CN110868385B - Website safety operation capacity determination method and device, electronic equipment and storage medium - Google Patents
Website safety operation capacity determination method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN110868385B CN110868385B CN201811608727.2A CN201811608727A CN110868385B CN 110868385 B CN110868385 B CN 110868385B CN 201811608727 A CN201811608727 A CN 201811608727A CN 110868385 B CN110868385 B CN 110868385B
- Authority
- CN
- China
- Prior art keywords
- score
- level
- website
- alarm
- capability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000012545 processing Methods 0.000 claims description 10
- 230000001419 dependent effect Effects 0.000 claims description 3
- 238000013486 operation strategy Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
- G06Q10/06393—Score-carding, benchmarking or key performance indicator [KPI] analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/40—Business processes related to the transportation industry
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Economics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Computer Security & Cryptography (AREA)
- Entrepreneurship & Innovation (AREA)
- Educational Administration (AREA)
- Tourism & Hospitality (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Development Economics (AREA)
- Theoretical Computer Science (AREA)
- Game Theory and Decision Science (AREA)
- Operations Research (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Analysis (AREA)
- Alarm Systems (AREA)
- Quality & Reliability (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Primary Health Care (AREA)
- Algebra (AREA)
Abstract
The embodiment of the invention discloses a method and a device for determining the safe operation capacity of a website, electronic equipment and a storage medium. The method comprises the following steps: acquiring a safety protection capability score, an alarm handling capability score and a risk item handling capability score of a target website from a database; acquiring an alarm level and a risk item level aiming at the target website from the database; and determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm grade and the risk item grade.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for determining a website security operation capability, an electronic device, and a storage medium.
Background
With the development of science and technology, the network attack mode is continuously renewed, and a plurality of challenges are brought to the network security. If the website is attacked by the network, huge losses are caused to public capital and property, personal privacy of users and personal safety. At present, a common website monitoring platform rarely monitors and evaluates the website security operation capability, so that a website administrator hardly knows the website security operation capability and cannot adjust the operation strategy of the website in time according to the website security operation capability, which causes that the website is greatly likely to be attacked by a network.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, an electronic device, and a storage medium for determining a website safe operation capability, which can evaluate the website safe operation capability, so that a website administrator can timely know the website safe operation capability, and thus the administrator can timely adjust an operation policy of a website according to the website safe operation capability, thereby reducing a possibility that the website is attacked by a network.
In a first aspect, an embodiment of the present invention provides a method for determining a security operation capability of a website, where the method includes:
acquiring a safety protection capability score, an alarm handling capability score and a risk item handling capability score of a target website from a database;
acquiring an alarm level and a risk item level aiming at the target website from the database;
and determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm grade and the risk item grade.
Preferably, the alarm levels include: the method comprises a first level and a second level, wherein the first level is the level of all alarms which are processed by the target website within a preset time period, and the second level is the level of all alarms aiming at the target website within the preset time period.
Preferably, the risk item rating comprises: a third level and a fourth level, where the third level is a level of all risk items that have been handled by the target website within the preset time period, and the fourth level is a level of all risk items for the target website within the preset time period.
Preferably, the determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level, and the risk item level includes: calculating an alarm handling capacity weight by using the alarm handling capacity score and the highest score of a preset alarm handling capacity score; calculating the risk item handling capacity weight by using the risk item handling capacity score and the highest score of the preset risk item handling capacity score; and determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm grade, the risk item grade, the alarm handling capability weight and the risk item handling capability weight.
Preferably, the determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level, the risk item level, the alarm handling capability weight, and the risk item handling capability weight includes: calculating the operation capacity score of the target website by using the following formula: a ═ X + (Y (∑ P/∑ Q) × M) + (Z (∑ J/∑ K) × N), where a is an operational capability score of the target website, X is the safeguard capability score, Y is the alert handling capability score, Z is the risk item handling capability score, P is the first level, Q is the second level, J is the third level, K is the fourth level, M is the alert handling capability weight, and N is the risk item handling capability weight.
In a second aspect, an embodiment of the present invention provides an apparatus for determining a security operation capability of a website, where the apparatus includes:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a safety protection capability score, an alarm processing capability score and a risk item processing capability score of a target website from a database;
the acquisition unit is further used for acquiring an alarm level and a risk item level aiming at the target website from the database;
and the determining unit is used for determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level and the risk item level.
Preferably, the alarm levels include: the method comprises a first level and a second level, wherein the first level is the level of all alarms which are processed by the target website within a preset time period, and the second level is the level of all alarms aiming at the target website within the preset time period.
Preferably, the risk item rating comprises: a third level and a fourth level, where the third level is a level of all risk items that have been handled by the target website within the preset time period, and the fourth level is a level of all risk items for the target website within the preset time period.
Preferably, the determining unit is specifically configured to: calculating an alarm handling capacity weight by using the alarm handling capacity score and the highest score of a preset alarm handling capacity score; calculating the risk item handling capacity weight by using the risk item handling capacity score and the highest score of the preset risk item handling capacity score; and determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm grade, the risk item grade, the alarm handling capability weight and the risk item handling capability weight.
Preferably, the determining unit is specifically configured to: calculating the operation capacity score of the target website by using the following formula: a ═ X + (Y (∑ P/∑ Q) × M) + (Z (∑ J/∑ K) × N), where a is an operational capability score of the target website, X is the safeguard capability score, Y is the alert handling capability score, Z is the risk item handling capability score, P is the first level, Q is the second level, J is the third level, K is the fourth level, M is the alert handling capability weight, and N is the risk item handling capability weight.
In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor reads the executable program code stored in the memory to run a program corresponding to the executable program code, so as to execute the website security operation capability determining method according to the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs are executable by one or more processors to implement the method for determining a website security operation capability according to the first aspect.
According to the method, the device, the electronic equipment and the storage medium for determining the safe operation capacity of the website, provided by the embodiment of the invention, the operation capacity score of the website can be determined by utilizing the safety protection capacity score, the alarm handling capacity score, the risk item handling capacity score, the alarm level and the risk item level of the website, so that a website administrator can timely and intuitively know the safe operation capacity of the website, the administrator can timely adjust the operation strategy of the website according to the safe operation capacity of the website, and the possibility that the website is attacked by a network is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating a method for determining a website security operation capability according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a website security operation capability determining apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart illustrating a method for determining a website security operation capability according to an embodiment of the present invention. The website security operation capability determination may be applied to an electronic device, such as a server.
As shown in fig. 1, the method for determining the website security operation capability of the present embodiment may include:
In one example, the security capability score may depend on the level of protection of the website, the number of alarms present on the website. The administrator can calculate the safety protection ability score according to the preset scoring rule by using the website protection level and the alarm number of the website in advance, and store the safety protection ability score in the database.
The alarm handling capability score depends on the number of alarms owned by the website and the number of alarms handled. The administrator can calculate the alarm handling capacity score according to the preset scoring rule by utilizing all the alarm numbers and the handled alarm numbers of the website in advance, and store the alarm handling capacity score in the database.
The Risk item disposability score is dependent on the number of risk items owned by the website and the number of risk items disposed. The administrator can calculate the risk item handling capability score according to the preset scoring rule by using the number of all risk items and the number of handled risk items of the website in advance, and store the risk item handling capability score in the database.
When the safety protection capability score, the alarm handling capability score and the risk item handling capability score of the target website need to be obtained, the safety protection capability score, the alarm handling capability score and the risk item handling capability score can be directly obtained from the database.
And 102, acquiring the alarm level and the risk item level aiming at the target website from the database.
In one example, the alert level for the target web site may include: the method comprises a first level and a second level, wherein the first level is the level of all alarms which are handled by a target website within a preset time period, and the second level is the level of all alarms aiming at the target website within the preset time period.
The risk item rating of the target website may include: the third level is the level of all risk items that the target website has handled within the preset time period, and the fourth level is the level of all risk items for the target website within the preset time period.
And 103, determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level and the risk item level.
Specifically, step 103, determining an operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level, and the risk item level, may include the following steps:
and step 1031, calculating the alarm handling capacity weight by using the alarm handling capacity score and the highest score of the preset alarm handling capacity score.
Step 1032, calculating the risk item handling capacity weight by using the risk item handling capacity score and the highest score of the preset risk item handling capacity score.
Step 1033, determining an operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level, the risk item level, the alarm handling capability weight, and the risk item handling capability weight.
Further, in step 1033, determining an operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level, the risk item level, the alarm handling capability weight, and the risk item handling capability weight may include:
calculating the operation capacity score of the target website by using the following formula:
A=X+(Y*(∑P/∑Q)*M)+(Z*(∑J/∑K)*N)
wherein, a is an operation capability score of the target website, X is a safety protection capability score of the target website, Y is an alarm handling capability score of the target website, Z is a risk item handling capability score of the target website, P is a first grade, Q is a second grade, J is a third grade, K is a fourth grade, M is an alarm handling capability weight, and N is a risk item handling capability weight.
By using the method for determining the safe operation capability of the website provided by the embodiment of the invention, the operation capability score of the website can be determined by using the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level and the risk item level of the website, so that a website administrator can timely and intuitively know the safe operation capability of the website, and the administrator can timely adjust the operation strategy of the website according to the safe operation capability of the website, thereby reducing the possibility that the website is attacked by a network.
The following further describes, by using a specific example, a method for determining a website security operation capability according to an embodiment of the present invention.
For example, a safety protection capability score X (preset full score of 60), an alarm handling capability score Y (preset full score of 20), and a risk item handling capability score Z (preset full score of 20) of website 1, website 2, website 3, and website 4 are obtained. And acquiring the grade P of all alarms of the website 1, the website 2, the website 3 and the website 4 which are respectively processed in a preset time period, the grade Q of all alarms of the website 1, the website 2, the website 3 and the website 4 which are respectively processed in the preset time period, the grade J of all risk items of the website 1, the website 2, the website 3 and the website 4 which are respectively processed in the preset time period, and the grade K of all risk items of the website 1, the website 2, the website 3 and the website 4 which are respectively processed in the preset time period. For convenience of presentation, the values obtained for website 1, website 2, website 3 and website 4 are shown in table 1.
| Website | X | Y | ∑P/∑Q | Z | ∑J/∑K |
| Website 1 | 42 | 16 | 0.48 | 12 | 0.61 |
| Website 2 | 54 | 20 | 1.0 | 16 | 0.53 |
| Website 3 | 46 | 18 | 0.15 | 12 | 0.56 |
| Website 4 | 33 | 8 | 0.57 | 20 | 1.0 |
TABLE 1
Then, according to the alarm handling capacity scores Y of the websites 1, 2, 3, and 4 and the preset full score 20, the alarm handling capacity weight M of the websites 1, 2, 3, and 4 is calculated, that is, M is Y/20. And calculating the risk item handling capacity weight N of the website 1, the website 2, the website 3 and the website 4 according to the risk item handling capacity score Z of the website 1, the website 2, the website 3 and the website 4 and a preset full score 20, wherein N is Z/20. For convenience of presentation, the values obtained for website 1, website 2, website 3 and website 4 and the calculated M, N values are shown in table 2.
| Website | X | Y | ∑P/∑Q | M | Z | ∑J/∑K | N |
| Website 1 | 42 | 16 | 0.48 | 0.8 | 12 | 0.61 | 0.6 |
| Website 2 | 54 | 20 | 1.0 | 1 | 16 | 0.53 | 0.8 |
| Website 3 | 46 | 18 | 0.15 | 0.9 | 12 | 0.56 | 0.6 |
| Website 4 | 33 | 8 | 0.57 | 0.4 | 20 | 1.0 | 1 |
TABLE 2
Then, the operation capability score a of each of the sites 1, 2, 3 and 4 is calculated by the following formula in combination with the respective numerical values in table 2.
A=X+(Y*(∑P/∑Q)*M)+(Z*(∑J/∑K)*N)
Finally, the operation capability score of the website 1 is 52.536, the operation capability score of the website 2 is 80.784, the operation capability score of the website 3 is 52.462, and the operation capability score of the website 4 is 54.824. The safe operation capability of the website 2 can be intuitively determined to be relatively good based on the operation capability scores of the websites, and the operation strategies of the website 1, the website 3 and the website 4 need to be adjusted in time so as to reduce the possibility that the website is attacked by the network.
Fig. 2 is a schematic structural diagram of a website security operation capability determining apparatus according to an embodiment of the present invention. The apparatus may be applied to an electronic device.
As shown in fig. 2, the apparatus of the present embodiment may include: an acquisition unit 201 and a determination unit 202.
The obtaining unit 201 is configured to obtain, from the database, a security protection capability score, an alarm handling capability score, and a risk item handling capability score of the target website.
The obtaining unit 201 is further configured to obtain an alarm level and a risk item level for the target website from the database.
The determining unit 202 is configured to determine an operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level, and the risk item level.
Preferably, the alert levels include: the method comprises a first level and a second level, wherein the first level is the level of all alarms which are handled by a target website within a preset time period, and the second level is the level of all alarms aiming at the target website within the preset time period.
Preferably, the risk item ratings include: the third level is the level of all risk items that the target website has handled within the preset time period, and the fourth level is the level of all risk items for the target website within the preset time period.
Preferably, the determining unit 202 is specifically configured to:
calculating an alarm handling capacity weight by using the alarm handling capacity score and the highest score of a preset alarm handling capacity score;
calculating the risk item handling capacity weight by using the risk item handling capacity score and the highest score of the preset risk item handling capacity score;
and determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm grade, the risk item grade, the alarm handling capability weight and the risk item handling capability weight.
Preferably, the determining unit 202 is specifically configured to:
calculating the operation capacity score of the target website by using the following formula:
A=X+(Y*(∑P/∑Q)*M)+(Z*(∑J/∑K)*N)
wherein, a is an operation capability score of the target website, X is a safety protection capability score of the target website, Y is an alarm handling capability score of the target website, Z is a risk item handling capability score of the target website, P is a first grade, Q is a second grade, J is a third grade, K is a fourth grade, M is an alarm handling capability weight, and N is a risk item handling capability weight.
By using the website security operation capability determining device provided by the embodiment of the invention, the operation capability score of the website can be determined by using the security protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level and the risk item level of the website, so that a website administrator can timely and intuitively know the security operation capability of the website, and the administrator can timely adjust the operation strategy of the website according to the security operation capability of the website, thereby reducing the possibility that the website is attacked by a network.
The embodiment of the invention also provides the electronic equipment. Fig. 3 is a schematic structural diagram of an embodiment of an electronic device of the present invention, which can implement the process of the embodiment shown in fig. 1 of the present invention, and as shown in fig. 3, the electronic device may include: the device comprises a shell 31, a processor 32, a memory 33, a circuit board 34 and a power circuit 35, wherein the circuit board 34 is arranged inside a space enclosed by the shell 31, and the processor 32 and the memory 33 are arranged on the circuit board 34; a power supply circuit 35 for supplying power to each circuit or device of the electronic apparatus; the memory 33 is used for storing executable program codes; the processor 32 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 33, for executing the method described in any of the foregoing embodiments.
The electronic device exists in a variety of forms, including but not limited to:
(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio and video playing modules (such as an iPod), handheld game consoles, electronic books, and intelligent toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with data interaction function.
Embodiments of the present invention provide a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement a method as in any of the preceding embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (12)
1. A method for determining the safe operation capability of a website is characterized by comprising the following steps:
acquiring a safety protection capability score, an alarm handling capability score and a risk item handling capability score of a target website from a database;
acquiring an alarm level and a risk item level aiming at the target website from the database;
determining an operation capacity score of the target website according to the safety protection capacity score, the alarm handling capacity score, the risk item handling capacity score, the alarm grade and the risk item grade, wherein the safety protection capacity score depends on the website protection grade and the number of alarms in the website; the alarm handling capability score is dependent on the number of alarms owned by the website and the number of alarms handled; the risk item disposability score depends on the number of risk items owned by the website and the number of disposed risk items.
2. The method of claim 1,
the alarm levels include: the method comprises a first level and a second level, wherein the first level is the level of all alarms which are processed by the target website within a preset time period, and the second level is the level of all alarms aiming at the target website within the preset time period.
3. The method of claim 2,
the risk item ratings include: a third level and a fourth level, where the third level is a level of all risk items that have been handled by the target website within the preset time period, and the fourth level is a level of all risk items for the target website within the preset time period.
4. The method of claim 3, wherein determining the operational capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level, and the risk item level comprises:
calculating an alarm handling capacity weight by using the alarm handling capacity score and the highest score of a preset alarm handling capacity score;
calculating the risk item handling capacity weight by using the risk item handling capacity score and the highest score of the preset risk item handling capacity score;
and determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm grade, the risk item grade, the alarm handling capability weight and the risk item handling capability weight.
5. The method of claim 4, wherein determining an operational capability score for the target website based on the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level, the risk item level, the alarm handling capability weight, and the risk item handling capability weight comprises:
calculating the operation capacity score of the target website by using the following formula:
A=X+(Y*(∑P/∑Q)*M)+(Z*(∑J/∑K)*N)
wherein a is an operation capability score of the target website, X is the safety protection capability score, Y is the alarm handling capability score, Z is the risk item handling capability score, P is the first level, Q is the second level, J is the third level, K is the fourth level, M is the alarm handling capability weight, and N is the risk item handling capability weight.
6. An apparatus for determining a security operation capability of a website, the apparatus comprising:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a safety protection capability score, an alarm processing capability score and a risk item processing capability score of a target website from a database;
the acquisition unit is further used for acquiring an alarm level and a risk item level aiming at the target website from the database;
the determining unit is used for determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm level and the risk item level, wherein the safety protection capability score depends on the website protection level and the number of alarms existing in the website; the alarm handling capability score is dependent on the number of alarms owned by the website and the number of alarms handled; the risk item disposability score depends on the number of risk items owned by the website and the number of disposed risk items.
7. The apparatus of claim 6,
the alarm levels include: the method comprises a first level and a second level, wherein the first level is the level of all alarms which are processed by the target website within a preset time period, and the second level is the level of all alarms aiming at the target website within the preset time period.
8. The apparatus of claim 7,
the risk item ratings include: a third level and a fourth level, where the third level is a level of all risk items that have been handled by the target website within the preset time period, and the fourth level is a level of all risk items for the target website within the preset time period.
9. The apparatus according to claim 8, wherein the determining unit is specifically configured to:
calculating an alarm handling capacity weight by using the alarm handling capacity score and the highest score of a preset alarm handling capacity score;
calculating the risk item handling capacity weight by using the risk item handling capacity score and the highest score of the preset risk item handling capacity score;
and determining the operation capability score of the target website according to the safety protection capability score, the alarm handling capability score, the risk item handling capability score, the alarm grade, the risk item grade, the alarm handling capability weight and the risk item handling capability weight.
10. The apparatus according to claim 9, wherein the determining unit is specifically configured to:
calculating the operation capacity score of the target website by using the following formula:
A=X+(Y*(∑P/∑Q)*M)+(Z*(∑J/∑K)*N)
wherein a is an operation capability score of the target website, X is the safety protection capability score, Y is the alarm handling capability score, Z is the risk item handling capability score, P is the first level, Q is the second level, J is the third level, K is the fourth level, M is the alarm handling capability weight, and N is the risk item handling capability weight.
11. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the website security operation capability determination method of any one of the preceding claims 1-5.
12. A computer-readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement the method for determining the security operation capability of a website as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811608727.2A CN110868385B (en) | 2018-12-26 | 2018-12-26 | Website safety operation capacity determination method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811608727.2A CN110868385B (en) | 2018-12-26 | 2018-12-26 | Website safety operation capacity determination method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110868385A CN110868385A (en) | 2020-03-06 |
| CN110868385B true CN110868385B (en) | 2022-02-11 |
Family
ID=69651907
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811608727.2A Active CN110868385B (en) | 2018-12-26 | 2018-12-26 | Website safety operation capacity determination method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110868385B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113537725B (en) * | 2021-06-24 | 2024-10-15 | 浙江乾冠信息安全研究院有限公司 | Method for comprehensively scoring units and electronic device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104182478A (en) * | 2014-08-01 | 2014-12-03 | 北京华清泰和科技有限公司 | Website monitoring pre-warning method |
| CN106209829A (en) * | 2016-07-05 | 2016-12-07 | 杨林 | A kind of network security management system based on warning strategies |
| RU2015149052A (en) * | 2015-11-17 | 2017-05-22 | Общество с ограниченной ответственностью "САЙТСЕКЬЮР" | System and method for assessing the danger of websites |
| CN107360188A (en) * | 2017-08-23 | 2017-11-17 | 杭州安恒信息技术有限公司 | Website value-at-risk appraisal procedure and device based on cloud protection and cloud monitoring system |
| CN107682350A (en) * | 2017-10-19 | 2018-02-09 | 杭州安恒信息技术有限公司 | Active defense method, device and electronic equipment based on web portal security scoring |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106611120B (en) * | 2015-10-26 | 2019-10-01 | 阿里巴巴集团控股有限公司 | A kind of appraisal procedure and device of risk prevention system system |
-
2018
- 2018-12-26 CN CN201811608727.2A patent/CN110868385B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104182478A (en) * | 2014-08-01 | 2014-12-03 | 北京华清泰和科技有限公司 | Website monitoring pre-warning method |
| RU2015149052A (en) * | 2015-11-17 | 2017-05-22 | Общество с ограниченной ответственностью "САЙТСЕКЬЮР" | System and method for assessing the danger of websites |
| CN106209829A (en) * | 2016-07-05 | 2016-12-07 | 杨林 | A kind of network security management system based on warning strategies |
| CN107360188A (en) * | 2017-08-23 | 2017-11-17 | 杭州安恒信息技术有限公司 | Website value-at-risk appraisal procedure and device based on cloud protection and cloud monitoring system |
| CN107682350A (en) * | 2017-10-19 | 2018-02-09 | 杭州安恒信息技术有限公司 | Active defense method, device and electronic equipment based on web portal security scoring |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110868385A (en) | 2020-03-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108875364B (en) | Threat determination method and device for unknown file, electronic device and storage medium | |
| CN110868377B (en) | Method and device for generating network attack graph and electronic equipment | |
| CN110868383A (en) | Website risk assessment method and device, electronic equipment and storage medium | |
| CN106250182B (en) | File processing method and device and electronic equipment | |
| CN113973012B (en) | Threat detection method and device, electronic equipment and readable storage medium | |
| CN108804918B (en) | Security defense method, security defense device, electronic equipment and storage medium | |
| CN111760294B (en) | Method and device for controlling non-player game characters in game | |
| CN110659493A (en) | Method and device for generating threat alarm mode, electronic equipment and storage medium | |
| CN111030968A (en) | Detection method and device capable of customizing threat detection rule and storage medium | |
| CN111030974A (en) | APT attack event detection method, device and storage medium | |
| CN110868385B (en) | Website safety operation capacity determination method and device, electronic equipment and storage medium | |
| CN114281587A (en) | Asset abnormity detection method and device for terminal equipment, electronic equipment and storage medium | |
| CN110652728A (en) | Game resource management method and device, electronic equipment and storage medium | |
| CN114338102A (en) | Security detection method and device, electronic equipment and storage medium | |
| CN114285619A (en) | Network information display method and device and electronic equipment | |
| CN110868380A (en) | Network flow safety monitoring method and device, electronic equipment and storage medium | |
| CN110826837A (en) | Method and device for evaluating real-time risk of website assets and storage medium | |
| CN110874310B (en) | Terminal behavior monitoring method and device, electronic equipment and storage medium | |
| CN109889614B (en) | Information pushing method and device | |
| CN106933323B (en) | Method and device for optimizing power consumption of application program and electronic equipment | |
| CN111030977A (en) | Attack event tracking method and device and storage medium | |
| CN115766285A (en) | Network attack defense detection method and device, electronic equipment and storage medium | |
| CN110719367A (en) | Cloud mobile phone friend recommendation method, device, equipment and storage medium | |
| CN116070017A (en) | Data recommendation method and device and electronic equipment | |
| CN110768945A (en) | Method and device for evaluating website safe operation condition and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |