CN104320271B - A kind of network equipment safety evaluation method and device - Google Patents
A kind of network equipment safety evaluation method and device Download PDFInfo
- Publication number
- CN104320271B CN104320271B CN201410558925.8A CN201410558925A CN104320271B CN 104320271 B CN104320271 B CN 104320271B CN 201410558925 A CN201410558925 A CN 201410558925A CN 104320271 B CN104320271 B CN 104320271B
- Authority
- CN
- China
- Prior art keywords
- level
- mrow
- security
- factor
- security factor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of network equipment safety evaluation method and device, main contents to include:One-level safety coefficient corresponding to each one-level security factor and each one-level security factor is determined in one-level security factor group using analytic hierarchy process (AHP) and the linear weighted function method of average;According to the type of each one-level security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor;According to one-level safety coefficient corresponding to the weight of default each one-level security factor, each one-level security factor, initial safe assessed value is determined using weighted mean method;The initial safe assessed value is once corrected using the level of security of each one-level security factor of determination, obtains the total safety coefficient of the network equipment.So as to which there will be the security factor of severe compromise to be embodied by total safety coefficient, realizes the accurate evaluation to the authentic security performance of the network equipment.
Description
Technical field
The present invention relates to technical field of network security, more particularly to a kind of network equipment safety evaluation method and device.
Background technology
Network equipment security evaluation is an important step of network management, and accurate network security assessment can be easy to net
Network administrative staff have the understanding of a real-time to the safe condition of whole network equipment, and assisted network manager combines and assessed
The safe condition of the obtained network equipment, to oneself through occur or the potential safety hazard event that may occur diagnosed, analyze and
Forecast, provides accurate reference information for network management personnel, to determine specific solution, potential safety hazard event is done
To comprehensively and accurately tackling.
Network equipment security evaluation is the comprehensive assessment to information system security.At present, simplest statistical method is flat
Mean algorithm, the safety coefficient of each security factor involved in the network equipment is added, obtain total safety coefficient again divided by
Security factor total number is average value.
But in the network environment residing for the actual network equipment, the level of security of each security factor is different, is entered
And the influence degree to total safety coefficient is also different, the security factor that may cause to have severe compromise does not embody
Out.Therefore, above-mentioned average algorithm is relatively rough that obtained total safety coefficient can not accurately reflect whole network
The real safe coefficient of equipment.
The content of the invention
The embodiment of the present invention provides a kind of network equipment safety evaluation method and device, to solve to exist in the prior art
Can not the accurate evaluation network equipment real safe coefficient the problem of.
The embodiment of the present invention uses following technical scheme:
A kind of network equipment safety evaluation method, the network equipment applied to the security factor group comprising at least m rank
In security model, methods described includes:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP) and the linear weighted function method of average
And one-level safety coefficient corresponding to each one-level security factor;
According to the type of each one-level security factor, default level of security corresponding table is inquired about, is pacified for each one-level
Total factor determines level of security;
According to one-level safety coefficient corresponding to the weight of default each one-level security factor, each one-level security factor,
Initial safe assessed value is determined using weighted mean method;
The initial safe assessed value is once corrected using the level of security of each one-level security factor of determination,
Obtain the total safety coefficient of the network equipment;
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is one-level peace
Total factor group, lowest level are m level security key element groups.
The technical scheme implemented more than, determine that a level security will using analytic hierarchy process (AHP) and the linear weighted function method of average
One-level safety coefficient corresponding to each one-level security factor and each one-level security factor in plain group;According to described each
The type of one-level security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor;Root
According to one-level safety coefficient and each one-level corresponding to the weight of default each one-level security factor, each one-level security factor
The level of security of security factor, determine total safety coefficient in the network equipment.So as to which there will be the safety of severe compromise to want
Element is embodied by total safety coefficient, realizes the accurate evaluation to the authentic security performance of the network equipment.
A kind of network equipment security evaluation device, the network equipment applied to the security factor group comprising at least m rank
In security model, described device includes:
First determining unit, for being determined using analytic hierarchy process (AHP) and the linear weighted function method of average in one-level security factor group
One-level safety coefficient corresponding to each one-level security factor and each one-level security factor;
Searching unit, for the type according to each one-level security factor, default level of security corresponding table is searched,
Level of security is determined for each one-level security factor;
Second determining unit, for the weight according to default each one-level security factor, each one-level security factor pair
The one-level safety coefficient answered, initial safe assessed value is determined using weighted mean method;
Amending unit, the level of security for each one-level security factor using determination are commented the initial safe
Valuation is once corrected, and obtains determining the total safety coefficient of the network equipment;
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is one-level peace
Total factor group, lowest level are m level security key element groups.
The technical scheme implemented more than, determine that a level security will using analytic hierarchy process (AHP) and the linear weighted function method of average
One-level safety coefficient corresponding to each one-level security factor and each one-level security factor in plain group;According to described each
The type of one-level security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor;Root
According to one-level safety coefficient and each one-level corresponding to the weight of default each one-level security factor, each one-level security factor
The level of security of security factor, determine total safety coefficient in the network equipment.So as to which there will be the safety of severe compromise to want
Element is embodied by total safety coefficient, realizes the accurate evaluation to the authentic security degree of the network equipment.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, make required in being described below to embodiment
Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, without having to pay creative labor, it can also be obtained according to these accompanying drawings
His accompanying drawing.
Fig. 1 is the network equipment Security Evaluation Model involved by the embodiment of the present invention;
Fig. 2 is a kind of step flow chart for network equipment safety evaluation method that the embodiment of the present invention one provides;
Fig. 3 is a kind of structural representation for network equipment security evaluation device that the embodiment of the present invention two provides;
Fig. 4 is the structural representation for another network equipment security evaluation device that the embodiment of the present invention two provides.
Embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, the present invention is made below in conjunction with accompanying drawing into
One step it is described in detail, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole implementation
Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made
All other embodiment, belongs to the scope of protection of the invention.
, it is necessary to establish assessment models before network equipment security evaluation is carried out, specifically include but be not limited to utilize layer
Fractional analysis (Analytic Hierarchy Process, AHP), the system of the network equipment is divided into safely comprising multiple one-levels
Security factor (such as:Leak, PC safety etc.) one-level security factor group, then, then each one-level security factor carried out thin
Get multiple secondary safety key element groups comprising multiple secondary safety key elements, as shown in figure 1, continue in the same way into
Row division, gradually obtains AHP hierarchy structure charts, network equipment Security Evaluation Model as involved in the present invention.It is so-called
Analytic hierarchy process (AHP), it is that the key element relevant with decision-making is resolved into the levels such as target, criterion, scheme, is determined herein on basis
Property and the decision-making technique of quantitative analysis.The level of assessment models can be divided into multilayer, that is, establish the security factor group of multiple ranks,
The present invention is mainly said for the ease of illustrating with the assessment models comprising one-level security factor and secondary safety key element group
It is bright.
Scheme involved in the present invention is described in detail below by specific embodiment, it is necessary to illustrate,
The present invention includes but is not limited to following examples.
Embodiment one:
As shown in Fig. 2 a kind of step flow chart of the network equipment safety evaluation method provided for the embodiment of the present invention one,
This method is applied in the network equipment security model of the security factor group comprising at least m rank, mainly includes the following steps that:
Step 11:Each one-level peace in one-level security factor group is determined using analytic hierarchy process (AHP) and the linear weighted function method of average
One-level safety coefficient corresponding to each one-level security factor of total factor and institute.
In embodiments of the present invention, one-level safety coefficient is in the secondary safety key element group included by the one-level security factor
Each secondary safety key element weight and each secondary safety key element corresponding to secondary safety coefficient determine, further,
Secondary safety coefficient can also be each three-level security factor in the three-level security factor group included by the secondary safety key element
Weight and each three-level security factor corresponding to three-level safety coefficient determine, the like, the safety of lowest level will
Element can determine the safety coefficient of the other security factor of upper level by default safety coefficient and weight, i.e., each rank
It is associated between safety coefficient.
Wherein, each one-level safety coefficient reflects the height of the safety grade of corresponding one-level security factor, if
The value of one-level safety coefficient is higher, then the safety grade of corresponding one-level security factor is higher, and vice versa.
Preferably, in actual evaluation process, the safety coefficient and weight of the other security factor of lower level are to total safety
The influence of coefficient is more weak, therefore, can be just for when in the network equipment security model in order to simplify the fussy degree of assessment
During security factor group comprising two ranks, one-level security factor group is determined using analytic hierarchy process (AHP) and the linear weighted function method of average
In one-level safety coefficient corresponding to each one-level security factor and each one-level security factor, specifically include but be not limited to adopt
With the following methods:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP), will for each level security
Element, determine secondary safety corresponding to each secondary safety key element that the one-level security factor includes and each secondary safety key element
Coefficient;
Pacified according to weight of the default each secondary safety key element in corresponding one-level security factor, and each two level
Secondary safety coefficient corresponding to total factor, it is determined that one-level safety coefficient corresponding to each one-level security factor.
Step 12:According to the type of each one-level security factor, default level of security corresponding table is inquired about, is each one-level
Security factor determines level of security.
After weight and each one-level safety coefficient that each one-level security factor is determined in a step 11, if merely
Assessed using the linear weighted function method of average, then probably due to ignoring the level of security of each one-level security factor, and then
Serious estimation error is caused, the evaluated network equipment serious potential safety hazard is always present.Below with specific example
Analyzed:
The evaluated network equipment involved in the present invention can be that computer, PC, pad, mobile terminal etc. can link
The equipment of internet.The present invention is by taking computer as an example.
It is assumed that the network equipment that internet is connect for computer A, computer B, computer C, the chain of stations of computer D tetra- is carried out
Network equipment security evaluation.And computer A~computer D utilizes step 11 comprising this 10 one-level security factors of S1~S10
Mode determine each one-level security factor and each one-level safety coefficient, as shown in table 1, the level security in computer A
Key element S1~S10 one-level safety coefficient is 9 (being represented by S1=9, S2=9 ... S10=9), it is seen that each one-level peace
The security of total factor is all relatively good, but could be improved;One-level security factor S1~S8, S10 in computer B are
10, the security of S1~S8, S10 compared to computer A are all higher, and still, the one-level security factor S9 in computer B is 0,
Show that the one-level security factor S9 in computer B has serious safety problem.If put down according to linear weighted function of the prior art
Equal method is calculated, and computer A total safety coefficient is 9, and computer B total safety coefficient is also 9, and computer C is the same as computer B
Situation it is the same.Although the total safety coefficient of three computers is the same in table 1, actual safety grade is completely
Different.
S1 | S2 | S3 | S4 | S5 | S6 | S7 | S8 | S9 | S10 | Total safety coefficient | |
Computer A | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 |
Computer B | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 0 | 10 | 9 |
Computer C | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 0 | 9 |
Computer D | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 0 | 8.1 |
Table 1
Because the value of the safety coefficient for the one-level security factor for there are 9 in computer B, computer C is higher, compensate for depositing
In influence of the one-level security factor to computer B, computer C total safety coefficient of severe compromise, however, this make up
Only it is embodied on the total safety coefficient assessed and obtained, can not really makes up the operation of computer B, computer C in reality
During potential safety hazard.Therefore, the total safety coefficient obtained using the linear weighted function method of average can not reflect calculating exactly
The potential safety hazard of machine physical presence.
The most weak link of system is frequently found in view of potential safety hazard, a serious loophole is enough to influence whole system
Total safety coefficient.Similar to " Bucket Principle ":The capacity of one wooden barrel being spliced by some planks is by most short one
Bar plank determines.Therefore, the embodiment of the present invention introduces the level of security for the safety grade that can reflect different security factors, and
Based on experience value or statistical has pre-established the corresponding relation of security factor and level of security.Then, according to each one-level
The type of security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor.
In embodiments of the present invention, the security factor and the corresponding relation of level of security pre-established can be with level of security
Corresponding table is shown, and specifically, the default level of security corresponding table can be set in the following ways:
The first step, gather the multiple one-level security factors occurred in the network equipment security model.
Specifically, record system can be carried out to each the one-level security factor occurred by existing statistical method
Meter.
Second step, classifying and grading processing is carried out according to the type of multiple one-level security factors and safe coefficient, obtained pre-
If the security factor shelves of number, wherein, each security factor shelves are corresponding with the level of security to match.
Wherein, the type of one-level security factor includes but is not limited to herein below:
Antivirus software, serious logical device defect and process defect, sensitive information leakage, unauthorized access, peace are not installed
Fill dangerous software, the unsafe application of installation or system, local refusal service leak, common logical design defect and flow
Defect etc..
Generally, by the operation of the first step and second step, you can set for different types of one-level security factor
Determine level of security corresponding table, as shown in table 2, according to the safe coefficient of one-level security factor from low to high, set gradually 0~9 this
10 ranks, the safety coefficient of one-level security factor corresponding to 0 rank are the peace of one-level security factor corresponding to 0~1,1 rank
Overall coefficient is that the safety coefficient of one-level security factor corresponding to 1~2,2 ranks is 2~3, by that analogy, one-level corresponding to 9 ranks
The safety coefficient of security factor is 9~10.The value of safety coefficient is not limited to integer, can also be non-integer, and the present invention is only
It is for the ease of calculating, being illustrated by taking integer as an example.In addition, it is necessary to explanation, the table 2 is applied to the with good grounds level point of institute
Analysis method establishes the network equipment of assessment models.
Table 2
The level of security of S1~S10 in network equipment security model is inquired about according to table 2, obtained as shown in table 3
Result:
S1 | S2 | S3 | S4 | S5 | S6 | S7 | S8 | S9 | S10 | |
Computer A | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 |
Computer B | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 0 | 10 |
Computer C | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 0 |
Computer D | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 0 |
Level of security | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 3 | 2 |
Table 3
Wherein, S1~S8 level of security is 8, and the security type for representing S1~S8 is:Slight information leakage is difficult to profit
With but the leak of potential safety hazard be present, such as:Routing information leakage etc..S9 level of security is 3, and potential safety hazard is higher, is represented
S9 security type is:Unauthorized access, such as the direct Access Management Access backstage of bypassing authentication, backstage weak password etc..S10 safe level
Not Wei 2, higher compared to S9 potential safety hazard, the security type for representing S10 is:Sensitive information leakage, such as source code compression
Sensitive information leakage of bag leakage or plaintext etc..
Step 13:Pacified according to one-level corresponding to the weight of default each one-level security factor, each one-level security factor
Overall coefficient, initial safe assessed value is determined using weighted mean method.
The p represents initial safe assessed value, and described(wherein, the SiRepresent i-th of one-level peace
The safety coefficient of total factor, the wiRepresent one-level security factor SiWeight).
Step 14:One is carried out to the initial safe assessed value using the level of security of each one-level security factor of determination
Secondary amendment, obtain the total safety coefficient of the network equipment.
Wherein, m is positive integer more than or equal to 1, and in the network equipment security model, highest level is one-level security factor
Group, lowest level are m level security key element groups.
Specifically, one is carried out to the initial safe assessed value using the level of security of each one-level security factor of determination
Secondary amendment, the total safety coefficient of the network equipment is obtained, can be calculated by below equation (1):
Wherein, the S represents total safety coefficient, and i represents the number of one-level security factor in one-level security factor group, described
P represents initial safe assessed value, and described(wherein, the SiRepresent the safety of i-th of one-level security factor
Coefficient, the wiRepresent one-level security factor SiWeight);The λiValue is 1 or 0 (wherein, as S in one-level security factori
When=0, λi=1;As S in one-level security factoriWhen ≠ 0, λi=0);The CiRepresent one-level security factor SiLevel of security.
Still by taking computer A~computer D as an example, in table 3, list corresponding to each one-level security factor and be safely
Number and level of security, it is assumed that the weight of each one-level security factor is all 0.1 in the embodiment of the present invention, then w1~w10It is
0.1.According to above-mentioned formula (1), first computing computer A total safety coefficient SA, due to for computer A one-level security factors
S1~S10 safety coefficient is nonzero value, then Section 1 is equal in formula 1As 9.Section 2 value is 0,
Then SAValue be 9.Similarly, for computer B total safety coefficient SB, computer C total safety coefficient SC, computer D it is total
Safety coefficient SD, also can respectively obtain S according to above-mentioned formulaBValue for 3, SCValue for 2, SDValue be 2.Such as table 4
It is shown, it is determined that when total safety coefficient, the weight and safety coefficient of each one-level security factor are not only allowed for, is also examined
Consider the level of security of each one-level security factor, so as to so that the safety coefficient of the relatively low one-level security factor of level of security
It when relatively low, can intuitively be embodied by total safety coefficient, reflect the system peace of the network equipments such as computer well
Whole degree.
S1 | S2 | S3 | S4 | S5 | S6 | S7 | S8 | S9 | S10 | Total safety coefficient | |
Computer A | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 |
Computer B | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 0 | 10 | 3 |
Computer C | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 10 | 0 | 2 |
Computer D | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 9 | 0 | 2 |
Level of security | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 3 | 2 |
Table 4
Found however, further carrying out analysis to the data in table 4, for computer C and computer D, both one-levels
Security factor S10 safety coefficient is 0, it is seen then that S1 potential safety hazard is more high;Computer C S1~S9 safety coefficient
It is 10, computer D S1~S9 safety coefficient is 9, it is seen then that computer C system safe coefficient is preferable, and computer
The certain hidden danger of D system security presence.It is obvious that computer C security is more safe than computer D, but, press
The total safety coefficient obtained according to formula (1) is equal, is all 2.It can be seen that it is calculated in the way of formula (1) total
Safety coefficient can not accurately still reflect the real safe coefficient of computer.
In view of the presence of above mentioned problem, it is determined that after total safety coefficient, in order to make total safety coefficient more accurate
The real safe coefficient of reflection computer, the network equipment safety evaluation method also add to be repaiied to the secondary of total safety coefficient
Positive process, is specifically including but not limited in the following manner:
Work as SiWhen=0, according to except SiOutside other security factors level of security to total safety coefficient in the network equipment
Second-order correction is carried out, is corrected especially by below equation (2):
Wherein, S ' represents the total safety coefficient after second-order correction;I represents one-level security factor in one-level security factor group
Number, S represent total safety coefficient in the network equipment;SiRepresent the safety coefficient of i-th of one-level security factor, wiRepresent one-level peace
Total factor SiWeight;λiValue is 1 or 0, (wherein, as S in one-level security factoriWhen=0, λi=1;When one-level security factor
Middle SiWhen ≠ 0, λi=0;C represents the number of level of security in default level of security corresponding table.
In addition, in the embodiment of the present invention, by the derivation of equation, the pass between formula (1) and formula (2) can also be utilized
System, is directly calculated total safety coefficient using below equation (3).
According to above-mentioned formula (2), result as shown in table 5 is calculated.
Table 5
From the content of above-mentioned table 5, computer C S1~S9 value (being 10) and computer D S1~S9
Value (being 9) differs, and its total safety coefficient each reflected should also be different, i.e., according to formula (2)
Total safety coefficient is modified so that total safety coefficient correction value more can accurately reflect that system for computer is true safely
Real safe coefficient.
The technical scheme implemented more than, determine that a level security will using analytic hierarchy process (AHP) and the linear weighted function method of average
One-level safety coefficient corresponding to each one-level security factor and each one-level security factor in plain group;According to described each
The type of one-level security factor, default level of security corresponding table is inquired about, level of security is determined for each one-level security factor;Root
According to one-level safety coefficient and each one-level corresponding to the weight of default each one-level security factor, each one-level security factor
The level of security of security factor, determine total safety coefficient in the network equipment.So as to which there will be the safety of severe compromise to want
Element is embodied by total safety coefficient, realizes the accurate evaluation to the authentic security performance of the network equipment.
Based on same inventive concept is belonged to above-mentioned network equipment safety evaluation method, the embodiment of the present invention additionally provides one
Kind network equipment security evaluation device.
Embodiment two:
As shown in figure 3, a kind of structural representation of the network equipment security evaluation device provided for the embodiment of the present invention two,
The apparatus for evaluating is applied in the network equipment security model of the security factor group comprising at least m rank, specifically includes following
Construction unit:
First determining unit 21, for determining one-level security factor group using analytic hierarchy process (AHP) and the linear weighted function method of average
In one-level safety coefficient corresponding to each one-level security factor and each one-level security factor.
Searching unit 22, for the type according to each one-level security factor, it is corresponding to search default level of security
Table, level of security is determined for each one-level security factor.
Second determining unit 23, for the weight according to default each one-level security factor, each one-level security factor
Corresponding one-level safety coefficient, initial safe assessed value is determined using weighted mean method.
Amending unit 24, for the level of security using each one-level security factor determined to the initial safe
Assessed value is once corrected, and obtains the total safety coefficient of the network equipment.
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is one-level peace
Total factor group, lowest level are m level security key element groups.
Preferably, when including the security factor group of two ranks in the network equipment security model, described first is true
Order member 21, is specifically used for:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP), will for each level security
Element, determine two level corresponding to each secondary safety key element that the one-level security factor includes and each secondary safety key element
Safety coefficient;
Pacified according to weight of the default each secondary safety key element in corresponding one-level security factor, and each two level
Secondary safety coefficient corresponding to total factor, it is determined that one-level safety coefficient corresponding to each one-level security factor.
Preferably, an amending unit 24, total safety coefficient is calculated especially by below equation (1):
Wherein, the i represents the number of one-level security factor in one-level security factor group, and the p represents that initial safe is commented
Valuation, and it is described(wherein, the SiRepresent the safety coefficient of i-th of one-level security factor, the wiRepresent
One-level security factor SiWeight);The λiValue is 1 or 0 (wherein, as S in one-level security factoriWhen=0, λi=1;When one
S in level security key elementiWhen ≠ 0, λi=0);The CiRepresent one-level security factor SiLevel of security.
Preferably, as shown in figure 4, described device also includes:
Second-order correction unit 25, for it is determined that after total safety coefficient, working as SiWhen=0, according to except SiOutside other peace
The level of security of total factor is modified to total safety coefficient in the network equipment, is corrected especially by below equation (2):
Wherein, the S ' represents the total safety coefficient after second-order correction;The i represents that one-level is pacified in one-level security factor group
The number of total factor, the S represent total safety coefficient in the network equipment;The SiRepresent the safety of i-th of one-level security factor
Coefficient, the wiRepresent one-level security factor SiWeight;The λiValue is 1 or 0, (wherein, as S in one-level security factori
When=0, λi=1;As S in one-level security factoriWhen ≠ 0, λi=0;C represents level of security in default level of security corresponding table
Number.
Preferably, the default level of security corresponding table, sets in the following manner:Gather the safe mould of the network equipment
The multiple one-level security factors occurred in type, and carried out according to the type and safe coefficient of the multiple one-level security factor
Classifying and grading processing, obtains the security factor shelves of predetermined number, wherein, each security factor shelves are corresponding with the safe level to match
Not.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent
Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention
God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these changes and modification.
Claims (8)
1. a kind of network equipment safety evaluation method, the network equipment applied to the security factor group comprising at least m rank is pacified
In full model, it is characterised in that methods described includes:
Using analytic hierarchy process (AHP) and the linear weighted function method of average determine in one-level security factor group each one-level security factor and
One-level safety coefficient corresponding to each one-level security factor;
According to the type of each one-level security factor, default level of security corresponding table is inquired about, will for each level security
Element determines level of security;
According to one-level safety coefficient corresponding to the weight of default each one-level security factor, each one-level security factor, utilize
Weighted mean method determines initial safe assessed value;
The initial safe assessed value is once corrected using the level of security of each one-level security factor of determination, obtained
The total safety coefficient of the network equipment;
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is that a level security is wanted
Plain group, lowest level is m level security key element groups;
The initial safe assessed value is once corrected using the level of security of each one-level security factor of determination, obtained
The total safety coefficient of the network equipment, calculated especially by below equation (1):
<mrow>
<mi>S</mi>
<mo>=</mo>
<munderover>
<mo>&Pi;</mo>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<msub>
<mi>&lambda;</mi>
<mi>i</mi>
</msub>
<mo>*</mo>
<mi>p</mi>
<mo>+</mo>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>-</mo>
<munderover>
<mo>&Pi;</mo>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<msub>
<mi>&lambda;</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>*</mo>
<munder>
<mrow>
<mi>M</mi>
<mi>i</mi>
<mi>n</mi>
</mrow>
<mrow>
<mn>1</mn>
<mo>&le;</mo>
<mi>i</mi>
<mo>&le;</mo>
<mi>n</mi>
</mrow>
</munder>
<mrow>
<mo>(</mo>
<mo>(</mo>
<mrow>
<mn>1</mn>
<mo>-</mo>
<msub>
<mi>&lambda;</mi>
<mi>i</mi>
</msub>
</mrow>
<mo>)</mo>
<mo>*</mo>
<msub>
<mi>C</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>-</mo>
<mo>-</mo>
<mo>-</mo>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>)</mo>
</mrow>
</mrow>
Wherein, the i represents the number of one-level security factor in one-level security factor group, and the p represents initial safe assessed value,
It is and describedWherein, the SiRepresent the safety coefficient of i-th of one-level security factor, the wiRepresent one-level
Security factor SiWeight;The λiValue is 1 or 0, wherein, as S in one-level security factoriWhen=0, λi=1;When one-level is pacified
S in total factoriWhen ≠ 0, λi=0;The CiRepresent one-level security factor SiLevel of security.
2. the method as described in claim 1, it is characterised in that when including two ranks in the network equipment security model
During security factor group, each level security in one-level security factor group is determined using analytic hierarchy process (AHP) and the linear weighted function method of average
One-level safety coefficient corresponding to key element and each one-level security factor, is specifically included:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP), for each one-level security factor,
Determine two level peace corresponding to each secondary safety key element that the one-level security factor includes and each secondary safety key element
Overall coefficient;
Using the linear weighted function method of average, according to power of the default each secondary safety key element in corresponding one-level security factor
Weight, and secondary safety coefficient corresponding to each secondary safety key element, it is determined that a level security corresponding to each one-level security factor
Coefficient.
3. the method as described in claim 1, it is characterised in that it is determined that after total safety coefficient, methods described also includes:
Work as SiWhen=0, according to except SiOutside the level of securitys of other security factors total safety coefficient in the network equipment is entered
Row second-order correction, corrected especially by below equation (2):
<mrow>
<msup>
<mi>S</mi>
<mo>,</mo>
</msup>
<mo>=</mo>
<mi>S</mi>
<mo>+</mo>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>-</mo>
<munderover>
<mo>&Pi;</mo>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<msub>
<mi>&lambda;</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>&lsqb;</mo>
<mfrac>
<mrow>
<munderover>
<mo>&Sigma;</mo>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<mrow>
<mo>(</mo>
<msub>
<mi>w</mi>
<mi>i</mi>
</msub>
<mo>*</mo>
<msub>
<mi>S</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
</mrow>
<mi>C</mi>
</mfrac>
<mo>&rsqb;</mo>
<mo>-</mo>
<mo>-</mo>
<mo>-</mo>
<mrow>
<mo>(</mo>
<mn>2</mn>
<mo>)</mo>
</mrow>
</mrow>
Wherein, the S ' represents the total safety coefficient after second-order correction;The i represents that a level security will in one-level security factor group
The number of element, the S represent total safety coefficient in the network equipment;The SiThe safety coefficient of i-th of one-level security factor is represented,
The wiRepresent one-level security factor SiWeight;The λiValue is 1 or 0, wherein, as S in one-level security factoriWhen=0, λi
=1;As S in one-level security factoriWhen ≠ 0, λi=0;C represents the number of level of security in default level of security corresponding table.
4. the method as described in claim 1, it is characterised in that the default level of security corresponding table, in the following manner
Setting:
The multiple one-level security factors occurred in the network equipment security model are gathered, and will according to a multiple level security
The type and safe coefficient of element carry out classifying and grading processing, obtain the security factor shelves of predetermined number, wherein, each safety will
Plain shelves are corresponding with the level of security to match.
5. a kind of network equipment security evaluation device, the network equipment applied to the security factor group comprising at least m rank is pacified
In full model, it is characterised in that described device includes:
First determining unit, it is each in one-level security factor group for being determined using analytic hierarchy process (AHP) and the linear weighted function method of average
One-level safety coefficient corresponding to one-level security factor and each one-level security factor;
Searching unit, for the type according to each one-level security factor, default level of security corresponding table is searched, is each
Individual one-level security factor determines level of security;
Second determining unit, for corresponding to the weight according to default each one-level security factor, each one-level security factor
One-level safety coefficient, initial safe assessed value is determined using weighted mean method;
Amending unit, for the level of security using each one-level security factor determined to the initial safe assessed value
Once corrected, obtain the total safety coefficient of the network equipment;
Wherein, the m is positive integer more than or equal to 1, and in the network equipment security model, highest level is that a level security is wanted
Plain group, lowest level is m level security key element groups;
Amending unit, total safety coefficient is calculated especially by below equation (1):
<mrow>
<mi>S</mi>
<mo>=</mo>
<munderover>
<mo>&Pi;</mo>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<msub>
<mi>&lambda;</mi>
<mi>i</mi>
</msub>
<mo>*</mo>
<mi>p</mi>
<mo>+</mo>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>-</mo>
<munderover>
<mo>&Pi;</mo>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<msub>
<mi>&lambda;</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>*</mo>
<munder>
<mrow>
<mi>M</mi>
<mi>i</mi>
<mi>n</mi>
</mrow>
<mrow>
<mn>1</mn>
<mo>&le;</mo>
<mi>i</mi>
<mo>&le;</mo>
<mi>n</mi>
</mrow>
</munder>
<mrow>
<mo>(</mo>
<mo>(</mo>
<mrow>
<mn>1</mn>
<mo>-</mo>
<msub>
<mi>&lambda;</mi>
<mi>i</mi>
</msub>
</mrow>
<mo>)</mo>
<mo>*</mo>
<msub>
<mi>C</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>-</mo>
<mo>-</mo>
<mo>-</mo>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>)</mo>
</mrow>
</mrow>
Wherein, the i represents the number of one-level security factor in one-level security factor group, and the p represents initial safe assessed value,
It is and describedWherein, the SiRepresent the safety coefficient of i-th of one-level security factor, the wiRepresent one-level
Security factor SiWeight;The λiValue is 1 or 0, wherein, as S in one-level security factoriWhen=0, λi=1;When one-level is pacified
S in total factoriWhen ≠ 0, λi=0;The CiRepresent one-level security factor SiLevel of security.
6. device as claimed in claim 5, it is characterised in that when including two ranks in the network equipment security model
During security factor group, first determining unit, it is specifically used for:
Each one-level security factor in one-level security factor group is determined using analytic hierarchy process (AHP), for each one-level security factor,
Determine two level peace corresponding to each secondary safety key element that the one-level security factor includes and each secondary safety key element
Overall coefficient;
Using the linear weighted function method of average, according to power of the default each secondary safety key element in corresponding one-level security factor
Weight, and secondary safety coefficient corresponding to each secondary safety key element, it is determined that a level security corresponding to each one-level security factor
Coefficient.
7. device as claimed in claim 5, it is characterised in that described device also includes:
Second-order correction unit, for it is determined that after total safety coefficient, working as SiWhen=0, according to except SiOutside other security factors
Level of security in the network equipment total safety coefficient carry out second-order correction, especially by below equation (2) correct:
<mrow>
<msup>
<mi>S</mi>
<mo>,</mo>
</msup>
<mo>=</mo>
<mi>S</mi>
<mo>+</mo>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>-</mo>
<munderover>
<mo>&Pi;</mo>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<msub>
<mi>&lambda;</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>&lsqb;</mo>
<mfrac>
<mrow>
<munderover>
<mo>&Sigma;</mo>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<mrow>
<mo>(</mo>
<msub>
<mi>w</mi>
<mi>i</mi>
</msub>
<mo>*</mo>
<msub>
<mi>S</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
</mrow>
<mi>C</mi>
</mfrac>
<mo>&rsqb;</mo>
<mo>-</mo>
<mo>-</mo>
<mo>-</mo>
<mrow>
<mo>(</mo>
<mn>2</mn>
<mo>)</mo>
</mrow>
</mrow>
Wherein, the S ' represents the total safety coefficient after second-order correction;The i represents that a level security will in one-level security factor group
The number of element, the S represent total safety coefficient in the network equipment;The SiThe safety coefficient of i-th of one-level security factor is represented,
The wiRepresent one-level security factor SiWeight;The λiValue is 1 or 0, wherein, as S in one-level security factoriWhen=0, λi
=1;As S in one-level security factoriWhen ≠ 0, λi=0;C represents the number of level of security in default level of security corresponding table.
8. device as claimed in claim 5, it is characterised in that the default level of security corresponding table, in the following manner
Setting:
The multiple one-level security factors occurred in the network equipment security model are gathered, and will according to a multiple level security
The type and safe coefficient of element carry out classifying and grading processing, obtain the security factor shelves of predetermined number, wherein, each safety will
Plain shelves are corresponding with the level of security to match.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410558925.8A CN104320271B (en) | 2014-10-20 | 2014-10-20 | A kind of network equipment safety evaluation method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410558925.8A CN104320271B (en) | 2014-10-20 | 2014-10-20 | A kind of network equipment safety evaluation method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104320271A CN104320271A (en) | 2015-01-28 |
CN104320271B true CN104320271B (en) | 2017-11-21 |
Family
ID=52375446
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410558925.8A Active CN104320271B (en) | 2014-10-20 | 2014-10-20 | A kind of network equipment safety evaluation method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104320271B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105282131B (en) * | 2015-02-10 | 2018-10-23 | 中国移动通信集团广东有限公司 | Method of Information Security Evaluation, apparatus and system based on the scanning of risk item |
JP6901979B2 (en) * | 2018-02-21 | 2021-07-14 | 株式会社日立製作所 | Security evaluation server and security evaluation method |
CN109325685A (en) * | 2018-09-21 | 2019-02-12 | 郑州云海信息技术有限公司 | A kind of product safety test method and device |
CN110311838B (en) * | 2019-07-24 | 2021-05-04 | 绿盟科技集团股份有限公司 | Method and device for counting safety service flow |
CN112598334B (en) * | 2021-01-08 | 2024-04-19 | 中国商用飞机有限责任公司北京民用飞机技术研究中心 | Avionics safety coefficient determination method and device, computer equipment and storage medium |
CN113127882B (en) * | 2021-04-23 | 2023-06-09 | 杭州安恒信息安全技术有限公司 | Terminal safety protection method, device, equipment and readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102354355A (en) * | 2011-09-30 | 2012-02-15 | 北京神州绿盟信息安全科技股份有限公司 | Security risk assessment method and device for computers |
CN102521496A (en) * | 2011-12-02 | 2012-06-27 | 北京启明星辰信息安全技术有限公司 | Method and system for acquiring importance levels of evaluation indexes |
CN102663503A (en) * | 2012-04-05 | 2012-09-12 | 北京联海信息系统有限公司 | Information security assessment method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3716803B2 (en) * | 2002-03-07 | 2005-11-16 | オムロン株式会社 | Risk assessment support device and program product |
-
2014
- 2014-10-20 CN CN201410558925.8A patent/CN104320271B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102354355A (en) * | 2011-09-30 | 2012-02-15 | 北京神州绿盟信息安全科技股份有限公司 | Security risk assessment method and device for computers |
CN102521496A (en) * | 2011-12-02 | 2012-06-27 | 北京启明星辰信息安全技术有限公司 | Method and system for acquiring importance levels of evaluation indexes |
CN102663503A (en) * | 2012-04-05 | 2012-09-12 | 北京联海信息系统有限公司 | Information security assessment method |
Also Published As
Publication number | Publication date |
---|---|
CN104320271A (en) | 2015-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104320271B (en) | A kind of network equipment safety evaluation method and device | |
Maleki et al. | A comprehensive literature review of the rank reversal phenomenon in the analytic hierarchy process | |
CN104063612B (en) | A kind of Tunnel Engineering risk profiles fuzzy evaluation method and assessment system | |
CN106295349A (en) | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen | |
CN103929330B (en) | Domain name service method for evaluating quality and system | |
CN104202339B (en) | A kind of across cloud authentication service method based on user behavior | |
CN105045251B (en) | The demand analysis of industrial control system functional safety and information security and fusion method | |
CN102148820A (en) | System and method for estimating network security situation based on index logarithm analysis | |
CN106230773A (en) | Risk evaluating system based on fuzzy matrix analytic hierarchy process (AHP) | |
US9692779B2 (en) | Device for quantifying vulnerability of system and method therefor | |
CN111444514A (en) | Information security risk assessment method and device, equipment and storage medium | |
CN106487810A (en) | A kind of cloud platform security postures cognitive method | |
CN103065050A (en) | Health level judging method of information system during operation maintenance period | |
CN108228412A (en) | A kind of method and device based on system health degree faults of monitoring system and hidden danger | |
CN103984623A (en) | Software security risk assessment method based on defect detection | |
CN107231382A (en) | A kind of Cyberthreat method for situation assessment and equipment | |
CN108108624A (en) | Information security method for evaluating quality and device based on products & services | |
CN107292174A (en) | A kind of cloud computing system security assessment method and device | |
CN115174353B (en) | Fault root cause determining method, device, equipment and medium | |
CN114049026A (en) | Industrial internet identification analysis risk assessment method based on analytic hierarchy process | |
CN104022899A (en) | Three-dimensional assessment method for network management system and system | |
CN115640998A (en) | Risk assessment method, device, equipment and storage medium | |
CN110110528A (en) | Safety risk estimating method, device and the equipment of information system | |
CN114154166A (en) | Abnormal data identification method, device, equipment and storage medium | |
Al-Zou’bi et al. | Systematic statistical approach to populate missing performance data in pavement management systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee after: NSFOCUS Technologies Group Co.,Ltd. Patentee after: NSFOCUS TECHNOLOGIES Inc. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Patentee before: NSFOCUS TECHNOLOGIES Inc. |
|
CP01 | Change in the name or title of a patent holder |