CN115065491A - Function and information security policy comprehensive selection method, electronic equipment and storage medium - Google Patents
Function and information security policy comprehensive selection method, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115065491A CN115065491A CN202210323446.2A CN202210323446A CN115065491A CN 115065491 A CN115065491 A CN 115065491A CN 202210323446 A CN202210323446 A CN 202210323446A CN 115065491 A CN115065491 A CN 115065491A
- Authority
- CN
- China
- Prior art keywords
- security policy
- security
- scheme
- information
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000010187 selection method Methods 0.000 title description 4
- 238000000034 method Methods 0.000 claims abstract description 32
- 230000006870 function Effects 0.000 claims description 66
- 230000009191 jumping Effects 0.000 claims description 9
- 238000005457 optimization Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 238000012216 screening Methods 0.000 claims description 3
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000002123 temporal effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000007634 remodeling Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for comprehensively selecting a function and an information security policy and a storage medium, wherein the method comprises the steps of S1, collecting the function security policy and the information security policy to form a security policy set; s2, defining the determined industrial control scene, and extracting m applicable functional security policies and n applicable information security policies from the security policy set to form a security policy subset according to the security requirements of the industrial control scene; s3, freely combining the functional security policies and/or the information security policies in the security policy subset to form an alternative security policy scheme; s4, calculating the function safety degree, information safety degree, time complexity and space complexity of each alternative safety strategy scheme; and S5, integrating the function security degree, the information security degree, the time complexity and the space complexity to select an optimal security strategy scheme. The invention can select the safety strategy scheme with the best comprehensive performance under the determined scene, and is beneficial to improving the safety performance of the industrial control system.
Description
Technical Field
The invention relates to the field of function security and information security, in particular to a comprehensive selection method of a function and information security strategy, electronic equipment and a storage medium.
Background
With the development of information technology, the information technology is remodeling the national key information infrastructure and is gradually fused with the industrial control system, so that the construction of the industrial control system has not only the constraint of a functional security level, but also faces the security threat from a network level. However, the compatibility and storage of information security inevitably brings the industrial control system into a resource plunder of information security and function security. Therefore, the optimal function and information security strategy scheme selected by researching the security strategy selection method integrating function security, information security and resource occupation has important significance for breaking through the industrial control security protection problem under the scene of deep integration of function security and information security.
Disclosure of Invention
The invention aims to solve the problems in the prior art and provides a method for comprehensively selecting a function and information security policy, electronic equipment and a storage medium.
In a first aspect, the present invention provides a method for comprehensively selecting a function and an information security policy, wherein the method comprises the following steps:
s1, collecting the function security policy and the information security policy to form a security policy set;
s2, defining the determined industrial control scene, and extracting m applicable functional security policies and n applicable information security policies from the security policy set to form a security policy subset according to the security requirements of the industrial control scene;
s3, freely combining the function security policy and/or the information security policy in the security policy subset to form an alternative security policy scheme P k |k∈(1,2,3,......,2 m+n );
S4, calculating the function safety degree, the information safety degree, the time complexity and the space complexity of each alternative safety strategy scheme;
and S5, integrating the function security degree, the information security degree, the time complexity and the space complexity to select an optimal security strategy scheme.
Preferably, the method for calculating the functional safety degree in step S4 includes:
determining alternative security policy schemes P k Is a function security policy variable ca k ;
Determining the functional security policy guarantee capability pa of the security policy subset;
security policy scheme P based on functional security policy guarantee capability pa and alternative k Is a function security policy variable ca k And determining the functional safety degree of the system.
Preferably, the functional security policy variable ca k Is an m-dimensional vector, ca k ={ca k (1),ca k (2),......,ca k (m)},
Preferably, the functional security policy securing capability pa is an m-dimensional vector, pa ═ pa (1), pa (2),.. times.pa, pa (m) }, pa (i) | i ∈ (1, m) ═ ga (i) × la (i), ga (i) denotes a functional security policy a i La (i) represents the functional security policy a corresponding to the probability of failure occurrence when not in use i The loss due to the occurrence of the corresponding failure is not used.
Preferably, the method for calculating the information security level in step S4 includes:
determining alternative security policy schemes P k Information security policy variable cb of k ;
Determining the information security policy guarantee capability pb of the security policy subset;
security policy guarantee capability pb and alternative security policy scheme P based on information security k Information security policy variable cb of k And determining the information security degree.
Preferably, the information security policy variable cb k Is an n-dimensional vector, cb k ={cb k (1),cb k (2),......,cb k (n)},
Preferably, the information security policy securing capability pb is an n-dimensional vector, pb ═ pb (1), pb (2),.. times.pb, pb (n) }, pb (j) i j e (1, n) ═ gb (j) x lb (j), gb (j) denotes an information security policy b j Lb (j) represents information security policy b corresponding to probability of failure occurrence when not used j The loss due to the occurrence of the corresponding failure is not used.
Preferably, the step S5 includes the following sub-steps:
s51, selecting an effective security policy scheme from the alternative security policy schemes based on a multi-objective optimization algorithm, and primarily screening the effective security policy scheme according to the set functional security degree, information security degree, time complexity and space complexity threshold value to obtain a non-inferior policy scheme;
s52, dimensionless and normalized processing is carried out on the function safety degree, the information safety degree, the time complexity and the space complexity of the non-inferior strategy scheme;
s53, calculating the comprehensive performance of the non-inferior strategy scheme by combining the set weights of the function safety degree, the information safety degree, the time complexity and the space complexity;
and S54, selecting the optimal security policy scheme based on the comprehensive performance of the non-inferior policy schemes.
Preferably, when there are a plurality of non-inferior policy schemes with the best overall performance, the step S54 includes the following sub-steps:
s541, extracting a plurality of non-inferior strategy schemes with best comprehensive performance to form an optimal scheme set; setting different preference degrees for the four performance parameters of the function safety degree, the information safety degree, the time complexity and the space complexity, and sequencing from high to low;
s542, extracting the performance parameters with the highest preference degree for the non-inferior strategy schemes in the optimal scheme set, comparing, and judging whether a plurality of best values exist; if not, jumping to S543, if yes, deleting the non-inferior strategy scheme corresponding to the non-best value in the optimal scheme set and updating the optimal scheme set, then excluding the performance parameter with the highest preference degree, and judging whether the number of the excluded performance parameters is equal to four, if yes, jumping to S544, otherwise, jumping to S542;
s543, selecting the non-inferior strategy scheme corresponding to the only best value as the optimal safety strategy scheme;
s544, randomly selecting a non-inferior strategy scheme in the optimal scheme set as the optimal security strategy scheme.
In a second aspect, the present invention provides a storage medium, where computer-executable instructions are stored, and when the computer-executable instructions are loaded and executed by a processor, the method for comprehensively selecting functions and information security policies is implemented.
In conclusion, the invention has the following beneficial effects: the function safety degree, the information safety degree, the time complexity and the space complexity of the safety strategy scheme are comprehensively considered, and the function and information safety strategy scheme with the best comprehensive performance under the determined scene can be selected. In addition, under the condition of same and optimal comprehensive performance, a function and information security policy scheme with optimal preference can be selected by setting preference degree; the safety strategy scheme selected by the invention can comprehensively and flexibly accord with the safety requirement and hardware capability of the actual industrial control scene, and effectively enhance the function of the industrial control scene and the information safety guarantee.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions and advantages of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart of a method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating step S5 according to an embodiment of the present invention.
Fig. 3 is a flowchart illustrating step S54 according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages disclosed in the embodiments of the present invention more clearly apparent, the embodiments of the present invention are described in further detail below with reference to the accompanying drawings and the embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the embodiments of the invention and are not intended to limit the embodiments of the invention. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making creative efforts shall fall within the protection scope of the present application. Examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout.
It should be noted that the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The embodiment of the present application provides a method for comprehensively selecting a function and an information security policy, as shown in fig. 1, including:
and step S1, collecting the function security policy and the information security policy to form a security policy set.
With the development of industrial control systems and information security, a large number of functional security policies and information security policies have been accumulated. Different functional security policies and information security policies exist for different functional security faults and information security faults in different scenes, a plurality of applicable functional security policies exist for the same functional security fault in the same scene, and similarly, a plurality of applicable information security policies also exist for the same information security fault. In step S1, all existing functional security policies and information security policies are collected, including different functional security policies and information security policies applicable to different functional security failures and information security failures in different scenarios, and different functional security policies and information security policies applicable to the same functional security failure and information security failure in the same scenario.
And step S2, defining the determined industrial control scene, and extracting m applicable functional security policies and n applicable information security policies from the security policy set to form a security policy subset according to the security requirements of the industrial control scene.
The safety requirements of the industrial control scene comprise at least one function safety requirement and/or at least one information safety requirement, aiming at a single function safety requirement, a plurality of applicable function safety strategies are extracted from the safety strategy set, and aiming at a single information safety requirement, a plurality of applicable information safety strategies are also extracted from the safety strategy set.
Step S3, freely combining the function security policy and/or the information security policy in the security policy subset to form an alternative security policy scheme P k |k∈(1,2,3,......,2 m+n )。
M functional security policies and n information security policies exist in the security policy subset, and the functional security policies and/or the information security policies are freely combined to generate 2 m+n An alternative security policy scheme.
And step S4, calculating the function safety degree, the information safety degree, the time complexity and the space complexity of each alternative safety strategy scheme.
In some embodiments of the present invention, the method for calculating the functional safety degree in step S4 includes:
determining alternative security policy schemes P k Is a function security policy variable ca k ;
Determining the functional security policy guarantee capability pa of the security policy subset;
security policy scheme P based on functional security policy guarantee capability pa and alternatives k Is a function security policy variable ca k And determining the functional safety degree of the system.
In particular, in some embodiments of the invention, the functional security policy variable ca k Is an m-dimensional vector, ca k ={ca k (1),ca k (2),......,ca k (m)},
Similarly, the functional security policy securing capability pa is an m-dimensional vector, pa ═ pa (1), pa (2),.. times., pa (m) }, pa (i) | i ∈ (1, m) ═ ga (i) × la (i), ga (i) denotes a functional security policy a i When the fault is not adopted, the probability of the occurrence of the corresponding fault can be obtained by carrying out risk evaluation on the industrial control system by a fault tree method; la (i) represents a functional security policy a i The loss due to the occurrence of the corresponding failure is not used.
In some embodiments of the invention, each functional security policy a may be set i The corresponding functional safety failure is of equal authority, the safety strategy scheme P k The functional security degree of (2) is obtained by point-multiplying the functional security policy enrichment degree vector with the functional security policy guarantee capability vector.
Of course, in some embodiments of the invention, functional security policies a i The corresponding functional safety faults can also be weighted differently to form a m-dimensional weight vector, a safety strategy scheme P k The functional security degree of (2) is obtained by point-multiplying the weight vector, the functional security policy enrichment degree vector and the functional security policy guarantee capability vector.
Likewise, in some embodiments of the present invention, the method for calculating the information security level in step S4 includes:
determining alternative security policy schemes P k Information security policy variable cb of k ;
Determining the information security policy guarantee capability pb of the security policy subset;
security policy guarantee capability pb and alternative security policy scheme P based on information security k Information security policy variable cb of k And determining the information security degree.
In particular, in some embodiments of the invention, the information is providedFull policy variable cb k Is an n-dimensional vector, cb k ={cb k (1),cb k (2),......,cb k (n)},
Similarly, the information security policy securing capability pb is an n-dimensional vector, pb ═ pb (1), pb (2),.. times.pb, pb (n) }, pb (j) i j e (1, n) ═ gb (j) x lb (j), gb (j) denotes an information security policy b j The probability of the occurrence of the corresponding fault when the fault is not adopted can be obtained by carrying out risk assessment on the industrial control system by a fault tree method; lb (j) denotes information security policy b j The loss due to the occurrence of the corresponding failure is not used.
Security policy scheme P k The information security degree calculation method of (2) is the same as the above-mentioned functional security degree calculation method thereof, and will not be described in detail herein.
In some embodiments of the present invention, the time complexity and the space complexity of the security policy scheme may be determined by using an existing time complexity function and a space complexity function, and generally, the time complexity function has the following selection forms according to different program structures of the scheme: constant, d 2 、d 3 、
dlogd、d!、2 d And the space complexity function generally has the following selection forms according to different program structures of the scheme: constant, d, log 2 d, and the like, wherein d is the data scale influencing the running times of the program codes in the time complexity function, and d is the data scale influencing the occupied space in the space complexity function.
And step S5, selecting an optimal security strategy scheme by integrating the function security degree, the information security degree, the time complexity and the space complexity.
In some embodiments of the present invention, as shown in fig. 2, the step S5 includes the following sub-steps:
s51, selecting an effective security policy scheme from the alternative security policy schemes based on a multi-objective optimization algorithm, wherein the multi-objective optimization algorithm can adopt the existing NSGA-II algorithm; primarily screening the effective security strategy scheme according to the set function security degree, information security degree, time complexity and space complexity threshold value to obtain a non-inferior strategy scheme; it can be understood that the threshold values of the function safety degree and the information safety degree are lower limit values, and the threshold values of the time complexity and the space complexity are upper limit values;
s52, dimensionless and normalized processing is carried out on the function safety degree, the information safety degree, the time complexity and the space complexity of the non-inferior strategy scheme;
s53, calculating the comprehensive performance of the non-inferior strategy scheme by combining the set weights of the function safety degree, the information safety degree, the time complexity and the space complexity;
and S54, selecting the optimal security policy scheme based on the comprehensive performance of the non-inferior policy schemes.
In some embodiments of the present invention, the overall performance of the non-inferior policy scheme in the step S53 is determined by summing the products of the functional security level, the information security level, the temporal complexity and the spatial complexity and the respective weights. It can be understood that, when selecting the security policy scheme, the higher the functional security degree and the information security degree, the better the temporal complexity and the spatial complexity, and the better the temporal complexity and the spatial complexity, so the weights of the functional security degree and the information security degree are positive, and the weights of the temporal complexity and the spatial complexity are negative.
In some embodiments of the present invention, the non-inferior policy scheme with the best overall performance is selected as the optimal security policy scheme in step S54. There may be a plurality of non-inferior policy schemes with the best overall performance, and one of the non-inferior policy schemes may be randomly selected as the optimal security policy scheme.
In some embodiments of the present invention, when there are multiple non-inferior policy schemes with the best overall performance, as shown in fig. 3, the step S54 includes the following sub-steps:
s541, extracting a plurality of non-inferior strategy schemes with best comprehensive performance to form an optimal scheme set; setting different preference degrees for the four performance parameters of the function safety degree, the information safety degree, the time complexity and the space complexity, and sequencing from high to low;
s542, extracting the performance parameters with the highest preference degree for the non-inferior strategy schemes in the optimal scheme set, comparing, and judging whether a plurality of best values exist; if not, jumping to S543, if yes, deleting the non-inferior strategy scheme corresponding to the non-best value in the optimal scheme set and updating the optimal scheme set, then excluding the performance parameter with the highest preference degree, and judging whether the number of the excluded performance parameters is equal to four, if yes, jumping to S544, otherwise, jumping to S542;
s543, selecting the non-inferior strategy scheme corresponding to the only best value as the optimal safety strategy scheme;
and S544, randomly selecting one non-inferior strategy scheme in the optimal scheme set as the optimal security strategy scheme.
The invention comprehensively considers the function safety degree, the information safety degree, the time complexity and the space complexity of the safety strategy scheme, and can select the function and information safety strategy scheme with the best comprehensive performance under the determined scene. In addition, under the condition of same and optimal comprehensive performance, a function and information security policy scheme with optimal preference can be selected by setting preference degree; the safety strategy scheme selected by the invention can comprehensively and flexibly accord with the safety requirement and hardware capability of the actual industrial control scene, and effectively enhance the function of the industrial control scene and the information safety guarantee.
The embodiment of the present application further provides a storage medium, where computer-executable instructions are stored in the storage medium, and when the computer-executable instructions are loaded and executed by a processor, the method for comprehensively selecting the functions and the information security policies is implemented. The storage medium may be one or a combination of more of a magnetic disk, an optical disk, a read-only memory, a random access memory, a flash memory, a hard disk, and the like.
It should be noted that: the precedence order of the above embodiments of the present invention is only for description, and does not represent the merits of the embodiments. While certain embodiments of the present disclosure have been described above, other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments.
Those skilled in the art will appreciate that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware. The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A method for comprehensively selecting a function and an information security policy is characterized by comprising the following steps:
s1, collecting the function safety strategy and the information safety strategy to form a safety strategy set;
s2, defining the determined industrial control scene, and extracting m applicable functional security policies and n applicable information security policies from the security policy set to form a security policy subset according to the security requirements of the industrial control scene;
s3, freely combining the function security policy and/or information security policy in the security policy subset to form an alternative security policy scheme P k |k∈(1,2,3,......,2 m+n );
S4, calculating the function safety degree, information safety degree, time complexity and space complexity of each alternative safety strategy scheme;
and S5, integrating the function security degree, the information security degree, the time complexity and the space complexity to select an optimal security strategy scheme.
2. The method for comprehensively selecting the functional and information security policies according to claim 1, wherein the method for calculating the security level of the function in step S4 comprises:
determining alternative security policy schemes P k Is a function security policy variable ca k ;
Determining the functional security policy guarantee capability pa of the security policy subset;
security policy scheme P based on functional security policy guarantee capability pa and alternative k Is a function security policy variable ca k And determining the functional safety degree of the system.
3. The method as claimed in claim 2, wherein the function security policy variable ca is selected from the group consisting of k Is an m-dimensional vector, ca k ={ca k (1),ca k (2),......,ca k (m)},
4. The method according to claim 3, wherein the functional security policy securing capability pa is an m-dimensional vector, pa { pa (1), pa (2),.. times.so., pa (m) }, pa (i) | i (e 1, m) ═ ga (i) × la (i), ga (i) represents a functional security policy a i La (i) represents the functional security policy a corresponding to the probability of failure occurrence when not in use i The loss due to the occurrence of the corresponding failure is not used.
5. The method for comprehensively selecting the functions and the information security policies according to claim 1, wherein the method for calculating the information security degree in step S4 comprises:
determining alternative security policy schemes P k Information security policy variable cb of k ;
Determining the information security policy guarantee capability pb of the security policy subset;
security policy scheme P based on information security policy guarantee capability pb and alternatives k Information security policy variable cb of k And determining the information security degree.
6. The method as claimed in claim 5, wherein the information security policy variable cb is a variable of the information security policy k Is an n-dimensional vector, cb k ={cb k (1),cb k (2),......,cb k (n)},
7. The method for comprehensively selecting the functions and the information security policies according to claim 6, wherein the information security policy guarantee capability pb is an n-dimensional vector, pb { pb (1), pb (2),.. times. j Lb (j) represents information security policy b corresponding to probability of failure occurrence when not used j The loss due to the occurrence of the corresponding failure is not used.
8. The method for selecting the function and the information security policy comprehensively according to any one of claims 1 to 7, characterized in that the step S5 comprises the following sub-steps:
s51, selecting an effective security policy scheme from the alternative security policy schemes based on a multi-objective optimization algorithm, and primarily screening the effective security policy scheme according to the set functional security degree, information security degree, time complexity and space complexity threshold value to obtain a non-inferior policy scheme;
s52, dimensionless and normalized processing is carried out on the function safety degree, the information safety degree, the time complexity and the space complexity of the non-inferior strategy scheme;
s53, calculating the comprehensive performance of the non-inferior strategy scheme by combining the set weights of the function safety degree, the information safety degree, the time complexity and the space complexity;
and S54, selecting the optimal security policy scheme based on the comprehensive performance of the non-inferior policy schemes.
9. The method for comprehensively selecting the function and the information security policy according to claim 8, wherein when there are a plurality of non-inferior policy schemes with the best comprehensive performance, said step S54 comprises the following sub-steps:
s541, extracting a plurality of non-inferior strategy schemes with best comprehensive performance to form an optimal scheme set; setting different preference degrees for the four performance parameters of the function safety degree, the information safety degree, the time complexity and the space complexity, and sequencing from high to low;
s542, extracting the performance parameters with the highest preference degree for the non-inferior strategy schemes in the optimal scheme set, comparing, and judging whether a plurality of best values exist; if not, jumping to S543, if yes, deleting the non-inferior strategy scheme corresponding to the non-best value in the optimal scheme set and updating the optimal scheme set, then excluding the performance parameter with the highest preference degree, and judging whether the number of the excluded performance parameters is equal to four, if yes, jumping to S544, otherwise, jumping to S542;
s543, selecting the non-inferior strategy scheme corresponding to the only best value as the optimal safety strategy scheme;
s544, randomly selecting a non-inferior strategy scheme in the optimal scheme set as the optimal security strategy scheme.
10. A storage medium having stored thereon computer-executable instructions, which when loaded and executed by a processor, implement the method for integrated selection of functionality and information security policy of any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210323446.2A CN115065491A (en) | 2022-03-30 | 2022-03-30 | Function and information security policy comprehensive selection method, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210323446.2A CN115065491A (en) | 2022-03-30 | 2022-03-30 | Function and information security policy comprehensive selection method, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115065491A true CN115065491A (en) | 2022-09-16 |
Family
ID=83196545
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210323446.2A Pending CN115065491A (en) | 2022-03-30 | 2022-03-30 | Function and information security policy comprehensive selection method, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115065491A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130167193A1 (en) * | 2011-12-21 | 2013-06-27 | Akamai Technologies, Inc. | Security policy editor |
| CN106453379A (en) * | 2016-10-28 | 2017-02-22 | 华中科技大学 | Security policy dynamic acquisition method of process control system based on attack-defense game |
| CN107528850A (en) * | 2017-09-05 | 2017-12-29 | 西北大学 | A kind of optimal prevention policies analysis system and method based on improvement ant group algorithm |
| CN109802960A (en) * | 2019-01-08 | 2019-05-24 | 深圳中兴网信科技有限公司 | Firewall policy processing method and processing device, computer equipment and storage medium |
| CN110377002A (en) * | 2019-06-06 | 2019-10-25 | 西安电子科技大学 | A kind of adaptive interior CAN bus method of controlling security and system |
| CN110489975A (en) * | 2019-08-26 | 2019-11-22 | 江苏方天电力技术有限公司 | A kind of information system services safety evaluation method |
| CN114039853A (en) * | 2021-11-15 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Method, device, storage medium and electronic equipment for detecting security policy |
| US20220067180A1 (en) * | 2020-09-01 | 2022-03-03 | International Business Machines Corporation | Security policy management for database |
-
2022
- 2022-03-30 CN CN202210323446.2A patent/CN115065491A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130167193A1 (en) * | 2011-12-21 | 2013-06-27 | Akamai Technologies, Inc. | Security policy editor |
| CN106453379A (en) * | 2016-10-28 | 2017-02-22 | 华中科技大学 | Security policy dynamic acquisition method of process control system based on attack-defense game |
| CN107528850A (en) * | 2017-09-05 | 2017-12-29 | 西北大学 | A kind of optimal prevention policies analysis system and method based on improvement ant group algorithm |
| CN109802960A (en) * | 2019-01-08 | 2019-05-24 | 深圳中兴网信科技有限公司 | Firewall policy processing method and processing device, computer equipment and storage medium |
| CN110377002A (en) * | 2019-06-06 | 2019-10-25 | 西安电子科技大学 | A kind of adaptive interior CAN bus method of controlling security and system |
| CN110489975A (en) * | 2019-08-26 | 2019-11-22 | 江苏方天电力技术有限公司 | A kind of information system services safety evaluation method |
| US20220067180A1 (en) * | 2020-09-01 | 2022-03-03 | International Business Machines Corporation | Security policy management for database |
| CN114039853A (en) * | 2021-11-15 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Method, device, storage medium and electronic equipment for detecting security policy |
Non-Patent Citations (3)
| Title |
|---|
| XIANG WANG; WEIQI SHI; YANG XIANG; JUN LI: "Efficient Network Security Policy Enforcement With Policy Space Analysis", 《IEEE/ACM TRANSACTIONS ON NETWORKING》, pages 2926 * |
| 程晓荣: "基于状态机模型的网络安全策略验证方法研究", 《计算机工程与设计》, pages 37 - 46 * |
| 赵丹丹、张娓娓、艾医: "基于网络终端设备信息安全的研究策略", 《商丘职业技术学院学报》, pages 31 - 47 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tao et al. | An improved intrusion detection algorithm based on GA and SVM | |
| CN112819300B (en) | Power distribution network risk assessment method based on random game network under network attack | |
| CN110166454B (en) | Mixed feature selection intrusion detection method based on adaptive genetic algorithm | |
| CN111600919B (en) | Method and device for constructing intelligent network application protection system model | |
| CN113158190B (en) | Malicious code countermeasure sample automatic generation method based on generation type countermeasure network | |
| CN111881439B (en) | Recognition model design method based on antagonism regularization | |
| Chen et al. | Temporal watermarks for deep reinforcement learning models | |
| JP7213626B2 (en) | Security measure review tool | |
| CN112039864B (en) | Method for analyzing cross-layer security risk of electric power CPS | |
| CN115378733A (en) | Multi-step attack scene construction method and system based on dynamic graph embedding | |
| CN114598514A (en) | Industrial control threat detection method and device | |
| CN115065491A (en) | Function and information security policy comprehensive selection method, electronic equipment and storage medium | |
| CN116996272A (en) | Network security situation prediction method based on improved sparrow search algorithm | |
| CN116707870A (en) | Defensive strategy model training method, defensive strategy determining method and equipment | |
| CN116070382A (en) | Risk prediction method and device for network, processor and electronic equipment | |
| CN116248381A (en) | Alarm aggregation method and device, electronic equipment and storage medium | |
| CN116248335A (en) | Network attack and defense strategy selection method and system based on intelligent evolution game | |
| WO2022018867A1 (en) | Inference apparatus, inference method and computer-readable storage medium | |
| CN114553489A (en) | Industrial control system safety protection method and device based on multi-objective optimization algorithm | |
| CN115221553A (en) | Data protection system based on artificial intelligence and block chain intelligent contract partition | |
| CN113642017A (en) | Encrypted flow identification method based on self-adaptive feature classification, memory and processor | |
| Setitra et al. | Combination of Hybrid Feature Selection and LSTM-AE Neural Network for Enhancing DDOS Detection in SDN | |
| US11936665B2 (en) | Method for monitoring data transiting via a user equipment | |
| Moreira et al. | State-Feedback Control for Cyber-Physical Discrete-Time Systems under Replay Attacks: An LMI Approach | |
| CN110708342B (en) | Method and system for quantifying influence of malicious attack on information physical power system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20240517 |