ATE313183T1 - System und verfahren zur beurteilung der verletzlichkeit der netzsicherheit mit fuzzy logik regeln - Google Patents

System und verfahren zur beurteilung der verletzlichkeit der netzsicherheit mit fuzzy logik regeln

Info

Publication number
ATE313183T1
ATE313183T1 AT01910366T AT01910366T ATE313183T1 AT E313183 T1 ATE313183 T1 AT E313183T1 AT 01910366 T AT01910366 T AT 01910366T AT 01910366 T AT01910366 T AT 01910366T AT E313183 T1 ATE313183 T1 AT E313183T1
Authority
AT
Austria
Prior art keywords
network
vulnerability
data
fuzzy logic
model database
Prior art date
Application number
AT01910366T
Other languages
English (en)
Inventor
Kevin Fox
John Farrell
Rhonda Henning
Clifford Miller
Original Assignee
Harris Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harris Corp filed Critical Harris Corp
Application granted granted Critical
Publication of ATE313183T1 publication Critical patent/ATE313183T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99941Database schema or data structure
    • Y10S707/99944Object-oriented database structure
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99941Database schema or data structure
    • Y10S707/99944Object-oriented database structure
    • Y10S707/99945Object-oriented database structure processing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer And Data Communications (AREA)
  • Devices For Executing Special Programs (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Maintenance And Management Of Digital Transmission (AREA)
  • Debugging And Monitoring (AREA)
  • Burglar Alarm Systems (AREA)
  • Alarm Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
AT01910366T 2000-02-08 2001-01-26 System und verfahren zur beurteilung der verletzlichkeit der netzsicherheit mit fuzzy logik regeln ATE313183T1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/500,269 US6883101B1 (en) 2000-02-08 2000-02-08 System and method for assessing the security posture of a network using goal oriented fuzzy logic decision rules
PCT/US2001/002825 WO2001059594A2 (en) 2000-02-08 2001-01-26 System and method for assessing the security vulnerability of a network using fuzzy logic rules

Publications (1)

Publication Number Publication Date
ATE313183T1 true ATE313183T1 (de) 2005-12-15

Family

ID=23988703

Family Applications (1)

Application Number Title Priority Date Filing Date
AT01910366T ATE313183T1 (de) 2000-02-08 2001-01-26 System und verfahren zur beurteilung der verletzlichkeit der netzsicherheit mit fuzzy logik regeln

Country Status (10)

Country Link
US (1) US6883101B1 (de)
EP (1) EP1254537B1 (de)
KR (1) KR20020081310A (de)
CN (1) CN1266879C (de)
AT (1) ATE313183T1 (de)
AU (1) AU2001237979A1 (de)
CA (1) CA2396981A1 (de)
DE (1) DE60115845T2 (de)
TW (1) TWI221985B (de)
WO (1) WO2001059594A2 (de)

Families Citing this family (64)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7096502B1 (en) * 2000-02-08 2006-08-22 Harris Corporation System and method for assessing the security posture of a network
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US7162649B1 (en) * 2000-06-30 2007-01-09 Internet Security Systems, Inc. Method and apparatus for network assessment and authentication
US20030187761A1 (en) * 2001-01-17 2003-10-02 Olsen Richard M. Method and system for storing and processing high-frequency data
AU2002244083A1 (en) * 2001-01-31 2002-08-12 Timothy David Dodd Method and system for calculating risk in association with a security audit of a computer network
US20030028803A1 (en) * 2001-05-18 2003-02-06 Bunker Nelson Waldo Network vulnerability assessment system and method
US7409714B2 (en) * 2001-06-13 2008-08-05 Mcafee, Inc. Virtual intrusion detection system and method of using same
US7146642B1 (en) * 2001-06-29 2006-12-05 Mcafee, Inc. System, method and computer program product for detecting modifications to risk assessment scanning caused by an intermediate device
US7096503B1 (en) * 2001-06-29 2006-08-22 Mcafee, Inc. Network-based risk-assessment tool for remotely detecting local computer vulnerabilities
US6966053B2 (en) * 2001-08-10 2005-11-15 The Boeing Company Architecture for automated analysis and design with read only structure
US6546493B1 (en) * 2001-11-30 2003-04-08 Networks Associates Technology, Inc. System, method and computer program product for risk assessment scanning based on detected anomalous events
JP4190765B2 (ja) * 2002-01-18 2008-12-03 株式会社コムスクエア セキュリティレベル情報提供方法及びシステム
EP1552406A4 (de) * 2002-06-18 2007-08-08 Computer Ass Think Inc Verfahren und systeme zur verwaltung von unternehmenskapital
US8909926B2 (en) * 2002-10-21 2014-12-09 Rockwell Automation Technologies, Inc. System and methodology providing automation security analysis, validation, and learning in an industrial controller environment
CN1618198A (zh) * 2003-05-17 2005-05-18 微软公司 用于评价安全风险的机制
US7580909B2 (en) * 2003-08-26 2009-08-25 Northrop Grumman Corporation Visual representation tool for structured arguments
WO2005091107A1 (en) * 2004-03-16 2005-09-29 Netcraft Limited Security component for use with an internet browser application and method and apparatus associated therewith
US7383259B2 (en) * 2004-06-04 2008-06-03 Taiwan Semiconductor Manufacturing Co., Ltd. Method and system for merging wafer test results
US7392324B2 (en) * 2004-08-13 2008-06-24 International Business Machines Corporation Consistent snapshots of dynamic heterogeneously managed data
US20060075503A1 (en) * 2004-09-13 2006-04-06 Achilles Guard, Inc. Dba Critical Watch Method and system for applying security vulnerability management process to an organization
KR20060030993A (ko) * 2004-10-07 2006-04-12 한국전자통신연구원 정보 자산의 보안 수준 분석 방법
US7610610B2 (en) 2005-01-10 2009-10-27 Mcafee, Inc. Integrated firewall, IPS, and virus scanner system and method
WO2006085595A1 (ja) * 2005-02-10 2006-08-17 Matsushita Electric Industrial Co., Ltd. プログラム変換装置及びプログラム実行装置
US20060265324A1 (en) * 2005-05-18 2006-11-23 Alcatel Security risk analysis systems and methods
US7743421B2 (en) 2005-05-18 2010-06-22 Alcatel Lucent Communication network security risk exposure management systems and methods
US7627593B2 (en) * 2005-08-25 2009-12-01 International Business Machines Corporation Method and system for unified support of multiple system management information models in a multiple host environment
US8095984B2 (en) * 2005-09-22 2012-01-10 Alcatel Lucent Systems and methods of associating security vulnerabilities and assets
US8544098B2 (en) 2005-09-22 2013-09-24 Alcatel Lucent Security vulnerability information aggregation
US8438643B2 (en) * 2005-09-22 2013-05-07 Alcatel Lucent Information system service-level security risk analysis
US20070156691A1 (en) * 2006-01-05 2007-07-05 Microsoft Corporation Management of user access to objects
GB0613192D0 (en) * 2006-07-01 2006-08-09 Ibm Methods, apparatus and computer programs for managing persistence
US20080052508A1 (en) * 2006-08-25 2008-02-28 Huotari Allen J Network security status indicators
CN101425936B (zh) * 2007-10-30 2011-08-31 北京启明星辰信息技术股份有限公司 基于异常度量的宏观网络安全状态评估方法
US8266518B2 (en) * 2008-01-16 2012-09-11 Raytheon Company Anti-tamper process toolset
US8732838B2 (en) * 2008-06-26 2014-05-20 Microsoft Corporation Evaluating the effectiveness of a threat model
US8533843B2 (en) * 2008-10-13 2013-09-10 Hewlett-Packard Development Company, L. P. Device, method, and program product for determining an overall business service vulnerability score
CN101436937B (zh) * 2008-11-26 2011-05-11 国家计算机网络与信息安全管理中心 一种对网络系统控制能力进行评价的方法
US8549628B2 (en) * 2009-04-07 2013-10-01 Alcatel Lucent Method and apparatus to measure the security of a system, network, or application
CN101883017B (zh) * 2009-05-04 2012-02-01 北京启明星辰信息技术股份有限公司 一种网络安全状态评估系统及方法
CN101692676B (zh) * 2009-09-29 2012-09-19 华中师范大学 一种开放环境下的混合信任管理系统及其信任评估方法
TWI423619B (zh) * 2009-10-26 2014-01-11 Intelligent network monitoring system
US20110125548A1 (en) * 2009-11-25 2011-05-26 Michal Aharon Business services risk management
US9971346B2 (en) 2010-05-14 2018-05-15 Harnischfeger Technologies, Inc. Remote monitoring of machine alarms
US7925874B1 (en) 2010-05-18 2011-04-12 Kaspersky Lab Zao Adaptive configuration of conflicting applications
US8813235B2 (en) * 2012-08-10 2014-08-19 Nopsec Inc. Expert system for detecting software security threats
US8756698B2 (en) 2012-08-10 2014-06-17 Nopsec Inc. Method and system for managing computer system vulnerabilities
US8990949B2 (en) * 2013-02-15 2015-03-24 International Business Machines Corporation Automatic correction of security downgraders
US8973134B2 (en) 2013-05-14 2015-03-03 International Business Machines Corporation Software vulnerability notification via icon decorations
US9276951B2 (en) 2013-08-23 2016-03-01 The Boeing Company System and method for discovering optimal network attack paths
US10599852B2 (en) 2014-08-15 2020-03-24 Securisea, Inc. High performance software vulnerabilities detection system and methods
US9824214B2 (en) 2014-08-15 2017-11-21 Securisea, Inc. High performance software vulnerabilities detection system and methods
US9454659B1 (en) 2014-08-15 2016-09-27 Securisea, Inc. Software vulnerabilities detection system and methods
US20160080408A1 (en) * 2014-09-15 2016-03-17 Lookingglass Cyber Solutions Apparatuses, methods and systems for a cyber security assessment mechanism
CN104298225B (zh) * 2014-09-25 2017-07-04 中国石油化工股份有限公司 化工过程异常工况因果关系推理模型建模与图形化展示方法
CN111343135B (zh) * 2018-12-19 2022-05-13 中国移动通信集团湖南有限公司 一种网络安全态势检测方法
CN110225018A (zh) * 2019-05-31 2019-09-10 江苏百达智慧网络科技有限公司 一种基于多设备评估web应用脆弱性的方法
CN111654489B (zh) * 2020-05-27 2022-07-29 杭州迪普科技股份有限公司 一种网络安全态势感知方法、装置、设备及存储介质
CN112379645B (zh) * 2020-10-23 2022-01-11 江苏大学 一种基于Drools规则引擎的群养母猪饲喂站物联网管控系统及方法
CN115757771A (zh) * 2021-08-23 2023-03-07 好心情健康产业集团有限公司 基于模糊逻辑的临床业务处理方法、装置和系统
CN114866434B (zh) * 2022-03-09 2023-05-02 上海纽盾科技股份有限公司 网络资产的安全评估方法及应用
CN115455484B (zh) * 2022-09-22 2023-04-18 重庆蓝数软件有限公司 一种针对云计算空间的数据泄露应对方法及服务器
CN120017288B (zh) * 2023-11-14 2025-11-04 上海交通大学 基于访问上下文逻辑推理的信息系统访问风险评估方法
CN119720210B (zh) * 2024-12-02 2025-10-21 中国人民解放军92493部队信息技术中心 一种基于平行嵌入的异构脆弱性数据融合方法及系统
CN120430917A (zh) * 2025-04-03 2025-08-05 中国科学院自动化研究所 应急态势理解方法、装置、设备、存储介质及程序产品

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA1314101C (en) 1988-02-17 1993-03-02 Henry Shao-Lin Teng Expert system for security inspection of a digital computer system in a network environment
US5138321A (en) 1991-10-15 1992-08-11 International Business Machines Corporation Method for distributed data association and multi-target tracking
US5485409A (en) 1992-04-30 1996-01-16 International Business Machines Corporation Automated penetration analysis system and method
JPH06282527A (ja) 1993-03-29 1994-10-07 Hitachi Software Eng Co Ltd ネットワーク管理システム
US5528516A (en) * 1994-05-25 1996-06-18 System Management Arts, Inc. Apparatus and method for event correlation and problem reporting
CA2216862A1 (en) 1995-03-31 1996-10-03 Abb Power T & D Company Inc. System for optimizing power network design reliability
US5699403A (en) 1995-04-12 1997-12-16 Lucent Technologies Inc. Network vulnerability management apparatus and method
US5787235A (en) * 1995-05-09 1998-07-28 Gte Government Systems Corporation Fuzzy logic-based evidence fusion tool for network analysis
US5745382A (en) 1995-08-31 1998-04-28 Arch Development Corporation Neural network based system for equipment surveillance
US5751965A (en) 1996-03-21 1998-05-12 Cabletron System, Inc. Network connection status monitor and display
US5892903A (en) 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
US5963653A (en) 1997-06-19 1999-10-05 Raytheon Company Hierarchical information fusion object recognition system and method
US6020889A (en) 1997-11-17 2000-02-01 International Business Machines Corporation System for displaying a computer managed network layout with varying transience display of user selected attributes of a plurality of displayed network objects
US6298445B1 (en) 1998-04-30 2001-10-02 Netect, Ltd. Computer security
US6054987A (en) * 1998-05-29 2000-04-25 Hewlett-Packard Company Method of dynamically creating nodal views of a managed network
US6324656B1 (en) 1998-06-30 2001-11-27 Cisco Technology, Inc. System and method for rules-driven multi-phase network vulnerability assessment
US6415321B1 (en) 1998-12-29 2002-07-02 Cisco Technology, Inc. Domain mapping method and system
US6499107B1 (en) 1998-12-29 2002-12-24 Cisco Technology, Inc. Method and system for adaptive network security using intelligent packet analysis
US6301668B1 (en) 1998-12-29 2001-10-09 Cisco Technology, Inc. Method and system for adaptive network security using network vulnerability assessment

Also Published As

Publication number Publication date
CN1425234A (zh) 2003-06-18
CA2396981A1 (en) 2001-08-16
CN1266879C (zh) 2006-07-26
DE60115845D1 (de) 2006-01-19
US6883101B1 (en) 2005-04-19
EP1254537A2 (de) 2002-11-06
TWI221985B (en) 2004-10-11
WO2001059594A2 (en) 2001-08-16
KR20020081310A (ko) 2002-10-26
AU2001237979A1 (en) 2001-08-20
WO2001059594A3 (en) 2002-04-18
DE60115845T2 (de) 2006-08-10
EP1254537B1 (de) 2005-12-14

Similar Documents

Publication Publication Date Title
ATE313183T1 (de) System und verfahren zur beurteilung der verletzlichkeit der netzsicherheit mit fuzzy logik regeln
ATE300145T1 (de) Vorrichtung und verfahren zur beurteilung der verletzlichkeit des netzsicherheit
Vázquez-Rowe et al. Review of life‐cycle approaches coupled with data envelopment analysis: launching the CFP+ DEA method for energy policy making
CN104766166B (zh) 一种面向等级保护的信息系统安全合规性检查方法
Liu Analysis of collaborative driving effect of artificial intelligence on knowledge innovation management
GB2429313A (en) Method and system for forecasting events and results based on geispatial modeling
DE60208614D1 (de) Verfahren und Vorrichtung zur Bereitstellung einer Liste von öffentlichen Schlüsseln in einem Public-Key-System
ATE554462T1 (de) Verfahren zum konfigurieren einer vorrichtung
DE69908360D1 (de) Rechnersystem und verfahren zur erklärung des verhaltens eines modelles das eingangsdaten auf ausgangdaten abbildet
EA200700394A1 (ru) Способ, устройство и система визуализации вероятностных моделей
DE10081401D2 (de) Neuronales Netz zum Computergestützten Wissensmanagement
CN110020687A (zh) 基于操作人员态势感知画像的异常行为分析方法及装置
CN111859309A (zh) 一种基于区块链技术的数字版权保护体系建设方法
Johansson et al. Coordinating and implementing multiple systems for forest management: implications of the regulatory framework for sustainable forestry in Sweden
CN110069937A (zh) 基于区块链的数据溯源方法、系统及装置
DE60336946D1 (de) System, Verfahren und Computerprogram zur Cachespeicherung von Domain-Name-System-Information in einem Netzwerkgateway
ATE398801T1 (de) Verfahren und system zum authentifizieren eines benutzers
Haron et al. Building information modelling: Literature review on model to determine the level of uptake by the organisation
CN103902627A (zh) 一种数据发布方法及装置
DE60330803D1 (de) Verfahren und anordnung in einem netzwerk zur bestimmung einerzone, in der eine kommunikationseinheit verbunden ist
DK0941505T3 (da) Fremgangsmåde til neural modellering af parametres afhængighed i et teknisk system
CN112307757A (zh) 基于辅助任务的情感分析方法、装置、设备及存储介质
Blackett et al. Introduction: Social regionalism in the global economy
Aiyer et al. Waste not, want not
Yahya et al. A review paper: Security requirement patterns for a secure software development

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties