment system based on threat prediction |
| CN113347191A (en) * | 2021-06-10 | 2021-09-03 | 东南大学 | Energy internet network security risk assessment method and model |
| CN117319077A (en) * | 2023-11-09 | 2023-12-29 | 青海秦楚信息科技有限公司 | Network security emergency linkage system and method |
-
2012
- 2012-10-26 CN CN2012104184683A patent/CN103095485A/en active Pending
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103366244A (en) * | 2013-06-19 | 2013-10-23 | 深圳市易聆科信息技术有限公司 | Method and system for acquiring network risk value in real time |
| WO2015070466A1 (en) * | 2013-11-18 | 2015-05-21 | 国家电网公司 | Security risk assessment method and apparatus |
| CN106576052B (en) * | 2014-08-13 | 2020-09-29 | 霍尼韦尔国际公司 | Analyzing cyber-security risks in an industrial control environment |
| CN106576052A (en) * | 2014-08-13 | 2017-04-19 | 霍尼韦尔国际公司 | Analyzing cyber-security risks in industrial control environment |
| CN106650232A (en) * | 2016-11-09 | 2017-05-10 | 北京好运到信息科技有限公司 | Method for calculating probability of occurrence of disease according to drugs and system thereof |
| CN107301283A (en) * | 2017-06-12 | 2017-10-27 | 西北工业大学 | Product scheme design stage Risk appraisal procedure based on design variation matrix |
| CN107301283B (en) * | 2017-06-12 | 2020-05-01 | 西北工业大学 | Product scheme design stage risk assessment method based on design change matrix |
| CN108229826A (en) * | 2018-01-04 | 2018-06-29 | 中国计量大学 | A kind of net purchase risk class appraisal procedure based on improvement bayesian algorithm |
| CN108665003A (en) * | 2018-05-14 | 2018-10-16 | 中国人民解放军军事科学院系统工程研究院 | A kind of system fragility discovery method and system based on topology measurements relationship |
| CN109094482A (en) * | 2018-07-25 | 2018-12-28 | 哈尔滨工业大学 | Vehicle operation risk assessment information acquisition system, risk evaluating system and method |
| CN109151525A (en) * | 2018-09-22 | 2019-01-04 | 肖鑫茹 | A kind of video sharing system based on information network |
| CN110289995A (en) * | 2019-06-11 | 2019-09-27 | 同济大学 | Based on the social networks behavior monitoring method and device using attribute attack graph |
| CN110289995B (en) * | 2019-06-11 | 2021-02-02 | 同济大学 | Social network behavior monitoring method and device based on attribute attack graph |
| CN111212067A (en) * | 2019-12-31 | 2020-05-29 | 南京联成科技发展股份有限公司 | Industrial network security risk assessment system based on threat prediction |
| CN113347191A (en) * | 2021-06-10 | 2021-09-03 | 东南大学 | Energy internet network security risk assessment method and model |
| CN117319077A (en) * | 2023-11-09 | 2023-12-29 | 青海秦楚信息科技有限公司 | Network security emergency linkage system and method |
| CN117319077B (en) * | 2023-11-09 | 2024-04-16 | 青海秦楚信息科技有限公司 | Network security emergency linkage system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103095485A (en) | Network risk assessment method based on combination of Bayesian algorithm and matrix method | |
| CN103581186B (en) | A kind of network security situational awareness method and system | |
| Li et al. | DDOA: A Dirichlet-based detection scheme for opportunistic attacks in smart grid cyber-physical system | |
| US8028061B2 (en) | Methods, systems, and computer program products extracting network behavioral metrics and tracking network behavioral changes | |
| Xia et al. | ABSI: An adaptive binary splitting algorithm for malicious meter inspection in smart grid | |
| CN101964730B (en) | Network vulnerability evaluation method | |
| US8903757B2 (en) | Proactive information technology infrastructure management | |
| CN105516130A (en) | Data processing method and device | |
| CN102045358A (en) | Intrusion detection method based on integral correlation analysis and hierarchical clustering | |
| CN111818102B (en) | Defense efficiency evaluation method applied to network target range | |
| CN105512011B (en) | A kind of electronics testability modeling appraisal procedure | |
| CN111898647A (en) | Clustering analysis-based low-voltage distribution equipment false alarm identification method | |
| CN109034400A (en) | A kind of substation's exception metric data predicting platform system | |
| Mounce et al. | Implementation of an on-line artificial intelligence district meter area flow meter data analysis system for abnormality detection: a case study | |
| CN109738014A (en) | The intelligent diagnosing method and system of city integrated piping lane equipment fault | |
| Fu et al. | Online temporal-spatial analysis for detection of critical events in cyber-physical systems | |
| CN102456032B (en) | Database security protection method and device | |
| CN115225384B (en) | Network threat degree evaluation method and device, electronic equipment and storage medium | |
| CN110933083A (en) | Vulnerability grade evaluation device and method based on word segmentation and attack matching | |
| CN107612927B (en) | Safety detection method for power dispatching automation system | |
| CN117319047A (en) | Network path analysis method and system based on network security anomaly detection | |
| CN114679327A (en) | Network attack level determination method and device, computer equipment and storage medium | |
| CN114884735A (en) | Multisource data intelligent evaluation system based on security situation | |
| Pinzinger et al. | Alternative approaches for solving the sensor placement problem in large networks | |
| Kai et al. | Development of qualification of security status suitable for cloud computing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130508 |