CN108809928B - Network asset risk portrait method and device - Google Patents
Network asset risk portrait method and device Download PDFInfo
- Publication number
- CN108809928B CN108809928B CN201810291958.9A CN201810291958A CN108809928B CN 108809928 B CN108809928 B CN 108809928B CN 201810291958 A CN201810291958 A CN 201810291958A CN 108809928 B CN108809928 B CN 108809928B
- Authority
- CN
- China
- Prior art keywords
- risk
- base value
- domain name
- asset
- loss base
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000013507 mapping Methods 0.000 claims description 69
- 230000008520 organization Effects 0.000 description 8
- 239000000243 solution Substances 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000002347 injection Methods 0.000 description 4
- 239000007924 injection Substances 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000001788 irregular Effects 0.000 description 2
- 238000005067 remediation Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000007115 recruitment Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a network asset risk portrait method and a network asset risk portrait device, which can improve network security protection efficiency. The network asset risk portrait method comprises the following steps: acquiring a target root domain name corresponding to a network asset to be imaged; acquiring a sub-domain name contained in the target root domain name; carrying out vulnerability scanning on the obtained sub-domain name to obtain vulnerabilities existing in the obtained sub-domain name; and classifying the obtained vulnerability according to a preset risk point classification strategy, and performing risk portrayal on the network assets to be portrayed according to the classified risk points.
Description
Technical Field
The application relates to the technical field of network asset security, in particular to a network asset risk portrait method and device.
Background
The network security protection is one of main technical means for ensuring that the network of each mechanism or enterprise is not attacked by hackers, particularly, the network security problems such as data and user information leakage are increasingly prominent in mass data interactive application networks applying new technologies such as internet of things, cloud computing and big data, and once the application network is attacked, immeasurable loss is caused.
At present, the network security protection adopts a passive single-point defense mode, that is, after a network attack situation occurs, vulnerability remediation is performed, because the network attack can be completed within minute-level Time, the Mean Detection Time (MTTD, Mean Time To Detection) of the discovery attack in the industry reaches 84 days, and the Mean response Time (MTTR, Mean Time To replay) of the discovery attack also reaches 7 days, which often causes a great amount of leakage of data and user information, and the network security protection lacks flexibility and activity, and has low security protection efficiency.
Disclosure of Invention
In view of the above, an object of the present application is to provide a method and an apparatus for network asset risk representation, which can improve network security protection efficiency.
In a first aspect, the invention provides a network asset risk representation method, which comprises the following steps:
acquiring a target root domain name corresponding to a network asset to be imaged;
acquiring a sub-domain name contained in the target root domain name;
carrying out vulnerability scanning on the obtained sub-domain name to obtain vulnerabilities existing in the obtained sub-domain name;
and classifying the obtained vulnerability according to a preset risk point classification strategy, and performing risk portrayal on the network assets to be portrayed according to the classified risk points.
With reference to the first aspect, the present invention provides a first possible implementation manner of the first aspect, where the obtaining a sub-domain name included in the target root domain name includes:
inquiring a pre-stored mapping relation set of the root domain name and a sub-domain name library to obtain a sub-domain name library mapped by the target root domain name;
and extracting all the sub domain names in the sub domain name library mapped by the target root domain name.
With reference to the first aspect, the present invention provides a second possible implementation manner of the first aspect, where the performing, according to a preset risk point classification policy, risk point classification on the obtained vulnerability includes:
inquiring the mapping relation between the loopholes and the risks, and acquiring the risks of the obtained loophole mapping;
and inquiring the mapping relation between the risks and the risk point classifications to obtain the obtained risk point classifications of the risk mapping.
With reference to the first aspect, the first possible implementation manner of the first aspect, or the second possible implementation manner of the first aspect, the present invention provides a third possible implementation manner of the first aspect, wherein the performing risk representation on the network asset to be represented according to the classified risk points includes:
acquiring a risk point loss base value corresponding to the classified risk point;
and counting the user access amount of the target root domain name in unit time, and calculating the product of the loss base value of the risk point and the user access amount in unit time to obtain the risk portrait of the network asset to be pictured.
With reference to the first aspect, the first possible implementation manner of the first aspect, or the second possible implementation manner, the present invention provides a fourth possible implementation manner of the first aspect, wherein the method further includes:
carrying out asset scale classification on the network assets corresponding to each domain name, and constructing a mapping relation set of the asset scale classification and a risk point loss base value library;
the risk portrayal of the network assets to be portrayed according to the classified risk points comprises the following steps:
determining the asset scale classification of the network assets to be imaged;
inquiring a mapping relation set of the asset scale classification and risk point loss base value library to obtain a risk point loss base value library mapped by the asset scale classification;
acquiring a risk point loss base value corresponding to the classified risk point from the obtained risk point loss base value library;
and counting the user access amount of the target root domain name in unit time, and calculating the product of the loss base value of the risk point and the user access amount in unit time to obtain the risk portrait of the network asset to be pictured.
With reference to the fourth possible implementation manner of the first aspect, the present invention provides a fifth possible implementation manner of the first aspect, wherein the performing asset size classification on the network assets corresponding to the respective domain names includes:
judging whether the number of the subdomain names is less than or equal to a first threshold value or not according to the number of the subdomain names contained in the root domain names, if so, placing the network assets corresponding to the root domain names into a first asset scale classification; if the sub-domain name number is larger than the first threshold value and smaller than or equal to the second threshold value, the network assets corresponding to the root domain name are placed in a second asset scale classification; and if the number of the subdomain names is greater than a second threshold value, placing the network assets corresponding to the root domain name in a third asset size classification.
With reference to the fifth possible implementation manner of the first aspect, the present invention provides a sixth possible implementation manner of the first aspect, wherein the constructing a mapping relationship set of the asset scale classification and the risk point loss base value library includes:
constructing a mapping relation between a first asset scale classification and a risk point first loss base value library, wherein in the risk point first loss base value library, a first risk point loss base value corresponding to user sensitive data leakage is the largest, the risk point loss base value corresponding to the website suffering denial of service attack is the second, and the risk point loss base value corresponding to the tampered website first page is the smallest;
constructing a mapping relation between a second asset scale classification and a risk point second loss base value library, wherein in the risk point second loss base value library, a second risk point loss base value corresponding to user sensitive data leakage is the largest, the risk point loss base value corresponding to the website suffering denial of service attack is the second time, and the risk point loss base value corresponding to the tampered website first page is the smallest;
constructing a mapping relation between a third asset scale classification and a third loss base value library of risk points, wherein in the third loss base value library of the risk points, the loss base value of the third risk points corresponding to the leakage of the user sensitive data is the largest, the loss base value of the risk points corresponding to the website suffering from the denial of service attack is the second, and the loss base value of the risk points corresponding to the tampered website first page is the smallest;
the first risk point loss base value is smaller than the second risk point loss base value, and the second risk point loss base value is smaller than a third risk point loss base value;
and obtaining a mapping relation set of the asset scale classification and the risk point loss base value library according to the mapping relation of the first asset scale classification and the risk point first loss base value library, the mapping relation of the second asset scale classification and the risk point second loss base value library and the mapping relation of the third asset scale classification and the risk point third loss base value library.
With reference to the fourth possible implementation manner of the first aspect, the present invention provides a seventh possible implementation manner of the first aspect, wherein the performing risk representation on the network asset to be represented according to the classified risk points further includes:
carrying out asset importance classification on the network assets corresponding to each sub domain name;
and acquiring the asset importance degree classification corresponding to the sub-domain name with the vulnerability.
With reference to the fourth possible implementation manner of the first aspect, the present invention provides an eighth possible implementation manner of the first aspect, wherein the performing risk representation on the network asset to be represented according to the classified risk points further includes:
and inquiring the vulnerability grade corresponding to the existing vulnerability according to the preset vulnerability grade.
In a second aspect, the present invention provides a network asset risk representation device, comprising: a root domain name acquisition module, a sub domain name acquisition module, a vulnerability scanning module and a risk profile module, wherein,
the root domain name acquisition module is used for acquiring a target root domain name corresponding to the network asset to be imaged;
a sub-domain name acquisition module, configured to acquire a sub-domain name included in the target root domain name;
the vulnerability scanning module is used for carrying out vulnerability scanning on the acquired sub-domain name to obtain the vulnerability existing in the acquired sub-domain name;
and the risk portrait module is used for classifying the obtained vulnerabilities according to a preset risk point classification strategy and performing risk portrait on the network assets to be pictured according to the classified risk points.
According to the network asset risk portrayal method and device, the target root domain name corresponding to the network asset to be portrayed is obtained; acquiring a sub-domain name contained in the target root domain name; carrying out vulnerability scanning on the obtained sub-domain name to obtain vulnerabilities existing in the obtained sub-domain name; and classifying the obtained vulnerability according to a preset risk point classification strategy, and performing risk portrayal on the network assets to be portrayed according to the classified risk points. Therefore, before a network attack situation occurs, vulnerability scanning is carried out on each sub-domain name under the target root domain name, vulnerabilities under the target root domain name can be found in time, and network security protection efficiency can be improved.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
FIG. 1 is a schematic flow chart of a network asset risk representation method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a network asset risk representation apparatus according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a schematic flow chart of a network asset risk representation method according to an embodiment of the present application. As shown in fig. 1, the process includes:
in this embodiment, as an optional embodiment, the network asset risk representation is performed by using the root domain name corresponding to the main website of an enterprise or an organization (to-be-represented network asset) as a unit, so that the network asset risk representation is performed by using the enterprise or the organization as a unit, online assets of the enterprise or the organization can be effectively protected, and the technical problems of resource waste and low efficiency caused by network asset representation performed by a plurality of branches in the enterprise or the organization respectively can be avoided.
In this embodiment, as an optional embodiment, taking an enterprise website or an organization website as an example, the domain name of the first page of the website is a root domain name, for example, the root domain name of the chinese mobile is: 10086. cn.
102, acquiring a sub-domain name contained in the target root domain name;
in this embodiment, as an optional embodiment, the obtaining of the sub-domain name included in the target root domain name includes:
inquiring a pre-stored mapping relation set of the root domain name and a sub-domain name library to obtain a sub-domain name library mapped by the target root domain name;
and extracting all the sub domain names in the sub domain name library mapped by the target root domain name.
In this embodiment, as an optional embodiment, the root domain name of each enterprise website or each organization website is obtained in advance, and then the sub domain names under each domain name are captured by using a crawler technology, so as to construct a mapping relationship set of the root domain name and the sub domain name library, in the mapping relationship set, each domain name corresponds to one sub domain name library, an enterprise or an organization corresponds to one domain name, and each sub domain name library includes one or more sub domain names.
In this embodiment, as another optional embodiment, the obtaining of the sub-domain name included in the target root domain name includes:
and searching the target root domain name by using a crawler technology to obtain a sub-domain name under the target root domain name.
In this embodiment, according to the target root domain name, all the sub-domain names included in the target root domain name are automatically retrieved. For example, according to the root domain name 10086.cn of the middle mobile website, automatically retrieving, and obtaining all sub domain names under the root domain name, including but not limited to: zj.10086.cn, bj.10086.cn, js.10086.cn, etc.
103, scanning the acquired sub-domain name for vulnerabilities to obtain vulnerabilities existing in the acquired sub-domain name;
in this embodiment, vulnerability scanning is performed on all sub-domain names under the root domain name to obtain vulnerabilities existing in all sub-domain names, and the same vulnerabilities existing in different sub-domain names are processed according to one vulnerability.
In this embodiment, as an optional embodiment, vulnerability scanning may be performed on the sub-domain names according to a preset vulnerability scanning period; as another alternative embodiment, vulnerability scanning may also be performed on sub-domain names at irregular times; as another alternative embodiment, after a new vulnerability is released, vulnerability scanning may be started on sub-domain names under each root domain name. Therefore, by scanning the vulnerability before the network attack situation occurs, the vulnerability can be timely found and corresponding vulnerability remediation can be carried out, the leakage of data and user information can be avoided, and the network security protection efficiency can be effectively improved.
And 104, classifying the obtained vulnerability according to a preset risk point classification strategy, and performing risk portrait on the network assets to be pictured according to the classified risk points.
In this embodiment, as an optional embodiment, the risk representation is represented by a potential loss value of the network asset to be represented, so that visual display can be facilitated.
In this embodiment, after risk point classification is performed on vulnerabilities of all sub-domain names, a potential loss value brought by asset risk is calculated.
Because the security problems caused by different vulnerabilities are different, in this embodiment, the vulnerabilities are classified into risk points according to the security problems caused by the vulnerabilities. As an alternative embodiment, the risk points include: the website is attacked by denial of service, the website head page is tampered, and user sensitive data is leaked.
In this embodiment, as an optional embodiment, each vulnerability may correspond to one or more risk points in the risk point classification.
In this embodiment, as an optional embodiment, classifying the obtained vulnerability according to a preset risk point classification policy includes:
inquiring the mapping relation between the loopholes and the risks, and acquiring the risks of the obtained loophole mapping;
and inquiring the mapping relation between the risks and the risk point classifications to obtain the obtained risk point classifications of the risk mapping.
In this embodiment, a mapping relationship between the vulnerability and the risk and a mapping relationship between the risk and the risk point classification are pre-constructed and stored.
In this embodiment, as an optional embodiment, the risk includes: denial of service risk, client attack risk, logical attack risk, brute force risk, overflow risk, injection risk, information disclosure risk, personnel security awareness risk, rights bypass risk, code disclosure risk, and command execution risk, wherein,
classifying the denial of service risk and the overflow risk until the website is attacked by denial of service;
classifying the attack risk, overflow risk, personnel safety awareness risk, code leakage risk and command execution risk of the client into the condition that the website head page is tampered;
logic attack risk, brute force cracking risk, injection risk, information leakage risk, personnel safety awareness risk, authority bypass risk and command execution risk are classified to user sensitive data leakage.
In this embodiment, as an optional embodiment, performing risk portrayal on the network asset to be portrayed according to the classified risk points includes:
acquiring a risk point loss base value corresponding to the classified risk point;
and counting the user access amount of the target root domain name in unit time, and calculating the product of the loss base value of the risk point and the user access amount in unit time to obtain the risk portrait of the network asset to be pictured.
In this embodiment, as an optional embodiment, a risk point loss base value corresponding to each risk point may be set, and the risk point loss base value corresponding to the leakage of the user sensitive data is the largest, and the risk point loss base value corresponding to the website that is subjected to the denial of service attack is the smallest after the website is subjected to the denial of service attack, and the risk point loss base value corresponding to the tampered website first page is the smallest.
In this embodiment, if there are a plurality of classified risk points, as an optional embodiment, the risk profile may be performed according to the loss base value of the risk point corresponding to each risk point, or the risk point corresponding to the highest loss base value of the risk point may be selected from the plurality of classified risk points, and the risk profile may be performed only according to the risk point, which is not limited in this embodiment.
In this embodiment, because the network assets corresponding to different root domain names have different scales, so that the potential loss values of different network assets due to the same vulnerability are also different, the risk profile may be performed in consideration of the scales of the network assets, and as another optional embodiment, the method further includes:
carrying out asset scale classification on the network assets corresponding to each domain name, and constructing a mapping relation set of the asset scale classification and a risk point loss base value library;
the risk portrayal of the network assets to be portrayed according to the classified risk points comprises the following steps:
determining the asset scale classification of the network assets to be imaged;
inquiring a mapping relation set of the asset scale classification and risk point loss base value library to obtain a risk point loss base value library mapped by the asset scale classification;
acquiring a risk point loss base value corresponding to the classified risk point from the obtained risk point loss base value library;
and counting the user access amount of the target root domain name in unit time, and calculating the product of the loss base value of the risk point and the user access amount in unit time to obtain the risk portrait of the network asset to be pictured.
In this embodiment, as an optional embodiment, the performing asset scale classification on the network assets corresponding to each domain name includes:
judging whether the number of the subdomain names is less than or equal to a first threshold value or not according to the number of the subdomain names contained in the root domain names, if so, placing the network assets corresponding to the root domain names into a first asset scale classification; if the sub-domain name number is larger than the first threshold value and smaller than or equal to the second threshold value, the network assets corresponding to the root domain name are placed in a second asset scale classification; and if the number of the subdomain names is greater than a second threshold value, placing the network assets corresponding to the root domain name in a third asset size classification.
In this embodiment, as an optional embodiment, the first threshold may be lower than that of a medium-sized company based on the operation cost investment and the public influence range, the risk attack utilization rate is low, which causes the company to operate, to have technology, to have maintenance cost, and to have a small operation range loss, and the stolen or attacked content is determined by the commercial or other users, for example, the first threshold may be set to 5, and if the number of subdomain names under one domain name is less than or equal to 5, the network asset corresponding to the root domain name belongs to the first asset scale classification.
The second threshold may be determined by commercial or other companies based on the operation cost investment and public scope of influence lower than that of large companies, and the damage of risk attack to legal persons and companies including company operation, technology, maintenance cost, and stolen or attacked content, for example, the second threshold may be set to 30, and if the number of subdomain names under a root domain name is greater than 5 and less than or equal to 30, the network asset corresponding to the root domain name belongs to the second asset size classification.
For the third asset size classification, large-scale damage can be caused based on the operation cost investment and the public influence range, the damage caused by risk attack to the legal person and the company comprises the consideration that the company operates, the technology and the maintenance cost, and the stolen or attacked content is commercially or otherwise used, and if the number of the subdomain names under one domain name is more than 30, the network asset corresponding to the root domain name belongs to the third asset size classification.
In this embodiment, as an optional embodiment, the constructing a mapping relationship set between the asset scale classification and the risk point loss base value library includes:
constructing a mapping relation between a first asset scale classification and a risk point first loss base value library, wherein in the risk point first loss base value library, a first risk point loss base value corresponding to user sensitive data leakage is the largest, the risk point loss base value corresponding to the website suffering denial of service attack is the second, and the risk point loss base value corresponding to the tampered website first page is the smallest;
constructing a mapping relation between a second asset scale classification and a risk point second loss base value library, wherein in the risk point second loss base value library, a second risk point loss base value corresponding to user sensitive data leakage is the largest, the risk point loss base value corresponding to the website suffering denial of service attack is the second time, and the risk point loss base value corresponding to the tampered website first page is the smallest;
constructing a mapping relation between a third asset scale classification and a third loss base value library of risk points, wherein in the third loss base value library of the risk points, the loss base value of the third risk points corresponding to the leakage of the user sensitive data is the largest, the loss base value of the risk points corresponding to the website suffering from the denial of service attack is the second, and the loss base value of the risk points corresponding to the tampered website first page is the smallest;
the first risk point loss base value is smaller than the second risk point loss base value, and the second risk point loss base value is smaller than a third risk point loss base value;
and obtaining a mapping relation set of the asset scale classification and the risk point loss base value library according to the mapping relation of the first asset scale classification and the risk point first loss base value library, the mapping relation of the second asset scale classification and the risk point second loss base value library and the mapping relation of the third asset scale classification and the risk point third loss base value library.
In this embodiment, as an optional embodiment, the user access amount per unit time may be determined according to an average detection time for discovering an attack, an average response time after discovering a network attack, or a combination of the two. In this embodiment, the user access amount per unit time is the monthly average user access amount.
In this embodiment, as an optional embodiment, in the first loss base value library of the risk points, the loss base value of the risk point corresponding to the website suffering from the denial of service attack is smaller than the loss base value of the risk point corresponding to the website suffering from the denial of service attack in the second loss base value library of the risk points; and in the second loss base value library of the risk points, the loss base value of the risk point corresponding to the website subjected to the denial of service attack is smaller than that of the risk point corresponding to the website subjected to the denial of service attack in the third loss base value library of the risk points. In the first loss base value library of the risk points, the loss base value of the risk points corresponding to the tampered website head page is smaller than the loss base value of the risk points corresponding to the tampered website head page in the second loss base value library of the risk points; and in the second loss base value library of the risk points, the loss base value of the risk points corresponding to the tampered website head page is smaller than the loss base value of the risk points corresponding to the tampered website head page in the third loss base value library of the risk points. For example,
in the mapping relationship between the first asset size classification and the risk point first loss base value library, the following steps can be set:
for user or customer sensitive information leakage, the risk point loss base value (per registered user) is 30;
for the website suffering from denial of service attack, the loss base value of the risk point is 20;
for a tampered website home page: the risk point loss base value is 10.
In the mapping relationship between the second asset size classification and the risk point second loss base value library, the following steps can be set:
for the leakage of sensitive information of users or clients, the loss base value of the risk point is 40;
for the website suffering from denial of service attack, the loss base value of the risk point is 30;
for a tampered website home page: the risk point loss base value is 20.
In the mapping relationship between the third asset size classification and the risk point third loss base value library, it may be set that:
for the leakage of sensitive information of users or clients, the loss base value of the risk point is 50;
for the website suffering from denial of service attack, the loss base value of the risk point is 35;
for a tampered website home page: the risk point loss base value is 25.
Taking the above as an example, for a large company, if sensitive information of a user is leaked and a loss value caused to the user is 50 yuan (corresponding to the third asset scale classification), the economic loss (risk portrait) finally caused by monthly calculation is calculated according to the average user visit amount within one month of the root domain name or the sub-domain name, and is calculated by combining the user loss: 15000 (average user access per month) × 50 yuan (loss value caused by leakage of user information to one user in the third asset size classification) ═ 750000 yuan (economic loss caused finally). Therefore, early warning of vulnerability attack situations and evaluation of risk potential loss values can be achieved, a user can visually know potential loss caused by vulnerability attack, and security reinforcement can be effectively promoted for network assets.
In this embodiment, as another optional embodiment, performing risk portrayal on the to-be-portrayed network asset according to the classified risk points further includes:
carrying out asset importance classification on the network assets corresponding to each sub domain name;
and acquiring the asset importance degree classification corresponding to the sub-domain name with the vulnerability.
In this embodiment, as an optional embodiment, the asset importance classification includes: important assets, common assets, and general assets, wherein,
important assets include: portal website, mail system, background management, assets with access amount and assets with safety protection;
common assets include: other assets besides important assets and general assets;
typical assets include: assets that the domain name exists but cannot access.
In this embodiment, by dividing the importance of the online assets of an enterprise or an organization, it can be determined whether the network assets corresponding to the sub domain name are important assets, thereby implementing effective protection on the important assets.
In this embodiment, as a further optional embodiment, performing risk portrayal on the to-be-portrayed network asset according to the classified risk points further includes:
and inquiring the vulnerability grade corresponding to the existing vulnerability according to the preset vulnerability grade.
In this embodiment, as an optional embodiment, the vulnerability class includes: low risk, medium risk, high risk. And inquiring the scanned vulnerabilities to obtain vulnerability grades corresponding to the vulnerabilities in the network assets.
In this embodiment, the vulnerability proportion of the vulnerability classes may also be calculated according to the vulnerability number corresponding to each vulnerability class, for example, the proportion of the low-risk vulnerability to the total vulnerability, the proportion of the medium-risk vulnerability to the total vulnerability, and the proportion of the high-risk vulnerability to the total vulnerability are calculated respectively.
In this embodiment, as an optional embodiment, a risk potential loss value (risk profile) is calculated, how much influence is exerted on the domain name is shown in the most intuitive manner, and a relevant repair suggestion is given according to the risk loss. For example, in the displayed risk profile interface, the risk profile interface is divided into left and right columns, the left column is the root domain name and the network assets corresponding to each sub domain name contained in the root domain name correspond to a part of the risk profile, wherein,
network assets corresponding to sub-domain names under the root domain name of netbook (163.com) include, but are not limited to: portal sites, mailbox systems, forums, video platforms, user login systems, test systems, query systems, service platforms, news distribution systems, education platforms, recruitment platforms, customer relationship systems, others, WIKI systems.
The right column corresponds to another portion of the risk representation, including: asset importance classification, risk point classification, vulnerability class statistics, and potential loss values, wherein,
the asset importance is divided into the importance of the network asset to be evaluated, for example, if the network asset to be evaluated is: com, the contents of the asset importance partitioning presentation may be: com belongs to an internet portal site, and is evaluated as an important asset by a system, so that the safety awareness is enhanced, and the risk is avoided.
And (3) risk point classification, wherein the displayed contents are as follows, and the risk points are used for scanning and classifying the network assets to be evaluated: co-discovering type 2 risks, please select the risk type to view the related vulnerability security suggestions
And (5) information leakage risk client side attack risk.
And (3) vulnerability grade statistics, wherein grade statistics analysis is performed on vulnerabilities obtained through scanning, for example, high risk: 0 (0%); medium risk: 2 (33.33%); low risk: 4 (66.67%).
A potential loss value, showing the potential loss value and the potential loss and recommendations, wherein,
the potential loss value shows a specific numerical value;
the content of the potential loss and the suggestion presentation may be: the website belongs to a portal website system, information leakage risks exist, sensitive data of a user may be leaked due to the risks, loss values XXX are estimated, and related vulnerabilities are suggested to be repaired immediately to avoid safety threats.
In the embodiment, the evaluation and analysis of the network asset risk portrait with complete root domain names is formed through automatic retrieval and vulnerability scanning of the sub-domain names.
FIG. 2 is a schematic diagram of a network asset risk representation apparatus according to an embodiment of the present disclosure. As shown in fig. 2, the apparatus includes: a root domain name acquisition module 21, a sub domain name acquisition module 22, a vulnerability scanning module 23, and a risk profile module 24, wherein,
a root domain name obtaining module 21, configured to obtain a target root domain name corresponding to a network asset to be imaged;
a sub-domain name obtaining module 22, configured to obtain a sub-domain name included in the target root domain name;
in this embodiment, as an optional embodiment, the sub domain name obtaining module 22 includes: a query unit and an extraction unit (not shown), wherein,
the query unit is used for querying a pre-stored mapping relationship set of the root domain name and the sub-domain name library to obtain the sub-domain name library mapped by the target root domain name;
and the extracting unit is used for extracting all the sub domain names in the sub domain name library mapped by the target root domain name.
The vulnerability scanning module 23 is configured to perform vulnerability scanning on the acquired sub-domain name to obtain a vulnerability existing in the acquired sub-domain name;
in this embodiment, as an optional embodiment, vulnerability scanning may be performed on the sub-domain names according to a preset vulnerability scanning period; as another alternative embodiment, vulnerability scanning may also be performed on sub-domain names at irregular times; as another alternative embodiment, after a new vulnerability is released, vulnerability scanning may be started on sub-domain names under each root domain name.
And the risk portrait module 24 is used for classifying the obtained vulnerabilities according to a preset risk point classification strategy, and performing risk portrait on the network assets to be pictured according to the classified risk points.
In this embodiment, as an optional embodiment, the risk representation module 24 includes: a risk query unit, a risk point acquisition unit, and a risk image unit (not shown in the figure), wherein,
the risk query unit is used for querying the mapping relation between the vulnerability and the risk and acquiring the risk of the vulnerability mapping;
in this embodiment, as an optional embodiment, the risk includes: denial of service risk, client attack risk, logical attack risk, brute force risk, overflow risk, injection risk, information disclosure risk, personnel security awareness risk, rights bypass risk, code disclosure risk, and command execution risk, wherein,
classifying the denial of service risk and the overflow risk until the website is attacked by denial of service;
classifying the attack risk, overflow risk, personnel safety awareness risk, code leakage risk and command execution risk of the client into the condition that the website head page is tampered;
logic attack risk, brute force cracking risk, injection risk, information leakage risk, personnel safety awareness risk, authority bypass risk and command execution risk are classified to user sensitive data leakage.
The risk point acquisition unit is used for inquiring the mapping relation between the risk and the risk point classification to obtain the risk point classification of the acquired risk mapping;
and the risk portrait unit is used for carrying out risk portrait on the network assets to be pictured according to the classified risk points.
In this embodiment, as an optional embodiment, the risk image unit includes: a first contribution obtaining subunit and an asset loss value first calculating subunit, wherein,
the first base value acquisition subunit is used for acquiring the risk point loss base value corresponding to the classified risk point;
and the asset loss value first calculating subunit is used for counting the unit time user access amount of the target root domain name, calculating the product of the risk point loss base value and the unit time user access amount, and obtaining the risk portrait of the network asset to be pictured.
In this embodiment, as another optional embodiment, the risk image unit includes: an asset scale classification construction subunit, an asset scale classification determination subunit, a risk point loss base value library acquisition subunit, a second base value acquisition subunit, and an asset loss value second calculation subunit, wherein,
the asset scale classification construction subunit is used for carrying out asset scale classification on the network assets corresponding to the domain names and constructing a mapping relation set of the asset scale classification and the risk point loss base value library;
in this embodiment, as an optional embodiment, the performing asset scale classification on the network assets corresponding to each domain name includes:
judging whether the number of the subdomain names is less than or equal to a first threshold value or not according to the number of the subdomain names contained in the root domain names, if so, placing the network assets corresponding to the root domain names into a first asset scale classification; if the sub-domain name number is larger than the first threshold value and smaller than or equal to the second threshold value, the network assets corresponding to the root domain name are placed in a second asset scale classification; and if the number of the subdomain names is greater than a second threshold value, placing the network assets corresponding to the root domain name in a third asset size classification.
In this embodiment, as an optional embodiment, the constructing a mapping relationship set between the asset scale classification and the risk point loss base value library includes:
constructing a mapping relation between a first asset scale classification and a risk point first loss base value library, wherein in the risk point first loss base value library, a first risk point loss base value corresponding to user sensitive data leakage is the largest, the risk point loss base value corresponding to the website suffering denial of service attack is the second, and the risk point loss base value corresponding to the tampered website first page is the smallest;
constructing a mapping relation between a second asset scale classification and a risk point second loss base value library, wherein in the risk point second loss base value library, a second risk point loss base value corresponding to user sensitive data leakage is the largest, the risk point loss base value corresponding to the website suffering denial of service attack is the second time, and the risk point loss base value corresponding to the tampered website first page is the smallest;
constructing a mapping relation between a third asset scale classification and a third loss base value library of risk points, wherein in the third loss base value library of the risk points, the loss base value of the third risk points corresponding to the leakage of the user sensitive data is the largest, the loss base value of the risk points corresponding to the website suffering from the denial of service attack is the second, and the loss base value of the risk points corresponding to the tampered website first page is the smallest;
the first risk point loss base value is smaller than the second risk point loss base value, and the second risk point loss base value is smaller than a third risk point loss base value;
and obtaining a mapping relation set of the asset scale classification and the risk point loss base value library according to the mapping relation of the first asset scale classification and the risk point first loss base value library, the mapping relation of the second asset scale classification and the risk point second loss base value library and the mapping relation of the third asset scale classification and the risk point third loss base value library.
The asset scale classification determining subunit is used for determining the asset scale classification to which the network asset to be imaged belongs;
a risk point loss base value base acquisition subunit, configured to query a mapping relationship set between the asset scale classification and the risk point loss base value base, so as to obtain a risk point loss base value base mapped by the asset scale classification;
the second base value obtaining subunit is used for obtaining the risk point loss base value corresponding to the classified risk point from the obtained risk point loss base value library;
and the asset loss value second calculation subunit is used for counting the unit time user access amount of the target root domain name, and calculating the product of the risk point loss base value and the unit time user access amount to obtain the risk portrait of the network asset to be pictured.
In this embodiment, as another optional embodiment, the risk representation unit further includes: an asset importance classification subunit and an asset importance acquisition subunit, wherein,
the asset importance classification subunit is used for performing asset importance classification on the network assets corresponding to the sub domain names;
and the asset importance obtaining subunit is used for obtaining the asset importance classification corresponding to the sub domain name with the vulnerability.
In this embodiment, as a further optional embodiment, the risk image unit further includes:
and the vulnerability grade obtaining subunit is used for inquiring the vulnerability grade corresponding to the existing vulnerability according to the preset vulnerability grade.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments provided in the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus once an item is defined in one figure, it need not be further defined and explained in subsequent figures, and moreover, the terms "first", "second", "third", etc. are used merely to distinguish one description from another and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the present disclosure, which should be construed in light of the above teachings. Are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (9)
1. A network asset risk profiling method is characterized by comprising the following steps:
acquiring a target root domain name corresponding to a network asset to be imaged;
acquiring a sub-domain name contained in the target root domain name;
carrying out vulnerability scanning on the obtained sub-domain name to obtain vulnerabilities existing in the obtained sub-domain name;
classifying the obtained vulnerability according to a preset risk point classification strategy, and performing risk portrayal on the network assets to be portrayed according to the classified risk points;
the method further comprises the following steps:
carrying out asset scale classification on the network assets corresponding to each domain name, and constructing a mapping relation set of the asset scale classification and a risk point loss base value library;
the risk portrayal of the network assets to be portrayed according to the classified risk points comprises the following steps:
determining the asset scale classification of the network assets to be imaged;
inquiring a mapping relation set of the asset scale classification and risk point loss base value library to obtain a risk point loss base value library mapped by the asset scale classification;
acquiring a risk point loss base value corresponding to the classified risk point from the obtained risk point loss base value library;
and counting the user access amount of the target root domain name in unit time, and calculating the product of the loss base value of the risk point and the user access amount in unit time to obtain the risk portrait of the network asset to be pictured.
2. The method of claim 1, wherein the obtaining of the sub-domain name included under the target root domain name comprises:
inquiring a pre-stored mapping relation set of the root domain name and a sub-domain name library to obtain a sub-domain name library mapped by the target root domain name;
and extracting all the sub domain names in the sub domain name library mapped by the target root domain name.
3. The method of claim 1, wherein the risk point classification of the obtained vulnerability according to a preset risk point classification strategy comprises:
inquiring the mapping relation between the loopholes and the risks, and acquiring the risks of the obtained loophole mapping;
and inquiring the mapping relation between the risks and the risk point classifications to obtain the obtained risk point classifications of the risk mapping.
4. The method according to any one of claims 1 to 3, wherein the risk profiling of the network asset to be profiled according to the classified risk points comprises:
acquiring a risk point loss base value corresponding to the classified risk point;
and counting the user access amount of the target root domain name in unit time, and calculating the product of the loss base value of the risk point and the user access amount in unit time to obtain the risk portrait of the network asset to be pictured.
5. The method of claim 1, wherein said classifying the asset size of the network assets corresponding to each domain name comprises:
judging whether the number of the subdomain names is less than or equal to a first threshold value or not according to the number of the subdomain names contained in the root domain names, if so, placing the network assets corresponding to the root domain names into a first asset scale classification; if the sub-domain name number is larger than the first threshold value and smaller than or equal to the second threshold value, the network assets corresponding to the root domain name are placed in a second asset scale classification; and if the number of the subdomain names is greater than a second threshold value, placing the network assets corresponding to the root domain name in a third asset size classification.
6. The method of claim 5, wherein constructing the set of mapping relationships of the asset size classification to the base value library of risk point losses comprises:
constructing a mapping relation between a first asset scale classification and a risk point first loss base value library, wherein in the risk point first loss base value library, a first risk point loss base value corresponding to user sensitive data leakage is the largest, a risk point loss base value corresponding to a website suffering from denial of service attack is the second, and a risk point loss base value corresponding to a tampered website first page is the smallest;
constructing a mapping relation between a second asset scale classification and a risk point second loss base value library, wherein in the risk point second loss base value library, a second risk point loss base value corresponding to user sensitive data leakage is the largest, the risk point loss base value corresponding to the website suffering denial of service attack is the second time, and the risk point loss base value corresponding to the tampered website first page is the smallest;
constructing a mapping relation between a third asset scale classification and a third loss base value library of risk points, wherein in the third loss base value library of the risk points, the loss base value of the third risk points corresponding to the leakage of the user sensitive data is the largest, the loss base value of the risk points corresponding to the website suffering from the denial of service attack is the second, and the loss base value of the risk points corresponding to the tampered website first page is the smallest;
the first risk point loss base value is smaller than the second risk point loss base value, and the second risk point loss base value is smaller than a third risk point loss base value;
and obtaining a mapping relation set of the asset scale classification and the risk point loss base value library according to the mapping relation of the first asset scale classification and the risk point first loss base value library, the mapping relation of the second asset scale classification and the risk point second loss base value library and the mapping relation of the third asset scale classification and the risk point third loss base value library.
7. The method of claim 1, wherein said risk profiling said network asset to be profiled based on said classified risk points further comprises:
carrying out asset importance classification on the network assets corresponding to each sub domain name;
and acquiring the asset importance degree classification corresponding to the sub-domain name with the vulnerability.
8. The method of claim 1, wherein said risk profiling said network asset to be profiled based on said classified risk points further comprises:
and inquiring the vulnerability grade corresponding to the existing vulnerability according to the preset vulnerability grade.
9. A network asset risk profiling device, the device comprising: a root domain name acquisition module, a sub domain name acquisition module, a vulnerability scanning module and a risk profile module, wherein,
the root domain name acquisition module is used for acquiring a target root domain name corresponding to the network asset to be imaged;
a sub-domain name acquisition module, configured to acquire a sub-domain name included in the target root domain name;
the vulnerability scanning module is used for carrying out vulnerability scanning on the acquired sub-domain name to obtain the vulnerability existing in the acquired sub-domain name;
the risk portrayal module is used for performing risk point categorization on the obtained loopholes according to a preset risk point categorization strategy, performing risk portrayal on the network assets to be portrayed according to the categorized risk points, performing asset scale classification on the network assets corresponding to each domain name, and constructing a mapping relation set of the asset scale classification and a risk point loss base value library;
the risk portrayal of the network assets to be portrayed according to the classified risk points comprises the following steps:
determining the asset scale classification of the network assets to be imaged;
inquiring a mapping relation set of the asset scale classification and risk point loss base value library to obtain a risk point loss base value library mapped by the asset scale classification;
acquiring a risk point loss base value corresponding to the classified risk point from the obtained risk point loss base value library;
and counting the user access amount of the target root domain name in unit time, and calculating the product of the loss base value of the risk point and the user access amount in unit time to obtain the risk portrait of the network asset to be pictured.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810291958.9A CN108809928B (en) | 2018-03-30 | 2018-03-30 | Network asset risk portrait method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810291958.9A CN108809928B (en) | 2018-03-30 | 2018-03-30 | Network asset risk portrait method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108809928A CN108809928A (en) | 2018-11-13 |
| CN108809928B true CN108809928B (en) | 2021-02-12 |
Family
ID=64094689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810291958.9A Active CN108809928B (en) | 2018-03-30 | 2018-03-30 | Network asset risk portrait method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108809928B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109600385B (en) * | 2018-12-28 | 2021-06-15 | 绿盟科技集团股份有限公司 | Access control method and device |
| CN111147305A (en) * | 2019-12-30 | 2020-05-12 | 成都科来软件有限公司 | Network asset portrait extraction method |
| CN111611483B (en) * | 2020-05-11 | 2022-07-22 | 腾讯科技(深圳)有限公司 | Object portrait construction method, device and equipment and storage medium |
| CN115168888B (en) * | 2022-09-07 | 2023-01-24 | 杭州海康威视数字技术股份有限公司 | Service self-adaptive data management method, device and equipment |
| CN118037039A (en) * | 2024-01-31 | 2024-05-14 | 北京源堡科技有限公司 | Enterprise portrait computing method, device, equipment and medium based on multidimensional features |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101500000A (en) * | 2008-01-30 | 2009-08-05 | 珠海金山软件股份有限公司 | Security evaluation method for Internet website and apparatus thereof |
| CN104618178A (en) * | 2014-12-29 | 2015-05-13 | 北京奇虎科技有限公司 | Website bug online evaluation method and device |
| CN106341407A (en) * | 2016-09-19 | 2017-01-18 | 成都知道创宇信息技术有限公司 | Abnormal access log mining method based on website picture and apparatus thereof |
| CN106453386A (en) * | 2016-11-09 | 2017-02-22 | 深圳市魔方安全科技有限公司 | Automatic internet asset monitoring and risk detecting method based on distributed technology |
| CN107403251A (en) * | 2016-05-20 | 2017-11-28 | 阿里巴巴集团控股有限公司 | Risk checking method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140137257A1 (en) * | 2012-11-12 | 2014-05-15 | Board Of Regents, The University Of Texas System | System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure |
-
2018
- 2018-03-30 CN CN201810291958.9A patent/CN108809928B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101500000A (en) * | 2008-01-30 | 2009-08-05 | 珠海金山软件股份有限公司 | Security evaluation method for Internet website and apparatus thereof |
| CN104618178A (en) * | 2014-12-29 | 2015-05-13 | 北京奇虎科技有限公司 | Website bug online evaluation method and device |
| CN107403251A (en) * | 2016-05-20 | 2017-11-28 | 阿里巴巴集团控股有限公司 | Risk checking method and device |
| CN106341407A (en) * | 2016-09-19 | 2017-01-18 | 成都知道创宇信息技术有限公司 | Abnormal access log mining method based on website picture and apparatus thereof |
| CN106453386A (en) * | 2016-11-09 | 2017-02-22 | 深圳市魔方安全科技有限公司 | Automatic internet asset monitoring and risk detecting method based on distributed technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108809928A (en) | 2018-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108809928B (en) | Network asset risk portrait method and device | |
| CN110399925B (en) | Account risk identification method, device and storage medium | |
| CN110417721B (en) | Security risk assessment method, device, equipment and computer readable storage medium | |
| KR101781450B1 (en) | Method and Apparatus for Calculating Risk of Cyber Attack | |
| CN111401416B (en) | Abnormal website identification method and device and abnormal countermeasure identification method | |
| CN104836781B (en) | Distinguish the method and device for accessing user identity | |
| RU2607229C2 (en) | Systems and methods of dynamic indicators aggregation to detect network fraud | |
| CN110689438A (en) | Enterprise financial risk scoring method and device, computer equipment and storage medium | |
| US9582662B1 (en) | Sensor based rules for responding to malicious activity | |
| CN111738549A (en) | Food safety risk assessment method, device, equipment and storage medium | |
| US20130042306A1 (en) | Determining machine behavior | |
| CN103685575A (en) | Website security monitoring method based on cloud architecture | |
| CN113364753B (en) | Anti-crawler method and device, electronic equipment and computer readable storage medium | |
| CN107682345B (en) | IP address detection method and device and electronic equipment | |
| CN110401660B (en) | False flow identification method and device, processing equipment and storage medium | |
| CN105337993A (en) | Dynamic and static combination-based mail security detection device and method | |
| CN112348371B (en) | Cloud asset security risk assessment method, device, equipment and storage medium | |
| CN112131507A (en) | Website content processing method, device, server and computer-readable storage medium | |
| CN105262730B (en) | Monitoring method and device based on enterprise domain name safety | |
| CN111030972A (en) | Asset information management and visual display method, device and storage equipment | |
| CN107172033B (en) | WAF misjudgment identification method and device | |
| CN112784281A (en) | Safety assessment method, device, equipment and storage medium for industrial internet | |
| CN112511535A (en) | Equipment detection method, device, equipment and storage medium | |
| CN106790025B (en) | Method and device for detecting link maliciousness | |
| CN116263761A (en) | Operation log auditing method, device, computing equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Risk Portrait Method and Device for Network Assets Effective date of registration: 20221020 Granted publication date: 20210212 Pledgee: Haidian Beijing science and technology enterprise financing Company limited by guarantee Pledgor: XIAOAN (BEIJING) TECHNOLOGY CO.,LTD. Registration number: Y2022110000271 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20230927 Granted publication date: 20210212 Pledgee: Haidian Beijing science and technology enterprise financing Company limited by guarantee Pledgor: XIAOAN (BEIJING) TECHNOLOGY CO.,LTD. Registration number: Y2022110000271 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A risk profiling method and device for network assets Effective date of registration: 20230928 Granted publication date: 20210212 Pledgee: Haidian Beijing science and technology enterprise financing Company limited by guarantee Pledgor: XIAOAN (BEIJING) TECHNOLOGY CO.,LTD. Registration number: Y2023110000427 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Granted publication date: 20210212 Pledgee: Haidian Beijing science and technology enterprise financing Company limited by guarantee Pledgor: XIAOAN (BEIJING) TECHNOLOGY CO.,LTD. Registration number: Y2023110000427 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A method and device for risk profiling of network assets Granted publication date: 20210212 Pledgee: Haidian Beijing science and technology enterprise financing Company limited by guarantee Pledgor: XIAOAN (BEIJING) TECHNOLOGY CO.,LTD. Registration number: Y2024110000316 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |