CN114285630A - Security domain risk warning method, system and device and readable storage medium - Google Patents
Security domain risk warning method, system and device and readable storage medium Download PDFInfo
- Publication number
- CN114285630A CN114285630A CN202111584026.1A CN202111584026A CN114285630A CN 114285630 A CN114285630 A CN 114285630A CN 202111584026 A CN202111584026 A CN 202111584026A CN 114285630 A CN114285630 A CN 114285630A
- Authority
- CN
- China
- Prior art keywords
- security domain
- risk
- alarm
- threat
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000004364 calculation method Methods 0.000 claims abstract description 19
- 230000001960 triggered effect Effects 0.000 claims abstract description 10
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012423 maintenance Methods 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 6
- 230000004224 protection Effects 0.000 abstract description 15
- 238000004458 analytical method Methods 0.000 abstract description 5
- 238000011156 evaluation Methods 0.000 abstract description 2
- 230000002159 abnormal effect Effects 0.000 description 2
- 239000000126 substance Substances 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000013077 scoring method Methods 0.000 description 1
- 230000002194 synthesizing effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Alarm Systems (AREA)
Abstract
The application discloses a security domain risk warning method, a system, a device and a computer readable storage medium, comprising: acquiring a threat data source of a target security domain; judging the danger level of each network threat in the target security domain by using a preset danger level division rule according to the threat data source; counting the total number of alarms of the target security domain and the number of alarms triggered in the same type of security domain with the same type of the target security domain within a preset time range; obtaining the average alarm number of the same type of security domains by utilizing the alarm number of the same type of security domains; obtaining the grade of the target security domain by utilizing a security domain grade calculation formula, the average alarm quantity, the total alarm quantity and the grade weight corresponding to the danger grade; according to the method, the evaluation method is simplified, the complex data are extracted into the simplified scores, the user can conveniently conduct protection analysis and upgrading on the security domain according to the scores, and the security is improved.
Description
Technical Field
The present invention relates to the field of network security, and in particular, to a security domain risk warning method, system, apparatus, and computer readable storage medium.
Background
With the deep development of informatization, no network is not living, but the network also bears more risks, namely network threat. We need to classify these threats and make specific protection according to the specific threat.
In the prior art, at present, the level of recording threat logs and the like is remained, and a large amount of data is not simplified into simplified evaluation capable of effectively reflecting risk conditions. The security situation of the network domain cannot be reflected relatively accurately, so that the network protection of a layer higher than the protection terminal or the server is firstly performed from the network region.
Therefore, a more simplified and effective security domain security scoring method is needed so that the user can know the overall network situation and make reasonable and effective network protection.
Disclosure of Invention
In view of the above, the present invention provides a security domain risk warning method, system, device and computer readable storage medium, which are more compact and effective, so that a user can know the whole network condition and perform reasonable and effective network protection. The specific scheme is as follows:
a security domain risk warning method comprises the following steps:
acquiring a threat data source of a target security domain;
judging the danger level of each network threat in the target security domain by using a preset danger level division rule according to the threat data source;
counting the total number of alarms of the target security domain and the number of alarms triggered in the same type of security domain with the same type of the target security domain within a preset time range;
obtaining the average alarm number of the same type of security domains by utilizing the alarm number of the same type of security domains;
obtaining the grade of the target security domain by utilizing a security domain grade calculation formula, the average alarm quantity, the total alarm quantity and the grade weight corresponding to the danger grade;
wherein, the security domain score calculation formula is: the safety domain score is 100-;
ph is X/S high risk weight;
pm is Y/S middle risk weight;
pl ═ Z/S ═ low risk weight;
in the formula, S represents the total alarm number, St represents the average alarm number of the security domain, Ph represents the high-risk threat probability, Pm represents the medium-risk threat probability, Pl represents the low-risk threat probability, X represents the high-risk alarm number, Y represents the medium-risk alarm number, and Z represents the low-risk alarm number.
Optionally, the process of acquiring a threat data source of a target security domain includes:
and acquiring the flow, the log, the vulnerability and the operation and maintenance alarm of the target security domain.
Optionally, the process of determining the risk level of each cyber threat in the target security domain according to the threat data source by using a preset risk level classification rule includes:
and according to the data type of the data in the threat data source, respectively obtaining the risk level of each network threat in the threat data source by using a subdivision rule corresponding to the data type in the risk level subdivision rule.
Optionally, the method further includes:
and receiving a time range modification instruction and modifying the time range.
Optionally, after obtaining the score of the target security domain, the method further includes:
and when the score of the target security domain meets a preset alarm condition, generating alarm data so as to remind a user by using the alarm data.
The invention also discloses a security domain risk warning system, which comprises:
the data acquisition module is used for acquiring a threat data source of the target security domain;
the level judgment module is used for judging the danger level of each network threat in the target security domain by using a preset danger level division rule according to the threat data source;
the quantity counting module is used for counting the total number of alarms of the target security domain and the number of alarms triggered in the same type of security domain with the same type of the target security domain within a preset time range;
the average number counting module is used for obtaining the average alarm number of the same type of security domain by utilizing the alarm number of the same type of security domain;
the security domain scoring module is used for obtaining the score of the target security domain by utilizing a security domain scoring calculation formula, the average alarm quantity, the total alarm quantity and the grade weight corresponding to the danger grade;
wherein, the security domain score calculation formula is: the safety domain score is 100-;
ph is X/S high risk weight;
pm is Y/S middle risk weight;
pl ═ Z/S ═ low risk weight;
in the formula, S represents the total alarm number, St represents the average alarm number of the security domain, Ph represents the high-risk threat probability, Pm represents the medium-risk threat probability, Pl represents the low-risk threat probability, X represents the high-risk alarm number, Y represents the medium-risk alarm number, and Z represents the low-risk alarm number.
Optionally, the data obtaining module is specifically configured to obtain a flow, a log, a vulnerability and an operation and maintenance alarm of the target security domain.
Optionally, the level determining module is specifically configured to obtain, according to the data type of the data in the threat data source, the risk level of each network threat in the threat data source by using a subdivision rule corresponding to the data type in the risk level subdivision rule.
Optionally, the method further includes:
and the warning module is used for generating warning data when the score of the target security domain meets a preset warning condition so as to remind a user by using the warning data.
The invention also discloses a security domain risk warning device, which comprises:
a memory for storing a computer program;
a processor for executing said computer program to implement a security domain risk alerting method as described above.
The present invention also discloses a computer readable storage medium, which is characterized in that the computer readable storage medium stores thereon a computer program, and the computer program, when executed by a processor, implements the security domain risk warning method as described above.
The security domain risk warning method comprises the following steps: acquiring a threat data source of a target security domain; judging the danger level of each network threat in the target security domain by using a preset danger level division rule according to the threat data source; counting the total number of alarms of the target security domain and the number of alarms triggered in the same type of security domain with the same type of the target security domain within a preset time range; obtaining the average alarm number of the same type of security domains by utilizing the alarm number of the same type of security domains; obtaining the grade of the target security domain by utilizing a security domain grade calculation formula, the average alarm quantity, the total alarm quantity and the grade weight corresponding to the danger grade; the security domain score calculation formula is as follows: the safety domain score is 100-; ph is X/S high risk weight; pm is Y/S middle risk weight; pl ═ Z/S ═ low risk weight; in the formula, S represents the total alarm number, St represents the average alarm number of a security domain, Ph represents the high-risk threat probability, Pm represents the medium-risk threat probability, Pl represents the low-risk threat probability, X represents the high-risk alarm number, Y represents the medium-risk alarm number, and Z represents the low-risk alarm number.
According to the method and the device, comprehensive analysis is carried out by obtaining the threat data source of the security domain, the risk of the security domain is judged according to the preset multiple judgment conditions, finally the risk condition of the target security domain and the average level of other security domains of the same type are comprehensively considered, the grade of the security domain obtained according to the grading formula can better reflect the safety protection level of the security domain in the whole similar security domain, the judging method is simplified, the complex data is refined into the simplified grade, a user can conveniently carry out protection analysis and upgrading on the security domain according to the grade, and the security is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flow chart of a security domain risk warning method disclosed in the embodiment of the present invention;
fig. 2 is a schematic flow chart of another security domain risk warning method disclosed in the embodiment of the present invention;
fig. 3 is a schematic structural diagram of a security domain risk warning system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a security domain risk warning method, which is shown in figure 1 and comprises the following steps:
s11: and acquiring a threat data source of the target security domain.
Specifically, the threat data source may be any network abnormal information, such as traffic, log, vulnerability, operation and maintenance alarm, and the threat data may be extracted from the source data, for example, abnormal traffic may exist in the traffic, unknown operation and access records may be recorded in the log, the vulnerability is a judgment whether a known vulnerability exists on the system, and the operation and maintenance alarm may record the number of times of being attacked or those security risk operations.
Specifically, a threat data source is obtained, so that the risk level of each network threat in the target security domain is judged according to the threat data source.
S12: and judging the danger level of each network threat in the target security domain by using a preset danger level division rule according to the threat data source.
Specifically, a preset danger level division rule is used for judging a threat level corresponding to a hidden network threat in a threat data source of the security domain, and the alarm threat level can be divided into a high level, a medium level and a low level, and can be set according to actual application requirements.
For example, if a serious vulnerability exists in the threat data source, an external user may be allowed to bypass the firewall to directly modify data, and the network threat of the vulnerability corresponds to a high-risk level in the risk level classification rule, then a network threat of a high-risk level exists in the target security domain, and if a vulnerability only allows the external user to establish connection with the target security domain, but cannot be modified and checked, then the risk level corresponding to the network threat caused by the vulnerability may be determined as a low-risk level.
S13: and counting the total number of alarms of the target security domain and the number of alarms triggered in the same security domain with the same category as the target security domain within a preset time range.
Specifically, since the calculation with the full data is not realized in the context of big data, and the reference significance is not large, the alarm number is set to be counted within a preset time range, the alarm total number of the target security domain can be counted at first, the counting of the alarm total number can be obtained by utilizing the judgment process of the risk level, after the network threat exists in the threat data source of the security domain, no matter how many the risk level is, even if the risk level is low, the alarm frequency is done once, and certainly, if no risk exists, the network threat is not done, and the counting is naturally not done.
Specifically, in order to embody the overall protection level, avoid over-highlighting the safety risk of individual safety domains and avoid over-protection, the alarm quantity triggered in the same safety domain with the same category as the target safety domain is counted, and the safety domain is compared with the safety domain.
S14: obtaining the average alarm number of the same type of security domains by utilizing the alarm number of the same type of security domains;
s15: obtaining the grade of the target security domain by utilizing a security domain grade calculation formula, the average alarm quantity, the total alarm quantity and the grade weight corresponding to the danger grade;
the security domain score calculation formula is as follows: the safety domain score is 100-;
ph is X/S high risk weight;
pm is Y/S middle risk weight;
pl ═ Z/S ═ low risk weight;
in the formula, S represents the total alarm number, St represents the average alarm number of a security domain, Ph represents the high-risk threat probability, Pm represents the medium-risk threat probability, Pl represents the low-risk threat probability, X represents the high-risk alarm number, Y represents the medium-risk alarm number, and Z represents the low-risk alarm number.
Specifically, the target safety score is calculated by using a safety domain score calculation formula, wherein the high-risk alarm quantity, the medium-risk alarm quantity and the low-risk alarm quantity are obtained based on the risk level judgment and the alarm total number statistics, and alarm data of each risk level can be respectively counted, wherein the high-risk weight, the medium-risk weight and the low-risk weight are preset values and can be set according to actual application requirements, for example, the high-risk weight, the medium-risk weight and the low-risk weight can be respectively set to 0.5, 0.3 and 0.2, wherein the total weight can be set according to the alarm total number or the safety domain alarm average number, and the embodiment of the invention can be set to 0.01.
Further, the score of the target security domain may correspond to different risk levels, for example, the high risk is [0,60) score, the medium risk is [60,75) score, the low risk is [75,95) score, and the security is [95,100] score, and the lower the score, the more dangerous the asset is, although the grade may also be adjusted according to the specific situation of the application service. After the security domain score is calculated, the security domain grade is divided according to the score, and the grade can represent the security state of the network area, so that enterprises can be helped to better conduct different network protections aiming at different network areas.
It is understood that if the security domain has no alarm, the domain score may be 100 points full, and if the score result is negative, the domain score may be zero.
Therefore, the embodiment of the invention comprehensively analyzes the threat data source of the security domain, judges the risk of the security domain according to the preset multiple judgment conditions, comprehensively considers the risk condition of the target security domain and the average level of other security domains of the same type, obtains the grade of the security domain according to the grade formula, can better integrally reflect the safety protection level of the security domain in the integral security domain of the same type, simplifies the judging method, refines the complex data into the simplified grade, facilitates the user to quickly perform protection analysis and upgrade on the security domain according to the grade, and improves the security.
The embodiment of the invention discloses a specific security domain risk warning method, and compared with the previous embodiment, the embodiment further explains and optimizes the technical scheme. Referring to fig. 2, specifically:
s21: acquiring a threat data source of a target security domain;
s22: and according to the data type of the data in the threat data source, respectively obtaining the risk level of each network threat in the threat data source by using the subdivision rule corresponding to the data type in the risk level subdivision rule.
Specifically, the threat data source may include a plurality of data types such as logs and/or vulnerabilities and/or traffic, and the risk condition and the level corresponding to each data type are different, so that a subdivision rule corresponding to each data type is recorded in the risk level subdivision rule, for example, a traffic subdivision rule corresponding to the traffic, a log subdivision rule corresponding to the log, and the like, and then the risk level of each network threat in the threat data source may be obtained respectively.
S23: counting the total number of alarms of the target security domain and the number of alarms triggered in the same type of security domain with the same type of the target security domain within a preset time range;
s24: obtaining the average alarm number of the same type of security domains by utilizing the alarm number of the same type of security domains;
s25: obtaining the grade of the target security domain by utilizing a security domain grade calculation formula, the average alarm quantity, the total alarm quantity and the grade weight corresponding to the danger grade;
the security domain score calculation formula is as follows: the safety domain score is 100-;
ph is X/S high risk weight;
pm is Y/S middle risk weight;
pl ═ Z/S ═ low risk weight;
in the formula, S represents the total alarm number, St represents the average alarm number of a security domain, Ph represents the high-risk threat probability, Pm represents the medium-risk threat probability, Pl represents the low-risk threat probability, X represents the high-risk alarm number, Y represents the medium-risk alarm number, and Z represents the low-risk alarm number.
S26: and when the score of the target security domain meets the preset alarm condition, generating alarm data so as to remind the user by using the alarm data.
Specifically, when the score of the target security domain meets preset alarm conditions, for example, the high risk is [0,60) score, the medium risk is [60,75) score, the low risk is [75,95) score, and the security is [95,100], the alarm conditions are to alarm for the high risk, the medium risk and the low risk and generate corresponding alarm data, the alarm data can record the content of the risk level, the specific score, even the specific threat data source and the like, and send the content to the user terminal and display the content, so as to prompt the user security domain to perform security upgrade in time.
S27: and receiving a time range modification instruction and modifying the time range.
Specifically, the time range can be freely set, and can be freely set according to the actual situation in the network, and the statistical mode is more flexible and effective than that of the fixed time range.
Correspondingly, the embodiment of the present invention further discloses a security domain risk warning system, as shown in fig. 3, the system includes:
the data acquisition module 11 is configured to acquire a threat data source of a target security domain;
the level judgment module 12 is used for judging the danger level of each network threat in the target security domain by using a preset danger level division rule according to the threat data source;
the quantity counting module 13 is configured to count the total number of alarms in the target security domain and the number of alarms triggered in the same type of security domain with the same category as the target security domain within a preset time range;
the average number counting module 14 is configured to obtain an average alarm number of the same-class security domain by using the alarm number of the same-class security domain;
the security domain scoring module 15 is configured to obtain a score of the target security domain by using a security domain scoring calculation formula, the average alarm number, the total number of alarms, and a level weight corresponding to the risk level;
the security domain score calculation formula is as follows: the safety domain score is 100-;
ph is X/S high risk weight;
pm is Y/S middle risk weight;
pl ═ Z/S ═ low risk weight;
in the formula, S represents the total alarm number, St represents the average alarm number of a security domain, Ph represents the high-risk threat probability, Pm represents the medium-risk threat probability, Pl represents the low-risk threat probability, X represents the high-risk alarm number, Y represents the medium-risk alarm number, and Z represents the low-risk alarm number.
Therefore, the embodiment of the invention comprehensively analyzes the threat data source of the security domain, judges the risk of the security domain according to the preset multiple judgment conditions, comprehensively considers the risk condition of the target security domain and the average level of other security domains of the same type, obtains the grade of the security domain according to the grade formula, can better integrally reflect the safety protection level of the security domain in the integral security domain of the same type, simplifies the judging method, refines the complex data into the simplified grade, facilitates the user to quickly perform protection analysis and upgrade on the security domain according to the grade, and improves the security.
Specifically, the data obtaining module 11 is specifically configured to obtain a flow, a log, a vulnerability and an operation and maintenance alarm of the target security domain.
Specifically, the grade determining module 12 may include: a sub-level judgment unit and a comprehensive judgment unit; wherein the content of the first and second substances,
the sub-grade judging unit is used for respectively obtaining sub-danger grades of all data types in the threat data source by utilizing sub-division rules corresponding to the data types in the danger grade division rules according to the data types of the data in the threat data source;
and the comprehensive judgment unit is used for synthesizing the sub-risk levels of the data types to obtain the risk level.
Specifically, the method may further include: the alarm module and the time modification module; wherein the content of the first and second substances,
and the warning module is used for generating warning data when the grade of the target security domain meets the preset warning condition so as to remind the user by using the warning data.
And the time modification module is used for receiving the time range modification instruction and modifying the time range.
In addition, the embodiment of the invention also discloses a security domain risk warning device, which comprises:
a memory for storing a computer program;
a processor for executing a computer program to implement a security domain risk alerting method as described above.
In addition, the embodiment of the present invention further discloses a computer readable storage medium, where a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the security domain risk warning method as described above is implemented.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The technical content provided by the present invention is described in detail above, and the principle and the implementation of the present invention are explained in this document by applying specific examples, and the above description of the examples is only used to help understanding the method of the present invention and the core idea thereof; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A security domain risk warning method is characterized by comprising the following steps:
acquiring a threat data source of a target security domain;
judging the danger level of the target security domain by using a preset danger level division rule according to the threat data source;
counting the total number of alarms of the target security domain and the number of alarms triggered in the same type of security domain with the same type of the target security domain within a preset time range;
obtaining the average alarm number of the same type of security domains by utilizing the alarm number of the same type of security domains;
obtaining the grade of the target security domain by utilizing a security domain grade calculation formula, the average alarm quantity, the total alarm quantity and the grade weight corresponding to the danger grade;
wherein, the security domain score calculation formula is: the safety domain score is 100-;
ph is X/S high risk weight;
pm is Y/S middle risk weight;
pl ═ Z/S ═ low risk weight;
in the formula, S represents the total alarm number, St represents the average alarm number of the security domain, Ph represents the high-risk threat probability, Pm represents the medium-risk threat probability, Pl represents the low-risk threat probability, X represents the high-risk alarm number, Y represents the medium-risk alarm number, and Z represents the low-risk alarm number.
2. The security domain risk alerting method of claim 1, wherein the process of obtaining a threat data source of a target security domain comprises:
and acquiring the flow, the log, the vulnerability and the operation and maintenance alarm of the target security domain.
3. The security domain risk warning method according to claim 1, wherein the step of determining the risk level of each cyber threat in the target security domain according to the threat data source by using a preset risk level classification rule includes:
and according to the data type of the data in the threat data source, respectively obtaining the risk level of each network threat in the threat data source by using a subdivision rule corresponding to the data type in the risk level subdivision rule.
4. The security domain risk alerting method of any of claims 1 to 3, further comprising:
and receiving a time range modification instruction and modifying the time range.
5. The security domain risk alerting method of any of claims 1 to 3, wherein after obtaining the score of the target security domain, the method further comprises:
and when the score of the target security domain meets a preset alarm condition, generating alarm data so as to remind a user by using the alarm data.
6. A security domain risk alarm system, comprising:
the data acquisition module is used for acquiring a threat data source of the target security domain;
the level judgment module is used for judging the danger level of each network threat in the target security domain by using a preset danger level division rule according to the threat data source;
the quantity counting module is used for counting the total number of alarms of the target security domain and the number of alarms triggered in the same type of security domain with the same type of the target security domain within a preset time range;
the average number counting module is used for obtaining the average alarm number of the same type of security domain by utilizing the alarm number of the same type of security domain;
the security domain scoring module is used for obtaining the score of the target security domain by utilizing a security domain scoring calculation formula, the average alarm quantity, the total alarm quantity and the grade weight corresponding to the danger grade;
wherein, the security domain score calculation formula is: the safety domain score is 100-;
ph is X/S high risk weight;
pm is Y/S middle risk weight;
pl ═ Z/S ═ low risk weight;
in the formula, S represents the total alarm number, St represents the average alarm number of the security domain, Ph represents the high-risk threat probability, Pm represents the medium-risk threat probability, Pl represents the low-risk threat probability, X represents the high-risk alarm number, Y represents the medium-risk alarm number, and Z represents the low-risk alarm number.
7. The security domain risk alarm system according to claim 5, wherein the level determining module is specifically configured to obtain, according to a data type of data in the threat data source, a risk level of each network threat in the threat data source by using a sub-classification rule corresponding to the data type in the risk level classification rule.
8. The security domain risk alarm system of claim 6 or 7, further comprising:
and the warning module is used for generating warning data when the score of the target security domain meets a preset warning condition so as to remind a user by using the warning data.
9. A security domain risk alerting device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the security domain risk alerting method of any of claims 1 to 5.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, implements the security domain risk alerting method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111584026.1A CN114285630B (en) | 2021-12-22 | 2021-12-22 | Security domain risk warning method, system, device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111584026.1A CN114285630B (en) | 2021-12-22 | 2021-12-22 | Security domain risk warning method, system, device and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114285630A true CN114285630A (en) | 2022-04-05 |
| CN114285630B CN114285630B (en) | 2024-03-22 |
Family
ID=80874005
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111584026.1A Active CN114285630B (en) | 2021-12-22 | 2021-12-22 | Security domain risk warning method, system, device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285630B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114679339A (en) * | 2022-05-26 | 2022-06-28 | 杭州安恒信息技术股份有限公司 | Internet of things asset scoring method, device, equipment and medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160226905A1 (en) * | 2015-01-30 | 2016-08-04 | Securonix, Inc. | Risk Scoring For Threat Assessment |
| CN105915402A (en) * | 2016-07-05 | 2016-08-31 | 杨林 | Industrial control network security protection system |
| CN110443515A (en) * | 2019-08-09 | 2019-11-12 | 杭州安恒信息技术股份有限公司 | Internet of Things safety detection method and system based on threat index |
| CN110852641A (en) * | 2019-11-15 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Asset data monitoring method, system and related device |
| CN110851839A (en) * | 2019-11-12 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Risk-based asset scoring method and system |
| CN111859393A (en) * | 2020-07-20 | 2020-10-30 | 交通运输信息安全中心有限公司 | Risk assessment system and method based on situation awareness alarm |
| CN111865982A (en) * | 2020-07-20 | 2020-10-30 | 交通运输信息安全中心有限公司 | Threat assessment system and method based on situation awareness alarm |
| CN112181781A (en) * | 2020-10-15 | 2021-01-05 | 新华三信息安全技术有限公司 | Host security threat degree warning method, device, equipment and storage medium |
-
2021
- 2021-12-22 CN CN202111584026.1A patent/CN114285630B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160226905A1 (en) * | 2015-01-30 | 2016-08-04 | Securonix, Inc. | Risk Scoring For Threat Assessment |
| CN105915402A (en) * | 2016-07-05 | 2016-08-31 | 杨林 | Industrial control network security protection system |
| CN110443515A (en) * | 2019-08-09 | 2019-11-12 | 杭州安恒信息技术股份有限公司 | Internet of Things safety detection method and system based on threat index |
| CN110851839A (en) * | 2019-11-12 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Risk-based asset scoring method and system |
| CN110852641A (en) * | 2019-11-15 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Asset data monitoring method, system and related device |
| CN111859393A (en) * | 2020-07-20 | 2020-10-30 | 交通运输信息安全中心有限公司 | Risk assessment system and method based on situation awareness alarm |
| CN111865982A (en) * | 2020-07-20 | 2020-10-30 | 交通运输信息安全中心有限公司 | Threat assessment system and method based on situation awareness alarm |
| CN112181781A (en) * | 2020-10-15 | 2021-01-05 | 新华三信息安全技术有限公司 | Host security threat degree warning method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 李伟明;雷杰;董静;李之棠;: "一种优化的实时网络安全风险量化方法", 计算机学报, no. 04, 15 April 2009 (2009-04-15) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114679339A (en) * | 2022-05-26 | 2022-06-28 | 杭州安恒信息技术股份有限公司 | Internet of things asset scoring method, device, equipment and medium |
| CN114679339B (en) * | 2022-05-26 | 2022-08-26 | 杭州安恒信息技术股份有限公司 | Internet of things asset scoring method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114285630B (en) | 2024-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110620759B (en) | Multi-dimensional association-based network security event hazard index evaluation method and system | |
| EP2892197B1 (en) | Determination of a threat score for an IP address | |
| EP2498198B1 (en) | Information system security based on threat vectors | |
| US20090106843A1 (en) | Security risk evaluation method for effective threat management | |
| AU2015339456A1 (en) | System and method for automatic calculation of cyber-risk in business- critical applications | |
| CN111565184A (en) | Network security assessment device, method, equipment and medium | |
| KR102088310B1 (en) | Risk Index Correction System Based on Attack Frequency, Asset Importance, and Severity | |
| CN104509034A (en) | Pattern consolidation to identify malicious activity | |
| CN110598404A (en) | Security risk monitoring method, monitoring device, server and storage medium | |
| CN110351248B (en) | Safety protection method and device based on intelligent analysis and intelligent current limiting | |
| CN110620696A (en) | Grading method and device for enterprise network security situation awareness | |
| CN114598504B (en) | Risk assessment method and device, electronic equipment and readable storage medium | |
| CN113839817A (en) | Network asset risk assessment method, device and system | |
| KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
| Ramesh et al. | Identification of phishing webpages and its target domains by analyzing the feign relationship | |
| CN109639726A (en) | Intrusion detection method, device, system, equipment and storage medium | |
| CN115277490A (en) | Network target range evaluation method, system, equipment and storage medium | |
| CN114285630A (en) | Security domain risk warning method, system and device and readable storage medium | |
| CN116846619A (en) | Automatic network security risk assessment method, system and readable storage medium | |
| CN114866296A (en) | Intrusion detection method, device, equipment and readable storage medium | |
| Mishra et al. | Optimal configuration of intrusion detection systems | |
| CN117478433A (en) | Network and information security dynamic early warning system | |
| CN116938600A (en) | Threat event analysis method, electronic device and storage medium | |
| CN115632884B (en) | Network security situation perception method and system based on event analysis | |
| KR101081875B1 (en) | Prealarm system and method for danger of information system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |