CN108040062B - Network security situation assessment method based on evidence reasoning rule - Google Patents
Network security situation assessment method based on evidence reasoning rule Download PDFInfo
- Publication number
- CN108040062B CN108040062B CN201711379085.9A CN201711379085A CN108040062B CN 108040062 B CN108040062 B CN 108040062B CN 201711379085 A CN201711379085 A CN 201711379085A CN 108040062 B CN108040062 B CN 108040062B
- Authority
- CN
- China
- Prior art keywords
- network
- network security
- security situation
- evaluation
- evidence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Abstract
The invention discloses a network security situation assessment method based on evidence reasoning rules, which comprises the steps of determining a basic structure of network security situation assessment; collecting and preprocessing network data; determining an evaluation rule of a network situation; extracting the characteristics of the network data, and calculating the trust degree of the basic attribute; calculating the final trust degree of the generalized attributes; calculating the network security situation and the like; the invention divides the network behavior into normal behavior and attack behavior, analyzes the security situation of the network through the change of network resources such as flow, memory, CPU and disk, and evaluates the security level of the network through the security factors and evidence reasoning rules. In addition, the obtained safety situation is subjected to quantitative analysis. And reflecting the change of the network security condition through the change of the security situation value of the network. The experimental results show that: the method is effective and feasible and has a good situation evaluation effect.
Description
Technical Field
The invention belongs to the technical field of information security, relates to a network security situation assessment method, and particularly relates to a network security situation assessment method based on evidence reasoning rules.
Background
The network security situation perception is a novel network security technology, which evaluates the network security situation in real time from the macroscopic aspect, predicts the development trend of the network security situation and provides a basis for decision analysis of an administrator. The situation assessment is a core part, and reflects the overall security condition of the network by comprehensively analyzing the security factors of various aspects of the network. The situation awareness is introduced into the field of network security by the TimBass for the first time, and then a plurality of scholars conduct a series of researches on the problem of the network security situation.
Frigiult, Wenchui et al use Bayesian networks for network security posture assessment. Xielixia et al designed a network security situation assessment method based on BP neural network and a situation prediction method based on RBF neural network, respectively. Barford et al propose a method for network security situation assessment using honey nets. Chenxiu Zhen et al put forward a hierarchical evaluation method, and a host, a service and a system are used for carrying out hierarchical calculation to obtain a three-level security threat situation. Liu Lei et al apply the fuzzy analytic hierarchy process to carry out the network service level security situation assessment, have filled the blank of network service level security situation assessment.
In the above research, the prior probability of the bayesian network is difficult to obtain, a hierarchical structure model and a pair comparison matrix of the analytic hierarchy process are mostly determined according to experience, the subjectivity is strong, the calculation amount of the neural network is large, the time consumption is long, and the real-time evaluation is difficult. The evidence reasoning rule is one of common methods in evaluation, has the capability of processing uncertain and fuzzy information, does not need to train a large number of samples, and has high calculation speed.
Disclosure of Invention
In order to solve the problem that the threat of a normal behavior peak value to a network is neglected in the traditional method, the invention provides the network security situation assessment method based on the evidence reasoning rule, which accurately reflects the network security situation and has good use value.
The technical scheme adopted by the invention is as follows: a network security situation assessment method based on evidence reasoning rules is characterized by comprising the following steps:
step 1: determining a basic structure of network security situation evaluation;
step 2: collecting and preprocessing network data;
and step 3: determining an evaluation rule of a network situation;
and 4, step 4: extracting the characteristics of the network data, and calculating the trust degree of the basic attribute;
and 5: calculating the final trust degree of the generalized attributes;
step 6: and calculating the network security situation.
The invention divides the network behavior into normal behavior and attack behavior, analyzes the security situation of the network through the change of network resources such as flow, memory, CPU and disk, and evaluates the security level of the network through the security factors and evidence reasoning rules. In addition, the obtained safety situation is subjected to quantitative analysis. And reflecting the change of the network security condition through the change of the security situation value of the network. The experimental results show that: the method is effective and feasible and has a good situation evaluation effect.
Drawings
FIG. 1 is a schematic flow diagram of an embodiment of the present invention;
FIG. 2 is a diagram of a network security situation in which the four time periods total 2000s in duration for an embodiment of the present invention;
FIG. 3 is a comparison graph of CPU utilization for different behaviors in accordance with an embodiment of the present invention;
FIG. 4 is a comparison graph of memory utilization for different behaviors according to an embodiment of the present invention.
Detailed Description
In order to facilitate the understanding and implementation of the present invention for those of ordinary skill in the art, the present invention is further described in detail with reference to the accompanying drawings and examples, it is to be understood that the embodiments described herein are merely illustrative and explanatory of the present invention and are not restrictive thereof.
In the embodiment, after various existing methods are comprehensively compared, an evidence reasoning rule is selected for evaluation. The existing evaluation method mainly analyzes and utilizes security events caused by attacks, and is insufficient in threat investigation caused by normal behavior peaks. Therefore, the invention comprehensively analyzes the normal behavior and the attack behavior in the network environment so as to evaluate the network security situation.
Referring to fig. 1, the method for evaluating network security situation based on evidence reasoning rules provided by the present invention includes the following steps:
step 1: determining a basic structure of network security situation evaluation;
the invention divides the network security into normal behavior and attack behavior to consider the network security situation. Changes in network resources may reflect changes in network security posture. CPU resources and memory resources in the network are important resources in the network, and when the network is not used or is attacked, the two resources may be exhausted, thereby causing the performance of the network to be reduced and even to be broken down. Different behaviors can also cause changes in disk resources, and network behaviors are hidden in traffic. Therefore, the invention selects the flow, the CPU utilization rate, the memory consumption and the disk consumption as the safety factors to evaluate the network safety situation.
Step 2: collecting and preprocessing network data;
the specific implementation comprises the following substeps:
step 2.1: constructing a network, and simulating normal behaviors and attack behaviors;
simulating normal behavior, namely performing webpage browsing, video playing and file downloading access on the Internet through a server;
simulating attack behavior, namely simulating the generation of abnormal traffic by using LOIC to perform DDOS attack based on HTTP;
step 2.2: respectively and continuously performing four behavior simulations of webpage browsing, video playing, file downloading and network attack for N seconds, wherein N is a preset threshold value, and 500 is adopted in the implementation; respectively collecting flow, CPU, memory and disk data consumed by four events;
step 2.3: normalizing all data;
let e1Indicating normal behavior, e2Representing an attack behavior; e.g. of the type11,e12,e13,e14Respectively representing the flow, CPU, memory and disk data consumed by normal behaviors; e.g. of the type21,e22,e23,e24Respectively representing the flow, CPU, memory and disk data consumed by the attack behavior;
the preprocessed data is { e }1{e11,e12,e13,e14},e2{e21,e22,e23,e24}};
And step 3: determining an evaluation rule of a network situation;
evaluation level is set to { G }1Good, G2Good, G3Normal range, G4High risk }; let g11,g12,g13,g14Respectively representing the flow, CPU, memory and disk data excesses consumed by normal behaviorsThe number of times of the threshold; g21,g22,g23,g24Respectively representing the times that the flow, the CPU, the memory and the disk data consumed by the attack behavior exceed the threshold;
the evaluation rule is:
when g isijAt ≦ predetermined threshold F1, the evaluation level is deemed to be set as no risk, noted gij 1(ii) a When F1 is less than gijAt ≦ predetermined threshold F2, the evaluation level is deemed to be set at low risk, noted gij 2(ii) a When F2 is less than gijWhen the predetermined threshold value F3 is not more than the preset value, the evaluation grade is considered to be set as a normal range and is recorded as gij 3(ii) a When F3 is less than gijAt ≦ predetermined threshold F4, the evaluation level is deemed to be set at high risk, noted gij 4(ii) a Wherein, the value range of i is 1 and 2, and the value range of j is 1,2, 3 and 4.
In this embodiment, the evaluation rule may be established by evaluating the grades, as shown in table 1 below:
TABLE 1
With e11For example, when there is no risk in the evaluation level G1, the memory values of normal behavior and attack behavior do not exceed the threshold value within 500 seconds; g2 when the risk is low, the memory values of normal behavior and attack behavior exceed the threshold value for 5 times within 500 seconds; when G3 is in a normal range, the memory values of normal behaviors and attack behaviors exceed the threshold value 12 times within 500 seconds; g4 high risk, the highest risk, memory values of normal and aggressive behavior within 500 seconds all exceed the threshold 119 times.
And 4, step 4: extracting the characteristics of the network data, and calculating the trust degree of the basic attribute;
the confidence level of the basic attribute is as follows:
wherein, V (e)i) Representing evidence, the evidence is the support degree of data information to decision, and is the basic attribute eiA sequence value of (a); here V (e)i) Representing the counted basic attribute eiNumber of times of exceeding the threshold value, eiA network node resource value corresponding to the corresponding behavior;representing a base attribute eiThe threshold value of the contract is set to,representing a basic attribute eiIs evaluated as grade GjThe degree of trust of; m represents the number of evaluation grades 4, i takes the value 1,2 and j takes the value 1.
And 5: calculating the final trust degree of the generalized attributes;
the specific implementation comprises the following substeps:
step 5.1: determining the weight of each basic attribute;
the basic attributes set by claim 3 are flow, CPU, memory, disk. The security condition of the network has a large influence on memory consumption, CPU utilization rate and flow, and the influence on disk consumption is small, so e11,e12,e13,e14Are respectively set to { omega11=0.3,ω12=0.3,ω13=0.3,ω140.1, and e21,e22,e23,e24Are respectively set to { omega21=0.3,ω22=0.3,ω23=0.3,ω240.1 }; the attack behavior is much more harmful to the network environment than the normal behavior, so e will be used1,e2The weights of the sequence values are { omega } respectively1=0.2,ω2=0.8};
Step 5.2: calculating a probability assignment function of the basic attribute;
calculating a probability assignment function according to the confidence level of the basic attribute calculated in the step 4 and the following formula:
wherein the content of the first and second substances,representing a basic attribute eiIs evaluated as grade GjThe degree of trust of; basic probability assignment functionRepresenting basic properties eiSupport for generalized attributes T, i.e. attributes are evaluated as a level GjThe degree of support of (c);
step 5.3: evidence of aggregation { e11,e12,e13,e14Obtaining the behavior confidence; evidence is the support degree of the data information to the decision, and is { e11,e12,e13,e14The sequence value of { C };
the polymerization was carried out using the following formula:
wherein M represents the number of evaluation levels of 4,represents a comprehensive probability assignment function that represents the comprehensive support of the first i basic attributes, i.e., the attribute is evaluated as a rank GkThe degree of support of (c); i (I +1) denotes the aggregation of I +1 basic attributes, KI(i+1)The normalization factor reflects the degree of conflict among evidences, that is, the degree that each attribute does not support a certain evaluation level at the same time.
Step 6: calculating the network security situation;
the network security posture can be calculated by the following formula:
wherein, βjIs the behavioral confidence calculated in step 5.3,indicating that the evaluation grade is G in the current time periodjThe experience threshold of the network security situation is given by the network management system according to the historical experience value; t denotes the time period in which the current network situation is. In this embodiment:
the effects of the present invention are further illustrated by the following comparative experiments;
1. simulating conditions;
and constructing a network to simulate normal behavior and attack behavior. Respectively performing webpage browsing, video playing and file downloading access on the Internet through a server; in addition, HTTP-based DDOS attacks are performed using LOIC to mimic the generation of abnormal traffic. Each action was continued for 500 seconds. Data of four network resource indexes, namely flow, CPU, memory and disk, consumed by four behaviors are collected respectively through a data collector in a performance monitor of the server.
2. Experimental content and results;
the network security situation with the total duration of 2000s in four time periods is shown in fig. 2, where the x axis is time, the y axis is the value of the network security situation, and a higher value of the network security situation indicates a more serious network security risk condition at this moment. The CPU utilization and memory consumption for different behaviors are shown in fig. 3 and 4, where the x-axis is time and the y-axis is the values of CPU utilization and memory consumption, respectively.
The network security situation value calculation process is as follows
Assume that the identified network may be in an unsafe condition when the memory, traffic, CPU, and disk values are 0.3. Therefore, the threshold values are all set to0.3. Randomly selecting a network at the time of 1800 seconds as an example to evaluate the situation, namely collecting 1301s-1800s of data in the form of { e } in the collected data1{e11=5,e12=201,e13=1,e14=0},e2{e21=32,e22=103,e23=59,e247} }. This means that the memory value of the normal behavior within 500 seconds exceeds the threshold value 5 times, the flow value exceeds the threshold value 201 times, the CPU value exceeds the threshold value 1 time, and the disk value exceeds the threshold value 0 time; the memory value of the attack behavior exceeds the threshold value 32 times, the flow value exceeds the threshold value 103 times, the CPU value exceeds the threshold value 59 times, and the disk value exceeds the threshold value 7 times.
(1) Assessment of Normal behavior e1
To obtain normal behavior e1Evaluation result of (1), bottom layer { e11=5,e12=201,e13=1,e 140 should be regularly aggregated by ER. Firstly, respectively calculating e according to evaluation rules and formulas11,e12,e13And e14As shown in table 2.
Table 2: e.g. of the type11,e12,e13And e14Degree of trust of
By looking up the relevant data, the security status of the network has a large influence on the memory, CPU and traffic, and the disk has a small influence, so that e is made11,e12,e13And e14The weights of the evidence are respectively { omega }11=0.3,ω12=0.3,ω13=0.3,ω140.1 }. Similarly, the weight of the memory, the flow, the CPU and the disk under the attack behavior is { omega }21=0.3,ω22=0.3,ω23=0.3,ω24=0.1}。
The basic probability assignment function is then calculated, as shown in table 3.
Table 3: e.g. of the type11,e12,e13And e14Basic probability assignment function of
Second, ER rule is used to pair the bottom layer { e11=5,e12=201,e13=1,e 140 evidence aggregation. The specific process is as follows:
first, the polymerization of the bottom layer { e11,e12}。
Calculating KI(12):
Evidence of aggregation { e11,e12The basic probability assignment function of (1) is calculated by using the formula:
the above assignment function represents the integration of evidence { e } in the decision11,e12The degree of importance of.
Second, aggregate { e }11,e12And { e } and13}。
calculating KI(13):
Evidence of aggregation { e11,e12And { e } and13the basic probability assignment function of (1) is calculated by using the formula:
the above assignment function represents the aggregation of evidence in the decision { e }11,e12,e13The degree of importance of.
Third, integrate { e }11,e12,e13And { e } and14}。
calculating KI(14):
KI(14)=1.044
Evidence of aggregation { e11,e12,e13And { e } and14the basic probability assignment function of (c) }, compute:
the above assignment function represents the bottom layer in the decision { e }11,e12,e13,e14The degree of importance of the aggregated evidence.
Finally, evidence e is obtained1As shown in table 4.
Table 4: evidence e1Degree of trust of
(2) Evaluating an attack behavior e2
To obtain an attack behavior e2Evaluation result of (1), bottom layer { e21=32,e22=103,e23=59,e247 should be regularly aggregated by ER.
First, obtain e21,e22,e23And e23The results are shown in Table 5.
Table 5: e.g. of the type21,e22,e23And e23Degree of trust of
Then, the basic probability assignment function is calculated by the formula, and the result is shown in table 6.
Table 6: e.g. of the type21,e22,e23And e23Basic probability assignment function of
Second, ER rule is used to pair the bottom layer { e21=32,e22=103,e23=59,e247 evidence aggregation.
Attack behavior e2Underlying base attributes and normal behavior e1Are identical and therefore the calculation process is identical to the normal behavior and the calculation steps are not listed in detail here. The calculation yields:
KI(24)=1.0408
the above assignment function represents the bottom layer in the decision { e }21,e22,e23,e24The degree of importance of the aggregated evidence.
Finally, e can be obtained2The results are shown in Table 7.
Table 7: evidence e2Degree of trust of
(3) Evaluating network security T
The attack behavior is much more harmful to the network environment than the normal behavior. Thus, let e1,e2The weights of the evidence are respectively { omega }1=0.2,ω20.8. To obtain the evaluation result of the network security T, first, the basic probability assignment function is calculated, and the result is shown in table 8.
Table 8: e.g. of the type1,e2Basic probability assignment function of
Then, e for the second layer using ER rule1,e2Evidence polymerization, the process is as follows:
calculating KI(2):
Computing aggregate evidence { e }1,e2The basic probability assignment function of:
finally, the confidence level of T can be obtained, and the results are shown in table 9.
Table 9: confidence of security posture T
It can be seen that, as a result of the evaluation of the security situation of the network at this time, the probability of no risk level is 0.0186, the probability of low risk level is 0.1877, the probability of normal range level is 0.6401, and the probability of high risk level is 0.1536.
(4) Calculating a quantitative value of the network security situation:
experiments show that the network security situation assessment problem based on the evidence reasoning rule is researched, a corresponding assessment model is provided, and experimental proofs are carried out. The method provided by the invention evaluates the security level of the network through the corresponding security factor and ER rule, and can obtain the quantitative value of the security situation of the network. Experimental results show that the method provided by the invention is effective and feasible, can accurately reflect the current safety condition of the network, and has certain practical application value
It should be understood that parts of the specification not set forth in detail are well within the prior art.
It should be understood that the above description of the preferred embodiments is given for clarity and not for any purpose of limitation, and that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. A network security situation assessment method based on evidence reasoning rules is characterized by comprising the following steps:
step 1: determining a basic structure of network security situation evaluation;
step 2: collecting and preprocessing network data;
the specific implementation of the step 2 comprises the following substeps:
step 2.1: constructing a network, and simulating normal behaviors and attack behaviors;
the normal behavior is simulated by respectively performing webpage browsing, video playing and file downloading access on the Internet through a server;
the simulated attack behavior is to use LOIC to carry out DDOS attack based on HTTP to simulate the generation of abnormal traffic;
step 2.2: simulating four behaviors of webpage browsing, video playing, file downloading and network attack, wherein the four behaviors are respectively continuously carried out for N seconds, and N is a preset threshold value; respectively collecting flow, CPU, memory and disk data consumed by four events;
step 2.3: normalizing all data;
let e1Indicating normal behavior, e2Representing an attack behavior; e.g. of the type11,e12,e13,e14Respectively representing the flow, CPU, memory and disk data consumed by normal behaviors; e.g. of the type21,e22,e23,e24Respectively representing the flow, CPU, memory and disk data consumed by the attack behavior;
the preprocessed data is { e }1{e11,e12,e13,e14},e2{e21,e22,e23,e24}};
And step 3: determining an evaluation rule of a network situation;
and 4, step 4: extracting the characteristics of the network data, and calculating the trust degree of the basic attribute;
and 5: calculating the final trust degree of the generalized attributes;
step 6: and calculating the network security situation.
2. The evidence reasoning rule based network security situation assessment method according to claim 1, wherein: in step 1, the network security situation is evaluated by selecting flow, CPU utilization rate, memory consumption and disk consumption as security factors.
3. The evidence reasoning rule based network security situation assessment method according to claim 1, wherein: in step 3, the evaluation level is set to { G }1Good, G2Good, G3Normal range, G4High risk }; let g11,g12,g13,g14Respectively representing the number of times that the flow, CPU, memory and disk data consumed by normal behaviors exceed a threshold; g21,g22,g23,g24Respectively representing the flow, CPU, memory and disk data consumed by the attack behaviorThe number of times of threshold crossing;
the evaluation rule is:
when g isijAt ≦ predetermined threshold F1, the evaluation level is deemed to be set as no risk, noted gij 1(ii) a When F1 is less than gijAt ≦ predetermined threshold F2, the evaluation level is deemed to be set at low risk, noted gij 2(ii) a When F2 is less than gijWhen the predetermined threshold value F3 is not more than the preset value, the evaluation grade is considered to be set as a normal range and is recorded as gij 3(ii) a When F3 is less than gijAt ≦ predetermined threshold F4, the evaluation level is deemed to be set at high risk, noted gij 4(ii) a Wherein, the value range of i is 1 and 2, and the value range of j is 1,2, 3 and 4.
4. The evidence reasoning rule-based network security situation assessment method according to claim 3, wherein the trust level of the basic attribute in the step 4 is as follows:
wherein, V (e)i) Representing evidence, the evidence is the support degree of data information to decision, and is the basic attribute eiA sequence value of (a);representing a base attribute eiAn agreed threshold;representing a basic attribute eiIs evaluated as grade GjThe degree of trust of; m represents the number of evaluation grades 4, i takes the values 1,2, jTaking the value 1.
5. The evidence reasoning rule-based network security situation assessment method according to claim 3, wherein the specific implementation of the step 5 comprises the following sub-steps:
step 5.1: determining the weight of each basic attribute;
e is to be11,e12,e13,e14Are respectively set to { omega11=0.3,ω12=0.3,ω13=0.3,ω140.1, and e21,e22,e23,e24Are respectively set to { omega21=0.3,ω22=0.3,ω23=0.3,ω240.1, and e1,e2The weights of the sequence values are { omega } respectively1=0.2,ω2=0.8};
Step 5.2: calculating a probability assignment function of the basic attribute;
calculating a probability assignment function according to the confidence level of the basic attribute calculated in the step 4 and the following formula:
wherein the content of the first and second substances,representing a basic attribute eiIs evaluated as grade GjThe degree of trust of; basic probability assignment functionRepresenting basic properties eiSupport for generalized attributes T, i.e. attributes are evaluated as a level GjThe degree of support of (c);
step 5.3: evidence of aggregation { e11,e12,e13,e14Obtaining the behavior confidence; evidence is the support degree of the data information to the decision, and is { e11,e12,e13,e14The sequence value of { C };
the polymerization was carried out using the following formula:
wherein the content of the first and second substances,represents a comprehensive probability assignment function that represents the comprehensive support of the first i basic attributes, i.e., the attribute is evaluated as a rank GkThe degree of support of (c); i (I +1) denotes the aggregation of I +1 basic attributes, KI(i+1)The normalization factor reflects the degree of conflict among the evidences, namely the degree that the attributes support a certain evaluation grade at different times; m represents the number of evaluation levels 4.
6. The evidence reasoning rule-based network security situation assessment method according to claim 5, wherein the calculation formula of the network security situation in the step 6 is as follows:
wherein, βjIs the behavioral confidence calculated in step 5.3,indicating that the evaluation grade is G in the current time periodjThe experience threshold of the network security situation is given by the network management system according to the historical experience value; t denotes the time period in which the current network situation is.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711379085.9A CN108040062B (en) | 2017-12-19 | 2017-12-19 | Network security situation assessment method based on evidence reasoning rule |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711379085.9A CN108040062B (en) | 2017-12-19 | 2017-12-19 | Network security situation assessment method based on evidence reasoning rule |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108040062A CN108040062A (en) | 2018-05-15 |
CN108040062B true CN108040062B (en) | 2020-10-13 |
Family
ID=62100145
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711379085.9A Active CN108040062B (en) | 2017-12-19 | 2017-12-19 | Network security situation assessment method based on evidence reasoning rule |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108040062B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111125685A (en) * | 2018-10-30 | 2020-05-08 | 中国移动通信集团湖南有限公司 | Method and device for predicting network security situation |
CN109547242A (en) * | 2018-11-15 | 2019-03-29 | 北京计算机技术及应用研究所 | Network security efficiency evaluation method based on attacking and defending incidence matrix |
CN111669375B (en) * | 2020-05-26 | 2021-03-16 | 武汉大学 | Online safety situation assessment method and system for power industrial control terminal |
CN111967791B (en) * | 2020-08-28 | 2021-08-31 | 中国人民解放军火箭军工程大学 | Equipment performance evaluation method and system considering disturbance and fault threshold |
CN112511492B (en) * | 2020-10-30 | 2023-04-14 | 苏州浪潮智能科技有限公司 | Security assessment method for third-party component and related equipment |
CN114362994B (en) * | 2021-11-26 | 2023-01-06 | 北京交通大学 | Multilayer different-granularity intelligent aggregation railway system operation behavior safety risk identification method |
CN115051847B (en) * | 2022-06-07 | 2024-01-19 | 中国电子信息产业集团有限公司第六研究所 | Method, device and electronic equipment for determining attack level of denial of service attack |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101951329A (en) * | 2010-09-27 | 2011-01-19 | 北京系统工程研究所 | Network security situation evaluation method and system |
CN102098180A (en) * | 2011-02-17 | 2011-06-15 | 华北电力大学 | Network security situational awareness method |
US8019712B2 (en) * | 2008-01-30 | 2011-09-13 | The Boeing Company | Intelligent threat assessment module, method and system for space situational awareness system |
CN102932337A (en) * | 2012-10-24 | 2013-02-13 | 中国航天科工集团第二研究院七〇六所 | Network security state predication method |
-
2017
- 2017-12-19 CN CN201711379085.9A patent/CN108040062B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8019712B2 (en) * | 2008-01-30 | 2011-09-13 | The Boeing Company | Intelligent threat assessment module, method and system for space situational awareness system |
CN101951329A (en) * | 2010-09-27 | 2011-01-19 | 北京系统工程研究所 | Network security situation evaluation method and system |
CN102098180A (en) * | 2011-02-17 | 2011-06-15 | 华北电力大学 | Network security situational awareness method |
CN102932337A (en) * | 2012-10-24 | 2013-02-13 | 中国航天科工集团第二研究院七〇六所 | Network security state predication method |
Non-Patent Citations (1)
Title |
---|
基于信息融合技术的动态安全态势评估模型;黄光球等;《微计算机信息》;20101231;27-29页 * |
Also Published As
Publication number | Publication date |
---|---|
CN108040062A (en) | 2018-05-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108040062B (en) | Network security situation assessment method based on evidence reasoning rule | |
Zhao et al. | Study on network security situation awareness based on particle swarm optimization algorithm | |
Tuli et al. | HUNTER: AI based holistic resource management for sustainable cloud computing | |
Li et al. | Adaptive and attribute‐based trust model for service‐level agreement guarantee in cloud computing | |
CN102075352B (en) | Method and device for predicting network user behavior | |
CN112422537B (en) | Behavior prediction method of network attack knowledge graph generated based on honeypot actual combat | |
CN109218304B (en) | Network risk blocking method based on attack graph and co-evolution | |
CN104850727A (en) | Distributed big data system risk evaluation method based on cloud barycenter theory | |
CN108900513B (en) | DDOS effect evaluation method based on BP neural network | |
CN110474904B (en) | Situation awareness method and system for improving prediction | |
CN105245362B (en) | Important node information collecting method in a kind of SDN environment | |
CN105760649A (en) | Big-data-oriented creditability measuring method | |
CN109242250A (en) | A kind of user's behavior confidence level detection method based on Based on Entropy method and cloud model | |
CN101404591B (en) | Self-adapting dynamic trust weight estimation method | |
CN109359686A (en) | A kind of user's portrait method and system based on Campus Network Traffic | |
CN116846565A (en) | SAA-SSA-BPNN-based network security situation assessment method | |
CN112329997A (en) | Power demand load prediction method and system, electronic device, and storage medium | |
CN105933316A (en) | Network security level determination method and device | |
CN111476610A (en) | Information detection method and device and computer readable storage medium | |
Liu et al. | Network security situation detection of internet of things for smart city based on fuzzy neural network | |
CN105933138B (en) | Space-time dimension combined cloud service credibility situation assessment and prediction method | |
Dai et al. | Study of online learning resource recommendation based on improved BP neural network | |
Agarwal et al. | Detection and mitigation of fraudulent resource consumption attacks in cloud using deep learning approach | |
CN110493218B (en) | Situation awareness virtualization method and device | |
CN112491627A (en) | Network quality real-time analysis method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |