CN107204876B - Network security risk assessment method - Google Patents

Network security risk assessment method Download PDF

Info

Publication number
CN107204876B
CN107204876B CN201710364501.1A CN201710364501A CN107204876B CN 107204876 B CN107204876 B CN 107204876B CN 201710364501 A CN201710364501 A CN 201710364501A CN 107204876 B CN107204876 B CN 107204876B
Authority
CN
China
Prior art keywords
vulnerability
node
risk
alarm
risk assessment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201710364501.1A
Other languages
Chinese (zh)
Other versions
CN107204876A (en
Inventor
高强
黄元飞
林星辰
杨鹏
王鹏翩
陈亮
李燕伟
应志军
张家旺
陈禹
林宏刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Network Space Safety Technology Co ltd
Original Assignee
Chengdu Network Space Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Network Space Safety Technology Co ltd filed Critical Chengdu Network Space Safety Technology Co ltd
Priority to CN201710364501.1A priority Critical patent/CN107204876B/en
Publication of CN107204876A publication Critical patent/CN107204876A/en
Application granted granted Critical
Publication of CN107204876B publication Critical patent/CN107204876B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a network security risk assessment method, which dynamically assesses the security of a target network by combining an intrusion detection system, vulnerability detection and a real-time attack event acquired by a third party on the basis of static risk assessment. In risk assessment, the value of an asset is usually defined by experts or management personnel in static assessment, and does not change greatly in a period of time; the dynamic change of the threat and vulnerability information can be carried out by means of corresponding tools; the intrusion detection system and the firewall are used as a monitoring system, and can alarm abnormal events at any time, and the alarm information is the threat possibly suffered by the system and is also an important basis for evaluating the risk condition of the system. The invention can effectively improve the accuracy and real-time performance of network risk assessment, and further implement safety defense measures according to risk assessment results, and effectively control risks in time.

Description

Network security risk assessment method
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network security risk assessment method.
Background
The network security risk assessment method mainly comprises two types: static evaluation and dynamic evaluation. And the static evaluation comprehensively evaluates the risk level of the network by statically evaluating factors such as the value of the target network, security holes, the occurrence frequency of security events and the like. The information security risk assessment method adopted by people at present is basically limited to a static assessment method. Research on dynamic network security risk assessment is still in an exploration stage at home and abroad, and risk assessment is mainly performed on the basis of two aspects of vulnerabilities and threats.
The vulnerability-based risk assessment method adopts the existing vulnerability scanning tool to find out vulnerabilities which are possibly threatened to be utilized in an auxiliary mode, and the severity degrees of the vulnerabilities are assessed. The chenchenchenjia and the like indicate that the attacker utilizes the characteristics of the vulnerabilities to access unauthorized resources on the computer system or to have destructive influence on the computer system. The shinning and the like propose to carry out security risk quantitative evaluation on the computer vulnerability use risk propagation model. And finally, the Sunde proposes an index-fused network security situation evaluation model, establishes a vulnerability harmfulness quantification mechanism based on a general vulnerability scoring system, and corrects the whole network security situation value by using real-time performance data. And Malchi and the like propose that a vulnerability hazard grade assessment system is constructed by using an analytic hierarchy process, and then quantitative and qualitative risk assessment is carried out on the vulnerability hazard grade by using a fuzzy theory.
The risk assessment method based on the threat utilizes an intrusion detection system to monitor network security events and collect flow information in real time, and the influence degree of the security events on the network is assessed according to the hazard degrees of the security events. And the Chenxiu and the like establish a fine-grained threat situation assessment model based on 3 levels of service, host and network systems by acquiring intrusion information. But the model does not analyze the incidence between host vulnerabilities. The method is based on a danger signal theory, quantifies an original danger signal, further detects a network attack event, and finally realizes risk assessment on the whole network. Penlingxi et al propose a risk assessment model based on a risk theory, which can effectively and real-timely assess risk values of each type of attack event and the overall network from two granularities of a host and the network. Warrior and the like propose that multi-source IDS data are fused by using a D-S evidence theory, so that the network security situation is calculated and the network security trend is predicted. The Zhangwei and the like provide a matrix type attack and defense game model, the privilege state of an attacker on a network entity is used as an element of an attack and defense random game model, the dynamic change of the attack and defense state of the network is modeled, and the attack behavior is predicted and the optimal defense strategy is decided.
The static-based network security risk assessment analysis method can roughly assess the risk state of the network for a long time, but lacks real-time network security risk detection and adaptive capacity for the attack suffered by the system. In the dynamic risk assessment method, although the vulnerability of the network system can be effectively discovered by the vulnerability-based network security risk assessment analysis method, the vulnerability is only assessed in isolation, and the interrelation between the vulnerability and the potential security risk generated by the vulnerability are ignored. The risk assessment method based on the threat cannot effectively restore the attack scene and predict the attack behavior.
At present, the research of network security risk assessment is still in a continuous exploration stage, and no matter a vulnerability-based and threat-based risk assessment method is adopted to analyze the network security risk, a good solution is not found yet.
Disclosure of Invention
The invention aims to provide a network security risk assessment method, which can effectively improve the accuracy and real-time performance of network risk assessment, further implement security defense measures according to a risk assessment result, and timely and effectively control risks.
In order to solve the technical problems, the invention adopts the technical scheme that:
a network security risk assessment method comprises the following steps:
step 1: performing static risk assessment on the target network, and giving a static assessment result;
step 2: identifying the network assets, assigning asset value, and performing correlation analysis on the assets and the vulnerability;
and step 3: evaluating the vulnerability adoption success probability by adopting a CVSS (common vulnerability assessment system) evaluation index; using a formula
Figure BDA0001301210310000021
Calculating the importance degree L of the node assets; wherein L isc、LI、LaRespectively representing the quantified values of confidentiality, integrity and availability attributes corresponding to the nodes, and rounding the function representation to 3 decimal places;
and 4, step 4: adopting a vulnerability scanner to carry out vulnerability identification on the network nodes, detecting the vulnerability of the current node, and adopting a formula according to the CVSS evaluation index
Figure BDA0001301210310000022
Calculating the threat degree T of each vulnerability; wherein, Base is CVSS score, K is success probability of vulnerability attack, and K is a number in the range of 0-1;
and 5: receiving real-time attack event alarms of current nodes provided by an intrusion detection system, a firewall and a third party, and classifying alarm information according to different vulnerabilities;
step 6: analyzing the intrusion detection, the firewall and the third-party data sample;
based on the formula
Figure BDA0001301210310000023
Calculating an alarm quantity parameter Num influencing the node vulnerability risk index; wherein ni is a certain alarm threshold, and num is the number of certain alarms;
based on the formula
Figure BDA0001301210310000024
Calculating an alarm source type (Cat) influencing the node vulnerability risk index; wherein, the total alarm source type of cn, ci is the source type of a certain alarm;
based on the formula
Figure BDA0001301210310000025
Calculating an alarm level parameter Lev influencing the node vulnerability risk index; wherein N is1、N2、N3Respectively corresponding to the number of high, medium and low level alarm events, W1、W2、W3Is the weight value of the corresponding level;
step 7, calculating the node vulnerability risk index P by adopting a formula P ═ Num × cast × Lev, and then adopting a formula Ri=Li×Ti×PiCalculating the node security risk, and performing dynamic risk assessment on the system; wherein R isiIs the dynamic risk value, L, of node iiIs the asset importance level, T, of node iiIs the vulnerability threat level, P, of node iiIs the vulnerability risk index of node i;
and 8: and (5) repeating the step (5) to the step (7), and dynamically evaluating the target network based on the threat, thereby completing the safety evaluation of the target network.
Further, the method also comprises the step 9: and after a period of time, repeating the steps 4 to 8, and carrying out security assessment on the target network based on the vulnerabilities and threats.
Compared with the prior art, the invention has the beneficial effects that: 1) the risk assessment method combining static state and dynamic state effectively improves the real-time performance of network risk assessment; 2) the potential risk of the network is comprehensively evaluated by using vulnerability-based and threat-based methods, so that the accuracy of network risk evaluation can be effectively improved.
Drawings
FIG. 1 is a schematic diagram of a network security risk assessment method architecture according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments. The method dynamically evaluates the security of the target network on the basis of static risk evaluation by combining an intrusion detection system, vulnerability detection and real-time attack events acquired by a third party. Assets, threats and vulnerabilities are 3 fundamental elements of risk assessment.
In risk assessment, the value of an asset is typically defined by an expert or manager at the time of static assessment and does not change significantly over time. The information acquisition of the threat and the vulnerability can be carried out by means of corresponding tools. The system risk is reduced to within an acceptable range after the static risk assessment. Over time, the threat and vulnerability changes under the influence of internal and external factors, and the system risks rise beyond acceptable limits. The dynamic change of the information of the threat and the vulnerability can be carried out by means of corresponding tools.
The intrusion detection system and the firewall are used as a monitoring system, and can alarm abnormal events at any time, and the alarm information is the threat possibly suffered by the system and is also an important basis for evaluating the risk condition of the system. On the other hand, by using the vulnerability detection tool, the collected vulnerability information can be matched with the alarm information collected by the intrusion detection tool, so that the possibility of success or failure of the threat event is judged, and the risk condition of the system is evaluated.
The overall framework of the risk assessment method based on a combination of static and dynamic states is shown in fig. 1. Assets, threats and vulnerabilities are 3 fundamental elements of risk assessment. In order to dynamically evaluate the security risk of the network system, the dynamic risk evaluation of the network node adopts the following risk evaluation calculation formula:
Ri=Li×Ti×Pi(1)
in the formula (1), RiIs the dynamic risk value, L, of node iiIs the asset importance level, T, of node iiIs the vulnerability threat level, P, of node iiIs the vulnerability risk index of node i.
Assume that the quantified value of confidentiality, integrity and availability attribute (CIA for short) corresponding to a node is Lc、LI、LaAnd the quantization values of the different levels correspond from low to high (0.1, 0.3, 0.5, 0.7, 0.9), and the specific hierarchical quantization standard is omitted here, the calculation formula of the asset importance level L is
Figure BDA0001301210310000041
Where the round function representation is rounded to 3 decimal places.
The vulnerability threat level T is related to the ease with which the vulnerability is exploited. The vulnerability threat level is evaluated using a universal CVSS provided by the american institute of standards and technology. A CVSS score is a number in the range of 0 to 10. Each vulnerability consists of 3 attributes, which are respectively: base, Temporal, and Environmental. Wherein the Base attribute is related to the vulnerability threat level. The value range of the method is 0-10, so that the calculation formula of the vulnerability threat degree T is
Figure BDA0001301210310000042
Wherein Base is CVSS score, K is success probability of vulnerability attack and is a number in the range of 0-1, success probability of vulnerability attack is set according to an expert knowledge Base, easy attack type value is 0.8, general attack type value is 0.6, and difficult attack type value is 0.2.
P is the vulnerability risk index. After analyzing and studying intrusion detection, firewall and third party data samples, factors affecting the system asset risk status are summarized from the data. And analyzing and processing the factors to obtain the risk value of the system asset by using the formula (1). The factors affecting P are 3: alarm quantity parameter (Number, denoted Num), alarm source type (Category, denoted by Category), alarm Level (Level, denoted by Lev). The vulnerability risk index P is calculated by the formula
P=Num×Cate×Lev (4)
If the number of alarms detected on a host exceeds a predetermined threshold value within a period of time, the host may be considered to be more likely to be attacked, and a certain risk exists. Thus, the alarm quantity parameter over a period of time may reflect the current risk status of the asset, which may be one of the risk factors. And if the alarm quantity is relatively high, the possibility that the asset is attacked is high, and the risk is high. Therefore, a certain linear relation exists between the alarm quantity parameter and the vulnerability risk index P. Num is calculated as
Figure BDA0001301210310000043
Where ni is a certain alarm threshold, which needs to be set by an expert or administrator according to historical data or experience, and num is the number of certain alarms.
Typically, the alarm information originates from different systems, such as intrusion detection, firewalls, and third party devices. Therefore, if the data shows that alarm information from different sources happens to a certain current node, the node is likely to be attacked, and certain risks exist. Therefore, the alarm source type should also be one of the factors for risk assessment. The calculation formula of the alarm source type of the site is
Figure BDA0001301210310000051
Wherein cn is the total alarm source type, and ci is the source type of a certain alarm.
When alarming a potential security event, the current intrusion detection system or tool assigns a level to the alarm event to inform the user of the possible threat to the host by the event. If a host has a relatively high level of alarm events detected within a certain time period, the host is very likely to be severely attacked, and the risk index is very high. Obviously, the alarm level is also one of the important components reflecting the vulnerability risk index P. The calculation formula of the alarm level Lev is
Figure BDA0001301210310000052
Different system alarm events are endowed with different grades, and the method divides the alarm events into 3 grades of high, medium and low. If it gives an alarmThe pieces are given different grades, requiring an expert or administrator to classify them into these three levels when first used. N in formula (7)1、N2、N3Respectively corresponding to the number of alarm events in high, medium and low three levels, W1、W2、W3Is the corresponding level weight. Wherein 3 weights W1、W2、W3Requiring expert or administrator settings and showing relative importance.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. The static risk assessment technology is mature, the method is not described in detail, and the preparation work required by the method based on the static assessment result is briefly described below. The risk assessment method based on the combination of static state and dynamic state comprises 2 stages:
stage one: static risk assessment
1) Giving the static evaluation results.
2) And identifying the network assets, assigning asset value, and performing association analysis on the assets and the vulnerability.
3) And assigning the vulnerability exploitation success probability by using the CVSS evaluation index.
4) And (4) calculating the importance degree L of the node assets by using the formula (2).
And a second stage: dynamic risk assessment
1) And (3) carrying out vulnerability identification on the network nodes by utilizing a vulnerability scanner, detecting the vulnerability of the current node, and calculating the threat degree of each vulnerability by utilizing a formula (3) according to the CVSS evaluation index.
2) Receiving the current node real-time attack event alarm provided by an intrusion detection system, a firewall and a third party, and classifying the alarm information according to different vulnerabilities.
3) And analyzing and researching the intrusion detection, the firewall and the third-party data sample, and calculating an alarm quantity parameter Num influencing the node vulnerability risk index based on a formula (5).
4) And analyzing and researching the intrusion detection, the firewall and the third-party data sample, and calculating the alarm source type (Cate) influencing the node vulnerability risk index based on a formula (6).
5) And analyzing and researching the intrusion detection, the firewall and the third-party data sample, and calculating an alarm level parameter Lev influencing the node vulnerability risk index based on a formula (7).
6) And (3) calculating the vulnerability risk index P of the node by using a formula (4), then calculating the security risk of the node by using a formula (1), and carrying out dynamic risk evaluation on the system.
7) Repeat 2) through 6) to dynamically evaluate the target network based on the threat.
8) According to the security policy, after a period of time (e.g., a week or a month or a change in the network such as adding or subtracting devices) 1) to 6) are repeated, the target network is dynamically evaluated based on vulnerabilities and threats.

Claims (1)

1. A network security risk assessment method is characterized by comprising the following steps:
step 1: performing static risk assessment on the target network, and giving a static assessment result;
step 2: identifying the network assets, assigning asset value, and performing correlation analysis on the assets and the vulnerability;
and step 3: assigning the vulnerability adoption success probability by adopting a CVSS evaluation index; using a formula
Figure FDA0002550550370000011
Calculating the importance degree L of the node assets; wherein L isc、LI、LaRespectively representing the quantified values of confidentiality, integrity and availability attributes corresponding to the nodes, and rounding the function representation to 3 decimal places;
and 4, step 4: adopting a vulnerability scanner to carry out vulnerability identification on the network nodes, detecting the vulnerability of the current node, and adopting a formula according to the CVSS evaluation index
Figure FDA0002550550370000012
Calculating the threat degree T of each vulnerability; wherein Base is CVSS score, K isK is a number in the range of 0-1;
and 5: receiving current node real-time attack event alarms provided by an intrusion detection system, a firewall and a third party, and classifying alarm information according to different vulnerabilities;
step 6: analyzing the intrusion detection, the firewall and the third-party data sample;
based on the formula
Figure FDA0002550550370000013
Calculating an alarm quantity parameter Num influencing the node vulnerability risk index;
wherein ni is a certain alarm threshold, and num is the number of certain alarms;
based on the formula
Figure FDA0002550550370000014
Calculating an alarm source type (Cat) influencing the node vulnerability risk index; wherein, the total alarm source type of cn, ci is the source type of a certain alarm;
based on the formula
Figure FDA0002550550370000015
Calculating an alarm level parameter Lev influencing the node vulnerability risk index; wherein N is1、N2、N3Respectively corresponding to the number of high, medium and low level alarm events, W1、W2、W3Is the weight value of the corresponding level;
step 7, calculating the node vulnerability risk index P by adopting a formula P ═ Num × cast × Lev, and then adopting a formula Ri=Li×Ti×PiCalculating the node security risk, and performing dynamic risk assessment on the system; wherein R isiIs the dynamic risk value, L, of node iiIs the asset importance level, T, of node iiIs the vulnerability threat level, P, of node iiIs the vulnerability risk index of node i;
and 8: repeating the step 5 to the step 7, dynamically evaluating the target network based on the threat, and further finishing the safety evaluation of the target network;
and step 9: and after a period of time, repeating the steps 4 to 8, and carrying out security assessment on the target network based on the vulnerabilities and threats.
CN201710364501.1A 2017-05-22 2017-05-22 Network security risk assessment method Expired - Fee Related CN107204876B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710364501.1A CN107204876B (en) 2017-05-22 2017-05-22 Network security risk assessment method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710364501.1A CN107204876B (en) 2017-05-22 2017-05-22 Network security risk assessment method

Publications (2)

Publication Number Publication Date
CN107204876A CN107204876A (en) 2017-09-26
CN107204876B true CN107204876B (en) 2020-09-29

Family

ID=59906389

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710364501.1A Expired - Fee Related CN107204876B (en) 2017-05-22 2017-05-22 Network security risk assessment method

Country Status (1)

Country Link
CN (1) CN107204876B (en)

Families Citing this family (62)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107862205A (en) * 2017-11-01 2018-03-30 龚土婷 One kind assesses accurate information security risk evaluation system
CN107819771B (en) * 2017-11-16 2020-03-20 国网湖南省电力有限公司 Information security risk assessment method and system based on asset dependency relationship
CN108092985B (en) * 2017-12-26 2021-04-06 厦门服云信息科技有限公司 Network security situation analysis method, device, equipment and computer storage medium
CN108229175B (en) * 2017-12-28 2020-04-10 中国科学院信息工程研究所 Correlation analysis system and method for multidimensional heterogeneous evidence obtaining information
US11546365B2 (en) * 2018-01-28 2023-01-03 AVAST Software s.r.o. Computer network security assessment engine
CN108632081B (en) * 2018-03-26 2021-10-08 中国科学院计算机网络信息中心 Network situation evaluation method, device and storage medium
CN108494787B (en) * 2018-03-29 2019-12-06 北京理工大学 Network risk assessment method based on asset association graph
CN108764631A (en) * 2018-04-24 2018-11-06 中国人民公安大学 A kind of analysis and assessment method and system of anti-terrorism security risk
CN108683662B (en) * 2018-05-14 2020-08-14 深圳市联软科技股份有限公司 Individual online equipment risk assessment method and system
CN108429767A (en) * 2018-05-29 2018-08-21 广西电网有限责任公司 A kind of network safety situation forecasting system based on artificial intelligence
CN108921433B (en) * 2018-07-04 2021-08-13 大连和捷科技有限公司 Risk quantitative analysis system based on business continuity
CN110881016B (en) * 2018-09-05 2021-06-01 华为技术有限公司 Network security threat assessment method and device
CN109871688B (en) * 2018-09-21 2020-12-18 中国人民解放军国防科技大学 Vulnerability threat degree evaluation method
CN109376537B (en) * 2018-11-06 2020-09-15 杭州安恒信息技术股份有限公司 Asset scoring method and system based on multi-factor fusion
CN109767352B (en) * 2018-12-24 2023-08-01 国网山西省电力公司信息通信分公司 Safety situation assessment method for electric power information physical fusion system
CN110022293A (en) * 2018-12-29 2019-07-16 国电南瑞科技股份有限公司 A kind of electric network information physics emerging system methods of risk assessment
CN109450956B (en) * 2018-12-29 2021-06-08 奇安信科技集团股份有限公司 Network security evaluation method, system, medium, and computer system
CN110033202A (en) * 2019-04-22 2019-07-19 广东电网有限责任公司 A kind of methods of risk assessment and assessment system of power business system
CN112087408A (en) * 2019-06-12 2020-12-15 普天信息技术有限公司 Method and device for evaluating network assets
CN110545280B (en) * 2019-09-09 2021-12-24 北京华赛在线科技有限公司 Quantitative evaluation method based on threat detection accuracy
CN110851839B (en) * 2019-11-12 2022-03-11 杭州安恒信息技术股份有限公司 Risk-based asset scoring method and system
CN111090862A (en) * 2019-11-25 2020-05-01 杭州安恒信息技术股份有限公司 Asset portrait method and system based on Internet terminal
CN110991906B (en) * 2019-12-06 2023-11-17 国家电网有限公司客户服务中心 Cloud system information security risk assessment method
CN110769007B (en) * 2019-12-26 2020-11-24 国网电子商务有限公司 Network security situation sensing method and device based on abnormal traffic detection
CN111147497B (en) * 2019-12-28 2022-03-25 杭州安恒信息技术股份有限公司 Intrusion detection method, device and equipment based on knowledge inequality
CN111586075B (en) * 2020-05-26 2022-06-14 国家计算机网络与信息安全管理中心 Hidden channel detection method based on multi-scale stream analysis technology
CN112039704B (en) * 2020-08-31 2022-03-29 中国民航大学 Information system risk assessment method based on risk propagation
CN112052457B (en) * 2020-09-03 2023-09-19 中国银行股份有限公司 Safety condition assessment method and device of application system
CN112202764B (en) * 2020-09-28 2023-05-19 中远海运科技股份有限公司 Network attack link visualization system, method and server
CN112465302B (en) * 2020-11-06 2022-12-06 中国航空工业集团公司西安航空计算技术研究所 System and method for evaluating network security risk of civil aircraft airborne system
CN112291257B (en) * 2020-11-11 2022-08-12 福建奇点时空数字科技有限公司 Platform dynamic defense method based on event driving and timing migration
CN112348371A (en) * 2020-11-11 2021-02-09 奇安信科技集团股份有限公司 Cloud asset security risk assessment method, device, equipment and storage medium
CN112769747B (en) * 2020-11-12 2022-11-04 成都思维世纪科技有限责任公司 5G data security risk evaluation method and evaluation system
CN112491621A (en) * 2020-11-30 2021-03-12 郑州轻工业大学 Network security evaluation method and system
CN112600800B (en) * 2020-12-03 2022-07-05 中国电子科技网络信息安全有限公司 Network risk assessment method based on map
CN112737101B (en) * 2020-12-07 2022-08-26 国家计算机网络与信息安全管理中心 Network security risk assessment method and system for multiple monitoring domains
CN112749394B (en) * 2020-12-11 2022-08-02 苏宁消费金融有限公司 Consumption financial assessment method based on network risk value
CN112702345A (en) * 2020-12-24 2021-04-23 福建技术师范学院 Information vulnerability risk assessment method and device based on data element characteristics
CN112819336B (en) * 2021-02-03 2023-12-15 国家电网有限公司 Quantification method and system based on network threat of power monitoring system
CN113114647A (en) * 2021-04-01 2021-07-13 海尔数字科技(青岛)有限公司 Network security risk detection method and device, electronic equipment and storage medium
CN113378158A (en) * 2021-05-24 2021-09-10 南京航空航天大学 Mobile network risk vulnerability assessment method and device
CN113489680B (en) * 2021-06-07 2023-10-24 广发银行股份有限公司 Network attack threat level evaluation model, evaluation method, terminal and medium
CN113486577B (en) * 2021-06-28 2022-03-29 金陵科技学院 Geographical big data transmission method based on mixed distribution estimation algorithm
CN113824699B (en) * 2021-08-30 2023-11-14 深圳供电局有限公司 Network security detection method and device
CN113839817B (en) * 2021-09-23 2023-05-05 北京天融信网络安全技术有限公司 Network asset risk assessment method and device and electronic equipment
CN114139020B (en) * 2021-12-08 2023-03-28 广西民族大学 Network security event structure hierarchical processing method and device
CN114500024B (en) * 2022-01-19 2024-03-22 恒安嘉新(北京)科技股份公司 Network asset management method, device, equipment and storage medium
CN116846570A (en) * 2022-03-25 2023-10-03 华为技术有限公司 Vulnerability assessment method and analysis equipment
CN114978581A (en) * 2022-04-11 2022-08-30 福建福清核电有限公司 Host asset risk identification method based on data analysis
CN115085965B (en) * 2022-04-26 2024-05-03 南方电网数字电网研究院有限公司 Power system information network attack risk assessment method, device and equipment
CN115102834B (en) * 2022-04-27 2024-04-16 浙江大学 Change risk assessment method, device and storage medium
CN114844953A (en) * 2022-05-12 2022-08-02 机械工业仪器仪表综合技术经济研究所 Petrochemical device instrument automatic control equipment safety monitoring system based on industrial internet
CN114997607A (en) * 2022-05-17 2022-09-02 保利长大工程有限公司 Anomaly assessment early warning method and system based on engineering detection data
CN115190058A (en) * 2022-06-20 2022-10-14 国家计算机网络与信息安全管理中心 Vehicle network data security risk assessment system, method and device
CN115242465A (en) * 2022-07-01 2022-10-25 电子科技大学成都学院 Network equipment configuration method and network equipment
CN115277490B (en) * 2022-09-28 2023-01-17 湖南大佳数据科技有限公司 Network target range evaluation method, system, equipment and storage medium
CN115694912B (en) * 2022-09-30 2023-08-04 郑州云智信安安全技术有限公司 Calculation method of network asset security index
CN115378744B (en) * 2022-10-25 2023-01-10 天津丈八网络安全科技有限公司 Network security test evaluation system and method
CN115883262A (en) * 2023-03-02 2023-03-31 天津市职业大学 Information security risk assessment method, equipment and medium for intelligent networked automobile
CN117081851B (en) * 2023-10-10 2024-03-19 网思科技股份有限公司 Display method, system and medium of network security situation awareness information
CN117176476B (en) * 2023-11-02 2024-01-02 江苏南通鑫业网络科技有限公司 Network security assessment method and system based on node weight
CN117749448B (en) * 2023-12-08 2024-05-17 广州市融展信息科技有限公司 Intelligent early warning method and device for network potential risk

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种基于主机日志分析的实时风险评估模型的研究与实现;刘思帆;《中国优秀硕士学位论文全文数据库-信息科技辑》;20160315(第03期);第2.2.4节,第3、4章 *
电力信息系统动静态风险评估技术研究;陈孟婕;《中国优秀硕士学位论文全文数据库-信息科技辑》;20150515(第05期);第1.3.3、1.4.1节 *

Also Published As

Publication number Publication date
CN107204876A (en) 2017-09-26

Similar Documents

Publication Publication Date Title
CN107204876B (en) Network security risk assessment method
CN110620759B (en) Multi-dimensional association-based network security event hazard index evaluation method and system
KR101814368B1 (en) Information security network integrated management system using big data and artificial intelligence, and a method thereof
CN107819771B (en) Information security risk assessment method and system based on asset dependency relationship
TWI573036B (en) Risk scoring for threat assessment
CN114584405B (en) Electric power terminal safety protection method and system
CN113965404A (en) Network security situation self-adaptive active defense system and method
CN105009132A (en) Event correlation based on confidence factor
Tianfield Cyber security situational awareness
CN112165470B (en) Intelligent terminal access safety early warning system based on log big data analysis
CN112039862A (en) Multi-dimensional stereo network-oriented security event early warning method
CN107846389B (en) Internal threat detection method and system based on user subjective and objective data fusion
Bode et al. Risk analysis in cyber situation awareness using Bayesian approach
CN113162930A (en) Network security situation sensing method based on electric power CPS
CN114244728A (en) Network security situation evaluation and prediction method based on multi-factor layering
Li et al. Network security situation assessment method based on Markov game model
Ehis Optimization of security information and event management (SIEM) infrastructures, and events correlation/regression analysis for optimal cyber security posture
Reed et al. Simulation of workflow and threat characteristics for cyber security incident response teams
CN112596984B (en) Data security situation awareness system in business weak isolation environment
CN106790211B (en) A kind of Mathematical Statistical System and method for predicting malware infection
CN115632884B (en) Network security situation perception method and system based on event analysis
Graf et al. A decision support model for situational awareness in national cyber operations centers
Peng et al. Sensing network security prevention measures of BIM smart operation and maintenance system
CN107623677B (en) Method and device for determining data security
Kang et al. Multi-dimensional security risk assessment model based on three elements in the IoT system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200929