CN106789955B - A kind of network security situation evaluating method - Google Patents
A kind of network security situation evaluating method Download PDFInfo
- Publication number
- CN106789955B CN106789955B CN201611086924.3A CN201611086924A CN106789955B CN 106789955 B CN106789955 B CN 106789955B CN 201611086924 A CN201611086924 A CN 201611086924A CN 106789955 B CN106789955 B CN 106789955B
- Authority
- CN
- China
- Prior art keywords
- security
- network
- host
- assessment
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of network security situation evaluating methods, 1) it is the following steps are included: determine the significance level weight of each network equipment and host;2) each network equipment and host are assessed respectively;3) assessment result of each network equipment and host is integrated as the assessment result of overall network system.The present invention is divided into three phases centered on asset of equipments, by evaluation process: first is that determining the significance level weight of each asset of equipments;Second is that the security postures to individual equipment assets are assessed respectively;Third is that the assessment result of comprehensive all devices assets is the security postures of whole network.Wherein, assessment to individual equipment assets, assessment factor is divided into 8 classes, respectively attacker's ability, attack consequence, loophole harm, loophole propagation, safety measure, security configuration correctness, security strategy, security strategy executive condition, from the angular quantification security postures threatened with defence confrontation.
Description
Technical field
The present invention relates to a kind of network security situation evaluating methods, belong to technical field of network security.
Background technique
With the application popularization of internet, network size is increasing, also becomes increasingly complex.Correspondingly, network attack
Develop towards the direction of distribution, scale, complication.For network management personnel, there is an urgent need to can be to network security
The safety product that whole situation is shown.
So-called network safety situation is to refer to expression attack and cyber-defence measure etc. by various factors institute
The network safe state of composition, and shown in the form of numerical quantization.Networks security situation assessment can help network pipe
Reason personnel understand the state of current network security, and targetedly taking safety measures prevents potential risks.
Currently, have it is some be related to the patent of network security situation evaluating method, it is as follows:
1) " a kind of network security situation evaluating method and its system " (application number: 200810240733.7),
2) " a kind of network security situation evaluating method " (application number: 200910082181.6),
3) " network security situation sensing system and its method based on information association " (application number:
201010233950.0),
4) " a kind of network security situation evaluating method and system " (application number: 201010292870.2),
5) " it is a kind of based on refer to logit analysis networks security situation assessment system and method " (application number:
201110008617.4),
6) " service-oriented large-scale network security Situation Assessment device and method " (application number:
201110052330.1),
7) " the network safety situation fuzzy evaluation method based on uncertain data " (application number: 201110310406.6),
8) " large-scale network security situation evaluation based on index system " (application number: 201110310753.9),
9) " a kind of network security situation evaluating method " (application number: 201110443114.X),
10) " a kind of network security situation evaluating method " (application number: 201410668554.9),
11) " network security situation evaluating method based on fuzzy coarse central " (application number: 201510593297.1),
12) " a kind of data processing method and device " (application number: 201510890581.5).
These methods propose the appraisal procedure of network safety situation based on different theories from different angles.It is general next
Saying current method all is that whole network system is divided into individual host, comprehensive by the safety situation evaluation to individual host
For the safety situation evaluation result of whole network system.But current method has two: first is that drawing by network system
When being divided into individual host, the weight of host is not easy to determine;Second is that influencing the factor of security postures, that is, assessment element is inadequate
Comprehensively.These problems affect the accuracy of security postures final assessment result.
Summary of the invention
In view of the above deficiencies, the present invention provides a kind of network security situation evaluating methods, can be according to acquired
Network security data, the security postures of quantitative evaluation whole network.
The present invention solves its technical problem and adopts the technical scheme that: a kind of network security situation evaluating method, it includes
Following steps:
1) the significance level weight of each network equipment and host is determined;
2) each network equipment and host are assessed respectively;
3) assessment result of each network equipment and host is integrated as the assessment result of overall network system.
Preferably, in step 1), the specific determination process of the significance level weight of the network equipment and host includes following
Step:
Step 101: assuming that network includes n information system, and being distributed and be deployed in m equipment, n information system is to net
The significance level of network is respectively x1, x2..., xn, then have:
Step 102: construction m * n matrix:
Wherein:
The significance level of 103:m equipment of step is y1, y2..., ym, enable Y=[y1y2...ym]T, X=[x1x2...xn]T,
Then have:
Wherein, A is the m * n matrix constructed in step 102.
Preferably, in step 2), the assessment element that the network equipment and host are assessed include: attacker's ability,
Attack consequence, loophole harm, loophole propagation, anti-attack ability, configuration correctness, security strategy and security strategy executive condition.
Preferably, the attacking ability of attacker when attacker's ability is the network equipment and host under attack;It is described
Attack consequence is that attack suffered by the network equipment and host is damaged caused by the network equipment and host;The loophole endangers
Loophole possessed by the network equipment and host, fragility are to its potential threat;It is the network equipment and host that the loophole, which is propagated,
There are multiple loopholes the threat to the network equipment and host is caused by the potential utilization of attacker;The anti-attack ability is network
The Prevention-Security measure that equipment and host are disposed;The configuration correctness be the network equipment and Host Security Measures program just
True property;The security strategy is the integrality and correctness of security strategy in the network equipment and host;The security strategy executes
Situation is the executive condition of security strategy in the network equipment and host.
Preferably, in step 2), the detailed process assessed the network equipment and host the following steps are included:
Step 201: from threatening the angle of information to assess attacker's ability, assess the tactics of attacker, technology and
Process, by tool used in attacker during extracting attack, it is taken the step of and attack source carry out assessment attack
The height of the person's of hitting ability;
Step 202: attack consequence is assessed in damage caused by network system from actual attack behavior, is measured
Attacker is to the unauthorized controlling extent of network system, information leakage degree and service degree of susceptibility, the attack packet
Include system permission obtained, acquired sensitive information, to influence caused by critical services;
Step 203: from single loophole to the extent of disclosure and impacted net of the extent of injury, loophole caused by network system
The popularity of network system is assessed what system vulnerability endangered;
Step 204: system vulnerability propagation being commented from multiple loopholes joint using to harm caused by network system
Estimate, assesses the difficulty of the length of attack path, the concealment of multiple vulnerability exploits, precondition, the wind caused by the loophole
It propagates and carries out investigation assessment in danger;
Step 205: the security function realized according to security system assesses security system anti-attack ability, assessment
The influence degree attacked to the defence capability of attack, by other, security system institute loophole that may be present itself and to system
The influence degree of service;
Step 206: mainly including whether assessment security system is suitable in institute to the assessment of security system configuration correctness
The network environment of deployment, can whether various configurations be clear, accurate, and guarantee the realization of security system function;
Step 207: the method used for reference in risk assessment assesses security strategy in safety management, checks every safety
Whether strategy, strategy are perfect, if can guarantee that security system plays maximum effect;
Step 208: using for reference assessment of the method in risk assessment to security strategy executive condition in safety management, check system
Whether system adequately achieves prepared security strategy, security strategy with the presence or absence of conflict and defect problem;
Step 209: calculating the security postures value of the network equipment, host;
Step 210: repeating the above steps 201 to step 209, obtain the security postures value of whole network.
Preferably, the extent of disclosure of the loophole includes the assessment to unknown loophole, that is, summarizes the history that loophole is found,
A possibility that predicting the appearance of loophole new within certain a period of time.
Preferably, in step 2), assessed the network equipment and host that specific step is as follows:
Define attacker's Capability index VA1, it is assumed that within the time cycle of safety situation evaluation, detect p safe things
Part, it is respectively A that assessment, which obtains attacker's ability in each security incident,1, A2..., Ap, then
VA1=max { A1A2...Ap}
Definition attack consequence index VA2, it is assumed that within the time cycle of safety situation evaluation, detect p security incident,
The harm that assessment obtains caused by attacking in each security incident is respectively R1, R2..., Rp, then
VA2=R1+R2+...+Rp
Define loophole hazard index VV1, it is assumed that within the time cycle of safety situation evaluation, detect the presence of q system leakage
Hole, it is respectively V that it is potentially hazardous, which to obtain each loophole, for assessment1, V2..., Vq, then
VV1=max { V1V2...Vq}
Define loophole spread index VV2, it is assumed that within the time cycle of safety situation evaluation, detect the presence of q system leakage
Hole, attacker are attacked using multiple loopholes, available total s attack path, and it is potential that assessment obtains every attack path
Harm be respectively P1, P2..., Ps, then
VV2=max { P1P2...Ps}
Define anti-attack ability index VE1, it is assumed that within the time cycle of safety situation evaluation, detect the presence of q system
Loophole, assessment obtain being respectively E using the defence capability of this q loophole to attacker1, E2..., Eq, then
VE1=min { E1E2...Eq}
Definition configures correct sex index VE2, it is assumed that within the time cycle of safety situation evaluation, there are n safety measure,
It is then V that assessment, which obtains the correct sex rate of this n safety measure,E2;
Define security strategy index VM1, it is assumed that within the time cycle of safety situation evaluation, there are r security strategies to advise
Then, assessment obtains whether this r rule copes with attack, if covers all attack conditions, then the ratio covered is VM1;
Define security strategy executive condition VM2, it is assumed that within the time cycle of safety situation evaluation, there are r security strategies
Rule, assessing the ratio that this r rule is executed correctly then is VM2;
Calculate the security postures value of the network equipment and host:
The security postures value for repeating the above steps to obtain whole network to the m network equipment and host is respectively v1,
v2..., vm。
Preferably, in step 3), the detailed process of the safety situation evaluation value of comprehensive whole network system are as follows: to each
After the security postures of equipment are assessed, in conjunction with the significance level of equipment, synthesis obtains the security postures of whole network.
Preferably, in step 3), the specific steps of the safety situation evaluation value of comprehensive whole network system are as follows: for m
A network equipment, security postures value are v1, v2..., vm, significance level y1, y2..., ym, then whole network security
Situation value is
Wherein, ViFor the security postures value of the network equipment, yiFor the significance level of the network equipment.
The beneficial effects of the present invention are:
Due to the complexity of IT network system in a tissue, it is past that safety situation evaluation directly is carried out to whole network system
Past is infeasible, therefore the present invention uses the principle of layering from methodology, and whole network system is drawn according to certain rule
It is divided into multiple relatively simple components, single component is assessed respectively, then comprehensive for whole security assessment result.
In networks security situation assessment, according to the strategic objective of tissue, the significance level of operation system is easy to determine, but
It is easy to assess asset of equipments in actual assessment, and is not easy to directly assess operation system, therefore the present invention
It converts the significance level of operation system to the significance level of asset of equipments, and assessment factor is divided into 8 classes, compare its other party
Method, the factor of consideration more comprehensively, it ensure that assessment result it is more accurate;The present invention had both been remained to be divided just according to application system
Actual evaluation operation is carried out according to the network equipment, host in the characteristic for assigning subsystem significance level, and convenient for appraiser,
And increase the assessment element for having refined and having been assessed the network equipment, host.
The present invention is divided into three phases centered on asset of equipments, by evaluation process: first is that determining the weight of each asset of equipments
Want degree weight;Second is that the security postures to individual equipment assets are assessed respectively;Third is that comprehensive all devices assets are commented
Estimate the security postures that result is whole network.Wherein, to the assessment of individual equipment assets, assessment factor is divided into 8 classes, respectively attacks
The person's of hitting ability, attack consequence, loophole harm, loophole propagation, safety measure, security configuration correctness, security strategy, security strategy
Executive condition, from the angular quantification security postures threatened with defence confrontation.The present invention can be used for network security management field, help
Administrative staff understand overall network security postures, provide support for Safety management decision making.
Detailed description of the invention
The present invention will be described with reference to the accompanying drawings of the specification.
Fig. 1 is flow chart of the method for the present invention.
Specific embodiment
In order to clarify the technical characteristics of the invention, below by specific embodiment, and its attached drawing is combined, to this hair
It is bright to be described in detail.Following disclosure provides many different embodiments or example is used to realize different knots of the invention
Structure.In order to simplify disclosure of the invention, hereinafter the component of specific examples and setting are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relationship between various embodiments and/or setting is discussed.It should be noted that illustrated component is not necessarily to scale in the accompanying drawings
It draws.Present invention omits the descriptions to known assemblies and treatment technology and process to avoid the present invention is unnecessarily limiting.
Due to the complexity of IT network system in a tissue, it is past that safety situation evaluation directly is carried out to whole network system
Past is infeasible, therefore the present invention uses the principle of layering from methodology, and whole network system is drawn according to certain rule
It is divided into multiple relatively simple components, single component is assessed respectively, then comprehensive for whole security assessment result.
As shown in Figure 1, a kind of network security situation evaluating method of the invention, it the following steps are included:
1) the significance level weight of each network equipment and host is determined;
2) each network equipment and host are assessed respectively;
3) assessment result of each network equipment and host is integrated as the assessment result of overall network system.
Preferably, in step 1), the specific determination process of the significance level weight of the network equipment and host includes following
Step:
Step 101: assuming that the business of tissue includes n information system, and being distributed and be deployed in m equipment, it is known that n letter
Breath system is respectively x to the significance level of business1, x2..., xn,
Step 102: construction m * n matrix:
Wherein:
The significance level of 103:m equipment of step is y1, y2..., ym, enable Y=[y1y2...ym]T, X=[x1x2...xm]T,
Then
Preferably, in step 2), the detailed process assessed the network equipment and host the following steps are included:
Step 200: classify to the assessment element of the network equipment and host, is divided into 8 major class, as follows:
1) network equipment and the suffered attack of host, the attacking ability of attacker, abbreviation attacker's ability;
2) network equipment and the suffered attack of host, attack are damaged caused by the network equipment and host, are referred to as attacked
Consequence;
3) loophole, fragility possessed by the network equipment and host, potentially threaten the network equipment and host, referred to as
Loophole harm;
4) network equipment and host have multiple loopholes, and attacker is potential to utilize this multiple loophole to the network equipment and master
It is threatened caused by machine, abbreviation loophole is propagated;
5) the Prevention-Security measure that the network equipment and host are disposed, abbreviation anti-attack ability;
6) correctness of the network equipment and Host Security Measures program referred to as configures correctness;
7) in the network equipment and host security strategy integrality, correctness, abbreviation security strategy;
8) in the network equipment and host security strategy executive condition, abbreviation security strategy executive condition.
Step 201: the assessment for attacker's ability assesses tactics, the skill of attacker mainly from the angle for threatening information
Art and process (Tactics, Techniques, Procedures, TTP), by used in attacker during extracting attack
Tool, it is taken the step of, attack the assessment such as source attacker's ability height;
Define attacker's Capability index VA1, it is assumed that within the time cycle of safety situation evaluation, detect p safe things
Part, it is respectively A that assessment, which obtains attacker's ability in each security incident,1, A2..., Ap, then
VA1=max { A1A2...Ap}
Step 202: the assessment for attacking consequence mainly carrys out damage caused by network system from actual attack behavior
It is assessed, including system permission obtained, acquired sensitive information, to influence caused by critical services etc., measurement
Attacker is to the unauthorized controlling extent of network system, information leakage degree, service degree of susceptibility etc.;
Definition attack consequence index VA2, it is assumed that within the time cycle of safety situation evaluation, detect p security incident,
The harm that assessment obtains caused by attacking in each security incident is respectively R1, R2..., Rp, then
VA2=R1+R2+...+Rp
Step 203: the assessment to system vulnerability (fragility) harm, mainly from single loophole to caused by network system
The extent of injury, the extent of disclosure (i.e. the availability of attack tool, the difficulty utilized) of loophole, affected networks system it is extensive
Property etc. is assessed.Wherein, the assessment to unknown loophole is contained in loophole extent of disclosure, i.e. summary loophole is found
History, a possibility that predicting the appearance of loophole new within certain a period of time;
Define loophole hazard index VV1, it is assumed that within the time cycle of safety situation evaluation, detect the presence of q system leakage
Hole, it is respectively V that it is potentially hazardous, which to obtain each loophole, for assessment1, V2..., Vq, then
VV1=max { V1V2...Vq}
Step 204: the assessment that system vulnerability is propagated, mainly from multiple loopholes joint using to caused by network system
Harm is assessed, and the difficulty etc. of the length of attack path, the concealment of multiple vulnerability exploits, precondition is assessed, from leakage
Risk of Communication caused by hole carries out investigation assessment;
Define loophole spread index VV2, it is assumed that within the time cycle of safety situation evaluation, detect the presence of q system leakage
Hole, attacker are attacked using multiple loopholes, available total s attack path, and it is potential that assessment obtains every attack path
Harm be respectively P1, P2..., Ps, then
VV2=max { P1P2...Ps}
Step 205: the assessment to security system anti-attack ability, the security function mainly realized according to security system,
Assess the ability, the influence degree by other attacks, the leakage that may be present of security system institute itself of defence of the function to attack
Hole, to influence degree of system service etc., the realization degree of security system design target is mainly assessed in this assessment;
Define anti-attack ability index VE1, it is assumed that within the time cycle of safety situation evaluation, detect the presence of q system
Loophole, assessment obtain being respectively E using the defence capability of this q loophole to attacker1, E2..., Eq, then
VE1=min { E1E2...Eq}
Step 206: the assessment to security system configuration correctness, it is main to assess whether security system is suitable for being disposed
Network environment, various configurations it is whether clear, accurate, can guarantee the realization of security system function;
Definition configures correct sex index VE2, it is assumed that within the time cycle of safety situation evaluation, there are n safety measure,
It is then V that assessment, which obtains the correct sex rate of this n safety measure,E2。
Step 207: the assessment for security strategy in safety management, the main method used for reference in risk assessment check each
Whether item security strategy, strategy are perfect, if can guarantee that security system plays maximum effect;
Define security strategy index VM1, it is assumed that within the time cycle of safety situation evaluation, there are r security strategies to advise
Then, assessment obtains whether this r rule copes with attack, if covers all attack conditions, then the ratio covered is VM1。
Step 208: the assessment for security strategy executive condition in safety management, the main side used for reference in risk assessment
Whether method, inspection system adequately achieve the problems such as prepared security strategy, security strategy are with the presence or absence of conflict, defect;
Define security strategy executive condition VM2, it is assumed that within the time cycle of safety situation evaluation, there are r security strategies
Rule, assessing the ratio that this r rule is executed correctly then is VM2。
Step 209: calculating the security postures value of the network equipment, host
Step 210: repeating the above steps 202--210 to the m network equipment, host, obtaining security postures value is respectively
v1, v2..., vm。
Preferably in step 3), the detailed process of the safety situation evaluation value of comprehensive whole network system are as follows:
After assessing the security postures of each equipment, in conjunction with the significance level of equipment, synthesis obtains whole network
Security postures;For m equipment, security postures value is v1, v2..., vm, significance level y1, y2..., ym, then whole
The network safety situation value of body are as follows:
In networks security situation assessment, according to the strategic objective of tissue, the significance level of operation system is easy to determine, but
It is easy to assess asset of equipments in actual assessment, and is not easy to directly assess operation system, therefore the present invention
It converts the significance level of operation system to the significance level of asset of equipments, and assessment factor is divided into 8 classes, compare its other party
Method, the factor of consideration more comprehensively, it ensure that assessment result it is more accurate.
The present invention is divided into three phases centered on asset of equipments, by evaluation process: first is that determining the weight of each asset of equipments
Want degree weight;Second is that the security postures to individual equipment assets are assessed respectively;Third is that comprehensive all devices assets are commented
Estimate the security postures that result is whole network.Wherein, to the assessment of individual equipment assets, assessment factor is divided into 8 classes, respectively attacks
The person's of hitting ability, attack consequence, loophole harm, loophole propagation, safety measure, security configuration correctness, security strategy, security strategy
Executive condition, from the angular quantification security postures threatened with defence confrontation.The present invention can be used for network security management field, help
Administrative staff understand overall network security postures, provide support for Safety management decision making.
The above is the preferred embodiment of the present invention, for those skilled in the art, In
Without departing from the principles of the invention, several improvements and modifications can also be made, these improvements and modifications are also regarded as this hair
Bright protection scope.
Claims (8)
1. a kind of network security situation evaluating method, characterized in that the following steps are included:
1) the significance level weight of each network equipment and host is determined;
2) each network equipment and host are assessed respectively;
3) assessment result of each network equipment and host is integrated as the assessment result of overall network system;
In step 1), the specific determination process of the significance level weight of the network equipment and host the following steps are included:
Step 101: assuming that network includes n information system, and being distributed and be deployed in m equipment, n information system is to network
Significance level is respectively x1, x2..., xn, then have:
Step 102: construction m * n matrix:
Wherein:
The significance level of 103:m equipment of step is y1, y2..., ym, enable Y=[y1 y2 ... ym]T, X=[x1 x2 ...
xn]T, then have:
Wherein, A is the m * n matrix constructed in step 102.
2. a kind of network security situation evaluating method according to claim 1, characterized in that in step 2), to network
The assessment element that equipment and host are assessed includes: attacker's ability, attack consequence, loophole harm, loophole propagation, attack resistance
Ability, configuration correctness, security strategy and security strategy executive condition.
3. a kind of network security situation evaluating method according to claim 2, characterized in that attacker's ability is net
The attacking ability of attacker when network equipment and host under attack;The attack consequence is to attack suffered by the network equipment and host
Hit the damage caused by the network equipment and host;The loophole harm is loophole, fragility possessed by the network equipment and host
To its potential threat;The loophole, which is propagated, by the network equipment and host there are multiple loopholes to be caused by the potential utilization of attacker
Threat to the network equipment and host;The Prevention-Security measure that the anti-attack ability is disposed by the network equipment and host;Institute
State the correctness that configuration correctness is the network equipment and Host Security Measures program;The security strategy is the network equipment and host
The integrality and correctness of middle security strategy;The security strategy executive condition is that security strategy is held in the network equipment and host
Market condition.
4. a kind of network security situation evaluating method according to claim 2, characterized in that in step 2), to network
Detailed process that equipment and host are assessed the following steps are included:
Step 201: from threatening the angle of information to assess attacker's ability, the tactics, technology and process of attacker are assessed,
By tool used in attacker during extracting attack, it is taken the step of and attack source carry out assessment attacker's energy
The height of power;
Step 202: attack consequence is assessed in damage caused by network system from actual attack behavior, measurement attack
For person to the unauthorized controlling extent of network system, information leakage degree and service degree of susceptibility, the attack includes institute
The system permission of acquisition, acquired sensitive information, to influence caused by critical services;
Step 203: extent of disclosure and affected networks system from single loophole to the extent of injury, loophole caused by network system
The popularity of system is assessed what system vulnerability endangered;
Step 204: system vulnerability propagation being assessed from multiple loopholes joint using to harm caused by network system, is commented
The difficulty for estimating the length of attack path, the concealment of multiple vulnerability exploits, precondition, the Risk of Communication caused by the loophole
Carry out investigation assessment;
Step 205: the security function realized according to security system assesses security system anti-attack ability, and assessment is attacked against each other
The defence capability hit, the influence degree attacked by other, security system itself institute loophole that may be present and to system service
Influence degree;
Step 206: mainly including whether assessment security system is suitable for being disposed to the assessment of security system configuration correctness
Network environment, can whether various configurations clear, accurate, and guarantee the realization of security system function;
Step 207: the method used for reference in risk assessment assesses security strategy in safety management, checks every safety war
Slightly, whether strategy is perfect, if can guarantee that security system plays maximum effect;
Step 208: using for reference assessment of the method in risk assessment to security strategy executive condition in safety management, inspection system is
No prepared security strategy, the security strategy of adequately achieving is with the presence or absence of conflict and defect problem;
Step 209: calculating the security postures value of the network equipment, host;
Step 210: repeating the above steps 201 to step 209, obtain the security postures value of whole network.
5. a kind of network security situation evaluating method according to claim 4, characterized in that the extent of disclosure of the loophole
Including the assessment to unknown loophole, that is, the history that loophole is found is summarized, predicts the appearance of loophole new within certain a period of time
A possibility that.
6. a kind of network security situation evaluating method according to claim 5, characterized in that in step 2), to network
Equipment and host are assessed, and specific step is as follows:
Define attacker's Capability index VA1, it is assumed that within the time cycle of safety situation evaluation, detects p security incident, comment
Estimating to obtain attacker's ability in each security incident is respectively A1, A2..., Ap, then
VA1=max { A1 A2 ... Ap}
Definition attack consequence index VA2, it is assumed that it within the time cycle of safety situation evaluation, detects p security incident, assesses
The harm obtained caused by attacking in each security incident is respectively R1, R2..., Rp, then
VA2=R1+R2+...+Rp
Define loophole hazard index VV1, it is assumed that within the time cycle of safety situation evaluation, q system vulnerability is detected the presence of,
It is respectively V that it is potentially hazardous, which to obtain each loophole, for assessment1, V2..., Vq, then
VV1=max { V1 V2 ... Vq}
Define loophole spread index VV2, it is assumed that within the time cycle of safety situation evaluation, q system vulnerability is detected the presence of,
Attacker is attacked using multiple loopholes, available total s attack path, and assessment obtains every attack path and potentially endangers
Evil is respectively P1, P2..., Ps, then
VV2=max { P1 P2 ... Ps}
Define anti-attack ability index VE1, it is assumed that within the time cycle of safety situation evaluation, detect the presence of q system leakage
Hole, assessment obtain being respectively E using the defence capability of this q loophole to attacker1, E2..., Eq, then
VE1=min { E1 E2 ... Eq}
Definition configures correct sex index VE2, it is assumed that within the time cycle of safety situation evaluation, there are n safety measure, assessments
The correct sex rate for obtaining this n safety measure is then VE2;
Define security strategy index VM1, it is assumed that within the time cycle of safety situation evaluation, there are r security strategy rules, comment
Estimate to obtain whether this r rule copes with attack, if cover all attack conditions, then the ratio covered is VM1;
Define security strategy executive condition VM2, it is assumed that within the time cycle of safety situation evaluation, there are r security strategies to advise
Then, assessing the ratio that this r rule is executed correctly then is VM2;
Calculate the security postures value of the network equipment and host:
The security postures value for repeating the above steps to obtain whole network to the m network equipment and host is respectively v1, v2..., vm。
7. a kind of network security situation evaluating method according to claim 6, characterized in that in step 3), synthesis is whole
The detailed process of the safety situation evaluation value of a network system are as follows: after assessing the security postures of each equipment, in conjunction with
The significance level of equipment, synthesis obtain the security postures of whole network.
8. a kind of network security situation evaluating method according to claim 7, characterized in that in step 3), synthesis is whole
The specific steps of the safety situation evaluation value of a network system are as follows: for the m network equipment, security postures value is v1,
v2..., vm, significance level y1, y2..., ym, then whole network safety situation value be
Wherein, viFor the security postures value of the network equipment, yiFor the significance level of the network equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611086924.3A CN106789955B (en) | 2016-11-30 | 2016-11-30 | A kind of network security situation evaluating method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611086924.3A CN106789955B (en) | 2016-11-30 | 2016-11-30 | A kind of network security situation evaluating method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106789955A CN106789955A (en) | 2017-05-31 |
| CN106789955B true CN106789955B (en) | 2019-11-15 |
Family
ID=58915040
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611086924.3A Active CN106789955B (en) | 2016-11-30 | 2016-11-30 | A kind of network security situation evaluating method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106789955B (en) |
Families Citing this family (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566369A (en) * | 2017-09-05 | 2018-01-09 | 中国南方电网有限责任公司超高压输电公司 | A kind of industry control information system information security isolation and defence efficiency evaluation method |
| CN107370633A (en) * | 2017-09-12 | 2017-11-21 | 西安邮电大学 | Network safety evaluation method based on node weights |
| CN107733693B (en) * | 2017-09-22 | 2021-04-09 | 中国人民解放军国防科技大学 | Network security operation and maintenance capability evaluation method and system based on security event statistics |
| CN107623697B (en) * | 2017-10-11 | 2020-07-14 | 北京邮电大学 | Network security situation assessment method based on attack and defense random game model |
| CN108363926A (en) * | 2017-10-19 | 2018-08-03 | 北京安天网络安全技术有限公司 | A kind of loophole defence method and system |
| CN107645510B (en) * | 2017-10-19 | 2020-07-14 | 北京知道创宇信息技术股份有限公司 | Method and device for calculating safety precaution capacity of region and readable storage medium |
| CN109933501B (en) * | 2017-12-15 | 2022-08-23 | 中国移动通信集团浙江有限公司 | Capacity evaluation method and device of application system |
| CN108200045A (en) * | 2017-12-28 | 2018-06-22 | 山东渔翁信息技术股份有限公司 | Security Situation Awareness Systems and method |
| CN108696515A (en) * | 2018-04-28 | 2018-10-23 | 深圳大图科创技术开发有限公司 | Network security situation sensing system based on big data |
| CN108650133A (en) * | 2018-05-14 | 2018-10-12 | 深圳市联软科技股份有限公司 | Network risk assessment method and system |
| CN108337270A (en) * | 2018-05-18 | 2018-07-27 | 梧州井儿铺贸易有限公司 | A kind of enterprise network security event management system |
| CN108418841B (en) * | 2018-05-18 | 2019-02-19 | 广西电网有限责任公司 | Next-generation key message infrastructure network Security Situation Awareness Systems based on AI |
| CN108900328A (en) * | 2018-06-21 | 2018-11-27 | 国网河南省电力公司信息通信公司 | A kind of electricity grid network data safety test macro and method |
| CN109150868A (en) * | 2018-08-10 | 2019-01-04 | 海南大学 | network security situation evaluating method and device |
| CN109271784A (en) * | 2018-09-22 | 2019-01-25 | 肖哲睿 | A kind of information network security risk management system |
| CN109246153A (en) * | 2018-11-09 | 2019-01-18 | 中国银行股份有限公司 | Network safety situation analysis model and network safety evaluation method |
| CN109495502B (en) * | 2018-12-18 | 2021-06-01 | 北京威努特技术有限公司 | Industrial control network security and health index evaluation method and device |
| CN110677400B (en) * | 2019-09-20 | 2020-09-29 | 武汉思普崚技术有限公司 | Attack exposure surface analysis method and system for host and service in local area network environment |
| CN110798454B (en) * | 2019-10-18 | 2020-10-27 | 中国科学院信息工程研究所 | Method and system for defending attack based on attack organization capability evaluation |
| CN111464502A (en) * | 2020-03-10 | 2020-07-28 | 湖南文理学院 | Network security protection method and system based on big data platform |
| CN111680863A (en) * | 2020-04-26 | 2020-09-18 | 南京南数数据运筹科学研究院有限公司 | Network environment safety condition evaluation method based on analytic hierarchy process |
| CN111565184A (en) * | 2020-04-29 | 2020-08-21 | 杭州安恒信息技术股份有限公司 | Network security assessment device, method, equipment and medium |
| CN112019521B (en) * | 2020-08-07 | 2023-04-07 | 杭州安恒信息技术股份有限公司 | Asset scoring method and device, computer equipment and storage medium |
| CN112637207A (en) * | 2020-12-23 | 2021-04-09 | 中国信息安全测评中心 | Network security situation prediction method and device |
| CN113259334B (en) * | 2021-04-30 | 2022-06-21 | 西安理工大学 | Network system security vulnerability correlation modeling and analyzing method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070067845A1 (en) * | 2005-09-22 | 2007-03-22 | Alcatel | Application of cut-sets to network interdependency security risk assessment |
| CN101119236A (en) * | 2006-07-31 | 2008-02-06 | 中国航天科技集团公司第五研究院第五一○研究所 | Network safety integrated estimation system |
| CN103581186B (en) * | 2013-11-05 | 2016-09-07 | 中国科学院计算技术研究所 | A kind of network security situational awareness method and system |
| CN105721459A (en) * | 2016-01-29 | 2016-06-29 | 博雅网信(北京)科技有限公司 | Risk evaluation method for virtual environment |
-
2016
- 2016-11-30 CN CN201611086924.3A patent/CN106789955B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106789955A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789955B (en) | A kind of network security situation evaluating method | |
| CN104486141B (en) | A kind of network security situation prediction method that wrong report is adaptive | |
| CN104901971B (en) | The method and apparatus that safety analysis is carried out to network behavior | |
| CN109146240A (en) | A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle | |
| US20070113281A1 (en) | Method used in the control of a physical system affected by threats | |
| CN105210078B (en) | The devices and methods therefor of loophole for quantization system | |
| CN109064018A (en) | A kind of information security risk evaluation system and method | |
| CN104040554A (en) | Calculating quantitative asset risk | |
| CN109302408A (en) | A kind of network security situation evaluating method | |
| CN110474878B (en) | DDoS attack situation early warning method and server based on dynamic threshold | |
| CN108449218B (en) | The network security situation sensing system of next-generation key message infrastructure | |
| Wang et al. | Characterizing and detecting malicious crowdsourcing | |
| CN110191137A (en) | A kind of network system quantization safety evaluation method and device | |
| Almukaynizi et al. | Predicting cyber threats through hacker social networks in darkweb and deepweb forums | |
| Alabsi et al. | Fitness function for genetic algorithm used in intrusion detection system | |
| Kotha et al. | Effects of epistemic uncertainty in seismic hazard estimates on building portfolio losses | |
| CN107292174A (en) | A kind of cloud computing system security assessment method and device | |
| CN107612927A (en) | The safety detection method of electric power scheduling automatization system | |
| CN110287703A (en) | The method and device of vehicle safety risk supervision | |
| Galinec et al. | Design of Conceptual Model for Raising Awareness of Digital Threats | |
| You et al. | Review on cybersecurity risk assessment and evaluation and their approaches on maritime transportation | |
| Kujawski et al. | Quantitative risk‐based analysis for military counterterrorism systems | |
| Hu et al. | Method of risk assessment based on classified security protection and fuzzy neural network | |
| Xue et al. | Bound maxima as a traffic feature under DDOS flood attacks | |
| Ronchi et al. | Security, privacy and efficiency of internet banking transactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |