CN109918914A - The information system attack defending ability integration assessment system and method for stratification - Google Patents
The information system attack defending ability integration assessment system and method for stratification Download PDFInfo
- Publication number
- CN109918914A CN109918914A CN201910194022.9A CN201910194022A CN109918914A CN 109918914 A CN109918914 A CN 109918914A CN 201910194022 A CN201910194022 A CN 201910194022A CN 109918914 A CN109918914 A CN 109918914A
- Authority
- CN
- China
- Prior art keywords
- capability
- node
- factor
- submodule
- defence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The present invention relates to the information system attack defending ability integration assessment systems and method of a kind of stratification, are related to field of information security technology.The present invention proposes a kind of construction method of information system defence capability evaluation index, can automatically generate the analytic structure of stratification, and subjectivity of the evaluation index in classification or delaminating process is effectively reduced, and promotes defence capability assessment result more comprehensively objective;The present invention realizes the quantitative evaluation to information system attack defending ability, and significance level and the defence for comprehensively considering each capability factor are horizontal, using the marking mode successively quantified, can sufficiently merge bottom element, effective assessment system attack defending grade.
Description
Technical field
The present invention relates to field of information security technology, and in particular to a kind of information system attack defending ability of stratification is comprehensive
Close assessment system and method.
Background technique
The assessment of attack defending ability integration be target information system is taken precautions against all kinds of security attacks practical capacity make it is fixed
Property or quantitative analysis and evaluation, generally can according to the implementation consequence of particular attack carry out measure.Under normal conditions, target information
The complex properties of system inherently can cause various influences to the Evaluated effect of defence capability, so in comprehensive assessment
It needs to take into account more comprehensive assessment factor in the process.How the attack defending capability factor of refinement information system;How to realize
To the conformity calculation of the evaluation index of different levels;And the security level etc. of capability factor scoring how is measured, it is attack
Urgent problem to be solved in defence capability comprehensive assessment.
At this stage, qualitative evaluation, qualitative assessment, assessment that is qualitative and quantitatively combining are information system attack defending abilities
Three kinds of most commonly seen methods of comprehensive assessment field.Wherein, qualitative measure is mainly according to knowledge, experience, the history of evaluator
The defence level of the non-quantized data pair information system such as lesson and Policy Toward judges, convenient for excavating deep layer law;It is fixed
Amount Evaluation Method is to assess network security risk with quantized data, and appearance form is intuitive, and assessment result is objective;It is qualitative mutually to be tied with quantitative
The assessment rule of conjunction is the appropriateness fusion to above two method.
In recent years, relevant research has been achieved for a series of important achievements, but there are still following three points deficiencies
Place:
(1) qualitative measure has stronger subjectivity, multifactor measurement side to the judge of attack defence capability element
Formula is static and single, can not overcome and depend on unduly to evaluator.
(2) method, which is quantitatively evaluated, has stronger abstractness to the judge of attack defence capability element, is easy to cause effective letter
The loss of breath is twisted, and is unable to ensure assessment factor and is completely covered.
(3) Evaluation Method that is qualitative and quantitatively combining lacks feasible implementing though, it is difficult to analysis ability element it
Between incidence relation, to evaluation index modeling precision it is more demanding.
Summary of the invention
(1) technical problems to be solved
The technical problem to be solved by the present invention is how to realize parsing to target layers and comment defence capability
Estimate, the stratification evaluation index of all kinds of defence capability elements of specification, solves information system attack defending ability to a certain extent
The problem of being difficult to comprehensive quantification.
(2) technical solution
In order to solve the above-mentioned technical problems, the present invention provides a kind of information system attack defending ability integrations of stratification
Assessment system, including target layers parsing module and defence capability evaluation module;
The target layers parsing module is used to implement classification and hierarchical operations, the defence energy to the capability factor of extraction
Force estimation module is used for the weight and appraisal result of computing capability element, final to realize to the comprehensive of information system attack defending ability
Close assessment.
Preferably, the target layers parsing module includes:
(1) relationship extracting sub-module, capability factor and ability for actively extracting information system attack defending ability are wanted
Incidence relation between element, and by measuring the correlation Forming ability element relationship figure between any capability factor, and be sent to
Node classification submodule, wherein capability factor is the node in capability factor relational graph;
(2) node classification submodule, for passing through the correlation between computing capability element, fulfillment capability element relationship figure knot
The classification processing of point, each node is included into according to the correlation degree of capability factor automatically different classes of, obtains point of capability factor
Class set, and it is sent to distinguishing hierarchy submodule;
(3) distinguishing hierarchy submodule for capability factor to be divided to different levels in an iterative manner, and is sent to knot
Structure analyzing sub-module;
(4) structure elucidation submodule for building the stratification analytic structure of defence capability evaluation index, and is saved to attacking
Hit defence capability evaluation index library, attack defending effectiveness assessment index library is with three layers of analytic structures storage basic capacity element, thin
Change capability factor and its evaluation index.
Preferably, the defence capability evaluation module includes:
(1) weight calculation submodule, for successively assigning quantization power for node by the significance level between measurement node
Weight calculates the quantization weight of each level node, and the weight set of each layer is sent to multistage evaluation submodule;
(2) multistage evaluation submodule, for quantifying the opinion rating of each node defence capability, i.e. successively measurement node defence
Ability rating calculates the scoring of defence capability element, obtains appraisal result, and the scoring set of each layer is sent to grade assessment
Module;
(3) grade assesses submodule, for iterating to calculate the comprehensive score of each capability factor bottom-uply, and is mapped to
Corresponding evaluation grade, to provide the evaluation grade of information system attack defending ability.
Preferably, the relationship extraction module is specifically used for: the ability for extracting influence information system attack defending ability is wanted
Element, including authority acquiring defence capability, theft-of-service defence capability, service increase defence capability, refusal service defence capability, are
Unite wrong defence capability, information deception defence capability, password steal defence capability, information leakage defence capability, information distort it is anti-
Imperial total K capability factor of ability;
I-th capability factor is indicated with ci, then can be gathered and be denoted as C={ c1, c2..., cK, while extracting each ability
Incidence relation between element, and with the expression of the form of capability factor relational graph G={ C, R }, wherein C is node set, and R is each energy
The set of incidence relation between power element.
Preferably, the node categorization module is specifically used for:
According to capability factor relational graph, for any node ci, cj∈ C, structural matrix M=(mij)K×KAs capability factor
Classification foundation, matrix element meets following conditions:
Wherein, if capability factor ciWith capability factor cjThere are ciTo cjUnidirectional incidence relation, then by mijIt is denoted as 1;Otherwise
By mijIt is denoted as 0.Similarly, mjiIndicate whether that there are capability factor cjTo ciUnidirectional incidence relation;
According to matrix M, for any node ci, cj∈ C, construction set P (ci) and Q (ci), while meeting following conditions:
P(ci)={ cj|cj∈ C, mij=1 }
Q(ci)={ cj|cj∈ C, mji=1 }
If P (ci) and Q (cj) intersection be not empty set set up, then by capability factor ci and capability factor cjIt is classified as same class
Not, it is otherwise classified as different classes of, finally obtains several independent set.
Preferably, the distinguishing hierarchy module is specifically used for: the intersection of set of computations P (ci) and set Q (ci), and according to
Following rules are judged:
(1) if condition P (ci)=P (ci)∩Q(ci) set up, then capability factor ci is determined as the top of hierarchical structure
Node;
(2) if condition Q (ci)=P (ci)∩Q(ci) set up, then capability factor ci is determined as to the lowermost layer of hierarchical structure
Node;
Highest level node and bottom node, and set of computations P (ci) and Q (ci) again are removed from node set C, repeatedly
In generation, completes subsequent distinguishing hierarchy, remaining capability factor is determined as to the middle layer node of hierarchical structure one by one, obtains stratification
Structure.
Preferably, the structure elucidation module is specifically used for: according to fixed hierarchical structure, according to top-down
The node of identical level is placed in same horizontal line by sequence, and will meet m in matrix Mij=1 two layers of neighborhood of nodes ciAnd cj
It is connected with each other, builds stratification analytic structure, in stratification analytic structure build process, remove circuit, and ignore because transmitting is closed
The line for being and generating;
The secondaryization analytic structure layer by layer of the three of final output capability factor, deposits in attack defending effectiveness assessment index library, benefit
First layer basic capacity element, second layer grain refining efficiency element and third layer assessment is respectively indicated with k (1), k (2) and k (3) to refer to
Target total item, and k (1)+k (2)+k (3)=K.
Preferably, the weight calculation module is specifically used for:
Based on attack defending effectiveness assessment index library, the relative importance between identical level interior knot is manually marked, with
Numerical value 1 to 9 realizes quantization, and quantization assigned result at all levels is stored in matrix respectively
Its matrix element meets following conditions:
Calculate the feature vector of each matrixIts vector element meets following
Part:
It take feature vector as the weight of each layer capability factor or evaluation index: for l layers of node
If its weight isL layers of weight set can be obtainedMeetAnd
Preferably, the multistage evaluation module is specifically used for:
For capability factor setEach node Pyatyi opinion rating is successively assigned,
I.e. excellent-I, good-II, in-III, can-IV and difference-V, corresponding defence capability successively decrease from high to low, obtain evaluation setIts vector element meets following conditions:
Calculate weight set WlWith evaluation set VlProduct, obtain capability factor L grade amount
Change appraisal resultConstitute scoring set
The grade evaluation module is specifically used for:
For l layers of nodeCalculate directly connected lower layer's node
Scoring mean value, as current nodeGrade assess foundation.Iterate the above process, by commenting for third layer evaluation index
Divide mean value, is included in the comprehensive score of second layer grain refining efficiency element;Again by the scoring mean value of second layer grain refining efficiency element, it is included in
The comprehensive score of first layer basic capacity element;Finally by the scoring mean value of first layer basic capacity element, it is included in information system
The comprehensive score of attack defending ability, and then according to scoring predetermined-grade mapping relations, output information system attack is anti-
The evaluation grade of imperial ability.
The present invention also provides a kind of information system attack defending ability integration assessment sides realized using the system
Method, comprising the following steps:
S1, the capability factor and capability factor that information system attack defending ability is actively extracted using relationship extracting sub-module
Between incidence relation, and by measuring the correlation Forming ability element relationship figure between any capability factor, and be sent to knot
Point classification submodule, wherein capability factor is the node in capability factor relational graph;
S2, pass through the correlation between computing capability element, fulfillment capability element relationship figure knot using node classification submodule
The classification processing of point, each node is included into according to the correlation degree of capability factor automatically different classes of, obtains point of capability factor
Class set, and it is sent to distinguishing hierarchy submodule;
S3, capability factor is divided to different levels in an iterative manner using distinguishing hierarchy submodule, and is sent to knot
Structure analyzing sub-module;
S4, the stratification analytic structure that defence capability evaluation index is built using structure elucidation submodule, and save to attacking
Hit defence capability evaluation index library;Attack defending effectiveness assessment index library is with three layers of analytic structure storage basic capacity elements, thin
Change capability factor and its evaluation index;
S5, pass through the significance level between measuring node using weight calculation submodule, successively assign quantization weight for node,
The quantization weight of each level node is calculated, and the weight set of each layer is sent to multistage evaluation submodule;
S6, the opinion rating for quantifying each node defence capability using multistage evaluation submodule, i.e. successively measurement node defence
Ability rating calculates the scoring of defence capability element, obtains appraisal result, and the scoring set of each layer is sent to grade assessment
Module;
S7, the comprehensive score of each capability factor is iterated to calculate bottom-uply using grade assessment submodule, and be mapped to
Corresponding evaluation grade, to provide the evaluation grade of information system attack defending ability.
(3) beneficial effect
The present invention proposes a kind of construction method of information system defence capability evaluation index, can automatically generate stratification
Analytic structure is effectively reduced subjectivity of the evaluation index in classification or delaminating process, promotes defence capability assessment result more
It is comprehensively objective;The present invention realizes the quantitative evaluation to information system attack defending ability, comprehensively considers the weight of each capability factor
It wants degree and defence horizontal, using the marking mode successively quantified, can sufficiently merge bottom element, effective assessment system is attacked
Hit defence grade.
Detailed description of the invention
Fig. 1 is the general frame figure of information system attack defending ability integration assessment system of the invention;
Fig. 2 is the analytic structure schematic diagram of information system attack defending effectiveness assessment index of the invention.
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to of the invention
Specific embodiment is described in further detail.
The present invention provides a kind of information system attack defending ability integration assessment systems of stratification.The present invention is towards normal
The security threat environment for seeing information system refers to that authority acquiring, theft-of-service, service increase, refuse service, system mistake, letter
The various attacks forms such as breath is cheated, password is stolen, information leakage, information are distorted continuingly act on true ring when information system
Border.As shown in Figure 1, the system includes target layers parsing module and defence capability evaluation module.Target layers parsing module is used
In implementing classification and hierarchical operations to the capability factor of extraction, defence capability evaluation module for computing capability element weight and
Appraisal result, the final comprehensive assessment realized to information system attack defending ability.Wherein,
Target layers parsing module includes:
(1) relationship extracting sub-module, capability factor and ability for actively extracting information system attack defending ability are wanted
Incidence relation between element, and by measuring the correlation Forming ability element relationship figure between any capability factor, and be sent to
Node classification submodule, wherein capability factor is the node in capability factor relational graph.
(2) node classification submodule, for passing through the correlation between computing capability element, fulfillment capability element relationship figure knot
The classification processing of point, each node is included into according to the correlation degree of capability factor automatically different classes of, obtains point of capability factor
Class set, and it is sent to distinguishing hierarchy submodule.
(3) distinguishing hierarchy submodule for capability factor to be divided to different levels in an iterative manner, and is sent to knot
Structure analyzing sub-module.
(4) structure elucidation submodule for building the stratification analytic structure of defence capability evaluation index, and is saved to attacking
Hit defence capability evaluation index library.Attack defending effectiveness assessment index library is with three layers of analytic structure storage basic capacity elements, thin
Change capability factor and its evaluation index.
Defence capability evaluation module includes:
(1) weight calculation submodule, for successively assigning quantization power for node by the significance level between measurement node
Weight calculates the quantization weight of each level node, and the weight set of each layer is sent to multistage evaluation submodule.
(2) multistage evaluation submodule, for quantifying the opinion rating of each node defence capability, i.e. successively measurement node defence
Ability rating calculates the scoring of defence capability element, obtains appraisal result, and the scoring set of each layer is sent to grade assessment
Module.
(3) grade assesses submodule, for iterating to calculate the comprehensive score of each capability factor bottom-uply, and is mapped to
Corresponding evaluation grade, to provide the evaluation grade of information system attack defending ability.
The concrete methods of realizing of each submodule are as follows:
1. the concrete methods of realizing of relationship extraction module includes:
Demand is defendd in all kinds of common attacks by investigating information security field, and it is anti-that artificial extraction influences information system attack
The capability factor of imperial ability, including authority acquiring defence capability, theft-of-service defence capability, service increase defence capability, refusal
Service defence capability, system mistake defence capability, information deception defence capability, password steal defence capability, information leakage defence
Ability, information distort defence capability etc., amount to K capability factors.
With ciIt indicates i-th capability factor, then can be gathered and be denoted as C={ c1, c2..., cK, while artificial extraction is each
Incidence relation between capability factor, and with the expression of the form of capability factor relational graph G={ C, R }, wherein C is node set, and R is
The set of incidence relation between each capability factor.
2. the concrete methods of realizing of node categorization module includes:
According to capability factor relational graph, for any node ci, cj∈ C, structural matrix M=(mij)K×KAs capability factor
Classification foundation, matrix element meets following conditions:
Wherein, if capability factor ciWith capability factor cjThere are ciTo cjUnidirectional incidence relation, then by mijIt is denoted as 1;Otherwise
By mijIt is denoted as 0.Similarly, mjiIndicate whether that there are capability factor cjTo ciUnidirectional incidence relation.
According to matrix M, for any node ci, cj∈ C, construction set P (ci) and Q (ci), while meeting following conditions:
P(ci)={ cj|cj∈ C, mij=1 }
Q(ci)={ cj|cj∈ C, mji=1 }
If P (ci) and Q (cj) intersection be not empty set set up, then by capability factor ciWith capability factor cjIt is classified as same class
Not, it is otherwise classified as different classes of, finally obtains several independent set.
3. the concrete methods of realizing of distinguishing hierarchy module includes:
Set of computations P (ci) and set Q (ci) intersection, and judged according to following rules:
(1) if condition P (ci)=P (ci)∩Q(ci) set up, then by capability factor ciIt is determined as the top of hierarchical structure
Node;
(2) if condition Q (ci)=P (ci)∩Q(ci) set up, then by capability factor ciIt is determined as the lowermost layer of hierarchical structure
Node.
Highest level node and bottom node, and set of computations P (c again are removed from node set Ci) and Q (ci), repeatedly
In generation, completes subsequent distinguishing hierarchy, remaining capability factor is determined as to the middle layer node of hierarchical structure one by one, obtains stratification
Structure.
4. the concrete methods of realizing of structure elucidation module includes:
According to fixed hierarchical structure, the node of identical level is placed in same level according to top-down sequence
On line, and m will be met in matrix Mij=1 two layers of neighborhood of nodes ciAnd cjIt is connected with each other, builds stratification analytic structure.Level
Change in analytic structure build process, needs to remove circuit, and ignore the line generated by transitive relation.
The secondaryization analytic structure layer by layer of the three of final output capability factor, deposits in attack defending effectiveness assessment index library.Fig. 2
It is the schematic diagram of the analytic structure, k (1), k (2) and k (3) respectively indicate first layer basic capacity element, second layer grain refining efficiency
The total item of element and third layer evaluation index, and k (1)+k (2)+k (3)=K.
5. the concrete methods of realizing of weight calculation module includes:
Based on attack defending effectiveness assessment index library, the relative importance between identical level interior knot is manually marked, with
Numerical value 1 to 9 realizes quantization, and quantization assigned result at all levels is stored in matrix respectively
Its matrix element meets following conditions:
Calculate the feature vector of each matrixIts vector element meets following
Part:
It take feature vector as the weight of each layer capability factor or evaluation index: for l layers of node
If its weight isL layers of weight set can be obtainedMeetAnd
6. the concrete methods of realizing of multistage evaluation module includes:
For capability factor setEach node Pyatyi opinion rating is successively assigned,
I.e. excellent-I, good-II, in-III, can-IV and difference-V, corresponding defence capability successively decrease from high to low, obtain evaluation setIts vector element meets following conditions:
Calculate weight set WlWith evaluation set VlProduct, obtain capability factor L grade amount
Change appraisal resultConstitute scoring set
7. the concrete methods of realizing of grade evaluation module includes:
For l layers of nodeCalculate directly connected lower layer's node
Scoring mean value, as current nodeGrade assess foundation.Iterate the above process, by commenting for third layer evaluation index
Divide mean value, is included in the comprehensive score of second layer grain refining efficiency element;Again by the scoring mean value of second layer grain refining efficiency element, it is included in
The comprehensive score of first layer basic capacity element;Finally by the scoring mean value of first layer basic capacity element, it is included in information system
The comprehensive score of attack defending ability, and then according to scoring predetermined-grade mapping relations, output information system attack is anti-
The evaluation grade of imperial ability.
The present invention provides a kind of information system attack defending ability integration appraisal procedure realized using above system, packets
Include following steps:
S1, the capability factor and capability factor that information system attack defending ability is actively extracted using relationship extracting sub-module
Between incidence relation, and by measuring the correlation Forming ability element relationship figure between any capability factor, and be sent to knot
Point classification submodule, wherein capability factor is the node in capability factor relational graph;
S2, pass through the correlation between computing capability element, fulfillment capability element relationship figure knot using node classification submodule
The classification processing of point, each node is included into according to the correlation degree of capability factor automatically different classes of, obtains point of capability factor
Class set, and it is sent to distinguishing hierarchy submodule;
S3, capability factor is divided to different levels in an iterative manner using distinguishing hierarchy submodule, and is sent to knot
Structure analyzing sub-module;
S4, the stratification analytic structure that defence capability evaluation index is built using structure elucidation submodule, and save to attacking
Hit defence capability evaluation index library;Attack defending effectiveness assessment index library is with three layers of analytic structure storage basic capacity elements, thin
Change capability factor and its evaluation index;
S5, pass through the significance level between measuring node using weight calculation submodule, successively assign quantization weight for node,
The quantization weight of each level node is calculated, and the weight set of each layer is sent to multistage evaluation submodule;
S6, the opinion rating for quantifying each node defence capability using multistage evaluation submodule, i.e. successively measurement node defence
Ability rating calculates the scoring of defence capability element, obtains appraisal result, and the scoring set of each layer is sent to grade assessment
Module;
S7, the comprehensive score of each capability factor is iterated to calculate bottom-uply using grade assessment submodule, and be mapped to
Corresponding evaluation grade, to provide the evaluation grade of information system attack defending ability.
Described in the concrete methods of realizing of each module of each step concrete implementation method plane system as above.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations
Also it should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of information system attack defending ability integration assessment system of stratification, which is characterized in that including target layers solution
Analyse module and defence capability evaluation module;
The target layers parsing module is used to implement classification to the capability factor of extraction and hierarchical operations, the defence capability are commented
Estimate weight and appraisal result of the module for computing capability element, final realize comments the synthesis of information system attack defending ability
Estimate.
2. the system as claimed in claim 1, which is characterized in that the target layers parsing module includes:
(1) relationship extracting sub-module, between the capability factor and capability factor for actively extracting information system attack defending ability
Incidence relation, and by measuring the correlation Forming ability element relationship figure between any capability factor, and be sent to node
Classification submodule, wherein capability factor is the node in capability factor relational graph;
(2) node classification submodule, for passing through the correlation between computing capability element, fulfillment capability element relationship figure node
Classification processing, each node is included into according to the correlation degree of capability factor automatically different classes of, obtains the category set of capability factor
It closes, and is sent to distinguishing hierarchy submodule;
(3) distinguishing hierarchy submodule for capability factor to be divided to different levels in an iterative manner, and is sent to structure solution
Analyse submodule;
(4) structure elucidation submodule for building the stratification analytic structure of defence capability evaluation index, and saves anti-to attacking
Yu Nenglipingguzhibiaoku, attack defending effectiveness assessment index library is with three layers of analytic structure storage basic capacity element, refinement energy
Power element and its evaluation index.
3. system as claimed in claim 2, which is characterized in that the defence capability evaluation module includes:
(1) weight calculation submodule, for successively assigning quantization weight, meter for node by the significance level between measurement node
The quantization weight of each level node is calculated, and the weight set of each layer is sent to multistage evaluation submodule;
(2) multistage evaluation submodule successively measures node defence capability for quantifying the opinion rating of each node defence capability
Grade calculates the scoring of defence capability element, obtains appraisal result, and the scoring set of each layer is sent to grade assessment submodule
Block;
(3) grade assesses submodule, for iterating to calculate the comprehensive score of each capability factor bottom-uply, and is mapped to corresponding
Evaluation grade, to provide the evaluation grade of information system attack defending ability.
4. system as claimed in claim 3, which is characterized in that the relationship extraction module is specifically used for: extracting influences information
The capability factor of system attack defence capability, including authority acquiring defence capability, theft-of-service defence capability, service increase defence
Ability, refusal service defence capability, system mistake defence capability, information deception defence capability, password steal defence capability, information
Leakage defence capability, information distort the total K capability factor of defence capability;
With ciIt indicates i-th capability factor, then can be gathered and be denoted as C={ c1,c2,…,cK, while extracting between each capability factor
Incidence relation, and with the form of capability factor relational graph G={ C, R } expression, wherein C be node set, R be each capability factor
Between incidence relation set.
5. system as claimed in claim 4, which is characterized in that the node categorization module is specifically used for:
According to capability factor relational graph, for any node ci,cj∈ C, structural matrix M=(mij)K×KPoint as capability factor
Class foundation, matrix element meet following conditions:
Wherein, if capability factor ciWith capability factor cjThere are ciTo cjUnidirectional incidence relation, then by mijIt is denoted as 1;Otherwise by mij
It is denoted as 0.Similarly, mjiIndicate whether that there are capability factor cjTo ciUnidirectional incidence relation;
According to matrix M, for any node ci,cj∈ C, construction set P (ci) and Q (ci), while meeting following conditions:
P (ci)={ cj|cj∈C,mij=1 }
Q (ci)={ cj|cj∈C,mji=1 }
If P (ci) and Q (cj) intersection be not empty set set up, then by capability factor ciWith capability factor cjIt is classified as same category, it is no
It is then classified as different classes of, finally obtains several independent set.
6. system as claimed in claim 5, which is characterized in that the distinguishing hierarchy module is specifically used for: set of computations P (ci)
With the intersection of set Q (ci), and judged according to following rules:
(1) if condition P (ci)=P (ci)∩Q(ci) set up, then by capability factor ciIt is determined as the highest level node of hierarchical structure;
(2) if condition Q (ci)=P (ci)∩Q(ci) set up, then capability factor ci is determined as to the lowest level nodes of hierarchical structure;
Highest level node and bottom node, and set of computations P (ci) and Q (ci) again are removed from node set C, iteration is complete
At subsequent distinguishing hierarchy, remaining capability factor is determined as to the middle layer node of hierarchical structure one by one, obtains hierarchical structure.
7. system as claimed in claim 6, which is characterized in that the structure elucidation module is specifically used for: according to fixed
The node of identical level is placed in same horizontal line by hierarchical structure according to top-down sequence, and will be met in matrix M
mij=1 two layers of neighborhood of nodes ciAnd cjIt is connected with each other, builds stratification analytic structure, stratification analytic structure build process
In, circuit is removed, and ignore the line generated by transitive relation;
The secondaryization analytic structure layer by layer of the three of final output capability factor, deposits in attack defending effectiveness assessment index library, utilizes k
(1), k (2) and k (3) respectively indicate first layer basic capacity element, second layer grain refining efficiency element and third layer evaluation index
Total item, and k (1)+k (2)+k (3)=K.
8. system as claimed in claim 7, which is characterized in that the weight calculation module is specifically used for:
Based on attack defending effectiveness assessment index library, the relative importance between identical level interior knot is marked, manually with numerical value 1
Quantization is realized to 9, and quantization assigned result at all levels is stored in matrix respectively
Its matrix element meets following conditions:
Calculate the feature vector of each matrixIts vector element meets following conditions:
It take feature vector as the weight of each layer capability factor or evaluation index: for l layers of node
If its weight isL layers of weight set can be obtainedMeetAnd
9. system as claimed in claim 8, which is characterized in that the multistage evaluation module is specifically used for:
For capability factor setSuccessively assign each node Pyatyi opinion rating, i.e., excellent-
I, good-II, in-III, can-IV and difference-V, corresponding defence capability successively decrease from high to low, obtain evaluation setIts vector element meets following conditions:
Calculate weight set WlWith evaluation set VlProduct, obtain capability factor L grade quantization comment
Divide resultConstitute scoring set
The grade evaluation module is specifically used for:
For l layers of nodeCalculate directly connected lower layer's node
Scoring mean value, as current nodeGrade assess foundation.Iterate the above process, by commenting for third layer evaluation index
Divide mean value, is included in the comprehensive score of second layer grain refining efficiency element;Again by the scoring mean value of second layer grain refining efficiency element, it is included in
The comprehensive score of first layer basic capacity element;Finally by the scoring mean value of first layer basic capacity element, it is included in information system
The comprehensive score of attack defending ability, and then according to scoring predetermined-grade mapping relations, output information system attack is anti-
The evaluation grade of imperial ability.
10. a kind of information system attack defending ability integration realized using system described in any one of claim 2 to 9 is commented
Estimate method, which comprises the following steps:
S1, it is actively extracted using relationship extracting sub-module between the capability factor and capability factor of information system attack defending ability
Incidence relation, and by measuring the correlation Forming ability element relationship figure between any capability factor, and it is sent to node point
Class submodule, wherein capability factor is the node in capability factor relational graph;
S2, pass through the correlation between computing capability element using node classification submodule, fulfillment capability element relationship figure node
Classification processing, each node is included into according to the correlation degree of capability factor automatically different classes of, obtains the category set of capability factor
It closes, and is sent to distinguishing hierarchy submodule;
S3, capability factor is divided to different levels in an iterative manner using distinguishing hierarchy submodule, and is sent to structure solution
Analyse submodule;
S4, the stratification analytic structure that defence capability evaluation index is built using structure elucidation submodule, and save anti-to attacking
Yu Nenglipingguzhibiaoku;Attack defending effectiveness assessment index library is with three layers of analytic structure storage basic capacity element, refinement energy
Power element and its evaluation index;
S5, pass through the significance level between measuring node using weight calculation submodule, successively assign quantization weight, calculating for node
The quantization weight of each level node, and the weight set of each layer is sent to multistage evaluation submodule;
S6, the opinion rating for quantifying each node defence capability using multistage evaluation submodule, i.e., successively measure node defence capability
Grade calculates the scoring of defence capability element, obtains appraisal result, and the scoring set of each layer is sent to grade assessment submodule
Block;
S7, the comprehensive score of each capability factor is iterated to calculate bottom-uply using grade assessment submodule, and be mapped to corresponding
Evaluation grade, to provide the evaluation grade of information system attack defending ability.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910194022.9A CN109918914B (en) | 2019-03-14 | 2019-03-14 | Hierarchical information system attack defense capability comprehensive evaluation system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910194022.9A CN109918914B (en) | 2019-03-14 | 2019-03-14 | Hierarchical information system attack defense capability comprehensive evaluation system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109918914A true CN109918914A (en) | 2019-06-21 |
| CN109918914B CN109918914B (en) | 2020-10-13 |
Family
ID=66964917
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910194022.9A Active CN109918914B (en) | 2019-03-14 | 2019-03-14 | Hierarchical information system attack defense capability comprehensive evaluation system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109918914B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110224876A (en) * | 2019-06-28 | 2019-09-10 | 北京理工大学 | A kind of application layer DDoS attacking and defending usefulness metric method |
| CN114726601A (en) * | 2022-03-28 | 2022-07-08 | 北京计算机技术及应用研究所 | Graph structure-based information security simulation modeling and verification evaluation method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102034176A (en) * | 2011-01-17 | 2011-04-27 | 北京理工大学 | General comprehensive evaluation system adopting multiple evaluation methods |
| CN104112181A (en) * | 2014-06-12 | 2014-10-22 | 西北工业大学 | Analytical hierarchy process-based information security Bayesian network evaluation method |
| CN107454105A (en) * | 2017-09-15 | 2017-12-08 | 北京理工大学 | A kind of multidimensional network safety evaluation method based on AHP and grey correlation |
-
2019
- 2019-03-14 CN CN201910194022.9A patent/CN109918914B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102034176A (en) * | 2011-01-17 | 2011-04-27 | 北京理工大学 | General comprehensive evaluation system adopting multiple evaluation methods |
| CN104112181A (en) * | 2014-06-12 | 2014-10-22 | 西北工业大学 | Analytical hierarchy process-based information security Bayesian network evaluation method |
| CN107454105A (en) * | 2017-09-15 | 2017-12-08 | 北京理工大学 | A kind of multidimensional network safety evaluation method based on AHP and grey correlation |
Non-Patent Citations (1)
| Title |
|---|
| 方阳: "基于层次分析法和D-S证据理论的电信网网络安全风险评估模型的研究与应用", 《中国优秀硕士学位论文全文数据库信息科技辑(月刊)》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110224876A (en) * | 2019-06-28 | 2019-09-10 | 北京理工大学 | A kind of application layer DDoS attacking and defending usefulness metric method |
| CN110224876B (en) * | 2019-06-28 | 2020-11-20 | 北京理工大学 | Application layer DDoS attack and defense effectiveness measurement method |
| CN114726601A (en) * | 2022-03-28 | 2022-07-08 | 北京计算机技术及应用研究所 | Graph structure-based information security simulation modeling and verification evaluation method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109918914B (en) | 2020-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111309824B (en) | Entity relationship graph display method and system | |
| Ren et al. | Pythagorean fuzzy TODIM approach to multi-criteria decision making | |
| CN110417721B (en) | Security risk assessment method, device, equipment and computer readable storage medium | |
| CN108665159A (en) | A kind of methods of risk assessment, device, terminal device and storage medium | |
| CN104063612B (en) | A kind of Tunnel Engineering risk profiles fuzzy evaluation method and assessment system | |
| CN106779457A (en) | A kind of rating business credit method and system | |
| US8050959B1 (en) | System and method for modeling consortium data | |
| CN107786369A (en) | Based on the perception of IRT step analyses and LSTM powerline network security postures and Forecasting Methodology | |
| CN107944702A (en) | A kind of network security step analysis appraisal procedure, device and computer-readable recording medium | |
| CN108881250A (en) | Powerline network security postures prediction technique, device, equipment and storage medium | |
| CN111738843B (en) | Quantitative risk evaluation system and method using running water data | |
| CN109635206A (en) | Merge the personalized recommendation method and system of implicit feedback and user's social status | |
| CN103577876A (en) | Credible and incredible user recognizing method based on feedforward neural network | |
| CN108494787A (en) | A kind of network risk assessment method based on asset association figure | |
| CN105825430A (en) | Heterogeneous social network-based detection method | |
| CN109918914A (en) | The information system attack defending ability integration assessment system and method for stratification | |
| Zheng et al. | Dynamic case retrieval method with subjective preferences and objective information for emergency decision making | |
| CN108805471A (en) | Evaluation method for water resources carrying capacity based on the analysis of hybrid system interactively | |
| Chen et al. | An integrated risk assessment model of township‐scaled land subsidence based on an evidential reasoning algorithm and fuzzy set theory | |
| CN103970651A (en) | Software architecture safety assessment method based on module safety attributes | |
| CN106971107B (en) | Safety grading method for data transaction | |
| CN106713322A (en) | Fuzzy measurement method for network equipment information security evaluation | |
| CN104679988B (en) | A kind of multiple attributive decision making method based on cloud TOPSIS | |
| CN107424026A (en) | Businessman's reputation evaluation method and device | |
| CN115550077A (en) | Real-time online detection danger source data and trigger automatic defense method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |