CN113824680A - Network security analysis method and device, computer equipment and storage medium - Google Patents
Network security analysis method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN113824680A CN113824680A CN202110844806.9A CN202110844806A CN113824680A CN 113824680 A CN113824680 A CN 113824680A CN 202110844806 A CN202110844806 A CN 202110844806A CN 113824680 A CN113824680 A CN 113824680A
- Authority
- CN
- China
- Prior art keywords
- network
- penetration
- main bodies
- generating
- various
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The application discloses a network security analysis method and device, computer equipment and a storage medium. Scanning various network main bodies in a target network system to obtain parameters and carrying out format processing to obtain standard format files; generating a network topology structure diagram and further generating a system structure diagram according to the standard format file through network topology self-discovery; then, generating a penetration diagram model according to standard format files, system structure diagrams and a preset vulnerability knowledge base of various network main bodies; and traversing all the penetration paths in the penetration graph model, executing a killing chain process and finally determining the penetration path of the target network main body.
Description
Technical Field
The present invention relates to the field of network security, and in particular, to a network security analysis method, apparatus, computer device, and storage medium.
Background
In a practical scene, a plurality of hosts may carry bugs in a large network system, the bug level may be high or low, if the system faces an emergency high-risk 0day bug, the bug is difficult to repair in a short time, the core assets face huge threats, the method for repairing the high-risk bug in a hard-to-hard mode is not necessarily the best solution, the possibility of enterprise loss caused by overlong bug repair time exists, and a set of effective global defense strategies are necessary for reducing the risk of asset loss as much as possible.
The current mainstream vulnerability scanning tool is based on vulnerability scanning of an isolated host, scanning action usually only occurs on an open service port of a host IP at the same time or on a URL of a domain name, advanced tools can firstly crawl a crawler to acquire background pages as far as possible, and then enumerate and scan one by one until the completion. More advanced, the vulnerabilities can be utilized and verified one by one. The security analysis personnel manually confirms and verifies the obtained scanning result, however, the network security analysis method cannot guarantee the security level of the whole network system.
Disclosure of Invention
Based on this, embodiments of the present application provide a network security analysis method, apparatus, computer device, and storage medium, which can perform global repair of a network system, thereby greatly improving security of the network system.
In a first aspect, a network security analysis method is provided, where the method includes:
scanning various network main bodies in a target network system to obtain parameters of the various network main bodies, and performing format processing on the parameters of the various network main bodies to obtain standard format files of the various network main bodies; the various network agents comprise at least one target network agent;
generating a network topology structure diagram according to the standard format files of various network main bodies through network topology self-discovery;
generating a system structure diagram based on the network topology structure diagram; the system structure chart comprises the dependency relationship and the path of various network main bodies in the network topology structure chart;
generating a penetration map model according to the standard format files of the various network main bodies, the system structure diagram and a preset vulnerability knowledge base;
and traversing all the penetration paths in the penetration graph model, executing a killing chain process for each penetration path, and determining the penetration path of the target network main body.
Optionally, the scanning various network entities in the target network system to obtain parameters of the various network entities includes:
and carrying out all-dimensional scanning on the asset main body, the defense main body and the threat main body in the target network system to collect information and obtain parameters of various network main bodies.
Optionally, the standard format file includes: csv, xml, or json format files.
Optionally, the network topology structure diagram includes: topology structure files and structure diagrams of various network agents in the target network system.
Optionally, the generating a penetration graph model according to the standard format files of the various network main bodies, the system structure diagram and a preset vulnerability knowledge base includes: and constructing a penetration map function model, generating a penetration path in the penetration map function model, and generating the penetration map model through a penetration map generation algorithm NEGA.
Optionally, the generating a permeability map model by a permeability map generation algorithm NEGA includes: and simplifying through a network penetration graph model simplification algorithm.
Optionally, the killing chain process comprises: reconnaissance tracking, weapon construction, load delivery, vulnerability exploitation, installation implantation, command control, and target achievement.
In a second aspect, there is provided a network security analysis apparatus, including:
the scanning module is used for scanning various network main bodies in a target network system to obtain parameters of the various network main bodies, and performing format processing on the parameters of the various network main bodies to obtain standard format files of the various network main bodies; the various network agents comprise at least one target network agent;
the first generation module is used for self-discovering through network topology according to the standard format files of various network main bodies to generate a network topology structure chart;
the second generation module is used for generating a system structure diagram from the network topology structure diagram; the system structure chart comprises the dependency relationship and the path of various network main bodies in the network topology structure chart;
the third generation module is used for generating a penetration map model according to the standard format files of the various network main bodies, the system structure diagram and a preset vulnerability knowledge base;
and the determining module is used for traversing all the permeation paths in the permeation graph model, executing a killing chain process for each permeation path and determining the permeation path of the target network main body.
In a third aspect, a computer device is provided, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the network security analysis method according to any one of the above first aspects when executing the computer program.
In a fourth aspect, a computer-readable storage medium is provided, on which a computer program is stored, and the computer program, when executed by a processor, implements the network security analysis method according to any one of the first aspect.
According to the method, the vulnerability verification is carried out on the host on the whole line from the attacker to the core asset server, even the host on all potential attack paths from the attacker to the core asset is excavated and is subjected to penetration verification one by one, so that the global repair is carried out on the basis, the safety of a network system is greatly improved, and the method has the advantages that:
1. the global security of the network system is improved;
2. the emergency response capability of the network system facing the emergency high-risk vulnerability is enhanced;
3. the attack path does not depend on the experience of infiltration personnel, so that the infiltration work is more standardized and generalized;
4. the complexity of the penetration test work is further reduced;
5. reducing the dependence on the skill or ability of the osmolyte.
Drawings
Fig. 1 is a flowchart of a network security analysis method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart diagram provided by an embodiment of the present application;
FIG. 3 is a graphical network penetration graph model provided by an embodiment of the present application;
FIG. 4 is a standard graphical network penetration graph model provided by an embodiment of the present application;
FIG. 5 is a conceptual framework of the NEG-NSAM approach provided by embodiments of the present application;
fig. 6 is a block diagram of a network security analysis apparatus according to an embodiment of the present application;
fig. 7 is a schematic diagram of a computer device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The network security analysis method provided by the embodiment of the application is based on a network security analysis method NEG-NSAM and is combined with a panoramic killing Chain model of a network security threat model (Kill Chain-killing Chain model) provided by Lockheed Martin. The model is a network analysis method based on practical training attack.
Referring to fig. 1, which shows a flowchart of a network security analysis method provided in an embodiment of the present application, fig. 2 is a schematic diagram of a specific implementation of the embodiment of the present application, where the method may include the following steps:
The various network agents include at least one target network agent, and the target network agent may be a core asset server or other network agents to be protected.
In the embodiment of the present application, the Network body in the Network system includes an asset body, a defense body, and a threat body, and global information parameter scan collection is performed on all Network bodies in the system, and the scanning technologies include, but are not limited to, PING scan (PING sweep), Operating system detection (Operating system identification), Web 2.0advanced crawler scan (Web 2.0advanced crawler scan), detection Access control rule (Access control detection), topology discovery (Network topology discovery), Port scan (Port scan), weak password scan (weak password scan), middleware scan (middle scan), Web common vulnerability scan (Web common vulnerability scan), and CVE vulnerability scan (CVE Web vulnerability scan). And then, sorting and formatting the collected parameters, and outputting the parameters into a standard format such as csv, xml or json file.
102, self-discovering through network topology according to standard format files of various network main bodies to generate a network topology structure chart.
In the embodiment of the present application, a corresponding topology structure file and structure diagram are generated through network topology self-discovery of the first module (step 102). The main purpose of network topology discovery is to acquire and maintain the existence information of network nodes and the connection relationship between the network nodes, and draw a whole network topology map on the basis of the existence information and the connection relationship, so that a single node can be conveniently and quickly positioned on the basis of the topology map. At present, there are many network topology discovery methods, including a discovery method based on SNMP (simple network management protocol), which accesses MIB libraries in network devices such as switches and routers to obtain corresponding information; based on ICMP (Internet control message protocol) discovery method, topology discovery is carried out by using ping data packets. Other methods are e.g. based on ARP (address resolution protocol), OSPF (open shortest path first), LLDP (link layer discovery protocol), etc.
And 103, generating a system structure diagram based on the network topology structure diagram.
The system structure chart comprises the dependency relationship and the path of various network main bodies in the network topology structure chart.
In the embodiment of the present application, the relationship dependency analysis is performed on all network principals in the topology structure diagram, and all complete paths from the threat principal to the attacked asset principal are abstracted, specifically, a corresponding account and a password are input when ssh is generally used to access another machine, or when an scp command is used to copy data and files from another machine. The necessity is that if the two parties do not establish a trust relationship, the authenticity of the remote host cannot be confirmed, and the risk is brought by establishing a connection only by knowing the public key fingerprint of the remote host, so that all potential malicious accesses are isolated and a link is established only with the trusted remote host. Therefore, for a server of a core asset, such as a DBserver, it is necessary to know a host that establishes a trust relationship, and a real attack scenario is that an attacker cannot directly access a target server but indirectly takes down the target server by performing Deep penetration (Deep penetration) step by step through other permeable border servers, so that a system structure diagram combining trust association is generated based on a topological structure diagram of a second module.
And 104, generating a penetration diagram model according to standard format files, system structure diagrams and preset vulnerability knowledge bases of various network main bodies.
In the embodiment of the application, the preset vulnerability knowledge base may be a vulnerability rule matching knowledge base which includes vulnerability rules in a network main body, specifically, the processed network parameters and the vulnerability rule matching knowledge base are used as input, and a penetration map model is generated by using a specific construction algorithm of a network penetration map, which is most importantGenerating a visualized attack path. This module involves three definitions: definition of a permeability map model, a NEG-NSAM analysis method and a permeability map generation algorithm. The network penetration graph model is NEG ═ E, Sp,Sd,SfL, EP), where E represents a set of permeating atoms, where each network entity is represented by an atom in a network permeation map, SpRepresenting an initial set of network states, SdRepresenting a newly generated set of network states, SfAnd representing a permeation target state set, wherein L is a label function, and EP is a permeation path set. The graphical NEG describes all possible attack paths for the threat agent to reach the security target. A path consists of atomic percolation nodes and can also be understood as a single host that may be at risk of percolation. Edges represent the occurrence of pervasive behavior and cause changes in the state of the network. The state changes, for example (the access authority of the network node main body changes, the connection relation between nodes changes, the files in the node host change, the running state of the node host changes, etc.). FIG. 3 shows a graphical network penetration graph model containing network information and penetration behavior. By a permeation pathway [ e ]0,e1,e2,ef]And [ e0,e1,e3,ef]For example, wherein e4I.e. ef。
However, in NEG-NSAM, the process of finer detail of the upper graph is not explained for the change of permeation behavior and state, and a standard graphical network permeation graph model is shown in fig. 4. The model abstracts the attack path.
Fig. 5 presents a conceptual framework of the NEG-NSAM method, summarized in four major steps: network parameter abstraction, data preprocessing, constructing a permeation graph and drawing the permeation graph.
The panoramic killing chain model of the invention carries out deeper technical development on the basis of the core idea of drawing a penetration map by NEG-NSAM. A panorama network penetration graph model (UNEG) in the panorama killer chain model is given below.
The panoramic network penetration map model is specifically defined as follows:
UNEG=(H,Sini,Sfin,Stargete, F, U), where H represents the set of all agents in the network system, including threat agents, asset agents, defense agents. SiniRepresenting an initial set of network states (IP, port, service state, system running state, authority, network connection information, etc.), SfinRepresenting the new set of network states entered after the pervasive action. StargetThe state set representing the infiltration target can be understood as the attack effect which is finally expected to be achieved. E represents a penetration attack path set, and F represents a specific attack means of an attack path, namely a specific method for utilizing the vulnerability. U represents the new set of network states after penetration resulting from the federation of vulnerabilities.
UNEG satisfies the following properties:
(1)for
v∈Sinii.e. the occurrence precondition for the first node of the attack path must be present in the initial set of network states.
(2)
The state set representing the target state set must be included in the last node body.
(3)if i≠j,then hi≠hjThere are no duplicate identical two network entities in the attack path.
(4)post(hi-1)∩pre(hi) And (i is more than or equal to 2 and less than or equal to n), indicating that the result set of the former node main body is a sufficient condition for the latter node to successfully generate the infiltration behavior.
In another possible embodiment, the generation of the penetration map model by the penetration map generation algorithm NEGA further comprises a simplification by a network penetration map model simplification algorithm.
And (3) a penetration map generation algorithm: the original purpose of NEGA (network extension Graph Model arithmetic) was originally proposed to deal with the complicated network penetration Graph Model, and once the number of atoms penetrated increases, the network penetration Graph Model also expands sharply. However, the number is difficult to reach the scale difficult to be counted in most application scenarios, so the algorithm is as follows, and the thought is concise and clear:
the specific implementation process of the network penetration map model simplification algorithm is as follows:
BEGINPROC
suppose HnSet of individual nodes representing the nth layer of the hierarchical permeation map, CnIndicating the system state of the nth layer.
And 105, traversing all the penetration paths in the penetration graph model, executing a killing chain process for each penetration path, and determining the penetration path of the target network main body.
In an embodiment of the present application, the penetration map model may include a plurality of penetration paths, and a complete killing chain process is executed for each penetration attack path, that is, all penetration paths in the penetration map model are traversed, and a killing chain process is executed for each penetration path, which specifically includes:
reconnaissance and tracking (utilization of network parameters acquired by a first module), weapon construction, load delivery, vulnerability utilization, installation and implantation, command control and target achievement, wherein one attack path comprises a plurality of network node bodies, and each attack path is determined from a threat body to a target body. This means that each node contains at least one exploit that can be exploited, starting from the second node agent and ending at the target agent, and that the exploitable exploit will cause the current node to generate a new network state and enter the next node. Different from the generation of the attack path by the fourth module, in this link, the vulnerability is not only based on the theoretical vulnerability knowledge base, but real and effective penetration attack is performed on each node on the attack path, so that whether all potential attack paths in the penetration graph model are real and effective is verified, and paths which cannot be realized are filtered. And the attack path jointly utilized by multiple vulnerabilities is specially processed, and the reliability is enhanced by adopting a manual verification mode.
The steps specifically executed by the killer chain are as follows: scout tracking or host information collection (directly using data collected by the first module); constructing a weapon, namely constructing a specific payload for the current node body according to the characteristic matching rule of the loophole; delivering the load, and throwing the malicious payload into the current node; vulnerability exploitation, namely running the exploited malicious codes on the current victim node; installing and implanting, and then installing malicious software by means of a point target position; command control, establishing a path of a sustainable remote control target system for an attacker; the goal is achieved, and the attacker remotely accomplishes the expected attack effect. The killer chain logic will be executed repeatedly until the last target node of the attack path ends.
After the killing chain process is executed, the key threat agent needs to be positioned, namely the penetration path of the target network agent is determined,
path analysis is carried out on the penetration graph, the most critical core threat nodes are positioned, for example, nodes of all front and back penetration attack paths can be cut off by repairing the least vulnerability which is most easily repaired, the positioning method has detailed solutions in the technical description link, and key points are evaluated and defined from multiple dimensions. The specific idea is determined by the connectivity contributed by the nodes. Unlike the network topology map, the nodes in the penetration map represent calls for a certain vulnerability and further contain causal information in the penetration path. A node is the cause of all its children nodes and is also the result of any parent node. Once the vulnerability on which the node depends is completely repaired, the causal link from the parent node to the child node is broken, and all the penetration attack paths containing the causal relationship completely fail. On the premise of having a perfect penetration graph, the ideal vulnerability repair scheme is to remove the fewest nodes by repairing the fewest vulnerabilities, and still chop all penetration attack paths. For this purpose, the invention proposes the following repair algorithm. The algorithm traverses the permeation map for multiple times, finds the node bearing the most permeation attack paths, removes the node and repeats the whole process, and knows that the number of the permeation paths is reduced to 0. Such a greedy algorithm is an optimal solution in the penetration graph because the reduction in the number of attack paths after removing a certain node is monotonically decreasing.
The bug fix priority ranking concrete implementation procedure is as follows:
referring to fig. 6, a block diagram of a network security analysis apparatus 600 according to an embodiment of the present application is shown. As shown in fig. 6, the apparatus 600 may include: a scanning module 601, a first generating module 602, a second generating module 603, a third generating module 604, and a determining module 605.
The scanning module 601 is configured to scan various network main bodies in the target network system to obtain parameters of the various network main bodies, and perform format processing on the parameters of the various network main bodies to obtain standard format files of the various network main bodies; each type of network agent comprises at least one target network agent;
the first generation module 602 is configured to generate a network topology structure diagram according to standard format files of various network main bodies through network topology self-discovery;
a second generating module 603, configured to generate a system structure diagram from the network topology structure diagram; the system structure chart comprises the dependency relationship and the path of various network main bodies in the network topology structure chart;
a third generation module 604, configured to generate a penetration map model according to the standard format files of various network main bodies, the system structure diagram, and a preset vulnerability knowledge base;
and the determining module 605 is configured to traverse all the penetration paths in the penetration graph model, execute a killing chain process for each penetration path, and determine a penetration path of the target network subject.
For specific limitations of the network security analysis apparatus, reference may be made to the above limitations of the network security analysis method, which are not described herein again. The modules in the network security analysis device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, a display screen, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and a computer program in a non-volatile storage medium, and the display screen is used for displaying the penetration path of the penetration map model. The database of the computer device is used for network security analysis data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a network security analysis method.
Those skilled in the art will appreciate that the architecture shown in fig. 7 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In an embodiment of the present application, a computer-readable storage medium is provided, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the network security analysis method described above.
The implementation principle and technical effect of the computer-readable storage medium provided by this embodiment are similar to those of the above-described method embodiment, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in M forms, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), synchronous Link (SyMchliMk) DRAM (SLDRAM), RaMbus (RaMbus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the claims. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A network security analysis method, the method comprising:
scanning various network main bodies in a target network system to obtain parameters of the various network main bodies, and performing format processing on the parameters of the various network main bodies to obtain standard format files of the various network main bodies; the various network agents comprise at least one target network agent;
generating a network topology structure diagram according to the standard format files of various network main bodies through network topology self-discovery;
generating a system structure diagram based on the network topology structure diagram; the system structure chart comprises the dependency relationship and the path of various network main bodies in the network topology structure chart;
generating a penetration map model according to the standard format files of the various network main bodies, the system structure diagram and a preset vulnerability knowledge base;
and traversing all the penetration paths in the penetration graph model, executing a killing chain process for each penetration path, and determining the penetration path of the target network main body.
2. The method according to claim 1, wherein the scanning various types of network agents in the target network system to obtain the parameters of the various types of network agents comprises:
and carrying out all-dimensional scanning on the asset main body, the defense main body and the threat main body in the target network system to collect information and obtain parameters of various network main bodies.
3. The method of claim 1, wherein the standard format file comprises: csv, xml, or json format files.
4. The method of claim 1, wherein the network topology structure diagram comprises:
topology structure files and structure diagrams of various network agents in the target network system.
5. The method according to claim 1, wherein the generating a penetration graph model according to the standard format files of the various types of network agents, the system structure diagram and a preset vulnerability knowledge base comprises:
and constructing a penetration map function model, generating a penetration path in the penetration map function model, and generating the penetration map model through a penetration map generation algorithm NEGA.
6. The method according to claim 5, wherein the generating a permeability map model by a permeability map generation algorithm NEGA comprises:
and simplifying through a network penetration graph model simplification algorithm.
7. The method of claim 1, wherein the killer chain procedure comprises: reconnaissance tracking, weapon construction, load delivery, vulnerability exploitation, installation implantation, command control, and target achievement.
8. A network security analysis apparatus, the apparatus comprising:
the scanning module is used for scanning various network main bodies in a target network system to obtain parameters of the various network main bodies, and performing format processing on the parameters of the various network main bodies to obtain standard format files of the various network main bodies; the various network agents comprise at least one target network agent;
the first generation module is used for self-discovering through network topology according to the standard format files of various network main bodies to generate a network topology structure chart;
the second generation module is used for generating a system structure diagram from the network topology structure diagram; the system structure chart comprises the dependency relationship and the path of various network main bodies in the network topology structure chart;
the third generation module is used for generating a penetration map model according to the standard format files of the various network main bodies, the system structure diagram and a preset vulnerability knowledge base;
and the determining module is used for traversing all the permeation paths in the permeation graph model, executing a killing chain process for each permeation path and determining the permeation path of the target network main body.
9. A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, implements the network security analysis method of any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the network security analysis method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110844806.9A CN113824680A (en) | 2021-07-26 | 2021-07-26 | Network security analysis method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110844806.9A CN113824680A (en) | 2021-07-26 | 2021-07-26 | Network security analysis method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113824680A true CN113824680A (en) | 2021-12-21 |
Family
ID=78923954
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110844806.9A Pending CN113824680A (en) | 2021-07-26 | 2021-07-26 | Network security analysis method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113824680A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338411A (en) * | 2021-12-24 | 2022-04-12 | 安天科技集团股份有限公司 | Weapon system network empty model creation method, device, equipment and medium |
| CN114513442A (en) * | 2022-01-06 | 2022-05-17 | 国网山东省电力公司泰安供电公司 | Network security testing device and method based on power Internet of things |
| CN114615066A (en) * | 2022-03-17 | 2022-06-10 | 浙江网商银行股份有限公司 | Target path determination method and device |
| CN115086013A (en) * | 2022-06-13 | 2022-09-20 | 北京奇艺世纪科技有限公司 | Risk identification method, risk identification device, electronic equipment, storage medium and computer program product |
| CN115801400A (en) * | 2022-11-14 | 2023-03-14 | 北京天融信网络安全技术有限公司 | Automatic permeation method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871885A (en) * | 2016-05-11 | 2016-08-17 | 南京航空航天大学 | Network penetration testing method |
| CN109951455A (en) * | 2019-02-28 | 2019-06-28 | 中国人民解放军战略支援部队信息工程大学 | A kind of automation penetration test method and system |
| US10382473B1 (en) * | 2018-09-12 | 2019-08-13 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
| CN110533754A (en) * | 2019-08-26 | 2019-12-03 | 哈尔滨工业大学(威海) | Interactive attack graph display systems and methods of exhibiting based on extensive industry control network |
| CN112632555A (en) * | 2020-12-15 | 2021-04-09 | 国网河北省电力有限公司电力科学研究院 | Node vulnerability scanning method and device and computer equipment |
-
2021
- 2021-07-26 CN CN202110844806.9A patent/CN113824680A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871885A (en) * | 2016-05-11 | 2016-08-17 | 南京航空航天大学 | Network penetration testing method |
| US10382473B1 (en) * | 2018-09-12 | 2019-08-13 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
| CN109951455A (en) * | 2019-02-28 | 2019-06-28 | 中国人民解放军战略支援部队信息工程大学 | A kind of automation penetration test method and system |
| CN110533754A (en) * | 2019-08-26 | 2019-12-03 | 哈尔滨工业大学(威海) | Interactive attack graph display systems and methods of exhibiting based on extensive industry control network |
| CN112632555A (en) * | 2020-12-15 | 2021-04-09 | 国网河北省电力有限公司电力科学研究院 | Node vulnerability scanning method and device and computer equipment |
Non-Patent Citations (4)
| Title |
|---|
| "网络杀伤链", 《通信技术》 * |
| 刘学忠: "基于SaaS 的大型企业网络安全智能分析平台研究", 《项目管理技术》 * |
| 张维明等: "一种基于图论的网络安全分析方法研究", 《国防科技大学学报》 * |
| 钱猛等: "基于逻辑渗透图的网络安全分析模型", 《计算机工程》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338411A (en) * | 2021-12-24 | 2022-04-12 | 安天科技集团股份有限公司 | Weapon system network empty model creation method, device, equipment and medium |
| CN114338411B (en) * | 2021-12-24 | 2023-12-19 | 安天科技集团股份有限公司 | Weapon system network air model creation method, device, equipment and medium |
| CN114513442A (en) * | 2022-01-06 | 2022-05-17 | 国网山东省电力公司泰安供电公司 | Network security testing device and method based on power Internet of things |
| CN114615066A (en) * | 2022-03-17 | 2022-06-10 | 浙江网商银行股份有限公司 | Target path determination method and device |
| CN115086013A (en) * | 2022-06-13 | 2022-09-20 | 北京奇艺世纪科技有限公司 | Risk identification method, risk identification device, electronic equipment, storage medium and computer program product |
| CN115801400A (en) * | 2022-11-14 | 2023-03-14 | 北京天融信网络安全技术有限公司 | Automatic permeation method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113824680A (en) | Network security analysis method and device, computer equipment and storage medium | |
| Jero et al. | Beads: Automated attack discovery in openflow-based sdn systems | |
| US20120245917A1 (en) | Virtualized Policy Tester | |
| RU2634209C1 (en) | System and method of autogeneration of decision rules for intrusion detection systems with feedback | |
| US20230156029A1 (en) | Network Traffic Correlation Engine | |
| Avritzer et al. | Monitoring for security intrusion using performance signatures | |
| CN110719299A (en) | Honeypot construction method, device, equipment and medium for defending network attack | |
| Schmidt et al. | Application-level simulation for network security | |
| US11425150B1 (en) | Lateral movement visualization for intrusion detection and remediation | |
| Reddy et al. | Mathematical analysis of Penetration Testing and vulnerability countermeasures | |
| Lonea et al. | Evaluation of experiments on detecting distributed denial of service (DDoS) attacks in Eucalyptus private cloud | |
| Shu et al. | Network protocol system fingerprinting-a formal approach | |
| Weerathunga et al. | The importance of testing Smart Grid IEDs against security vulnerabilities | |
| CN115694982B (en) | Network attack and defense virtual simulation system | |
| Johnson et al. | Soar4Der: security orchestration, automation, and response for distributed energy resources | |
| Chejara et al. | Vulnerability analysis in attack graphs using conditional probability | |
| Nath | Vulnerability assessment methods–a review | |
| Al Naeem et al. | Dealing with well-formed and malformed packets, associated with point of failure that cause network security breach | |
| US11146472B1 (en) | Artificial intelligence-based lateral movement identification tool | |
| Lange et al. | Using a deep understanding of network activities for network vulnerability assessment | |
| JP6889673B2 (en) | Security Countermeasure Planning Equipment and Methods | |
| Oostenbrink et al. | A Moment of Weakness: Protecting Against Targeted Attacks Following a Natural Disaster | |
| RU2625045C1 (en) | Method of modeling damage evaluation caused by network and computer attacks to virtual private networks | |
| Rimoli et al. | Semi-Automatic PenTest Methodology based on Threat-Model: The IoT Brick Case Study | |
| Ibrahim | A comprehensive study of distributed denial of service attack with the detection techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211221 |