CN111818007B - Vulnerability repair income priority evaluation method based on quantum genetic algorithm and electronic device - Google Patents

Vulnerability repair income priority evaluation method based on quantum genetic algorithm and electronic device Download PDF

Info

Publication number
CN111818007B
CN111818007B CN202010404149.1A CN202010404149A CN111818007B CN 111818007 B CN111818007 B CN 111818007B CN 202010404149 A CN202010404149 A CN 202010404149A CN 111818007 B CN111818007 B CN 111818007B
Authority
CN
China
Prior art keywords
vulnerability
information
optimal
fitness
calculating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010404149.1A
Other languages
Chinese (zh)
Other versions
CN111818007A (en
Inventor
刘镓煜
吴敬征
罗天悦
杨牧天
王丽敏
武延军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
Original Assignee
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS filed Critical Institute of Software of CAS
Priority to CN202010404149.1A priority Critical patent/CN111818007B/en
Publication of CN111818007A publication Critical patent/CN111818007A/en
Application granted granted Critical
Publication of CN111818007B publication Critical patent/CN111818007B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/12Computing arrangements based on biological models using genetic models
    • G06N3/126Evolutionary algorithms, e.g. genetic algorithms or genetic programming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Biophysics (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Software Systems (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Genetics & Genomics (AREA)
  • Biomedical Technology (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Physiology (AREA)
  • Mathematical Physics (AREA)
  • Electromagnetism (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a vulnerability repair income priority assessment method based on a quantum genetic algorithm and an electronic device, wherein the method comprises the following steps: communicating topology structure information through acquired vulnerability information existing in a network system and system access; computing the overall damage loss suffered by the system and the overall negative cost generated by repairing a group of bugs in the system; repairing a group of bugs by using limited cost, constructing a constraint function, and constructing a target function with the maximum system loss reduction according to the total damage loss and the total negative cost; constructing a fitness function through the total damage loss, the total negative cost, a constraint function and an objective function; and calculating the fitness according to the fitness function to obtain the evolution direction of the optimal bug repairing income so as to obtain an optimal bug repairing income scheme. The invention uses quantum bit to code chromosome, uses quantum logic gate to complete evolution and update of population, realizes optimization solution of target, avoids premature convergence and falls into local optimal solution, and has stronger optimization capability.

Description

Vulnerability repair income priority evaluation method based on quantum genetic algorithm and electronic device
Technical Field
The invention relates to the technical field of information security, in particular to a vulnerability repair income priority assessment method based on a quantum genetic algorithm and an electronic device.
Background
As computer systems are widely used in various industries, computer systems have become closely related to the lives of people. Meanwhile, the number of various information security holes is increased sharply, and the frequency is utilized by hackers, resulting in huge security risks. According to the Security company Risk Based Security (RBS) vulnerability report in 2019, only in the first half of 2019, as many as 11092 vulnerabilities were disclosed. Therefore, detecting bugs existing in the information system, and performing reasonable and effective management and repair on the bugs become key problems of the information security guarantee system.
At present, a management method for a vulnerability generally makes different vulnerability repair schemes according to a risk value or a risk level obtained by quantitatively evaluating the risk of the vulnerability. For example, the evaluation criteria of the general vulnerability database and the service information, the network topology structure and other information associated with the host where the actual vulnerability is located are combined, the risk value of the vulnerability is comprehensively calculated, and the vulnerability with a high risk value is preferentially repaired. For another example, chinese patent application CN101950338A discloses a vulnerability repair method based on hierarchical vulnerability threat assessment, which performs assessment according to an attack utilization score and a qualitative grade score.
However, the current method lacks analysis of cost and influence required by bug fixing to a certain extent, so that it is difficult to obtain better security benefit for a bug fixing scheme formulated according to a risk value. For example, the repair process of part of high-risk vulnerabilities is complex, a large amount of expenses such as manpower, time and computing resources are required to be spent, and after the vulnerability repair is completed, negative effects such as reduction of system performance are brought, and comprehensively, the cost spent for repairing the vulnerabilities is not inferior to the loss caused by utilization of the vulnerabilities, and the security benefit obtained by preferentially repairing such high-risk vulnerabilities according to the risk value is not high.
In practice, the security resources that the operation and maintenance personnel can use to repair the vulnerability are limited, and it is often expected that these limited security resources can preferentially repair the vulnerability that can achieve the optimal security benefits. The vulnerability management method based on risk assessment does not fully consider the income information of vulnerability repair, so that the provided vulnerability repair scheme is difficult to meet the requirements of operation and maintenance personnel.
Although chinese patent application CN109547401A discloses network security vulnerability prioritization and remediation, which calculates a network priority security level based on impact metrics and final resource metrics for each of the network security vulnerabilities, the optimization capability is not strong in calculating the network priority security level.
Disclosure of Invention
Based on the problems, the invention provides a vulnerability repair income priority assessment method and an electronic device based on a quantum genetic algorithm, so as to assess vulnerability repair income, output a vulnerability priority repair scheme and assist operation and maintenance personnel in preferentially repairing the vulnerability which can obtain the optimal security income under the constraint of limited vulnerability repair resources.
In order to achieve the purpose, the invention adopts the following technical scheme:
a vulnerability repair income priority assessment method based on a quantum genetic algorithm comprises the following steps:
1) calculating the total damage loss suffered by the system and the total negative cost generated by repairing a group of bugs in the system through the acquired bug information existing in the network system and the access communication topological structure information of the system;
2) randomly repairing a group of bugs by using limited cost, constructing a constraint function, and constructing a target function with the maximum system loss reduction according to the total damage loss and the total negative cost;
3) constructing a fitness function through the total damage loss, the total negative cost, a constraint function and an objective function;
4) and calculating the fitness according to the fitness function to obtain the evolution direction of the optimal bug repairing income so as to obtain an optimal bug repairing income scheme.
Further, the vulnerability information comprises vulnerability number, vulnerability identification, vulnerability associated service information and vulnerability distribution information; the service associated information comprises importance information, confidentiality information, integrity information and availability information of the application vulnerability related service.
Further, the overall hazard loss suffered by the system is calculated by:
1) calculating the attack launching probability of each vulnerability in each host for successful utilization according to the vulnerability information;
2) calculating the shortest attack link information between any two hosts according to the vulnerability attack launching probability and the access communication topological structure information which are successfully utilized;
3) selecting a set of potential intrusion initial hosts of an attacker, and calculating the probability of the attack information reaching a specific host;
4) calculating the loss of a single vulnerability to a specific host through the probability of the attack information reaching the specific host, the attack probability of successfully utilizing the vulnerability and the vulnerability information;
5) calculating the total damage of the specific host according to the loss and vulnerability information of the single vulnerability to the specific host;
6) and by combining the vulnerability information and the access connection topological structure information, the overall damage loss of the system is calculated.
Further, the method for calculating the attack probability of successful utilization of each vulnerability in each host comprises a factor analysis method; methods of calculating the shortest attack link information between any two hosts include factor analysis.
Further, the total negative cost generated by repairing a set of vulnerabilities in the system is calculated by:
1) calculating the negative cost of a single vulnerability generated by single vulnerability repair through vulnerability information and access connection topological structure information;
2) calculating the single-computer negative cost generated by repairing a plurality of vulnerabilities in the specific host by combining the repaired vulnerabilities on the specific host;
3) and calculating the total negative cost generated by a plurality of vulnerabilities in the repairing system by combining the access connection topological structure information of the vulnerability information system.
Further, fitness calculation is carried out through the following steps, and the evolution direction of the optimal vulnerability repair income is obtained:
1) setting the number of the loopholes obtained through the loophole information as the length of a quantum chromosome, and setting the size of the quantum population scale and the maximum genetic algebra according to the gene complexity and the actual operation environment of the model;
2) the quantum population of the t generation is represented as
Figure BDA0002490641110000031
Wherein N represents the size of the population,
Figure BDA0002490641110000032
representing the ith quantum chromosome in the t-th generation quantum population, m is the length of the quantum chromosome,
Figure BDA0002490641110000033
represents the ith qubit, wherein
Figure BDA0002490641110000034
And
Figure BDA0002490641110000035
are all plural, and respectively represent the state 0->And 1->And satisfies the following conditions:
Figure BDA0002490641110000036
3) state-generating binary solution set for observing Q (t)
Figure BDA0002490641110000037
4) Randomly generating N chromosomes represented by quantum bits, and all genes of all chromosomes in the population
Figure BDA0002490641110000038
Are all initialized to
Figure BDA0002490641110000039
5) Observing the population Q (t) of the current generation t, and randomly generating an interval [0,1 ]]A number γ of, if
Figure BDA00024906411100000310
Obtaining a measurement result value 1, and obtaining a binary solution set P (t) if the measurement result value is not 1, or else 0;
6) and (4) calculating the fitness of each solution in the P (t), recording the optimal individual with the optimal fitness, setting the optimal individual as the evolution direction of the population, and acquiring the evolution direction of the optimal vulnerability repair income.
Further, the direction of evolution of the population is set by:
1) comparing the optimal fitness of the current generation t with the t-1 th generation;
2) if the optimal fitness of the t generation is larger than the t-1 generation, setting the optimal fitness of the t generation as the evolution target of the next generation;
3) and if the optimal fitness of the t generation is less than or equal to the t-1 generation, keeping the optimal fitness of the t-1 generation as the evolution target of the next generation.
Further, an optimal vulnerability fix income scheme is obtained through the following steps:
1) judging whether the current algebra t is equal to the maximum genetic algebra G of the termination condition;
2) if yes, outputting a scheme of obtaining the optimal fitness by the current algebra t as an optimal vulnerability repair income scheme;
3) if not, by using quantum revolving door
Figure BDA00024906411100000311
The basis for chromosomes in the population Q (t)
Figure BDA00024906411100000312
And updating the rotation angle adjustment strategy, and taking the scheme of obtaining the optimal fitness of the t +1 th generation as the optimal vulnerability repair income scheme.
Further, the rotation angle adjustment strategy is performed by:
1) comparing the fitness value Fit (c) of the current chromosome c with the fitness value Fit (b) of the optimal chromosome b;
2) if fit (c) is preferred over fit (b), the chromosomes are controlled to evolve in favor of c;
3) if fit (b) is preferred over fit (c), the control chromosomes evolve in favor of b.
A storage medium having a computer program stored therein, wherein the computer program performs the above method.
An electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the above method.
Compared with the prior art, the invention has the following advantages:
1) calculating the optimized security benefit under the limited repair resources by using a quantum genetic algorithm, thereby designing a corresponding vulnerability repair scheme;
2) the quantum genetic algorithm is a genetic algorithm introducing a quantum computing concept, a chromosome is coded by using quantum bits, and evolution and updating of a population are completed by adopting a quantum logic gate, so that optimization and solving of a target are realized; compared with the original genetic algorithm, the quantum genetic algorithm can effectively avoid premature convergence, is trapped in a local optimal solution, and has stronger optimization capability.
Drawings
Fig. 1 is a flowchart of a vulnerability fix income priority assessment method based on a quantum genetic algorithm.
FIG. 2 is a flow chart of an overall hazard loss calculation model suffered by the system.
FIG. 3 is a flow diagram of a model of total negative cost calculations resulting from repairing a set of vulnerabilities in a system.
FIG. 4 is a flow diagram of constructing a quantum genetic algorithm-based security-benefit optimized vulnerability fix scheme.
Detailed Description
The technical scheme of the invention is clearly and completely described below with reference to the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment is based on a vulnerability repair income priority assessment method based on a quantum genetic algorithm, wherein the overall flow is shown in fig. 1, and the method mainly comprises the following steps:
1) acquiring vulnerability information and access connection topological structure information existing in a network system, wherein the specific implementation description is as follows:
1a) acquiring vulnerability information existing in a network system, wherein the vulnerability information comprises but is not limited to vulnerability quantity, vulnerability identification, vulnerability associated service information, vulnerability distribution information and other related information capable of guiding vulnerability damage and repair cost evaluation. The service related information comprises the importance Imp, confidentiality Con, integrity Int, availability Ava and other information of the application vulnerability related service, is obtained by applying an analytic hierarchy process or other analytical methods, and is represented in a numerical form. The importance represents the importance degree of the vulnerability related to the service in the system, and the larger the numerical value is, the higher the importance of the service is; confidentiality represents the degree to which the related service can be disclosed, and the larger the numerical value is, the higher the confidentiality of the service is; the integrity represents the influence degree of the related service on the system benefit, and the larger the numerical value is, the higher the influence degree of the service on the system benefit is; availability represents the degree of influence of the involved services on the operation of the system, and the larger the value, the higher the degree of influence on the operation of the system.
It should be noted that the attribute information can be flexibly configured according to actual needs, that is, the types of the parameters listed above are not limited.
1b) And acquiring access communication topological structure information of the network system, wherein the access communication topological structure information comprises communication information of each host in the network system.
2) The calculation flow of the overall damage loss calculation model for the construction system is shown in fig. 2, and the specific implementation is described as follows:
2a) for each vulnerability, according to information such as vulnerability identification and associated services, a factor analysis method or other analysis methods are applied to obtain the probability P of launching an attack by successfully applying the vulnerability to the host where the vulnerability is locatedattack_success. Turning to 2b)
2b) According to the successful utilization probability P of each vulnerability existing in each host in the network systemattack_successAnd accessing the information of the connected topological structure, and calculating to obtain the shortest attack link information between any two hosts by using a factor analysis method or other analysis methods. Rotating shaftTo 2c)
2c) Selecting a set N of potential intrusion initiating hosts of an attackerEntryAnd each initial host is given corresponding weight w, and the probability that an attacker can reach a specific host is calculated
Figure BDA0002490641110000051
Go to 2 d).
2d) The expected direct loss of a particular host by a single vulnerability is evaluated. The probability P of attack launching is successfully utilized according to the probability of attackers reaching a specific host where the vulnerability is locatedattack_successAnd service information related to the vulnerabilities, and calculating the direct loss VD (equal to P) of a single vulnerability to a specific hostvisit_host*Pattack_success(Imp + Con + Int + Ava), go to 2 e).
2e) The expected loss to the system due to all vulnerabilities present for a particular host is evaluated. The overall damage loss HD suffered by a particular host is evaluated in conjunction with the expected direct loss due to all n vulnerabilities present on the particular host. Because the same asset on the host computer can be simultaneously influenced by a plurality of bugs, the direct summation of the expected direct loss VD of each bug can lead to repeated calculation of partial loss, and a Cross function valuation function Cross (v) is introduced1,v2…vn) For bug v on host1,v2…vnEstimating the overlap causing the expected direct loss, eliminating the effect of repeated calculations, i.e.
Figure BDA0002490641110000061
Go to 2 f).
2f) And evaluating the expected loss caused by all the loopholes existing in the whole system. Repeatedly executing the steps 2c) -2e) to obtain the damage losses HD of all n hosts in the system, and calculating the total damage losses of the whole system
Figure BDA0002490641110000062
3) A calculation model of total negative cost generated by a group of vulnerabilities in the repair system is constructed, a calculation flow of which is shown in fig. 3, and specific implementation is described as follows:
3a) and calculating the operation cost OC spent on repairing a single vulnerability in a selected group of vulnerabilities by combining information such as vulnerability identification and system access connection topological structure and adopting a factor analysis method or other analysis methods, namely calculating the labor, time, space and calculation resource overhead which are directly spent on repairing the vulnerability, wherein the larger the numerical value is, the higher the operation cost representing repairing the vulnerability is. Turning to 3b)
3b) And evaluating the negative cost of the single vulnerability generated by repairing the single vulnerability in the selected group of vulnerabilities. By combining information of vulnerability related services, system access communication topological structures and the like, a factor analysis method or other analysis methods are adopted to calculate the negative cost VNC of a single vulnerability generated by single vulnerability repair, namely, the loss caused by the fact that the system cannot normally serve and the like due to vulnerability repair is calculated. In the embodiment, loss caused by importance, confidentiality, integrity and availability of the service related to the vulnerability is calculated, and VNC (virtual network computing platform) ═ Imp is calculatedlost+Conlost+Intlost+AvalostGo to 3 c).
3c) A single machine negative cost resulting from fixing multiple vulnerabilities on a particular host machine is evaluated. And evaluating the single-machine negative cost HNC generated by repairing a plurality of vulnerabilities by the specific host according to the negative cost VNC of all n vulnerabilities selected to be repaired on the specific host. Because the same asset on the host computer can be simultaneously influenced by the repair of a plurality of vulnerabilities, the direct summation of negative costs of all vulnerabilities can lead to repeated calculation of partial negative costs, and a Cross function valuation function Cross is introducedlost(v1,v2…vn) For repaired bug v on host1,v2…vnThe overlapping parts causing negative cost are estimated, eliminating the effect of repeated calculations, i.e.
Figure BDA0002490641110000063
Go to 3 d).
3d) The total negative cost resulting from repairing a set of vulnerabilities in the system is evaluated. Repeating the steps 3b) -3c) Obtaining the single-machine negative cost HNC generated by a plurality of bugs on all n hosts selected for bug fixing, and calculating the total negative cost of bug fixing suffered by the whole system
Figure BDA0002490641110000064
4) And constructing a security profit optimization vulnerability repair scheme based on a quantum genetic algorithm. And (3) calculating the optimized security benefits under the limited repair resources by combining the calculation models obtained in the step 2) and the step 3) by using a quantum genetic algorithm, thereby designing a corresponding vulnerability repair scheme, wherein the modeling operation flow of the quantum genetic algorithm is shown in FIG. 4, and the specific implementation description is as follows:
4a) and constructing quantum genetic algorithm constraints. The optimal bug fix scheme is at finite cost CallUnder the constraint condition of (2), selecting a group of bugs V existing in the systemrepairRepairing is performed, thereby constructing a constraint function
Figure BDA0002490641110000071
Go to 4 b).
4b) And constructing a quantum genetic algorithm target function. The optimal vulnerability fix scheme aims at: after all bugs in the scheme are repaired, the overall loss of the system is reduced by the maximum value of the expectation function f, so that an objective function maxf is constructed as SD-SD '-SNC, wherein SD' represents a repair VrepairAnd (4) turning to 4c) according to the calculation principle of the total loss caused by the residual system bugs after all bugs in the process and the calculation mode of SD in the step 2).
4c) And constructing a fitness function of the quantum genetic algorithm. Constructing a fitness function by constraint conditions, an objective function and a penalty coefficient c
Figure BDA0002490641110000072
Wherein the penalty factor c is such that the fitness of chromosomes not satisfying the constraint is much smaller than chromosomes satisfying the constraint, go to 4 d).
4d) And setting related parameters and coding modes of the quantum genetic algorithm. The related parameters comprise population size N, maximum genetic algebra G and fitnessAnd (4) indexes. Preferably, the population size N is set to 100 and the maximum number of generations G is set to 300 in this embodiment. The encoding method of the quantum bit is that the t-th generation quantum population is expressed as
Figure BDA0002490641110000073
Wherein N represents the size of the population,
Figure BDA0002490641110000074
represents the ith quantum chromosome in the t-th generation quantum population, and
Figure BDA0002490641110000075
the definition is as follows:
Figure BDA0002490641110000076
the length of the quantum chromosome is m, which is the total number of holes in the system in this example. In the chromosome
Figure BDA0002490641110000077
In (1),
Figure BDA0002490641110000078
represents the ith qubit, wherein
Figure BDA0002490641110000079
And
Figure BDA00024906411100000710
are all plural, and respectively represent the state 0->And 1->And satisfies the following conditions:
Figure BDA00024906411100000711
generating a binary solution set by observing the state of Q (t)
Figure BDA00024906411100000712
Each solution
Figure BDA00024906411100000713
Is a binary string of length m. Numbering all m loopholes existing in the system in sequence,
Figure BDA00024906411100000714
the value of the j th bit is 1, which represents that the j th bug is selected to be repaired, and the value of the j th bit is 0, which represents that the j th bug is not repaired. Go to 4 e).
4e) An initial population Q (0) of qubit codes is generated. Q (0) is initialized by randomly generating N chromosomes represented by quantum bits and all genes of all chromosomes in the population
Figure BDA0002490641110000081
Are all initialized to
Figure BDA0002490641110000082
Go to 4 f).
4f) Observing the population Q (t) of the current generation t to obtain a binary solution set P (t). The specific observation process in this embodiment is to randomly generate an interval [0,1 ]]A number γ of, if
Figure BDA0002490641110000083
The measurement result takes a value of 1, otherwise takes a value of 0. In actual implementation, other observation rules may be used. Go to 4 g).
4g) And (4) calculating the fitness of each solution in the P (t) by referring to the calculation model constructed in the step 2) and the step 3) and the fitness function Fit constructed in the step 4c), recording the optimal individual with the optimal fitness, and setting the optimal individual as the evolution direction of the population. The specific setting mode of the population evolution direction is as follows: and comparing the optimal fitness of the current generation t with the optimal fitness of the t-1 generation, if the optimal fitness of the t-1 generation is greater than that of the t-1 generation, setting the optimal fitness of the t-1 generation as the evolution target of the next generation, and otherwise, keeping the optimal fitness of the t-1 generation as the evolution target of the next generation. In particular, when t is 0, the optimal fitness of the 0 th generation is taken as an evolution target. Go to 4h).
4h) Judging whether the current algebra t is equal to the maximum genetic algebra G, if so, obtaining the optimal current algebra tOutputting the fitness scheme as an optimal vulnerability repair income scheme, and if not, applying a quantum revolving door
Figure BDA0002490641110000084
The basis for chromosomes in the population Q (t)
Figure BDA0002490641110000085
And updating the rotation angle adjustment strategy to obtain the t +1 th generation population Q (t +1), and returning to execute the step 4 f).
Preferably, the rotation angle adjustment strategy employed in the present embodiment is:
Figure BDA0002490641110000086
the design idea of the adjustment strategy is that the fitness value Fit (c) of the current chromosome c is compared with the fitness value Fit (b) of the optimal chromosome b, if Fit (c) is superior to Fit (b), the chromosome is controlled to evolve towards the direction favorable for c, otherwise, the chromosome is controlled to evolve towards the direction favorable for b, so that the current individual can evolve towards the current optimal direction under any state. In actual implementation, other adjustment strategies may also be employed.

Claims (10)

1. A vulnerability repair income priority assessment method based on a quantum genetic algorithm comprises the following steps:
1) calculating the total damage loss SD suffered by the system and repairing a group of bugs V in the system through the acquired bug information existing in the network system and the access communication topological structure information of the systemrepairThe resulting overall negative cost SNC;
2) random repair of a set of vulnerabilities V using finite costrepairConstructing a constraint function, and constructing an objective function maxf (SD-SD '-SNC) with the largest system loss reduction according to the total damage loss and the total negative cost, wherein SD' is a group of bugs V in the repair systemrepairThe total loss caused by the residual system bugs after all bugs are detected;
3) constructing a fitness function through total damage loss, total negative cost, a constraint function and an objective function
Figure FDA0003053690850000011
Figure FDA0003053690850000012
Wherein the penalty coefficient c is such that the fitness of chromosomes not satisfying the constraint is much smaller than the fitness of chromosomes, OC, satisfying the constraintvTo fix a set of vulnerabilities VrepairC, the operating cost spent by a single vulnerability v inallIs a limited cost;
4) and calculating the fitness according to the fitness function to obtain the evolution direction of the optimal bug repairing income so as to obtain an optimal bug repairing income scheme.
2. The method of claim 1, wherein the vulnerability information includes vulnerability quantity, vulnerability identification, vulnerability associated service information, and vulnerability distribution information; the service associated information comprises importance information, confidentiality information, integrity information and availability information of the application vulnerability related service.
3. The method of claim 1, wherein the overall hazard loss suffered by the system is calculated by:
1) calculating the attack launching probability of each vulnerability in each host for successful utilization according to the vulnerability information;
2) calculating the shortest attack link information between any two hosts according to the vulnerability attack launching probability and the access communication topological structure information which are successfully utilized;
3) selecting a set of potential intrusion initial hosts of an attacker, and calculating the probability of the attack information reaching a specific host;
4) calculating the loss of a single vulnerability to a specific host through the probability of the attack information reaching the specific host, the attack probability of successfully utilizing the vulnerability and the vulnerability information;
5) calculating the total damage of the specific host according to the loss and vulnerability information of the single vulnerability to the specific host;
6) and by combining the vulnerability information and the access connection topological structure information, the overall damage loss of the system is calculated.
4. The method of claim 3, wherein the method of calculating the probability of successful exploit vulnerability launching attack for each vulnerability in each host comprises a factor analysis method; methods of calculating the shortest attack link information between any two hosts include factor analysis.
5. The method of claim 1, wherein the total negative cost of repairing a set of vulnerabilities in a system is calculated by:
1) calculating the negative cost of a single vulnerability generated by single vulnerability repair through vulnerability information and access connection topological structure information;
2) calculating the single-computer negative cost generated by repairing a plurality of vulnerabilities in the specific host by combining the repaired vulnerabilities on the specific host;
3) and calculating the total negative cost generated by a plurality of vulnerabilities in the repairing system by combining the access connection topological structure information of the vulnerability information system.
6. The method of claim 1, wherein the fitness calculation is performed by the following steps to obtain the evolutionary direction of the optimal vulnerability fix revenue:
1) setting the number of the loopholes obtained through the loophole information as the length of a quantum chromosome, and setting the size of the quantum population scale and the maximum genetic algebra according to the gene complexity and the actual operation environment of the model;
2) the quantum population of the t generation is represented as
Figure FDA00030536908500000211
Wherein N represents the size of the population,
Figure FDA0003053690850000022
representing the ith quantum chromosome in the t-th generation quantum population, m is the length of the quantum chromosome,
Figure FDA0003053690850000023
represents the ith qubit, wherein
Figure FDA0003053690850000024
And
Figure FDA0003053690850000025
are complex numbers, respectively represent probability amplitude representing states 0 > and 1 > and satisfy:
Figure FDA0003053690850000026
3) state-generating binary solution set for observing Q (t)
Figure FDA0003053690850000027
4) Randomly generating N chromosomes represented by quantum bits, and all genes of all chromosomes in the population
Figure FDA0003053690850000028
Are all initialized to
Figure FDA0003053690850000029
5) Observing the population Q (t) of the current generation t, and randomly generating an interval [0,1 ]]A number γ of, if
Figure FDA00030536908500000210
Obtaining a measurement result value 1, and obtaining a binary solution set P (t) if the measurement result value is not 1, or else 0;
6) and (4) calculating the fitness of each solution in the P (t), recording the optimal individual with the optimal fitness, setting the optimal individual as the evolution direction of the population, and acquiring the evolution direction of the optimal vulnerability repair income.
7. The method of claim 6, wherein the direction of evolution of the population is set by:
1) comparing the optimal fitness of the current generation t with the t-1 th generation;
2) if the optimal fitness of the t generation is larger than the t-1 generation, setting the optimal fitness of the t generation as the evolution target of the next generation;
3) and if the optimal fitness of the t generation is less than or equal to the t-1 generation, keeping the optimal fitness of the t-1 generation as the evolution target of the next generation.
8. The method of claim 7, wherein the optimal vulnerability fix revenue scheme is obtained by:
1) judging whether the current algebra t is equal to the maximum genetic algebra G of the termination condition;
2) if yes, outputting a scheme of obtaining the optimal fitness by the current algebra t as an optimal vulnerability repair income scheme;
3) if not, by using quantum revolving door
Figure FDA0003053690850000031
The basis for chromosomes in the population Q (t)
Figure FDA0003053690850000032
And updating the rotation angle adjustment strategy, and taking the scheme of obtaining the optimal fitness of the t +1 th generation as the optimal vulnerability repair income scheme.
9. The method of claim 8, wherein the rotation angle adjustment strategy is performed by:
1) comparing the fitness value Fit (c) of the current chromosome c with the fitness value Fit (b) of the optimal chromosome b;
2) if fit (c) is preferred over fit (b), the chromosomes are controlled to evolve in favor of c;
3) if fit (b) is preferred over fit (c), the control chromosomes evolve in favor of b.
10. An electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the method according to any of claims 1-9.
CN202010404149.1A 2020-05-13 2020-05-13 Vulnerability repair income priority evaluation method based on quantum genetic algorithm and electronic device Active CN111818007B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010404149.1A CN111818007B (en) 2020-05-13 2020-05-13 Vulnerability repair income priority evaluation method based on quantum genetic algorithm and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010404149.1A CN111818007B (en) 2020-05-13 2020-05-13 Vulnerability repair income priority evaluation method based on quantum genetic algorithm and electronic device

Publications (2)

Publication Number Publication Date
CN111818007A CN111818007A (en) 2020-10-23
CN111818007B true CN111818007B (en) 2021-08-31

Family

ID=72848045

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010404149.1A Active CN111818007B (en) 2020-05-13 2020-05-13 Vulnerability repair income priority evaluation method based on quantum genetic algorithm and electronic device

Country Status (1)

Country Link
CN (1) CN111818007B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112487493A (en) * 2020-11-25 2021-03-12 电子科技大学 Safety strategy scheduling optimization method based on genetic algorithm
CN116244705B (en) * 2023-03-08 2024-01-12 北京航天驭星科技有限公司 Commercial satellite operation control platform vulnerability processing method and related equipment
CN118503991B (en) * 2024-07-17 2024-10-15 中汽研汽车检验中心(常州)有限公司 Method, device and storage medium for balancing risk rate and repair cost of automobile component

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101950338A (en) * 2010-09-14 2011-01-19 中国科学院研究生院 Bug repair method based on hierarchical bug threat assessment
CN104394541A (en) * 2014-10-31 2015-03-04 广东工业大学 Perception coverage holes' healing method of manufacture Internet of things
CN109886018A (en) * 2019-01-25 2019-06-14 北京工业大学 A kind of storage-type XSS attack vector optimization method based on genetic algorithm
CN110879778A (en) * 2019-10-14 2020-03-13 杭州电子科技大学 Novel dynamic feedback and improved patch evaluation software automatic restoration method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995771A (en) * 2019-03-19 2019-07-09 北京工业大学 A kind of storage-type XSS leakage location based on genetic algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101950338A (en) * 2010-09-14 2011-01-19 中国科学院研究生院 Bug repair method based on hierarchical bug threat assessment
CN104394541A (en) * 2014-10-31 2015-03-04 广东工业大学 Perception coverage holes' healing method of manufacture Internet of things
CN109886018A (en) * 2019-01-25 2019-06-14 北京工业大学 A kind of storage-type XSS attack vector optimization method based on genetic algorithm
CN110879778A (en) * 2019-10-14 2020-03-13 杭州电子科技大学 Novel dynamic feedback and improved patch evaluation software automatic restoration method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Application of BP Neural Network for Line Losses Calculation Based on Quantum Genetic Algorithm;Kewen Liu;Haiming Zhou;.etc;《2011 Fourth International Symposium on Computational Intelligence and Design》;20111030;全文 *

Also Published As

Publication number Publication date
CN111818007A (en) 2020-10-23

Similar Documents

Publication Publication Date Title
CN111818007B (en) Vulnerability repair income priority evaluation method based on quantum genetic algorithm and electronic device
CN108881110B (en) Security situation assessment and defense strategy combined decision method and system
CN111783442A (en) Intrusion detection method, device, server and storage medium
CA3080050A1 (en) Training tree-based machine-learning modeling algorithms for predicting outputs and generating explanatory data
CN104243445A (en) Methods and systems for use in analyzing cyber-security threats in an aviation platform
JP7213626B2 (en) Security measure review tool
CN109376544B (en) Method for preventing community structure in complex network from being deeply excavated
Xiao et al. Network security situation prediction method based on MEA-BP
CN115460608A (en) Method and device for executing network security policy and electronic equipment
CN113537400A (en) Branch neural network-based edge computing node allocation and exit method
CN117580046A (en) Deep learning-based 5G network dynamic security capability scheduling method
CN114726601B (en) Information security simulation modeling and verification evaluation method based on graph structure
CN114553489B (en) Industrial control system safety protection method and device based on multi-objective optimization algorithm
Hudic et al. A multi-layer and multitenant cloud assurance evaluation methodology
CN107943754B (en) Heterogeneous redundancy system optimization method based on genetic algorithm
Levitin Optimizing defense strategies for complex multi-state systems
Lagerström et al. Automatic design of secure enterprise architecture: Work in progress paper
CN110544113B (en) Method and device for determining input of fuel charge in transaction based on intelligent contract
CN115454473A (en) Data processing method based on deep learning vulnerability decision and information security system
Koutiva et al. An Agent-Based Modelling approach to assess risk in Cyber-Physical Systems (CPS)
Lauta et al. Increasing the reliability of computer network protection system by analyzing its controllability models
Al-Eiadeh et al. GeniGraph: A genetic-based novel security defense resource allocation method for interdependent systems modeled by attack graphs
CN111882416A (en) Training method and related device of risk prediction model
CN111917801A (en) Petri network-based user behavior authentication method in private cloud environment
CN116684135B (en) Weapon equipment network attack surface evaluation method based on improved SGA

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant