CN111680863A - Network environment safety condition evaluation method based on analytic hierarchy process - Google Patents
Network environment safety condition evaluation method based on analytic hierarchy process Download PDFInfo
- Publication number
- CN111680863A CN111680863A CN202010336772.8A CN202010336772A CN111680863A CN 111680863 A CN111680863 A CN 111680863A CN 202010336772 A CN202010336772 A CN 202010336772A CN 111680863 A CN111680863 A CN 111680863A
- Authority
- CN
- China
- Prior art keywords
- index
- weight
- security
- network
- analytic hierarchy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 230000008569 process Effects 0.000 title claims abstract description 39
- 238000011156 evaluation Methods 0.000 title claims abstract description 38
- 230000004931 aggregating effect Effects 0.000 claims abstract description 3
- 239000011159 matrix material Substances 0.000 claims description 22
- 241000700605 Viruses Species 0.000 claims description 11
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 claims description 5
- 238000007781 pre-processing Methods 0.000 claims description 4
- 230000002776 aggregation Effects 0.000 claims description 3
- 238000004220 aggregation Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract 1
- 230000007613 environmental effect Effects 0.000 abstract 1
- 238000004364 calculation method Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000008439 repair process Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000004927 fusion Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000008595 infiltration Effects 0.000 description 1
- 238000001764 infiltration Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000010415 tropism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
- G06Q10/06393—Score-carding, benchmarking or key performance indicator [KPI] analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
Abstract
The invention relates to a network environment safety condition evaluation method based on an analytic hierarchy process, which comprises the following steps: establishing a network security situation evaluation index system with a five-layer hierarchical structure; dividing the whole network environment into a plurality of sub-network devices and hosts, wherein each sub-network device and host corresponds to a plurality of dimensions, each dimension corresponds to a plurality of primary indexes, and each primary index corresponds to a plurality of secondary indexes; based on an entropy value and a variation coefficient improved analytic hierarchy process, calculating and evaluating each secondary index, each primary index, each dimensionality importance degree weight and a safety score value; aggregating layer by layer, and calculating the weight and safety score values of each sub-network device and each host according to the importance degree weight and score of each level index; and fusing to obtain the final total network security situation score according to the security scores and the weights of the sub-network devices and the host. The invention has the effect of more effective and comprehensive evaluation on the environmental security of the network system.
Description
Technical Field
The invention relates to the field of network system security, in particular to a network environment security condition evaluation method based on an analytic hierarchy process.
Background
With the rapid development of computer and communication technologies, computer networks are more and more widely applied and have larger and larger scales, and the sharing of network resources is gradually strengthened, which brings great convenience to the production and life of people.
However, the openness and the vulnerability of a network system also enable network security threats and security risks to be increased continuously, network security becomes an important factor for restricting informatization development and application, the traditional method simply depends on a single network security protection technology such as a firewall, intrusion detection, virus prevention, access control and the like, the requirement of network security cannot be met, and the network security situation perception technology can integrate the security factors of various aspects, dynamically reflect the network security situation on the whole, and can well solve the problem of understanding and showing the whole security situation.
In the network security situation awareness technology, the overall evaluation of the security condition of the network environment is an important module, and the module can help a user to quickly and intuitively understand the security state of the current network environment. However, how to use an effective method to make reasonable network system environment security assessment is a critical problem, and the present invention is to propose a new method to solve the above problem.
Disclosure of Invention
The invention aims to provide a network environment safety condition assessment method based on an analytic hierarchy process, which has the advantages that safety assessment can be carried out by integrating all collectable safety related factors in the whole system environment, and the problem of key assessment elements loss caused by unavailable asset value information of IP addresses under some common conditions can be solved, so that the network system environment safety assessment is more effective and comprehensive.
The technical purpose of the invention is realized by the following technical scheme: 1. a network environment safety condition evaluation method based on an analytic hierarchy process comprises the following steps:
step 1: establishing a network security situation evaluation index system with a five-layer hierarchical structure;
step 2: dividing the whole network environment into a plurality of sub-network devices and hosts, wherein each sub-network device and host corresponds to a plurality of dimensions, each dimension corresponds to a plurality of primary indexes, and each primary index corresponds to a plurality of secondary indexes;
and step 3: based on an entropy value and a variation coefficient improved analytic hierarchy process, calculating and evaluating each secondary index, each primary index, each dimensionality importance degree weight and a safety score value;
and 4, step 4: aggregating layer by layer, and calculating the weight and safety score values of each sub-network device and each host according to the importance degree weight and score of each level index;
and 5: according to the security scores and the weights of the sub-network devices and the host, the final total score of the network security situation is obtained through fusion
Further setting the following steps: in step 1, data acquisition is firstly carried out, a plurality of indexes related to the field of network security are collected, preprocessing is carried out on the data, an index system with a five-layer hierarchical structure is established based on optional data, a target layer is used for overall system network security evaluation, a second layer is composed of a plurality of sub-network devices and hosts, a third layer is composed of a plurality of dimensions based on a network environment, a fourth layer is composed of related first-level indexes based on the dimensions, and a last layer is composed of a plurality of second-level indexes corresponding to the first-level indexes.
Further setting the following steps: in step 2, the whole network environment is divided into a plurality of asset devices according to the characteristics of the functions, the characteristics and the like of each block, each asset device has certain difference, finally, the total security situation score of the whole network environment is obtained according to the importance degree weight and the security score of each asset device, and the security state of the current network environment is comprehensively evaluated.
Further setting the following steps: in step 3, evaluating each secondary index, each primary index, each dimensionality importance degree weight and safety score by an improved analytic hierarchy process based on an entropy value and variation coefficient method, wherein the safety score and the weight of each dimensionality are obtained by a plurality of next primary indexes, and the safety score of each primary index is obtained by a plurality of next secondary indexes; the weights of the hierarchies can be obtained by the following formulas:
each primary index importance degree weight is 1/3 ═ g (weight of a secondary index entropy value method + weight of a secondary index analytic hierarchy process + weight of a secondary index variation coefficient method);
each dimension index importance degree weight is 1/3 × (first-order index entropy weight + first-order index analytic hierarchy process weight + first-order index variation coefficient process weight).
Further setting the following steps: in step 3, the security of each dimension is evaluated to obtain a security evaluation score of each dimension, specifically, the security evaluation of each dimension includes five dimensions of vulnerability state, event, intrusion information, information asset and security measure, and each dimension includes a plurality of corresponding primary evaluation indexes.
Further setting the following steps: the first-order indicators contained in each dimension are as follows:
vulnerability status: vulnerability threats, vulnerability related to the number of hosts and vulnerability related to the number of internet applications;
event: the number of internal threat events, the number of external threat events;
intrusion information: the method comprises the following steps of (1) judging the number and the grade of Trojan horse virus indexes, the number and the grade of common viruses, DOOS attacks, the number and the grade of zombie software and the number and the grade of spyware;
information assets: hardware device assets, security facility assets, operating system assets, database assets, and host IP address information for each network device.
Further setting up a judgment matrix A of the target indexes based on the selected indexes of each level, calculating the weight coefficient of the judgment matrix A which is { aij } n × n under the condition that the judgment matrix meets the consistency, taking the weight coefficient as the subjective weight of the target indexes, determining the subjective weight vector based on the subjective weight of each target index, and calculating the maximum characteristic root lambda of the judgment matrix under the condition that the judgment matrix does not meet the consistencymaxAnd using said maximum characteristic root λmaxCalculating a consistency check index CI; determining whether to modify the judgment matrix based on a formula CR (CI/RI), wherein CI is a consistency check index, and CR is a consistency ratio index; and if CR is larger than the target value, correcting the judgment matrix.
Further setting the following steps: the final importance degree weight of each level index is composed of three parts, namely, a weight obtained by an entropy method, a weight obtained by an analytic hierarchy process and a weight obtained by a variation coefficient method, and the average value of the three parts is obtained to be used as the final weight of each level index.
Further setting the following steps: in step 4, the importance weights and security scores of the sub-network devices and hosts are obtained by upward aggregation so as to evaluate the network security of the whole system environment
Further setting the following steps: and calculating the network safety evaluation score of the whole system environment according to the safety evaluation scores of the sub-network devices and the host computers in the whole network environment through respective importance degree weights.
Compared with the prior art, the invention has the following beneficial effects:
the method can help the user to quickly and intuitively understand the security state of the current network environment;
the network security situation is dynamically reflected on the whole, and the problem of understanding and showing the whole security situation can be well solved;
the method can comprehensively carry out security assessment on all collectable security related factors in the whole system environment, and can solve the problem of key evaluation element loss caused by incapability of acquiring asset value information of the IP address under some common conditions, thereby being more effective and comprehensive in network system environment security assessment.
Drawings
FIG. 1 is an index system diagram of a network environment security condition evaluation method according to the present embodiment;
fig. 2 is a flowchart of a network environment security condition evaluation method according to the present embodiment.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
Example (b): referring to fig. 1 and 2, a network environment security condition assessment method based on an analytic hierarchy process includes the following steps:
step S1: network security situation evaluation index system with five layers of hierarchical structure
Step S2: dividing the whole network environment into a plurality of sub-network devices and hosts, wherein each sub-network device and host corresponds to a plurality of dimensions, each dimension corresponds to a plurality of primary indexes, and each primary index corresponds to a plurality of secondary indexes;
step S3: and (4) calculating and evaluating each secondary index, each primary index, each dimensionality importance degree weight and a safety score value based on an entropy value and variation coefficient improved analytic hierarchy process.
Step S4: the sub-network devices and the host are aggregated layer by layer, and the weight and the safety score value of each sub-network device and each host are calculated according to the importance degree weight and the score of each level index
Step S5: and fusing to obtain the final total network security situation score according to the security scores and the weights of the sub-network devices and the host.
Specifically, in step S1, data collection is performed, a plurality of indexes related to the network security field are collected, and preprocessing is performed on the data, including removing duplicate information and error information, processing null values appropriately using a scientific method, and finally generating available data such as formatted security event information, basic asset information, and status asset information.
And based on the optional data and according to an index system construction principle, establishing an index system with a five-layer hierarchical structure, wherein a target layer is used for overall system network security evaluation, a second layer is a plurality of sub-network devices and hosts, a third layer is a plurality of dimensionalities based on a network environment, a fourth layer is a related first-level index based on each dimensionality, and a last layer is a plurality of corresponding second-level indexes under each first-level index.
In step S2, the entire network environment is divided into a plurality of sub-network devices and hosts, each asset device has a certain difference, and finally, a total security situation score of the entire network environment is obtained according to the importance weights and security scores of the sub-network devices and hosts, and the security status of the current network environment is comprehensively evaluated. More specifically, the method for dividing the sub-network devices and the hosts may be based on the functions of the respective blocks in the overall network environment, the basic characteristics (host addresses, device states, operation modes, etc.) of the respective sub-network devices and the respective hosts, and the asset value (operating system, hardware configuration, software configuration, etc. of the respective hosts of the respective sub-network devices).
In step S3, the improved analytic hierarchy process based on the entropy and coefficient of variation method evaluates each secondary indicator, each primary indicator, each dimension importance degree weight, and safety score, specifically: the safety score and the weight of each dimensionality are obtained by a plurality of first-level indexes below the dimensionality, and the safety score of each first-level index is obtained by a plurality of second-level indexes below the dimensionality. The weights of the hierarchies can be obtained by the following formulas:
each primary index importance degree weight is 1/3 ═ g (weight of a secondary index entropy value method + weight of a secondary index analytic hierarchy process + weight of a secondary index variation coefficient method);
each dimension index importance degree weight is 1/3 × (first-order index entropy value method weight + first-order index analytic hierarchy process weight + first-order index variation coefficient method weight).
In step S3, the security of each dimension is evaluated to obtain a security evaluation score of each dimension, specifically, the security evaluation of each dimension includes five dimensions, namely, a vulnerability state, an event, intrusion information, an information asset, and a security measure, and each dimension includes a plurality of corresponding primary evaluation indexes
Preferably, the next-level indicators for each dimension are as follows:
the vulnerability status specifically includes: vulnerability threats, vulnerabilities relate to the number of hosts, and vulnerabilities relate to the number of internet applications.
The event specifically comprises the following steps: total number of threat events, number of internal threat events, number of external threat events;
the intrusion information specifically includes: the method comprises the following steps of (1) judging the number and the grade of Trojan horse virus indexes, the number and the grade of common viruses, DOOS attacks, the number and the grade of zombie software and the number and the grade of spyware;
the information assets specifically include: hardware device assets, security facility assets, operating system assets, database assets, and host IP address information for each network device;
the safety measures specifically include: vulnerability discovery capability and vulnerability repair capability.
More specifically, the secondary indexes under each primary index are as follows:
the vulnerability category number specifically comprises a system vulnerability index, a Web vulnerability index, a weak password index and other application vulnerability indexes.
The vulnerability relates to the number of hosts and the number of Internet applications;
the number of internal threat events specifically comprises the total number of threat events to be observed, the total number of general threat events and the total number of major internal threat events;
the number of external threat events specifically comprises the total number of threat events to be observed, the total number of general threat events and the total number of major external threat events;
the Trojan horse virus indexes specifically comprise: the number and grade of Trojan horse viruses;
common viruses include in particular: the number and grade of common viruses;
a DOOS attack;
the zombie software specifically comprises: the number and level of zombie software;
the spyware specifically comprises: the number and level of spyware;
the hardware equipment assets specifically comprise the number of the hardware equipment assets;
the safety facility asset specifically comprises a safety facility asset quantity operation system asset specifically comprises an operation system asset quantity;
the database assets specifically include the number of database assets.
The IP address of the host of each network device specifically comprises a network segment, an access service type, DNS analysis server address daily first network session time, daily last network session time and daily each application layer flow ratio;
the vulnerability discovery capability specifically comprises a vulnerability scanning detection range, an infiltration test detection range, a pre-online safety evaluation range and vulnerability time deviation;
the bug fixing time specifically includes: low-risk, medium-risk, high-risk and extra-risk leak repair time;
the bug repair quantity specifically comprises the repaired quantity of low-risk, medium-risk, high-risk and extra-risk bugs.
All the indexes are obtained through a data acquisition module, reasonable preprocessing is carried out on original data before analysis, such as error value processing and null value processing, then the selected data are standardized, and comparable indexes of the same level are obtained, and all index data are numerical data.
Constructing a judgment matrix A of the target indexes based on the selected indexes of each level, calculating the weight coefficient of the judgment matrix A which is { aij } n × n when the judgment matrix meets the consistency, taking the weight coefficient as the subjective weight of the target indexes, and determining the subjective weight vector based on the subjective weight of each target indexmaxAnd using said maximum characteristic root λmaxCalculating a consistency check index CI; determining whether to modify the judgment matrix based on a formula CR (CI/RI), wherein CI is a consistency check index, and CR is a consistency ratio index; and if CR is larger than the target value, correcting the judgment matrix.
An improved analytic hierarchy process by using an entropy weight method and a variation coefficient method comprises the following steps:
entropy weight method
1. Constructing a raw data matrix
i=1,2,3…m;j=1,2,3…n
Where j denotes the jth evaluation object and i denotes the ith index
2. Standardizing the raw data
After determining the tropism of each index, calculating a dimensionless value of the numerical value of each index by adopting a range method, wherein the calculation formula is as follows:
in the above formula, min (xi) represents the minimum value of the i-th index in the original data matrix X, and similarly, max (xi) represents the maximum value of the i-th index in the original data matrix X.
3. Calculating the information entropy of each index
According to the definition of information entropy in the information theory, the information entropy of a group of data is as follows:
wherein
If p isijWhen 0, then p is definedij=lnpijAnd (5) obtaining the information entropy of each index according to the formula as 0.
4. Determining weights of respective indexes
And calculating the weight on the basis according to the information entropy result, wherein the calculation formula is as follows:
wherein 0<Wi<1, and
(II) improvement of coefficient of variation method
(1) Calculating the coefficient of variation of each index
Firstly, calculating the variation coefficient of each index observation value according to the normalized index data, wherein the calculation formula is as follows:
where SD is the standard deviation of a set of data and MN is the mean of a set of data.
(2) Calculating the weight of each index
The variation coefficient method can measure the variation degree of each index observation value, the index weight directly calculated by the variation coefficient method has certain objectivity, and the subjectivity of the analytic hierarchy process can be overcome to a certain extent. The calculation formula is as follows:
wherein ViIs the coefficient of variation of one of the indices,
is the sum of the coefficients of variation of all indices.
(III) fusion model
And integrating the AHP model, the entropy weight model and the variation coefficient model. The AHP model evaluation value reflects the subjective preference of a decision maker, the entropy weight model evaluation value reflects the objectivity based on data, the variation coefficient can reflect the variation degree of each index data, and the three are combined by a linear weighting method, so that the subjectivity of an analytic hierarchy process can be overcome to a certain extent, and the real condition of the network security state can be reflected more objectively. Can be based on
The following formula performs the weight calculation:
wherein A is the index weight of each level, alpha is the weight of the AHP model, beta is the weight of the entropy weight model, gamma is the weight of the coefficient of variation model, and A is the average value of the weights of the three models.
The network environment security situation total score calculation formula is as follows:
wherein ω isiWeights, R, for each sub-network device and hostiThe security score value for each sub-network device and host.
In step S3, the importance weight of each level index is composed of three components, i.e., the weight obtained by the entropy method, the weight obtained by the analytic hierarchy process, and the weight obtained by the variation coefficient method, and the average of the three components is obtained as the weight of each level index. The subjectivity of the analytic hierarchy process can be overcome to a certain extent by applying an entropy weight method and a variation coefficient method.
In step S4, the importance weights and security scores of the sub-network devices and hosts are obtained by upward aggregation so that the network security of the whole system environment can be evaluated.
In step S5, the network security of the entire system environment is evaluated, and specifically, the network security evaluation score of the entire system environment is calculated according to the security evaluation scores and the importance weight values of the sub-network devices and hosts in the entire system environment.
The present embodiment is only for explaining the present invention, and it is not limited to the present invention, and those skilled in the art can make modifications of the present embodiment without inventive contribution as needed after reading the present specification, but all of them are protected by patent law within the scope of the claims of the present invention.
Claims (10)
1. A network environment safety condition evaluation method based on an analytic hierarchy process is characterized by comprising the following steps:
step 1: establishing a network security situation evaluation index system with a five-layer hierarchical structure;
step 2: dividing the whole network environment into a plurality of sub-network devices and hosts, wherein each sub-network device and host corresponds to a plurality of dimensions, each dimension corresponds to a plurality of primary indexes, and each primary index corresponds to a plurality of secondary indexes;
and step 3: based on an entropy value and a variation coefficient improved analytic hierarchy process, calculating and evaluating each secondary index, each primary index, each dimensionality importance degree weight and a safety score value;
and 4, step 4: aggregating layer by layer, and calculating the weight and safety score values of each sub-network device and each host according to the importance degree weight and score of each level index;
and 5: and fusing to obtain the final total network security situation score according to the security scores and the weights of the sub-network devices and the host.
2. The analytic hierarchy process-based network environment security status assessment method of claim 1, wherein: in step 1, data acquisition is firstly carried out, a plurality of indexes related to the field of network security are collected, preprocessing is carried out on the data, an index system with a five-layer hierarchical structure is established based on optional data, a target layer is used for overall system network security evaluation, a second layer is composed of a plurality of sub-network devices and hosts, a third layer is composed of a plurality of dimensions based on a network environment, a fourth layer is composed of related first-level indexes based on the dimensions, and a last layer is composed of a plurality of second-level indexes corresponding to the first-level indexes.
3. The analytic hierarchy process-based network environment security status assessment method of claim 1, wherein: in step 2, the whole network environment is divided into a plurality of asset devices according to the characteristics of the functions, the characteristics and the like of each block, each asset device has certain difference, finally, the total security situation score of the whole network environment is obtained according to the importance degree weight and the security score of each asset device, and the security state of the current network environment is comprehensively evaluated.
4. The analytic hierarchy process-based network environment security status assessment method of claim 1, wherein: in step 3, evaluating each secondary index, each primary index, each dimensionality importance degree weight and safety score by an improved analytic hierarchy process based on an entropy value and variation coefficient method, wherein the safety score and the weight of each dimensionality are obtained by a plurality of next primary indexes, and the safety score of each primary index is obtained by a plurality of next secondary indexes; the weights of the hierarchies can be obtained by the following formulas:
each primary index importance degree weight is 1/3 ═ g (weight of a secondary index entropy value method + weight of a secondary index analytic hierarchy process + weight of a secondary index variation coefficient method);
each dimension index importance degree weight is 1/3 × (first-order index entropy weight + first-order index analytic hierarchy process weight + first-order index variation coefficient process weight).
5. The analytic hierarchy process-based network environment security status assessment method of claim 1, wherein: in step 3, the security of each dimension is evaluated to obtain a security evaluation score of each dimension, specifically, the security evaluation of each dimension includes five dimensions of vulnerability state, event, intrusion information, information asset and security measure, and each dimension includes a plurality of corresponding primary evaluation indexes.
6. The analytic hierarchy process-based network environment security status assessment method of claim 5, wherein: the first-order indicators contained in each dimension are as follows:
vulnerability status: vulnerability threats, vulnerability related to the number of hosts and vulnerability related to the number of internet applications;
event: the number of internal threat events, the number of external threat events;
intrusion information: the method comprises the following steps of (1) judging the number and the grade of Trojan horse virus indexes, the number and the grade of common viruses, DOOS attacks, the number and the grade of zombie software and the number and the grade of spyware;
information assets: hardware device assets, security facility assets, operating system assets, database assets, and host IP address information for each network device.
7. The analytic hierarchy process-based network environment of claim 4The all-condition evaluation method is characterized by comprising the steps of constructing a judgment matrix A of the target indexes on the basis of the selected indexes of each level, calculating a weight coefficient of the judgment matrix A which is { aij } n × n under the condition that the judgment matrix meets consistency, taking the weight coefficient as the subjective weight of the target indexes, determining a subjective weight vector on the basis of the subjective weight of each target index, and calculating the maximum characteristic root lambda of the judgment matrix under the condition that the judgment matrix does not meet the consistencymaxAnd using said maximum characteristic root λmaxCalculating a consistency check index CI; determining whether to modify the judgment matrix based on a formula CR (CI/RI), wherein CI is a consistency check index, and CR is a consistency ratio index; and if CR is larger than the target value, correcting the judgment matrix.
8. The analytic hierarchy process-based network environment security status assessment method of claim 1, wherein: the final importance degree weight of each level index is composed of three parts, namely, a weight obtained by an entropy method, a weight obtained by an analytic hierarchy process and a weight obtained by a variation coefficient method, and the average value of the three parts is obtained to be used as the final weight of each level index.
9. The analytic hierarchy process-based network environment security status assessment method of claim 1, wherein: in step 4, the importance weights and security scores of the sub-network devices and hosts are obtained by upward aggregation, so that the network security of the whole system environment can be evaluated.
10. The analytic hierarchy process-based network environment security status assessment method of claim 9, wherein: and calculating the network safety evaluation score of the whole system environment according to the safety evaluation scores of the sub-network devices and the host computers in the whole network environment through respective importance degree weights.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010336772.8A CN111680863A (en) | 2020-04-26 | 2020-04-26 | Network environment safety condition evaluation method based on analytic hierarchy process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010336772.8A CN111680863A (en) | 2020-04-26 | 2020-04-26 | Network environment safety condition evaluation method based on analytic hierarchy process |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111680863A true CN111680863A (en) | 2020-09-18 |
Family
ID=72452634
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010336772.8A Pending CN111680863A (en) | 2020-04-26 | 2020-04-26 | Network environment safety condition evaluation method based on analytic hierarchy process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111680863A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112565007A (en) * | 2020-11-27 | 2021-03-26 | 中盈优创资讯科技有限公司 | System health degree evaluation method and device |
| CN112702366A (en) * | 2021-03-25 | 2021-04-23 | 浙江乾冠信息安全研究院有限公司 | Network system security evaluation method, device, electronic equipment and medium |
| CN112784281A (en) * | 2021-01-21 | 2021-05-11 | 恒安嘉新(北京)科技股份公司 | Safety assessment method, device, equipment and storage medium for industrial internet |
| CN112804231A (en) * | 2021-01-13 | 2021-05-14 | 广州大学 | Distributed construction method, system and medium for attack graph of large-scale network |
| CN113421000A (en) * | 2021-06-30 | 2021-09-21 | 中国人民解放军国防科技大学 | Autonomous and controllable evaluation method for communication equipment |
| CN113742194A (en) * | 2021-09-17 | 2021-12-03 | 北京航空航天大学 | Block chain system environment three-dimensional scoring method based on analytic hierarchy process |
| CN114139020A (en) * | 2021-12-08 | 2022-03-04 | 广西民族大学 | Network security event structure hierarchical processing method and device |
| CN114237176A (en) * | 2021-12-08 | 2022-03-25 | 中盈优创资讯科技有限公司 | Method and device for realizing out-of-control prejudgment of normal index in communication field based on control chart |
| CN114553517A (en) * | 2022-02-14 | 2022-05-27 | 北京源堡科技有限公司 | Nonlinear weighted network security assessment method, device, equipment and storage medium |
| CN114567501A (en) * | 2022-03-04 | 2022-05-31 | 科来网络技术股份有限公司 | Automatic asset identification method, system and equipment based on label scoring |
| CN115098566A (en) * | 2022-08-18 | 2022-09-23 | 创思(广州)电子科技有限公司 | Information system for improving convolutional neural network model |
| CN115664695A (en) * | 2022-08-26 | 2023-01-31 | 南方电网数字电网研究院有限公司 | Comprehensive evaluation method of network space security situation based on two-dimensional code reflection |
| CN117455122A (en) * | 2023-12-22 | 2024-01-26 | 中咨公路养护检测技术有限公司 | Road surface state evaluation method, device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789955A (en) * | 2016-11-30 | 2017-05-31 | 山东省计算中心(国家超级计算济南中心) | A kind of network security situation evaluating method |
| CN108647885A (en) * | 2018-05-10 | 2018-10-12 | 北京科东电力控制系统有限责任公司 | Electric vehicle charging network evaluation method based on analytic hierarchy process (AHP) and entropy weight method |
| CN109246153A (en) * | 2018-11-09 | 2019-01-18 | 中国银行股份有限公司 | Network safety situation analysis model and network safety evaluation method |
| CN109740863A (en) * | 2018-12-13 | 2019-05-10 | 国网山东省电力公司经济技术研究院 | Integrated evaluating method based on big plant-grid connection system |
| CN110650040A (en) * | 2019-09-17 | 2020-01-03 | 中国民航大学 | Information system security situation evaluation method based on correction matrix-entropy weight membership cloud |
-
2020
- 2020-04-26 CN CN202010336772.8A patent/CN111680863A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789955A (en) * | 2016-11-30 | 2017-05-31 | 山东省计算中心(国家超级计算济南中心) | A kind of network security situation evaluating method |
| CN108647885A (en) * | 2018-05-10 | 2018-10-12 | 北京科东电力控制系统有限责任公司 | Electric vehicle charging network evaluation method based on analytic hierarchy process (AHP) and entropy weight method |
| CN109246153A (en) * | 2018-11-09 | 2019-01-18 | 中国银行股份有限公司 | Network safety situation analysis model and network safety evaluation method |
| CN109740863A (en) * | 2018-12-13 | 2019-05-10 | 国网山东省电力公司经济技术研究院 | Integrated evaluating method based on big plant-grid connection system |
| CN110650040A (en) * | 2019-09-17 | 2020-01-03 | 中国民航大学 | Information system security situation evaluation method based on correction matrix-entropy weight membership cloud |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112565007A (en) * | 2020-11-27 | 2021-03-26 | 中盈优创资讯科技有限公司 | System health degree evaluation method and device |
| CN112804231A (en) * | 2021-01-13 | 2021-05-14 | 广州大学 | Distributed construction method, system and medium for attack graph of large-scale network |
| CN112784281A (en) * | 2021-01-21 | 2021-05-11 | 恒安嘉新(北京)科技股份公司 | Safety assessment method, device, equipment and storage medium for industrial internet |
| CN112702366A (en) * | 2021-03-25 | 2021-04-23 | 浙江乾冠信息安全研究院有限公司 | Network system security evaluation method, device, electronic equipment and medium |
| CN112702366B (en) * | 2021-03-25 | 2021-07-20 | 浙江乾冠信息安全研究院有限公司 | Network system security evaluation method, device, electronic equipment and medium |
| CN113421000A (en) * | 2021-06-30 | 2021-09-21 | 中国人民解放军国防科技大学 | Autonomous and controllable evaluation method for communication equipment |
| CN113421000B (en) * | 2021-06-30 | 2023-07-11 | 中国人民解放军国防科技大学 | Autonomous controllable evaluation method for communication equipment |
| CN113742194A (en) * | 2021-09-17 | 2021-12-03 | 北京航空航天大学 | Block chain system environment three-dimensional scoring method based on analytic hierarchy process |
| CN114237176A (en) * | 2021-12-08 | 2022-03-25 | 中盈优创资讯科技有限公司 | Method and device for realizing out-of-control prejudgment of normal index in communication field based on control chart |
| CN114139020B (en) * | 2021-12-08 | 2023-03-28 | 广西民族大学 | Network security event structure hierarchical processing method and device |
| CN114139020A (en) * | 2021-12-08 | 2022-03-04 | 广西民族大学 | Network security event structure hierarchical processing method and device |
| CN114553517A (en) * | 2022-02-14 | 2022-05-27 | 北京源堡科技有限公司 | Nonlinear weighted network security assessment method, device, equipment and storage medium |
| CN114567501A (en) * | 2022-03-04 | 2022-05-31 | 科来网络技术股份有限公司 | Automatic asset identification method, system and equipment based on label scoring |
| CN114567501B (en) * | 2022-03-04 | 2023-10-31 | 科来网络技术股份有限公司 | Automatic asset identification method, system and equipment based on label scoring |
| CN115098566A (en) * | 2022-08-18 | 2022-09-23 | 创思(广州)电子科技有限公司 | Information system for improving convolutional neural network model |
| CN115664695A (en) * | 2022-08-26 | 2023-01-31 | 南方电网数字电网研究院有限公司 | Comprehensive evaluation method of network space security situation based on two-dimensional code reflection |
| CN115664695B (en) * | 2022-08-26 | 2023-11-17 | 南方电网数字电网研究院有限公司 | Comprehensive evaluation method for network space security situation based on two-dimensional code reflection |
| CN117455122A (en) * | 2023-12-22 | 2024-01-26 | 中咨公路养护检测技术有限公司 | Road surface state evaluation method, device, electronic equipment and storage medium |
| CN117455122B (en) * | 2023-12-22 | 2024-03-19 | 中咨公路养护检测技术有限公司 | Road surface state evaluation method, device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111680863A (en) | Network environment safety condition evaluation method based on analytic hierarchy process | |
| CN110620759B (en) | Multi-dimensional association-based network security event hazard index evaluation method and system | |
| de Gusmão et al. | Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory | |
| US20190342307A1 (en) | System and method for monitoring security attack chains | |
| Kotenko et al. | A cyber attack modeling and impact assessment framework | |
| CN105516130B (en) | Data processing method and device | |
| US20050278786A1 (en) | System and method for assessing risk to a collection of information resources | |
| Ou et al. | Quantitative security risk assessment of enterprise networks | |
| GB2519216A (en) | System and method for discovering optimal network attack paths | |
| CN110620696A (en) | Grading method and device for enterprise network security situation awareness | |
| CN105718805A (en) | Cloud-computing trust management method based on evaluation confidence degree | |
| CN102148820A (en) | System and method for estimating network security situation based on index logarithm analysis | |
| CN111669365B (en) | Network security test method and device | |
| CN110011976B (en) | Network attack destruction capability quantitative evaluation method and system | |
| CN108769018B (en) | Multidimensional and multi-granularity network space security measurement method | |
| CN114003920A (en) | Security assessment method and device for system data, storage medium and electronic equipment | |
| CN113065699A (en) | Electric power information network security situation quantification method based on evolutionary neural network | |
| Elfeshawy et al. | Divided two-part adaptive intrusion detection system | |
| CN115329338A (en) | Information security risk analysis method and analysis system based on cloud computing service | |
| CN115225384A (en) | Network threat degree evaluation method and device, electronic equipment and storage medium | |
| CN117478433B (en) | Network and information security dynamic early warning system | |
| CN112702366B (en) | Network system security evaluation method, device, electronic equipment and medium | |
| CN113778806A (en) | Method, device, equipment and storage medium for processing safety alarm event | |
| CN115987544A (en) | Network security threat prediction method and system based on threat intelligence | |
| CN114065220B (en) | Dual-level analysis situation assessment method based on distributed system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200918 |
|
| WD01 | Invention patent application deemed withdrawn after publication |