CN104320271B - A kind of network equipment safety evaluation method and device - Google Patents

A kind of network equipment safety evaluation method and device Download PDF

Info

Publication number
CN104320271B
CN104320271B CN201410558925.8A CN201410558925A CN104320271B CN 104320271 B CN104320271 B CN 104320271B CN 201410558925 A CN201410558925 A CN 201410558925A CN 104320271 B CN104320271 B CN 104320271B
Authority
CN
China
Prior art keywords
level
mrow
security
factor
security factor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410558925.8A
Other languages
Chinese (zh)
Other versions
CN104320271A (en
Inventor
何恐
周培和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
NSFOCUS Information Technology Co Ltd
Beijing NSFocus Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NSFOCUS Information Technology Co Ltd, Beijing NSFocus Information Security Technology Co Ltd filed Critical NSFOCUS Information Technology Co Ltd
Priority to CN201410558925.8A priority Critical patent/CN104320271B/en
Publication of CN104320271A publication Critical patent/CN104320271A/en
Application granted granted Critical
Publication of CN104320271B publication Critical patent/CN104320271B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of network equipment safety evaluation method and device, main contents to include:One-level safety coefficient corresponding to each one-level security factor and each one-level security factor is determined in one-level security factor group using analytic hierarchy process (AHP) and the linear weighted function method of average;According to the type of each one-level security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor;According to one-level safety coefficient corresponding to the weight of default each one-level security factor, each one-level security factor, initial safe assessed value is determined using weighted mean method;The initial safe assessed value is once corrected using the level of security of each one-level security factor of determination, obtains the total safety coefficient of the network equipment.So as to which there will be the security factor of severe compromise to be embodied by total safety coefficient, realizes the accurate evaluation to the authentic security performance of the network equipment.

Description

A kind of network equipment safety evaluation method and device
Technical field
The present invention relates to technical field of network security, more particularly to a kind of network equipment safety evaluation method and device.
Background technology
Network equipment security evaluation is an important step of network management, and accurate network security assessment can be easy to net Network administrative staff have the understanding of a real-time to the safe condition of whole network equipment, and assisted network manager combines and assessed The safe condition of the obtained network equipment, to oneself through occur or the potential safety hazard event that may occur diagnosed, analyze and Forecast, provides accurate reference information for network management personnel, to determine specific solution, potential safety hazard event is done To comprehensively and accurately tackling.
Network equipment security evaluation is the comprehensive assessment to information system security.At present, simplest statistical method is flat Mean algorithm, the safety coefficient of each security factor involved in the network equipment is added, obtain total safety coefficient again divided by Security factor total number is average value.
But in the network environment residing for the actual network equipment, the level of security of each security factor is different, is entered And the influence degree to total safety coefficient is also different, the security factor that may cause to have severe compromise does not embody Out.Therefore, above-mentioned average algorithm is relatively rough that obtained total safety coefficient can not accurately reflect whole network The real safe coefficient of equipment.
The content of the invention
The embodiment of the present invention provides a kind of network equipment safety evaluation method and device, to solve to exist in the prior art Can not the accurate evaluation network equipment real safe coefficient the problem of.
The embodiment of the present invention uses following technical scheme:
A kind of network equipment safety evaluation method, the network equipment applied to the security factor group comprising at least m rank In security model, methods described includes:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP) and the linear weighted function method of average And one-level safety coefficient corresponding to each one-level security factor;
According to the type of each one-level security factor, default level of security corresponding table is inquired about, is pacified for each one-level Total factor determines level of security;
According to one-level safety coefficient corresponding to the weight of default each one-level security factor, each one-level security factor, Initial safe assessed value is determined using weighted mean method;
The initial safe assessed value is once corrected using the level of security of each one-level security factor of determination, Obtain the total safety coefficient of the network equipment;
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is one-level peace Total factor group, lowest level are m level security key element groups.
The technical scheme implemented more than, determine that a level security will using analytic hierarchy process (AHP) and the linear weighted function method of average One-level safety coefficient corresponding to each one-level security factor and each one-level security factor in plain group;According to described each The type of one-level security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor;Root According to one-level safety coefficient and each one-level corresponding to the weight of default each one-level security factor, each one-level security factor The level of security of security factor, determine total safety coefficient in the network equipment.So as to which there will be the safety of severe compromise to want Element is embodied by total safety coefficient, realizes the accurate evaluation to the authentic security performance of the network equipment.
A kind of network equipment security evaluation device, the network equipment applied to the security factor group comprising at least m rank In security model, described device includes:
First determining unit, for being determined using analytic hierarchy process (AHP) and the linear weighted function method of average in one-level security factor group One-level safety coefficient corresponding to each one-level security factor and each one-level security factor;
Searching unit, for the type according to each one-level security factor, default level of security corresponding table is searched, Level of security is determined for each one-level security factor;
Second determining unit, for the weight according to default each one-level security factor, each one-level security factor pair The one-level safety coefficient answered, initial safe assessed value is determined using weighted mean method;
Amending unit, the level of security for each one-level security factor using determination are commented the initial safe Valuation is once corrected, and obtains determining the total safety coefficient of the network equipment;
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is one-level peace Total factor group, lowest level are m level security key element groups.
The technical scheme implemented more than, determine that a level security will using analytic hierarchy process (AHP) and the linear weighted function method of average One-level safety coefficient corresponding to each one-level security factor and each one-level security factor in plain group;According to described each The type of one-level security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor;Root According to one-level safety coefficient and each one-level corresponding to the weight of default each one-level security factor, each one-level security factor The level of security of security factor, determine total safety coefficient in the network equipment.So as to which there will be the safety of severe compromise to want Element is embodied by total safety coefficient, realizes the accurate evaluation to the authentic security degree of the network equipment.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, make required in being described below to embodiment Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, without having to pay creative labor, it can also be obtained according to these accompanying drawings His accompanying drawing.
Fig. 1 is the network equipment Security Evaluation Model involved by the embodiment of the present invention;
Fig. 2 is a kind of step flow chart for network equipment safety evaluation method that the embodiment of the present invention one provides;
Fig. 3 is a kind of structural representation for network equipment security evaluation device that the embodiment of the present invention two provides;
Fig. 4 is the structural representation for another network equipment security evaluation device that the embodiment of the present invention two provides.
Embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, the present invention is made below in conjunction with accompanying drawing into One step it is described in detail, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole implementation Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made All other embodiment, belongs to the scope of protection of the invention.
, it is necessary to establish assessment models before network equipment security evaluation is carried out, specifically include but be not limited to utilize layer Fractional analysis (Analytic Hierarchy Process, AHP), the system of the network equipment is divided into safely comprising multiple one-levels Security factor (such as:Leak, PC safety etc.) one-level security factor group, then, then each one-level security factor carried out thin Get multiple secondary safety key element groups comprising multiple secondary safety key elements, as shown in figure 1, continue in the same way into Row division, gradually obtains AHP hierarchy structure charts, network equipment Security Evaluation Model as involved in the present invention.It is so-called Analytic hierarchy process (AHP), it is that the key element relevant with decision-making is resolved into the levels such as target, criterion, scheme, is determined herein on basis Property and the decision-making technique of quantitative analysis.The level of assessment models can be divided into multilayer, that is, establish the security factor group of multiple ranks, The present invention is mainly said for the ease of illustrating with the assessment models comprising one-level security factor and secondary safety key element group It is bright.
Scheme involved in the present invention is described in detail below by specific embodiment, it is necessary to illustrate, The present invention includes but is not limited to following examples.
Embodiment one:
As shown in Fig. 2 a kind of step flow chart of the network equipment safety evaluation method provided for the embodiment of the present invention one, This method is applied in the network equipment security model of the security factor group comprising at least m rank, mainly includes the following steps that:
Step 11:Each one-level peace in one-level security factor group is determined using analytic hierarchy process (AHP) and the linear weighted function method of average One-level safety coefficient corresponding to each one-level security factor of total factor and institute.
In embodiments of the present invention, one-level safety coefficient is in the secondary safety key element group included by the one-level security factor Each secondary safety key element weight and each secondary safety key element corresponding to secondary safety coefficient determine, further, Secondary safety coefficient can also be each three-level security factor in the three-level security factor group included by the secondary safety key element Weight and each three-level security factor corresponding to three-level safety coefficient determine, the like, the safety of lowest level will Element can determine the safety coefficient of the other security factor of upper level by default safety coefficient and weight, i.e., each rank It is associated between safety coefficient.
Wherein, each one-level safety coefficient reflects the height of the safety grade of corresponding one-level security factor, if The value of one-level safety coefficient is higher, then the safety grade of corresponding one-level security factor is higher, and vice versa.
Preferably, in actual evaluation process, the safety coefficient and weight of the other security factor of lower level are to total safety The influence of coefficient is more weak, therefore, can be just for when in the network equipment security model in order to simplify the fussy degree of assessment During security factor group comprising two ranks, one-level security factor group is determined using analytic hierarchy process (AHP) and the linear weighted function method of average In one-level safety coefficient corresponding to each one-level security factor and each one-level security factor, specifically include but be not limited to adopt With the following methods:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP), will for each level security Element, determine secondary safety corresponding to each secondary safety key element that the one-level security factor includes and each secondary safety key element Coefficient;
Pacified according to weight of the default each secondary safety key element in corresponding one-level security factor, and each two level Secondary safety coefficient corresponding to total factor, it is determined that one-level safety coefficient corresponding to each one-level security factor.
Step 12:According to the type of each one-level security factor, default level of security corresponding table is inquired about, is each one-level Security factor determines level of security.
After weight and each one-level safety coefficient that each one-level security factor is determined in a step 11, if merely Assessed using the linear weighted function method of average, then probably due to ignoring the level of security of each one-level security factor, and then Serious estimation error is caused, the evaluated network equipment serious potential safety hazard is always present.Below with specific example Analyzed:
The evaluated network equipment involved in the present invention can be that computer, PC, pad, mobile terminal etc. can link The equipment of internet.The present invention is by taking computer as an example.
It is assumed that the network equipment that internet is connect for computer A, computer B, computer C, the chain of stations of computer D tetra- is carried out Network equipment security evaluation.And computer A~computer D utilizes step 11 comprising this 10 one-level security factors of S1~S10 Mode determine each one-level security factor and each one-level safety coefficient, as shown in table 1, the level security in computer A Key element S1~S10 one-level safety coefficient is 9 (being represented by S1=9, S2=9 ... S10=9), it is seen that each one-level peace The security of total factor is all relatively good, but could be improved;One-level security factor S1~S8, S10 in computer B are 10, the security of S1~S8, S10 compared to computer A are all higher, and still, the one-level security factor S9 in computer B is 0, Show that the one-level security factor S9 in computer B has serious safety problem.If put down according to linear weighted function of the prior art Equal method is calculated, and computer A total safety coefficient is 9, and computer B total safety coefficient is also 9, and computer C is the same as computer B Situation it is the same.Although the total safety coefficient of three computers is the same in table 1, actual safety grade is completely Different.
S1 S2 S3 S4 S5 S6 S7 S8 S9 S10 Total safety coefficient
Computer A 9 9 9 9 9 9 9 9 9 9 9
Computer B 10 10 10 10 10 10 10 10 0 10 9
Computer C 10 10 10 10 10 10 10 10 10 0 9
Computer D 9 9 9 9 9 9 9 9 9 0 8.1
Table 1
Because the value of the safety coefficient for the one-level security factor for there are 9 in computer B, computer C is higher, compensate for depositing In influence of the one-level security factor to computer B, computer C total safety coefficient of severe compromise, however, this make up Only it is embodied on the total safety coefficient assessed and obtained, can not really makes up the operation of computer B, computer C in reality During potential safety hazard.Therefore, the total safety coefficient obtained using the linear weighted function method of average can not reflect calculating exactly The potential safety hazard of machine physical presence.
The most weak link of system is frequently found in view of potential safety hazard, a serious loophole is enough to influence whole system Total safety coefficient.Similar to " Bucket Principle ":The capacity of one wooden barrel being spliced by some planks is by most short one Bar plank determines.Therefore, the embodiment of the present invention introduces the level of security for the safety grade that can reflect different security factors, and Based on experience value or statistical has pre-established the corresponding relation of security factor and level of security.Then, according to each one-level The type of security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor.
In embodiments of the present invention, the security factor and the corresponding relation of level of security pre-established can be with level of security Corresponding table is shown, and specifically, the default level of security corresponding table can be set in the following ways:
The first step, gather the multiple one-level security factors occurred in the network equipment security model.
Specifically, record system can be carried out to each the one-level security factor occurred by existing statistical method Meter.
Second step, classifying and grading processing is carried out according to the type of multiple one-level security factors and safe coefficient, obtained pre- If the security factor shelves of number, wherein, each security factor shelves are corresponding with the level of security to match.
Wherein, the type of one-level security factor includes but is not limited to herein below:
Antivirus software, serious logical device defect and process defect, sensitive information leakage, unauthorized access, peace are not installed Fill dangerous software, the unsafe application of installation or system, local refusal service leak, common logical design defect and flow Defect etc..
Generally, by the operation of the first step and second step, you can set for different types of one-level security factor Determine level of security corresponding table, as shown in table 2, according to the safe coefficient of one-level security factor from low to high, set gradually 0~9 this 10 ranks, the safety coefficient of one-level security factor corresponding to 0 rank are the peace of one-level security factor corresponding to 0~1,1 rank Overall coefficient is that the safety coefficient of one-level security factor corresponding to 1~2,2 ranks is 2~3, by that analogy, one-level corresponding to 9 ranks The safety coefficient of security factor is 9~10.The value of safety coefficient is not limited to integer, can also be non-integer, and the present invention is only It is for the ease of calculating, being illustrated by taking integer as an example.In addition, it is necessary to explanation, the table 2 is applied to the with good grounds level point of institute Analysis method establishes the network equipment of assessment models.
Table 2
The level of security of S1~S10 in network equipment security model is inquired about according to table 2, obtained as shown in table 3 Result:
S1 S2 S3 S4 S5 S6 S7 S8 S9 S10
Computer A 9 9 9 9 9 9 9 9 9 9
Computer B 10 10 10 10 10 10 10 10 0 10
Computer C 10 10 10 10 10 10 10 10 10 0
Computer D 9 9 9 9 9 9 9 9 9 0
Level of security 8 8 8 8 8 8 8 8 3 2
Table 3
Wherein, S1~S8 level of security is 8, and the security type for representing S1~S8 is:Slight information leakage is difficult to profit With but the leak of potential safety hazard be present, such as:Routing information leakage etc..S9 level of security is 3, and potential safety hazard is higher, is represented S9 security type is:Unauthorized access, such as the direct Access Management Access backstage of bypassing authentication, backstage weak password etc..S10 safe level Not Wei 2, higher compared to S9 potential safety hazard, the security type for representing S10 is:Sensitive information leakage, such as source code compression Sensitive information leakage of bag leakage or plaintext etc..
Step 13:Pacified according to one-level corresponding to the weight of default each one-level security factor, each one-level security factor Overall coefficient, initial safe assessed value is determined using weighted mean method.
The p represents initial safe assessed value, and described(wherein, the SiRepresent i-th of one-level peace The safety coefficient of total factor, the wiRepresent one-level security factor SiWeight).
Step 14:One is carried out to the initial safe assessed value using the level of security of each one-level security factor of determination Secondary amendment, obtain the total safety coefficient of the network equipment.
Wherein, m is positive integer more than or equal to 1, and in the network equipment security model, highest level is one-level security factor Group, lowest level are m level security key element groups.
Specifically, one is carried out to the initial safe assessed value using the level of security of each one-level security factor of determination Secondary amendment, the total safety coefficient of the network equipment is obtained, can be calculated by below equation (1):
Wherein, the S represents total safety coefficient, and i represents the number of one-level security factor in one-level security factor group, described P represents initial safe assessed value, and described(wherein, the SiRepresent the safety of i-th of one-level security factor Coefficient, the wiRepresent one-level security factor SiWeight);The λiValue is 1 or 0 (wherein, as S in one-level security factori When=0, λi=1;As S in one-level security factoriWhen ≠ 0, λi=0);The CiRepresent one-level security factor SiLevel of security.
Still by taking computer A~computer D as an example, in table 3, list corresponding to each one-level security factor and be safely Number and level of security, it is assumed that the weight of each one-level security factor is all 0.1 in the embodiment of the present invention, then w1~w10It is 0.1.According to above-mentioned formula (1), first computing computer A total safety coefficient SA, due to for computer A one-level security factors S1~S10 safety coefficient is nonzero value, then Section 1 is equal in formula 1As 9.Section 2 value is 0, Then SAValue be 9.Similarly, for computer B total safety coefficient SB, computer C total safety coefficient SC, computer D it is total Safety coefficient SD, also can respectively obtain S according to above-mentioned formulaBValue for 3, SCValue for 2, SDValue be 2.Such as table 4 It is shown, it is determined that when total safety coefficient, the weight and safety coefficient of each one-level security factor are not only allowed for, is also examined Consider the level of security of each one-level security factor, so as to so that the safety coefficient of the relatively low one-level security factor of level of security It when relatively low, can intuitively be embodied by total safety coefficient, reflect the system peace of the network equipments such as computer well Whole degree.
S1 S2 S3 S4 S5 S6 S7 S8 S9 S10 Total safety coefficient
Computer A 9 9 9 9 9 9 9 9 9 9 9
Computer B 10 10 10 10 10 10 10 10 0 10 3
Computer C 10 10 10 10 10 10 10 10 10 0 2
Computer D 9 9 9 9 9 9 9 9 9 0 2
Level of security 8 8 8 8 8 8 8 8 3 2
Table 4
Found however, further carrying out analysis to the data in table 4, for computer C and computer D, both one-levels Security factor S10 safety coefficient is 0, it is seen then that S1 potential safety hazard is more high;Computer C S1~S9 safety coefficient It is 10, computer D S1~S9 safety coefficient is 9, it is seen then that computer C system safe coefficient is preferable, and computer The certain hidden danger of D system security presence.It is obvious that computer C security is more safe than computer D, but, press The total safety coefficient obtained according to formula (1) is equal, is all 2.It can be seen that it is calculated in the way of formula (1) total Safety coefficient can not accurately still reflect the real safe coefficient of computer.
In view of the presence of above mentioned problem, it is determined that after total safety coefficient, in order to make total safety coefficient more accurate The real safe coefficient of reflection computer, the network equipment safety evaluation method also add to be repaiied to the secondary of total safety coefficient Positive process, is specifically including but not limited in the following manner:
Work as SiWhen=0, according to except SiOutside other security factors level of security to total safety coefficient in the network equipment Second-order correction is carried out, is corrected especially by below equation (2):
Wherein, S ' represents the total safety coefficient after second-order correction;I represents one-level security factor in one-level security factor group Number, S represent total safety coefficient in the network equipment;SiRepresent the safety coefficient of i-th of one-level security factor, wiRepresent one-level peace Total factor SiWeight;λiValue is 1 or 0, (wherein, as S in one-level security factoriWhen=0, λi=1;When one-level security factor Middle SiWhen ≠ 0, λi=0;C represents the number of level of security in default level of security corresponding table.
In addition, in the embodiment of the present invention, by the derivation of equation, the pass between formula (1) and formula (2) can also be utilized System, is directly calculated total safety coefficient using below equation (3).
According to above-mentioned formula (2), result as shown in table 5 is calculated.
Table 5
From the content of above-mentioned table 5, computer C S1~S9 value (being 10) and computer D S1~S9 Value (being 9) differs, and its total safety coefficient each reflected should also be different, i.e., according to formula (2) Total safety coefficient is modified so that total safety coefficient correction value more can accurately reflect that system for computer is true safely Real safe coefficient.
The technical scheme implemented more than, determine that a level security will using analytic hierarchy process (AHP) and the linear weighted function method of average One-level safety coefficient corresponding to each one-level security factor and each one-level security factor in plain group;According to described each The type of one-level security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor;Root According to one-level safety coefficient and each one-level corresponding to the weight of default each one-level security factor, each one-level security factor The level of security of security factor, determine total safety coefficient in the network equipment.So as to which there will be the safety of severe compromise to want Element is embodied by total safety coefficient, realizes the accurate evaluation to the authentic security performance of the network equipment.
Based on same inventive concept is belonged to above-mentioned network equipment safety evaluation method, the embodiment of the present invention additionally provides one Kind network equipment security evaluation device.
Embodiment two:
As shown in figure 3, a kind of structural representation of the network equipment security evaluation device provided for the embodiment of the present invention two, The apparatus for evaluating is applied in the network equipment security model of the security factor group comprising at least m rank, specifically includes following Construction unit:
First determining unit 21, for determining one-level security factor group using analytic hierarchy process (AHP) and the linear weighted function method of average In one-level safety coefficient corresponding to each one-level security factor and each one-level security factor.
Searching unit 22, for the type according to each one-level security factor, it is corresponding to search default level of security Table, level of security is determined for each one-level security factor.
Second determining unit 23, for the weight according to default each one-level security factor, each one-level security factor Corresponding one-level safety coefficient, initial safe assessed value is determined using weighted mean method.
Amending unit 24, for the level of security using each one-level security factor determined to the initial safe Assessed value is once corrected, and obtains the total safety coefficient of the network equipment.
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is one-level peace Total factor group, lowest level are m level security key element groups.
Preferably, when including the security factor group of two ranks in the network equipment security model, described first is true Order member 21, is specifically used for:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP), will for each level security Element, determine two level corresponding to each secondary safety key element that the one-level security factor includes and each secondary safety key element Safety coefficient;
Pacified according to weight of the default each secondary safety key element in corresponding one-level security factor, and each two level Secondary safety coefficient corresponding to total factor, it is determined that one-level safety coefficient corresponding to each one-level security factor.
Preferably, an amending unit 24, total safety coefficient is calculated especially by below equation (1):
Wherein, the i represents the number of one-level security factor in one-level security factor group, and the p represents that initial safe is commented Valuation, and it is described(wherein, the SiRepresent the safety coefficient of i-th of one-level security factor, the wiRepresent One-level security factor SiWeight);The λiValue is 1 or 0 (wherein, as S in one-level security factoriWhen=0, λi=1;When one S in level security key elementiWhen ≠ 0, λi=0);The CiRepresent one-level security factor SiLevel of security.
Preferably, as shown in figure 4, described device also includes:
Second-order correction unit 25, for it is determined that after total safety coefficient, working as SiWhen=0, according to except SiOutside other peace The level of security of total factor is modified to total safety coefficient in the network equipment, is corrected especially by below equation (2):
Wherein, the S ' represents the total safety coefficient after second-order correction;The i represents that one-level is pacified in one-level security factor group The number of total factor, the S represent total safety coefficient in the network equipment;The SiRepresent the safety of i-th of one-level security factor Coefficient, the wiRepresent one-level security factor SiWeight;The λiValue is 1 or 0, (wherein, as S in one-level security factori When=0, λi=1;As S in one-level security factoriWhen ≠ 0, λi=0;C represents level of security in default level of security corresponding table Number.
Preferably, the default level of security corresponding table, sets in the following manner:Gather the safe mould of the network equipment The multiple one-level security factors occurred in type, and carried out according to the type and safe coefficient of the multiple one-level security factor Classifying and grading processing, obtains the security factor shelves of predetermined number, wherein, each security factor shelves are corresponding with the safe level to match Not.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising including these changes and modification.

Claims (8)

1. a kind of network equipment safety evaluation method, the network equipment applied to the security factor group comprising at least m rank is pacified In full model, it is characterised in that methods described includes:
Using analytic hierarchy process (AHP) and the linear weighted function method of average determine in one-level security factor group each one-level security factor and One-level safety coefficient corresponding to each one-level security factor;
According to the type of each one-level security factor, default level of security corresponding table is inquired about, will for each level security Element determines level of security;
According to one-level safety coefficient corresponding to the weight of default each one-level security factor, each one-level security factor, utilize Weighted mean method determines initial safe assessed value;
The initial safe assessed value is once corrected using the level of security of each one-level security factor of determination, obtained The total safety coefficient of the network equipment;
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is that a level security is wanted Plain group, lowest level is m level security key element groups;
The initial safe assessed value is once corrected using the level of security of each one-level security factor of determination, obtained The total safety coefficient of the network equipment, calculated especially by below equation (1):
<mrow> <mi>S</mi> <mo>=</mo> <munderover> <mo>&amp;Pi;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <msub> <mi>&amp;lambda;</mi> <mi>i</mi> </msub> <mo>*</mo> <mi>p</mi> <mo>+</mo> <mrow> <mo>(</mo> <mn>1</mn> <mo>-</mo> <munderover> <mo>&amp;Pi;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <msub> <mi>&amp;lambda;</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>*</mo> <munder> <mrow> <mi>M</mi> <mi>i</mi> <mi>n</mi> </mrow> <mrow> <mn>1</mn> <mo>&amp;le;</mo> <mi>i</mi> <mo>&amp;le;</mo> <mi>n</mi> </mrow> </munder> <mrow> <mo>(</mo> <mo>(</mo> <mrow> <mn>1</mn> <mo>-</mo> <msub> <mi>&amp;lambda;</mi> <mi>i</mi> </msub> </mrow> <mo>)</mo> <mo>*</mo> <msub> <mi>C</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </mrow>
Wherein, the i represents the number of one-level security factor in one-level security factor group, and the p represents initial safe assessed value, It is and describedWherein, the SiRepresent the safety coefficient of i-th of one-level security factor, the wiRepresent one-level Security factor SiWeight;The λiValue is 1 or 0, wherein, as S in one-level security factoriWhen=0, λi=1;When one-level is pacified S in total factoriWhen ≠ 0, λi=0;The CiRepresent one-level security factor SiLevel of security.
2. the method as described in claim 1, it is characterised in that when including two ranks in the network equipment security model During security factor group, each level security in one-level security factor group is determined using analytic hierarchy process (AHP) and the linear weighted function method of average One-level safety coefficient corresponding to key element and each one-level security factor, is specifically included:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP), for each one-level security factor, Determine two level peace corresponding to each secondary safety key element that the one-level security factor includes and each secondary safety key element Overall coefficient;
Using the linear weighted function method of average, according to power of the default each secondary safety key element in corresponding one-level security factor Weight, and secondary safety coefficient corresponding to each secondary safety key element, it is determined that a level security corresponding to each one-level security factor Coefficient.
3. the method as described in claim 1, it is characterised in that it is determined that after total safety coefficient, methods described also includes:
Work as SiWhen=0, according to except SiOutside the level of securitys of other security factors total safety coefficient in the network equipment is entered Row second-order correction, corrected especially by below equation (2):
<mrow> <msup> <mi>S</mi> <mo>,</mo> </msup> <mo>=</mo> <mi>S</mi> <mo>+</mo> <mrow> <mo>(</mo> <mn>1</mn> <mo>-</mo> <munderover> <mo>&amp;Pi;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <msub> <mi>&amp;lambda;</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>&amp;lsqb;</mo> <mfrac> <mrow> <munderover> <mo>&amp;Sigma;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <mrow> <mo>(</mo> <msub> <mi>w</mi> <mi>i</mi> </msub> <mo>*</mo> <msub> <mi>S</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> </mrow> <mi>C</mi> </mfrac> <mo>&amp;rsqb;</mo> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </mrow>
Wherein, the S ' represents the total safety coefficient after second-order correction;The i represents that a level security will in one-level security factor group The number of element, the S represent total safety coefficient in the network equipment;The SiThe safety coefficient of i-th of one-level security factor is represented, The wiRepresent one-level security factor SiWeight;The λiValue is 1 or 0, wherein, as S in one-level security factoriWhen=0, λi =1;As S in one-level security factoriWhen ≠ 0, λi=0;C represents the number of level of security in default level of security corresponding table.
4. the method as described in claim 1, it is characterised in that the default level of security corresponding table, in the following manner Setting:
The multiple one-level security factors occurred in the network equipment security model are gathered, and will according to a multiple level security The type and safe coefficient of element carry out classifying and grading processing, obtain the security factor shelves of predetermined number, wherein, each safety will Plain shelves are corresponding with the level of security to match.
5. a kind of network equipment security evaluation device, the network equipment applied to the security factor group comprising at least m rank is pacified In full model, it is characterised in that described device includes:
First determining unit, it is each in one-level security factor group for being determined using analytic hierarchy process (AHP) and the linear weighted function method of average One-level safety coefficient corresponding to one-level security factor and each one-level security factor;
Searching unit, for the type according to each one-level security factor, default level of security corresponding table is searched, is each Individual one-level security factor determines level of security;
Second determining unit, for corresponding to the weight according to default each one-level security factor, each one-level security factor One-level safety coefficient, initial safe assessed value is determined using weighted mean method;
Amending unit, for the level of security using each one-level security factor determined to the initial safe assessed value Once corrected, obtain the total safety coefficient of the network equipment;
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is that a level security is wanted Plain group, lowest level is m level security key element groups;
Amending unit, total safety coefficient is calculated especially by below equation (1):
<mrow> <mi>S</mi> <mo>=</mo> <munderover> <mo>&amp;Pi;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <msub> <mi>&amp;lambda;</mi> <mi>i</mi> </msub> <mo>*</mo> <mi>p</mi> <mo>+</mo> <mrow> <mo>(</mo> <mn>1</mn> <mo>-</mo> <munderover> <mo>&amp;Pi;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <msub> <mi>&amp;lambda;</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>*</mo> <munder> <mrow> <mi>M</mi> <mi>i</mi> <mi>n</mi> </mrow> <mrow> <mn>1</mn> <mo>&amp;le;</mo> <mi>i</mi> <mo>&amp;le;</mo> <mi>n</mi> </mrow> </munder> <mrow> <mo>(</mo> <mo>(</mo> <mrow> <mn>1</mn> <mo>-</mo> <msub> <mi>&amp;lambda;</mi> <mi>i</mi> </msub> </mrow> <mo>)</mo> <mo>*</mo> <msub> <mi>C</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </mrow>
Wherein, the i represents the number of one-level security factor in one-level security factor group, and the p represents initial safe assessed value, It is and describedWherein, the SiRepresent the safety coefficient of i-th of one-level security factor, the wiRepresent one-level Security factor SiWeight;The λiValue is 1 or 0, wherein, as S in one-level security factoriWhen=0, λi=1;When one-level is pacified S in total factoriWhen ≠ 0, λi=0;The CiRepresent one-level security factor SiLevel of security.
6. device as claimed in claim 5, it is characterised in that when including two ranks in the network equipment security model During security factor group, first determining unit, it is specifically used for:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP), for each one-level security factor, Determine two level peace corresponding to each secondary safety key element that the one-level security factor includes and each secondary safety key element Overall coefficient;
Using the linear weighted function method of average, according to power of the default each secondary safety key element in corresponding one-level security factor Weight, and secondary safety coefficient corresponding to each secondary safety key element, it is determined that a level security corresponding to each one-level security factor Coefficient.
7. device as claimed in claim 5, it is characterised in that described device also includes:
Second-order correction unit, for it is determined that after total safety coefficient, working as SiWhen=0, according to except SiOutside other security factors Level of security in the network equipment total safety coefficient carry out second-order correction, especially by below equation (2) correct:
<mrow> <msup> <mi>S</mi> <mo>,</mo> </msup> <mo>=</mo> <mi>S</mi> <mo>+</mo> <mrow> <mo>(</mo> <mn>1</mn> <mo>-</mo> <munderover> <mo>&amp;Pi;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <msub> <mi>&amp;lambda;</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> <mo>&amp;lsqb;</mo> <mfrac> <mrow> <munderover> <mo>&amp;Sigma;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <mrow> <mo>(</mo> <msub> <mi>w</mi> <mi>i</mi> </msub> <mo>*</mo> <msub> <mi>S</mi> <mi>i</mi> </msub> <mo>)</mo> </mrow> </mrow> <mi>C</mi> </mfrac> <mo>&amp;rsqb;</mo> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </mrow>
Wherein, the S ' represents the total safety coefficient after second-order correction;The i represents that a level security will in one-level security factor group The number of element, the S represent total safety coefficient in the network equipment;The SiThe safety coefficient of i-th of one-level security factor is represented, The wiRepresent one-level security factor SiWeight;The λiValue is 1 or 0, wherein, as S in one-level security factoriWhen=0, λi =1;As S in one-level security factoriWhen ≠ 0, λi=0;C represents the number of level of security in default level of security corresponding table.
8. device as claimed in claim 5, it is characterised in that the default level of security corresponding table, in the following manner Setting:
The multiple one-level security factors occurred in the network equipment security model are gathered, and will according to a multiple level security The type and safe coefficient of element carry out classifying and grading processing, obtain the security factor shelves of predetermined number, wherein, each safety will Plain shelves are corresponding with the level of security to match.
CN201410558925.8A 2014-10-20 2014-10-20 A kind of network equipment safety evaluation method and device Active CN104320271B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410558925.8A CN104320271B (en) 2014-10-20 2014-10-20 A kind of network equipment safety evaluation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410558925.8A CN104320271B (en) 2014-10-20 2014-10-20 A kind of network equipment safety evaluation method and device

Publications (2)

Publication Number Publication Date
CN104320271A CN104320271A (en) 2015-01-28
CN104320271B true CN104320271B (en) 2017-11-21

Family

ID=52375446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410558925.8A Active CN104320271B (en) 2014-10-20 2014-10-20 A kind of network equipment safety evaluation method and device

Country Status (1)

Country Link
CN (1) CN104320271B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105282131B (en) * 2015-02-10 2018-10-23 中国移动通信集团广东有限公司 Method of Information Security Evaluation, apparatus and system based on the scanning of risk item
JP6901979B2 (en) * 2018-02-21 2021-07-14 株式会社日立製作所 Security evaluation server and security evaluation method
CN109325685A (en) * 2018-09-21 2019-02-12 郑州云海信息技术有限公司 A kind of product safety test method and device
CN110311838B (en) * 2019-07-24 2021-05-04 绿盟科技集团股份有限公司 Method and device for counting safety service flow
CN112598334B (en) * 2021-01-08 2024-04-19 中国商用飞机有限责任公司北京民用飞机技术研究中心 Avionics safety coefficient determination method and device, computer equipment and storage medium
CN113127882B (en) * 2021-04-23 2023-06-09 杭州安恒信息安全技术有限公司 Terminal safety protection method, device, equipment and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102354355A (en) * 2011-09-30 2012-02-15 北京神州绿盟信息安全科技股份有限公司 Security risk assessment method and device for computers
CN102521496A (en) * 2011-12-02 2012-06-27 北京启明星辰信息安全技术有限公司 Method and system for acquiring importance levels of evaluation indexes
CN102663503A (en) * 2012-04-05 2012-09-12 北京联海信息系统有限公司 Information security assessment method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3716803B2 (en) * 2002-03-07 2005-11-16 オムロン株式会社 Risk assessment support device and program product

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102354355A (en) * 2011-09-30 2012-02-15 北京神州绿盟信息安全科技股份有限公司 Security risk assessment method and device for computers
CN102521496A (en) * 2011-12-02 2012-06-27 北京启明星辰信息安全技术有限公司 Method and system for acquiring importance levels of evaluation indexes
CN102663503A (en) * 2012-04-05 2012-09-12 北京联海信息系统有限公司 Information security assessment method

Also Published As

Publication number Publication date
CN104320271A (en) 2015-01-28

Similar Documents

Publication Publication Date Title
CN104320271B (en) A kind of network equipment safety evaluation method and device
Maleki et al. A comprehensive literature review of the rank reversal phenomenon in the analytic hierarchy process
CN104063612B (en) A kind of Tunnel Engineering risk profiles fuzzy evaluation method and assessment system
CN106295349A (en) Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen
CN103929330B (en) Domain name service method for evaluating quality and system
CN104202339B (en) A kind of across cloud authentication service method based on user behavior
CN105045251B (en) The demand analysis of industrial control system functional safety and information security and fusion method
CN102148820A (en) System and method for estimating network security situation based on index logarithm analysis
CN106230773A (en) Risk evaluating system based on fuzzy matrix analytic hierarchy process (AHP)
US9692779B2 (en) Device for quantifying vulnerability of system and method therefor
CN111444514A (en) Information security risk assessment method and device, equipment and storage medium
CN106487810A (en) A kind of cloud platform security postures cognitive method
CN103065050A (en) Health level judging method of information system during operation maintenance period
CN108228412A (en) A kind of method and device based on system health degree faults of monitoring system and hidden danger
CN103984623A (en) Software security risk assessment method based on defect detection
CN107231382A (en) A kind of Cyberthreat method for situation assessment and equipment
CN108108624A (en) Information security method for evaluating quality and device based on products & services
CN107292174A (en) A kind of cloud computing system security assessment method and device
CN115174353B (en) Fault root cause determining method, device, equipment and medium
CN114049026A (en) Industrial internet identification analysis risk assessment method based on analytic hierarchy process
CN104022899A (en) Three-dimensional assessment method for network management system and system
CN115640998A (en) Risk assessment method, device, equipment and storage medium
CN110110528A (en) Safety risk estimating method, device and the equipment of information system
CN114154166A (en) Abnormal data identification method, device, equipment and storage medium
Al-Zou’bi et al. Systematic statistical approach to populate missing performance data in pavement management systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee after: NSFOCUS Technologies Group Co.,Ltd.

Patentee after: NSFOCUS TECHNOLOGIES Inc.

Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd.

Patentee before: NSFOCUS TECHNOLOGIES Inc.

CP01 Change in the name or title of a patent holder