CN110798454B - Method and system for defending attack based on attack organization capability evaluation - Google Patents

Method and system for defending attack based on attack organization capability evaluation Download PDF

Info

Publication number
CN110798454B
CN110798454B CN201910992423.9A CN201910992423A CN110798454B CN 110798454 B CN110798454 B CN 110798454B CN 201910992423 A CN201910992423 A CN 201910992423A CN 110798454 B CN110798454 B CN 110798454B
Authority
CN
China
Prior art keywords
attack
evaluation
capability
organization
score
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910992423.9A
Other languages
Chinese (zh)
Other versions
CN110798454A (en
Inventor
吴贤达
冯云
刘奇旭
刘潮歌
曹雅琴
王君楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201910992423.9A priority Critical patent/CN110798454B/en
Publication of CN110798454A publication Critical patent/CN110798454A/en
Application granted granted Critical
Publication of CN110798454B publication Critical patent/CN110798454B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method for defending attacks based on attack organization capability evaluation, which comprises the following steps: 1) setting a plurality of evaluation directions of the capability of the attack organization aiming at the attack organization; 2) mapping the evaluation direction to a plurality of evaluation elements; 3) assigning the same total score to each evaluation element, setting corresponding evaluation conditions for each evaluation direction in the evaluation elements, and scoring the evaluation direction according to the evaluation conditions; 4) adding the scores of all the evaluation directions in the same evaluation element to obtain the scores of all the evaluation elements, and adding the scores of all the evaluation elements to obtain the integral attack ability score of the attack organization; 5) obtaining the capability grade of the attack organization by comparing the integral capability score with the preset capability grade score of the attack organization; 6) and adopting defense strategies of corresponding levels to defend attack organizations of different levels, and defending the attack organizations of the same level in sequence according to the grades.

Description

Method and system for defending attack based on attack organization capability evaluation
Technical Field
The invention belongs to the field of information security, and particularly relates to a method and a system for defending against attacks based on attack organization capability evaluation.
Background
In recent years, major network security events around the world are frequent, and the network environment is increasingly complex from the time the IOT device is maliciously attacked to the time the enterprise infrastructure is hijacked by mining codes to the time the automation lasso software is implemented. In such a complex network environment, the attack capability of an attack organization directly affects the final attack effect. How to comprehensively evaluate the network attack organization capability and excavate the attack organization with the largest threat in the network, thereby providing support for the customization of subsequent defense strategies. Most of the existing results are the vulnerability analysis of a target system according to the vision of an attacker, but the attack process of an attack organization and the attack face are only used for drawing one attack organization, and the related results of quantitative evaluation of the ability of one attack organization are few, so that the method for customizing a defense strategy by evaluating the strength of the attack stopping ability becomes a research direction.
Disclosure of Invention
The invention aims to solve the technical problem of providing a method and a system for defending attacks based on attack organization capability evaluation.
In order to achieve the purpose, the invention adopts the following specific technical scheme:
a method for defending against attacks based on attack organization capability assessment comprises the following steps:
1) and setting a plurality of attack organization capability evaluation directions for qualitatively describing the attack organization.
Preferably, 12 attack organization capability evaluation directions are set, but not limited to the number; these 12 evaluation directions include: team scale, organizational ability, attack deployment target, attack means diversity, attack initiation impact scale, possible stolen resources, autonomous development ability, attack type, source tracing and countermeasure ability, tool application ability, geographic impact, and battle time distribution;
2) and mapping the set attack organization capability evaluation direction to a plurality of evaluation elements.
Preferably, to better demonstrate the attack capability of different attack organizations, 12 evaluation directions are mapped into 6 evaluation elements, but not limited to the number of the evaluation elements. The mapping relationship between the 12 evaluation directions and the 6 evaluation elements is as follows:
evaluation element one: tissue size
Included capacity assessment directions: team size, organizational ability;
and a second evaluation element: attack target
Included capacity assessment directions: targets for attacks, resources that may be stolen are deployed;
evaluation element three: resistance to
Included capacity assessment directions: traceability and countermeasure capabilities;
evaluation element four: technical ability
Included capacity assessment directions: diversity of attack means, tool application capability, autonomous development capability, attack type initiated and influence scale of attack initiated;
evaluation element five: geographic impact
Included capacity assessment directions: a geographic impact;
evaluation element six: spring time
Included capacity assessment directions: the distribution of the combat time;
3) and acquiring the scores of the attack organization in each capability direction according to different evaluation conditions corresponding to different capability directions and corresponding scores.
Preferably, the above six evaluation elements are given the same score: and 60 points, and different score value ranges are allocated to different capability indexes in the evaluation elements. Different conditions are set for different ability indexes, and different scores can be obtained when attack organizations meet different conditions.
4) And adding the scores of the different ability indexes of the attack organization to obtain the score of the evaluation element, and adding the scores of the six evaluation elements to obtain the overall attack ability score of the attack organization.
5) And mapping the scores of the attack organizations to the ability levels of the attack organizations to obtain the ability levels of the attack organizations, thereby realizing the evaluation of the ability of the attack organizations.
Preferably, the attack organization competency score is divided into four ranges: [0,120],[121,180],[181,240],[241,360]. These four ranges correspond to: class C (weaker), class B (normal), class a (stronger), and class S (stronger). Eventually, each attacking organization will obtain a competency score and corresponding competency level.
6) And adopting defense strategies of corresponding levels to defend attack organizations of different levels, sequentially defending the attack organizations in the same level according to the grades, and preferentially defending the organizations with stronger attack capacity.
The above method may be implemented by a system for defending against attacks based on an attack organization capability assessment, the attack organization capability assessment being automated, the system comprising a memory storing a computer program configured to be executed by a processor, and the program comprising instructions for performing the steps of the above method.
After the capability of the attack organization is comprehensively evaluated, according to the evaluation result, a corresponding defense strategy is adopted according to the capability of the attack organization, so that the weak defense is avoided, the resource waste caused by improper defense is avoided, the prior defense is carried out on the strong attack capability, and the attack organization is effectively defended.
Drawings
FIG. 1 is a twelve assessment orientation brain graph of the attack organization competency assessment of the present invention.
FIG. 2 is a radar chart of different levels of attack organization evaluation factor scores of the present invention.
Fig. 3 is a histogram of different levels of attack organizational ability scores for the present invention.
FIG. 4 is an evaluation element score radar chart of three attack organization examples of the present invention.
FIG. 5 is a pie chart of the distribution of attack organizations at various levels in the overall sample of the present invention.
Detailed Description
In order to make the technical solutions in the embodiments of the present invention better understood and make the objects, features, and advantages of the present invention more comprehensible, the technical core of the present invention is described in further detail below.
The embodiment provides a method for defending against attacks based on attack organization capability assessment, which specifically comprises the following steps:
step S1: and extracting the information of the attack organization according to the 12 attack organization capability evaluation directions. The 12 attack organization capability evaluation directions come from the prior empirical knowledge and comprise: team scale, organizational ability, target for deploying attacks, possible stolen resources, traceability countermeasures, diversity of attack means, tool application ability, autonomous development ability, attack type initiated, attack initiation impact scale, geographic impact, and battle time distribution.
Step S2: and (3) corresponding the information of 12 evaluation directions of the attack organization in the step one to 6 evaluation elements, wherein the total score of each evaluation element is 60. The mapping relationship between the 12 evaluation directions and the 6 evaluation elements is as follows:
evaluation element one: tissue size
Included capacity assessment directions: team size, organizational ability;
and a second evaluation element: attack target
Included capacity assessment directions: targets for attacks, resources that may be stolen are deployed;
evaluation element three: resistance to
Included capacity assessment directions: traceability and countermeasure capabilities;
evaluation element four: technical ability
Included capacity assessment directions: diversity of attack means, tool application capability, autonomous development capability, initiated attack
Attack type, attack initiation scale;
evaluation element five: geographic impact
Included capacity assessment directions: a geographic impact;
evaluation element six: spring time
Included capacity assessment directions: the distribution of the combat time;
step S3: and acquiring the scores of the attack organization in each capability direction according to different evaluation conditions corresponding to different capability directions and corresponding scores. The scores corresponding to different ability directions and different conditions are shown in the following table, wherein CI (CapabilityIndex) is an abbreviation of an ability index, and CIn (n epsilon [1,12]) represents the ability index score of the nth evaluation direction. The evaluation criteria are shown in Table 1.
Table 1 attack organization ability quantization table
Figure GDA0002520551500000041
Figure GDA0002520551500000051
S31: and (4) explanation of the quantitative index of the organization scale evaluation element. The team size of the attacking organization can reflect the attacking ability of the attacking organization to a certain extent. A team, or group is often more capable than an independent attacker. Thus, the team size of the attacking organization is divided into four levels: the I level, the II level, the III level and the IV level respectively correspond to independent attackers, groups, medium groups and professional groups. The division of independent attackers, groups, medium teams, and professional teams is based on the number of real IPs that an attack organization can utilize, and the specific level definitions and relationships are shown in table 2:
TABLE 2 team Scale of Attacker/Attacker organization
Figure GDA0002520551500000061
S32: and (4) description of the quantitative indexes of the evaluation factors of the attack targets.
The attack organization spreads the targets of the attack and plays an important role in evaluating the attack ability of the attack organization. The evaluation of the target of an attack tissue spread attack may be considered from several aspects: including target domain, system platform, attack language.
The target domain is mainly organized in 23 target domains according to attacks: network security, gaming, sports, medicine, learning, gambling, unknown, hospital, life, finance, baby, gun, book, politics, travel, female, cooking, automobile, web portal, entertainment, education, government, pornography. N in the quantization index represents the number of fields covered by the attacking organization. The 23 target domains were divided into three categories: the first category includes government, political, coefficient a1The second category includes network security, education, finance with a factor of a2The rest are of a third class with a coefficient of3Wherein a is1>a2>a3(ii) a Acquiring the number of the attack organization in the three fields, wherein n is sequentially1、n2、n3(ii) a The total score of the target domain is a1n1+a2n2+a3n3
S33: and (4) description of a quantitative index of the technical capacity evaluation element.
Attack type direction: according to the diversity division of the attack types launched by the attack organization, the attack ability of the attack organization can be evaluated. Attack approaches from attack organizations include SQL injection, XSS attacks, exception coding, illegal file writing or downloading, abnormal file access/reading, use of vulnerability scanners, illegal exploits, illegal command execution, HTML entity injection, illegal directory traversal. The total number of the initiated attack types is v, the highest score is w, the number of the attack types initiated by the same attack organization is m, and the initiated attack types are w.m/v. For example, the number m of attack types used by the same attack organization is counted, and the highest value of CI4 is 12, so that the attack type direction score of the attack organization is CI4 ═ 12 · m/v.
Step S4: and adding the scores of the attack organization in different ability directions to obtain the score of the evaluation element, and adding the scores of the six evaluation elements to obtain the overall attack ability score of the attack organization.
For example, the ability score evaluation is performed on three attack organizations as follows:
the first attack organization has only 1 IP number and only get requests and single request types, only constructs UA as an antagonistic action, so that the organization scale, the technical capability and other parts are low, and the final total score is also low.
The second attack organization has 35 IPs, more than 700 attack targets, which relate to 4 countries and are wider, but the attack behaviors are single and suspected SEO, so the technical capability score is lower; and the code is subjected to multiple coding in post, and the behavior of hiding a real UA is realized, so that a higher competence score is obtained.
The third attack organization has more than 200 IPs, the number of attack targets exceeds 1000, and each target has more than 1000 attacks on average, the number of field hunts reaches 21, and the number of countries reaches 4; 3 automatic tools are used, and sensitive files and source codes are stolen, so that the technical score is high; multiple proxy IP and UA constructs are used, so the competence score is also higher.
The evaluation element scores of these three attack organizations are shown in fig. 4.
Step S5: and mapping the attack ability scores of the attack organizations to the attack organization ability grades. The attack organization capacity score and the attack organization grade have the following corresponding relation: four ranges of the attack organization ability score [0,120], [121,180], [181,240], [241,360], correspond to: class C (weaker), class B (normal), class a (stronger), and class S (stronger), as shown in table 3.
TABLE 3 attack organizational Capacity Scoring and ranking
Ability scoring Assessment of competency Rating of grade
0~120 Weak ability Class C
121~180 General ability Class B
181~240 High capacity Class A
241~360 Strong ability of Class S
Therefore, the ability score and the ability level of each attack organization can be obtained, the omnibearing qualitative analysis and quantitative description of the attack organization are realized, and fig. 5 shows the attack organization distribution condition of each level in the total sample.
Step S6: the attack organizations with different grades are defended by adopting the defense strategies with corresponding grades, the attack organizations in the same grade are defended sequentially according to the grades, the organizations with stronger attack ability are defended preferentially, and thus the attack organizations with different attack abilities can adopt the corresponding defense strategies and the corresponding defense time, thereby effectively defending different attack organizations.
The above embodiments are only intended to illustrate the technical solution of the present invention and not to limit the same, and a person skilled in the art can modify the technical solution of the present invention or substitute the same without departing from the spirit and scope of the present invention, and the scope of the present invention should be determined by the claims.

Claims (10)

1. A method for defending against attacks based on attack organization capability assessment is characterized by comprising the following steps:
1) aiming at an attack organization, setting a plurality of evaluation directions of the ability of the attack organization, wherein the evaluation directions comprise: the method comprises the following steps of (1) team scale, organizational ability, attack target deployment, possible stolen resources, source tracing and countermeasure ability, diversity of attack means, tool application ability, autonomous development ability, attack type, attack initiation influence scale, geographical influence and combat time distribution;
2) mapping the evaluation direction to a plurality of evaluation elements, wherein the evaluation elements comprise: organization scale, attack targets, countermeasure capabilities, technical capabilities, geographic impact, and elasticity time; the mapping relation comprises the following steps:
team size, organizational competence → organizational size,
targets for open attacks, resources that may be stolen → attack targets,
traceability countermeasure capability → countermeasure capability,
diversity of attack means, tool application capability, autonomous development capability, attack type initiated, impact scale of attack initiated → technical capability,
geographic influence → geographic influence, time of battle distribution → elastic time;
3) assigning the same total score to each evaluation element, setting corresponding evaluation conditions for each evaluation direction in the evaluation elements, and scoring the evaluation direction according to the evaluation conditions;
4) adding the scores of all the evaluation directions in the same evaluation element to obtain the scores of all the evaluation elements, and adding the scores of all the evaluation elements to obtain the integral attack ability score of the attack organization;
5) obtaining the capability grade of the attack organization by comparing the integral capability score with the preset capability grade score of the attack organization;
6) and adopting defense strategies of corresponding levels to defend attack organizations of different levels, and defending the attack organizations of the same level in sequence according to the grades.
2. The method of claim 1, wherein assessing a condition comprises:
for team size and organizational ability, team size is divided into four levels: grade I, grade II, grade III and grade IV which respectively correspond to independent attackers, groups, medium groups and professional groups are scored according to the four grades;
for the targets of the development attack, scoring is carried out on the importance degree, the attack language number and the attack system platform number of different target fields;
for the resources which are possibly stolen, scoring is carried out according to whether the resources are sensitive target files and source codes;
for the traceability countermeasure capacity, scoring is carried out according to the number of constructed UAs, whether encrypted data exist or not, the number of proxy IPs, the number of proxy IP hops and whether a sample camouflage type exists or not;
for the diversity of the attack means, scoring is carried out according to the number of sample launching types, the number of modes of construction requests and the number of UAs of attacks;
for the tool operation capacity, scoring is carried out according to the number of the operated tools;
for the independent development capacity, scoring is carried out according to the number of developed tools;
for the initiated attack types, scoring is carried out according to the proportion of the attack types;
for the influence scale of the attack, scoring is carried out according to the attack type Botnet or/and DDOS;
for the geographical influence, scoring is carried out according to the number of affected countries and cities;
and (4) scoring the battle time distribution according to the attack time ratio.
3. The method according to claim 2, characterized in that the four levels of organisation scale are divided according to the real number of IPs controlled, in particular 1-3, 4-50, 51-100, more than 100 real number of IPs controlled corresponding to level I, level II, level III and level IV respectively.
4. The method of claim 2, wherein the target domain comprises 23: network security, gaming, sports, medicine, learning, gambling, unknown, hospital, life, finance, baby, gun, book, politics, travel, female, cooking, automobile, web portal, entertainment, education, government, pornography.
5. The method of claim 4, wherein the target domain score is calculated by: the 23 target domains were divided into three categories: the first category includes government, political, coefficient a1The second category includes network security,Education, finance, coefficient of a2The rest are of a third class with a coefficient of3Wherein a is1>a2>a3(ii) a Acquiring the number of the attack organization in the three fields, wherein n is sequentially1、n2、n3(ii) a The total score of the target domain is a1n1+a2n2+a3n3
6. The method of claim 1, wherein the type of attack initiated comprises SQL injection, XSS attack, exception coding, illegal file writing or downloading, abnormal file access/reading, exploit of vulnerability scanner, illegal exploit, illegal command execution, HTML entity injection, illegal directory traversal.
7. The method of claim 6, wherein the total number of attack types launched is v, the highest score is w, and the number of attack types launched by the same attack organization is m, then the launched attack type score is w · m/v.
8. The method of claim 1, wherein each evaluation element is assigned a total score of 60.
9. The method of claim 1, wherein the attack organization competency level score is divided into four ranges: [0,120], [121,180], [181,240], [241,360], which correspond to four levels, respectively: the four levels correspond to weak capability, general capability, strong capability and strong capability.
10. A system for defending against attacks based on an attack organization capability assessment, comprising a memory and a processor, the memory storing a computer program configured to be executed by the processor, the program comprising instructions for carrying out the steps of the method of any one of claims 1 to 9.
CN201910992423.9A 2019-10-18 2019-10-18 Method and system for defending attack based on attack organization capability evaluation Active CN110798454B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910992423.9A CN110798454B (en) 2019-10-18 2019-10-18 Method and system for defending attack based on attack organization capability evaluation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910992423.9A CN110798454B (en) 2019-10-18 2019-10-18 Method and system for defending attack based on attack organization capability evaluation

Publications (2)

Publication Number Publication Date
CN110798454A CN110798454A (en) 2020-02-14
CN110798454B true CN110798454B (en) 2020-10-27

Family

ID=69439558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910992423.9A Active CN110798454B (en) 2019-10-18 2019-10-18 Method and system for defending attack based on attack organization capability evaluation

Country Status (1)

Country Link
CN (1) CN110798454B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113329026B (en) * 2021-06-08 2022-09-16 中国传媒大学 Attack capability determination method and system based on network target range vulnerability drilling

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268450A (en) * 2013-06-06 2013-08-28 成都浩博依科技有限公司 Mobile intelligent terminal system safety evaluation system model and method based on test
CN104144164A (en) * 2014-08-06 2014-11-12 武汉安问科技发展有限责任公司 Extension defense method based on network intrusion
CN105763449A (en) * 2016-03-23 2016-07-13 东北大学 Single packet source-tracing method based on storage resource adaptive adjustment
CN106789955A (en) * 2016-11-30 2017-05-31 山东省计算中心(国家超级计算济南中心) A kind of network security situation evaluating method
CN110035066A (en) * 2019-03-13 2019-07-19 中国科学院大学 A kind of attacking and defending behavior quantitative estimation method and system based on game theory

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7386848B2 (en) * 2003-10-02 2008-06-10 International Business Machines Corporation Method and system to alleviate denial-of-service conditions on a server
CN101958898B (en) * 2010-09-28 2013-10-30 中国科学院研究生院 Quick EAP authentication switching method in mobile WiMax network
RU2494453C2 (en) * 2011-11-24 2013-09-27 Закрытое акционерное общество "Лаборатория Касперского" Method for distributed performance of computer security tasks
US9398034B2 (en) * 2013-12-19 2016-07-19 Microsoft Technology Licensing, Llc Matrix factorization for automated malware detection
CN106603294B (en) * 2016-12-20 2019-08-23 国网新疆电力公司信息通信公司 A kind of synthesis vulnerability assessment method based on power communication web frame and state
CN107046535B (en) * 2017-03-24 2019-11-29 中国科学院信息工程研究所 A kind of abnormality sensing and method for tracing and system
CN109271772A (en) * 2018-11-22 2019-01-25 宋协栋 A kind of multi-action computer network guard system
CN109660526A (en) * 2018-12-05 2019-04-19 国网江西省电力有限公司信息通信分公司 A kind of big data analysis method applied to information security field
CN110336830B (en) * 2019-07-17 2021-08-31 山东大学 DDoS attack detection system based on software defined network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268450A (en) * 2013-06-06 2013-08-28 成都浩博依科技有限公司 Mobile intelligent terminal system safety evaluation system model and method based on test
CN104144164A (en) * 2014-08-06 2014-11-12 武汉安问科技发展有限责任公司 Extension defense method based on network intrusion
CN105763449A (en) * 2016-03-23 2016-07-13 东北大学 Single packet source-tracing method based on storage resource adaptive adjustment
CN106789955A (en) * 2016-11-30 2017-05-31 山东省计算中心(国家超级计算济南中心) A kind of network security situation evaluating method
CN110035066A (en) * 2019-03-13 2019-07-19 中国科学院大学 A kind of attacking and defending behavior quantitative estimation method and system based on game theory

Also Published As

Publication number Publication date
CN110798454A (en) 2020-02-14

Similar Documents

Publication Publication Date Title
CN111371758B (en) Network spoofing efficiency evaluation method based on dynamic Bayesian attack graph
CN107220549B (en) Vulnerability risk basic evaluation method based on CVSS
CN109271780A (en) Method, system and the computer-readable medium of machine learning malware detection model
Cox, Jr Improving risk‐based decision making for terrorism applications
Lucas The stochastic versus deterministic argument for combat simulations: Tales of when the average won't do
KR20210089327A (en) Apparatus and method for selecting countermeasures against attack
CN114329484A (en) Target network security risk automatic assessment method, device, equipment and medium
Apruzzese et al. Spacephish: The evasion-space of adversarial attacks against phishing website detectors using machine learning
Demchak Cybered conflict, hybrid war, and informatization wars
CN110798454B (en) Method and system for defending attack based on attack organization capability evaluation
Wang et al. A two-stage deception game for network defense
CN115333806A (en) Penetration test attack path planning method and device, electronic equipment and storage medium
Lin et al. Effective proactive and reactive defense strategies against malicious attacks in a virtualized honeynet
Giles Russian information warfare: construct and purpose
CN113329026B (en) Attack capability determination method and system based on network target range vulnerability drilling
Aucsmith Disintermediation, counterinsurgency, and cyber defense
Schram The Role of Artificial Intelligence in Cyber Operations: An Analysis of AI and Its Application to Malware-Based Cyberattacks and Proactive Cybersecurity
Bibighaus How power-laws re-write the rules of cyber warfare
CN114640484A (en) Network security countermeasure method and device and electronic equipment
Trifonov et al. New Approaches in the Examination of the Cyber Threats
Dévai The US Response to the 2016 Russian Election Meddling and the Evolving National Strategic Thought in Cyberspace (Part 1.)
Vetter Cyber Resilience for Europe’s Armed Forces in the Twenty-First Century: A German Perspective
CN116074114B (en) Network target range defense efficiency evaluation method, device, equipment and storage medium
Demchak Integrating thinking
JP6857627B2 (en) White list management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant