CN106066964B - Network attack scheme evaluation method based on multi-level evaluation indexes - Google Patents
Network attack scheme evaluation method based on multi-level evaluation indexes Download PDFInfo
- Publication number
- CN106066964B CN106066964B CN201610367994.XA CN201610367994A CN106066964B CN 106066964 B CN106066964 B CN 106066964B CN 201610367994 A CN201610367994 A CN 201610367994A CN 106066964 B CN106066964 B CN 106066964B
- Authority
- CN
- China
- Prior art keywords
- attack
- decision
- level
- attribute
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The invention provides an evaluation method of a network attack scheme based on a multi-level evaluation index, which comprises the following steps: step 1: constructing a comprehensive evaluation decision table; the comprehensive evaluation decision table comprises: a plurality of network attack schemes, network attack techniques used by the plurality of network attack schemes, and attack effects of the plurality of network attack schemes; step 2: preprocessing a preset initial decision value in the comprehensive evaluation decision table, and discretizing continuous data into three discrete decision values of 0, 1 and 2; and step 3: calculating an attack effect value of each object; and 4, step 4: and arranging the attack effect values of the objects in a descending order, wherein the higher the attack effect value is, the better the attack effect of the objects is. The invention does not depend on experience knowledge, and obtains a comprehensive evaluation result completely driven by data.
Description
Technical Field
The invention relates to the technical field of network attack, in particular to an evaluation method of a network attack scheme based on multi-level evaluation indexes.
Background
The network attack technology has a key role in mastering the initiative of information battles and obtaining the victory of modern network information battles. The traditional network attack technology is not intelligent enough, and mainly embodies that: (1) the traditional scattered unorganized attack mode cannot form resultant force; the intelligent network attack technology can detect the intention of an attacker, detected vulnerability information and environment information, intelligently call and combine attack means from an attack and defense resource library and timely provide decision support for a user; (2) the traditional attack mode is based on personal subjective experience, cannot fully utilize the existing knowledge and lacks learning and induction capabilities. The intelligent attack technology requires that the network system can learn from empirical and heuristic abstract knowledge which is respectively placed in various knowledge bases, reduce the attribute of the knowledge, and automatically extract and update rules from the attribute.
To realize effective network attack, it is critical to realize evaluation of different attack means and to find an effective attack mode for a similar target from the evaluation result. The network attack effect is often embodied by the comprehensive effect of various attack means, and the evaluation of the network attack effect through a single index is incomplete. Meanwhile, most of the information in the network attack process is inaccurate, inconsistent and incomplete, and the intelligent attack technology needs to find implicit knowledge from the incomplete information and reveal potential laws.
The traditional fuzzy information processing and knowledge acquisition method usually needs some priori knowledge and subjective judgment, is not completely based on data, and may cause 'distortion' to information processing. For example, fuzzy set and probabilistic statistical methods are common methods for processing uncertainty information, but these methods require much extra additional information or a priori knowledge, such as fuzzy membership functions and probability distribution functions, which are not easily available and objective in most cases.
Disclosure of Invention
The invention aims to solve the technical problem of providing an evaluation method of a network attack scheme based on a multi-level evaluation index, which does not depend on experience knowledge and obtains a comprehensive evaluation result completely driven by data.
The technical scheme adopted by the invention is that the evaluation method of the network attack scheme based on the multistage evaluation indexes comprises the following steps:
setting an object set U consisting of a network attack scheme; forming a condition attribute set C by using a network attack method used by a network attack scheme in the object set U; setting the attack effect of the network attack scheme as a decision attribute D;
the object set U comprises L objects UbB is 1,2, …, L; each object corresponds to a network attack scheme;
the condition attribute set C includes: n secondary indexes CiI ═ 1,2, …, N; each of the secondary indexes CiThe method comprises the following steps: m three-level indexes Cij,j=1,2,…,M;
Each object UbAt each three-level index CijAnd corresponding decision values are respectively arranged under the decision attribute D; for any three-level index CijOr decision attribute D, for each object UbClassifying the decision values of the objects U, and classifying the objects U with the same decision valuebForming an equivalence class; after classification, each has three levelsIndex CijThere are g equivalence classesf is 1,2, …, g; each equivalence classIn is kfAn object;the decision attribute D has q equivalence classes DtT is 1,2, …, q; each equivalence class DtHas ptAn object;
each object U is calculated according to the following formulabThe attack effect value of (TC); the higher the attack effect value TC is, the higher the object U isbThe better the attack effect:
wherein, XijIs an object UbAt the third level index CijA lower decision value;
ωijis a three-level index CijImportance weight for decision attribute D;
Ytis an object UbA decision value under decision attribute D;
θtis the importance weight of decision attribute D to conditional attribute set C.
Further, the three-level index CijImportance weight ω for decision attribute Dij,ωij∈[0,1]The calculation is performed according to the following formula:
wherein sig (C)ij,D)=H(D|Li0)-H(D|Li);
LiIs a secondary index CiCorresponding three-level index set;
Li0is set of indexes L in three levelsiMiddle removal of three-level index CijThe latter three-level index set;
sig(Cijand D) represents in a three-level index set LiMiddle removal of three-level index CijThe change values of the conditional entropy before and after;
h (D | L) is calculated according to the following formulai) And H (D | L)i0):
Wherein the content of the first and second substances,
where card () represents the number of elements in the set.
Further, the secondary index CiImportance weighting for decision attribute DCalculated according to the following formula:
wherein, the tetrad S ═ (U, a, V, f) is a knowledge expression system, wherein, the set a ═ C ═ D,V=∪τ∈Av τ, V τ being the range of the element τ, the element τ belonging to the set A; f: UxA → V, which is an information function expressed as information values of each object in the set of objects U under different elements in the set A;
let beta belong to D, alpha belong to C, call W belong to U/beta as decision subset, for classification U/alpha, define Sα(W) is a supporting subset of W for the attribute α, and Sα(W)=∪V∈U/α,V∈WV; thus, the U/C is classified with respect to the conditional attribute setiThe supporting subset of decision attribute D is
Further, the importance weight θ of the decision attribute D to the condition attribute set CtThe calculation is performed according to the following formula:
further, the condition attribute set C includes 5 secondary indexes, which are respectively: network blocking, authority control, information counterfeiting, network monitoring and information stealing; the network congestion comprises 3 three-level indexes, which are respectively as follows: channel resource, network connection and storage space are forced; the authority control comprises 3 three-level indexes which are respectively as follows: password attack, trojan horse attack, buffer overflow attack; the information falsification comprises 2 three-level indexes which are respectively as follows: IP address spoofing, false message spoofing; the network monitoring comprises 2 three-level indexes which are respectively as follows: software-based snooping and hardware-based snooping; the information stealing includes 3 three-level indexes, which are respectively: network scanning, architecture detection and system service information collection.
By adopting the technical scheme, the invention at least has the following advantages:
compared with the existing multi-factor comprehensive evaluation method, the evaluation method introduced in the invention does not depend on the prior experience knowledge, is completely driven by data, and obtains the attack effect evaluation of each network attack scheme through calculation.
Drawings
Fig. 1 is a flowchart of an evaluation method for a network attack scenario based on multi-level evaluation indexes according to a second embodiment of the present invention;
fig. 2 is a schematic diagram of a multi-level evaluation index structure according to a second embodiment of the present invention.
Detailed Description
To further explain the technical means and effects of the present invention adopted to achieve the intended purpose, the present invention will be described in detail with reference to the accompanying drawings and preferred embodiments.
The first embodiment of the present invention provides a method for evaluating a network attack scheme based on a multi-level evaluation index, which specifically includes:
setting an object set U consisting of a network attack scheme; forming a condition attribute set C by using a network attack method used by a network attack scheme in the object set U; setting the attack effect of the network attack scheme as a decision attribute D;
the object set U comprises L objects Ub,b=1,2,…,L;
The condition attribute set C comprises N secondary indexes Ci,i=1,2,…N; each of the secondary indexes CiComprises M three-level indexes CijJ ═ 1,2, …, M; the number M of the three-level indexes included in each two-level index can be the same or different; the number N of the second-level indexes is not related to the number M of the third-level indexes, and the number N of the second-level indexes and the number M of the third-level indexes are not limited;
each object UbAt each three-level index CijAnd corresponding decision values are respectively arranged under the decision attribute D; for any three-level index CijOr decision attribute D, for each object UbClassifying the decision values of the objects U, and classifying the objects U with the same decision valuebForming an equivalence class; after classification, each three-level index CijThere are g equivalence classesf is 1,2, …, g; each equivalence classIn is kfAn object;the decision attribute D has q equivalence classes DtT is 1,2, …, q; each equivalence class DtHas ptAn object;
each object U is calculated according to the following formulabThe attack effect value of (TC); the higher the attack effect value TC is, the higher the object U isbThe better the attack effect:
wherein, XijIs an object UbAt the third level index CijA lower decision value;
ωijis a three-level index CijImportance weight for decision attribute D;
Ytis an object UbA decision value under decision attribute D;
θtis the importance weight of decision attribute D to conditional attribute set C.
Specifically, the three-level index CijImportance weight ω for decision attribute DijThe calculation is performed according to the following formula:
wherein sig (C)ij,D)=H(D|Li0)-H(D|Li);
LiIs a secondary index CiCorresponding three-level index set;
Li0is set of indexes L in three levelsiMiddle removal of three-level index CijThe latter three-level index set;
sig(Cijand D) represents in a three-level index set LiMiddle removal of three-level index CijThe change values of the conditional entropy before and after;
h (D | L) is calculated according to the following formulai) And H (D | L)i0):
Wherein the content of the first and second substances,
where card () represents the number of elements in the set.
The secondary index CiImportance weighting for decision attribute DCalculated according to the following formula:
wherein, the tetrad S ═ (U, a, V, f) is a knowledge expression system, wherein, the set a ═ C ═ D,V=∪τ∈Av τ, V τ being the range of the element τ, the element τ belonging to the set A; f: UxA → V, which is an information function expressed as information values of each object in the set of objects U under different elements in the set A;
let beta belong to D, alpha belong to C, call W belong to U/beta as decision subset, for classification U/alpha, define Sα(W) is a supporting subset of W for the attribute α, and Sα(W)=∪V∈U/α,V∈WV; thus, the U/C is classified with respect to the conditional attribute setiThe supporting subset of decision attribute D is
According to the support subset SαDefinition of (W), SαThe tuple in (W) may have several different values on the condition attribute set, but any value contains the same decision value, and for any tuple in the decision table, as long as the value on X and S are the sameW(X) is the same value, then it has the same value as SWThe tuples in (X) have the same decision value, and in fact, such tuples are all contained in SWIn (X).
Importance weight theta of the decision attribute D to the condition attribute set CtThe calculation is performed according to the following formula:
further, the condition attribute set C includes 5 secondary indexes, which are respectively: network blocking, authority control, information counterfeiting, network monitoring and information stealing; the network congestion comprises 3 three-level indexes, which are respectively as follows: channel resource, network connection and storage space are forced; the authority control comprises 3 three-level indexes which are respectively as follows: password attack, trojan horse attack, buffer overflow attack; the information falsification comprises 2 three-level indexes which are respectively as follows: IP address spoofing, false message spoofing; the network monitoring comprises 2 three-level indexes which are respectively as follows: software-based snooping and hardware-based snooping; the information stealing includes 3 three-level indexes, which are respectively: network scanning, architecture detection and system service information collection.
A second embodiment of the present invention provides a method for evaluating a network attack scenario based on a multi-level evaluation index, as shown in fig. 1, including the following steps:
step S201: constructing a comprehensive evaluation decision table;
the comprehensive evaluation decision table comprises: a plurality of network attack schemes, network attack techniques used by the plurality of network attack schemes, and attack effects of the plurality of network attack schemes;
an object set U is formed by a network attack scheme, wherein the object set U comprises L objects UbB is 1,2, …, L, each object corresponds to a network attack scheme; setting a condition attribute set C consisting of network attack methods used by the network attack schemes in the object set U, wherein the condition attribute set C comprises N secondary indexes CiI ═ 1,2, …, N; each of the secondary indexes CiComprises M three-level indexes CijJ ═ 1,2, …, M; setting the attack effect of the network attack scheme as a decision attribute D; for each subject U according to experiment or factbAt each three-level index CijAnd giving corresponding decision values under the decision attribute D respectively;
specifically, as shown in fig. 2, the condition attribute set C includes 5 secondary indexes, which are respectively: network blocking, authority control, information counterfeiting, network monitoring and information stealing; the network congestion comprises 3 three-level indexes, which are respectively as follows: channel resource, network connection and storage space are forced; the authority control comprises 3 three-level indexes which are respectively as follows: password attack, trojan horse attack, buffer overflow attack; the information falsification comprises 2 three-level indexes which are respectively as follows: IP address spoofing, false message spoofing; the network monitoring comprises 2 three-level indexes which are respectively as follows: software-based snooping and hardware-based snooping; the information stealing includes 3 three-level indexes, which are respectively: network scanning, architecture detection and system service information collection.
Step S202: preprocessing a preset initial decision value in the comprehensive evaluation decision table, and discretizing continuous data into three discrete decision values of 0, 1 and 2;
the commonly used discretization method comprises an equal frequency division algorithm,A Scaler algorithm, a discretization algorithm combining Boolean logic and rough set theory, an Nguyen greedy algorithm, an improved greedy algorithm and the like, wherein a comprehensive evaluation decision table after discretization pretreatment is shown in Table 1:
TABLE 1
Wherein Table 1 includes 10 different objects Ub1,2, …, 10; the method comprises 13 three-level indexes, wherein channel resource occupation X1, network connection occupation X2 and storage space occupation X3 belong to two-level index network blockage; password attack X4, Trojan horse attack X5 and buffer overflow attack X6 belong to the second-level index authority control; IP address spoofing X7 and false message spoofing X8 belong to secondary index information falsification; software-based monitoring X9 and hardware-based monitoring X10 belong to secondary index network monitoring; network scanning X11, system structure detection X12 and system service information collection X13 belong to secondary index information stealing;
for any three-level index CijAny secondary index CiAnd decision attribute D, for each object UbThe discrete decision values are classified, and the objects U with the same discrete decision value are classifiedbForming an equivalence class; after classification, each three-level index CijThere are g equivalence classesf is 1,2, …, g; each equivalence classIn is kfAn object;the decision attribute D has q equivalence classes DtT is 1,2, …, q; each equivalence class DtHas ptAn object;
for example, for the three-level indicator channel resource preemption X1, there are three equivalence classes, which are: an equivalence class with a discrete decision value of 0, an equivalence class with a discrete decision value of 1, and an equivalence class with a discrete decision value of 2; the equivalence class with the discrete decision value of 0 comprises two objects, namely U5 and U8; the equivalence class with the discrete decision value of 1 comprises four objects, namely U1, U3, U7 and U9; the equivalence class with a discrete decision value of 2 includes four objects, U2, U4, U6, and U10, respectively.
Step S203: each object U is calculated according to the following formula (1)bAttack effect value of (TC):
wherein, XijIs an object UbAt the third level index CijA lower decision value;
ωijis a three-level index CijImportance weight for decision attribute D;
Ytis an object UbA decision value under decision attribute D;
θtis the importance weight of decision attribute D to conditional attribute set C.
Specifically, the three-level index CijImportance weight ω for decision attribute Dij,ωij∈[0,1]The calculation is performed according to the following formula (2):
wherein sig (C)ij,D)=H(D|Li0)-H(D|Li);
LiIs a secondary index CiCorresponding three-level index set;
Li0is at threeSet of level indexes LiMiddle removal of three-level index CijThe latter three-level index set;
sig(Cijand D) represents in a three-level index set LiMiddle removal of three-level index CijThe change values of the conditional entropy before and after;
h (D | L) is calculated according to the following formulai) And H (D | L)i0):
Wherein the content of the first and second substances,
where card () represents the number of elements in the set.
The secondary index CiImportance weighting for decision attribute DCalculated according to the following equation (3):
wherein, the tetrad S ═ (U, a, V, f) is a knowledge expression system, wherein, the set a ═ C ═ D,V=∪τ∈Av τ, V τ being the range of the element τ, the element τ belonging to the set A; f: UxA → V, which is an information function expressed as information values of each object in the set of objects U under different elements in the set A;
let beta belong to D, alpha belong to C, call W belong to U/beta as decision subset, for classification U/alpha, define Sα(W) is a supporting subset of W for the attribute α, and Sα(W)=∪V∈U/α,V∈WV; thus, the U/C is classified with respect to the conditional attribute setiThe supporting subset of decision attribute D is
Importance weight theta of the decision attribute D to the condition attribute set CtThe calculation is performed according to the following formula (4):
further, according to the above formula (2) and formula (3), the importance weight of the tertiary index and the importance weight of the secondary index to the decision attribute are first calculated:
for example: the second-level index authority control comprises three third-level indexes which are respectively: password attack X4, Trojan horse attack X5, and buffer overflow attack X6;
the process of calculating the importance weight of the three-level index password attack X4 is as follows:
the equivalence class controlled by the secondary index authority is divided into the following classes: { U1, U4}, { U2, U10}, { U3}, { U5, U8}, { U6, U9}, and { U7 }; after deleting the attack X4 of the third-level index password in the second-level index authority control, dividing the equivalence class of the second-level index authority control into: { U1, U4}, { U2, U10}, { U3}, { U5, U8}, { U6, U9}, and { U7 }; the equivalence classes of decision attribute D are divided into: { U1, U2, U4, U5, U7, U10}, { U3, U6}, { U8, U9 };
then the relative importance weight of the three-level index password attack X4 is H (D | C)20)-H(D|C2) 0, this indicates that the existence of the three-level index password attack X4 does not affect the interpretation capability of the two-level index authority control on the rule;
the process of calculating the importance weight of the secondary index authority control on the decision attribute D is as follows:
the support subset of the secondary index right control to the decision attribute D is as follows:
the importance weight of the secondary index authority control on the decision attribute D is as follows:
according to the method, the relative importance weights of other three-level indexes and the importance weights of the two-level indexes to the decision attributes can be respectively calculated, and the calculation results are shown in table 2:
TABLE 2
Calculate each object U according to equation (1), Table 1 and Table 2bThe attack effect value TC of (a), the results are shown in table 3:
TABLE 3
Object | Attack effect value TC |
U1 | 6.1478 |
U2 | 5.6895 |
U3 | 2.7898 |
U4 | 6.9086 |
U5 | 6.6352 |
U6 | 4.6054 |
U7 | 6.2247 |
U8 | 2.0239 |
U9 | 1.1893 |
U10 | 6.7698 |
For example: object U4The process of calculating the attack effect value TC of (1) is as follows:
TC=(2×0.094×0.7+2×0.668×0.7+2×0.238×0.7)+(1×0×0.6+2×0.713×0.6+0×0.287×0.6)+(2×0.691×0.8+0×0.309×0.8)+(2×0.237×0.3+2×0.763×0.3)+(1×0.421×0.6+2×0.000×0.6+2×0.579×0.6)+2=6.9086
step S204: the objects U are processed according to the sequence from big to smallbThe attack effect values TC of (a) are arranged, the results are as follows:
network attack scenario 4(6.9086) > network attack scenario 10(6.7698) > network attack scenario 5(6.6352) > network attack scenario 7(6.2247) > network attack scenario 1(6.1478) > network attack scenario 2(5.6895) > network attack scenario 6(4.6054) > network attack scenario 3(2.7898) > network attack scenario 8(2.0239) > network attack scenario 9 (1.1893);
it can be seen that the attack effect of the network attack scheme 4 is the best, and the attack effect of the network attack scheme 9 is the worst.
Compared with the conventional multi-factor comprehensive evaluation method, the evaluation method provided by the embodiment of the invention does not depend on the prior experience knowledge, is completely driven by data, and obtains the attack effect evaluation of each network attack scheme through calculation.
While the invention has been described in connection with specific embodiments thereof, it is to be understood that it is intended by the appended drawings and description that the invention may be embodied in other specific forms without departing from the spirit or scope of the invention.
Claims (4)
1. A network attack scheme evaluation method based on multi-level evaluation indexes is characterized by comprising the following steps:
setting an object set U consisting of a network attack scheme; forming a condition attribute set C by using a network attack method used by a network attack scheme in the object set U; setting the attack effect of the network attack scheme as a decision attribute D;
the object set U comprises L objects UbB is 1,2, …, L; each object corresponds to a network attack scheme;
the condition attribute set C includes: n secondary indexes CiI ═ 1,2, …, N; each of the secondary indexes CiThe method comprises the following steps: m three-level indexes Cij,j=1,2,…,M;
Each object UbAt each three-level index CijAnd corresponding decision values are respectively arranged under the decision attribute D; for any three-level index CijOr decision attribute D, for each object UbClassifying the decision values of the objects U, and classifying the objects U with the same decision valuebForming an equivalence class; after classification, each three-level index CijThere are g equivalence classesf is 1,2, …, g; each equivalence classIn is kfAn object;the decision attribute D has q equivalence classes DtT is 1,2, …, q; each equivalence class DtHas ptAn object;
each object U is calculated according to the following formulabThe attack effect value of (TC);the higher the attack effect value TC is, the higher the object U isbThe better the attack effect:
wherein, XijIs an object UbAt the third level index CijA lower decision value;
ωijis a three-level index CijImportance weight for decision attribute D;
Ytis an object UbA decision value under decision attribute D;
θtis the importance weight of the decision attribute D to the condition attribute set C;
the three-level index CijImportance weight ω for decision attribute Dij,ωij∈[0,1]The calculation is performed according to the following formula:
wherein sig (C)ij,D)=H(D|Li0)-H(D|Li);
LiIs a secondary index CiCorresponding three-level index set;
Li0is set of indexes L in three levelsiMiddle removal of three-level index CijThe latter three-level index set;
sig(Cijand D) represents in a three-level index set LiMiddle removal of three-level index CijThe change values of the conditional entropy before and after;
h (D | L) is calculated according to the following formulai) And H (D | L)i0):
Wherein the content of the first and second substances,
where card () represents the number of elements in the set.
2. The method for evaluating a cyber attack scenario according to claim 1, wherein the second level index C is a measure of a second level indexiImportance weighting for decision attribute DCalculated according to the following formula:
wherein, let the quadruple S ═ (U, A, V, f) be a knowledgeExpression system, wherein the set A ═ C ^ D,V=Uτ∈Av τ, V τ being the range of the element τ, the element τ belonging to the set A; f: UxA → V, which is an information function expressed as information values of each object in the set of objects U under different elements in the set A;
let beta belong to D, alpha belong to C, call W belong to U/beta as decision subset, for classification U/alpha, define Sα(W) is a supporting subset of W for the attribute α, and Sα(W)=UV∈U/α,V∈WV; thus, the U/C is classified with respect to the conditional attribute setiThe supporting subset of decision attribute D is
4. the method for evaluating a network attack scheme based on multi-level evaluation indexes according to any one of claims 1 to 3, wherein the condition attribute set C comprises 5 secondary indexes, which are respectively: network blocking, authority control, information counterfeiting, network monitoring and information stealing; the network congestion comprises 3 three-level indexes, which are respectively as follows: channel resource, network connection and storage space are forced; the authority control comprises 3 three-level indexes which are respectively as follows: password attack, trojan horse attack, buffer overflow attack; the information falsification comprises 2 three-level indexes which are respectively as follows: IP address spoofing, false message spoofing; the network monitoring comprises 2 three-level indexes which are respectively as follows: software-based snooping and hardware-based snooping; the information stealing includes 3 three-level indexes, which are respectively: network scanning, architecture detection and system service information collection.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610367994.XA CN106066964B (en) | 2016-05-30 | 2016-05-30 | Network attack scheme evaluation method based on multi-level evaluation indexes |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610367994.XA CN106066964B (en) | 2016-05-30 | 2016-05-30 | Network attack scheme evaluation method based on multi-level evaluation indexes |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106066964A CN106066964A (en) | 2016-11-02 |
CN106066964B true CN106066964B (en) | 2021-08-17 |
Family
ID=57420878
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610367994.XA Active CN106066964B (en) | 2016-05-30 | 2016-05-30 | Network attack scheme evaluation method based on multi-level evaluation indexes |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106066964B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109359738A (en) * | 2018-10-19 | 2019-02-19 | 西南交通大学 | A kind of Landslide hazard appraisal procedure based on QPSO-BP neural network |
CN110011976B (en) * | 2019-03-07 | 2021-12-10 | 中国科学院大学 | Network attack destruction capability quantitative evaluation method and system |
CN116866193B (en) * | 2023-09-05 | 2023-11-21 | 中国电子信息产业集团有限公司第六研究所 | Network attack drilling method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102624782A (en) * | 2011-10-31 | 2012-08-01 | 李宗诚 | Internal concentrated harmonization system/information and communication technology (ICH/ICT) information fusion basis of internet |
WO2012130384A1 (en) * | 2011-03-25 | 2012-10-04 | Eads Deutschland Gmbh | Method for determing integrity in an evolutionary collaborative information system |
CN103902816A (en) * | 2014-03-12 | 2014-07-02 | 郑州轻工业学院 | Electrification detection data processing method based on data mining technology |
CN104331532A (en) * | 2014-09-12 | 2015-02-04 | 广东电网公司江门供电局 | Power transformer state evaluation method based on rough set-cloud model |
US9092631B2 (en) * | 2013-10-16 | 2015-07-28 | Battelle Memorial Institute | Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture |
-
2016
- 2016-05-30 CN CN201610367994.XA patent/CN106066964B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012130384A1 (en) * | 2011-03-25 | 2012-10-04 | Eads Deutschland Gmbh | Method for determing integrity in an evolutionary collaborative information system |
CN102624782A (en) * | 2011-10-31 | 2012-08-01 | 李宗诚 | Internal concentrated harmonization system/information and communication technology (ICH/ICT) information fusion basis of internet |
US9092631B2 (en) * | 2013-10-16 | 2015-07-28 | Battelle Memorial Institute | Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture |
CN103902816A (en) * | 2014-03-12 | 2014-07-02 | 郑州轻工业学院 | Electrification detection data processing method based on data mining technology |
CN104331532A (en) * | 2014-09-12 | 2015-02-04 | 广东电网公司江门供电局 | Power transformer state evaluation method based on rough set-cloud model |
Non-Patent Citations (2)
Title |
---|
基于粗集神经网络的矿井通风系统方案优选方法研究与应用;张蕾;《优秀硕士学位论文 信息科技辑》;20120331;第2-5章 * |
多目标风险型决策理论及方法研究;赵建兵;《优秀硕士学位论文 信息科技辑》;20030430;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN106066964A (en) | 2016-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Cheng et al. | Outlier detection using isolation forest and local outlier factor | |
Xu et al. | A survey of privacy preserving data publishing using generalization and suppression | |
CN105117322B (en) | A kind of de-redundancy method based on multi-source alarm log security incident signature analysis | |
CN105447113B (en) | A kind of information analysis method based on big data | |
Mahmood et al. | Intrusion detection system based on K-star classifier and feature set reduction | |
CN105072214B (en) | C&C domain name recognition methods based on domain name feature | |
CN106066964B (en) | Network attack scheme evaluation method based on multi-level evaluation indexes | |
WO2016053714A1 (en) | Protected indexing and querying of large sets of textual data | |
Cao et al. | Combating friend spam using social rejections | |
CN112016078A (en) | Method, device, server and storage medium for detecting forbidding of login equipment | |
CN110855716B (en) | Self-adaptive security threat analysis method and system for counterfeit domain names | |
WO2019242441A1 (en) | Dynamic feature-based malware recognition method and system and related apparatus | |
CN107172033B (en) | WAF misjudgment identification method and device | |
CN105843930A (en) | Video search method and device | |
CN115801361A (en) | Network security operation and maintenance capability assessment method and system | |
CN107463845A (en) | A kind of detection method, system and the computer-processing equipment of SQL injection attack | |
CN104090950B (en) | Data flow clustering method integrating cluster existence strength | |
Zhu et al. | PTAOD: A novel framework for supporting approximate outlier detection over streaming data for edge computing | |
Savenkov et al. | Organizations Data Integrity Providing through Employee Behavioral Analysis Algorithms | |
Liu et al. | Histogram publishing method based on differential privacy | |
Kim et al. | A Bit Vector Based Binary Code Comparison Method for Static Malware Analysis. | |
Jiang et al. | Poster: Scanning-free personalized malware warning system by learning implicit feedback from detection logs | |
CN110851826A (en) | Method, device and equipment for detecting tampering of page and readable storage medium | |
Fu et al. | EMD based visual similarity for detection of phishing webpages | |
CN115878848B (en) | Antagonistic video sample generation method, terminal equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |