CN114065220B - Dual-level analysis situation assessment method based on distributed system - Google Patents

Dual-level analysis situation assessment method based on distributed system Download PDF

Info

Publication number
CN114065220B
CN114065220B CN202111412605.8A CN202111412605A CN114065220B CN 114065220 B CN114065220 B CN 114065220B CN 202111412605 A CN202111412605 A CN 202111412605A CN 114065220 B CN114065220 B CN 114065220B
Authority
CN
China
Prior art keywords
layer
index
consistency
situation
judgment matrix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111412605.8A
Other languages
Chinese (zh)
Other versions
CN114065220A (en
Inventor
王薇
甘炜
陈栩秋
杨恒
杨�一
邬佳希
张文雪
袁溯
史上乐
贺鑫
张先涛
王仙
杨禹成
易守仁
郑万立
应卓君
王佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Power Supply Co Of State Grid Sichuan Electric Power Corp
Original Assignee
Chengdu Power Supply Co Of State Grid Sichuan Electric Power Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Power Supply Co Of State Grid Sichuan Electric Power Corp filed Critical Chengdu Power Supply Co Of State Grid Sichuan Electric Power Corp
Priority to CN202111412605.8A priority Critical patent/CN114065220B/en
Publication of CN114065220A publication Critical patent/CN114065220A/en
Application granted granted Critical
Publication of CN114065220B publication Critical patent/CN114065220B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Analysis (AREA)
  • Computing Systems (AREA)
  • Computational Mathematics (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a dual-hierarchy analysis situation assessment method based on a distributed system, which comprises the steps of sequentially constructing a node hierarchy model comprising a target layer, a criterion layer, an index layer and a scheme layer from top to bottom, solving the node hierarchy model by adopting a hierarchy analysis method, and obtaining a current node situation assessment weight vector; synchronizing the current node situation evaluation weight vector to other nodes in the cluster to obtain other node situation evaluation weight vectors; and sequentially and progressively constructing a system hierarchical structure model comprising a target layer, a criterion layer and a scheme layer from top to bottom, and solving the system hierarchical structure model according to other node situation evaluation weight vectors and an analytic hierarchy process to obtain a situation evaluation result of the system. The situation security situation weight vector of the single node is calculated, the vector is not uploaded to a database, the consistency principle of a distributed system is relied, the synchronization of evaluation information is guaranteed, and the leakage of the evaluation information and the falsification of security data are effectively avoided.

Description

Dual-hierarchy analysis situation assessment method based on distributed system
Technical Field
The invention relates to the field of network security anomaly detection, in particular to a double-layer analysis situation assessment method based on a distributed system.
Background
With the development of the power mobile internet, the network boundary is gradually collapsed, the zero trust safety protection is applied to the power mobile internet service, the endogenous safety capability can be effectively constructed, and the guarantee is provided for the safe operation of the power mobile service. In a security protection architecture based on zero trust, security situation awareness is particularly important. Network security situation awareness refers to acquiring, understanding, displaying and predicting future development trends of security elements which can cause network situations to change in a large-scale network environment.
In a traditional network situation awareness method, a required situation awareness information is generally acquired based on an information acquisition module, and a result is stored in a unified database after data preprocessing. Data in the central database are extracted through a situation analysis module, and various low-level situation index data are comprehensively processed and calculated through a fusion algorithm and an evaluation calculation method, so that a situation result of an upper layer is obtained and is used as a basis for judging the whole network security situation. For example, the attack situation of the network can be comprehensively evaluated by fusing data information of various situation indexes by using an analytic hierarchy process.
However, the prior art has at least the following problems:
each node device sends the perceived situation information to a certain unified database for processing, and the problem of data leakage may occur in the transmission process of the situation information. Meanwhile, the problem of too heavy network load also occurs in the concurrent uploading operation of a plurality of nodes.
The analytic hierarchy process only carries out hierarchical modeling around the constructed perception indexes in the situation assessment process, and neglects the condition that modeling can also be carried out according to different relative importance degrees of various equipment assets in the system.
In addition, the system security situation assessment based on the distributed architecture has no effective method for integrating the single-point situation into the multi-point situation.
Disclosure of Invention
The invention aims to provide a double-layer analysis situation evaluation method based on a distributed system, which aims to solve the problem that the situation information is leaked in the transmission process when each node device intensively sends the perceived situation information to a certain unified database for processing.
The technical purpose of the invention is realized by the following technical scheme:
the invention provides a double-layer analysis situation assessment method based on a distributed system, which comprises the following steps:
sequentially constructing a node hierarchical structure model comprising a target layer A, a criterion layer B, an index layer C and a scheme layer D from top to bottom, solving the node hierarchical structure model by adopting an analytic hierarchy process, and obtaining a current node situation evaluation weight vector;
synchronizing the current node situation evaluation weight vector to other nodes in the cluster to obtain other node situation evaluation weight vectors;
and sequentially and progressively constructing a system hierarchical structure model comprising a target layer E, a criterion layer F and a scheme layer G from top to bottom, and solving the system hierarchical structure model according to other node situation evaluation weight vectors and an analytic hierarchy process to obtain a situation evaluation result of the system.
The method comprises the steps of firstly evaluating the situation of the node equipment by using an analytic hierarchy process so as to obtain a situation security level weight vector of the current node equipment. And secondly, synchronizing the situation security level weight vectors of all other nodes in the cluster according to the consistency principle of the distributed system. And finally, continuously constructing a system hierarchical structure model in the single node, correlating the importance degree of the equipment with the situation security level weight vector, and calculating to obtain a security situation evaluation result of the system. According to the method, a double-hierarchy analysis method is used for evaluating the security situation of the system, wherein the first-hierarchy analysis is carried out to directly calculate the situation security level weight vector of a single node, the evaluation information is not uploaded to a central database, the consistency principle of a distributed system is relied on, the synchronization of the evaluation information is guaranteed, and the leakage of the evaluation information and the falsification of security data are effectively avoided.
Further, the target layer A represents the node device security situation, the target layer A dominates the criterion layer B factors, and the criterion layer B factors comprise basic operation state information B 1 Device vulnerability status information B 2 Risk event information B 3 And threat event information B 4
The index layer C factors consist of refinement indexes of the corresponding criterion layer B factors, and the index layer C factors comprise basic running state information B 1 Corresponding CPU utilization rate C 1 Memory usage rate C 2 And hard disk utilization rate C 3 Device vulnerability status information B 2 Corresponding header tracking hole C 4 SQL injection vulnerability C 5 Cross site scripting vulnerability C 6 And weak password vulnerability C 7 Risk event information B 3 Corresponding virus attack C 8 Botnet C 9 Trojan attack C 10 And refuse service C 11 Threat event information B 4 Corresponding illegal access C 12 And offline exception C 13
The evaluation result of the scheme layer D is governed according to the factors of the index layer C, and the evaluation result comprises goodGood D 1 And early warning D 2 And critical importance D 3
Further, a judgment matrix A _ B of the target layer A is constructed according to the factors contained in the standard layer B, and basic operation state information B of the standard layer B is constructed according to the factors contained in the index layer C 1 Is determined by the matrix B 1 C, constructing criterion layer B device vulnerability state information B according to the factors included in the index layer C 2 Is determined by matrix B 2 C, constructing a criterion layer B risk event information B according to the factors included in the index layer C 3 Is determined by the matrix B 3 C constructing criterion layer B threat event information B based on the factors included in the index layer C 4 Is determined by the matrix B 4 _C。
Further, the step of calculating the hierarchical list ordering of the criterion layer B and checking the consistency of the judgment matrix A _ B according to the factors included in the criterion layer B comprises the following steps:
according to the judgment matrix A _ B, the maximum characteristic root lambda of the judgment matrix A _ B is obtained max The feature vector is
Figure BDA0003374196100000021
According to the formula
Figure BDA0003374196100000022
Calculating a consistency index CI of a judgment matrix A _ B of the layer B, wherein m is the order of the judgment matrix;
according to the formula
Figure BDA0003374196100000031
Calculating a consistency ratio CR of a judgment matrix A _ B of a standard layer B, wherein RI represents an average random consistency index;
when CR is given<When 0.1, the consistency of the judgment matrix of the target layer A is checked to pass, and the eigenvector W B That is, the hierarchy list ordering of the quasi-hierarchy B is obtained, otherwise, the judgment matrix of the target hierarchy A needs to be adjusted until CR<0.1;
Calculating the hierarchical list ordering of the index layer C according to the factors included in the index layer C and checking the consistency of the judgment matrix of the index layer C, wherein the method comprises the following steps of:
according to the judgment matrix B 1 C finds its maximum characteristic root
Figure BDA0003374196100000032
Its feature vector is
Figure BDA0003374196100000033
According to the judgment matrix B 2 C finds its maximum characteristic root
Figure BDA0003374196100000034
Its feature vector is
Figure BDA0003374196100000035
According to the judgment matrix B 3 C finds its maximum characteristic root
Figure BDA0003374196100000036
The feature vector is
Figure BDA0003374196100000037
According to the judgment matrix B 4 C finds its maximum characteristic root
Figure BDA0003374196100000038
Its feature vector is
Figure BDA0003374196100000039
According to the formula
Figure BDA00033741961000000310
Calculating consistency indexes CI of all judgment matrixes of the index layer C, wherein m is the order of the judgment matrixes;
according to the formula
Figure BDA00033741961000000311
Calculating a consistency ratio CR of each judgment matrix of the index layer C, wherein RI representsAveraging random consistency indexes;
and when CR is less than 0.1, the consistency check of all judgment matrixes of the index layer C is passed, the characteristic vectors of the judgment matrixes are the hierarchical list sequence solved by the index layer C, otherwise, all judgment matrixes of the index layer C need to be adjusted until CR is less than 0.1.
Further, calculating the combination weight of each factor of the index layer C according to the formula
Figure BDA00033741961000000312
Wherein the content of the first and second substances,
Figure BDA00033741961000000313
Figure BDA00033741961000000314
further, the step of calculating the overall hierarchical ranking of the scheme layer D comprises the following steps:
factor included in calculation scheme layer D for index layer C factor C j Hierarchical single ordering of
Figure BDA00033741961000000315
And carrying out consistency check, and calculating the level list ordering consistency index CI of each factor of the index layer C j And a random consistency index RI j Wherein { j | j ∈ [1,13 ]],j∈N+};
Factor C according to index layer C j The combined weight of each factor of the single-level sorting and the index layer C obtains the total level sorting of the scheme layer D
Figure BDA0003374196100000041
Wherein, the first and the second end of the pipe are connected with each other,
Figure BDA0003374196100000042
Figure BDA0003374196100000043
according to the formula
Figure BDA0003374196100000044
Calculate the consistency ratio of the overall ordering of the hierarchy, where { j | j ∈ [1,13 ]],j∈N+};
When CR is less than 0.1, the total hierarchical ranking passes consistency check, otherwise, the judgment matrix needs to be adjusted until CR is less than 0.1;
and the total hierarchical ordering passing the consistency test is the current node situation evaluation weight vector, and the factor corresponding to the highest item of the weight vector is the evaluation result of the security situation of the node equipment.
Further, the target layer E represents the security situation of the system, and the factors of the criterion layer F are entities in the system, including the mobile device F 1 Host device F 2 And server device F 3 The solution layer G represents the evaluation results of the system, including good G 1 Early warning G 2 And critical G 3
Further, mobile device F according to criterion layer F 1 And a host device F 2 And server device F 3 Comparing every two to construct a judgment matrix E _ F relative to the target layer E;
calculating the hierarchical list ordering of the criterion layer F according to the factors included in the criterion layer F and checking the consistency of the judgment matrix E _ F, wherein the method comprises the following steps of:
according to the judgment matrix E _ F, the maximum characteristic root lambda of the matrix E _ F is obtained max Its feature vector
Figure BDA0003374196100000045
According to the formula
Figure BDA0003374196100000046
Calculating a consistency index CI, wherein m is the order of the judgment matrix;
according to the formula
Figure BDA0003374196100000047
Calculating a consistency ratio CR, wherein RI represents a random consistency index;
when CR is reached<When 0.1, judging that the consistency of the matrix E _ F passes the inspection, and judging that the characteristic vector passesW F That is, the hierarchy list ordering obtained by the criterion layer F, otherwise, the judgment matrix E _ F needs to be adjusted until CR<0.1。
Further, the method for calculating the hierarchical single ordering of the scheme layer G comprises the following steps:
calculating all factors of scheme layer G to factor F of criterion layer F i Hierarchical single ordering of
Figure BDA0003374196100000048
Figure BDA0003374196100000049
Evaluating a weight vector W according to the current node situation synchronized in the node i D Factor F of obtaining scheme layer G in criterion layer i Hierarchical list ordering of
Figure BDA00033741961000000410
Carrying out consistency check calculation on the hierarchy list ordering of the scheme layer G to obtain a consistency index CI j And a random consistency index RI j Wherein { j | j ∈ [1,3 ]],j∈N + }。
Further, the total hierarchical ranking of the scheme layer G is obtained according to the two hierarchical single rankings of the scheme layer G
Figure BDA0003374196100000051
Figure BDA0003374196100000052
Wherein the content of the first and second substances,
Figure BDA0003374196100000053
according to the consistency index CI j And a random consistency index RI j Calculating the total hierarchical ranking of the scheme layer G according to the formula
Figure BDA0003374196100000054
Wherein the content of the first and second substances,
Figure BDA0003374196100000055
the feature vector representing the decision matrix E _ F, { j | j ∈ [1,3 ]],j∈N + };
When CR is less than 0.1, the total hierarchical ranking passes consistency check, otherwise, the judgment matrix needs to be adjusted until CR is less than 0.1;
and the total hierarchical ordering passing the consistency check is a system situation evaluation weight vector, and the factor corresponding to the highest item of the weight vector is a system safety situation evaluation result.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention does not uniformly upload situation result information obtained by calculation of each node to the central database any more, and directly calculates the security situation of the whole system in the node. The network load is optimized, the problem of leakage of the safety data in the transmission process is avoided, and the data safety is guaranteed.
2. The system carries out safety situation assessment by using a double-hierarchy analysis method, the traditional situation assessment method directly carries out situation assessment after summarizing, removing duplication and fusing perception index information collected on each device, and the second hierarchy analysis used by the system continuously carries out hierarchy analysis again around the weight positions of different equipment assets in the system and different importance, so that the situation assessment result is more accurate.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
fig. 1 is a schematic diagram of a node device hierarchy model according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a system hierarchy model according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to examples and the accompanying drawings, and the exemplary embodiments and descriptions thereof are only used for explaining the present invention and are not used as limiting the present invention.
It will be understood that when an element is referred to as being "secured to" or "disposed on" another element, it can be directly on the other element or be indirectly on the other element. When an element is referred to as being "connected to" another element, it can be directly or indirectly connected to the other element.
It is to be understood that the terms "length," "width," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like are used in an orientation or positional relationship indicated in the drawings for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the device or element so referred to must be in a particular orientation, constructed or operated in a particular orientation, and is not to be construed as limiting the invention.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or to implicitly indicate the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
Examples
As shown in fig. 1 and fig. 2, the present embodiment provides a dual-level analysis situation assessment method based on a distributed system, including:
sequentially constructing a node hierarchical structure model comprising a target layer A, a criterion layer B, an index layer C and a scheme layer D from top to bottom, solving the node hierarchical structure model by adopting an analytic hierarchy process, and obtaining a current node situation evaluation weight vector;
synchronizing the current node situation evaluation weight vector to other nodes in the cluster to obtain other node situation evaluation weight vectors;
and sequentially and progressively constructing a system hierarchical structure model comprising a target layer E, a criterion layer F and a scheme layer G from top to bottom, and solving the system hierarchical structure model according to other node situation evaluation weight vectors and an analytic hierarchy process to obtain a situation evaluation result of the system.
As shown in fig. 1, fig. 1 is a schematic diagram of a node device hierarchical structure model, a node hierarchical structure model including a target layer a, a criterion layer B, an index layer C, and a scheme layer D is solved by using a hierarchical analysis method, as can be seen from fig. 1, the target layer a of the node hierarchical structure model is a security situation of a node device, that is, a security situation of the node device is evaluated, the criterion layer B includes but is not limited to four factors that can affect a security situation of the device, the index layer C includes but is not limited to thirteen factors that can affect the criterion layer B, and the scheme layer D obtains a current node situation evaluation weight vector according to analysis of the thirteen factors of the index layer C, a factor corresponding to a highest item of the weight vector is an evaluation result of the security situation, such as the security state of the node device is in a good state.
And the node situation evaluation weight vector obtained by solving is the evaluation result of the node equipment, and the node situation evaluation weight vector of the node obtained by calculation is synchronized to all other nodes in the cluster according to the consistency principle of the distributed system. As shown in fig. 2, a system hierarchy model including a target layer E, a criterion layer F and a scheme layer G is constructed, as can be seen from fig. 2, the target layer E of the node hierarchy model is a security situation of the system, that is, a security situation of the system is evaluated, and the criterion layer F includes, but is not limited to, three factors that can affect the security situation of the system, such as a mobile device, a host device and a server device, where the embodiment performs hierarchical analysis according to situation security situation weight vectors of other device nodes obtained synchronously in the nodes to calculate the system hierarchy model, so as to obtain a security situation evaluation result of the entire system.
Namely, on the whole, a dual-hierarchy model is constructed, the first is a node hierarchy model, the second is a system hierarchy model, and then the dual-hierarchy model is solved by adopting a hierarchy analysis method, so that a final evaluation result can be obtained.
The method comprises the steps of firstly evaluating the situation of the node equipment by using an analytic hierarchy process so as to obtain a situation security situation weight vector of the current node equipment. And secondly, synchronizing the situation security situation weight vectors of all other nodes in the cluster according to the consistency principle of the distributed system, and finally, continuously constructing a system hierarchical structure model in a single node, associating the equipment importance degree with the situation security situation weight vectors, and calculating to obtain a security situation evaluation result of the system. The method adopts a double-hierarchy analysis method to evaluate the security situation of the system, wherein the first double-hierarchy analysis directly calculates the situation security level weight vector of a single node, and the evaluation information is not uploaded to a central database, but depends on the consistency principle of a distributed system, thereby ensuring the synchronization of the evaluation information and effectively avoiding the leakage of the evaluation information and the falsification of security data.
In a further embodiment of the present application, the target layer a represents the node device security situation, the target layer a dominates the criterion layer B factors, and the criterion layer B factors include the basic operating state information B 1 Equipment vulnerability status information B 2 Risk event information B 3 And threat event information B 4
The index layer C factor is composed of refinement indexes corresponding to the factor B of the criterion layer, and the index layer C factor comprises basic running state information B 1 Corresponding CPU utilization rate C 1 Memory usage rate C 2 And hard disk utilization rate C 3 Equipment vulnerability status information B 2 Corresponding header trace hole C 4 SQL injection vulnerability C 5 Cross-site scripting vulnerability C 6 And weak password vulnerability C 7 Risk event information B 3 Corresponding virus attack C 8 Botnet C 9 Trojan attack C 10 And refuse service C 11 Threat event information B 4 Corresponding illegal access C 12 And offline exception C 13
The evaluation results of the plan layer D are governed according to the factors of the index layer C, and include good D 1 And early warning D 2 And critical importance D 3
Specifically, the target layer a is expressed as a decision-making purpose, i.e. the security situation of the current node device.
The target layer A is composed of one element and dominates the criterion layer B factor B 1 ,B 2 ,B 3 ,B 4
Criterion layer B considers various factors that can affect the current decision, including the base operating state B 1 Equipment vulnerability status B 2 Risk event B 3 Threat event B 4 Four factors.
The index layer C is a quantitative index which is generated by refining each decision factor of the criterion layer and can be calculated.
Index layer C factor C 1 ,C 2 ,C 3 Limited by criterion layer factor B 1 (ii) a Index layer C factor C 4 ,C 5 ,C 6 ,C 7 Limited by criterion layer factor B 2 (ii) a Index layer C factor C 8 ,C 9 ,C 10 ,C 11 Limited by criterion layer factor B 3 (ii) a Index layer C factor C 12 ,C 13 Limited by criterion layer factor B 4
The scheme layer D represents the evaluation result of the node security situation, and comprises the following steps: good D 1 And early warning D 2 And critical importance D 3
In a further embodiment of the present application, the determination matrix a _ B of the target layer a is constructed based on the factors included in the reference layer B, and the basic operating state information B of the reference layer B is constructed based on the factors included in the index layer C 1 Is determined by matrix B 1 C, constructing criterion layer B equipment vulnerability state information B according to factors contained in the index layer C 2 Is determined by matrix B 2 C, constructing a criterion layer B risk event information B according to the factors included in the index layer C 3 Is determined by matrix B 3 C, constructing criterion layer B threat event information B according to the factors included in the index layer C 4 Is determined by matrix B 4 _C。
Starting from the criterion layer of the hierarchical model structure, for the factors of the same layer which are subordinate to each factor of the previous layer, a judgment matrix is constructed by a pair-wise comparison method until the lowest layer. The pair-wise comparison is a relative importance evaluation formed by comparing the factors representing the layer with the factors of the layer above the layer which are subjected to the pair-wise comparison.
The relative importance rating between the factors is given using the Santy 1-9 scale method. The method is specifically shown in the following table 1:
TABLE 1 Santy 1-9 Scale method
Value taking Means of
1 A and B are equally important when compared
3 A and B are slightly more important than B
5 A and B are significantly important when compared
7 A and B are strongly important when compared
9 A and B are extremely important when compared
2,4,6,8 Degree of importance between the above two adjacent stages
For criterion layer factor B 1 ,B 2 ,B 3 ,B 4 Every two are compared with each other to construct a judgment matrix A _ B (a) relative to A ij ) 4X4
For index layer factor C 1 ,C 2 ,C 3 Two by two are compared with each other to construct the relation B 1 Is determined by the matrix B 1 _C(b′ ij ) 3X3
For index layer factor C 4 ,C 5 ,C 6 ,C 7 Two by two are compared with each other to construct the relation of B 2 Is determined by matrix B 2 _C(b″ ij ) 4X4
For index layer factor C 8 ,C 9 ,C 10 ,C 11 Two by two are compared with each other to construct the relation B 3 Is determined by the matrix B 3 _C(b″′ ij ) 4X4
For index layer factor C 12 ,C 13 Two by two are compared with each other to construct the relation B 4 Is determined by the matrix B 4 _C(b″″ ij ) 2X2
In a further embodiment of the present application, the step of calculating the hierarchical list ordering of the criterion layer B and checking the consistency of the judgment matrix a _ B according to the factors included in the criterion layer B includes the following steps:
according to the judgment matrix A _ B, the maximum characteristic root lambda of the judgment matrix A _ B is obtained max The feature vector is
Figure BDA0003374196100000081
According to the formula
Figure BDA0003374196100000082
Calculating a consistency index CI of a judgment matrix A _ B of a standard layer B, wherein m is the order of the judgment matrix;
according to the formula
Figure BDA0003374196100000091
Calculating the consistency ratio of the judgment matrix A _ B of the quasi-layer BCR, wherein RI represents the average random consistency index;
when CR is reached<When 0.1, the consistency of the judgment matrix of the target layer A is checked to pass, and the eigenvector W B That is, the hierarchy list ordering of the quasi-hierarchy B is obtained, otherwise, the judgment matrix of the target hierarchy A needs to be adjusted until CR<0.1;
Calculating the hierarchical list ordering of the index layer C according to the factors included in the index layer C and checking the consistency of the judgment matrix of the index layer C, wherein the method comprises the following steps of:
according to the judgment matrix B 1 C finds its maximum characteristic root
Figure BDA0003374196100000092
The feature vector is
Figure BDA0003374196100000093
According to the judgment matrix B 2 C finds its maximum characteristic root
Figure BDA0003374196100000094
The feature vector is
Figure BDA0003374196100000095
According to the judgment matrix B 3 C finds its maximum characteristic root
Figure BDA0003374196100000096
Its feature vector is
Figure BDA0003374196100000097
According to the judgment matrix B 4 C finds its maximum characteristic root
Figure BDA0003374196100000098
Its feature vector is
Figure BDA0003374196100000099
According to the formula
Figure BDA00033741961000000910
Calculating consistency indexes CI of all judgment matrixes of the index layer C, wherein m is the order of the judgment matrixes;
according to the formula
Figure BDA00033741961000000911
Calculating the consistency ratio CR of each judgment matrix of the index layer C, wherein RI represents an average random consistency index;
and when CR is less than 0.1, the consistency check of all judgment matrixes of the index layer C is passed, the characteristic vectors of the judgment matrixes are the hierarchical list sequence solved by the index layer C, otherwise, all judgment matrixes of the index layer C need to be adjusted until CR is less than 0.1.
Specifically, the standard layer factors are subjected to hierarchical single ordering, which specifically comprises the following steps:
according to the judgment matrix A _ B (a) ij ) 4X4 Finding the maximum characteristic root λ max Its feature vector
Figure BDA00033741961000000912
According to the formula
Figure BDA00033741961000000913
And calculating a consistency index CI, wherein m is the order of the judgment matrix.
According to the formula
Figure BDA00033741961000000914
The consistency ratio CR was calculated, where RI is shown in table 2 below.
TABLE 2 average random consistency index
Figure BDA00033741961000000915
Figure BDA0003374196100000101
When CR is reached<When 0.1, the consistency of the judgment matrix is considered to be acceptable, and the characteristic vector W B That is, the obtained hierarchy list is sorted, otherwise, the judgment matrix needs to be adjusted until CR<0.1。
And respectively carrying out level single sequencing aiming at each group of dominated factors of the index layer, wherein the specific method comprises the following steps:
according to the judgment matrix B 1 _C(b′ ij ) 3X3 Find its maximum characteristic root
Figure BDA0003374196100000102
Its feature vector
Figure BDA0003374196100000103
According to the judgment matrix B 2 _C(b″ ij ) 4X4 Find its maximum characteristic root
Figure BDA0003374196100000104
Its feature vector
Figure BDA0003374196100000105
According to the judgment matrix B 3 _C(b″′ ij ) 4X4 Find its maximum characteristic root
Figure BDA0003374196100000106
Its feature vector
Figure BDA0003374196100000107
According to the judgment matrix B 4 _C(b″″ ij ) 2X2 Find its maximum characteristic root
Figure BDA0003374196100000108
Its feature vector
Figure BDA0003374196100000109
According to the formula
Figure BDA00033741961000001010
And calculating the consistency index CI of each judgment matrix, wherein m is the order of the judgment matrix.
According to the formula
Figure BDA00033741961000001011
A consistency ratio CR is calculated, where RI represents the average random consistency index.
And when CR is less than 0.1, the consistency of the judgment matrix is considered to be acceptable, the characteristic vector is the required level single sequence, otherwise, the judgment matrix needs to be adjusted until CR is less than 0.1.
In a further embodiment of the present application, the combined weight of the factors of the index layer C is calculated by the formula
Figure BDA00033741961000001012
Wherein, the first and the second end of the pipe are connected with each other,
Figure BDA00033741961000001013
Figure BDA00033741961000001014
specifically, the state of the security situation of the node is comprehensively evaluated by calculating the combined weight of each factor of the index layer C.
In a further embodiment of the present application, the step of calculating the hierarchical total rank of the solution layer D comprises the following steps:
factor included in calculation scheme layer D for index layer C factor C j Hierarchical single ordering of
Figure BDA0003374196100000111
And carrying out consistency check, and calculating the level single ordering consistency index CI of each factor of the index layer C j And a random consistency index RI j Wherein { j | j ∈ [1,13 ]],j∈N + };
Factor C according to index layer C j The level single ordering and the combination weight of each factor of the index layer C obtain the level total ordering of the scheme layer DSequence of steps
Figure BDA0003374196100000112
Wherein the content of the first and second substances,
Figure BDA0003374196100000113
Figure BDA0003374196100000114
according to the formula
Figure BDA0003374196100000115
Calculate the consistency ratio of the overall ordering of the hierarchy, where { j | j ∈ [1,13 ]],j∈N + };
When CR is less than 0.1, the total hierarchical ranking passes consistency check, otherwise, the judgment matrix needs to be adjusted until CR is less than 0.1;
and the total hierarchical ordering passing the consistency check is the current node situation evaluation weight vector, and the factor corresponding to the highest item of the weight vector is the safety situation evaluation result of the node equipment.
In a further embodiment of the present application, the target layer E represents the security posture of the system, and the factors of the criterion layer F are the entities in the system, including the mobile device F 1 And a host device F 2 And server device F 3 The solution layer G represents the evaluation results of the system, including good G 1 Early warning G 2 And critical G 3
Specifically, as shown in fig. 2, a situation awareness system hierarchical structure model is established: and sequentially and progressively constructing a target layer E, a criterion layer F and a scheme layer G from top to bottom. The target layer E is represented for decision-making purposes, i.e. the security situation of the current system. The target layer E is composed of one element and dominates the criterion layer factor F 1 ,F 2 ,F 2 . The factors of the criterion layer F are all perception entities in the current perception system, including the mobile equipment F 1 And a host device F 2 Server device F 2 And the like. The scheme layer G represents the evaluation result of the system and comprises the following components: good G 1 And early warning G 2 And critical G 3
In a further embodiment of the application, the mobile device F is based on a layer F of criteria 1 Host device F 2 And server device F 3 Comparing every two to construct a judgment matrix E _ F relative to the target layer E;
calculating the hierarchical list ordering of the criterion layer F according to the factors included in the criterion layer F and checking the consistency of the judgment matrix E _ F, wherein the method comprises the following steps of:
according to the judgment matrix E _ F, the maximum characteristic root lambda of the judgment matrix E _ F is obtained max Its feature vector
Figure BDA0003374196100000116
According to the formula
Figure BDA0003374196100000117
Calculating a consistency index CI, wherein m is the order of the judgment matrix;
according to the formula
Figure BDA0003374196100000118
Calculating a consistency ratio CR, wherein RI represents a random consistency index;
when CR is given<When 0.1, the consistency of the matrix E _ F is judged to pass the inspection, and the characteristic vector W F That is, the hierarchy list ordering obtained by the criterion layer F, otherwise, the judgment matrix E _ F needs to be adjusted until CR<0.1。
Specifically, starting from the criterion layer of the hierarchical model structure, for the elements of the same layer subordinate to each factor of the previous layer, a judgment matrix is constructed by a pair-wise comparison method until the lowest layer. Wherein, aiming at the criterion layer factor F 1 ,F 2 ,F 3 Two by two are compared with each other to construct a judgment matrix E _ F (a) relative to E ij ) 3X3 . And (3) performing hierarchical single ordering and consistency check on the criterion layer F:
and (3) performing hierarchical single ordering aiming at the factor F of the criterion layer, wherein the specific method is as follows:
according to the judgment matrix E _ F (a) ij ) 3X3 Finding the maximum characteristic root λ max Characterised by the fact that(Vector)
Figure BDA0003374196100000121
According to the formula
Figure BDA0003374196100000122
And calculating a consistency index CI, wherein m is the order of the judgment matrix.
According to the formula
Figure BDA0003374196100000123
Calculating a consistency ratio CR, wherein RI represents a random consistency index;
when CR is reached<0.1, the consistency of the judgment matrix is considered to be acceptable, and the characteristic vector W F That is, the obtained hierarchy list is sorted, otherwise, the judgment matrix needs to be adjusted until CR<0.1。
In a further embodiment of the present application, calculating the hierarchical single rank of the solution layer G comprises the steps of:
calculating all factors of scheme layer G to factor F of criterion layer F i Hierarchical single ordering of
Figure BDA0003374196100000124
Figure BDA0003374196100000125
Evaluating a weight vector W according to the current node situation of the node internal synchronization i D Factor F of obtaining scheme layer G in criterion layer i Hierarchical single ordering of
Figure BDA0003374196100000126
Carrying out consistency check calculation on the hierarchical single sequence of the scheme layer G to obtain a consistency index CI j And a random consistency index RI j Wherein { j | j ∈ [1,3 ]],j∈N + }。
In a further embodiment of the present application, two hierarchy levels according to scheme level GRanking obtains a hierarchical overall ranking for scheme layer G
Figure BDA0003374196100000127
Wherein the content of the first and second substances,
Figure BDA0003374196100000128
according to the consistency index CI j And a random consistency index RI j Calculating the total hierarchical ranking of the scheme layer G according to the formula
Figure BDA0003374196100000129
Wherein the content of the first and second substances,
Figure BDA00033741961000001210
the eigenvector representing the decision matrix E _ F, { j | j ∈ [1,3 ]],j∈N + };
When CR is less than 0.1, the total hierarchical ranking passes consistency check, otherwise, the judgment matrix needs to be adjusted until CR is less than 0.1;
and the total hierarchical ordering passing the consistency check is a system situation evaluation weight vector, and the factor corresponding to the highest item of the weight vector is a system safety situation evaluation result.
Specifically, the total hierarchical ranking of the system is obtained by combining the total hierarchical ranking obtained by the hierarchical structure model of the system with the weight vector obtained according to the node hierarchical structure model, and the second hierarchical analysis re-constructs a hierarchical analysis model of the system around the importance weight of the equipment, so that the situation evaluation of the system is directly completed in a single node, and a specific and feasible scheme is provided for the distributed system from single-point situation evaluation to multi-point fusion situation evaluation.
The embodiment of the application also provides a small local area network as an analysis example for explaining that the evaluation result obtained by the evaluation method of the application is more accurate than that obtained by the existing evaluation method. The main aware device nodes of the system include mobile devices, host devices, and server devices. According to the method, situation evaluation is carried out on node equipment in the local area network mainly through a basic operation state, an equipment vulnerability state, a risk event and a threat event sensed in the local area network, and a node situation hierarchical structure evaluation model formed by a target layer, a criterion layer, an index layer and a scheme layer is established as shown in figure 1.
The node situation hierarchical structure evaluation model takes a node equipment network security situation index system as a target layer A, and a criterion layer comprises a basic operation state B 1 Equipment vulnerability status B 2 Risk event B 3 And threat event B 4 . Basic operating state B 1 Can be decomposed into CPU utilization rate C 1 Memory usage rate C 2 And hard disk utilization rate C 3 These three criteria. Device vulnerability State B 2 Decomposable into header tracking holes C 4 SQL injection vulnerability C 5 Cross site scripting vulnerability C 6 And weak password vulnerability C 7 These four criteria. Risk event B 3 Can be decomposed into virus attack C 8 Botnet C 9 Trojan attack C 10 And denial of service C 11 These four criteria. Threat event B 4 Dividable into illegal accesses C 12 And offline exception C 13 These three criteria. The scheme layer contains good D 1 Early warning D 2 And critical importance D 3 Three levels.
Since the calculation methods are the same, the method only uses the mobile device F 1 For example, the evaluation weight vector of the first heavy-level analysis situation is calculated, and the evaluation weight vectors of the other devices are directly given.
And determining a judgment matrix and a weight of a situation index system according to a pairwise comparison method, and establishing a judgment matrix and a weight vector of the evaluation factors of the first heavy-layer analysis criterion layer (shown in a table 3-1) and a judgment matrix and a weight vector of the evaluation factors of the index layer (shown in a table 3-2). And establishing a judgment matrix and a weight vector of the evaluation factors of the first heavy-layer analysis scheme layer (as shown in tables 3-3).
TABLE 3-1 determination matrix and weight vector of evaluation factors of the first multiple-level analysis criteria layer B
Figure BDA0003374196100000131
TABLE 3-2 decision matrix and weight vector for evaluation factor of first heavy-level analysis index layer C
Figure BDA0003374196100000141
Table 4-3 decision matrix and weight vector for evaluation factors of layer D of the first multiple-layer analysis scheme
Figure BDA0003374196100000142
Figure BDA0003374196100000151
Then according to the above-mentioned obtained rule layer weight vector W B And the weight vector of the index layer
Figure BDA0003374196100000152
Calculating the combined weight W of each factor of the index layer C
Figure BDA0003374196100000153
Wherein
Figure BDA0003374196100000154
According to the weight vector of the solution layer
Figure BDA0003374196100000155
And index layer combining weight W C Calculating out the total hierarchical ranking W of the scheme layer D
Figure BDA0003374196100000156
Wherein
Figure BDA0003374196100000157
Total order of hierarchy W D Namely, the situation evaluation weight vector of the current equipment node is recorded as
Figure BDA0003374196100000158
Representing a mobile device F 1 The first heavy-level analysis is completed.
According to the same principle of the calculation process, the weight vectors of the host equipment and the server equipment can be obtained:
Figure BDA0003374196100000159
the second part of the evaluation model, the second hierarchical analysis takes the system security situation as a target layer E, and the criterion layer comprises a mobile device F 1 Host device F 2 Server device F 3 . Scheme layer G contains good G 1 Early warning G 2 And critical G 3 Three levels as shown in fig. 2.
And determining a judgment matrix and a weight of the situation index system according to a pair comparison method, and establishing a judgment matrix and a weight vector of evaluation factors of a second hierarchical analysis criterion layer (shown in tables 3-4).
TABLE 3-4 judgment matrix and weight vector of evaluation factor of the second hierarchical analysis criteria layer F
Figure BDA0003374196100000161
Since the evaluation grade of the scheme layer G is the same as that of the scheme layer D in the first double-layer analysis, the evaluation factor of the second double-layer analysis scheme layer is opposite to the factor F of the criterion layer p Weight vector of
Figure BDA0003374196100000162
A hierarchical total ordering equivalent to the completion of the first-iteration analysis of the corresponding device node, i.e.
Figure BDA0003374196100000163
According to the weight vector of the solution layer
Figure BDA0003374196100000164
And a criterion layer weight W F Calculating out the total hierarchical ranking W of the scheme layer G
Figure BDA0003374196100000165
Wherein
Figure BDA0003374196100000166
Total rank W G Namely, the weight vector is evaluated according to the situation of the current equipment node, and the second hierarchical analysis is completed.
The analysis result shows that the ratio of the good evaluation grade is 0.5811, the ratio of the early warning evaluation grade is 0.2881, and the ratio of the critical evaluation grade is 0.1308. According to the criterion of maximum comprehensive evaluation weight, the network security situation evaluation is in a good state.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A dual-hierarchy analysis situation assessment method based on a distributed system is characterized by comprising the following steps:
sequentially constructing a node hierarchical structure model comprising a target layer A, a criterion layer B, an index layer C and a scheme layer D from top to bottom, solving the node hierarchical structure model by adopting an analytic hierarchy process, and obtaining a current node situation evaluation weight vector;
synchronizing the current node situation evaluation weight vector to other nodes in the cluster to obtain other node situation evaluation weight vectors;
and sequentially and progressively constructing a system hierarchical structure model comprising a target layer E, a criterion layer F and a scheme layer G from top to bottom, and solving the system hierarchical structure model according to other node situation evaluation weight vectors and an analytic hierarchy process to obtain a situation evaluation result of the system.
2. The dual-hierarchy analysis situation assessment method based on the distributed system as claimed in claim 1, wherein the target layer a represents node device security situation, the target layer a dominates criterion layer B factors, the criterion layer B factors include basic operation state information B 1 Equipment vulnerability status information B 2 Risk event information B 3 And threat event information B 4
The index layer C factor is composed of corresponding criterion layer B factor refinement indexes, and the index layer C factor comprises basic running state information B 1 Corresponding CPU utilization rate C 1 Memory usage rate C 2 And hard disk utilization rate C 3 Device vulnerability status information B 2 Corresponding header trace hole C 4 SQL injection vulnerability C 5 Cross site scripting vulnerability C 6 And weak password vulnerability C 7 Risk event information B 3 Corresponding virus attack C 8 Botnet C 9 Trojan attack C 10 And denial of service C 11 Threat event information B 4 Corresponding illegal access C 12 And offline exception C 13
The evaluation result of the scheme layer D is governed according to the factors of the index layer C, and the evaluation result comprises good D 1 And early warning D 2 And critical importance D 3
3. The dual-hierarchy analysis situation assessment method based on distributed system as claimed in claim 2, wherein the judgment matrix A _ B of the target layer A is constructed according to the factors included in the criterion layer B, and the criterion layer B basis is constructed according to the factors included in the index layer COperating state information B 1 Is determined by matrix B 1 C, constructing criterion layer B device vulnerability state information B according to the factors included in the index layer C 2 Is determined by the matrix B 2 C, constructing a criterion layer B risk event information B according to the factors included in the index layer C 3 Is determined by the matrix B 3 C constructing criterion layer B threat event information B based on the factors included in the index layer C 4 Is determined by matrix B 4 _C。
4. The dual-hierarchy analysis situation assessment method based on the distributed system as claimed in claim 3, wherein the step of calculating the hierarchical single rank order of the criterion layer B and checking the consistency of the judgment matrix A _ B according to the factors included in the criterion layer B comprises the following steps:
according to the judgment matrix A _ B, the maximum characteristic root lambda of the judgment matrix A _ B is obtained max The feature vector is
Figure FDA0003374196090000011
According to the formula
Figure FDA0003374196090000012
Calculating a consistency index CI of a judgment matrix A _ B of the criterion layer B, wherein m is the order of the judgment matrix;
according to the formula
Figure FDA0003374196090000013
Calculating a consistency ratio CR of a judgment matrix A _ B of a criterion layer B, wherein RI represents an average random consistency index;
when CR is reached<When 0.1, the consistency of the judgment matrix of the target layer A is checked to pass, and the eigenvector W B That is, the hierarchy list ordering obtained by the criterion layer B, otherwise, the judgment matrix of the target layer A needs to be adjusted until CR<0.1;
Calculating the hierarchical list ordering of the index layer C according to the factors included in the index layer C and checking the consistency of the judgment matrix of the index layer C, wherein the method comprises the following steps of:
according to the judgment matrix B 1 C finds its maximum characteristic root
Figure FDA0003374196090000021
Its feature vector is
Figure FDA0003374196090000022
According to the judgment matrix B 2 C finds its maximum characteristic root
Figure FDA0003374196090000023
The feature vector is
Figure FDA0003374196090000024
According to the judgment matrix B 3 C finds its maximum characteristic root
Figure FDA0003374196090000025
The feature vector is
Figure FDA0003374196090000026
According to the judgment matrix B 4 C finds its maximum characteristic root
Figure FDA0003374196090000027
Its feature vector is
Figure FDA0003374196090000028
According to the formula
Figure FDA0003374196090000029
Calculating consistency indexes CI of all judgment matrixes of the index layer C, wherein m is the order of the judgment matrixes;
according to the formula
Figure FDA00033741960900000210
Computing fingerThe consistency ratio CR of each judgment matrix of the standard layer C, wherein RI represents an average random consistency index;
and when CR is less than 0.1, the consistency check of all judgment matrixes of the index layer C is passed, the characteristic vectors of the judgment matrixes are the hierarchical list sequence solved by the index layer C, otherwise, all judgment matrixes of the index layer C need to be adjusted until CR is less than 0.1.
5. The dual-hierarchy analysis situation assessment method based on distributed system as claimed in claim 4, wherein the combined weight of each factor of index layer C is calculated as
Figure FDA00033741960900000211
Wherein the content of the first and second substances,
Figure FDA00033741960900000212
{i|i∈[1,4],i∈N + },{j|j∈[1,13],j∈N + }。
6. the dual-hierarchy analysis situation assessment method based on the distributed system as claimed in claim 5, wherein the step of calculating the hierarchical total ordering of the solution layer D comprises the following steps:
factor included in calculation scheme layer D for index layer C factor C j Hierarchical single ordering of
Figure FDA00033741960900000213
And carrying out consistency check, and calculating the level list ordering consistency index CI of each factor of the index layer C j And a random consistency index RI j Where { j | j ∈ [1,13 ]],j∈N + };
Factor C according to index layer C j The total hierarchical ranking of the scheme layer D is obtained by the hierarchical single ranking and the combined weight of each factor of the index layer C
Figure FDA0003374196090000031
Wherein, the first and the second end of the pipe are connected with each other,
Figure FDA0003374196090000032
{i,j|i∈[1,3],j∈[1,13],i∈N + ,j∈N + };
according to the formula
Figure FDA0003374196090000033
Calculate the consistency ratio of the overall ordering of the hierarchy, where { j | j ∈ [1,13 ]],j∈N + };
When CR is less than 0.1, the total hierarchical ranking passes consistency check, otherwise, the judgment matrix needs to be adjusted until CR is less than 0.1;
and the total hierarchical ordering passing the consistency check is the current node situation evaluation weight vector, and the factor corresponding to the highest item of the weight vector is the safety situation evaluation result of the node equipment.
7. The method as claimed in claim 1, wherein the target layer E represents a security situation of the system, and the factors of the criterion layer F are entities in the system, including the mobile device F 1 And a host device F 2 And server device F 3 The solution layer G represents the evaluation results of the system, including good G 1 Early warning G 2 And critical G 3
8. The dual-hierarchy analysis situation assessment method based on distributed system as claimed in claim 7, wherein the mobile device F according to the criterion layer F 1 Host device F 2 And server apparatus F 3 Comparing every two to construct a judgment matrix E _ F relative to the target layer E;
calculating the hierarchical list ordering of the criterion layer F according to the factors included in the criterion layer F and checking the consistency of the judgment matrix E _ F, wherein the method comprises the following steps of:
according to the judgment matrix E _ F, the maximum characteristic root lambda of the judgment matrix E _ F is obtained max Its feature vector
Figure FDA0003374196090000034
According to the formula
Figure FDA0003374196090000035
Calculating a consistency index CI, wherein m is the order of the judgment matrix;
according to the formula
Figure FDA0003374196090000036
Calculating a consistency ratio CR, wherein RI represents a random consistency index;
when CR is reached<When 0.1, the consistency of the matrix E _ F is judged to pass the inspection, and the eigenvector W F That is, the hierarchy list ordering obtained by the criterion layer F, otherwise, the judgment matrix E _ F needs to be adjusted until CR<0.1。
9. The dual-hierarchy analysis situation assessment method based on the distributed system as claimed in claim 8, wherein the step of calculating the hierarchical single ordering of the scheme layer G comprises the following steps:
calculating all factors of scheme layer G to factor F of criterion layer F i Hierarchical list ordering of
Figure FDA0003374196090000037
{i|i∈[1,3],i∈N + };
Evaluating a weight vector W according to the current node situation synchronized in the node i D Factor F of obtaining scheme layer G in criterion layer i Hierarchical single ordering of
Figure FDA0003374196090000041
{i|i∈[1,3],i∈N + };
Carrying out consistency check calculation on the hierarchical single sequence of the scheme layer G to obtain a consistency index CI j And a random consistency index RI j Where { j | j ∈ [1,3 ]],j∈N + }。
10. A distributed system based on claim 9The double-layer analysis situation assessment method is characterized in that the total hierarchical ranking of the scheme layer G is obtained according to the two-layer single ranking of the scheme layer G
Figure FDA0003374196090000042
Wherein the content of the first and second substances,
Figure FDA0003374196090000043
{i,j|i∈[1,3],j∈[1,3],i∈N + ,j∈N + };
according to the consistency index CI j And a random consistency index RI j Calculating the total hierarchical ordering of the scheme layer G according to the formula
Figure FDA0003374196090000044
Wherein the content of the first and second substances,
Figure FDA0003374196090000045
the eigenvector representing the decision matrix E _ F, { j | j ∈ [1,3 ]],j∈N + };
When CR is less than 0.1, the total hierarchical ranking passes consistency check, otherwise, the judgment matrix needs to be adjusted until CR is less than 0.1;
and the total hierarchical ordering passing the consistency check is a system situation evaluation weight vector, and the factor corresponding to the highest item of the weight vector is a system safety situation evaluation result.
CN202111412605.8A 2021-11-25 2021-11-25 Dual-level analysis situation assessment method based on distributed system Active CN114065220B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111412605.8A CN114065220B (en) 2021-11-25 2021-11-25 Dual-level analysis situation assessment method based on distributed system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111412605.8A CN114065220B (en) 2021-11-25 2021-11-25 Dual-level analysis situation assessment method based on distributed system

Publications (2)

Publication Number Publication Date
CN114065220A CN114065220A (en) 2022-02-18
CN114065220B true CN114065220B (en) 2022-11-22

Family

ID=80276238

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111412605.8A Active CN114065220B (en) 2021-11-25 2021-11-25 Dual-level analysis situation assessment method based on distributed system

Country Status (1)

Country Link
CN (1) CN114065220B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116939617A (en) * 2022-03-30 2023-10-24 维沃移动通信有限公司 Security state evaluation method and device, electronic equipment and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932419A (en) * 2012-09-25 2013-02-13 浙江图讯科技有限公司 Data storage system for industrial and mining enterprise oriented safety production cloud service platform
CN104933629A (en) * 2015-05-21 2015-09-23 天津大学 Power user equipment evaluation method based on interval level analysis and interval entropy combination
CN108985649A (en) * 2018-08-01 2018-12-11 国电联合动力技术有限公司 Timing ambiguity step analysis appraisal procedure based on wind power equipment anomaly analysis data
CN110417591A (en) * 2019-07-23 2019-11-05 中南民族大学 Ballot node configuration method and system
CN113516065A (en) * 2021-07-03 2021-10-19 北京中建建筑科学研究院有限公司 Data weight measuring and calculating method and device based on block chain, server and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11144342B2 (en) * 2019-03-27 2021-10-12 International Business Machines Corporation Workload execution in a distributed computing infrastructure on candidate nodes identified through plural test deployments
CN110471975B (en) * 2019-08-16 2022-05-03 武汉思普崚技术有限公司 Internet of things situation awareness calling method and device
CN113645190A (en) * 2021-07-12 2021-11-12 中国科学院信息工程研究所 Byzantine fault-tolerant consensus method considering node reputation and block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932419A (en) * 2012-09-25 2013-02-13 浙江图讯科技有限公司 Data storage system for industrial and mining enterprise oriented safety production cloud service platform
CN104933629A (en) * 2015-05-21 2015-09-23 天津大学 Power user equipment evaluation method based on interval level analysis and interval entropy combination
CN108985649A (en) * 2018-08-01 2018-12-11 国电联合动力技术有限公司 Timing ambiguity step analysis appraisal procedure based on wind power equipment anomaly analysis data
CN110417591A (en) * 2019-07-23 2019-11-05 中南民族大学 Ballot node configuration method and system
CN113516065A (en) * 2021-07-03 2021-10-19 北京中建建筑科学研究院有限公司 Data weight measuring and calculating method and device based on block chain, server and storage medium

Also Published As

Publication number Publication date
CN114065220A (en) 2022-02-18

Similar Documents

Publication Publication Date Title
CN110620759B (en) Multi-dimensional association-based network security event hazard index evaluation method and system
CN107395430B (en) Cloud platform dynamic risk access control method
CN111680863A (en) Network environment safety condition evaluation method based on analytic hierarchy process
CN107454105B (en) Multidimensional network security assessment method based on AHP and grey correlation
CN111444514A (en) Information security risk assessment method and device, equipment and storage medium
CN110011976B (en) Network attack destruction capability quantitative evaluation method and system
CN111738817A (en) Method and system for identifying risk community
CN103065050A (en) Health level judging method of information system during operation maintenance period
CN108156114A (en) The key node of power information physical system network attack map determines method and device
CN114065220B (en) Dual-level analysis situation assessment method based on distributed system
CN104320271B (en) A kind of network equipment safety evaluation method and device
CN112287556A (en) Method and device for determining insulation state of cable
CN114444910A (en) Electric power Internet of things-oriented edge network system health degree evaluation method
CN115270266A (en) Slope monitoring state risk judgment method based on improved analytic hierarchy process
CN102299897A (en) Characteristic-association-based peer-to-peer networking characteristic analysis method
Zhao et al. Research on multidimensional system security assessment based on ahp and gray correlation
CN110543417A (en) method and device for evaluating effectiveness of software test
CN105487936A (en) Information system security evaluation method for classified protection under cloud environment
CN115333806A (en) Penetration test attack path planning method and device, electronic equipment and storage medium
CN111654855B (en) Trust updating method in underwater wireless sensor network based on AHP
CN113918435A (en) Application program risk level determination method and device and storage medium
CN114118680A (en) Network security situation assessment method and system
CN112217838A (en) Network attack surface evaluation method based on cloud model theory
CN110991906A (en) Cloud system information security risk assessment method
CN107491576B (en) Missile component reliability analysis method based on performance degradation data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant