CN101964730A - Network vulnerability evaluation method - Google Patents
Network vulnerability evaluation method Download PDFInfo
- Publication number
- CN101964730A CN101964730A CN2010101032054A CN201010103205A CN101964730A CN 101964730 A CN101964730 A CN 101964730A CN 2010101032054 A CN2010101032054 A CN 2010101032054A CN 201010103205 A CN201010103205 A CN 201010103205A CN 101964730 A CN101964730 A CN 101964730A
- Authority
- CN
- China
- Prior art keywords
- fragility
- factor
- consequence
- vulnerability
- cost
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a network vulnerability evaluation method. The method comprises the following steps of: determining vulnerability cost factors according to vulnerability cost information; obtaining a vulnerability evaluation result according to the evaluation cost factors; determining vulnerability consequence factors according to vulnerability consequence information; obtaining a vulnerability consequence evaluation result according to the vulnerability consequence factors; and determining network vulnerability according to the vulnerability cost evaluation result and the vulnerability consequence evaluation result. Therefore, the method of the invention takes the vulnerability cost factors and the vulnerability consequence factors into consideration comprehensively when evaluates the network vulnerability, and enriches and perfects the basis for network vulnerability evaluation in a targeted way, so that the accurate performance of the network vulnerability evaluation is improved obviously. Moreover, the obtained improved network vulnerability evaluation accuracy can provide important reference for network safety management, ensures that corresponding safety measures can be implemented more targeted in a planned manner based on the reference, and avoids a serious result caused by utilizing the network vulnerability.
Description
Technical field
The present invention relates to the network security analytical technology, be specifically related to a kind of network vulnerability appraisal procedure.
Background technology
In computer network, the fragility correlative study can be divided into several Problem Areas, comprising: the definition of fragility, the discovery of fragility, the identification of fragility, the analysis and evaluation of fragility.Vulnerability assessment is that objective system to be assessed is carried out the qualitative and quantitative analysis of fragility, and said here system can be a service, also can be a computer on the network, can also be whole computer network.In network safety filed, vulnerability assessment and intruding detection system, fire compartment wall, virus detect and constitute network security four key elements, three kinds of technology except that vulnerability assessment all are the passive detections in attack is carried out or after carrying out, and vulnerability assessment then is the active detecting before attack is carried out.
In general, the main purpose of vulnerability assessment is marked or ranking to fragility exactly.The factor of main reference has easily being utilized property of fragility, the potential destructiveness of fragility etc.Present stage on the common computer network in other words under the prerequisite that does not relate to network environment, vulnerability assessment has been had some researchs.Wherein, the way that domestic researcher is general be according to fragility utilize cost to each fragility assignment, thereby fragility is carried out quantitative assessment, but may there be bigger difference in this empirical value that fragility is composed under the different application environment; Foreign study person's thinking generally is based on the average attack cost of empirical Calculation intrusion behavior or attacks the probability that takes place, and assess with this, but the factor that this method is considered is too single, fixing, the influence of the fragility factor of heterogeneous networks kind, user, the required consideration of network size and suffered fragility may not be consistent, or even identical network kind, user, network size all may not be consistent in the fragility factor and the suffered fragility influence of difference required consideration constantly.
In addition, obtaining at present some organization and standard thereof that industry admits in the world has: the vulnerability class evaluation criteria of Microsoft, US-CERT, NVD.The common ground of these standards is grades that more general value of usefulness is represented fragility, and this more is difficult to guarantee the accuracy of vulnerability assessment.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of network vulnerability appraisal procedure, to improve the accuracy of network vulnerability assessment.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of network vulnerability appraisal procedure, this method comprises:
Determine the fragility cost factor according to the fragility cost information, obtain fragility assessment of cost result according to the fragility cost factor; Determine fragility consequence factor according to fragility consequence information, obtain fragility consequence assessment result according to fragility consequence factor; Determine network vulnerability according to fragility assessment of cost result and fragility consequence assessment result.
The method of determining described fragility cost factor is:
Obtain the fragility cost information relevant, determine the pairing grade of this fragility cost information, and the pairing assignment scope of this grade is defined as the fragility cost factor according to the judgment rule that sets in advance with network vulnerability.
The method that obtains described fragility assessment of cost result is:
Described fragility cost factor is weighted calculating, with weighted calculation gained result as fragility assessment of cost result.
The preparation method that carries out the weight of described weighted calculation is: the application level analytic approach calculates.
The method of determining described fragility consequence factor is:
Obtain the fragility object information relevant, determine the pairing grade of this fragility object information, and the pairing assignment scope of this grade is defined as fragility factor as a result according to the judgment rule that sets in advance with network vulnerability.
The method that obtains described fragility consequence assessment result is:
Use the product method described fragility consequence factor is calculated, will calculate the gained result as fragility consequence assessment result.
When execution obtains the operation of described fragility consequence assessment result, further introduce subsidiary damage sequence and calculate.
Described fragility cost factor comprises following one or more:
The material cost factor;
The information costs factor;
The time cost factor;
Asset access degree factor;
Vulnerability fixes degree factor;
Weakness is openly spent factor.
Described fragility consequence factor comprises following one or more:
The confidentiality factor;
The integrality factor;
The availability factor;
The confirmability factor;
Sexual factor can charge;
Can monitor sexual factor;
And each fragility consequence factor comprises following two aspects:
The assets damaged condition;
Assets importance.
This method is applied in the IP Multimedia System network.
As seen, the inventive method is considered at the factor aspect the fragility cost and the combined factors of fragility consequence aspect during network vulnerability in assessment, enrich and the foundation of perfect network vulnerability assessment, so the accuracy of network vulnerability assessment can be improved significantly pointedly; And, the network vulnerability assessment accuracy that is improved can provide important reference frame for network security management, guarantee to implement directively and purposefully in view of the above corresponding safety measure, avoid network vulnerability to be utilized the serious consequence of being brought.
Description of drawings
Fig. 1 is the network vulnerability estimation flow figure of one embodiment of the invention;
Fig. 2 is a network vulnerability estimation flow sketch of the present invention.
Embodiment
On general thought, network vulnerability appraisal procedure provided by the invention comprises: determine the fragility cost factor according to the fragility cost information, obtain fragility assessment of cost result according to the fragility cost factor; Determine fragility consequence factor according to fragility consequence information, obtain fragility consequence assessment result according to fragility consequence factor; Determine network vulnerability according to fragility assessment of cost result and fragility consequence assessment result.
The factor that will consider when carrying out network evaluation, the material cost, time cost that can consider the fragility utilization emphatically etc. seem does not have direct correlation with fragility but in the factor that has actual influence aspect the being utilized property of fragility.In addition, though also have no talent at present the consideration of relevant fragility consequence aspect is proposed clearly, at length; Even think this consequence belong to network after impaired accomplished fact thereby need not to include in assessment.But in fact, fragility is utilized various consequences that produced and the seriousness that is embodied thereof, can be from the fragility of side reflection network, and in fact this reflection have directly with network vulnerability and get in touch, and therefore should be included within the scope of consideration.As seen, the inventive method mainly is in conjunction with the factor of fragility cost aspect and the factor of fragility consequence aspect network vulnerability to be carried out net assessment.
Can also carry out concrete formalization definition before carrying out the network vulnerability assessment, this definition mode has multiple, as: definition V represents the fragility that certain is concrete, and it is a vector, can be expressed as V<A, W, T, L, U, R 〉.Wherein, A represents assets, and W represents weakness, and T represents threat, and L represents the position, and the negative consequence that may cause is attacked in the U representative, and R represents risk.Will at V respectively define the content combination, vectorial V is appreciated that into certain assets A and has certain weakness W, is threatened T to utilize by certain, occurs in certain position L, has caused certain negative consequence U, its risk R has much.Wherein position L represents physical location, reference point or the concrete function entity of assets A in network; Threaten T to represent the threat that network is subjected to, T can be an atom level, can only utilize a weakness W as a threat T, has the relation of one-to-many between weakness W and the threat T; Weakness W is a kind of hidden danger of static state.Usually have only when the weakness W that is present in a certain assets is utilized by concrete threat T and produce specific consequence U, the vectorial V that set constituted of these information just can be called as fragility.
Can also define fragility assessment of cost value C, be utilized needed cost consumption as the fragility on the special assets; Definition fragility consequence assessed value R is utilized the loss that cause these assets and network of relation assets the back as fragility.
When carrying out concrete network vulnerability assessment, need to consider fragility cost and fragility consequence two aspects.Particularly, the factor to be considered of fragility cost aspect may comprise that material cost, information costs, time cost, asset access degree, vulnerability fixes degree, weakness factor such as openly spend.
Wherein, material cost represents to utilize this cost of fragility necessary hardware equipment and software spending;
Information costs are represented the expert level of assailant's needs, assailant's number;
Time cost is represented the fragility leak investigation time, and the attack algorithm formation time is attacked spended time;
The asset access kilsyth basalt shows that the assailant visits the complexity with fragility assets;
The degree that the vulnerability fixes kilsyth basalt is given the impression of weakness and a little is repaired;
The open kilsyth basalt of weakness shows the extent of disclosure of asset vulnerabilities or fragility relevant information.
Aspect the fragility consequence, the consequence that fragility is utilized is generally defined as the destruction that certain attack occurs on the special assets to be caused.When will considering that fragility is utilized, the consequence that fragility is utilized, also should consider the importance of these assets simultaneously to the damaged condition that assets caused, and can be in addition comprehensive to the factor of this two aspect.The factor to be considered of fragility consequence aspect may comprise factors such as assets damaged condition, assets importance, subsidiary damage sequence, all can consider contents such as its confidentiality, integrality, availability, confirmability, charging property, the property monitored respectively at each factor wherein.
Wherein, confidentiality is used for representing that the information such as user contracting data, signaling, medium, network topology structure of network can be by the characteristic of arbitrarily revealing or detecting.That is: information specific is merely able to by the entity in specific authorized user or the same security domain resultantly, and this is the important means of protecting network system safety.
Integrality is used for representing the characteristic that information such as the signaling, Media Stream of network remain unchanged without permission.That is: information such as the signaling in the network, medium in transmission course, can not be tampered, delete, forge, destruction such as playback.
Availability is used for representing the information of network or the characteristic that service can be authorized to user or entity use.That is: the hardware and software resource in the network should be able to efficiently be moved, for authorized user or entity provide effective service, when attacked or disaster should be able to be fast when taking place, recover completely.
Confirmability is used to represent the characteristic of network at the bidirectional authentication mechanism of level of security, that is: network can stop the disabled user to obtain user right, makes non-contracted user can't obtain the service that network provides; And the user also possesses the ability that network is authenticated, and also possesses the ability of mutual authentication between network entity, and network user's ability of in information interactive process participant's identity being authenticated and confirms.
Charging property be used to represent network to the service that the user uses carry out in time, the characteristic of the ability of correctly chargeing, that is: the user can't escape or reduce it and use the payable expense of service.
The property monitored is used to represent the supervision that network is had the propagation and the content of information and the characteristic of control ability, that is: network can guarantee the network information is carried out security monitoring.
At each factor of above-mentioned fragility consequence aspect, all can consider from aspects such as assets damaged condition, assets importance, subsidiary damage sequences respectively.The particular content of above-mentioned fragility cost factor and fragility consequence factor is as shown in table 1:
Table 1
Above-described application fragility cost and fragility consequence two aspect factors generally are applicable to various communication networks such as the computer network that comprises IMS (IP Multimedia System) network, IP network in conjunction with the operation thinking of assessment network vulnerability.When reality is assessed at certain network, concrete Consideration can increase, deletes or change, and is applicable to this network and the smooth vulnerability assessment that realizes at this network as long as guarantee fragility cost factor and the fragility consequence factor considered.
Below, be example with Fig. 1, network vulnerability appraisal procedure of the present invention is described.
Referring to Fig. 1, Fig. 1 is the network vulnerability estimation flow figure of one embodiment of the invention, and this flow process may further comprise the steps:
Step 110: obtain material cost information, determine the material cost factor value with this.
Particularly, can the application scanning device and device scan objective network identification leak such as statistic device, obtain objective network is initiated the used instrument (hardware of actual attack, software, code) information etc., with retrievable objective network identification leak, contents such as tool information are as material cost information, and determine to obtain the complexity grade (can be the sign of corresponding different content with different complexity grade classification) of described material cost information, and the pairing assignment scope of this complexity grade is defined as the material cost factor value according to the rules such as threshold value that being used to of setting in advance represents to obtain complexity.
The involved related content of this step is as shown in table 2:
| Assignment | Sign | Definition |
| 0.0~a | Standard (standard) | This instrument is that the assailant is easy to obtain, and can initiate effectively to attack at this fragility really.This instrument may be the part (as: debugger of operating system) of assets itself, perhaps can be obtained (as: the Downloadable instrument in the Internet, protocol analyzer or simple attack script) easily. |
| A~b | Specialty (speciality) | This instrument is that the assailant obtains not too easily, but can obtain by other approach.These approach comprise the purchase (as: hundreds of computer in the internet) to a large amount of hardware devices, perhaps wider attack script or program. |
| B~1.000 | Customized (bespeak) | This instrument is that the public can't use proper ways to obtain, and it is by special producing (as: very Fu Za software systems), and perhaps distribution is subjected to |
| Restriction, or price is very expensive. |
Table 2
Step 111: obtain information degree cost information, determine the information costs factor value with this.
Particularly, equipment such as application scanning device and statistic device obtain the ability characteristics of different objects, as: can embody apparatus characteristic, Content of Communication feature of network technology level etc., and represent that according to being used to of setting in advance the rules such as threshold value of network technology level determine the grade (different capability feature level can be divided into the sign of corresponding different content) of described ability characteristics, and the pairing assignment scope of this capability feature level is defined as the information costs factor value.
The involved related content of this step is as shown in table 3:
| Assignment | Sign | Definition |
| 0.0~a | Common (common) | This assailant can be considered ordinary populace, does not have professional knowledge and special experience. |
| A~b | Be proficient in (familiarity) | This assailant is very familiar to the safety behavior of this series products or system, and relevant professional knowledge is arranged |
| B~c | Expert (connoisseur) | Technology that the ins and outs of this assailant team underlying algorithm, agreement, hardware, architectural framework, safety standard, cryptography, typical attack and tool using, initiation new attack need and instrument etc. are all very familiar. |
| C~1.0 | Expert (specialist) | This assailant has the expert level of this field highest level for the attack type of initiating on these assets, underlying algorithm, agreement. |
Table 3
Step 112: the acquisition time cost information, determine the time cost factor value with this.
Particularly, can the application scanning device and equipment such as statistic device carry out the leak investigation, form attack algorithm, carry out the experimental or trial and error examination attack equal time operation of active, with the time result of this timeliness operation as time cost information, and determine the time grade (can be the sign of corresponding different content with different time grade classification) of described time cost information, and should the pairing assignment scope of time grade be defined as the time cost factor value according to the rules such as threshold value that are used for express time length that set in advance.
The involved related content of this step is as shown in table 4:
| Assignment | Sign | Definition |
| 0.0~a | Minute level (minute) | From investigating leak to finally finishing the attack required time smaller or equal to one hour. |
| A~b | Hour level (hour) | From investigating leak to finally finishing the attack required time smaller or equal to one day. |
| B~c | Day level (day) | From investigating leak to finally finishing the attack required time smaller or equal to a week. |
| C~d | Week level (week) | From investigating leak to finally finishing the attack required time smaller or equal to one month. |
| D~1.0 | Moon level (month) | From investigating leak to finally finishing the attack required time greater than one month. |
Table 4
Step 113: obtain asset access degree information, determine asset access degree factor value with this.
Particularly, can the application scanning device and equipment such as statistic device carry out identification or utilize the needed visit of fragility special assets, to obtain and the used time span of feeding back gained etc. can represent to visit the information of complexity as asset access degree information by visit, and determine the complexity grade (can be the sign of corresponding different content with different complexity grade classification) of described asset access degree information, and the pairing assignment scope of this complexity grade is defined as asset access degree factor value according to the rules such as threshold value that being used to of setting in advance represents to visit complexity.
The involved related content of this step is as shown in table 5:
Identification or utilize certain fragility needed, to the complexity of the visit of special assets.
| Assignment | Sign | Definition |
| 0.0~a | No difficulty (none) | Visit is not subjected to any obstruction. |
| A~b | (easy) easily | Visit need be less than one day time, and the assets number that perhaps needs to visit is less than ten. |
| B~c | Medium (middle) | Visit need be less than one month time, and the assets number that perhaps needs to visit is less than 50. |
| C~d | Difficult (difficulty) | Visit needs the time of at least one month, and the assets number that perhaps needs to visit is less than 100. |
| D~1.0 | Unlimited difficult (very_difficult y) | These assets environment of living in can not be attacked. |
Table 5
Step 114: obtain vulnerability fixes degree information, determine vulnerability fixes degree factor value with this.
Particularly, can the application scanning device and equipment such as statistic device obtain vulnerability fixes content, upgraded version contents such as the patch installing carried out at fragility, software upgrading, with these contents as vulnerability fixes degree information, and represent that according to being used to of setting in advance the rules such as threshold value of vulnerability fixes tightness determine the reparation degree grade (can be the sign of corresponding different content with different reparation degree grade classification) of vulnerability fixes degree information, and should the pairing assignment scope of reparation degree grade be defined as vulnerability fixes degree factor value.
The involved related content of this step is as shown in table 6:
| Assignment | Sign | Definition |
| 0.0~a | No available solutions (none) | Do not have available solution or do not provide. |
| A~b | Replacement scheme (replaced) | The recovery scenario that is provided is not by official or supplier's issue. |
| B~c | Interim patch | The official that is provided repairs to tentative plan, comprises supplier |
| (temporary) | Issue interim Hotfix, instrument or an emergency plan. | |
| C~1.0 | Official's patch (official) | The total solution that provides by supplier.Can be a official's Hotfix, also can provide an available upgraded version by supplier's issue. |
Table 6
Step 115: obtain weakness and openly spend information, determine that with this weakness openly spends factor value.
Particularly, can the application scanning device and equipment such as statistic device obtain when attacking the customizing messages of certain weakness on the needed assets, the information that is obtained is openly spent information as weakness, and represent that according to being used to of setting in advance the rules such as threshold value of weakness extent of disclosure determine that weakness openly spends the open degree grade (sign that can be corresponding different content with different open degree grade classification) of information, and the pairing assignment scope of the disclosure degree grade is defined as weakness openly spends factor value.
The involved related content of this step is as shown in table 7:
| Assignment | Sign | Definition |
| 0.0~a | Open (public) | Vulnerability information open (as: this fragility is confirmed by the supplier or the author of influenced technology, and relevant information can obtain from the Internet). |
| A~b | Limited (limited) | Vulnerability information is partly open, and (as: relevant information is developed tissue and grasps, its hetero-organization can obtain by private consultation, so may have a plurality of unofficial informed sources in the society, comprise independently security firm or research institution, there be contradiction or other the ambiguous parts on the ins and outs in these message). |
| B~c | Responsive (sensitivity) | Vulnerability information seldom open (as: relevant information only has the Core Team in the development organizations just to have, and other members do not grasp, thus may exist single unconfirmed information to originate or a plurality of conflicting report in the society, with a low credibility). |
| C~1.0 | Crisis (crisis) | Vulnerability information open hardly (as: relevant information is well protected, and the people who only has only a few to sign confidentiality agreement grasps, so there are not related news in the society). |
Table 7
More than value at a, b in the fragility cost factor assignment, c, d relevant with the precision of index, the general value that can distinguish two index differences up and down when selecting to calculate is calculated.If select too smallly, cause assessment result on the low side easily; If select excessively, cause assessment result higher easily.In actual applications, can take following empirical value to assess: when index is divided into third gear, a=0.275, b=0.660; When index is divided into fourth gear, a=0.255, b=0.525, c=0.775; A=0.15 when index is divided into five grades, b=0.255, c=0.525, d=0.775.In addition, each above-mentioned factor refers to also can not be used in when assessing each time all redefine, but is limited to substantially in the specific codomain scope at the sign with different brackets.
Step 116:, obtain fragility assessment of cost value to all cost factor value weighted calculation.
Particularly, above-mentioned at each step aspect the fragility cost in resulting different cost factor values represent the weight of corresponding cost factor in network vulnerability respectively, therefore concrete weight computation method can be expressed as:
Fragility assessment of cost value C=material cost * material cost weight+information costs * information costs weight+time cost * time cost weight+asset access degree * asset access degree weight+weakness openly spends * and weakness openly spends weight+vulnerability fixes degree * vulnerability fixes degree weight;
Wherein, every weight can be used AHP (analytic hierarchy process (AHP)) scheduling algorithm and calculates.Particularly, the parameters that is applied to of AHP algorithm is made up of judgment matrix.Judgment matrix is represented at certain the elements A i in the last layer time, each element B 1 in this level, and B2 ..., Bn compares in twos, determining their relative importance, and constructs shape judgment matrix B=[bij as shown in table 8] nn.
| A1 | B1 | B2 | …… | Bn |
| B1 | b11 | b12 | …… | b1n |
| B2 | b21 | b22 | …… | b2n |
| : : : | : : : | : : : | : : : | : : : |
| Bn | bn1 | bn2 | …… | bnn |
Table 8
For certain element in the last level, the weighted value of the associated with it element importance of this level can obtain by characteristic root and the characteristic vector of calculating judgment matrix, for judgment matrix B, calculates the characteristic root and the characteristic vector that satisfy B=λ maxW that is:.In the formula, λ max is the maximum characteristic root of B, and W is the regular characteristic vector corresponding to λ max, and the component wi of W is exactly the weighted value of corresponding element.
After the execution of step 116, directly enter step 130.On the other hand, the operation at fragility consequence aspect is begun by step 120.Need to prove that the relevant operation of determining subsidiary damage sequence aspect will be at step 125 back describe, in general terms.
Step 120: obtain confidentiality information, with this definite confidentiality factor value at assets damaged condition, assets importance and subsidiary damage sequence three aspects.
Particularly, can the application scanning device and equipment such as statistic device obtain the information of assets to be assessed in the network, with the information that obtained confidentiality information as assets damaged condition aspect, and represent that according to being used to of setting in advance the rules such as threshold value of confidentiality information degree of exposure determine the exposure grade (different exposure grade can be divided into the sign of corresponding different content) of confidentiality information, and the pairing assignment scope of this exposure grade is defined as the confidentiality factor value (can abbreviate the confidentiality degree as) of assets damaged condition aspect.
The involved related content of the confidentiality factor value of assets damaged condition aspect is as shown in table 9:
| Assignment | Sign | Definition |
| 0.0~a | Do not have (none) | Do not influence confidentiality |
| a~b | Partly (part) | Partial information is exposed, and promptly may have access to some system file, but can not determine which kind of information of acquisition or damnous scope are limited |
| b~1.000 | All (all) | Full detail is exposed, all data (internal memory, file etc.) that promptly can reading system |
Table 9
In addition, can also the application scanning device and equipment such as statistic device when obtaining degree that assets should reach or disappearance confidentiality on confidentiality to the information contents such as influence of tissue, with the content that obtained confidentiality information as assets importance aspect, and represent that according to being used to of setting in advance the rules such as threshold value of confidentiality information significance level determine the importance rate (different importance rates can be divided into the sign of corresponding different content) of confidentiality information, and this importance rate directly can be defined as assignment (can abbreviate the confidentiality influence as) at the confidentiality factor value of assets importance aspect.
The involved related content of the confidentiality factor value of assets importance aspect is as shown in table 10:
| Assignment | Sign | Definition |
| 5 | High (veryhigh) | Leakage comprises and organizes most important secret, concern the future destiny of future development, decisive influence is arranged, if can cause catastrophic infringement to organizing fundamental interests |
| 4 | High (high) | The important secret that comprises tissue, its leakage can make the safety of tissue and interests suffer grievous injury |
| 3 | Medium (middle) | Comprise the general secret of tissue, its leakage can make the safety of tissue and interests suffer damage |
| 2 | Low (low) | Only comprise and might the interests of tissue be caused damage to outdiffusion at organization internal or in the information of organizing a certain department internal use |
| 1 | Can ignore (none) | Comprising can be to the disclosed information of society, public messaging device and system resource etc. |
Table 10
Step 121: obtain integrity information, with this definite integrality factor value at assets damaged condition, assets importance and subsidiary damage sequence three aspects.
Particularly, can the application scanning device and equipment such as statistic device to attempt the feedback informations such as alterability that modes such as modification are obtained assets to be assessed in the network, with the information that obtained integrity information as assets damaged condition aspect, and represent that according to being used to of setting in advance the rules such as threshold value of integrality degree determine the integrity levels (different integrity levels can be divided into the sign of corresponding different content) of confidentiality information, and the pairing assignment scope of this integrity levels is defined as the integrality factor value (can abbreviate the integrality degree as) of assets damaged condition aspect.
The involved related content of the integrality factor value of assets damaged condition aspect is as shown in table 11:
| Assignment | Sign | Definition |
| 0.0~a | Do not have (none) | Do not influence integrality |
| a~b | Partly (part) | Integrality is suffered partial destruction, promptly can revise some system file or information, but can not determine and can revise which kind of information, perhaps coverage is limited |
| b~1.000 | All (all) | System completely loses protection, causes jeopardizing the safety of whole system, any file of The attacker is able to modify any files on the targetsystem. assailant on can the modifying target system |
Table 11
In addition, can also the application scanning device and equipment such as statistic device when obtaining degree that assets should reach or disappearance integrality on integrality to the information contents such as influence of tissue, with the content that obtained integrity information as assets importance aspect, and represent that according to being used to of setting in advance the rules such as threshold value of integrity information significance level determine the importance rate (different importance rates can be divided into the sign of corresponding different content) of integrity information, and this importance rate directly can be defined as integrality factor value (can abbreviate the integrality influence as) at assets importance aspect.
The involved related content of the integrality factor value of assets importance aspect is as shown in table 12:
| Assignment | Sign | Definition |
| 5 | High (veryhigh) | Integrality is worth very crucial, and unwarranted modification or destruction can be caused great or unacceptable influence to tissue, and is great to the business impact, and may cause serious service disconnection, is difficult to remedy |
| 4 | High (high) | Integrality is worth higher, and the unwarranted modification or the meeting of destruction are to organizing |
| Cause significant impact, business is impacted serious, difficult to remedy | ||
| 3 | Medium (middle) | Integrality is worth medium, and unwarranted modification or destruction can impact tissue, business is impacted obviously, but can remedy |
| 2 | Low (low) | Integrality is worth lower, and unwarranted modification or destruction can be caused minimal effect to tissue, can stand, and business is impacted slightly, remedies easily |
| 1 | Can ignore (none) | Integrality is worth very low, and unwarranted modification or destruction can be ignored the influence that tissue causes, and business is impacted and can be ignored |
Table 12
Step 122: obtain availability information, with this definite availability factor value at assets damaged condition, assets importance and subsidiary damage sequence three aspects.
Particularly, can the application scanning device and equipment such as statistic device assets to be assessed in the network are related to the operation of performance test and resource management, to can show performance by what this operation obtained, resource influenced information as the availability information of assets damaged condition aspect, and represent that according to being used to of setting in advance the rules such as threshold value of level of availability determine the level of availability (different level of availability can be divided into the sign of corresponding different content) of availability information, and the pairing assignment scope of this level of availability is defined as the availability factor value (can abbreviate level of availability as) of assets damaged condition aspect.
The involved related content of the availability factor value of assets damaged condition aspect is as shown in table 13:
| Assignment | Sign | Definition |
| 0.0~a | Do not have (none) | Do not influence availability |
| a~b | Partly (part) | Cause the interruption of performance reduction or resource provisioning |
| b~1.000 | All (all) | Cause the paralysis fully of influenced resource |
Table 13
In addition, can also the application scanning device and equipment such as statistic device when obtaining degree that assets should reach or disappearance availability on availability to the information contents such as influence of tissue, with the content that obtained availability information as assets importance aspect, and represent that according to being used to of setting in advance the rules such as threshold value of availability information significance level determine the importance rate (different importance rates can be divided into the sign of corresponding different content) of availability information, and this importance rate directly can be defined as availability factor value (can abbreviate availability impact as) at assets importance aspect.
The involved related content of the availability factor value of assets importance aspect is as shown in table 14:
| Assignment | Sign | Definition |
| 5 | High (veryhigh) | Availability is worth very high, and legal user reaches year more than 99.9% to the availability of information and information system |
| 4 | High (high) | Availability is worth higher, and legal user reaches every day more than 90% to the availability of information and information system |
| 3 | Medium (middle) | Availability is worth medium, and legal user reaches more than 70% in normal working hours the availability of information and information system |
| 2 | Low (low) | Availability is worth lower, and legal user reaches more than 25% in normal working hours the availability of information and information system |
| 1 | Can ignore (none) | Availability is worth and can ignores, and legal user is lower than 25% to the availability of information and information system in normal working hours |
Table 14
Step 123: obtain confirmability information, with this definite confirmability factor value at assets damaged condition, assets importance and subsidiary damage sequence three aspects.
Particularly, can the application scanning device and equipment such as statistic device assets to be assessed in the network are related to the operations relevant such as authority acquiring with authentication, will be by the information that can show the degree that to authenticate that this operation obtained confirmability information as assets damaged condition aspect, and represent that according to being used to of setting in advance the rules such as threshold value of confirmability degree determine the confirmability grade (can be the sign of corresponding different content with different confirmability grade classification) of confirmability information, and the pairing assignment scope of this confirmability grade is defined as the confirmability factor value (can abbreviate the confirmability degree as) of assets damaged condition aspect.
The involved related content of the confirmability factor value of assets damaged condition aspect is as shown in Table 15:
| Assignment | Sign | Definition |
| 0.0~a | Do not have (none) | Do not influence confirmability |
| a~b | Partly (part) | The part that can disguise oneself as entity, acquisition unit is divided authority |
| ?b~1.000 | All (all) | Can disguise oneself as any entity, can obtain any authority |
Table 15
In addition, can also the application scanning device and equipment such as statistic device when obtaining degree that assets should reach or disappearance confirmability on confirmability to the information contents such as influence of tissue, with the content that obtained confirmability information as assets importance aspect, and represent that according to being used to of setting in advance the rules such as threshold value of confirmability information significance level determine the importance rate (different importance rates can be divided into the sign of corresponding different content) of confirmability information, and this importance rate directly can be defined as confirmability factor value (can abbreviate the confirmability influence as) at assets importance aspect.
The involved related content of the confirmability factor value of assets importance aspect is shown in table 16:
| Assignment | Sign | Definition |
| 5 | High (veryhigh) | It is very high that confirmability is worth, and can reach authentication degree more than 99.9% to entity or authority |
| 4 | High (high) | It is higher that confirmability is worth, and can reach authentication degree more than 90% to entity or authority |
| 3 | Medium (middle) | It is medium that confirmability is worth, and can reach authentication degree more than 75% to entity or authority |
| 2 | Low (low) | It is lower that confirmability is worth, and can reach authentication degree more than 25% to entity or authority |
| 1 | Can ignore (none) | Confirmability is worth and can ignores, and can be authentication degree more than 25% to entity or authority |
Table 16
Step 124: obtain charging property information, with this definite chargeed sexual factor value at assets damaged condition, assets importance and subsidiary damage sequence three aspects.
Particularly, can the application scanning device and equipment such as statistic device assets to be assessed in the network are related to the operation of chargeing and detecting, to can show the information that to escape charging charging property information by this operation obtained as assets damaged condition aspect, and represent that according to being used to of setting in advance the rules such as threshold value of charging property degree determine the charging property grade (can be the sign of corresponding different content with different charging property grade classification) of charging property information, and the pairing assignment scope of this charging property grade is defined as the chargeed sexual factor value (can abbreviate charging property degree as) of assets damaged condition aspect.
It is shown in table 17 that the chargeed sexual factor of assets damaged condition aspect is worth involved related content:
| Assignment | Sign | Definition |
| 0.0~a | Do not have (none) | Do not influence charging property |
| a~b | Partly (part) | Can escape part charges |
| b~1.000 | All (all) | Can escape charging fully |
Table 17
In addition, can also the application scanning device and equipment such as statistic device when obtaining degree that assets should reach or disappearance charging property on charging property to the information contents such as influence of tissue, with the content that obtained charging property information as assets importance aspect, and represent that according to being used to of setting in advance the rules such as threshold value of charging property information significance level determine the importance rate (different importance rates can be divided into the sign of corresponding different content) of charging property information, and this importance rate directly can be defined as chargeed sexual factor value (can abbreviate the influence of charging property as) at assets importance aspect.
It is shown in table 18 that the chargeed sexual factor of assets importance aspect is worth involved related content:
| Assignment | Sign | Definition |
| 5 | High (veryhigh) | The sexual valence value of can chargeing is very high.The charging of the service that can use the user reaches the correctness more than 99.9% |
| 4 | High (high) | The sexual valence value of can chargeing is higher, and the charging of the service that can use the user reaches the correctness more than 90% |
| 3 | Medium (middle) | The sexual valence value of can chargeing is medium, and the charging of the service that can use the user reaches the correctness more than 70% |
| 2 | Low (low) | The sexual valence value of can chargeing is lower, and the charging of the service that can use the user reaches the correctness more than 25% |
| 1 | Can ignore (none) | The sexual valence value of can chargeing can be ignored, and the charging of the service that can use the user is lower than 25% |
Table 18
Step 125: obtain the property monitored material cost information, with this definite sexual factor monitored value at assets damaged condition, assets importance and subsidiary damage sequence three aspects.
Particularly, can the application scanning device and equipment such as statistic device assets to be assessed in the network are related to monitoring property challenge operations such as unauthorized traffic operation, to can show the monitoring property information of the information of monitoring property by this operation obtained as assets damaged condition aspect, and represent that according to being used to of setting in advance the rules such as threshold value of the property monitored degree determine the property the monitored grade (can be the sign of corresponding different content with the different property monitored grade classification) of the property monitored information, and the pairing assignment scope of this property monitored grade is defined as the sexual factor the monitored value (can abbreviate the property monitored degree as) of assets damaged condition aspect.
It is shown in table 19 that the sexual factor monitored of assets damaged condition aspect is worth involved related content:
| Assignment | Sign | Definition |
| 0.0~a | Do not have (none) | Do not influence the property monitored |
| a~b | Partly (part) | System can not control, shield unauthorized communication or reaction information fully |
| b~1.000 | All (all) | System can not control, shield unauthorized communication or reaction information fully |
Table 19
In addition, can also the application scanning device and equipment such as statistic device when obtaining degree that assets should reach or the disappearance property monitored on the property monitored to the information contents such as influence of tissue, with the content that obtained the property monitored information as assets importance aspect, and represent that according to being used to of setting in advance the rules such as threshold value of the property monitored information significance level determine the importance rate (different importance rates can be divided into the sign of corresponding different content) of the property monitored information, and this importance rate directly can be defined as the sexual factor monitored value (can abbreviate the property monitored influence as) at assets importance aspect.
It is shown in table 20 that the sexual factor monitored of assets importance aspect is worth involved related content:
| Assignment | Sign | Definition |
| 5 | High (veryhigh) | It is very high to monitor the sexual valence value, can control or shield communication without permission or reaction speech more than 99.9% |
| 4 | High (high) | It is higher to monitor the sexual valence value, can control or shield communication without permission or reaction speech more than 90% |
| 3 | Medium (middle) | It is medium to monitor the sexual valence value, can control or shield communication without permission or reaction speech more than 70% |
| 2 | Low (low) | It is lower to monitor the sexual valence value, can control or shield communication without permission or reaction speech more than 25% |
| 1 | Can ignore (none) | Can monitor the sexual valence value can ignore, and can control or shield communication without permission or reaction speech and be lower than 25% |
Table 20
Need to prove: above value at a, b in the fragility consequence factor assignment is relevant with the index accuracy rating, wherein a represents the corresponding index performance of assets the highest impregnable scoring under fire, and this score value is set too low meeting can't distinguish the affected scope of assets; On behalf of the corresponding index performance of assets under fire, b be subjected to the minimum scoring that has a strong impact on most, and the too high meeting of this score value setting can't be distinguished the impregnable scope of assets.In actual use, can take following empirical value to assess: a=0.275, b=0.660.In addition, each above-mentioned factor refers to also can not be used in when assessing each time all redefine, but is limited to substantially in the specific codomain scope at the sign with different brackets.
In addition, the relevant operation of determining subsidiary damage sequence aspect has similar principles with the above-mentioned operation that relates to assets damaged condition, assets importance, specifically can be with reference to following consideration:
Remove outside the destruction that corresponding assets are caused, subsidiary damage sequence comprises: the loss that successfully utilizes fragility that other physical assets of system, system productivity or systematic function etc. are caused.Can be divided into following five different grades to different subsidiary damage sequences, and can corresponding factor value be set at different brackets:
Do not have (none): other physical assets of system, system productivity or systematic function are not caused damage;
Low (low): successful fragility utilization may cause the damage of lightweight to other physical assets of system, system productivity or systematic function;
In low (mid-low): successful fragility utilization may cause to a certain degree damage to other physical assets of system, system productivity or systematic function;
Middle high (mid-high): successful fragility utilization may cause more serious damage to other physical assets of system, system productivity or systematic function;
High (high): successful fragility utilization may cause catastrophic damage to other physical assets of system, system productivity or systematic function.
Have, when carrying out the network vulnerability assessment at some network, the operation of subsidiary damage sequence aspect can not done again.In addition, also can be after fragility is utilized actual when the fragility consequence takes place, obtain the relevant information that relates to the fragility consequence, with the pairing fragility consequence of the fragility consequence information factor of determining to obtain; Under some situation in actual applications, this processing mode can be brought compare better accuracy and assessment effect.
Step 126: use the product method all consequence factor values are calculated, obtain fragility consequence assessed value.
Particularly, above-mentioned at each step aspect the fragility consequence in resulting different consequence factor values represent the weight of corresponding consequence factor in network vulnerability respectively, therefore concrete product method can be expressed as:
Fragility consequence assessed value R=assets importance * assets damaged condition+subsidiary damage sequence=(the confidentiality influence * confidentiality degree+integrality influence * integrality degree+availability impact * level of availability+confirmability influence * confirmability degree+charging property influence * charging property degree+property the monitored influence * property monitored degree)+subsidiary damage sequence.
Step 130: determine network vulnerability according to fragility assessment of cost value and fragility consequence assessed value.
Particularly, can use fragility consequence assessed value divided by fragility assessment of cost value, will remove the result as network vulnerability; Can also use complex calculation such as fragility consequence assessed value, fragility assessment of cost value are removed, evolution, with operation result as network vulnerability; Even can be directly with fragility assessment of cost value and fragility consequence assessed value in conjunction with as network vulnerability.
After having determined network vulnerability, just can carry out according to the fragility of certain factor wherein corresponding perfect, to improve internet security.
Need to prove that step 110 to step 116 is the operating procedures at the fragility cost factor, step 120 to step 126 is the operating procedures at fragility consequence factor.In actual applications, at the operating procedure of fragility cost factor and at the inevitable sequencing on not free between the operating procedure of fragility consequence factor, as long as can obtain the vulnerability assessment value respectively at the operating procedure of fragility cost factor and at the operating procedure of fragility consequence factor, and this value can enter step 130 and gets final product to carry out corresponding operating.
Below lift a simplified example, concisely describe the process of network vulnerability assessment:
At fragility cost factor aspect, every the theing contents are as follows in the determined fragility cost factor:
Material cost=0.15;
Information costs=0.30;
Time cost=0.1;
Asset access degree=0.5;
Weakness openly spends=and 0.6;
Vulnerability fixes degree=0.8.
It is as follows that application AHP algorithm computation draws the pairing separately weight matrix of above-mentioned 6 factors:
By calculating the maximum characteristic vector (0.2070,0.1333,0.1169,0.1879,0.2003,0.1546) can obtain this matrix, can be with the content in should the maximum characteristic vector respectively as the pairing separately weight of above-mentioned 6 factors.So, fragility assessment of cost value C=material cost * material cost weight+information costs * information costs weight+time cost * time cost weight+asset access degree * asset access degree weight+weakness openly spend * weakness openly spends weight+vulnerability fixes degree * vulnerability fixes degree weight=0.15 * 0.2070+0.30 * 0.1333+0.1 * 0.1169+0.5 * 0.1879+0.6 * 0.2003+0.8 * 0.1546=0.03105+0.04+0.01169+0.09395+0.12018+0.12368=0.42 054.This shows that it is the part of relative most critical in the fragility cost factor that weakness is openly spent with the vulnerability fixes degree, time cost is then relatively least important.
At fragility consequence factor aspect, every the theing contents are as follows in the determined fragility consequence factor:
Confidentiality influence=0.15; Confidentiality degree=4;
Integrality influence=0.10; Integrality degree=3;
Availability impact=0.12; Level of availability=2
Confirmability influence=0.55; Confirmability degree=5;
Charging property influence=0.30; Charging property degree=1;
The property monitored influence=0.40; The property monitored degree=2.
So, do not having to consider under the situation of subsidiary damage sequence the fragility consequence assessed value R=assets importance * assets damaged condition=confidentiality influence * confidentiality degree+integrality influence * integrality degree+availability impact * level of availability+confirmability influence * confirmability degree+charging property influence * charging property degree+property the monitored influence * property monitored degree=0.15 * 4+0.10 * 3+0.12 * 2+0.55 * 5+0.30 * 1+0.40 * 2=0.60+0.30+0.24+2.75+0.30+0.80=4.99 according to actual needs.This shows that confirmability is the part of relative most critical in the fragility consequence factor, the influence that it caused is 4.99, is [0,30] between the zone of influence.
After having obtained fragility assessment of cost value and fragility consequence assessed value, can also carry out the described computing of step 130 among Fig. 1 in view of the above, do not repeat them here.
By above description at Fig. 1 as can be seen, general thought of the present invention as shown in Figure 2.Referring to Fig. 2, Fig. 2 is a network vulnerability estimation flow sketch of the present invention, and this flow process may further comprise the steps:
Step 210: determine the fragility cost factor according to the fragility cost information, obtain fragility assessment of cost result according to the fragility cost factor.
Step 220: determine fragility consequence factor according to fragility consequence information, obtain fragility consequence assessment result according to fragility consequence factor.
Step 230: determine network vulnerability according to fragility assessment of cost result and fragility consequence assessment result.
In sum, the present invention considers at the factor aspect the fragility cost and the combined factors of fragility consequence aspect during network vulnerability in assessment, enrich and the foundation of perfect network vulnerability assessment, so the accuracy of network vulnerability assessment can be improved significantly pointedly; And, the network vulnerability assessment accuracy that is improved can provide important reference frame for network security management, guarantee to implement directively and purposefully in view of the above corresponding safety measure, avoid network vulnerability to be utilized the serious consequence of being brought.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a network vulnerability appraisal procedure is characterized in that, this method comprises:
Determine the fragility cost factor according to the fragility cost information, obtain fragility assessment of cost result according to the fragility cost factor; Determine fragility consequence factor according to fragility consequence information, obtain fragility consequence assessment result according to fragility consequence factor; Determine network vulnerability according to fragility assessment of cost result and fragility consequence assessment result.
2. method according to claim 1 is characterized in that, determines that the method for described fragility cost factor is:
Obtain the fragility cost information relevant, determine the pairing grade of this fragility cost information, and the pairing assignment scope of this grade is defined as the fragility cost factor according to the judgment rule that sets in advance with network vulnerability.
3. method according to claim 1 is characterized in that, the method that obtains described fragility assessment of cost result is:
Described fragility cost factor is weighted calculating, with weighted calculation gained result as fragility assessment of cost result.
4. method according to claim 3 is characterized in that, the preparation method that carries out the weight of described weighted calculation is: the application level analytic approach calculates.
5. method according to claim 1 is characterized in that, determines that the method for described fragility consequence factor is:
Obtain the fragility object information relevant, determine the pairing grade of this fragility object information, and the pairing assignment scope of this grade is defined as fragility factor as a result according to the judgment rule that sets in advance with network vulnerability.
6. method according to claim 1 is characterized in that, the method that obtains described fragility consequence assessment result is:
Use the product method described fragility consequence factor is calculated, will calculate the gained result as fragility consequence assessment result.
7. according to claim 5 or 6 described methods, it is characterized in that, when execution obtains the operation of described fragility consequence assessment result, further introduce subsidiary damage sequence and calculate.
8. according to each described method of claim 1 to 6, it is characterized in that described fragility cost factor comprises following one or more:
The material cost factor;
The information costs factor;
The time cost factor;
Asset access degree factor;
Vulnerability fixes degree factor;
Weakness is openly spent factor.
9. according to each described method of claim 1 to 6, it is characterized in that,
Described fragility consequence factor comprises following one or more:
The confidentiality factor;
The integrality factor;
The availability factor;
The confirmability factor;
Sexual factor can charge;
Can monitor sexual factor;
And each fragility consequence factor comprises following two aspects:
The assets damaged condition;
Assets importance.
10. method according to claim 1 is characterized in that this method is applied in the IP Multimedia System network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101032054A CN101964730B (en) | 2010-01-28 | 2010-01-28 | Network vulnerability evaluation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101032054A CN101964730B (en) | 2010-01-28 | 2010-01-28 | Network vulnerability evaluation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101964730A true CN101964730A (en) | 2011-02-02 |
| CN101964730B CN101964730B (en) | 2012-09-26 |
Family
ID=43517474
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101032054A Expired - Fee Related CN101964730B (en) | 2010-01-28 | 2010-01-28 | Network vulnerability evaluation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101964730B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104660588A (en) * | 2015-01-16 | 2015-05-27 | 北京科技大学 | Interactive vulnerability assessment method, device and system |
| CN105590245A (en) * | 2014-12-31 | 2016-05-18 | 中国银联股份有限公司 | Computer implementation method and data processing method for locating fault cause of electronic transaction |
| CN106797322A (en) * | 2015-07-30 | 2017-05-31 | 华为技术有限公司 | A kind of device and method for counting availability |
| CN106789190A (en) * | 2016-12-05 | 2017-05-31 | 国网河南省电力公司信息通信公司 | A kind of power telecom network vulnerability assessment and routing optimization method |
| CN108287709A (en) * | 2018-01-05 | 2018-07-17 | 浙江大学 | A kind of the diagram data personal secrets detecting system and detection method in integrated attack algorithm library |
| CN108734416A (en) * | 2018-06-12 | 2018-11-02 | 中国人民解放军海军航空大学 | Large Complex Equipment health state evaluation method based on environmental information |
| CN108881283A (en) * | 2018-07-13 | 2018-11-23 | 杭州安恒信息技术股份有限公司 | Assess model training method, device and the storage medium of network attack |
| CN109063045A (en) * | 2018-07-18 | 2018-12-21 | 程欣悦 | A kind of financial service method and financial service terminal |
| CN109840688A (en) * | 2018-12-28 | 2019-06-04 | 全球能源互联网研究院有限公司 | A kind of electric power mobile terminal security appraisal procedure and device |
| CN109922075A (en) * | 2019-03-22 | 2019-06-21 | 中国南方电网有限责任公司 | Network security knowledge map construction method and apparatus, computer equipment |
| CN110460481A (en) * | 2019-09-12 | 2019-11-15 | 南京经纬信安科技有限公司 | A kind of recognition methods of network key assets |
| CN112087408A (en) * | 2019-06-12 | 2020-12-15 | 普天信息技术有限公司 | Method and device for evaluating network assets |
| CN113139191A (en) * | 2021-03-25 | 2021-07-20 | 国网浙江省电力有限公司衢州供电公司 | Statistical method for bug disposal repair priority |
-
2010
- 2010-01-28 CN CN2010101032054A patent/CN101964730B/en not_active Expired - Fee Related
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105590245A (en) * | 2014-12-31 | 2016-05-18 | 中国银联股份有限公司 | Computer implementation method and data processing method for locating fault cause of electronic transaction |
| CN104660588A (en) * | 2015-01-16 | 2015-05-27 | 北京科技大学 | Interactive vulnerability assessment method, device and system |
| US10547529B2 (en) | 2015-07-30 | 2020-01-28 | Huawei Technologies Co., Ltd. | Availability counting apparatus and method |
| CN106797322A (en) * | 2015-07-30 | 2017-05-31 | 华为技术有限公司 | A kind of device and method for counting availability |
| CN106789190A (en) * | 2016-12-05 | 2017-05-31 | 国网河南省电力公司信息通信公司 | A kind of power telecom network vulnerability assessment and routing optimization method |
| CN106789190B (en) * | 2016-12-05 | 2020-03-06 | 国网河南省电力公司信息通信公司 | Vulnerability assessment and route optimization method for power communication network |
| CN108287709A (en) * | 2018-01-05 | 2018-07-17 | 浙江大学 | A kind of the diagram data personal secrets detecting system and detection method in integrated attack algorithm library |
| CN108287709B (en) * | 2018-01-05 | 2020-06-19 | 浙江大学 | Graph data privacy security detection system and detection method of integrated attack algorithm library |
| CN108734416A (en) * | 2018-06-12 | 2018-11-02 | 中国人民解放军海军航空大学 | Large Complex Equipment health state evaluation method based on environmental information |
| CN108881283A (en) * | 2018-07-13 | 2018-11-23 | 杭州安恒信息技术股份有限公司 | Assess model training method, device and the storage medium of network attack |
| CN109063045A (en) * | 2018-07-18 | 2018-12-21 | 程欣悦 | A kind of financial service method and financial service terminal |
| CN109840688A (en) * | 2018-12-28 | 2019-06-04 | 全球能源互联网研究院有限公司 | A kind of electric power mobile terminal security appraisal procedure and device |
| CN109922075A (en) * | 2019-03-22 | 2019-06-21 | 中国南方电网有限责任公司 | Network security knowledge map construction method and apparatus, computer equipment |
| CN112087408A (en) * | 2019-06-12 | 2020-12-15 | 普天信息技术有限公司 | Method and device for evaluating network assets |
| CN110460481A (en) * | 2019-09-12 | 2019-11-15 | 南京经纬信安科技有限公司 | A kind of recognition methods of network key assets |
| CN110460481B (en) * | 2019-09-12 | 2022-02-25 | 南京经纬信安科技有限公司 | Identification method of network key assets |
| CN113139191A (en) * | 2021-03-25 | 2021-07-20 | 国网浙江省电力有限公司衢州供电公司 | Statistical method for bug disposal repair priority |
| CN113139191B (en) * | 2021-03-25 | 2022-07-26 | 国网浙江省电力有限公司衢州供电公司 | Statistical method for bug disposal repair priority |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101964730B (en) | 2012-09-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101964730B (en) | Network vulnerability evaluation method | |
| US9930061B2 (en) | System and method for cyber attacks analysis and decision support | |
| Turk et al. | A systemic framework for addressing cybersecurity in construction | |
| Wagner et al. | Privacy risk assessment: from art to science, by metrics | |
| Edelson et al. | A security analysis of the facebook ad library | |
| Kalhoro et al. | Extracting key factors of cyber hygiene behaviour among software engineers: A systematic literature review | |
| Tsakalidis et al. | A cybercrime incident architecture with adaptive response policy | |
| Mantha et al. | Assessment of the cybersecurity vulnerability of construction networks | |
| Rosado et al. | Managing cybersecurity risks of cyber-physical systems: The MARISMA-CPS pattern | |
| Albakri et al. | Risks of sharing cyber incident information | |
| Ahmed et al. | Aggregation of security metrics for decision making: a reference architecture | |
| Mouratidis et al. | Modelling language for cyber security incident handling for critical infrastructures | |
| Cervantes et al. | Architectural approaches to security: Four case studies | |
| He et al. | Healthcare security incident response strategy-a proactive incident response (ir) procedure | |
| Alqudhaibi et al. | Cybersecurity 4.0: safeguarding trust and production in the digital food industry era | |
| CN115640581A (en) | Data security risk assessment method, device, medium and electronic equipment | |
| Kessler | Effectiveness of the protection motivation theory on small business employee security risk behavior | |
| Möller | Cyberattacker Profiles, Cyberattack Models and Scenarios, and Cybersecurity Ontology | |
| Albanese et al. | Formation of awareness | |
| Repp | Diagnostics and assessment of the industrial network security expert system | |
| Toapanta et al. | Analysis of cybersecurity models suitable to apply in an electoral process in ecuador | |
| Abidin et al. | Conceptual Model of Risk Assessment for Insider Threats Detection | |
| Cârstea | Methods of Identifying Vulnerabilities in the Information Security Incident Management Process | |
| Nazarov | Logical-and-probabilistic models for estimating the level of information security of modern information and communication networks | |
| Ghauri | Digital Security Versus Private Information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120926 Termination date: 20160128 |
|
| EXPY | Termination of patent right or utility model |