CN111431910A - Network attack scoring computing system and method - Google Patents
Network attack scoring computing system and method Download PDFInfo
- Publication number
- CN111431910A CN111431910A CN202010231474.2A CN202010231474A CN111431910A CN 111431910 A CN111431910 A CN 111431910A CN 202010231474 A CN202010231474 A CN 202010231474A CN 111431910 A CN111431910 A CN 111431910A
- Authority
- CN
- China
- Prior art keywords
- scoring
- attack
- network attack
- score
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000011156 evaluation Methods 0.000 claims description 29
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 5
- 230000001681 protective effect Effects 0.000 abstract 1
- 230000006399 behavior Effects 0.000 description 6
- 238000012549 training Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A network attack scoring computing system and method, through obtaining the network attack goal important degree, goal damaged degree, protective grade of the safety device, technical staff attack score of appraising, calculate the objective scoring result of the network attack, and appraisal the subjective scoring result to the network attack, obtain the final scoring result finally, thus solve the problem that the scoring means is single, scoring standard can't reflect the behavior of the network attack accurately.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network attack scoring computing system and method, and particularly relates to a network attack scoring computing system and method based on weight.
Background
Computer networks are also known as computer communication networks. The simplest definition of a computer network is: a collection of interconnected, autonomous computers aimed at sharing resources. Due to the characteristics of diversity, non-uniformity, openness, interconnectivity, and the like of computer networks, information security problems become more and more serious, and various industries face various information security problems. Therefore, various information security practical training platforms based on virtualization technologies are continuously available, and virtualization environment support for network attack and protection is provided for various industries. Meanwhile, an effective grading standard for the attack effect and the protection effect of the safety training platform is necessary.
And submitting a flag character string to the platform or using a preset answer as a judgment standard for judging whether the attack is successful or not, wherein the flag character string is a commonly used grading standard of the existing information safety practical training platform. However, such scoring criteria have certain drawbacks;
1) the scoring means is single;
2) the scoring does not accurately reflect network attack behavior.
Disclosure of Invention
In order to solve the problems, the invention provides a network attack scoring computing system and a network attack scoring computing method, which effectively overcome the defects that the scoring means is single and scoring cannot accurately reflect network attack behaviors in the scoring process of an information security practical training platform in the prior art.
In order to overcome the defects in the prior art, the invention provides a solution of a network attack score calculation system and a method, which comprises the following specific steps:
a cyber attack scoring computing system, comprising:
a terminal for network attack scoring;
the terminal for network attack scoring is in communication connection with the network.
The terminal for network attack scoring further comprises an acquisition module I, an acquisition module II, an acquisition module III, an evaluation module, a setting module I, a setting module II, a scoring module, a determination module and an addition module;
the acquisition module I is used for acquiring the importance degree of a network attack target;
the acquisition module is used for acquiring the score of the damage degree of the network attack target;
the acquisition module III is used for acquiring the weight of the protection level of the safety equipment;
the evaluation module is used for evaluating the attack of the technical personnel;
the setting module I is used for setting the number of the judges;
the setting module is used for setting the weight value of the professional level of the appraiser;
the scoring module is used for scoring the network attack by a judge;
the determining module is used for sequentially obtaining the score condition of each evaluation index;
the addition module is used for adding the subjective scoring result and the objective scoring result to obtain a final scoring result S of the network attackw=Sw1+Sw2。
A method of a cyber attack scoring computing system, comprising:
step 1: acquiring the importance degree of a network attack target;
step 2: obtaining the score of the damage degree of the network attack target;
and step 3: acquiring the weight of the protection level of the safety equipment;
and 4, step 4: attack assessment on technicians;
and 5: setting the number of judges;
step 6: setting a weight value of a professional level of a judge;
and 7: the evaluation server evaluates the network attack;
and 8: sequentially obtaining the score condition of each evaluation index;
and step 9: adding the subjective scoring result and the objective scoring result to obtain a final scoring result S of the network attackw=Sw1+Sw2。
The step 7 of scoring the network attack by the reviewer includes: the subjective scoring result of the judges is obtained according to different weights of the professional levels of the judges and is shown in formula (1):
wherein S isW1Represents the subjective scoring result; n represents the number of judges; siRepresenting the score of the network attack on the appraiser, wherein the score of the network attack is obtained by using the method of the step 4; wiA weight value representing the professional level of the panel.
The step 8 of sequentially obtaining the score condition of each evaluation index includes: according to a preset scoring standard, determining an objective scoring result of the network attack through weighting calculation as shown in formula (2):
wherein S isW2Representing an objective scoring result; sjRespectively representing the importance degree score of the network attack target, the damage degree score of the network attack target, the protection level score of the safety equipment and the attack evaluation score of the technical personnel; wjThe subscript j is 1-4 to represent the importance degree weight of the cyber attack target, the damage degree score of the cyber attack target, the security device protection level weight and the technician attack evaluation score, respectively.
The invention has the beneficial effects that:
(1) the invention can solve the problem that the grading standard of the network attack is single, and can comprehensively judge the attack score because various parameters of the network attack can be obtained, thereby realizing the diversification of the grading standard.
(2) The invention can solve the problem that the network attack behavior cannot be accurately reflected by the network attack score, and can prepare to judge the network attack behavior and achieve the effect by acquiring different parameters of the attack target, and prepare to reflect the network attack behavior.
Drawings
Fig. 1 is a flow chart of a method of the network attack scoring computing system of the present invention.
Detailed Description
The invention will be further described with reference to the following figures and examples.
As shown in fig. 1, the network attack scoring computing system includes:
a terminal for network attack scoring; the terminal for network attack scoring is in communication connection with the network. The terminal for network attack scoring can be a computer. The terminal for network attack scoring further comprises an acquisition module I, an acquisition module II, an acquisition module III, an evaluation module, a setting module I, a setting module II, a scoring module, a determination module and an addition module; the acquisition module I is used for acquiring the importance degree of a network attack target; the acquisition module is used for acquiring the score of the damage degree of the network attack target; the acquisition module III is used for acquiring the weight of the protection level of the safety equipment; the evaluation module is used for evaluating the attack of the technical personnel; the setting module I is used for setting the number of the judges; the setting module is used for setting the weight value of the professional level of the appraiser; the scoring module is used for scoring the network attack by a judge; the determining module is used for sequentially obtaining the score condition of each evaluation index; the addition module is used for adding the subjective scoring result and the objective scoring result to obtain a final scoring result S of the network attackw=Sw1+Sw2。
A method of a cyber attack scoring computing system, comprising:
step 1: acquiring the importance degree of a network attack target; the target of the network attack relates to various industries, including websites of party administration institutions (central ministry of commission level websites, provincial and hall level websites, prefecture level websites, county level websites), websites of important industries (central or ministry of commission level important industry supervision units, central and directly-affiliated large-scale national important industry units, local important industry supervision departments, local national important industry units, Internet finance, insurance, securities and other units), websites of education and other industry units (985 and 211 colleges, other known colleges, general colleges, other middle and high schools and the like); different targets have different importance degrees, different weight values and different scores of network attacks, so that different weight values are given to the targets according to different importance degrees of the targets, the higher the weight value is, the greater the importance degree of the target is, and the weight value of the target is taken as the importance degree value of the target.
Step 2: obtaining the score of the damage degree of the network attack target; the influence levels of the network attacks on the targets are different, the damage degrees sequentially comprise no damage, slight damage, serious damage and fatal damage to the attack targets from low to high, and the corresponding scores of the attacks are different according to different damage degrees and different weighted values. The degree of damage is as follows: carrying out flow analysis on the target, almost having no influence on the target, and scoring 10 points for attack; interrupting, reducing or blocking the attack of the operation of the target system, and interfering the normal work of the target system, wherein the attack score is 30 points; acquiring the attack controlled by a target system, influencing the target and being incapable of controlling the system, wherein the attack score is 50 points; malicious invasion, which damages the operation of the whole target system and scores an attack of 80 points;
and step 3: acquiring the weight of the protection level of the safety equipment; the devices deployed in the network topology are various, so that the security levels of the devices are different, and the security levels are A, B, C and D from top to bottom; aiming at different protection levels, the weight values are different, and the corresponding scores of the attacks are also different. The four levels are as follows: the protection equipment adopts a minimum protection strategy, the protection level is grade D, and the attack score is 10; the protection equipment adopts a passive and autonomous access strategy, the protection level is grade C, and the attack score is 30; the protection equipment adopts a passive mandatory access strategy, the protection level is B level, and the attack score is 50 points; the protection equipment adopts verified protection, the protection level is A level, and the attack score is 80.
And 4, step 4: attack assessment on technicians; the attacks of the technicians are different, such as obtaining attack time, attack mode, and utilized vulnerability types (such as open vulnerability and 0day vulnerability) through a probe; scores for the technician's attack assessments vary for different attack means and modes. The specific scores were as follows: violent cracking, single attack means and 10 scores of attack evaluation; attack evaluation score is 30 points by means of loopholes and the like; the attack means is simple and effective, and the attack evaluation score is 50 points; the attack means is novel and innovative, and the attack evaluation score is 80 points.
And 5: the number of the judges can be set according to the competition, for example, the number of the judges is 3-5;
step 6: setting a weight value of a professional level of the appraiser, wherein the weight value of the professional level of the appraiser is different according to different corresponding knowledge degrees, reading histories and side emphasis of the appraiser; the professional ratings of the panelists are as follows: professional judges, accounting for 50% of the weight; non-professional judges, accounting for 30% of the weight; and the mass judges account for 20 percent of the weight.
And 7: the evaluation server evaluates the network attack;
and 8: sequentially obtaining the score condition of each evaluation index;
and step 9: adding the subjective scoring result and the objective scoring result to obtain a final scoring result S of the network attackw=Sw1+Sw2。
The step 7 of scoring the network attack by the reviewer includes: the subjective scoring result of the judges is obtained according to different weights of the professional levels of the judges and is shown in formula (1):
wherein S isW1Represents the subjective scoring result; n represents the number of judges; siRepresenting the score of the network attack on the appraiser, wherein the score of the network attack is obtained by using the method of the step 4; wiA weight value representing the professional level of the panel.
The step 8 of sequentially obtaining the score condition of each evaluation index includes: according to a preset scoring standard, determining an objective scoring result of the network attack through weighting calculation as shown in formula (2):
wherein S isW2Representing an objective scoring result; sjRespectively representing the importance degree score of the network attack target, the damage degree score of the network attack target, the protection level score of the safety equipment and the attack evaluation score of the technical personnel; wjIn the subscript j is 1 to 4The time represents the importance degree weight of the network attack target, the score of the damage degree of the network attack target, the weight of the security equipment protection level and the score of the attack evaluation of the technical staff respectively.
The invention relates to a weight-based network attack scoring calculation method, which can calculate an objective scoring result of network attack and a subjective scoring result of a appraiser on the network attack by acquiring the importance degree of a network attack target, the damage degree of the target, the protection level of a safety device and the score of attack evaluation of a technical staff, and finally obtain a final scoring result, thereby solving the problems that the scoring means is single and the scoring standard can not accurately reflect the network attack behavior.
It should be recognized that the method steps in embodiments of the present invention may be embodied or carried out by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The method may use standard programming techniques. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
The method may be implemented in any type of computer platform operatively connected to a suitable connection, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, etc., which is communicatively connected to the network.
The present invention has been described in an illustrative manner by the embodiments, and it should be understood by those skilled in the art that the present disclosure is not limited to the embodiments described above, but is capable of various changes, modifications and substitutions without departing from the scope of the present invention.
Claims (5)
1. A cyber attack scoring computing system, comprising:
a terminal for network attack scoring;
the terminal for network attack scoring is in communication connection with the network.
2. The network attack scoring computing system according to claim 1, wherein the terminal for scoring network attacks further comprises a first acquisition module, a second acquisition module, a third acquisition module, an evaluation module, a first setting module, a second setting module, a scoring module, a determination module and an addition module;
the acquisition module I is used for acquiring the importance degree of a network attack target;
the acquisition module is used for acquiring the score of the damage degree of the network attack target;
the acquisition module III is used for acquiring the weight of the protection level of the safety equipment;
the evaluation module is used for evaluating the attack of the technical personnel;
the setting module I is used for setting the number of the judges;
the setting module is used for setting the weight value of the professional level of the appraiser;
the scoring module is used for scoring the network attack by a judge;
the determining module is used for sequentially obtaining the score condition of each evaluation index;
the addition module is used for adding the subjective scoring result and the objective scoring result to obtain a final scoring result S of the network attackw=Sw1+Sw2。
3. A method of a cyber attack scoring system, comprising:
step 1: acquiring the importance degree of a network attack target;
step 2: obtaining the score of the damage degree of the network attack target;
and step 3: acquiring the weight of the protection level of the safety equipment;
and 4, step 4: attack assessment on technicians;
and 5: setting the number of judges;
step 6: setting a weight value of a professional level of a judge;
and 7: the evaluation server evaluates the network attack;
and 8: sequentially obtaining the score condition of each evaluation index;
and step 9: adding the subjective scoring result and the objective scoring result to obtain a final scoring result S of the network attackw=Sw1+Sw2。
4. The method of a cyber attack scoring system according to claim 3, wherein the step 7 of scoring cyber attacks by the judges comprises: the subjective scoring result of the judges is obtained according to different weights of the professional levels of the judges and is shown in formula (1):
wherein S isW1Represents the subjective scoring result; n represents the number of judges; siRepresenting the score of the network attack on the appraiser, wherein the score of the network attack is obtained by using the method of the step 4; wiA weight value representing the professional level of the panel.
5. The method of claim 3, wherein the step 8 of sequentially obtaining the score of each evaluation index comprises: according to a preset scoring standard, determining an objective scoring result of the network attack through weighting calculation as shown in formula (2):
wherein S isW2Representing an objective scoring result; sjRespectively representing the importance degree score of the network attack target, the damage degree score of the network attack target, the protection level score of the safety equipment and the attack evaluation score of the technical personnel; wjThe subscript j is 1-4 to represent the importance degree weight of the cyber attack target, the damage degree score of the cyber attack target, the security device protection level weight and the technician attack evaluation score, respectively.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010231474.2A CN111431910A (en) | 2020-03-27 | 2020-03-27 | Network attack scoring computing system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010231474.2A CN111431910A (en) | 2020-03-27 | 2020-03-27 | Network attack scoring computing system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111431910A true CN111431910A (en) | 2020-07-17 |
Family
ID=71551698
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010231474.2A Pending CN111431910A (en) | 2020-03-27 | 2020-03-27 | Network attack scoring computing system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111431910A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113822582A (en) * | 2021-09-24 | 2021-12-21 | 南方电网科学研究院有限责任公司 | Attack and defense drilling system of network shooting range |
| CN114066015A (en) * | 2021-10-22 | 2022-02-18 | 山东旗帜信息有限公司 | Department personnel composition optimization method, equipment and medium |
| CN114780956A (en) * | 2022-06-21 | 2022-07-22 | 一物一码数据(广州)实业有限公司 | Big data analysis-based tracing system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109583056A (en) * | 2018-11-16 | 2019-04-05 | 中国科学院信息工程研究所 | A kind of network-combination yarn tool performance appraisal procedure and system based on emulation platform |
| CN110011976A (en) * | 2019-03-07 | 2019-07-12 | 中国科学院大学 | A kind of network attack damage capability quantitative estimation method and system |
-
2020
- 2020-03-27 CN CN202010231474.2A patent/CN111431910A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109583056A (en) * | 2018-11-16 | 2019-04-05 | 中国科学院信息工程研究所 | A kind of network-combination yarn tool performance appraisal procedure and system based on emulation platform |
| CN110011976A (en) * | 2019-03-07 | 2019-07-12 | 中国科学院大学 | A kind of network attack damage capability quantitative estimation method and system |
Non-Patent Citations (7)
| Title |
|---|
| 刘?等: "面向任务的驱逐舰作战效能评估方法研究", 《哈尔滨工程大学学报》 * |
| 刘辉: "大数据分析下隐私信息传输安全性评估仿真", 《计算机仿真》 * |
| 张列航: "基于组合赋权的空战威胁评估方法研究", 《火炮发射与控制学报》 * |
| 曾瑛等: "电力通信网节点重要度跨层融合评价方法", 《电力信息与通信技术》 * |
| 李晓东: "基于云平台的智慧安全态势感知系统构建", 《河北能源职业技术学院学报》 * |
| 路鹏飞等: "智能网联汽车网络安全水平定量评价方法研究", 《智能网联汽车》 * |
| 陈雷: ""网络安全态势评估与预测关键技术研究"", 《中国优秀硕士学位论文全文数据库(电子期刊) 信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113822582A (en) * | 2021-09-24 | 2021-12-21 | 南方电网科学研究院有限责任公司 | Attack and defense drilling system of network shooting range |
| CN114066015A (en) * | 2021-10-22 | 2022-02-18 | 山东旗帜信息有限公司 | Department personnel composition optimization method, equipment and medium |
| CN114780956A (en) * | 2022-06-21 | 2022-07-22 | 一物一码数据(广州)实业有限公司 | Big data analysis-based tracing system |
| CN114780956B (en) * | 2022-06-21 | 2022-10-14 | 一物一码数据(广州)实业有限公司 | Big data analysis-based tracing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rios Insua et al. | An adversarial risk analysis framework for cybersecurity | |
| US11972695B2 (en) | Method and system for evaluating individual and group cyber threat awareness | |
| CN111431910A (en) | Network attack scoring computing system and method | |
| Dillon et al. | Risk‐based decision making for terrorism applications | |
| Wyss et al. | Risk-based cost-benefit analysis for security assessment problems | |
| CN111629010B (en) | Malicious user identification method and device | |
| Newton | Implications of Goodhart's Law for monitoring global biodiversity loss | |
| Izurieta et al. | Leveraging secdevops to tackle the technical debt associated with cybersecurity attack tactics | |
| CN111401905A (en) | Abnormal user identification method and device, electronic equipment and storage medium | |
| CN117272306A (en) | Federal learning half-target poisoning attack method and system based on alternate minimization | |
| CN102521496A (en) | Method and system for acquiring importance levels of evaluation indexes | |
| RU2642374C1 (en) | Method for construction of computer attack protection system for automated control systems | |
| Galinec et al. | Design of Conceptual Model for Raising Awareness of Digital Threats | |
| Kioskli et al. | A Socio-Technical Approach to Cyber-Risk Assessment | |
| You et al. | Review on cybersecurity risk assessment and evaluation and their approaches on maritime transportation | |
| Ciptaningtyas et al. | Network traffic anomaly prediction using Artificial Neural Network | |
| Mahamood et al. | Cybersecurity Strengthening through Penetration Testing: Emerging Trends and Challenges | |
| CA3142747A1 (en) | Software application for continually assessing, processing, and remediating cyber-risk in real time | |
| CN113055366A (en) | Social engineering attack simulation and verification quantitative evaluation method | |
| Ridza et al. | Cyber Security Maturity Model and Maqasid al-Shari'ah | |
| Kayode et al. | Cost-Benefit Analysis of Cyber-Security Systems | |
| Zedda et al. | Assessing banks’ systemic risk contribution: a leave-one-out approach | |
| KR102608923B1 (en) | Apparatus and method of valuation for security vulnerability | |
| RU2783224C1 (en) | Method for identifying software vulnerabilities forming the conditions for information security violation in an information system due to a computer attack | |
| Moayedi et al. | A game theoretic approach for quantitative evaluation of security by considering hackers with diverse behaviors |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200717 |