CN108494787B - Network risk assessment method based on asset association graph - Google Patents
Network risk assessment method based on asset association graph Download PDFInfo
- Publication number
- CN108494787B CN108494787B CN201810274368.5A CN201810274368A CN108494787B CN 108494787 B CN108494787 B CN 108494787B CN 201810274368 A CN201810274368 A CN 201810274368A CN 108494787 B CN108494787 B CN 108494787B
- Authority
- CN
- China
- Prior art keywords
- asset
- value
- vulnerability
- node
- assets
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses a network risk assessment method based on an asset association diagram, which comprises the following steps: establishing an asset association graph for a network system; aiming at each node in the asset association graph, forming a threat event for the attack launched from the source node to the target node; taking the product of the occurrence probability of the primary threat event and the caused asset loss as the asset risk value of the primary threat event; calculating an asset risk value of each primary threat event faced by the node; performing risk assessment on the network system, wherein the risk assessment comprises an asset level risk value, a host equipment level risk value and a system level risk value; wherein the sum of the asset risk values of all the primary threat events faced by the same node is used as an asset level risk value; taking the sum of the asset level risk values of all assets contained in the same host equipment as a host equipment level risk value; the weighted sum of the host device level risk values of all host devices included in the network system serves as the system level risk value. The invention has higher accuracy.
Description
Technical Field
The invention relates to the technical field of network risk assessment, in particular to a network risk assessment method based on an asset association diagram.
background
at present, there are many methods for network risk assessment. For example, the qualitative evaluation method is a process of judging the risk status of the system based on the non-quantitative data of the researchers' knowledge, experience, historical training, policy trend, special variation, etc. Typical qualitative analysis methods include a factor analysis method, a logical analysis method, a history comparison method, and a delphi method. However, the qualitative assessment method is highly subjective and has high requirements on the assessors themselves.
Currently, a model-based evaluation method is widely studied for a network risk evaluation method (quantitative evaluation method). The attack graph model is studied more deeply. Phillips and Swiler first proposed a network vulnerability analysis method based on an attack graph. In the generated attack graph, each node represents a network state, and each edge represents an atomic attack. The final state representation in the attack graph is the target of the attack that the attacker finally wants to achieve, such as obtaining the administrator authority of a certain key host. Then each path to the final state is made up of a series of edges (atomic attacks) that represent one possible attack path for an attacker to reach the target of the attack. Later, Sheyner et al proposed an attack graph generation algorithm, and they found in experiments that the attack graph generation time was 5 seconds when the number of network hosts was 3, but the generation time was increased to two hours when the number of network hosts was 5.
amman et al propose a host-centric access graph model in which the host is the basic unit of risk assessment. The risk calculation time complexity can be controlled at the polynomial level. At the same time he also proposes a secure monotonicity assumption, i.e. once the corresponding host right is obtained, the attacker will not repeat the same attack action any more.
The qualitative assessment method has strong subjectivity and is not easy to implement. While the well-known attack graph-based evaluation methods have a high temporal complexity, they grow exponentially with increasing number of hosts and vulnerable points.
The host computer in the host-centric access graph model proposed by Amman et al is the basic unit of risk assessment, but in reality, the basic unit threatening security risk by exploiting vulnerabilities is the various asset components on the host computer, such as operating systems, applications, services, and the like, which are referred to as assets in risk assessment. Therefore, the host computer as the basic unit of risk assessment cannot realize accurate risk assessment.
disclosure of Invention
In view of this, the invention provides an asset association graph-based network risk assessment method, which can achieve quantitative network risk assessment, reduce time complexity, and have higher accuracy.
in order to achieve the purpose, the technical scheme of the invention is as follows:
step (1) establishing an asset association graph for a network system; the method comprises the following specific steps:
S101, aiming at each host device in the network system, taking a specific access component on the host device as an asset, and taking the asset as each node in an asset association diagram.
S102, aiming at each asset in the network system, establishing the relevance of the assets: including trust relationships among assets and vulnerability penetration relationships.
A trust relationship is a set access right that exists between assets.
the vulnerability penetration relationship is the access authority to the asset obtained by penetrating and utilizing the vulnerability on the asset.
s103, generating direct access rights between the assets by utilizing the trust relationship or vulnerability penetration relationship between the assets, and taking the highest access right which can be achieved between the two assets as an edge between nodes in the asset association graph.
and generating indirect access rights among the assets by utilizing the network interconnectivity and combining the direct access rights among the assets.
An asset association graph is composed of nodes and edges between the nodes.
And (2) regarding each node in the asset association graph, and regarding the node with direct access authority and indirect access authority to the target node as a source node when the current node is taken as the target node.
A threat event is formed for an attack that is launched from a source node to a target node.
and taking the product of the occurrence probability of the primary threat event and the loss of the caused asset as the asset risk value of the primary threat event.
an asset risk value is calculated for each of the primary threat events faced by the node.
and (3) carrying out risk assessment on the network system, wherein the risk assessment comprises an asset level risk value, a host equipment level risk value and a system level risk value.
Wherein the sum of the asset risk values of all the primary threat events faced by the same node is taken as the asset level risk value.
the sum of the asset-level risk values of all assets contained by the same host device is taken as the host device-level risk value.
The weighted sum of the host equipment level risk values of all the host equipment contained in the network system is used as a system level risk value; the weight value is the device value of the host device.
Further, all the host devices included in the network system are: hub, Router, Switch, database server, general Information server (Information server, Firewall, and personal computer PC).
Further, the asset is represented as a quadruplet a ═ (Risk, Value, T, Vul); wherein Risk ∈ (0, + ∞) is the asset-level Risk value of the asset, which is zero when initialized; value is an asset Value of the asset, and is zero when initialized; t is a set of asset-related trust relationships; vuls are vulnerabilities present on assets.
the trust relationship is a triplet (haci, hbcj, access); namely, an access right existing between the two assets haci and hbcj is represented as an access trust relationship; vulnerability is a binary (CVEid, score); the CVEid is the serial number of the vulnerability and is numbered according to the unified serial number of the existing vulnerability knowledge base; score is the Score of attack difficulty and attack complexity of the vulnerability, and Score is an empirical value or is obtained by adopting an existing scoring platform CVSS for evaluation.
the vulnerability penetration relationship is described for the quadruplet exp (ruleId, preconditionons, efffectdest, weight); ruleId is the only identification of vulnerability penetration relationship; preConditions is a condition that should be met on the source asset that initiated the atomic attack when the atomic attack was implemented; the effectDest is the influence of the atomic attack on the target asset subjected to the atomic attack, namely represents the access authority level of the source asset on the target asset; weight is a Weight value reflecting the difficulty level of atom attack realization.
furthermore, the occurrence probability of a threat event is the multiplication of the threat occurrence probabilities corresponding to all edges on the path from the source node to the target node; presetting an identification chainID for recording the edge as a trust relationship path or a vulnerability penetration relationship path; if the chainID marks that the edge is a trust relationship path, the threat occurrence probability corresponding to the edge is 1; if the chainiD marks that the edge is a vulnerability penetration relationship path, the threat occurrence probability corresponding to the edge is pv, and pv is (E + M + T); wherein E is the release condition of the vulnerability information in the network system, and E belongs to [0,0.1 ]; m is the publishing condition of the attack method aiming at the vulnerability in the network system, and M belongs to [0,0.4 ]; t is the attack tool release condition aiming at the vulnerability in the network system, and T belongs to [0,0.4 ].
Further, the asset loss caused by a threat event is: the product of asset value and the extent of damage to the asset from a threat event; the asset value is the product of the host equipment value Hv of the asset and the value CIA of the asset; the extent of the threat event's damage to the asset is set by the weight of the access rights achievable in the asset by the threat event.
Has the advantages that:
According to the invention, from the perspective of assets in a network system, the access authority among the assets, the vulnerability osmotic relation on the assets and the high interconnectivity of the network are considered at the same time, so that the association relation among the assets in the network system is obtained, an asset association diagram is generated, the network is more accurately described from the perspective of asset interconnection, and the accuracy of subsequent risk assessment is improved. A threat scene is constructed on the basis of an asset association diagram on a risk assessment method, and the risk value calculation methods of an asset level, a host device level and a network system level are respectively obtained by assessing the loss degree of asset value through threat occurrence probability and threat. The method of the invention greatly reduces the time complexity in time and solves the problem of state explosion. The method can describe the network more accurately from the aspect of asset interconnection, construct a threat scene based on the asset association graph during risk assessment, and improve the accuracy of subsequent risk assessment through the occurrence probability of one threat event and the asset loss caused by the one threat event.
drawings
FIG. 1 is a flowchart of a method for evaluating network risk based on an asset association graph according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating the generation of an asset association graph provided in an embodiment of the present invention.
Detailed Description
The invention is described in detail below by way of example with reference to the accompanying drawings.
referring to fig. 1, the present invention provides a network risk assessment method based on an asset association graph, including:
step (1) establishing an asset association graph for a network system; the method comprises the following specific steps:
S101, aiming at each host device in the network system, taking a specific access component on the host device as an asset, and taking the asset as each node in an asset association diagram.
the network system according to the embodiment of the present invention may be regarded as a set composed of host devices with different functions, and the host devices may be classified into a Hub (Hub), a Router (Router), a Switch (Switch), a database server (database server), a general Information server (Information server), a Firewall (Firewall), a Personal Computer (PC), and the like according to their functions. For a specific access component in the above host device, it is divided into assets, for example, an operating system, an application program, or a service on the host device is referred to as an asset.
In the embodiment of the invention, a number pair (hi, cj) formed by the host hi and the part cj thereon is called an asset of the network system and is marked as hi. Assets are represented as a quadruplet a ═ (Risk, Value, T, Vul);
Wherein Risk ∈ (0, + ∞) is the asset-level Risk value of the asset, which is zero when initialized; value is an asset Value of the asset, and is zero when initialized; t is a set of asset-related trust relationships; vuls are vulnerabilities present on assets.
S102, aiming at each asset in the network system, establishing the relevance of the assets: including trust relationships among assets and vulnerability penetration relationships.
The relevance of the assets related by the invention is realized in two aspects, on one hand, the Trust relationship (Trust relationship) existing in the network enables the assets to have relevance, namely, the initial relevance of the network assets can be obtained by utilizing the Trust relationship set related to the assets; on the other hand, due to the existence of vulnerabilities (security vulnerabilities) on the assets, the penetration relationship of attacks on the vulnerabilities can cause threats to form network risks, and therefore the incidence relationship of the assets can be obtained by means of the vulnerability penetration on the assets. Vulnerabilities can generally be obtained through traditional network scanning tools.
A trust relationship is a set access permission that exists between assets; the trust relationship is a triplet (haci, hbcj, access);
Namely, an access right existing between the two assets haci and hbcj is represented as an access trust relationship;
The vulnerability penetration relationship is the access authority to the asset obtained by penetrating and utilizing the vulnerability on the asset.
Vulnerability (Vulnerability) exists on the assets, and the threat generally occurs that an attacker gains access rights of a target asset by utilizing the Vulnerability (explore) on the target asset, so as to cause the risk. The acquisition of vulnerability information is discovered through existing vulnerability scanning tools such as Nessus scans.
in the embodiment of the invention, the vulnerability is a binary set (CVEid, score);
The CVEid is the serial number of the vulnerability and is numbered according to the unified serial number of the existing vulnerability knowledge base.
Score is the Score of attack difficulty and attack complexity of the vulnerability, and Score is an empirical value or is obtained by adopting an existing scoring platform CVSS for evaluation.
the vulnerability penetration relationship is described for the quadruplet exp (ruleId, preconditionons, efffectdest, weight).
ruleId is a unique identification of vulnerability penetration relationships.
preConditions is the condition that should be met on the source asset that initiated the atomic attack when the atomic attack was implemented.
the effectDest is the influence of the atomic attack on the target asset subjected to the atomic attack, namely represents the access right level of the source asset to the target asset.
Weight is a Weight value reflecting the difficulty level of atom attack realization.
s103, generating direct access rights between the assets by utilizing the trust relationship or vulnerability penetration relationship between the assets, and taking the highest access right which can be achieved between the two assets as an edge between nodes in the asset association diagram;
Generating indirect access rights among the assets by combining the direct access rights among the assets through network interconnectivity;
an asset association graph is composed of nodes and edges between the nodes.
In the embodiment of the present invention, the generation of the asset association map is shown in fig. 2. The following steps can be specifically adopted:
In the generation algorithm of the asset association graph, firstly, a direct initial access relationship, namely an initial edge, between two assets is obtained through a trust relationship based on network rules and configuration. Once completed, this initial set of edges represents the expected network access. We note here that there may be multiple ways of communicating between each two assets in the network. Rather than adding edges to the graph, our model only preserves the highest access rights that can be achieved between assets, since a higher level of access to the target asset generally means that a more powerful attack can be achieved, with a greater threat. For example, an asset with user access cannot typically conduct a strong attack on another asset as a user with admin access.
2 vulnerability penetration relationships are introduced into the model after the initial set of edges is complete. The source asset can improve access to the target asset by using vulnerability penetration on it. For example, n1 may have a trust relationship with n2, allowing user-level access on n 2. However, n1 may also use a buffer overflow attack on n2 to obtain admin (administrator) level access rights. In this case, the edge between n1 and n2 will be updated to reflect this new access.
The first two steps are direct edges generated by utilizing trust relations and security vulnerabilities, and due to the interconnectivity of the network, a source asset can indirectly obtain higher access rights of a target asset through a series of vulnerabilities on a plurality of assets. For example, n1 may not be directly connected to n 3. However, n2 may have admin access rights on n3 by using a remote root level attack. With this exploit, and a buffer overflow attack on n2, n1 can successfully obtain admin (administrator) level access rights on n 3.
And (2) calculating the asset risk value of each primary threat event faced by the node by using the established asset association graph.
The specific scheme of the step (2) is as follows: and aiming at each node in the asset association graph, when the current node is taken as a target node, taking the node with direct access authority and indirect access authority to the target node as a source node.
A threat event is formed for an attack that is launched from a source node to a target node.
and taking the product of the occurrence probability of the primary threat event and the loss of the caused asset as the asset risk value of the primary threat event.
the occurrence probability of one threat event is multiplied by the threat occurrence probabilities corresponding to all edges on the path from the source node to the target node.
The method comprises the steps that an identification chainID of the edge as a trust relationship path or a vulnerability penetration relationship path is preset and recorded.
If the chainID marks that the edge is a trust relationship path, the threat occurrence probability corresponding to the edge is 1.
If the chainID marks that the edge is a vulnerability penetration relationship path, the threat occurrence probability corresponding to the edge is pv, and pv is (E + M + T).
Wherein E is the release condition of the vulnerability information in the network system, E belongs to [0,0.1], the value is 0 when the vulnerability information is not released, and the value is 0.1 when the vulnerability information is released; m is the publishing condition of the attack method aiming at the vulnerability in the network system, M belongs to [0,0.4], 0 is taken when the attack method is not published, the value is 0.2 when the rough attack method is published, and the value is 0.4 when the detailed attack method is published; t is the releasing condition of the attack tool aiming at the vulnerability in the network system, T belongs to [0,0.4], the value is 0 when the vulnerability achievement utilizes the attack tool which is needed but has no relevant releasing information, the value is 0.2 when the attack tool is available, if the vulnerability utilization does not need the attack tool, the value is 0.4, and the corresponding vulnerability utilization success rate assignment reference is shown in a table 1.
TABLE 1 attack success Rate assignment criteria
| grade | Value of | Description of the invention |
| 1 | 0.9 | without attack tools, has detailed attack method |
| 2 | 0.7 | available attack tools and detailed attack method |
| 3 | 0.5 | attack method without attack tool and with details |
| 4 | 0.3 | vulnerability information publishing, roughly explaining attack method |
| 5 | 0.1 | method for releasing weak point information without giving attack |
The asset loss caused by a threat event is: the product of asset value and the extent of damage to the asset from a threat event;
The asset value is the product of the host equipment value Hv of the asset and the value CIA of the asset; two aspects need to be considered in the asset value assessment aspect. One is the importance of the system device in which the asset is located, but the asset itself is assigned to three measurement attributes, CIA (integrity, availability, confidentiality). And finally obtaining the total value of the asset by multiplying the value Hv of the equipment where the asset is positioned and the value CIA of the asset. The system equipment value Hv quantifies the importance of each equipment in the network system, the value ranges from 0.0 to 1.0, the equipment is assigned according to different functions of each equipment, and the contribution of the risk value to the comprehensive risk of the whole network is reflected. As shown in table 2. The specific value of the CIA value of the asset itself is shown in table 3.
TABLE 2 System value Table
| Marking | Weighting coefficient | Function(s) |
| R | 1.0 | Hub |
| S | 0.8 | switch |
| H | 0.7 | Router |
| D | 0.9 | database server |
| I | 0.8-0.5 | information server |
| F | 0.4 | Firewalls |
| P | 0.1 | Personal computer PC |
TABLE 3CIA value-taking table
The extent of the threat event's damage to the asset is set by the weight of the access rights achievable in the asset by the threat event.
access rights (Access). In the network system, system visitors have different access authorities due to different role importance degrees, so that the system visitors can be classified according to different access authorities, and based on the fact that a plurality of scholars perform related classification and description, classification results of Ammann and Yong Philips are integrated to obtain classification and quantification results of the access authorities according to the table 4.
Table 4 results of classification and quantification of access rights
Calculating an asset risk value of each primary threat event faced by the node;
step (3) carrying out risk assessment on the network system, wherein the risk assessment comprises an asset level risk value, a host equipment level risk value and a system level risk value;
Wherein the sum of the asset risk values of all the primary threat events faced by the same node is used as an asset level risk value;
Taking the sum of the asset level risk values of all assets contained in the same host equipment as a host equipment level risk value;
the weighted sum of the host equipment level risk values of all the host equipment contained in the network system is used as a system level risk value; the weight value is the device value of the host device.
according to the invention, from the perspective of assets in a network system, the access authority among the assets, the vulnerability osmotic relation on the assets and the high interconnectivity of the network are considered at the same time, so that the association relation among the assets in the network system is obtained, an asset association diagram is generated, the network is more accurately described from the perspective of asset interconnection, and the accuracy of subsequent risk assessment is improved. A threat scene is constructed on the basis of an asset association diagram on a risk assessment method, and the risk value calculation methods of an asset level, a host device level and a network system level are respectively obtained by assessing the loss degree of asset value through threat occurrence probability and threat. The method of the invention greatly reduces the time complexity in time and solves the problem of state explosion. The method can describe the network more accurately from the aspect of asset interconnection, construct a threat scene based on the asset association graph during risk assessment, and improve the accuracy of subsequent risk assessment through the occurrence probability of one threat event and the asset loss caused by the one threat event.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (2)
1. A network risk assessment method based on an asset association graph is characterized by comprising the following steps:
Step (1) establishing an asset association graph for a network system; the method comprises the following specific steps:
S101, aiming at each host device in a network system, taking a specific access component on the host device as an asset, and taking the asset as each node in the asset association diagram;
S102, aiming at each asset in the network system, establishing the relevance of the assets: the method comprises the steps of (1) trust relationships among assets and vulnerability penetration relationships;
the trust relationship is a set access authority existing between assets;
the vulnerability penetration relationship is the access authority to the asset obtained by penetrating and utilizing the vulnerability on the asset;
S103, generating direct access rights among the assets by utilizing the trust relationship or vulnerability penetration relationship among the assets, and taking the highest access right which can be achieved between the two assets as an edge among the nodes in the asset association diagram;
Generating indirect access rights among the assets by combining the direct access rights among the assets through network interconnectivity;
The asset association graph is formed by nodes and edges among the nodes;
The asset is represented as a quadruplet a ═ (Risk, Value, T, Vul);
Wherein Risk ∈ (0, + ∞) is the asset-level Risk value of the asset, zero at initialization;
Value e ∈ (0, + ∞) is the asset Value of the asset, zero at initialization;
t is a set of trust relationships associated with the asset;
Vul is a vulnerability present on the asset;
The trust relationship is a triplet (haci, hbcj, access);
namely, an access right existing between the two assets haci and hbcj is represented as an access trust relationship;
The vulnerability is a binary set (CVEid, score);
The CVEid is the serial number of the vulnerability and is numbered according to the unified serial number of the existing vulnerability knowledge base;
Score is the degree of difficulty of attack and the degree of complexity of attack of the vulnerability, and Score is an empirical value or is obtained by evaluating the vulnerability through an existing grading platform CVSS;
The vulnerability penetration relationship is described by a quadruplet exp (rule id, preconditionons, efffectdest, weight);
ruleId is the unique identifier of the vulnerability penetration relationship;
preConditions is a condition that should be met on the source asset that initiated the atomic attack when the atomic attack was implemented;
the effectDest is the influence of the atomic attack on the target asset subjected to the atomic attack, namely represents the access authority level of the source asset on the target asset;
Weight is a Weight value for reaction atom attack realization difficulty;
Step (2) regarding each node in the asset association graph, when the current node is taken as a target node, taking a node with direct access authority and indirect access authority on the target node as a source node;
constituting a threat event for the attack launched from the source node to the target node;
Taking the product of the occurrence probability of the primary threat event and the resulting asset loss as the asset risk value of the primary threat event;
calculating an asset risk value of each primary threat event faced by the node;
the occurrence probability of the primary threat event is the multiplication of the threat occurrence probabilities corresponding to all edges on the path from the source node to the target node;
presetting an identification chainID for recording the edge as a trust relationship path or a vulnerability penetration relationship path;
if the chainID marks that the edge is a trust relationship path, the threat occurrence probability corresponding to the edge is 1;
if the chainiD marks that the edge is a vulnerability penetration relationship path, the threat occurrence probability corresponding to the edge is pv, and pv is (E + M + T);
Wherein E is the release condition of the vulnerability information in the network system, and E belongs to [0,0.1 ];
m is the publishing condition of the attack method aiming at the vulnerability in the network system, and belongs to [0,0.4 ];
T is the attack tool release condition aiming at the vulnerability in the network system, and T belongs to [0,0.4 ];
The asset loss caused by the one-time threat event is as follows: the product of asset value and the extent of damage to the asset from a threat event;
the asset value is the product of the host equipment value Hv where the asset is located and the asset value CIA;
The degree of damage of the primary threat event to the asset is set according to the weight of the access right of the primary threat event in the asset;
Step (3) carrying out risk assessment on the network system, wherein the risk assessment comprises an asset level risk value, a host equipment level risk value and a system level risk value;
Wherein the sum of the asset risk values of all the primary threat events faced by the same node is used as an asset level risk value;
taking the sum of the asset level risk values of all assets contained in the same host equipment as a host equipment level risk value;
the weighted sum of the host equipment level risk values of all the host equipment contained in the network system is used as a system level risk value; the weight value is the device value of the host device.
2. The method of claim 1, wherein all host devices included in the network system are:
Hub, Router, Switch, database server, general Information server (Information server, Firewall, and personal computer PC).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810274368.5A CN108494787B (en) | 2018-03-29 | 2018-03-29 | Network risk assessment method based on asset association graph |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810274368.5A CN108494787B (en) | 2018-03-29 | 2018-03-29 | Network risk assessment method based on asset association graph |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108494787A CN108494787A (en) | 2018-09-04 |
| CN108494787B true CN108494787B (en) | 2019-12-06 |
Family
ID=63317494
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810274368.5A Active CN108494787B (en) | 2018-03-29 | 2018-03-29 | Network risk assessment method based on asset association graph |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108494787B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981587A (en) * | 2019-02-27 | 2019-07-05 | 南京众智维信息科技有限公司 | A kind of network security monitoring traceability system based on APT attack |
| CN110401625B (en) * | 2019-03-07 | 2020-12-15 | 中国科学院软件研究所 | Risk assessment method and system based on correlation analysis |
| CN110430158B (en) * | 2019-06-13 | 2020-07-03 | 中国科学院信息工程研究所 | Acquisition agent deployment method and device |
| CN110472419B (en) * | 2019-07-18 | 2021-04-16 | 北京理工大学 | Network security risk assessment method based on loss effect |
| CN110991906B (en) * | 2019-12-06 | 2023-11-17 | 国家电网有限公司客户服务中心 | Cloud system information security risk assessment method |
| CN115086013A (en) * | 2022-06-13 | 2022-09-20 | 北京奇艺世纪科技有限公司 | Risk identification method, risk identification device, electronic equipment, storage medium and computer program product |
| CN115983645B (en) * | 2023-01-16 | 2023-08-04 | 浙江御安信息技术有限公司 | Digital asset risk assessment method based on enterprise digital track |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| US9438616B2 (en) * | 2011-06-01 | 2016-09-06 | Hewlett Packard Enterprise Development Lp | Network asset information management |
| FR3053491A1 (en) * | 2016-07-01 | 2018-01-05 | Orange | METHOD AND DEVICE FOR MONITORING THE SECURITY OF AN INFORMATION SYSTEM |
| CN107204876B (en) * | 2017-05-22 | 2020-09-29 | 成都网络空间安全技术有限公司 | Network security risk assessment method |
| CN107294776B (en) * | 2017-06-15 | 2020-07-24 | 苏州浪潮智能科技有限公司 | Method and system for generating network security alarm distribution map |
-
2018
- 2018-03-29 CN CN201810274368.5A patent/CN108494787B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108494787A (en) | 2018-09-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108494787B (en) | Network risk assessment method based on asset association graph | |
| US20210288992A1 (en) | Operational Network Risk Mitigation System And Method | |
| Allodi et al. | Security events and vulnerability data for cybersecurity risk estimation | |
| CN109922069B (en) | Multidimensional association analysis method and system for advanced persistent threats | |
| LeMay et al. | Adversary-driven state-based system security evaluation | |
| Feutrill et al. | The effect of common vulnerability scoring system metrics on vulnerability exploit delay | |
| Potteiger et al. | Software and attack centric integrated threat modeling for quantitative risk assessment | |
| US11503035B2 (en) | Multi-user permission strategy to access sensitive information | |
| CN101150432A (en) | An information system risk evaluation method and system | |
| Doynikova et al. | CVSS-based probabilistic risk assessment for cyber situational awareness and countermeasure selection | |
| Al-Safwani et al. | A multiple attribute decision making for improving information security control assessment | |
| Kim et al. | A framework for event prioritization in cyber network defense | |
| Al-Sanjary et al. | Comparison and detection analysis of network traffic datasets using K-means clustering algorithm | |
| Ahmed et al. | Objective risk evaluation for automated security management | |
| CN114357447A (en) | Attacker threat scoring method and related device | |
| Naoum et al. | An enhancement of the replacement steady state genetic algorithm for intrusion detection | |
| Simmons et al. | ADAPT: a game inspired attack-defense and performance metric taxonomy | |
| EP3783514A1 (en) | A system and a method for automated cyber-security risk control | |
| Cui et al. | Research on network security quantitative model based on probabilistic attack graph | |
| Schell | Information security: science, pseudoscience, and flying pigs | |
| Dodiya et al. | Trend analysis of the CVE classes across CVSS metrics | |
| Gao et al. | Network Security Situation Assessment Method Based on Absorbing Markov Chain | |
| CN115987544A (en) | Network security threat prediction method and system based on threat intelligence | |
| Sokri | Cyber security risk modelling and assessment: A quantitative approach | |
| Beauregard | Modeling information assurance |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |