CN101527649A - Risk evaluation method and system based on security dependence relation - Google Patents

Risk evaluation method and system based on security dependence relation Download PDF

Info

Publication number
CN101527649A
CN101527649A CN200810101526A CN200810101526A CN101527649A CN 101527649 A CN101527649 A CN 101527649A CN 200810101526 A CN200810101526 A CN 200810101526A CN 200810101526 A CN200810101526 A CN 200810101526A CN 101527649 A CN101527649 A CN 101527649A
Authority
CN
China
Prior art keywords
node
risk
dependent tree
evaluated
safe
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200810101526A
Other languages
Chinese (zh)
Inventor
胡振宇
叶润国
骆拥政
李博
朱钱杭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Venus Information Technology Co Ltd
Original Assignee
Beijing Venus Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Venus Information Technology Co Ltd filed Critical Beijing Venus Information Technology Co Ltd
Priority to CN200810101526A priority Critical patent/CN101527649A/en
Publication of CN101527649A publication Critical patent/CN101527649A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention relates to a method and a system for risk evaluation based on security dependence relation, in particular to a method and a system which are applied to network security of the computer. The hardware used in the method comprises an internet; the method comprises the following steps: the risk probability of a connection event between dependency nodes is determined according to all the factors of the visit or service type; a security dependence tree is established by taking evaluated nodes as the root; the risk probability of the evaluated node is calculated; the calculated risk probability of the evaluated nodes is multiplied with the degree of significance of the evaluated nodes to obtain the risk of the evaluated nodes; and the invention establishes the security dependence relation between the evaluated nodes and other nodes by establishing the security dependence tree taking the evaluated nodes as the root and introduces a risk propagation mechanism into the risk evaluation. The invention not only considers the direct risk, but also considers the indirect risk caused by the dependence relation, therefore, the risk evaluation is more accurate and more objective.

Description

A kind of methods of risk assessment and system based on security dependence relation
Technical field
The present invention relates to a kind of methods of risk assessment and system based on security dependence relation, the present invention relates to information security field, is a kind of method and system that is applied to the security risk assessment of computer network information system.
Background technology
The methods of risk assessment of computer network can be divided into manual evaluation and assessment automatically.Manual evaluation is carried out in the mode of survey usually, relies on expertise, although assessment is more comprehensive, easily introduces subjective factor, and complicated evaluation process causes the user to face huge expense; Automatically assessment adopts the method for automatic identification weakness or attack that objective network is assessed usually, because automaticity, high efficiency and the ease of manageability of this method, so be subjected to user's favor deeply.At present, more at the correlative study work of automatic assessment technology, but the fail safe of network is mainly assessed in work from the angle of attacking, and most methods is the weakness that automatic weakness scanning tools obtains to be implemented to quantize laggard sector-style danger add up.But this method has often been ignored propagated this fact of risk: because the height of computer is interconnected, the risk that the computer of being injured causes may be propagated to other main frames even whole network, make the computer that those originally directly do not have risk, because of the risk of the computer of being injured is propagated, and suffer security threat.
Summary of the invention
In order to overcome the deficiencies in the prior art, the present invention proposes a kind of methods of risk assessment and system based on security dependence relation.Described method and system mainly comprises safe dependent tree generating algorithm and device and based on the risk assessment algorithm and the device of dependence.Safe dependent tree has been described the security dependence relation structure and the risk situation of network node, has provided the sports rule of risk based on the risk assessment algorithm of dependence.
The technical solution adopted for the present invention to solve the technical problems is: a kind of methods of risk assessment based on security dependence relation, and the hardware that described method is used comprises: the Internet, the step of described method is:
According to visit or each key element of COS, determine the dependence between the node and the risk probability of connection event;
Foundation is a safe dependent tree of root with evaluated node;
Calculate the risk probability of evaluated node;
The significance level of the risk probability of evaluated node and evaluated node multiplied each other obtain the risk of evaluated node.
A kind of system of the risk assessment based on security dependence relation, comprise: generating with evaluated node according to the safe dependency network of goal systems and node ID is the safe dependent tree maker of the safe dependent tree of root, be connected with safety dependent tree maker according to the risk probability of leaf node in the safety dependent tree and the node risk probability calculator of the risk probability of the connection probability calculation destination node of each node wherein thereof.Annexation between two modules of this system is (as Fig. 5): safe dependent tree maker receives user's safe dependency network as input, the output of safe dependent tree maker, as input of node risk probability calculator, the risk probability calculator is then exported the risk probability of assessment node.
Beneficial effect of the present invention: the present invention is incorporated into the risk mechanism of transmission in the risk assessment by setting up the security dependence relation between the node.Not only considered direct risk, and considered the indirect risk that causes owing to dependence, thereby can make risk assessment more accurate, objective.
Description of drawings
The netted schematic diagram of actual dependence that Fig. 1 is given an actual example for the embodiment of the invention one;
The dependent tree schematic diagram of the node that Fig. 2 is given an actual example for the embodiment of the invention one;
Fig. 3 is the flow chart of the embodiment of the invention one described work;
Fig. 4 is the embodiment of the invention four described risk evaluating system schematic diagrames based on security dependence relation;
Fig. 5 is that the embodiment of the invention five described safe dependent tree makers are formed schematic diagram;
Fig. 6 is that the embodiment of the invention six described node risk probability calculators are formed schematic diagram.
The present invention is further described below in conjunction with drawings and Examples.
Embodiment
Embodiment one:
Present embodiment is a kind of methods of risk assessment based on security dependence relation, and the hardware that described method is used comprises: the Internet, and the step of described method is as follows:
Step 1:, determine to rely on the risk probability of connection event between the node according to visit or each key element of COS.Set up internodal dependence network, assess the probability of each connection event.If nodes X iAnd X jBetween security dependence relation is arranged
Figure A20081010152600061
Then setting up the risk probability of its connection event uses
Figure A20081010152600062
Expression.
Step 2: setting up with evaluated node is a safe dependent tree of root;
Step 3: the risk probability that calculates evaluated node;
Step 4: the significance level of the risk probability of evaluated node and evaluated node multiplied each other obtains the risk of evaluated node.Can use simple equation expression: R=V * P to calculate its risk.Wherein R represents to assess the risk of node, and V represents to assess the significance level of node, and P represents the risk probability of node.
Below by an application example above-mentioned flow process is described further.
Fig. 1 is the node schematic diagram that has security dependence relation in the network, Node B 1And B 2It is fundamental node.These two nodes if security incident will exert one's influence to the safe condition of other node by the direction shown in the figure.To nodes X 5The step of assessment is as follows:
Step 1: set up the risk that relies between the node and rely on probability.If nodes X iAnd X jBetween security dependence relation is arranged, then according to its visit or COS and other relevant knowledge, determine the risk probability of connection event If the risk probability of the connection event between each node is as follows:
P ( E B 1 , X 1 ) = 0.01 , P ( E B 2 , X 2 ) = 0.05
P ( E B 2 , X 3 ) = 0.45 , P ( E X 1 , X 5 ) = 0.06
P ( E X 2 , X 5 ) = 0.06 , P ( E X 5 , X 4 ) = 0.1
P ( E X 6 , X 5 ) = 0.4 , P ( E X 3 , X 6 ) = 0.4
Step 2: generating with the node that will assess is the safe dependent tree of root.Nodes X 5Safe dependent tree as shown in Figure 2.
Step 3:, find Node B if through test (scanning) 1And B 2Risk probability be respectively P (B 1)=0.01, P (B 2Following calculating item is carried out successively according to formula in)=0.5:
P ( X 1 ) = P ( B 1 ) P ( E B 1 , X 1 ) = 0.0001
P ( X 3 ) = P ( B 2 ) P ( E B 2 , X 3 ) = 0.225
P ( X 2 ) = P ( B 2 ) P ( E B 2 , X 2 ) = 0.025
P ( X 6 ) = P ( X 3 ) P ( E X 3 , X 6 ) = 0.09
P ( X 5 ) = 1 - ( 1 - P ( X 1 ) P ( E X 1 , X 5 ) ) · ( 1 - P ( X 2 ) P ( E X 2 , X 5 ) ) · ( 1 - P ( X 6 ) P ( E X 6 , X 5 ) ) = 0 . 037451775324
It is nodes X 5Risk probability be 0.037451775324.
Step 4: if nodes X 5Significance level be 0.7, nodes X then 5Risk be 0.037451775324*0.7=0.0262162427268.
Embodiment two:
Present embodiment is the preferred version of embodiment one, is that to set up among the embodiment one with evaluated node be the refinement of a safe dependent tree step of root, and setting up with evaluated node is that substep in the safe dependent tree step of root comprises:
(1). with the destination node that will assess is the initial root node of safe dependent tree, adds in the safe dependent tree;
(2). for each newly-increased node of safety dependent tree, all nodes that directly rely on add in the safe dependent tree as its direct child node with it;
(3) if. the newly-increased node in (2) substep has been the root node that comprises a certain subtree of this node, then with this newly-increased node branch deletion that comprises of this root node;
(4). repeat (2)~(3) the above step, till dependent tree is no longer grown, form a safe dependent tree that does not have loop at last.
Embodiment three:
Present embodiment is the preferred version of embodiment one, calculates the refinement of the risk probability step of evaluated node among the embodiment one, and substep wherein comprises:
(1). with the node that will assess is initial root node, according to each node and this initial root node apart from layering, and according to formula
P ( Y ) = P ( U i = 1 n X i E X i , Y ) = 1 - Π i = 1 n ( 1 - P ( X i , E X i , Y ) ) = 1 - Π i = 1 n ( 1 - P ( X i ) P ( E X i , Y ) )
Calculate the risk probability of evaluated node, if all nodes all be leaf node then stop, otherwise forward the next son step to;
(2). as starting point iteron step (1), all is leaf node up to reaching all nodes with the nonleaf node in the substep (1).
Embodiment four:
Present embodiment is a kind of risk evaluating system based on security dependence relation.Described system comprises as shown in Figure 4:
Safe dependent tree maker: according to the safe dependency network of goal systems, described safety relies on the security dependence relation that maker receives the system node of safe dependency network, and node IP, and generating with evaluated node is the safe dependent tree of root.
Safe dependent tree maker generates safe dependent tree according to embodiment two described methods.
Node risk probability calculator: node risk probability calculator is connected with safe dependent tree maker, receive safety and rely on the safe dependent tree that maker generates, and the leaf node risk probability of the safe dependency network of receiving target system be connected probability, according to the risk probability of each leaf node in the safety dependent tree and the connection probability of each node wherein thereof, calculate the risk probability of destination node.
Node risk probability calculator calculates the risk probability of destination node according to embodiment three described methods.
Embodiment five:
Present embodiment is the preferred version of embodiment four, is the refinement of the safe dependent tree maker among the embodiment four.Described safe dependent tree maker as shown in Figure 5, comprising:
Node identification ID input unit.This device input node identification ID, and will assess node as first node input.System utilizes these ID that each node is identified, so that set up the contact of the risk probability of the risk probability of node, node and connection event.
Security dependence relation input unit between the node.Security dependence relation input unit between the node is according to the probability of node identification ID input connection event.
With the calculating generating apparatus that node identification ID input unit is connected with the security dependence relation input unit, it is the safe dependent tree of root that this device generates as calculated with evaluated node, and exports this safe dependent tree.
Annexation between three modules is as shown in Figure 5, and node identification ID input unit receives user's node identification ID, and the security dependence relation input unit between the node receives user's the probability of connection event as input; The output of these two devices connects calculates generating apparatus, and it is the safe dependent tree of root with evaluated node that the calculating generating apparatus is then exported one.
Embodiment six:
Present embodiment is the preferred version of embodiment four, is the refinement of the node risk probability calculator among the embodiment four.Described node risk probability calculator comprises:
With evaluated node is the safe dependent tree input unit of root.What receive safe dependent tree maker output is the safe dependent tree of root with evaluated node.
The risk probability input unit of safe each leaf node of dependent tree.Risk probability by node in the node ID input tree.
Connection probability input unit between the safe dependent tree node.By annexation between the node and connection probability in the node ID input tree.
The risk probability that is connected with first three device calculates output device.The risk probability of root node is calculated and exported to the method for pressing embodiment three.
The annexation of three devices of node risk probability calculator is (as shown in Figure 6): safe dependent tree input unit, leaf node risk probability input unit and the output that is connected the probability input unit all are connected to risk probability and calculate output device, and risk probability calculates the risk probability that output device is exported the assessment node at last.

Claims (6)

1. methods of risk assessment based on security dependence relation, the hardware that described method is used comprises: the Internet is characterized in that described method may further comprise the steps:
According to visit or each key element of COS, determine the dependence between the node and the risk probability of connection event;
Foundation is a safe dependent tree of root with evaluated node;
Calculate the risk probability of evaluated node;
The significance level of the risk probability of evaluated node and evaluated node multiplied each other obtain the risk of evaluated node.
2. a kind of methods of risk assessment based on security dependence relation according to claim 1 is characterized in that described foundation is that substep in the safe dependent tree step of root comprises with evaluated node:
(1). with the destination node that will assess is the initial root node of safe dependent tree, adds in the safe dependent tree;
(2). for each newly-increased node of safety dependent tree, all nodes that directly rely on add in the safe dependent tree as its direct child node with it;
(3) if. the newly-increased node in (2) substep has been the root node that comprises a certain subtree of this node, then with this newly-increased node branch deletion that comprises of this root node;
(4). repeat (2)~(3) the above step, till dependent tree is no longer grown, form a safe dependent tree that does not have loop at last.
3. a kind of methods of risk assessment based on security dependence relation according to claim 1 is characterized in that the substep in the risk probability step of the evaluated node of described calculating comprises:
(1). with the node that will assess is in the initial root node safety dependent tree, according to each node and this node apart from layering, and according to formula:
P ( Y ) = P ( U i = 1 n X i E X i , Y ) = 1 - Π i = 1 n ( 1 - P ( X i E X i , Y ) ) = 1 - Π i = 1 n ( 1 - P ( X i ) P ( E X i , Y ) )
Calculate the risk probability of evaluated node, if all nodes all be leaf node then stop, otherwise forward the next son step to;
(2). as starting point iteron step (1) in the safety dependent tree, all is leaf node up to reaching all nodes with the nonleaf node in the substep (1).
4. system based on the risk assessment of security dependence relation, it is characterized in that, comprise: generating with evaluated node according to the safe dependency network of goal systems and node ID is the safe dependent tree maker of the safe dependent tree of root, be connected with safety dependent tree maker according to the risk probability of leaf node in the safety dependent tree and the node risk probability calculator of the risk probability of the connection probability calculation destination node of each node wherein thereof.
5. the system of described a kind of risk assessment based on security dependence relation according to claim 4, it is characterized in that, described safe dependent tree maker comprises: the security dependence relation input unit between node identification ID input unit, the node, the security dependence relation input unit between described node identification ID input unit, the node and evaluated node are that the safe dependent tree of root calculates generating apparatus and is connected.
6. the system of a kind of risk assessment based on security dependence relation according to claim 4, it is characterized in that described node risk probability calculator comprises: be the safe dependent tree input unit of root with evaluated node, the risk probability input unit of safe each leaf node of dependent tree, connection probability input unit between the safe dependent tree node is with safety dependent tree input unit, risk probability input unit, the risk probability that is connected the evaluated node that the probability input unit connects calculates output device.
CN200810101526A 2008-03-07 2008-03-07 Risk evaluation method and system based on security dependence relation Pending CN101527649A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810101526A CN101527649A (en) 2008-03-07 2008-03-07 Risk evaluation method and system based on security dependence relation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810101526A CN101527649A (en) 2008-03-07 2008-03-07 Risk evaluation method and system based on security dependence relation

Publications (1)

Publication Number Publication Date
CN101527649A true CN101527649A (en) 2009-09-09

Family

ID=41095357

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810101526A Pending CN101527649A (en) 2008-03-07 2008-03-07 Risk evaluation method and system based on security dependence relation

Country Status (1)

Country Link
CN (1) CN101527649A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104135380A (en) * 2014-03-26 2014-11-05 中国通信建设集团设计院有限公司 Method and device of risk analysis of hierarchical network
CN105046155A (en) * 2015-06-24 2015-11-11 北京系统工程研究所 Risk assessment method and apparatus for software system vulnerability
CN103095728B (en) * 2013-02-07 2016-04-27 重庆大学 A kind of network security points-scoring system of Behavior-based control data fusion and method
CN106682906A (en) * 2015-11-10 2017-05-17 阿里巴巴集团控股有限公司 Risk identification and business processing method and device
CN108780486A (en) * 2016-03-18 2018-11-09 Abb瑞士股份有限公司 The safe self-evaluating of context aware
CN109151525A (en) * 2018-09-22 2019-01-04 肖鑫茹 A kind of video sharing system based on information network
CN111291375A (en) * 2020-02-25 2020-06-16 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Application program evaluation method and device, computer equipment and storage medium

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103095728B (en) * 2013-02-07 2016-04-27 重庆大学 A kind of network security points-scoring system of Behavior-based control data fusion and method
CN104135380A (en) * 2014-03-26 2014-11-05 中国通信建设集团设计院有限公司 Method and device of risk analysis of hierarchical network
CN105046155A (en) * 2015-06-24 2015-11-11 北京系统工程研究所 Risk assessment method and apparatus for software system vulnerability
CN105046155B (en) * 2015-06-24 2018-05-08 北京系统工程研究所 Software systems loophole methods of risk assessment and device
CN106682906A (en) * 2015-11-10 2017-05-17 阿里巴巴集团控股有限公司 Risk identification and business processing method and device
CN108780486A (en) * 2016-03-18 2018-11-09 Abb瑞士股份有限公司 The safe self-evaluating of context aware
CN109151525A (en) * 2018-09-22 2019-01-04 肖鑫茹 A kind of video sharing system based on information network
CN111291375A (en) * 2020-02-25 2020-06-16 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Application program evaluation method and device, computer equipment and storage medium
CN111291375B (en) * 2020-02-25 2022-04-26 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Application program evaluation method and device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN101527649A (en) Risk evaluation method and system based on security dependence relation
CN105357228B (en) A kind of burst flow detection method based on dynamic threshold
CN105139585A (en) Intelligent early warning and prediction method for soil slope danger
CN102790700A (en) Method and device for recognizing webpage crawler
CN103761420B (en) Evaluation method for stepwise regression of thermal power equipment performances
NO341596B1 (en) Analysis of multiple values taking into account uncertainties
CN106230773A (en) Risk evaluating system based on fuzzy matrix analytic hierarchy process (AHP)
CN106209829A (en) A kind of network security management system based on warning strategies
US11501106B2 (en) Anomaly factor estimation device, anomaly factor estimation method, and storage medium
CN102638445A (en) Feedback type multistep network attack intelligent detection method and feedback type multistep network attack intelligent detection device
CN108280207A (en) A method of the perfect Hash of construction
CN106411828A (en) Method of quantifying defense result, apparatus and system thereof
Avrachenkov et al. Markov processes with restart
CN104753617A (en) Detection method of time-sequence type covert channel based on neural network
CN112134873A (en) IoT network abnormal flow real-time detection method and system
CN105119876A (en) automatically-generated domain name
CN110263876B (en) Noise reduction processing method and system for rain sound signals
Mori et al. Flow analysis of internet traffic: World Wide Web versus peer‐to‐peer
CN101262373B (en) A computer network invasion location system and method
Liu et al. On non-stationary threshold autoregressive models
CN106375344A (en) Intelligent grid load integrity attack detection method for cloud storage
CN110022293A (en) A kind of electric network information physics emerging system methods of risk assessment
CN108183499B (en) Static security analysis method based on Latin hypercube sampling probability trend
Schwefel et al. Understanding the relationship between network traffic correlation and queueing behavior: A review based on the N-Burst ON/OFF model
Sun et al. Quality-of-protection (QoP): a quantitative methodology to grade security services

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20090909