CN114386779A - Network security state evaluation method, system, computer and readable storage medium - Google Patents

Network security state evaluation method, system, computer and readable storage medium Download PDF

Info

Publication number
CN114386779A
CN114386779A CN202111581717.6A CN202111581717A CN114386779A CN 114386779 A CN114386779 A CN 114386779A CN 202111581717 A CN202111581717 A CN 202111581717A CN 114386779 A CN114386779 A CN 114386779A
Authority
CN
China
Prior art keywords
deduction
evaluation
network security
preset
security state
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111581717.6A
Other languages
Chinese (zh)
Inventor
金江焕
钟军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Anheng Information Security Technology Co Ltd
Original Assignee
Hangzhou Anheng Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Anheng Information Security Technology Co Ltd filed Critical Hangzhou Anheng Information Security Technology Co Ltd
Priority to CN202111581717.6A priority Critical patent/CN114386779A/en
Publication of CN114386779A publication Critical patent/CN114386779A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/40Business processes related to the transportation industry

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Educational Administration (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to a network security state evaluation method, a system, a computer and a readable storage medium, wherein the method comprises the following steps: obtaining evaluation parameters in the current network environment of a user; calculating a deduction value corresponding to each preset deduction index according to a preset evaluation model and the evaluation parameter; and calculating a score value corresponding to the current network security state according to the score value, and searching a corresponding network security state grade in a preset network state evaluation table according to the score value. By the method, the corresponding score value can be calculated according to the comprehensive evaluation parameters, the corresponding network security state grade is obtained, the evaluation result is comprehensive, the accuracy of the evaluation result is improved, a high reference value can be provided for a user, and the use experience of the user is greatly improved.

Description

Network security state evaluation method, system, computer and readable storage medium
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a method, a system, a computer, and a readable storage medium for evaluating a network security status.
Background
With the construction of the network environment and the business system of each work unit, the network security problem is also becoming the focus of the user's attention. There are many network security products currently used to monitor and prevent network security problems, but users often need to know a network security overview, wherein it is a common way to represent the current network security status by a numerical value or level.
However, most of the existing network security state evaluation methods only concern the number of network security problems, so that the evaluation result is relatively one-sided and does not have high reference value, and the use experience of users is reduced.
Aiming at the problems that the evaluation of the network security state is not comprehensive enough and the evaluation result is not accurate enough in the related technology, no good solution is provided at present.
Disclosure of Invention
Based on this, embodiments of the present application provide a method, a system, a computer, and a readable storage medium for evaluating a network security state, so as to at least solve the problems in the related art that the evaluation of the network security state is not comprehensive enough and the evaluation result is not accurate enough.
In a first aspect, an embodiment of the present application provides a network security state evaluation method, where the method includes:
obtaining evaluation parameters in the current network environment of a user;
calculating a deduction value corresponding to each preset deduction index according to a preset evaluation model and the evaluation parameter;
and calculating a score value corresponding to the current network security state according to the score value, and searching a corresponding network security state grade in a preset network state evaluation table according to the score value.
In some embodiments, the step of obtaining the evaluation parameter in the current network environment of the user comprises:
acquiring an information standing book in the current network environment of a user;
and counting the evaluation parameters according to the information ledger, wherein the evaluation parameters comprise the total number of the service systems, the total number of the servers, the total number of the unprocessed safety events and the total number of the unprocessed risk hazards.
In some embodiments, the predetermined deduction index comprises a security event;
the step of calculating the deduction value corresponding to the safety event according to a preset evaluation model and the evaluation parameters comprises the following steps:
determining an event grade corresponding to a current safety event in a preset first division list so as to determine a first deduction standard value corresponding to the current safety event;
and calculating the deduction value corresponding to the current safety event according to the first deduction standard value and a first deduction coefficient corresponding to the type of the safety event.
In some embodiments, the preset deduction index includes a risk;
the step of calculating the deduction value corresponding to the risk potential according to a preset evaluation model and the evaluation parameters comprises the following steps:
determining a hidden danger grade corresponding to the current hidden danger in a preset second division list so as to determine a second deduction standard value corresponding to the current hidden danger;
and calculating a deduction value corresponding to the current risk hidden danger according to the second deduction standard value and a second deduction coefficient corresponding to the risk hidden danger type.
In some embodiments, the step of calculating a score value corresponding to the current network security status according to the score value, and finding a corresponding network security status level in a preset network status evaluation table according to the score value includes:
and calculating the score value corresponding to the current network security state according to the score deduction value by using a formula as follows:
N=100—A—B
and N is the score value, A is the deduction value corresponding to the safety event, and B is the deduction value corresponding to the risk hidden danger.
In a second aspect, an embodiment of the present application provides a network security state evaluation system, where the system includes:
the acquisition module is used for acquiring the evaluation parameters in the current network environment of the user;
the calculation module is used for calculating a deduction value corresponding to each preset deduction index according to a preset evaluation model and the evaluation parameters;
and the evaluation module is used for calculating a score value corresponding to the current network security state according to the score value and finding out the corresponding network security state grade in a preset network state evaluation table according to the score value.
In some embodiments, the obtaining module in the network security status evaluation system is specifically configured to:
acquiring an information standing book in the current network environment of a user;
and counting the evaluation parameters according to the information ledger, wherein the evaluation parameters comprise the total number of the service systems, the total number of the servers, the total number of the safety events finished for processing and the total number of the risk hidden dangers finished without processing.
In some embodiments, the preset deduction index in the network security state evaluation system includes a security event;
if the preset deduction index is the safety event, the calculation module is specifically configured to:
determining an event grade corresponding to a current safety event in a preset first division list so as to determine a first deduction standard value corresponding to the current safety event;
and calculating the deduction value corresponding to the current safety event according to the first deduction standard value and a first deduction coefficient corresponding to the type of the safety event.
In some embodiments, the preset deduction index in the network security state assessment system includes a risk;
if the preset deduction index is the risk potential, the calculation module is specifically configured to:
determining a hidden danger grade corresponding to the current hidden danger in a preset second division list so as to determine a second deduction standard value corresponding to the current hidden danger;
and calculating a deduction value corresponding to the current risk hidden danger according to the second deduction standard value and a second deduction coefficient corresponding to the risk hidden danger type.
In some embodiments, the evaluation module in the network security status evaluation system is specifically configured to:
the formula for calculating the score value corresponding to the current network security state according to the score deduction value is as follows:
N=100—A—B
and N is the score value, A is the deduction value corresponding to the safety event, and B is the deduction value corresponding to the risk hidden danger.
In a third aspect, an embodiment of the present application provides a computer, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the network security state evaluation method as described above when executing the computer program.
In a fourth aspect, the present application provides a readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the network security state assessment method as described above.
Compared with the related art, the network security state assessment method, the system, the computer and the readable storage medium provided by the embodiment of the application firstly obtain the assessment parameters in the current network environment of the user, further calculate the deduction values corresponding to the preset deduction indexes according to the preset assessment model and the obtained assessment parameters, and finally further calculate the scoring values corresponding to the current network security state according to the calculated deduction values, so that the corresponding network security state grades can be simply and conveniently found in the preset network state assessment table according to the scoring values. By the method, the corresponding score value can be calculated according to the comprehensive evaluation parameters, and the corresponding network security state grade can be obtained, so that the problems that the network security state evaluation is not comprehensive enough and the evaluation result is not accurate enough are solved, and a more accurate and reliable evaluation result is provided.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart of a network security state evaluation method according to a first embodiment of the present application;
fig. 2 is a flowchart of a network security state evaluation method according to a second embodiment of the present application;
fig. 3 is a block diagram of a network security status evaluation system according to a third embodiment of the present application;
fig. 4 is a block diagram of a computer according to a fourth embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
Most of the existing network security state evaluation methods only concern the number of network security problems, so that the evaluation result is relatively one-sided, the evaluation result does not have high reference value, and the use experience of users is reduced.
Referring to fig. 1, it is shown that the network security state assessment method according to the first embodiment of the present invention can calculate a corresponding score value according to a comprehensive assessment parameter, and obtain a corresponding network security state level, and the assessment result is comprehensive, so that a high reference value can be provided for a user, and the user experience of the user is greatly improved.
Specifically, the method for evaluating the network security status provided by this embodiment specifically includes the following steps:
step S10, obtaining the evaluation parameters of the user in the current network environment;
specifically, in this embodiment, it should be noted that, in an actual use process, the network security status evaluation method provided in this embodiment is specifically applied to a network system of each user, each network system has a corresponding network environment, and the user may be an enterprise, a person, a school, and the like, which are all within the coverage of this embodiment.
Therefore, in this embodiment, in order to accurately evaluate the network environment of each user, it is necessary to first accurately obtain evaluation parameters in the current network environment of the user, where the evaluation parameters specifically include the total number of service systems, the total number of servers, the total number of devices, the total number of unaddressed security events at each level, and the total number of unaddressed risk hazards at each level.
Step S20, calculating a deduction value corresponding to each preset deduction index according to a preset evaluation model and the evaluation parameters;
further, in this step, it should be noted that, in this embodiment, an evaluation model is written in advance, the total evaluation score preset by the evaluation model is 100 scores, in addition, a plurality of score indicators are also preset in the evaluation model, and the score weights corresponding to each score indicator are different.
Therefore, in this embodiment, when the calculated deduction value corresponding to each deduction index is 0, the score of the current user network environment is 100 points;
when the deduction value calculated by each deduction index according to the evaluation model and the evaluation parameters is larger than 0, the deduction value of each deduction value needs to be subtracted from the total evaluation score, and the credit value of the current network environment of the user can be obtained.
Step S30, calculating the score value corresponding to the current network security state according to the score value, and finding out the corresponding network security state grade in the preset network state evaluation table according to the score value.
Finally, in this embodiment, when the deduction values are calculated in the step S20, the total evaluation score is subtracted from the calculated deduction values, so as to finally obtain the deduction value of the current network environment of the user.
Further, in this step, when the score of the current network environment of the user is finally obtained, the corresponding network security state level is found in the preset network state evaluation table according to the score.
Specifically, in this embodiment, a preset network state evaluation table is provided with a plurality of network security state levels, which are in turn: safety, low-risk, medium-risk and high-risk, and each network safety state level has a corresponding score range, namely:
safety: score ═ 90,100 ];
low risk: score [75, 90);
medium risk: score [60, 75);
high risk: score ═ 0, 60);
therefore, in this step, when the score of the current network environment of the user is calculated, the corresponding network security status level can be found in the network status evaluation table, and finally the user is informed, so that the user can clearly know the security status of the current network environment.
When the method is used, the assessment parameters in the current network environment of the user are obtained, the deduction values corresponding to the preset deduction indexes are further calculated according to the preset assessment model and the obtained assessment parameters, and finally the scoring values corresponding to the current network safety state are further calculated according to the calculated deduction values, so that the corresponding network safety state grades can be simply and conveniently found out in a preset network state assessment table according to the scoring values. By the aid of the method, the corresponding score value can be calculated according to the comprehensive evaluation parameters, the corresponding network security state grade is obtained, the evaluation result is comprehensive, the problems that the network security state evaluation is not comprehensive enough and the evaluation result is not accurate enough are solved, the accuracy of the evaluation result is improved, a high reference value can be provided for a user, and the use experience of the user is greatly improved.
It should be noted that the implementation procedure described above is only for illustrating the applicability of the present application, but this does not represent that the network security state assessment method of the present application has only the above-mentioned implementation procedure, and on the contrary, the network security state assessment method of the present application can be incorporated into the feasible embodiments of the present application as long as it can be implemented.
In summary, the network security state assessment method in the embodiments of the present invention can calculate the corresponding score value according to the comprehensive assessment parameters, and obtain the corresponding network security state level, so that the assessment result is comprehensive, the problems that the network security state assessment is not comprehensive enough and the assessment result is not accurate enough are solved, the accuracy of the assessment result is improved, a high reference value can be provided for the user, and the user experience of the user is greatly improved.
Referring to fig. 2, a network security status evaluation method according to a second embodiment of the present invention is shown, and the network security status evaluation method according to the present embodiment is also specifically applied to a network system of each user, each network system has a corresponding network environment, and the user may be an enterprise, a person, a school, and the like, and is within the coverage of the present embodiment.
Specifically, the method for evaluating the network security status provided by this embodiment specifically includes the following steps:
step S11, obtaining the information ledger in the current network environment of the user; and counting the evaluation parameters according to the information ledger, wherein the evaluation parameters comprise the total number of the service systems, the total number of the servers, the total number of the unprocessed safety events and the total number of the unprocessed risk hazards.
Specifically, in this embodiment, similarly, in order to accurately obtain the evaluation value of the current network environment of the user, in this embodiment, an information ledger in the network environment of the current user is first obtained, specifically, each basic parameter required for evaluation is stored and counted in the information ledger, and the basic parameter is an evaluation parameter required for evaluation.
Further, in this step, a required evaluation parameter is calculated according to the obtained information ledger, and specifically, the evaluation parameter includes a total number of the service systems, a total number of the servers, a total number of the unprocessed security events, and a total number of the unprocessed risk hazards.
In this embodiment, the preset deduction index includes a security event;
further, if the preset deduction index is the safety event, calculating a deduction value corresponding to the safety event according to a preset evaluation model and the evaluation parameter through the following step S21;
step S21, determining an event grade corresponding to the current safety event in a preset first division list so as to determine a first deduction standard value corresponding to the current safety event; and calculating the deduction value corresponding to the current safety event according to the first deduction standard value and a first deduction coefficient corresponding to the type of the safety event.
Specifically, in the present embodiment, the total evaluation score set in the preset evaluation model is 100 scores, and the upper limit of the deduction score of the current safety event is 40%, that is, 40 scores.
Further, the security events are specifically divided into: there was a particularly significant event (noted E1) that was not handled for completion, 20 points per trip; there was a significant event (denoted E2) that was not handled for completion, 10 points per trip; there are major events (denoted as E3) that are not handled for completion, 5 points per deduction; there is a general event (denoted as E4) that is not handled for completion, with 1 point per deduction, i.e. the first score criterion value corresponding to the above-mentioned first partition list and the current security event.
Further, a corresponding deduction coefficient of each evaluation parameter is set, namely:
service system problem occurrence coefficient (I): if the security event is targeted to the service system, the corresponding factor is 1.0, for example: the A unit has 100 business systems, and there are 1 particularly significant events that are not completed by the treatment, and the deduction is: 20/(1.0 × 100) ═ 0.2 min; the B unit has 10 business systems, there are 1 particularly significant events that are not handled for completion, and the deduction is: 20/(1.0 × 10) ═ 2 minutes. Therefore, when there are 1 outstanding significant events, the total number of which is different, the score values are different.
Server problem occurrence coefficient (S): if the security event is targeted to the server, the corresponding factor is 2.0.
Other equipment problem incidence coefficient (C): if the security event is targeted to the server, the corresponding factor is 5.0.
And the formula for the calculation of the security event is:
security event deduction ═ traffic system portion ((number of E1 × 20+ number of E2 × 10+ number of E3 × 5+ number of E4 × 1)/(1.0 × traffic system total)) + server portion ((number of E1 × 20+ number of E2 × 10+ number of E3 × 5+ number of E4 × 1)/(2.0 ×) + other equipment portion ((number of E1 × 20+ number of E2 × 10+ number of E3 × 5+ number of E4 × 1)/(5.0 ×) traffic system total)).
Therefore, the deduction value corresponding to the safety event can be accurately calculated finally.
In this embodiment, the preset deduction index includes a risk;
if the preset deduction index is the risk potential, the step of calculating the deduction value corresponding to the risk potential according to a preset evaluation model and the evaluation parameters comprises the following steps:
step S31, determining a hidden danger level corresponding to the current hidden danger in a preset second division list so as to determine a second deduction standard value corresponding to the current hidden danger; and calculating a deduction value corresponding to the current risk hidden danger according to the second deduction standard value and a second deduction coefficient corresponding to the risk hidden danger type.
Specifically, in this step, the upper limit of the risk is 40%, that is, 40 points.
Further, the risk hazards are specifically divided into: there is an emergency risk potential (denoted as R1) of incomplete disposal, 10 points per trip; high-risk potential risks (marked as R2) of incomplete disposal exist, and each time the knot is pulled up for 5 minutes; the risk potential (marked as R3) of medium risk without finishing the treatment exists, and each time the risk is deducted by 1; and (4) low-risk potential risks (marked as R4) which are not finished by treatment exist, and each deduction is 0.5, namely the second division list and a second deduction standard value corresponding to the current potential risks.
Further, a corresponding deduction coefficient of each evaluation parameter is set, namely: service system problem occurrence coefficient (I): if the target of the security event and the risk hazard is of the service system, the corresponding coefficient is 1.0, for example: the A unit has 100 business systems, and there are 1 particularly significant events that are not completed by the treatment, and the deduction is: 20/(1.0 × 100) ═ 0.2 min; the B unit has 10 business systems, there are 1 particularly significant events that are not handled for completion, and the deduction is: 20/(1.0 × 10) ═ 2 minutes. Therefore, when there are 1 outstanding significant events, the total number of which is different, the score values are different.
Server problem occurrence coefficient (S): if the target of the security event and the risk hazard is server, the corresponding coefficient is 2.0.
Other equipment problem incidence coefficient (C): if the target of the security event and the risk hazard is server, the corresponding coefficient is 5.0.
And the calculation formula of the risk hidden danger is as follows:
risk deduction ═ business system portion ((number of R1 × 10+ number of R2 × 5+ number of R3 × 1+ number of R4 × 0.1)/(1.0 × business system total)) + server portion ((number of R1 × 10+ number of R2 × 5+ number of R3 × 1+ number of R4 × 0.1)/(2.0 ×) + other equipment portion ((number of R1 × 10+ number of R2 × 5+ number of R3 × 1+ number of R4 × 0.1)/(5.0 total business system)).
Therefore, the deduction value corresponding to the safety event can be accurately calculated finally.
The deduction coefficient, the incidence coefficient and the state division scoring range can be manually adjusted according to actual conditions, and specific values need to be evaluated and confirmed by experts according to the current safety condition and safety requirement of a unit.
Step S41, calculating the score value corresponding to the current network security state according to the score value, and finding out the corresponding network security state grade in the preset network state evaluation table according to the score value.
Finally, in this embodiment, when the deduction values are calculated in the step S20, the total evaluation score is subtracted from the calculated deduction values, so as to finally obtain the deduction value of the current network environment of the user.
Further, in this step, when the score of the current network environment of the user is finally obtained, the corresponding network security state level is found in the preset network state evaluation table according to the score.
Specifically, in this embodiment, a preset network state evaluation table is provided with a plurality of network security state levels, which are in turn: safety, low-risk, medium-risk and high-risk, and each network safety state level has a corresponding score range, namely:
safety: score ═ 90,100 ];
low risk: score [75, 90);
medium risk: score [60, 75);
high risk: score ═ 0, 60);
therefore, in this step, when the score of the current network environment of the user is calculated, the corresponding network security status level can be found in the network status evaluation table, and finally the user is informed, so that the user can clearly know the security status of the current network environment.
In this embodiment, the step of calculating a score value corresponding to the current network security status according to the score value and finding a corresponding network security status level in a preset network status evaluation table according to the score value includes:
the formula for calculating the score value corresponding to the current network security state according to the score deduction value is as follows:
N=100—A—B
and N is the score value, A is the deduction value corresponding to the safety event, and B is the deduction value corresponding to the risk hidden danger.
The scoring value corresponding to the current network security state of the user can be simply and conveniently calculated through the formula, and then the corresponding network security state grade can be quickly found.
It should be noted that, the method provided by the second embodiment of the present invention, which implements the same principle and produces some technical effects as the first embodiment, can refer to the corresponding contents in the first embodiment for the sake of brief description, where this embodiment is not mentioned.
In summary, the network security state assessment method in the embodiments of the present invention can calculate the corresponding score value according to the comprehensive assessment parameters, and obtain the corresponding network security state level, so that the assessment result is comprehensive, the problems that the network security state assessment is not comprehensive enough and the assessment result is not accurate enough are solved, the accuracy of the assessment result is improved, a high reference value can be provided for the user, and the user experience of the user is greatly improved.
Referring to fig. 3, a network security state evaluation system according to a third embodiment of the present invention is shown, and the network security state evaluation system specifically includes:
an obtaining module 12, configured to obtain an evaluation parameter in a current network environment of a user;
the calculation module 22 is configured to calculate a score value corresponding to each preset score index according to a preset evaluation model and the evaluation parameter;
and the evaluation module 32 is configured to calculate a score value corresponding to the current network security state according to the score value, and find out a corresponding network security state level in a preset network state evaluation table according to the score value.
In some embodiments, the obtaining module 12 in the network security status evaluation system is specifically configured to:
acquiring an information standing book in the current network environment of a user;
and counting the evaluation parameters according to the information ledger, wherein the evaluation parameters comprise the total number of the service systems, the total number of the servers, the total number of the safety events finished for processing and the total number of the risk hidden dangers finished without processing.
In some embodiments, the preset deduction index in the network security state evaluation system includes a security event;
if the preset deduction index is the security event, the calculating module 22 is specifically configured to:
determining an event grade corresponding to a current safety event in a preset first division list so as to determine a first deduction standard value corresponding to the current safety event;
and calculating the deduction value corresponding to the current safety event according to the first deduction standard value and a first deduction coefficient corresponding to the type of the safety event.
In some embodiments, the preset deduction index in the network security state assessment system includes a risk;
if the preset deduction index is the risk, the calculating module 22 is specifically configured to:
determining a hidden danger grade corresponding to the current hidden danger in a preset second division list so as to determine a second deduction standard value corresponding to the current hidden danger;
and calculating a deduction value corresponding to the current risk hidden danger according to the second deduction standard value and a second deduction coefficient corresponding to the risk hidden danger type.
In some embodiments, the evaluation module 32 in the network security status evaluation system is specifically configured to:
the formula for calculating the score value corresponding to the current network security state according to the score deduction value is as follows:
N=100—A—B
and N is the score value, A is the deduction value corresponding to the safety event, and B is the deduction value corresponding to the risk hidden danger.
A fourth embodiment of the present invention provides a computer, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor executes the computer program to implement the network security state assessment method according to the first embodiment or the second embodiment.
A fifth embodiment of the present invention provides a readable storage medium, on which a computer program is stored, which when executed by a processor, implements the network security status evaluation method provided in the first or second embodiment described above.
In summary, the network security state assessment method, the network security state assessment system, the computer and the readable storage medium in the embodiments of the present invention can calculate the corresponding score value according to the comprehensive assessment parameter, and obtain the corresponding network security state level, the assessment result is comprehensive, a high reference value can be provided for the user, and the user experience of the user is greatly improved.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
In addition, the network security state evaluation method provided by the embodiment of the present application described in conjunction with fig. 1 may be implemented by the computer device provided by the fourth embodiment. Fig. 4 is a schematic hardware structure diagram of a computer device according to a fourth embodiment of the present application.
The computer device may execute the network security state evaluation method in the embodiment of the present application based on the acquired readable storage medium, thereby implementing the network security state evaluation method described in conjunction with fig. 1.
In addition, in combination with the network security state evaluation method in the foregoing embodiments, the embodiments of the present application may provide a computer-readable storage medium to implement. The computer readable storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement any of the above described embodiments of the network security state assessment method.
The memory may be used to store software programs and modules, and the processor may execute various functional applications and data processing of the mobile terminal by operating the software programs and modules stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the mobile terminal, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
Further, the memory may include mass storage for data or instructions. By way of example, and not limitation, memory may include a Hard Disk Drive (Hard Disk Drive, abbreviated to HDD), a floppy Disk Drive, a Solid State Drive (SSD), flash memory, an optical Disk, a magneto-optical Disk, tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. The memory may include removable or non-removable (or fixed) media, where appropriate. The memory may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory is a Non-Volatile (Non-Volatile) memory. In particular embodiments, the Memory includes Read-Only Memory (ROM) and Random Access Memory (RAM). The ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), Electrically rewritable ROM (EAROM), or FLASH Memory (FLASH), or a combination of two or more of these, where appropriate. The RAM may be a Static Random-Access Memory (SRAM) or a Dynamic Random-Access Memory (DRAM), where the DRAM may be a Fast Page Mode Dynamic Random-Access Memory (FPMDRAM), an Extended data output Dynamic Random-Access Memory (EDODRAM), a Synchronous Dynamic Random-Access Memory (SDRAM), and the like.
And the memory may be used to store or cache various data files for processing and/or communication purposes, as well as possibly computer program instructions for execution by the processor.
Further, the processor reads and executes the computer program instructions stored in the memory to implement the network intrusion prevention method provided in the first embodiment or the second embodiment.
In addition, the input unit may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the mobile terminal. Specifically, the input unit may include a touch panel and other input devices. The touch panel, also called a touch screen, may collect touch operations of a user (for example, operations of the user on or near the touch panel using any suitable object or accessory such as a finger, a stylus, etc.) and drive the corresponding connection device according to a preset program. Alternatively, the touch panel may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor, and can receive and execute commands sent by the processor. In addition, the touch panel may be implemented in various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit may include other input devices in addition to the touch panel. In particular, other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit may be used to display information input by a user or information provided to the user and various menus of the mobile terminal. The Display unit may include a Display panel, and optionally, the Display panel may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel may cover the display panel, and when the touch panel detects a touch operation thereon or nearby, the touch panel transmits the touch operation to the processor to determine the type of the touch event, and then the processor provides a corresponding visual output on the display panel according to the type of the touch event. Although the touch panel and the display panel are two separate components to implement the input and output functions of the mobile terminal, in some embodiments, the touch panel and the display panel may be integrated to implement the input and output functions of the mobile terminal.
The processor is a control center of the mobile terminal, connects various parts of the whole mobile terminal by various interfaces and lines, and executes various functions and processes data of the mobile terminal by running or executing software programs and/or modules stored in the memory and calling the data stored in the memory, thereby performing overall monitoring on the mobile terminal. Alternatively, the processor may include one or more processing units; preferably, the processor may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor.
In particular, the processor may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
The communication interface is used for realizing communication among modules, devices, units and/or equipment in the embodiment of the application. The communication interface may also be implemented with other components such as: the data communication is carried out among external equipment, image/data acquisition equipment, a database, external storage, an image/data processing workstation and the like.
A bus comprises hardware, software, or both that couple the components to each other. Buses include, but are not limited to, at least one of the following: data Bus (Data Bus), Address Bus (Address Bus), Control Bus (Control Bus), Expansion Bus (Expansion Bus), and Local Bus (Local Bus). By way of example, and not limitation, a Bus may include an Accelerated Graphics Port (AGP) or other Graphics Bus, an Enhanced Industry Standard Architecture (EISA) Bus, a Front-Side Bus (FSB), a Hyper Transport (HT) Interconnect, an ISA (ISA) Bus, an InfiniBand (InfiniBand) Interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a microchannel Architecture (MCA) Bus, a PCI-Express (PCI-X) Bus, a Serial Advanced Technology Attachment (SATA) Bus, abbreviated VLB) bus or other suitable bus or a combination of two or more of these. A bus may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method for evaluating network security status, the method comprising:
obtaining evaluation parameters in the current network environment of a user;
calculating a deduction value corresponding to each preset deduction index according to a preset evaluation model and the evaluation parameter;
and calculating a score value corresponding to the current network security state according to the score value, and searching a corresponding network security state grade in a preset network state evaluation table according to the score value.
2. The network security state evaluation method according to claim 1, wherein: the step of obtaining the evaluation parameters in the current network environment of the user comprises the following steps:
acquiring an information standing book in the current network environment of a user;
and counting the evaluation parameters according to the information ledger, wherein the evaluation parameters comprise the total number of the service systems, the total number of the servers, the total number of the unprocessed safety events and the total number of the unprocessed risk hazards.
3. The network security state evaluation method according to claim 1, wherein: the preset deduction index comprises a safety event;
the step of calculating the deduction value corresponding to the safety event according to a preset evaluation model and the evaluation parameters comprises the following steps:
determining an event grade corresponding to a current safety event in a preset first division list so as to determine a first deduction standard value corresponding to the current safety event;
and calculating the deduction value corresponding to the current safety event according to the first deduction standard value and a first deduction coefficient corresponding to the type of the safety event.
4. The network security state evaluation method according to claim 1, wherein: the preset deduction indexes comprise risk hidden dangers;
the step of calculating the deduction value corresponding to the risk potential according to a preset evaluation model and the evaluation parameters comprises the following steps:
determining a hidden danger grade corresponding to the current hidden danger in a preset second division list so as to determine a second deduction standard value corresponding to the current hidden danger;
and calculating a deduction value corresponding to the current risk hidden danger according to the second deduction standard value and a second deduction coefficient corresponding to the risk hidden danger type.
5. The network security state evaluation method according to claim 1, wherein: the step of calculating the score value corresponding to the current network security state according to the score value and finding the corresponding network security state grade in a preset network state evaluation table according to the score value comprises the following steps:
and calculating the score value corresponding to the current network security state according to the score deduction value by using a formula as follows:
N=100—A—B
and N is the score value, A is the deduction value corresponding to the safety event, and B is the deduction value corresponding to the risk hidden danger.
6. A network security state assessment system, the system comprising:
the acquisition module is used for acquiring the evaluation parameters in the current network environment of the user;
the calculation module is used for calculating a deduction value corresponding to each preset deduction index according to a preset evaluation model and the evaluation parameters;
and the evaluation module is used for calculating a score value corresponding to the current network security state according to the score value and finding out the corresponding network security state grade in a preset network state evaluation table according to the score value.
7. The network security state evaluation system of claim 6, wherein: the acquisition module is specifically configured to:
acquiring an information standing book in the current network environment of a user;
and counting the evaluation parameters according to the information ledger, wherein the evaluation parameters comprise the total number of the service systems, the total number of the servers, the total number of the safety events finished for processing and the total number of the risk hidden dangers finished without processing.
8. The network security state evaluation system of claim 6, wherein: the preset deduction index comprises a safety event;
if the preset deduction index is the safety event, the calculation module is specifically configured to:
determining an event grade corresponding to a current safety event in a preset first division list so as to determine a first deduction standard value corresponding to the current safety event;
and calculating the deduction value corresponding to the current safety event according to the first deduction standard value and a first deduction coefficient corresponding to the type of the safety event.
9. A computer comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the network security status assessment method according to any one of claims 1 to 5 when executing the computer program.
10. A readable storage medium on which a computer program is stored, the program, when executed by a processor, implementing the network security status assessment method according to any one of claims 1 to 5.
CN202111581717.6A 2021-12-22 2021-12-22 Network security state evaluation method, system, computer and readable storage medium Pending CN114386779A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111581717.6A CN114386779A (en) 2021-12-22 2021-12-22 Network security state evaluation method, system, computer and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111581717.6A CN114386779A (en) 2021-12-22 2021-12-22 Network security state evaluation method, system, computer and readable storage medium

Publications (1)

Publication Number Publication Date
CN114386779A true CN114386779A (en) 2022-04-22

Family

ID=81197324

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111581717.6A Pending CN114386779A (en) 2021-12-22 2021-12-22 Network security state evaluation method, system, computer and readable storage medium

Country Status (1)

Country Link
CN (1) CN114386779A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023246185A1 (en) * 2022-06-20 2023-12-28 东方电气集团东方电机有限公司 Evaluation method and apparatus, electronic device, and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023246185A1 (en) * 2022-06-20 2023-12-28 东方电气集团东方电机有限公司 Evaluation method and apparatus, electronic device, and storage medium

Similar Documents

Publication Publication Date Title
CN108092975A (en) Recognition methods, system, storage medium and the electronic equipment of abnormal login
US10102379B1 (en) Real-time evaluation of impact- and state-of-compromise due to vulnerabilities described in enterprise threat detection security notes
CN109327439B (en) Risk identification method and device for service request data, storage medium and equipment
KR20150084123A (en) Apparatus and method for detecting abnormal behavior
CN106685899B (en) Method and device for identifying malicious access
EP3789896A1 (en) Method and system for managing security vulnerability in host system using artificial neural network
CN110198313A (en) A kind of method and device of strategy generating
CN110572409A (en) Industrial Internet security risk prediction method, device, equipment and storage medium
US20230050771A1 (en) Method for determining risk level of instance on cloud server, and electronic device
CN109714346B (en) Searching and killing method and device for back door files
EP3178191A1 (en) Mitigating risk of account enumeration
CN111786974A (en) Network security assessment method and device, computer equipment and storage medium
CN109815697B (en) Method and device for processing false alarm behavior
CN108229176A (en) A kind of method and device of determining Web applications protection effect
US9619372B2 (en) Method and system for hybrid testing
CN114386779A (en) Network security state evaluation method, system, computer and readable storage medium
CN112784281A (en) Safety assessment method, device, equipment and storage medium for industrial internet
CN105959294A (en) Malicious domain name identification method and device
CN107135199B (en) Method and device for detecting webpage backdoor
CN115688133A (en) Data processing method, device, equipment and storage medium
CN113791837B (en) Page processing method, device, equipment and storage medium
KR20140070358A (en) Method, system and computer-readable recording medium for collecting clinical test data of high effectiveness
CN111131166B (en) User behavior prejudging method and related equipment
WO2024021908A1 (en) Door lock security assessment method and related device
CN113127878A (en) Risk assessment method and device for threat event

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination