CN116015983B - Network security vulnerability analysis method and system based on digital twin - Google Patents
Network security vulnerability analysis method and system based on digital twin Download PDFInfo
- Publication number
- CN116015983B CN116015983B CN202310305653.XA CN202310305653A CN116015983B CN 116015983 B CN116015983 B CN 116015983B CN 202310305653 A CN202310305653 A CN 202310305653A CN 116015983 B CN116015983 B CN 116015983B
- Authority
- CN
- China
- Prior art keywords
- network
- attack
- information
- optimization
- generating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of digital information security, and provides a network security vulnerability analysis method and system based on a digital twin body, wherein the method comprises the following steps: collecting network configuration information, network operation information and network interface information of a target network, generating a twin database, and calling the twin database to perform modeling mapping on the target network to generate a digital twin topology model; the method comprises the steps of obtaining application attribute information of a target network, analyzing and generating a network attack sample data set, carrying out attack test on a digital twin topology model to obtain an attack test result, carrying out vulnerability positioning to obtain a vulnerability positioning result, and generating a network optimization scheme according to the vulnerability positioning result, so that the technical problem that the network optimization scheme aiming at security vulnerabilities is not set in advance, the threat to the network information security is still present is solved, the attack test is carried out in a network test stage, the corresponding network optimization scheme is set in advance aiming at the security vulnerabilities, and the technical effect of maintaining the network information security to the maximum extent is achieved.
Description
Technical Field
The invention relates to the technical field of digital information security, in particular to a network security vulnerability analysis method and system based on a digital twin body.
Background
The network attack is a main cause of network security threat, and the network information security vulnerability is in the form of Trojan, virus, hacker and the like, and a hack terminal can tamper the intercepted information and the like so as to destroy confidentiality, integrity, usability, controllability and non-repudiation of the information in the network.
The firewall is erected in the security protection system of the host computer, the firewall is kept in an open state, and the network security can be protected to a certain extent, but because of the continuous upgrading iteration of the network attack means, the network attack means of the upgrading iteration attacks on the network to generate loopholes (generally, a system without the loopholes does not exist, only one system is large and complex enough, the possibility of the loopholes almost exists, the possibility of the loopholes has a nonlinear improvement trend along with the improvement of the complexity of the system), and the security of hardware, software and information in the network still has a certain threat.
In summary, in the prior art, there is a technical problem that a network optimization scheme aiming at security holes is not set in advance, and network information security is still threatened.
Disclosure of Invention
The application aims to solve the technical problem that the network information security still has threat in the prior art because a network optimization scheme aiming at the security hole is not set in advance by providing a network security hole analysis method and a network security hole analysis system based on a digital twin body.
In view of the above problems, embodiments of the present application provide a network security vulnerability analysis method and system based on digital twins.
In a first aspect of the disclosure, a method for analyzing a network security hole based on a digital twin body is provided, where the method is applied to a network security hole analysis system, the system is communicatively connected with a cloud processor, and the method includes: collecting network configuration information, network operation information and network interface information of a target network; generating a twin database according to the network configuration information, the network operation information and the network interface information, wherein the twin database is stored in the cloud processor; invoking the twin database to perform modeling mapping on the target network to generate a digital twin topology model; acquiring application attribute information of the target network; analyzing the application attribute information of the target network to generate a network attack sample data set; carrying out attack test on the digital twin topology model according to the network attack sample data set to obtain an attack test result; and performing vulnerability positioning based on the attack test result to obtain a vulnerability positioning result, and generating a network optimization scheme according to the vulnerability positioning result.
In another aspect of the disclosure, a network security vulnerability analysis system based on a digital twin body is provided, wherein the system comprises: the information acquisition module is used for acquiring network configuration information, network operation information and network interface information of the target network; the twin database generation module is used for generating a twin database according to the network configuration information, the network operation information and the network interface information, wherein the twin database is stored in a cloud processor; the modeling mapping module is used for calling the twin database to perform modeling mapping on the target network and generating a digital twin topology model; the application attribute acquisition module is used for acquiring application attribute information of the target network; the application attribute analysis module is used for analyzing the application attribute information of the target network and generating a network attack sample data set; the first attack testing module is used for carrying out attack testing on the digital twin topology model according to the network attack sample data set to obtain an attack testing result; and the vulnerability positioning module is used for performing vulnerability positioning based on the attack test result to obtain a vulnerability positioning result, and generating a network optimization scheme according to the vulnerability positioning result.
One or more technical solutions provided in the present application have at least the following technical effects or advantages:
because the network configuration information, the network operation information and the network interface information of the target network are acquired; generating a twin database according to the network configuration information, the network operation information and the network interface information, and modeling and mapping the target network to generate a digital twin topology model; acquiring application attribute information of a target network; analyzing application attribute information of a target network to generate a network attack sample data set, carrying out attack test on the digital twin topology model to obtain an attack test result, carrying out vulnerability positioning to obtain a vulnerability positioning result, and generating a network optimization scheme, so that the technical effects of carrying out attack test in a network test stage, setting a corresponding network optimization scheme in advance aiming at security vulnerabilities and maintaining network information security to the greatest extent are achieved.
The foregoing description is only an overview of the technical solutions of the present application, and may be implemented according to the content of the specification in order to make the technical means of the present application more clearly understood, and in order to make the above-mentioned and other objects, features and advantages of the present application more clearly understood, the following detailed description of the present application will be given.
Drawings
Fig. 1 is a schematic flow chart of a network security vulnerability analysis method based on a digital twin body according to an embodiment of the present application;
fig. 2 is a schematic flow chart of a possible process for generating reminding information in a network security vulnerability analysis method based on a digital twin body according to an embodiment of the present application;
fig. 3 is a schematic flow chart of a possible implementation of a network optimization scheme in a network security vulnerability analysis method based on a digital twin body according to an embodiment of the present application;
fig. 4 is a schematic diagram of a possible structure of a network security breach analysis system based on a digital twin body according to an embodiment of the present application.
Reference numerals illustrate: the system comprises an information acquisition module 100, a twin database generation module 200, a modeling mapping module 300, an application attribute acquisition module 400, an application attribute analysis module 500, a first attack test module 600 and a vulnerability localization module 700.
Detailed Description
The embodiment of the application provides a network security vulnerability analysis method and system based on a digital twin body, which solve the technical problem that the network information security is still threatened without setting a network optimization scheme aiming at the security vulnerability in advance, realize attack testing in a network testing stage, set a corresponding network optimization scheme aiming at the security vulnerability in advance, and maintain the technical effect of the network information security to the maximum extent.
Having described the basic principles of the present application, various non-limiting embodiments of the present application will now be described in detail with reference to the accompanying drawings.
Example 1
As shown in fig. 1, an embodiment of the present application provides a network security vulnerability analysis method based on a digital twin body, where the method is applied to a network security vulnerability analysis system, the system is communicatively connected with a cloud processor, and the method includes:
s10: collecting network configuration information, network operation information and network interface information of a target network;
s20: generating a twin database according to the network configuration information, the network operation information and the network interface information, wherein the twin database is stored in the cloud processor;
s30: invoking the twin database to perform modeling mapping on the target network to generate a digital twin topology model;
specifically, the network security hole analysis system is in communication connection with the cloud processor, the communication connection is simply through signal transmission interaction, a communication network is formed between the network security hole analysis system and the cloud processor, and hardware support is provided for network security hole analysis;
collecting network configuration information (network configuration information: IP address, subnet mask, default gateway, DNS server and other relevant parameter indexes), network operation information (network operation information: routing information in a host, passing network nodes, network connection state, interface statistics and other relevant parameter information) and network interface information (network interface information: information of all active network interfaces) (the collecting mode is not unique, common use of an ifconfig command is to view the network interface information, use of a traceroute command is to test the network nodes passing between the current host and a destination host);
the twin database (the twin database internally comprises a network configuration data segment, a network operation data segment and a network interface data segment) is stored in the cloud processor, and the network configuration information is synchronously input into the network configuration data segment in the twin database in the cloud processor according to the data distribution arrangement format of the twin database; synchronously inputting the network operation information into a network operation data segment in a twin database in a cloud processor; synchronously inputting the network interface information into a network interface data segment in a twin database in a cloud processor to generate the twin database;
and calling the twin database according to the network node distribution information and the network connection state of the target network, performing modeling mapping on the target network according to a star topology structure (each network node is connected to a central node (the central node can be a switch) according to the network connection state mapping in a point-to-point mode), and generating a digital twin topology model so as to provide model support for performing network security vulnerability simulation test.
Step S30 further includes the steps of:
s31: performing network scale evaluation on the target network according to the network configuration information to obtain a network scale index;
s32: generating modeling complexity according to the network scale index;
s33: judging whether the modeling complexity is larger than a preset modeling complexity or not;
s34: if the modeling complexity is greater than the preset modeling complexity, acquiring a dimension reduction instruction;
s35: performing dimension reduction on the target network according to the dimension reduction instruction to obtain a dimension reduction network;
s36: and modeling and mapping the dimension-reducing network to generate the digital twin topology model.
Specifically, according to the network configuration information, performing network scale evaluation on the target network (the IP address of each host has uniqueness, and the network scale is estimated through the IP address of each host in the same network, and the larger the network scale is, the larger the data volume of the IP address is), taking the data volume of the IP address as a network scale index, and calculating and obtaining modeling complexity according to the network scale index;
judging whether the modeling complexity is larger than a preset modeling complexity (the preset modeling complexity is a preset parameter index); if the modeling complexity is not greater than the preset modeling complexity, namely dimension reduction processing is not needed, modeling and mapping are directly carried out on the target network according to a star topology structure, and a digital twin topology model is generated; if the modeling complexity is greater than the preset modeling complexity, dimension reduction processing is needed, and dimension reduction instructions are obtained and are used for reducing some tiny network branches; performing dimension reduction on the target network, reducing some tiny network branches according to the dimension reduction instruction, and reserving modeling of a trunk road to obtain a dimension reduction network; and modeling and mapping the dimension reduction network according to a star topology structure directly to generate the digital twin topology model, thereby providing technical support for reducing the system load.
Step S32 includes the steps of:
s321: obtaining the operation complexity, the data volume load complexity and the modeling efficiency complexity of the server according to the network scale index;
s322: and generating the modeling complexity by taking the server operation complexity, the data volume load complexity and the modeling efficiency complexity as a plurality of indexes.
Specifically, generating modeling complexity according to the network scale index specifically includes: calculating complexity according to the network scale index to obtain server operation complexity (server operation complexity = server bit number/network configuration information, total bit number of network operation information and network interface information x 100%), data volume load complexity (data volume load complexity = data volume of IP address/total data volume of network configuration information, network operation information and network interface information x 100%) and modeling efficiency complexity (modeling efficiency complexity = modeling operation number/3600 x time period length of occupied server per operation x 100%, modeling mapping connection from point to point per operation);
taking the server operation complexity, the data volume load complexity and the modeling efficiency complexity as a plurality of indexes, and performing weighted calculation on the plurality of indexes to generate the modeling complexity, wherein the method specifically comprises the following steps of: and carrying out standardization processing on the server operation complexity, the data volume load complexity and the modeling efficiency complexity, carrying out weighted calculation on each result obtained by the standardization processing by utilizing a variation coefficient method, wherein the variation coefficient method is an objective weighting method, directly utilizing information contained in each result obtained by the standardization processing, calculating to obtain the weight of each result obtained by the standardization processing, carrying out weighted calculation on the server operation complexity, the data volume load complexity and the modeling efficiency complexity of the standardization processing after determining the weight, and obtaining modeling complexity through weight adjustment, thereby providing a basis for balancing parameter index difference and guaranteeing stability of the modeling complexity.
S40: acquiring application attribute information of the target network;
s50: analyzing the application attribute information of the target network to generate a network attack sample data set;
s60: carrying out attack test on the digital twin topology model according to the network attack sample data set to obtain an attack test result;
s70: and performing vulnerability positioning based on the attack test result to obtain a vulnerability positioning result, and generating a network optimization scheme according to the vulnerability positioning result.
Specifically, application attribute information of the target network is acquired (the application attribute information may be commercial, enterprise type, local area network, public network, etc.); analyzing application attribute information of the target network (generally, before transmission/storage operation is performed, a security level is set according to sensitivity and privacy of transmission data/storage data, during storage operation, attacks that password invasion, privilege elevation, SQL (Structured Query Language, a database language) injection, backup stealing and the like are mainly required to be prevented so as to cause illegal leakage of the storage data are mainly required to be prevented; in the process of storing operation, data recording is carried out, a network attack sample storage data set is obtained, the network attack sample transmission data set and the network attack sample storage data set are combined, a network attack sample data set is generated, and a data base is provided for determining network security vulnerabilities;
according to the attack instructions (including but not limited to password intrusion, privilege elevation, SQL injection, theft backup/sniffing attack, interception attack and denial of service attack) recorded in the network attack sample data set, carrying out attack test on the digital twin topology model, and checking the resistance of the digital twin topology model to attack to obtain an attack test result; and performing vulnerability positioning in the target network based on the attack test result to obtain a vulnerability positioning result (the vulnerability positioning result comprises vulnerability type and vulnerability address information), sending the vulnerability positioning result to related management staff of a network security vulnerability analysis system, and making a network optimization scheme by the related management staff according to the vulnerability positioning result to provide technical support for timely vulnerability maintenance.
Step S70 further includes the steps of:
s71: optimizing the target network according to the network optimization scheme to generate a digital twin optimization model;
s72: carrying out attack test on the digital twin optimization model according to the network attack sample data set to obtain a secondary attack test result;
s73: generating an optimization coefficient according to the secondary attack test result and the attack test result;
s74: and acquiring reminding information according to the optimization coefficient.
Specifically, after the network optimization scheme is generated, the network optimization scheme needs to be tested, including: optimizing the target network according to the network optimization scheme (generally, the network optimization scheme can be to periodically check whether backup files are available or not, so as to avoid that backup data are unavailable after faults occur (if the backup data are unavailable, multi-source backup, namely server data backup, including website program file backup, database file backup and configuration file backup, backup in each hour and backup in different places, so as to provide technical support for avoiding the unavailability of the data), encrypting important data by using multiple encryption algorithms, reducing the possibility of illegal leakage of the data, ensuring that operations are all in accordance with constraint files related to network security vulnerabilities such as network product security vulnerability management regulations), and generating a digital twin optimization model by referring to a digital twin topology model form; according to the attack instruction recorded in the network attack sample data set, carrying out attack test on the digital twin optimizing model, checking the performance of the digital twin optimizing model in resisting attack, and obtaining a secondary attack test result;
performing benchmarking analysis (generally, information security hole forms comprise Trojan, virus, hacker and the like), wherein different security hole forms have certain differences on the attack degree and influence mode of the computer system, each information security hole form needs to be benchmarked to ensure the consistency of the attack degree and influence mode of the optimization direction and the computer system) (for example, the attack test result shows that the Trojan form security holes caused by password intrusion have N, the secondary attack test result shows that the Trojan form security holes caused by password intrusion have M, wherein N is greater than or equal to 0, the optimization coefficient = N-M for the Trojan form security holes caused by password intrusion) and the optimization coefficient is generated (the optimization coefficient comprises an optimization coefficient for the Trojan form security holes caused by password intrusion, an optimization coefficient for the virus form security holes caused by password intrusion, an optimization coefficient for the Trojan form security holes caused by privilege elevation and the like); and acquiring reminding information according to the optimization coefficient, and providing technical support for optimizing network security vulnerabilities according to the degree of invasiveness caused by the computer system.
As shown in fig. 2, step S74 includes the steps of:
s741: generating a simulation optimization coefficient according to the network optimization scheme;
s742: carrying out loss analysis based on the simulation optimization coefficient and the optimization coefficient to obtain an optimization loss degree;
s743: and if the optimization loss degree is larger than a preset optimization loss degree, generating the reminding information.
Specifically, according to the optimization coefficient, the reminding information is obtained, which specifically comprises: performing simulation optimization on the digital twin topology model according to the network optimization scheme to obtain a digital twin topology optimization model, and performing attack test on the digital twin topology optimization model according to the network attack sample data set to obtain a simulation attack test result; generating a simulation optimization coefficient according to the simulation attack test result and the attack test result;
carrying out loss analysis based on the simulation optimization coefficient and the optimization coefficient (for example, the attack test result shows that the Trojan type security holes caused by password invasion are N, the secondary attack test result shows that the Trojan type security holes caused by password invasion are M, the simulation attack test result shows that the Trojan type security holes caused by password invasion are Z, wherein N & gtM & gtZ & gtis more than or equal to 0, the optimization loss degree of the Trojan type security holes caused by password invasion is = (M-Z)/N & gt100%, the simulation attack test result shows that 93.5% of attacks can be resisted through multiple verification, the secondary attack test result shows that 87.2% of attacks can be resisted, and therefore M & gtZ) is obtained, and the optimization loss degree (the optimization loss degree comprises a series of optimization loss degrees of the Trojan type security holes caused by password invasion, the optimization loss degree of the Trojan type security holes caused by virus invasion, the optimization loss degree of the Trojan type security holes caused by privilege elevation and the like);
if the optimization loss degree is greater than the preset optimization loss degree (the preset optimization loss degree is a preset parameter index) (the optimization loss caused by various reasons such as low processing speed, delay and the like), generating the reminding information (the processing speed is limited by hardware configuration, a 32-bit operating system can be replaced by a 64-bit operating system, the processing speed is improved, the delay is limited by the link speed of a network and network congestion, network maintenance is performed, and the normal network transmission is ensured), wherein the reminding information is used for reminding related management personnel of timely performing hardware configuration update or network maintenance.
As shown in fig. 3, step S70 further includes the steps of:
s75: obtaining the attack test result, wherein the attack test result is a mapping data set formed by taking an attack mode, a vulnerability cause and a vulnerability influence as triples;
s76: performing intra-group positive sequence ordering according to the vulnerability influence to obtain an attack test ordering result;
s77: and generating an optimization priority according to the attack test sequencing result, and executing the network optimization scheme according to the optimization priority.
Specifically, the obtaining the attack test result specifically includes: establishing a triplet by taking an attack mode as a univariate variable, taking a vulnerability cause as a bivariate variable and taking a vulnerability influence as a triplet, wherein the attack test result is a mapping data set formed by taking the attack mode, the vulnerability cause and the vulnerability influence as the triples (the triples are characterized in that the mapping data set is characterized by using row marks, column marks and element values); performing intra-group positive sequence ordering (ordering in a big-to-small mode) according to the vulnerability influence, and taking the result of the intra-group positive sequence ordering of the vulnerability influence as an attack test ordering result; setting the ranking 1-8 as a first optimization priority according to the attack test ranking result; setting the ordering of 9-16 as a second optimization priority; … …; setting the sequencing 8 q+1-8 q+8 as the q+1 optimizing priority, and setting the first optimizing priority and the second optimizing priority; … …; and combining the q+1 optimization priorities to generate an optimization priority, executing the network optimization scheme according to the optimization priority, and sequencing the network optimization priority from the angles of attack modes, vulnerability reasons and vulnerability influences to improve the rationality of the network optimization sequencing.
Step S70 further includes the steps of:
s78: embedding a protection evaluation sub-model into the digital twin topology model, wherein the protection evaluation sub-model comprises protection response delay and protection filtration percentage;
s79: generating a network security level according to the protection evaluation submodel;
S7A: and performing vulnerability positioning by taking the network security level as the comparison basis of the attack test result.
Specifically, embedding a protection evaluation submodel into the digital twin topology model specifically includes: constructing a protection evaluation sub-model, wherein the protection evaluation sub-model is arranged in a firewall of each host in a target network, and comprises protection response delay (common CPU of 3-5 MIPS, and the minimum protection response delay unit can be accurate to mu s) and protection filtering percentage; according to the protection evaluation sub-model, performing network protection evaluation level evaluation to obtain a network security level; performing vulnerability positioning by taking the network security level as the comparison basis of the attack test results, and providing technical support for performing network security vulnerability positioning by combining a firewall in a host;
constructing a protection evaluation sub-model, which specifically comprises the following steps: taking a BP network model as a model basis, taking a protection response delay and a protection filtering percentage as retrieval contents, carrying out data association retrieval in a network security vulnerability analysis system, obtaining a historical protection response delay, a historical protection filtering percentage and a historical network security level, taking the historical protection response delay and the historical protection filtering percentage as input training data, inputting the input training data into the BP network model, carrying out error analysis by adopting a result obtained by training and an expected result (the expected result: the historical network security level) each time, further modifying a weight and a threshold (further modifying the weight and the threshold can train the BP network model to be suitable for carrying out network protection evaluation level evaluation), obtaining a model which can be consistent with the expected result in one step, and determining a protection evaluation sub-model after model output tends to be stable (model stability: consistent with the expected result).
In summary, the network security vulnerability analysis method and system based on the digital twin provided by the embodiment of the application have the following technical effects:
1. because the network configuration information, the network operation information and the network interface information of the target network are acquired; generating a twin database according to the network configuration information, the network operation information and the network interface information, and modeling and mapping the target network to generate a digital twin topology model; the application attribute information of the target network is acquired, the network attack sample data set is analyzed and generated, the attack test is carried out on the digital twin topology model, the attack test result is obtained, the vulnerability positioning result is obtained, and the network optimization scheme is generated.
2. Because the attack test result is obtained; and performing intra-group positive sequence sequencing according to the vulnerability influence, obtaining an attack test sequencing result, generating an optimization priority, executing a network optimization scheme with the optimization priority, and performing network optimization priority sequencing from the angles of attack modes, vulnerability reasons and vulnerability influence to improve the rationality of network optimization sequencing.
Example two
Based on the same inventive concept as the network security hole analysis method based on the digital twin in the foregoing embodiment, as shown in fig. 4, an embodiment of the present application provides a network security hole analysis system based on the digital twin, where the system includes:
the information acquisition module 100 is configured to acquire network configuration information, network operation information and network interface information of a target network;
a twin database generation module 200, configured to generate a twin database according to the network configuration information, the network operation information, and the network interface information, where the twin database is stored in a cloud processor;
the modeling mapping module 300 is configured to invoke the twin database to perform modeling mapping on the target network, so as to generate a digital twin topology model;
an application attribute obtaining module 400, configured to obtain application attribute information of the target network;
the application attribute analysis module 500 is configured to analyze application attribute information of the target network and generate a network attack sample data set;
the first attack testing module 600 is configured to perform attack testing on the digital twin topology model according to the network attack sample data set, so as to obtain an attack testing result;
and the vulnerability positioning module 700 is configured to perform vulnerability positioning based on the attack test result, obtain a vulnerability positioning result, and generate a network optimization scheme according to the vulnerability positioning result.
Further, the system includes:
the network scale evaluation module is used for evaluating the network scale of the target network according to the network configuration information and obtaining a network scale index;
the modeling complexity generation module is used for generating modeling complexity according to the network scale index;
the modeling complexity judging module is used for judging whether the modeling complexity is larger than a preset modeling complexity or not;
the dimension reduction instruction acquisition module is used for acquiring dimension reduction instructions if the modeling complexity is greater than the preset modeling complexity;
the dimension reduction operation module is used for reducing dimension of the target network according to the dimension reduction instruction to obtain a dimension reduction network;
and the modeling mapping module is used for modeling and mapping the dimension-reducing network and generating the digital twin topology model.
Further, the system includes:
the complexity calculation module is used for obtaining the operation complexity, the data volume load complexity and the modeling efficiency complexity of the server according to the network scale index;
the modeling complexity calculation module is used for generating the modeling complexity by taking the server operation complexity, the data volume load complexity and the modeling efficiency complexity as a plurality of indexes.
Further, the system includes:
the target network optimization module is used for optimizing the target network according to the network optimization scheme to generate a digital twin optimization model;
the second attack testing module is used for carrying out attack testing on the digital twin optimization model according to the network attack sample data set to obtain a secondary attack testing result;
the optimization coefficient generation module is used for generating an optimization coefficient according to the secondary attack test result and the attack test result;
and the reminding information acquisition module is used for acquiring the reminding information according to the optimization coefficient.
Further, the system includes:
the simulation optimization coefficient generation module is used for generating a simulation optimization coefficient according to the network optimization scheme;
the loss analysis module is used for carrying out loss analysis based on the simulation optimization coefficient and the optimization coefficient to obtain an optimization loss degree;
and the reminding information generation module is used for generating the reminding information if the optimization loss degree is larger than a preset optimization loss degree.
Further, the system includes:
the attack test result acquisition module is used for acquiring the attack test result, wherein the attack test result is a mapping data set formed by triads by an attack mode, a vulnerability cause and a vulnerability influence;
the positive sequence ordering module is used for ordering the positive sequences in the group according to the vulnerability influence to obtain an attack test ordering result;
and the optimization priority generation module is used for generating an optimization priority according to the attack test sequencing result, and executing the network optimization scheme according to the optimization priority.
Further, the system includes:
the model embedding module is used for embedding a protection evaluation sub-model into the digital twin topology model, wherein the protection evaluation sub-model comprises protection response delay and protection filtering percentage;
the network security level generation module is used for generating a network security level according to the protection evaluation submodel;
and the comparison base confirmation module is used for performing vulnerability positioning by taking the network security level as the attack test result comparison base.
Any of the steps of the methods described above may be stored as computer instructions or programs in a non-limiting computer memory and may be called by a non-limiting computer processor to identify any of the methods to implement embodiments of the present application, without unnecessary limitations.
Further, the first or second element may not only represent a sequential relationship, but may also represent a particular concept, and/or may be selected individually or in whole among a plurality of elements. It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the present application and the equivalents thereof, the present application is intended to cover such modifications and variations.
Claims (8)
1. A digital twins-based network security vulnerability analysis method, wherein the method is applied to a network security vulnerability analysis system, the system is in communication connection with a cloud processor, the method comprises:
collecting network configuration information, network operation information and network interface information of a target network;
generating a twin database according to the network configuration information, the network operation information and the network interface information, wherein the twin database is stored in the cloud processor;
invoking the twin database to perform modeling mapping on the target network to generate a digital twin topology model;
acquiring application attribute information of the target network;
analyzing the application attribute information of the target network to generate a network attack sample data set, wherein the network attack sample data set comprises the steps of taking the application attribute information of the target network as search content, generating a search character, carrying out data search in big data to obtain a sample database, carrying out transmission/storage operation on the sample database by using the target network, and synchronously, carrying out data recording in the transmission operation process to obtain the network attack sample transmission data set; in the process of storing operation, data recording is carried out, a network attack sample storage data set is obtained, and the network attack sample transmission data set and the network attack sample storage data set are combined to generate the network attack sample data set;
carrying out attack test on the digital twin topology model according to the network attack sample data set to obtain an attack test result;
and performing vulnerability positioning based on the attack test result to obtain a vulnerability positioning result, and generating a network optimization scheme according to the vulnerability positioning result.
2. The method of claim 1, wherein the method further comprises:
performing network scale evaluation on the target network according to the network configuration information to obtain a network scale index;
generating modeling complexity according to the network scale index;
judging whether the modeling complexity is larger than a preset modeling complexity or not;
if the modeling complexity is greater than the preset modeling complexity, acquiring a dimension reduction instruction;
performing dimension reduction on the target network according to the dimension reduction instruction to obtain a dimension reduction network;
and modeling and mapping the dimension-reducing network to generate the digital twin topology model.
3. The method of claim 2, wherein modeling complexity is generated in accordance with the network scale index, the method comprising:
obtaining the operation complexity, the data volume load complexity and the modeling efficiency complexity of the server according to the network scale index;
and generating the modeling complexity by taking the server operation complexity, the data volume load complexity and the modeling efficiency complexity as a plurality of indexes.
4. The method of claim 1, wherein after generating the network optimization scheme, further comprising:
optimizing the target network according to the network optimization scheme to generate a digital twin optimization model;
carrying out attack test on the digital twin optimization model according to the network attack sample data set to obtain a secondary attack test result;
generating an optimization coefficient according to the secondary attack test result and the attack test result;
and acquiring reminding information according to the optimization coefficient.
5. The method of claim 4, wherein obtaining the alert information based on the optimization factor comprises:
generating a simulation optimization coefficient according to the network optimization scheme;
carrying out loss analysis based on the simulation optimization coefficient and the optimization coefficient to obtain an optimization loss degree;
and if the optimization loss degree is larger than a preset optimization loss degree, generating the reminding information.
6. The method of claim 1, wherein the method further comprises:
obtaining the attack test result, wherein the attack test result is a mapping data set formed by taking an attack mode, a vulnerability cause and a vulnerability influence as triples;
performing intra-group positive sequence ordering according to the vulnerability influence to obtain an attack test ordering result;
and generating an optimization priority according to the attack test sequencing result, and executing the network optimization scheme according to the optimization priority.
7. The method of claim 1, wherein the method further comprises:
embedding a protection evaluation sub-model into the digital twin topology model, wherein the protection evaluation sub-model comprises protection response delay and protection filtration percentage;
generating a network security level according to the protection evaluation submodel;
and performing vulnerability positioning by taking the network security level as the comparison basis of the attack test result.
8. A digital twin based network security vulnerability analysis system for implementing a digital twin based network security vulnerability analysis method according to any one of claims 1-7, comprising:
the information acquisition module is used for acquiring network configuration information, network operation information and network interface information of the target network;
the twin database generation module is used for generating a twin database according to the network configuration information, the network operation information and the network interface information, wherein the twin database is stored in a cloud processor;
the modeling mapping module is used for calling the twin database to perform modeling mapping on the target network and generating a digital twin topology model;
the application attribute acquisition module is used for acquiring application attribute information of the target network;
the application attribute analysis module is used for analyzing the application attribute information of the target network to generate a network attack sample data set, and comprises the steps of taking the application attribute information of the target network as search content, generating a search character, carrying out data search in big data to obtain a sample database, carrying out transmission/storage operation on the sample database by using the target network, and synchronously, carrying out data recording in the transmission operation process to obtain the network attack sample transmission data set; in the process of storing operation, data recording is carried out, a network attack sample storage data set is obtained, and the network attack sample transmission data set and the network attack sample storage data set are combined to generate the network attack sample data set;
the first attack testing module is used for carrying out attack testing on the digital twin topology model according to the network attack sample data set to obtain an attack testing result;
and the vulnerability positioning module is used for performing vulnerability positioning based on the attack test result to obtain a vulnerability positioning result, and generating a network optimization scheme according to the vulnerability positioning result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310305653.XA CN116015983B (en) | 2023-03-27 | 2023-03-27 | Network security vulnerability analysis method and system based on digital twin |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310305653.XA CN116015983B (en) | 2023-03-27 | 2023-03-27 | Network security vulnerability analysis method and system based on digital twin |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116015983A CN116015983A (en) | 2023-04-25 |
| CN116015983B true CN116015983B (en) | 2023-07-07 |
Family
ID=86027090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310305653.XA Active CN116015983B (en) | 2023-03-27 | 2023-03-27 | Network security vulnerability analysis method and system based on digital twin |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116015983B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117081864A (en) * | 2023-10-17 | 2023-11-17 | 天津市职业大学 | Network information security defense detection method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1614941A (en) * | 2004-12-02 | 2005-05-11 | 上海交通大学 | Method for establishing complex network running environmental analog stimulative platform |
| CN112073411A (en) * | 2020-09-07 | 2020-12-11 | 北京软通智慧城市科技有限公司 | Network security deduction method, device, equipment and storage medium |
| CN112583820A (en) * | 2020-12-09 | 2021-03-30 | 南方电网科学研究院有限责任公司 | Power attack test system based on attack topology |
| CN114070632A (en) * | 2021-11-18 | 2022-02-18 | 安天科技集团股份有限公司 | Automatic penetration testing method and device and electronic equipment |
| CN115065551A (en) * | 2022-07-27 | 2022-09-16 | 军事科学院系统工程研究院网络信息研究所 | Associated network construction and co-modeling method |
| CN115664703A (en) * | 2022-09-13 | 2023-01-31 | 国网安徽省电力有限公司信息通信分公司 | Attack tracing method based on multi-dimensional information |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220201042A1 (en) * | 2015-10-28 | 2022-06-23 | Qomplx, Inc. | Ai-driven defensive penetration test analysis and recommendation system |
-
2023
- 2023-03-27 CN CN202310305653.XA patent/CN116015983B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1614941A (en) * | 2004-12-02 | 2005-05-11 | 上海交通大学 | Method for establishing complex network running environmental analog stimulative platform |
| CN112073411A (en) * | 2020-09-07 | 2020-12-11 | 北京软通智慧城市科技有限公司 | Network security deduction method, device, equipment and storage medium |
| CN112583820A (en) * | 2020-12-09 | 2021-03-30 | 南方电网科学研究院有限责任公司 | Power attack test system based on attack topology |
| CN114070632A (en) * | 2021-11-18 | 2022-02-18 | 安天科技集团股份有限公司 | Automatic penetration testing method and device and electronic equipment |
| CN115065551A (en) * | 2022-07-27 | 2022-09-16 | 军事科学院系统工程研究院网络信息研究所 | Associated network construction and co-modeling method |
| CN115664703A (en) * | 2022-09-13 | 2023-01-31 | 国网安徽省电力有限公司信息通信分公司 | Attack tracing method based on multi-dimensional information |
Non-Patent Citations (1)
| Title |
|---|
| Digital Twin based Cyber Range for Industrial Internet of Things;Haifeng Zhou等;IEEE Consumer Technology Society;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116015983A (en) | 2023-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7483972B2 (en) | Network security monitoring system | |
| Williams et al. | An interactive attack graph cascade and reachability display | |
| Jajodia et al. | Topological vulnerability analysis: A powerful new approach for network attack prevention, detection, and response | |
| US20030182582A1 (en) | Network security simulation system | |
| WO2015149062A1 (en) | System and method for predicting impending cyber security events using multi channel behavioral analysis in a distributed computing environment | |
| CN111953673B (en) | DNS hidden tunnel detection method and system | |
| US8160855B2 (en) | System and method for simulating network attacks | |
| US11431792B2 (en) | Determining contextual information for alerts | |
| CN116015983B (en) | Network security vulnerability analysis method and system based on digital twin | |
| CN108600260A (en) | A kind of industry Internet of Things security configuration check method | |
| CN110351237B (en) | Honeypot method and device for numerical control machine tool | |
| CN111935167A (en) | Illegal external connection detection method, device, equipment and storage medium for industrial control | |
| KR20210030361A (en) | Systems and methods for reporting computer security incidents | |
| Rubio et al. | Tracking apts in industrial ecosystems: A proof of concept | |
| CN114338372A (en) | Network information security monitoring method and system | |
| US20180309782A1 (en) | Method and Apparatus for Determining a Threat Using Distributed Trust Across a Network | |
| RU2739864C1 (en) | System and method of correlating events for detecting information security incident | |
| CN111193727A (en) | Operation monitoring system and operation monitoring method | |
| CN116232770B (en) | Enterprise network safety protection system and method based on SDN controller | |
| Dietz et al. | Harnessing digital twin security simulations for systematic cyber threat intelligence | |
| Erlansari et al. | Early Intrusion Detection System (IDS) using Snort and Telegram approach | |
| Affinito et al. | Spark-based port and net scan detection | |
| Husák et al. | System for continuous collection of contextual information for network security management and incident handling | |
| Matta et al. | A dashboard for cyber situational awareness and decision support in network security management | |
| CN106254375A (en) | The recognition methods of a kind of hotspot equipment and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |