CN113660227B - Quantitative calculation method and device for network security vulnerability assessment - Google Patents

Quantitative calculation method and device for network security vulnerability assessment Download PDF

Info

Publication number
CN113660227B
CN113660227B CN202110870443.6A CN202110870443A CN113660227B CN 113660227 B CN113660227 B CN 113660227B CN 202110870443 A CN202110870443 A CN 202110870443A CN 113660227 B CN113660227 B CN 113660227B
Authority
CN
China
Prior art keywords
vulnerability
value
degree
influence
evaluated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110870443.6A
Other languages
Chinese (zh)
Other versions
CN113660227A (en
Inventor
杨剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202110870443.6A priority Critical patent/CN113660227B/en
Publication of CN113660227A publication Critical patent/CN113660227A/en
Application granted granted Critical
Publication of CN113660227B publication Critical patent/CN113660227B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Algebra (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a quantitative calculation method and device for network security vulnerability assessment. The quantitative calculation method for network security vulnerability assessment comprises the following steps: acquiring vulnerability information of an object to be evaluated, and setting a service influence degree value and a security threat level value of each vulnerability; counting the number of the devices influenced by each vulnerability, and determining the degree of influence range of the vulnerability according to the ratio of the number of the devices influenced by the vulnerability to the total number of the devices of the corresponding type; and determining the vulnerability grade value of the object to be evaluated based on the service influence degree value and the security threat grade value of each vulnerability and combining the influence range degree value of each vulnerability so as to evaluate the object to be evaluated. The invention comprehensively considers the service influence degree, the security threat degree and the influenced range degree, thereby reducing the deviation caused by completely depending on artificial subjective judgment, and adjusting the calculation parameters according to the change of the service influence to obtain more accurate data.

Description

Quantitative calculation method and device for network security vulnerability assessment
Technical Field
The invention relates to the technical field of network security, in particular to a quantitative calculation method and device for network security vulnerability assessment.
Background
In the field of information security, risk sources of information assets such as vulnerabilities, security protection measure defects, exposure of a certain vulnerable attack surface and the like can be uniformly called as 'vulnerabilities of the information assets', and quantitative evaluation on the vulnerabilities can enable an information asset owner to objectively recognize security risks faced by the assets.
The methods adopted by the vulnerability assessment at present are a qualitative analysis method and a quantitative analysis method. The qualitative analysis method is generally characterized by the assessment table given by GB/T20984-2007 or GB/T30279-2020, and the qualitative analysis method has the problem that different analysts have different understandings, so that the vulnerability value results also have difference. In the quantitative analysis method, the vulnerability value evaluation mainly considers parameters of a standard compliance value and a control measure implementation value, and focuses on the compliance degree of the vulnerability, and the vulnerability is considered less in terms of the service influence degree and the influence range, and as the influence of the network security threat on the service is more and more serious, the service influence and the range influence need to be considered into basic elements when the information security risk evaluation is carried out.
Disclosure of Invention
The embodiment of the invention provides a quantitative calculation method and equipment for network security vulnerability assessment, which are used for solving the problem that the vulnerability assessment method in the prior art is not comprehensive.
The quantitative calculation method for network security vulnerability assessment, provided by the embodiment of the invention, comprises the following steps:
acquiring vulnerability information of an object to be evaluated, and setting a service influence degree value and a security threat level value of each vulnerability;
counting the number of the devices influenced by each vulnerability, and determining the degree value of the influence range of the vulnerability according to the ratio of the number of the devices influenced by the vulnerability to the total number of the devices of the corresponding category;
and determining the vulnerability grade value of the object to be evaluated based on the service influence degree value and the security threat grade value of each vulnerability and combining the influence range degree value of each vulnerability so as to evaluate the object to be evaluated.
According to some embodiments of the present invention, the acquiring vulnerability information of an object to be evaluated includes:
constructing a leakage library, wherein the leakage library comprises at least one of the following information: vulnerability name, vulnerability number, basis/source, vulnerability type and hazard degree;
acquiring characteristic information of an object to be evaluated, wherein the characteristic information comprises at least one of the following information: device name, operating system type and version, database type and version, brand, model, service usage, quantity;
based on the vulnerability library, identifying the vulnerability of the object to be evaluated in a combined mode of manual infiltration and automatic scanning, and acquiring the vulnerability information, wherein the vulnerability information comprises at least one of the following information: IP address, evaluated equipment name, equipment information, vulnerability code, vulnerability name, vulnerability degree, vulnerability detailed description and business degree influence.
According to some embodiments of the invention, setting the business impact degree value comprises:
dividing the service influence degree into m levels, and setting a service influence degree value for each level;
and analyzing the grade of the influence degree of the layer where each vulnerability is located on the business to determine the business influence degree value of each vulnerability.
According to some embodiments of the invention, setting a security threat level value comprises:
dividing the security threat levels into m levels according to the hazard levels given by authoritative vulnerability organizations at home and abroad, and setting security threat level values for each level;
analyzing the level of the security threat degree of each vulnerability to determine the security threat level value of each vulnerability;
the authoritative vulnerability organizations at home and abroad comprise CNNVD, CVE and/or NVD.
According to some embodiments of the present invention, the determining the degree of influence value of the vulnerability according to the ratio between the number of devices influenced by the vulnerability and the total number of devices of the corresponding category includes:
setting m influence degree intervals, and assigning a value to each influence degree interval;
and analyzing an influence degree interval to which a ratio between the number of the equipment influenced by the vulnerability and the total number of the corresponding types of equipment belongs, wherein a value corresponding to the influence degree interval is the influence range degree value of the vulnerability.
According to some embodiments of the present invention, the determining, based on the service influence degree value and the security threat level value of each vulnerability and in combination with the influence range degree value of each vulnerability, the vulnerability level value of the object to be evaluated to evaluate the object to be evaluated includes:
constructing a vulnerability attribute two-dimensional matrix A based on the service influence degree value and the security threat level value of each vulnerability:
Figure GDA0003852813080000031
wherein ci represents a business influence degree value of the ith vulnerability, and di represents a security threat level value of the ith vulnerability;
constructing a vulnerability influence range degree matrix N based on the influence range degree value of each vulnerability:
Figure GDA0003852813080000032
wherein Ni represents the degree value of the influence range of the ith vulnerability;
based on the vulnerability attribute two-dimensional matrix A and the vulnerability influence range degree matrix N, adopting phase multiplication to construct a matrix S for calculating the service influence grade value sum and the safety threat grade value sum:
Figure GDA0003852813080000033
calculating the vulnerability value Q of the object to be evaluated by adopting a summation method based on the service influence grade value summation and the safety threat grade value summation matrix S:
Q=S1+S2;
and quantitatively evaluating the object to be evaluated based on the vulnerability value Q of the object to be evaluated.
According to some embodiments of the present invention, the quantitatively evaluating the object to be evaluated based on the vulnerability value Q of the object to be evaluated includes:
creating a plurality of vulnerability intervals, and assigning a value to each vulnerability interval;
and analyzing a vulnerability interval to which the vulnerability value Q of the object to be evaluated belongs, wherein the value corresponding to the vulnerability interval is the vulnerability grade value of the object to be evaluated.
According to some embodiments of the invention, m =5.
The quantitative computing equipment for evaluating the vulnerability of the network security according to the embodiment of the invention comprises: the network security vulnerability assessment quantitative calculation method comprises the following steps of a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the computer program realizes the steps of the network security vulnerability assessment quantitative calculation method when being executed by the processor.
According to the computer readable storage medium of the embodiment of the invention, the computer readable storage medium stores the implementation program of information transfer, and the program is executed by the processor to implement the steps of the quantitative calculation method for network security vulnerability assessment as described above.
By adopting the embodiment of the invention, when vulnerability analysis is carried out, the service influence degree, the security threat degree and the influenced range degree are comprehensively considered, so that the deviation caused by completely depending on artificial subjective judgment is reduced, the method is particularly suitable for industries with important service continuity, such as finance, communication, energy and the like, and the calculation parameters can be adjusted according to the change of the service influence to obtain more accurate data.
The above description is only an overview of the technical solutions of the present invention, and the present invention can be implemented in accordance with the content of the description so as to make the technical means of the present invention more clearly understood, and the above and other objects, features, and advantages of the present invention will be more clearly understood.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. In the drawings:
FIG. 1 is a flow chart of a quantitative calculation method for network security vulnerability assessment in an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a quantitative calculation method for network security vulnerability assessment in an embodiment of the present invention;
fig. 3 is an exemplary diagram of vulnerability information disclosed by the CNNVD in the embodiment of the present invention;
fig. 4 is a schematic structural diagram of a quantitative computing device for evaluating network security vulnerability according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
An embodiment of the first aspect of the present invention provides a quantitative calculation method for network security vulnerability assessment, as shown in fig. 1, including:
s1, acquiring vulnerability information of an object to be evaluated, and setting a service influence degree value and a security threat level value of each vulnerability;
s2, counting the number of the devices influenced by each vulnerability, and determining the influence range degree value of the vulnerability according to the ratio of the number of the devices influenced by the vulnerability to the total number of the devices of the corresponding type;
and S3, determining the vulnerability grade value of the object to be evaluated based on the service influence degree value and the security threat grade value of each vulnerability and combining the influence range degree value of each vulnerability so as to evaluate the object to be evaluated.
By adopting the embodiment of the invention, when vulnerability analysis is carried out, the service influence degree, the security threat degree and the influenced range degree are comprehensively considered, so that the deviation caused by completely depending on artificial subjective judgment is reduced, the method is particularly suitable for industries with important service continuity, such as finance, communication, energy and the like, and the calculation parameters can be adjusted according to the change of the service influence to obtain more accurate data.
On the basis of the above-described embodiment, various modified embodiments are further proposed, and it is to be noted herein that, in order to make the description brief, only the differences from the above-described embodiment are described in the various modified embodiments.
According to some embodiments of the present invention, the acquiring vulnerability information of an object to be evaluated includes:
constructing a leak library, which is shown in table 1, wherein the leak library comprises at least one of the following information: vulnerability name, vulnerability number, basis/source, vulnerability type and hazard level;
TABLE 1 vulnerability information Table
Figure GDA0003852813080000061
Acquiring characteristic information of an object to be evaluated, wherein the characteristic information comprises at least one of the following information: device name, operating system type and version, database type and version, brand, model, service usage, quantity;
TABLE 2 characteristic information Table
Figure GDA0003852813080000062
Based on the vulnerability library, identifying the vulnerability of the object to be evaluated in a combined mode of manual infiltration and automatic scanning, and acquiring the vulnerability information, as shown in table 3, wherein the vulnerability information comprises at least one of the following information: IP address, name of evaluated equipment, equipment information, vulnerability code, vulnerability name, vulnerability degree, vulnerability detailed description and business degree influence.
Table 3 vulnerability information table
Figure GDA0003852813080000071
According to some embodiments of the invention, setting the business impact degree value comprises:
dividing the service influence degree into m levels, and setting a service influence degree value for each level; for example, the service impact degree is divided into 5 levels of high, medium, low and low, the service impact degree value of the high level is 4, the service impact degree value of the medium level is 3, the service impact degree value of the low level is 2, and the service impact degree value of the low level is 1, which is shown in table 4.
Table 4 service influence degree assignment table
Figure GDA0003852813080000072
Figure GDA0003852813080000081
And analyzing the grade of the influence degree of the layer where each vulnerability is located on the business to determine the business influence degree value of each vulnerability.
According to some embodiments of the invention, setting a security threat level value comprises:
dividing the security threat levels into m levels according to the hazard levels given by authoritative vulnerability organizations at home and abroad, and setting security threat level values for each level; for example, the security threat levels are divided into 5 levels of high risk, high, medium, general and recommended, the security threat level value is set to 5 for the high risk level, the security threat level value is set to 4 for the high level, the security threat level value is set to 3 for the medium level, the security threat level value is set to 2 for the general level, and the security threat level value is set to 1 for the recommended level.
Analyzing the level of the security threat degree of each vulnerability to determine the security threat level value of each vulnerability;
the authoritative vulnerability organizations at home and abroad comprise CNNVD, CVE and/or NVD. It is to be appreciated that any one or more of CNNVD, CVE, NVD may be referenced in setting security threat level values.
According to some embodiments of the present invention, the determining the degree of the vulnerability's influence range according to the ratio between the number of devices influenced by the vulnerability and the total number of devices of the corresponding category includes:
setting m influence degree intervals, and assigning a value to each influence degree interval; for example, 5 influence degree intervals are set, which are: (0, 0.2), [0.2, 0.4), [0.4, 0.6), [0.6, 0.8), [0.8,1], (0, 0.2) interval is assigned a value of 1, the [0.2, 0.4) interval is assigned a value of 2, the [0.4, 0.6) interval is assigned a value of 3, the [0.6, 0.8) interval is assigned a value of 4, the [0.8,1] interval is assigned a value of 5, see Table 5.
TABLE 5 Equipment Classification and influence degree calculation method
Figure GDA0003852813080000091
And analyzing an influence degree interval to which a ratio between the number of the equipment influenced by the vulnerability and the total number of the corresponding types of equipment belongs, wherein a value corresponding to the influence degree interval is the influence range degree value of the vulnerability.
According to some embodiments of the present invention, the determining, based on the business impact level value and the security threat level value of each vulnerability, the vulnerability level value of the object to be evaluated in combination with the impact range level value of each vulnerability, so as to evaluate the object to be evaluated, includes:
constructing a vulnerability attribute two-dimensional matrix A based on the service influence degree value and the security threat level value of each vulnerability:
Figure GDA0003852813080000101
wherein ci represents a business influence degree value of the ith vulnerability, and di represents a security threat level value of the ith vulnerability;
constructing a vulnerability influence range degree matrix N based on the influence range degree value of each vulnerability:
Figure GDA0003852813080000102
wherein Ni represents the degree value of the influence range of the ith vulnerability;
based on the vulnerability attribute two-dimensional matrix A and the vulnerability influence range degree matrix N, a matrix S for calculating the service influence grade value sum and the safety threat grade value sum is constructed by adopting a phase multiplication method:
Figure GDA0003852813080000103
calculating the vulnerability value Q of the object to be evaluated by adopting a summation method based on the service influence grade value summation and the safety threat grade value summation matrix S:
Q=S1+S2;
and quantitatively evaluating the object to be evaluated based on the vulnerability value Q of the object to be evaluated.
According to some embodiments of the present invention, the quantitatively evaluating the object to be evaluated based on the vulnerability value Q of the object to be evaluated includes:
creating a plurality of vulnerability intervals and assigning a value to each vulnerability interval; for example, 5 vulnerability intervals are created, respectively [0,x ], (x, x + y ], (x + y, x +2y ], (x +2y, x +3y ], (x +3y, oo), and respectively assigned values of 1, 2, 3, 4, 5, see Table 6
TABLE 6 vulnerability grade value assessment scale
Figure GDA0003852813080000111
And analyzing the vulnerability interval to which the vulnerability value Q of the object to be evaluated belongs, wherein the value corresponding to the vulnerability interval is the vulnerability grade value of the object to be evaluated.
According to some embodiments of the invention, m =5.
The quantitative computing equipment for evaluating the vulnerability of the network security according to the embodiment of the invention comprises: the network security vulnerability assessment quantitative calculation method comprises the following steps of a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is executed by the processor, the steps of the network security vulnerability assessment quantitative calculation method are realized.
According to the computer readable storage medium of the embodiment of the invention, the computer readable storage medium stores the implementation program of information transfer, and the program is executed by the processor to implement the steps of the quantitative calculation method for network security vulnerability assessment as described above.
The method for quantitatively calculating the network security vulnerability assessment according to the embodiment of the present invention is described in detail in a specific embodiment with reference to fig. 2 to 3. It is to be understood that the following description is illustrative only and is not intended to be in any way limiting. All similar structures and similar variations thereof adopted by the invention are intended to fall within the scope of the invention.
The quantitative calculation method for network security vulnerability assessment provided by the embodiment of the invention combines three parameter values of service influence degree, security threat degree and influence range degree on the basis of vulnerability information provided by authority mechanisms such as CVE (composite video environment), CNNVD (CNNVD), and the like, and quantificationally calculates the vulnerability value of the vulnerability by constructing a matrix function.
Specifically, as shown in fig. 2, the method for quantitatively calculating the network security vulnerability assessment in the embodiment of the present invention includes:
1. building a cave depot;
in the step, a vulnerability database needs to be built according to important national or industrial standards such as GB/T22239-2019 and vulnerability information disclosed by authoritative platforms at home and abroad such as CNNVD and CVE, and the specific format of the vulnerability information in the vulnerability database is shown in Table 1:
TABLE 1 vulnerability information Table
Figure GDA0003852813080000121
2. Collecting information;
in this step, the characteristics of the evaluated object, including the type and version of the operating system, the type and version of the database, the number, the service usage, etc., need to be obtained, as shown in table 2:
TABLE 2 characteristic information Table
Figure GDA0003852813080000122
Figure GDA0003852813080000131
3. Performing vulnerability identification;
in the step, a user is required to identify the vulnerability based on the vulnerability library through a combined mode of manual penetration and automatic scanning, and fill in a vulnerability information table.
TABLE 3 vulnerability information Table
Figure GDA0003852813080000132
4. Analyzing vulnerability;
the purpose of this step is to perform quantitative analysis on the vulnerability and give a specific vulnerability value and a corresponding grade of the vulnerability, which are specifically as follows:
1) Setting parameter values:
a) Setting the influence degree value of the layer (such as physics, network, host, application, data and the like) of the vulnerability on the service: 5 is very high, 4 is high, 3 is medium, 2 is low, 1 is very low, and the value of each layer can be determined according to the importance of related business (can be evaluated by business related departments):
table 4 service influence degree assignment table
Figure GDA0003852813080000133
Figure GDA0003852813080000141
b) Setting a vulnerability security threat level value: high risk 5, high 4, medium 3, general 2, and recommended 1. The value can be assigned according to the hazard level given by authoritative vulnerability organizations at home and abroad, such as CNNVD, CVE, NVD, and the like, and vulnerability information disclosed by CNNVD is shown in figure 3.
2) Constructing a vulnerability attribute two-dimensional matrix:
Figure GDA0003852813080000142
wherein, the value c refers to the business influence degree value of the vulnerability, and the value d refers to the security threat level value of the vulnerability.
3) The number of devices affected by the vulnerability is counted, and the range degree N of the vulnerability influence is calculated (5 is highest, 4 is high, 3 is medium, 2 is normal, and 1 is low), and the device type and the influence degree calculation method are shown in table 5:
TABLE 5 Equipment Classification and influence degree calculation method
Figure GDA0003852813080000151
Figure GDA0003852813080000161
Constructing an influence range degree matrix N:
Figure GDA0003852813080000162
and the influence range degree matrix N is statistically calculated according to the number of the devices with a certain vulnerability, and if the number of the affected devices is more, the influence range of the vulnerability is wider, so that the vulnerability grade value of the vulnerability is affected.
4) A vulnerability value is calculated.
a) And constructing a matrix, and calculating the grade value aggregate and the threat grade value aggregate of the level.
Figure GDA0003852813080000163
Note: a. The T The method is a transposed matrix of A, and aims to respectively calculate the service influence grade value aggregate and the security threat grade value aggregate during matrix operation.
b) Calculating a vulnerability value:
Q=S1+S2
5) Establishing a vulnerability grade value evaluation scale to obtain the vulnerability grade assignment of the evaluated object:
TABLE 6 vulnerability rating scale
Figure GDA0003852813080000171
For example, after identifying the vulnerability of an evaluated object, the following four vulnerabilities are found, and the information is shown in table 7:
TABLE 7 four vulnerability information presentation examples
Figure GDA0003852813080000181
Figure GDA0003852813080000191
Figure GDA0003852813080000201
Figure GDA0003852813080000211
Figure GDA0003852813080000221
Figure GDA0003852813080000231
And (3) calculating the influence range degree of the vulnerability:
the device affected by the 1 st vulnerability is application system server 1, the total number of application system servers is 10, 1/10=0.1 is between (0,0.2), and the vulnerability N =1 according to table 5;
the 2 nd equipment affected by the vulnerability is database server 1, database server 2, database server 3, server 4, database server 5 and database server 6, if the total number of the database servers is 6, then 6/6=1, and according to table 5, the vulnerability N =5;
the 3 rd equipment affected by the vulnerability is firewall 1, firewall 2 and firewall 3, if the total number of the firewalls is 6, then 3/6=0.5, and according to table 5, the vulnerability N =3;
the 4 th equipment affected by the vulnerability is terminal 1, terminal 2, terminal 3, terminal 4, terminal 5, terminal 6, and terminal 7, and if the total number of terminals is 10, then 7/10=0.7, and according to table 5, the vulnerability N =4.
From table 7, a matrix is constructed and calculated, examples of which are as follows:
Figure GDA0003852813080000241
wherein: the traffic impact level values total =44, the security threat level values total =52, and the vulnerability values total Q =44+52=96.
Referring to Table 6, the score 96 belongs to (90,oo), and the vulnerability class is assigned a value of 5, which is very high.
By adopting the embodiment of the invention, the influence of the fragile point on the service is considered, the method is particularly suitable for industries with important service continuity, such as finance, communication, energy and the like, and the calculation parameters can be adjusted according to the change of the service influence, so that more accurate data can be obtained. When vulnerability analysis is carried out, the vulnerability value is obtained through automatic quantitative calculation on the basis of three important parameters of the service influence degree, the security threat degree and the influenced range degree, the deviation caused by complete dependence on artificial subjective judgment is reduced, and the accuracy of the result is improved. Parameters can be adjusted better according to changes of the external network security threat environment, for example, x and y values in a vulnerability interval can be dynamically adjusted by combining the risk bearing degree which can be received by a service scene where a tested object is located, and changes of the actual production environment can be better responded.
It should be noted that the above-mentioned embodiments are only preferred embodiments of the present invention, and are not intended to limit the present invention, and those skilled in the art will appreciate that various modifications and variations can be made in the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
The embodiment of the present invention further provides a device for quantitatively calculating the network security vulnerability assessment, as shown in fig. 4, including:
the vulnerability library module comprises important national or industrial standards such as GB/T22239-2019 and the like and integrates vulnerability information disclosed by authority platforms such as CNNVD, CVE and the like at home and abroad, and the specific format is shown in Table 1.
The information acquisition module acquires the characteristics of the evaluated object in an automatic and manual mode, wherein the characteristics comprise the type and the version of an operating system, the type and the version of a database, the quantity of the database, the service purpose and the like, and the specific format is shown in a table 2.
The vulnerability identification module is used for detecting the evaluated equipment according to the leak library in an automatic and manual mode, and the automatic mode supports automatic identification of vulnerability information of the evaluated object, wherein the vulnerability information comprises the name, the damage degree and the like of the vulnerability; the penetration tester obtains the vulnerability of the evaluated object through a tool provided by the module in a manual mode, and inputs vulnerability information into the module. The specific format of vulnerability information in this module is shown in table 3.
And the vulnerability calculating module is used for automatically counting the number of the equipment influenced by the vulnerability and assigning values to the security threat degree of the vulnerability according to the vulnerability hazard degree of the vulnerability in the table 3. And the vulnerability calculating module can automatically calculate the vulnerability grade value according to three parameter values of the service influence degree, the security threat degree and the influenced range degree of the vulnerability.
In the using process, after a user logs in the device, an information acquisition module is used for acquiring asset information of an evaluated object, wherein the asset information comprises the number of equipment, an equipment operating system, a database and the like, and the acquisition mode comprises a mode of combining manual input and automatic scanning to compile an information acquisition table in a table 2; secondly, automatically scanning an operating system, a database and the like of the equipment by using a vulnerability identification module to obtain vulnerability information, obtaining the vulnerability information by combining a manual inspection and penetration test method, and compiling a vulnerability information table in a table 3; and finally, the vulnerability calculating module automatically calculates three parameter values of the service influence degree, the security threat degree and the influenced range degree of the vulnerability according to the information, and constructs a matrix to obtain the vulnerability grade value.
The major functional modules of the device comprise a vulnerability library, an asset information acquisition module, a vulnerability identification module and a vulnerability calculation module, wherein the vulnerability detection basis and source of the vulnerability library comprise important national standards such as GB/T22239-2019 and the like, network security compliance check files issued by industry supervision departments and vulnerability information disclosed by authoritative platforms at home and abroad such as CNNVD, CVE and the like.
In the stage of vulnerability calculation, a matrix of three parameter values of service influence degree, security threat degree and influenced range degree is constructed, and a vulnerability grade value is calculated;
the device provided by the embodiment of the invention can better adjust parameters according to the change of the security threat environment of the external network, for example, the x and y values in the vulnerability interval can be dynamically adjusted by combining the risk bearing degree which can be received by the service scene where the object to be tested is located, and the device can better cope with the change of the actual production environment.
It is noted that in the description of the present specification, combinations of features of different embodiments are meant to be within the scope of the invention and to form different embodiments. The particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Any of the embodiments may be used in any combination.
In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

Claims (9)

1. A quantitative calculation method for network security vulnerability assessment is characterized by comprising the following steps:
acquiring vulnerability information of an object to be evaluated, and setting a service influence degree value and a security threat level value of each vulnerability;
counting the number of the devices influenced by each vulnerability, and determining the degree value of the influence range of the vulnerability according to the ratio of the number of the devices influenced by the vulnerability to the total number of the devices of the corresponding category;
determining the vulnerability grade value of the object to be evaluated based on the service influence degree value and the security threat grade value of each vulnerability and combining the influence range degree value of each vulnerability so as to evaluate the object to be evaluated;
the determining the vulnerability grade value of the object to be evaluated based on the service influence degree value and the security threat grade value of each vulnerability and in combination with the influence range degree value of each vulnerability so as to evaluate the object to be evaluated comprises the following steps:
constructing a vulnerability attribute two-dimensional matrix A based on the service influence degree value and the security threat level value of each vulnerability:
Figure FDA0003852813070000011
wherein ci represents a business influence degree value of the ith vulnerability, and di represents a security threat level value of the ith vulnerability;
constructing a vulnerability influence range degree matrix N based on the influence range degree value of each vulnerability:
Figure FDA0003852813070000012
wherein Ni represents the degree value of the influence range of the ith vulnerability;
based on the vulnerability attribute two-dimensional matrix A and the vulnerability influence range degree matrix N, adopting phase multiplication to construct a matrix S for calculating the service influence grade value sum and the safety threat grade value sum:
Figure FDA0003852813070000021
calculating the vulnerability value Q of the object to be evaluated by adopting a summation method based on the service influence grade value summation and the safety threat grade value summation matrix S:
Q=S1+S2;
and quantitatively evaluating the object to be evaluated based on the vulnerability value Q of the object to be evaluated.
2. The method of claim 1, wherein the obtaining vulnerability information for an object to be assessed comprises:
constructing a leakage library, wherein the leakage library comprises at least one of the following information: vulnerability name, vulnerability number, basis/source, vulnerability type and hazard level;
acquiring characteristic information of an object to be evaluated, wherein the characteristic information comprises at least one of the following information: device name, operating system type and version, database type and version, brand, model, service usage, quantity;
based on the vulnerability library, identifying the vulnerability of the object to be evaluated in a combined mode of manual infiltration and automatic scanning, and acquiring the vulnerability information, wherein the vulnerability information comprises at least one of the following information: IP address, evaluated equipment name, equipment information, vulnerability code, vulnerability name, vulnerability degree, vulnerability detailed description and business degree influence.
3. The method of claim 1, wherein setting a traffic impact level value comprises:
dividing the service influence degree into m levels, and setting a service influence degree value for each level;
and analyzing the grade of the influence degree of the layer where each vulnerability is located on the business to determine the business influence degree value of each vulnerability.
4. The method of claim 1, wherein setting a security threat level value comprises:
dividing the security threat levels into m levels according to the hazard levels given by authoritative vulnerability organizations at home and abroad, and setting security threat level values for each level;
analyzing the level of the security threat degree of each vulnerability to determine the security threat level value of each vulnerability;
the domestic and foreign authoritative vulnerability organizations comprise CNNVD, CVE and/or NVD.
5. The method of claim 1, wherein determining the extent of impact metric for the vulnerability from a ratio of a number of devices impacted by the vulnerability to a total number of devices of a corresponding category comprises:
setting m influence degree intervals, and assigning a value to each influence degree interval;
and analyzing an influence degree interval to which a ratio between the number of the equipment influenced by the vulnerability and the total number of the corresponding types of equipment belongs, wherein a value corresponding to the influence degree interval is the influence range degree value of the vulnerability.
6. The method of claim 1, wherein the quantitatively evaluating the object to be evaluated based on the vulnerability value Q of the object to be evaluated comprises:
creating a plurality of vulnerability intervals, and assigning a value to each vulnerability interval;
and analyzing a vulnerability interval to which the vulnerability value Q of the object to be evaluated belongs, wherein the value corresponding to the vulnerability interval is the vulnerability grade value of the object to be evaluated.
7. The method of any one of claims 3-5, wherein m =5.
8. A network security vulnerability assessment quantitative computing device, comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the network security vulnerability assessment quantitative calculation method according to any of claims 1 to 7.
9. A computer-readable storage medium, on which an information transfer implementation program is stored, and the program, when executed by a processor, implements the steps of the network security vulnerability assessment quantitative calculation method according to any one of claims 1 to 7.
CN202110870443.6A 2021-07-30 2021-07-30 Quantitative calculation method and device for network security vulnerability assessment Active CN113660227B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110870443.6A CN113660227B (en) 2021-07-30 2021-07-30 Quantitative calculation method and device for network security vulnerability assessment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110870443.6A CN113660227B (en) 2021-07-30 2021-07-30 Quantitative calculation method and device for network security vulnerability assessment

Publications (2)

Publication Number Publication Date
CN113660227A CN113660227A (en) 2021-11-16
CN113660227B true CN113660227B (en) 2022-11-29

Family

ID=78490134

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110870443.6A Active CN113660227B (en) 2021-07-30 2021-07-30 Quantitative calculation method and device for network security vulnerability assessment

Country Status (1)

Country Link
CN (1) CN113660227B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117459178B (en) * 2023-12-22 2024-03-26 武汉阿内塔科技有限公司 Unmanned aerial vehicle communication interference method and system based on semantic guidance

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105871882A (en) * 2016-05-10 2016-08-17 国家电网公司 Network-security-risk analysis method based on network node vulnerability and attack information
CN108833416A (en) * 2018-06-21 2018-11-16 北京市劳动保护科学研究所 A kind of SCADA system Information Security Risk Assessment Methods and system
CN109064018A (en) * 2018-07-31 2018-12-21 郑州向心力通信技术股份有限公司 A kind of information security risk evaluation system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020113090A (en) * 2019-01-15 2020-07-27 三菱電機株式会社 Vulnerability influence evaluation system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105871882A (en) * 2016-05-10 2016-08-17 国家电网公司 Network-security-risk analysis method based on network node vulnerability and attack information
CN108833416A (en) * 2018-06-21 2018-11-16 北京市劳动保护科学研究所 A kind of SCADA system Information Security Risk Assessment Methods and system
CN109064018A (en) * 2018-07-31 2018-12-21 郑州向心力通信技术股份有限公司 A kind of information security risk evaluation system and method

Also Published As

Publication number Publication date
CN113660227A (en) 2021-11-16

Similar Documents

Publication Publication Date Title
CN104506522B (en) vulnerability scanning method and device
CN105282131A (en) Information security evaluation method, device and system based on risk item scanning
CN115643107B (en) Network security risk assessment method, device, computer equipment and storage medium
CN110881050A (en) Security threat detection method and related product
CN109815702B (en) Software behavior safety detection method, device and equipment
CN112612813A (en) Test data generation method and device
CN113660227B (en) Quantitative calculation method and device for network security vulnerability assessment
CN111985789A (en) Vehicle-mounted terminal information security threat analysis and risk assessment system and method
CN113468542A (en) Exposed surface asset risk assessment method, device, equipment and medium
CN112580047A (en) Industrial malicious code marking method, equipment, storage medium and device
CN116433076A (en) Automatic calculation method, device, equipment and medium for internal control evaluation
CN114785710A (en) Method and system for evaluating service capability of industrial internet identification analysis secondary node
CN106920022B (en) Safety vulnerability assessment method, system and equipment for cigarette industrial control system
CN112598326A (en) Model iteration method and device, electronic equipment and storage medium
CN111460459A (en) Risk information processing method and device
CN116933265A (en) Vulnerability detection method and device, electronic equipment and storage medium
CN108921433B (en) Risk quantitative analysis system based on business continuity
CN116720194A (en) Method and system for evaluating data security risk
CN113824736B (en) Asset risk handling method, device, equipment and storage medium
CN111131351B (en) Method and device for confirming model of Internet of things equipment
CN113312261A (en) Test case screening method, test case screening equipment, storage medium and device
Kai et al. Development of qualification of security status suitable for cloud computing system
CN110046783B (en) Method and device for identifying fraudulent account, electronic equipment and storage medium
Rudolph et al. Security indicators–a state of the art survey public report
CN110569475A (en) Evaluation method, device, equipment and storage medium for netizen influence

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant