CN104052635A - Risk situation prediction method and system based on safety pre-warning - Google Patents
Risk situation prediction method and system based on safety pre-warning Download PDFInfo
- Publication number
- CN104052635A CN104052635A CN201410246856.7A CN201410246856A CN104052635A CN 104052635 A CN104052635 A CN 104052635A CN 201410246856 A CN201410246856 A CN 201410246856A CN 104052635 A CN104052635 A CN 104052635A
- Authority
- CN
- China
- Prior art keywords
- network
- early warning
- information
- assets
- safe early
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a risk situation prediction method and system based on safety pre-warning. The method comprises the steps of collecting safety information; establishing a network topology model on the basis of the collected safety information, and establishing tuples of the network topology model; traversing all layers of networks layer by layer from a top layer network; screening out information assets influenced by the safety pre-warning from the network which is traversed currently, and analyzing whether the safety pre-warning can be accepted by a borderline firewall strategy; calculating a safety situation predicted value of the information assets, influenced by the safety pre-warning, of the network which is traversed currently, and using the safety situation predicted value as the risk situation predicted value of the current network; traversing an adjacent network or a subordinate network of the current network to obtain the risk situation predicted values of all the networks, and calculating the overall risk situation predicted value according to the risk situation predicted values of all the networks. The risk situation prediction method and system based on the safety pre-warning lower the false alarm rate of the risk situation prediction, and can effectively solve the problem that the risk situation predicted value is too low due to the fact that the pre-warning only relates to a small quantity of assets in the networks.
Description
Technical field
The present invention relates to information security field, particularly relate to a kind of risk Tendency Prediction method and system based on safe early warning.
Background technology
The analysis of security risk Tendency Prediction is the important content in field of information security technology, traditional method generally can by following several aspects independently or mix analyze:
1, obtain security attack relevant information in history, utilize probabilistic model to predict;
2, analyze according to the Security Vulnerability of various information assets;
3,, according to the security attribute of various information assets, comprise confidentiality, integrality, availability etc.;
4, analyze according to network topology model, its means are mainly the incidence relations of analyzing between diverse network, are mainly connectivity.
But above-mentioned analytical method obviously exists some problems, this is mainly manifested in following two aspects:
1, only carrying out the supposition of probabilistic model according to historical data, is to mate the security incident that will occur truly, and empirical data in fact may not be credible;
2, do not analyze according to the associated safety attribute of network, particularly do not analyze for the strategy of fire compartment wall, cause the unreliable of Tendency Prediction or wrong report.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of risk Tendency Prediction method and system based on safe early warning, the problem of analyzing for solving security risk Tendency Prediction.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of risk Tendency Prediction method based on safe early warning, comprising:
Step 1, gathers security information, and described security information comprises safe early warning, information assets, firewall policy information and network topological information;
Step 2, based on the security information gathering, sets up network topology model, and builds the tuple of network topology model, and this tuple comprises information assets, perimeter firewall strategy, network protection grade, adjacent networks and undernet;
Step 3, from the overlay network of network topology model, successively travels through each layer network;
Whether step 4, filter out the information assets that is subject to safe early warning impact, and analyze safe early warning and can be accepted by perimeter firewall strategy from the network of current traversal, if can perform step 5, otherwise execution step 6;
Step 5, the network that calculates current traversal is subject to the security postures predicted value of the information assets of safe early warning impact, and sets it as the risk Tendency Prediction value of this layer network;
Step 6, travel through adjacent networks or the undernet of current traverses network, and repeated execution of steps 4, until obtain the risk Tendency Prediction value of all-network in network topology model, and calculate overall risk Tendency Prediction value according to the risk Tendency Prediction value of each layer network.
Accordingly, technical scheme of the present invention also comprises a kind of risk Tendency Prediction system based on safe early warning, comprises information acquisition module, model construction module, spider module, early warning analysis module, the first computing module and the second computing module:
Information acquisition module, it is for gathering security information, and described security information comprises safe early warning, information assets, firewall policy information and network topological information;
Model construction module, it,, for the security information based on gathering, is set up network topology model, and builds the tuple of network topology model, and this tuple comprises information assets, perimeter firewall strategy, network protection grade, adjacent networks and undernet;
Spider module, for from the overlay network of network topology model, successively travels through each layer network;
Whether early warning analysis module, for filter out the information assets that is subject to safe early warning impact from the network of current traversal, and analyze safe early warning and can be accepted by perimeter firewall strategy, if can call the first computing module, otherwise calls the second computing module;
The first computing module, is subject to the security postures predicted value of the information assets of safe early warning impact for calculating the network of current traversal, and sets it as the risk Tendency Prediction value of this layer network;
The second computing module, for traveling through adjacent networks or the undernet of current traverses network, call again the first computing module, until obtain the risk Tendency Prediction value of all-network in network topology model, and calculate overall risk Tendency Prediction value according to the risk Tendency Prediction value of each layer network.
The invention has the beneficial effects as follows: the present invention can assess contingent security threat and risk according to associated safety early warning information, the risk that can may relate to safe early warning in conjunction with topology and perimeter firewall corresponding strategies is screened, and has reduced rate of false alarm.Meanwhile, when to network and the analysis of overall risk Tendency Prediction, only pay close attention to affected information assets, can effectively reduce like this owing to may early warning only relating to the too low problem of risk profile value that in network, a small amount of assets are brought.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the risk Tendency Prediction method based on safe early warning of the present invention;
Fig. 2 is the structural representation of the risk Tendency Prediction method based on safe early warning of the present invention.
Embodiment
Below in conjunction with accompanying drawing, principle of the present invention and feature are described, example, only for explaining the present invention, is not intended to limit scope of the present invention.
As shown in Figure 1, the present embodiment has provided a kind of risk Tendency Prediction method based on safe early warning, comprising:
Step 1, gathers security information, and described security information comprises safe early warning, information assets, firewall policy information and network topological information;
Step 2, based on the security information gathering, sets up network topology model, and builds the tuple of network topology model, and this tuple comprises information assets, perimeter firewall strategy, network protection grade, adjacent networks and undernet;
Step 3, from the overlay network of network topology model, successively travels through each layer network;
Whether step 4, filter out the information assets that is subject to safe early warning impact, and analyze safe early warning and can be accepted by perimeter firewall strategy from the network of current traversal, if can perform step 5, otherwise execution step 6;
Step 5, the network that calculates current traversal is subject to the security postures predicted value of the information assets of safe early warning impact, and sets it as the risk Tendency Prediction value of this layer network;
Step 6, travel through adjacent networks or the undernet of current traverses network, and repeated execution of steps 4, until obtain the risk Tendency Prediction value of all-network in network topology model, and calculate overall risk Tendency Prediction value according to the risk Tendency Prediction value of each layer network.
Based on above-mentioned six steps, concrete implementation process is divided into following components.
One, security information collection
Mainly comprise the collection of safe early warning, information assets, firewall policy information and network topological information.
1, the collection of safe early warning information: automatically from synchronous safety early warning information such as national authority mechanism (as CNCERT) or well-known manufacturers, the present embodiment is mainly paid close attention to leak in safe early warning information, harmful code, security threat etc.After synchronous safety early warning information, disassembled into the system of impact (operating system), affected the information such as service or program, attacked port.In addition, support direct labor's typing associated safety early warning information, as: Microsoft's " IE accumulation security update ", notification number MS2013-21, affects system IE6-IE10, knowledge base KB2809289 (being patch number).
2, information assets collection: the content of collection comprises related system (containing version), leak, patch, the operation service in information assets and port etc. is externally provided, also comprises the safe value of each assets.In information assets gatherer process, can be regularly underlying assets information in network be carried out information scanning, logined to desired asset and obtain assets relevant information by Simple Network Management Protocol or by account password, if: Installed System Memory is in some assets that Windows7 system is installed: system version number is 6.1.7601, open the ports such as 135,139,445,3306, any patch has not almost been installed.
3, firewall policy information gathering: gather each network boundary firewall access control policy information, comprise the IP address of region, interface, permission, the information such as serve port, agreement of permission.In firewall policy information gathering process, regularly acquisition strategy information being normalized in system from perimeter firewall equipment, because the tactful form of expression difference of dissimilar fire compartment wall is (but for packet filtering strategy, its essence is substantially similar), therefore need unitize, as follows:
firewall?interzone?dmz?untrust
packet-filter3000inbound
…
acl3000
rule0permit?tcp?source?xxx.xxx.xxx.xxx/xx?source-port?eq?ftp-data?destination-port?eq30
rule5permit?icmp?source?xxx.xxx.xxx.xxx/xx?destination138.6.2.1620
…
System can further be carried out standardization above-mentioned firewall package filtering strategy, and form can be as follows:
< strategy unique identification, source region (or interface), object region (or interface), agreement (comprising tcp, udp and icmp), action, source address (containing mask), source port (containing mask), destination address, destination interface (or service), action (accepting or refusal) >
4, network topological information collection: gather each information assets place network topology join dependency information, and the protection class of each subnet etc.Can artificial constructed network topology, also can pass through automatic discovering tool, as Dude etc., but generally still need to adjust.In addition, in gatherer process, need the relation of each network to carry out complete definition, comprise relationship between superior and subordinate or the neighborhood of network.
Two, model construction
1, safe early warning module.
Based on the security information gathering, set up safe early warning model, and it is as follows to configure the tuple of safe early warning model:
Safe early warning=< early warning type, early warning title, advanced warning grade, { system of impact and version }, { software version of impact }, { affecting port } >
2, information assets model.
Based on the security information gathering, set up information assets model, information assets model is hexa-atomic group, as follows:
Information assets=< system and version information, { leak }, { patch }, { software of installation and version thereof }, { open service and port thereof }, is worth >
3, firewall policy model.
Based on the security information gathering, set up firewall policy model, and the tuple of configuring firewalls Policy model is as follows:
Firewall policy=< access side to, source IP address, object IP address, source port, destination interface, agreement, action message >
The action message here refers to refusal or accepts two kinds of actions.
4, network topology model.
Based on the security information gathering, set up network topology model, and build the tuple of network topology model
Network model: network is following tuple:
Network topology=<{ information assets }, { perimeter firewall strategy }, protection class, { adjacent networks }, { undernet } >
Three, security early-warning analysis
The character of different safe early warnings is not quite similar, but can be divided into substantially as Types Below:
1, relevant to a system or certain software version, and uncorrelated with access to netwoks or relation little (MS2013-021 of Microsoft bulletin As mentioned above).
2, there is no king-sized relation with system type or software version, but larger with the relation of access to netwoks behavior own, such as the distributed denial of service attack for some serve ports.
3, possess above-mentioned two kinds of features, such as the early warning of some worm diffusions simultaneously.
According to the type of different safe early warnings, carry out security postures analysis below.
First, from the overlay network of network topology model, (be generally the Internet boundaries or export abroad), utilize depth-first search mode successively to travel through each layer network.
Secondly, whether the relevant access of analyzing in safe early warning can be accepted by its perimeter firewall strategy (acceptance of being mentioned is exactly firewall policy access control policy " permission " or " refusal ", and Main Analysis is source address, port, the agreement of access inwardly) here.In the time analyzing undernet, " refusal " strategy of relevant fire compartment wall in its higher level's network also need be combined to screening as a part for its firewall policy, adjacent networks does not need.
Finally, if safe early warning is the first type, be safe early warning relevant to software and the version information thereof of system in information assets and version information and installation, but irrelevant or relation is very little with access to netwoks relation in information assets, generally without the analysis of carrying out safe early warning and whether being accepted by perimeter firewall strategy, because itself and firewall policy do not have king-sized relation (because the access relation of these affected systems and network is not very close), as long as analyze net in all assets whether exist with early warning in pointed system, the content that application matches, need to analyze in conjunction with firewall policy for the safe early warning of latter two type.It is for example current that to have early warning be the Denial of Service attack (port is 53) for DNS service, if all do not open on the perimeter firewall of certain network so in this port or net and provide DNS service without any a station server at all, without calculating, otherwise need to calculate.
Four, the calculating of security risk Tendency Prediction value
Based on first three part, the calculating of security risk Tendency Prediction value mainly comprises following three processes.
1, affect possibility parameter
Whether the factors such as system, leak, institute's mounting software or service, the open port of each information assets i in analysis network can be subject to the impact of safe early warning, thereby generate safe early warning matching vector V
i(V
iin element be 0 or 1, represent respectively do not mate or mate, if the open port of assets or service and safe early warning are to mating), as follows:
V
i=[V
1,V
2,…,V
n]
The total number of the information assets that wherein, n is this layer network.
According to the weight VW of each matching vector and each matching vector
icalculate and affect possibility parameter P
i:
Known, wherein whether be by relatively Part II information assets model with respective tuple in safe early warning model mate judge to information assets if whether being subject to the impact of safe early warning.
2, network risks Tendency Prediction value
That calculates according to previous step affects possibility parameter, and in this layer network of COMPREHENSIVE CALCULATING, the risk situation of influenced information assets is not as the risk Tendency Prediction value NR of place network (consider not affected by safe early warning information assets):
In formula, A
ifor the value of each information assets.
3, overall risk Tendency Prediction value
Use NR
jrepresent the security postures predicted value of the full detail assets that are subject to safe early warning impact of the j layer network that adopts above formula calculating, then adopt following formula to calculate the overall risk Tendency Prediction value R of all-network:
In formula, NA
jbe the protection class of j layer network, k is the network number of plies altogether.
The application of the above-mentioned risk Tendency Prediction method based on safe early warning is described with a concrete example below.If there are two adjacent subnet A and B in whole Intranet, in A, also have subordinate's subnet C, their protection class (protection class span is 1-5), is respectively 2,2 and 3; In network A, B, C, respectively have 100 assets, in A net, have 4 dns servers, be worth and be respectively 1,2,4,4), and assets value in B network is 2 (value interval is 1-5), the assets value in C is 4; Assets in network B are all Windows terminals, IE browser has all been installed, only have 20 to beat associated patch, and assets in network A and C are Unix system, 4 dns servers in A, are placed, they have installed dissimilar DNS service, its assets value is respectively 1,2,4,4, in network C, comprise database server and 2 dns servers (only using as Intranet domain name service) of 20 left and right, but between network A and C, only allow to access by port 22, other is all prohibited.
For the early warning of existing No. MS2013-021 bulletin, known according to description above, this safe early warning affects system IE6-IE10, be the scene for WindowsIE early warning, owing to there is no Windows server in A, C network, therefore cannot mate at all, and in B network, only have 20 to beat patch, and their value is identical, therefore the security risk situation value of the whole network is 80 (because network A and C all do not participate in calculating, having beaten patch and there are 20 in B network).
And for certain DNS Denial of Service attack, can not mate completely and (affect possibility parameter and be made as 70% owing to being wherein worth two higher DNS features, in early warning, do not point out DNS service software and the version of coupling, they have occupied more than 70% weight) be worth lower completely coupling, and (A net and C net only can pass through 22 port access should to ignore DNS in C network service, as A net occurs that similar attack can not be transmitted to C net), therefore for this type of early warning, general safety risk Tendency Prediction value is (0.7*4+0.7*4+1*1+1*2)/(1+2+4+4)=78%.
In conjunction with above-mentioned risk Tendency Prediction method and application examples based on safe early warning, as shown in Figure 2, the present embodiment gives a kind of risk Tendency Prediction system based on safe early warning, comprises information acquisition module, model construction module, spider module, early warning analysis module, the first computing module and the second computing module:
Information acquisition module, it is for gathering security information, and described security information comprises safe early warning, information assets, firewall policy information and network topological information;
Model construction module, it,, for the security information based on gathering, is set up network topology model, and builds the tuple of network topology model, and this tuple comprises information assets, perimeter firewall strategy, network protection grade, adjacent networks and undernet;
Spider module, for from the overlay network of network topology model, successively travels through each layer network;
Whether early warning analysis module, for filter out the information assets that is subject to safe early warning impact from the network of current traversal, and analyze safe early warning and can be accepted by perimeter firewall strategy, if can call the first computing module, otherwise calls the second computing module;
The first computing module, is subject to the security postures predicted value of the information assets of safe early warning impact for calculating the network of current traversal, and sets it as the risk Tendency Prediction value of this layer network;
The second computing module, for traveling through adjacent networks or the undernet of current traverses network, call again the first computing module, until obtain the risk Tendency Prediction value of all-network in network topology model, and calculate overall risk Tendency Prediction value according to the risk Tendency Prediction value of each layer network.
Corresponding above-mentioned risk Tendency Prediction method, described model construction module is also for setting up safe early warning model, information assets model and firewall policy model;
The tuple of described safe early warning model comprises the software version of the system of early warning type, early warning title, advanced warning grade, impact and version, impact and affects port;
The tuple of described information assets model comprises software and version, open service and port thereof and the assets value of system and version information, leak, patch, installation;
Described firewall policy model, and the tuple of configuring firewalls Policy model comprises that access side is to, source IP address, object IP address, source port, destination interface, agreement and action message.
In addition, in described early warning analysis module, if safe early warning is relevant to software and the version information thereof of system in information assets and version information and installation, but irrelevant with the access to netwoks relation in information assets, do not carry out the analysis whether safe early warning can be accepted by perimeter firewall strategy.
The specific implementation process of being somebody's turn to do the risk Tendency Prediction system based on safe early warning is consistent with the above-mentioned risk Tendency Prediction method based on safe early warning, and the above-mentioned example of enumerating is also applicable to this risk Tendency Prediction system based on safe early warning, therefore no longer its implementation process is introduced here.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. the risk Tendency Prediction method based on safe early warning, is characterized in that, comprising:
Step 1, gathers security information, and described security information comprises safe early warning, information assets, firewall policy information and network topological information;
Step 2, based on the security information gathering, sets up network topology model, and builds the tuple of network topology model, and this tuple comprises information assets, perimeter firewall strategy, network protection grade, adjacent networks and undernet;
Step 3, from the overlay network of network topology model, successively travels through each layer network;
Whether step 4, filter out the information assets that is subject to safe early warning impact, and analyze safe early warning and can be accepted by perimeter firewall strategy from the network of current traversal, if can perform step 5, otherwise execution step 6;
Step 5, the network that calculates current traversal is subject to the security postures predicted value of the information assets of safe early warning impact, and sets it as the risk Tendency Prediction value of this layer network;
Step 6, travel through adjacent networks or the undernet of current traverses network, and repeated execution of steps 4, until obtain the risk Tendency Prediction value of all-network in network topology model, and calculate overall risk Tendency Prediction value according to the risk Tendency Prediction value of each layer network.
2. risk Tendency Prediction method according to claim 1, it is characterized in that, described step 2 also comprises the security information based on gathering, set up safe early warning model, and the tuple that configures safe early warning model comprises the software version of the system of early warning type, early warning title, advanced warning grade, impact and version, impact and affects port.
3. risk Tendency Prediction method according to claim 1, it is characterized in that, described step 2 also comprises the security information based on gathering, set up information assets model, and the tuple of configuration information assets model comprises software and version, open service and port thereof and the assets value of system and version information, leak, patch, installation.
4. risk Tendency Prediction method according to claim 1, it is characterized in that, described step 2 also comprises the security information based on gathering, set up firewall policy model, and the tuple of configuring firewalls Policy model comprises that access side is to, source IP address, object IP address, source port, destination interface, agreement and action message.
5. risk Tendency Prediction method according to claim 1, it is characterized in that, in described step 4, if safe early warning is relevant to software and the version information thereof of system in information assets and version information and installation, but irrelevant with the access to netwoks relation in information assets, do not carry out the analysis whether safe early warning can be accepted by perimeter firewall strategy.
6. risk Tendency Prediction method according to claim 1, is characterized in that, in described step 5, the security postures predicted value that the network that calculates current traversal is subject to the information assets of safe early warning impact specifically comprises:
Step 51, the analysis result that whether can be subject to the impact of safe early warning according to each information assets i generates safe early warning matching vector V
i, and be each matching vector V
iconfigure weights VW
i, what adopt that following formula calculates that each information assets is subject to that safe early warning affects affects possibility parameter P
i,
In formula, the total number of the information assets that n is this layer network;
Step 52, adopts following formula to calculate the security postures predicted value NR that is subject to the full detail assets of safe early warning impact in this layer network:
In formula, A
ifor the value of each information assets.
7. risk Tendency Prediction method according to claim 6, is characterized in that, in described step 6, calculates overall risk Tendency Prediction value and specifically comprises: use NR according to the risk Tendency Prediction value of each layer network
jthe security postures predicted value of the full detail assets that are subject to safe early warning impact of the j layer network that expression employing step 52 is calculated, then adopt following formula to calculate the overall risk Tendency Prediction value R of all-network:
In formula, NA
jbe the protection class of j layer network, k is the network number of plies altogether.
8. the risk Tendency Prediction system based on safe early warning, is characterized in that, comprises information acquisition module, model construction module, spider module, early warning analysis module, the first computing module and the second computing module:
Information acquisition module, it is for gathering security information, and described security information comprises safe early warning, information assets, firewall policy information and network topological information;
Model construction module, it,, for the security information based on gathering, is set up network topology model, and builds the tuple of network topology model, and this tuple comprises information assets, perimeter firewall strategy, network protection grade, adjacent networks and undernet;
Spider module, for from the overlay network of network topology model, successively travels through each layer network;
Whether early warning analysis module, for filter out the information assets that is subject to safe early warning impact from the network of current traversal, and analyze safe early warning and can be accepted by perimeter firewall strategy, if can call the first computing module, otherwise calls the second computing module;
The first computing module, is subject to the security postures predicted value of the information assets of safe early warning impact for calculating the network of current traversal, and sets it as the risk Tendency Prediction value of this layer network;
The second computing module, for traveling through adjacent networks or the undernet of current traverses network, call again the first computing module, until obtain the risk Tendency Prediction value of all-network in network topology model, and calculate overall risk Tendency Prediction value according to the risk Tendency Prediction value of each layer network.
9. risk Tendency Prediction system according to claim 8, is characterized in that, described model construction module is also for setting up safe early warning model, information assets model and firewall policy model;
The tuple of described safe early warning model comprises the software version of the system of early warning type, early warning title, advanced warning grade, impact and version, impact and affects port;
The tuple of described information assets model comprises software and version, open service and port thereof and the assets value of system and version information, leak, patch, installation;
Described firewall policy model, and the tuple of configuring firewalls Policy model comprises that access side is to, source IP address, object IP address, source port, destination interface, agreement and action message.
10. risk Tendency Prediction system according to claim 8, it is characterized in that, in described early warning analysis module, if safe early warning is relevant to software and the version information thereof of system in information assets and version information and installation, but irrelevant with the access to netwoks relation in information assets, do not carry out the analysis whether safe early warning can be accepted by perimeter firewall strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410246856.7A CN104052635A (en) | 2014-06-05 | 2014-06-05 | Risk situation prediction method and system based on safety pre-warning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410246856.7A CN104052635A (en) | 2014-06-05 | 2014-06-05 | Risk situation prediction method and system based on safety pre-warning |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104052635A true CN104052635A (en) | 2014-09-17 |
Family
ID=51505019
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410246856.7A Pending CN104052635A (en) | 2014-06-05 | 2014-06-05 | Risk situation prediction method and system based on safety pre-warning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104052635A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844169A (en) * | 2015-01-15 | 2016-08-10 | 中国移动通信集团安徽有限公司 | Method and device for information safety metrics |
| CN107454089A (en) * | 2017-08-16 | 2017-12-08 | 北京科技大学 | A kind of network safety situation diagnostic method based on multinode relevance |
| CN107577947A (en) * | 2017-08-14 | 2018-01-12 | 携程旅游信息技术(上海)有限公司 | Leak detection method, system, storage medium and the electronic equipment of information system |
| CN107940888A (en) * | 2017-12-07 | 2018-04-20 | 何旭连 | A kind of intelligent refrigerator system based on cloud service |
| CN108092979A (en) * | 2017-12-20 | 2018-05-29 | 国家电网公司 | A kind of firewall policy processing method and processing device |
| CN109309678A (en) * | 2018-09-28 | 2019-02-05 | 深圳市极限网络科技有限公司 | Network risks method for early warning based on artificial intelligence |
| CN109690476A (en) * | 2016-09-20 | 2019-04-26 | Arm有限公司 | Processing is endangered for address between the element of vector instruction |
| CN109995736A (en) * | 2017-12-31 | 2019-07-09 | 中国移动通信集团四川有限公司 | Detection threatens method, apparatus, equipment and the storage medium of attack |
| CN110766329A (en) * | 2019-10-25 | 2020-02-07 | 华夏银行股份有限公司 | Risk analysis method, device, equipment and medium for information assets |
| CN112311858A (en) * | 2020-10-14 | 2021-02-02 | 中国航天系统工程有限公司 | Network state perception display system and method based on topology of Internet of things |
| CN113051573A (en) * | 2021-02-19 | 2021-06-29 | 广州银汉科技有限公司 | Host safety real-time monitoring alarm system based on big data |
| CN113765890A (en) * | 2021-08-10 | 2021-12-07 | 广州天懋信息系统股份有限公司 | Private network security risk processing method, device, equipment and storage medium |
| CN114331222A (en) * | 2022-03-03 | 2022-04-12 | 常州市瑞德信息科技有限公司 | Risk monitoring and early warning communication interaction method and system in firework and firecracker production environment |
| CN116633005A (en) * | 2023-04-07 | 2023-08-22 | 宁波送变电建设有限公司运维分公司 | Power equipment state monitoring and controlling method and system based on topology analysis technology |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867498A (en) * | 2009-04-17 | 2010-10-20 | 中国科学院软件研究所 | Network security situation evaluating method |
| CN102263410A (en) * | 2010-05-31 | 2011-11-30 | 河南省电力公司 | Security risk assessment model, assessment method and assessment parameter determining method |
| CN102457411A (en) * | 2011-10-14 | 2012-05-16 | 中国人民解放军国防科学技术大学 | Network security situation fuzzy evaluation method based on uncertain data |
| CN102457524A (en) * | 2011-11-23 | 2012-05-16 | 中国人民解放军国防科学技术大学 | Method for aggregating security situation of hierarchic network |
| CN103581188A (en) * | 2013-11-05 | 2014-02-12 | 中国科学院计算技术研究所 | Network security situation forecasting method and system |
-
2014
- 2014-06-05 CN CN201410246856.7A patent/CN104052635A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867498A (en) * | 2009-04-17 | 2010-10-20 | 中国科学院软件研究所 | Network security situation evaluating method |
| CN102263410A (en) * | 2010-05-31 | 2011-11-30 | 河南省电力公司 | Security risk assessment model, assessment method and assessment parameter determining method |
| CN102457411A (en) * | 2011-10-14 | 2012-05-16 | 中国人民解放军国防科学技术大学 | Network security situation fuzzy evaluation method based on uncertain data |
| CN102457524A (en) * | 2011-11-23 | 2012-05-16 | 中国人民解放军国防科学技术大学 | Method for aggregating security situation of hierarchic network |
| CN103581188A (en) * | 2013-11-05 | 2014-02-12 | 中国科学院计算技术研究所 | Network security situation forecasting method and system |
Non-Patent Citations (1)
| Title |
|---|
| 陈虎: "网络信息安全风险态势预测分析方法探讨", 《网络安全技术与应用》 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844169A (en) * | 2015-01-15 | 2016-08-10 | 中国移动通信集团安徽有限公司 | Method and device for information safety metrics |
| CN109690476B (en) * | 2016-09-20 | 2023-02-28 | Arm有限公司 | Data processing apparatus and method |
| CN109690476A (en) * | 2016-09-20 | 2019-04-26 | Arm有限公司 | Processing is endangered for address between the element of vector instruction |
| CN107577947A (en) * | 2017-08-14 | 2018-01-12 | 携程旅游信息技术(上海)有限公司 | Leak detection method, system, storage medium and the electronic equipment of information system |
| CN107577947B (en) * | 2017-08-14 | 2020-05-05 | 携程旅游信息技术(上海)有限公司 | Vulnerability detection method and system for information system, storage medium and electronic equipment |
| CN107454089A (en) * | 2017-08-16 | 2017-12-08 | 北京科技大学 | A kind of network safety situation diagnostic method based on multinode relevance |
| CN107940888A (en) * | 2017-12-07 | 2018-04-20 | 何旭连 | A kind of intelligent refrigerator system based on cloud service |
| CN108092979A (en) * | 2017-12-20 | 2018-05-29 | 国家电网公司 | A kind of firewall policy processing method and processing device |
| CN109995736A (en) * | 2017-12-31 | 2019-07-09 | 中国移动通信集团四川有限公司 | Detection threatens method, apparatus, equipment and the storage medium of attack |
| CN109309678A (en) * | 2018-09-28 | 2019-02-05 | 深圳市极限网络科技有限公司 | Network risks method for early warning based on artificial intelligence |
| CN110766329A (en) * | 2019-10-25 | 2020-02-07 | 华夏银行股份有限公司 | Risk analysis method, device, equipment and medium for information assets |
| CN110766329B (en) * | 2019-10-25 | 2022-08-23 | 华夏银行股份有限公司 | Risk analysis method, device, equipment and medium for information assets |
| CN112311858A (en) * | 2020-10-14 | 2021-02-02 | 中国航天系统工程有限公司 | Network state perception display system and method based on topology of Internet of things |
| CN112311858B (en) * | 2020-10-14 | 2024-03-26 | 中国航天系统工程有限公司 | Network state sensing display system and method based on Internet of things topology |
| CN113051573A (en) * | 2021-02-19 | 2021-06-29 | 广州银汉科技有限公司 | Host safety real-time monitoring alarm system based on big data |
| CN113765890A (en) * | 2021-08-10 | 2021-12-07 | 广州天懋信息系统股份有限公司 | Private network security risk processing method, device, equipment and storage medium |
| CN114331222A (en) * | 2022-03-03 | 2022-04-12 | 常州市瑞德信息科技有限公司 | Risk monitoring and early warning communication interaction method and system in firework and firecracker production environment |
| CN116633005A (en) * | 2023-04-07 | 2023-08-22 | 宁波送变电建设有限公司运维分公司 | Power equipment state monitoring and controlling method and system based on topology analysis technology |
| CN116633005B (en) * | 2023-04-07 | 2023-11-10 | 宁波送变电建设有限公司运维分公司 | Power equipment state monitoring and controlling method and system based on topology analysis technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104052635A (en) | Risk situation prediction method and system based on safety pre-warning | |
| CN105471656B (en) | A kind of abstract method for automatic system of intelligent transformer station O&M information model | |
| CN107026835A (en) | Integrating security system with rule optimization | |
| CN106209843A (en) | A kind of data flow anomaly towards Modbus agreement analyzes method | |
| CN108063753A (en) | A kind of information safety monitoring method and system | |
| CN102594783B (en) | Network security emergency responding method | |
| CN105684391A (en) | Automated generation of label-based access control rules | |
| CN107579855A (en) | A kind of layering multiple domain visible safety O&M method based on chart database | |
| CN105051696A (en) | An improved streaming method and system for processing network metadata | |
| CN106302371A (en) | A kind of firewall control method based on subscriber service system and system | |
| CN112738063A (en) | Industrial control system network safety monitoring platform | |
| Jorquera Valero et al. | Design of a security and trust framework for 5G multi-domain scenarios | |
| CN107547228A (en) | A kind of safe operation management platform based on big data realizes framework | |
| US20230275818A1 (en) | Increasing data availability | |
| CN104702623A (en) | IP lockout method and system | |
| CN110120957A (en) | A kind of twin method and system of safe disposal number based on intelligent scoring mechanism | |
| Sen et al. | On using contextual correlation to detect multi-stage cyber attacks in smart grids | |
| EP3166279B1 (en) | Integrated security system having rule optimization | |
| Killer et al. | Threat management dashboard for a blockchain collaborative defense | |
| CN106161330A (en) | A kind of security isolation system being applied to PROFINET EPA | |
| CN102104609B (en) | Method for analyzing safety defect of network protocol | |
| Snehi et al. | Security management in SDN using fog computing: A survey | |
| Aubet et al. | Graph-based anomaly detection for iot microservices | |
| CN106685813B (en) | Suitable for accessing the output service response device and method of net gateway security | |
| WO2023039676A1 (en) | Methods and systems for assessing and enhancing cybersecurity of a network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140917 |
|
| RJ01 | Rejection of invention patent application after publication |