CN114598502A - Attack path risk detection method, electronic device and readable storage medium - Google Patents

Attack path risk detection method, electronic device and readable storage medium Download PDF

Info

Publication number
CN114598502A
CN114598502A CN202210141537.4A CN202210141537A CN114598502A CN 114598502 A CN114598502 A CN 114598502A CN 202210141537 A CN202210141537 A CN 202210141537A CN 114598502 A CN114598502 A CN 114598502A
Authority
CN
China
Prior art keywords
risk
path
attack path
attack
network device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210141537.4A
Other languages
Chinese (zh)
Inventor
李石刚
刘明峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Rongan Networks Technology Co ltd
Original Assignee
Shenzhen Rongan Networks Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Rongan Networks Technology Co ltd filed Critical Shenzhen Rongan Networks Technology Co ltd
Priority to CN202210141537.4A priority Critical patent/CN114598502A/en
Publication of CN114598502A publication Critical patent/CN114598502A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种攻击路径风险检测方法、电子设备及可读存储介质,所述攻击路径风险检测方法包括以下步骤:获取各个网络设备之间的拓扑关系;根据所述拓扑关系确定目标网络设备对应的攻击路径;确定所述目标网络设备所在攻击路径上的相关网络设备;获取所述相关网络设备及所述目标网络设备的属性信息,并根据所述属性信息确定所述目标网络设备及所述相关网络设备的安全评分;根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径。本发明根据网络设备的属性信息确定安全评分,并根据所述安全评分确定每个攻击路径的风险值,从而确定风险路径,达到在攻击发生前找到风险路径的目的。

Figure 202210141537

The invention discloses an attack path risk detection method, an electronic device and a readable storage medium. The attack path risk detection method comprises the following steps: acquiring a topology relationship between various network devices; determining a target network device according to the topology relationship Corresponding attack path; determine the relevant network equipment on the attack path where the target network equipment is located; obtain attribute information of the relevant network equipment and the target network equipment, and determine the target network equipment and all relevant network equipment according to the attribute information The security score of the relevant network device; according to the security score of the target network device and the relevant network device on each attack path, a risk path is determined in each attack path. The present invention determines the security score according to the attribute information of the network equipment, and determines the risk value of each attack path according to the security score, thereby determining the risk path and achieving the purpose of finding the risk path before the attack occurs.

Figure 202210141537

Description

攻击路径风险检测方法、电子设备及可读存储介质Attack path risk detection method, electronic device and readable storage medium

技术领域technical field

本发明涉及网络安全领域,尤其涉及一种攻击路径风险检测方法、电子设备及可读存储介质。The present invention relates to the field of network security, and in particular, to an attack path risk detection method, an electronic device and a readable storage medium.

背景技术Background technique

网络安全越来越被重视,相关的网络安全技术和设备也越来越多。为了增强网络安全,通常在局域网中加入一些安全设备,但还是容易被黑客攻破。大部分的技术和设备都是在被攻击后去溯源,或者是在被攻击时进行拦截,没有在攻击发生之前发现网络中可能存在的风险路径。More and more attention is paid to network security, and there are more and more related network security technologies and devices. In order to enhance network security, some security devices are usually added to the local area network, but they are still easily broken by hackers. Most technologies and devices trace the source after being attacked, or intercept when attacked, without discovering the possible risk paths in the network before the attack occurs.

上述内容仅用于辅助理解本发明的技术方案,并不代表承认上述内容是现有技术。The above content is only used to assist the understanding of the technical solutions of the present invention, and does not mean that the above content is the prior art.

发明内容SUMMARY OF THE INVENTION

本发明的主要目的在于提供一种攻击路径风险检测方法,旨在根据网络设备的属性信息进行安全评分,并根据所述安全评分找到可能存在的风险路径,达到在攻击发生前找到风险路径的目的。The main purpose of the present invention is to provide an attack path risk detection method, which aims to perform a security score according to the attribute information of network equipment, and find possible risk paths according to the security score, so as to achieve the purpose of finding risk paths before an attack occurs. .

为实现上述目的,本发明提供一种攻击路径风险检测方法,所述攻击路径风险检测方法包括以下步骤:In order to achieve the above object, the present invention provides a method for detecting an attack path risk. The method for detecting an attack path risk includes the following steps:

获取各个网络设备之间的拓扑关系;Obtain the topology relationship between various network devices;

根据所述拓扑关系确定目标网络设备对应的攻击路径;Determine the attack path corresponding to the target network device according to the topological relationship;

确定所述目标网络设备所在攻击路径上的相关网络设备;Determine the relevant network devices on the attack path where the target network device is located;

获取所述相关网络设备及所述目标网络设备的属性信息,并根据所述属性信息确定所述目标网络设备及所述相关网络设备的安全评分,其中,所述属性信息包括设备功能、设备版本、设备型号以及设备已安装的应用;Obtain attribute information of the relevant network device and the target network device, and determine the security score of the target network device and the relevant network device according to the attribute information, wherein the attribute information includes device function, device version , the device model, and the apps installed on the device;

根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径。A risk path is determined in each attack path according to the security scores of the target network device and the related network device on each attack path.

进一步地,所述根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径的步骤包括:Further, the step of determining a risk path in each attack path according to the security score of the target network device and the related network device on each attack path includes:

根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,获取每个所述攻击路径的风险值;Obtain the risk value of each attack path according to the security score of the target network device and the related network device on each attack path;

根据所述风险值确定所述风险路径。The risk path is determined according to the risk value.

进一步地,所述根据所述风险值确定所述风险路径的步骤包括:Further, the step of determining the risk path according to the risk value includes:

获取风险值最小或者风险值小于预设阈值的攻击路径;Obtain the attack path with the smallest risk value or the risk value less than the preset threshold;

根据风险值最小或者风险值小于预设阈值的攻击路径确定所述风险路径。The risk path is determined according to an attack path with a minimum risk value or a risk value smaller than a preset threshold.

进一步地,所述根据风险值最小或者风险值小于预设阈值的攻击路径确定所述风险路径的步骤包括:Further, the step of determining the risk path according to the attack path with the smallest risk value or the risk value less than a preset threshold includes:

当风险值最小或者风险值小于预设阈值的攻击路径的数量为至少两个时,根据风险值最小或者风险值小于预设阈值的攻击路径上的网络设备数量确定风险路径;When the number of attack paths with the minimum risk value or the risk value less than the preset threshold is at least two, determine the risk path according to the number of network devices on the attack path with the minimum risk value or the risk value less than the preset threshold;

当风险值最小或者风险值小于预设阈值的攻击路径的数量为单个时,将风险值最小或者风险值小于预设阈值的攻击路径作为所述风险路径。When the number of attack paths with the smallest risk value or the risk value smaller than the preset threshold is single, the attack path with the smallest risk value or the risk value smaller than the preset threshold is used as the risk path.

进一步地,所述根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,获取每个所述攻击路径的风险值的步骤包括:Further, the step of obtaining the risk value of each attack path according to the security score of the target network device and the relevant network device on each attack path includes:

根据同一所述攻击路径中的所述目标网路设备以及所述相关网络设备的安全评分确定所述攻击路径的总分值;Determine the total score value of the attack path according to the security scores of the target network device and the related network device in the same attack path;

根据所述总分值以及所述攻击路径上的设备数量确定所述攻击路径的风险值。The risk value of the attack path is determined according to the total score and the number of devices on the attack path.

进一步地,所述根据所述总分值以及所述攻击路径上的设备数量确定所述攻击路径的风险值的步骤包括:Further, the step of determining the risk value of the attack path according to the total score and the number of devices on the attack path includes:

将每个所述攻击路径的所述总分值除以所述攻击路径上的设备数量,得到所述攻击路径对应的平均分值;Divide the total score of each attack path by the number of devices on the attack path to obtain the average score corresponding to the attack path;

根据所述平均分值确定所述风险值。The risk value is determined based on the average score.

进一步地,所述根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径的步骤之后,还包括:Further, after the step of determining a risk path in each attack path according to the security score of the target network device and the related network device on each attack path, the method further includes:

在所述拓扑关系对应的拓扑图中突出显示所述风险路径。The risk path is highlighted in the topology map corresponding to the topology relationship.

此外,为了实现上述目的,本发明提供一种电子设备,所述电子设备包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的攻击路径风险检测程序,所述攻击路径风险检测程序被所述处理器执行时实现上述任一项所述的攻击路径风险检测方法的步骤。In addition, in order to achieve the above object, the present invention provides an electronic device, the electronic device includes a memory, a processor, and an attack path risk detection program stored on the memory and executable on the processor, the attack path risk detection program When the path risk detection program is executed by the processor, the steps of any one of the attack path risk detection methods described above are implemented.

此外,为了实现上述目的,本发明提供一种可读存储介质,所述可读存储介质上存储有攻击路径风险检测程序,所述攻击路径风险检测程序被处理器执行时实现上述任一项所述的攻击路径风险检测方法的步骤。In addition, in order to achieve the above object, the present invention provides a readable storage medium, on which an attack path risk detection program is stored, and when the attack path risk detection program is executed by a processor, any of the above-mentioned items are implemented. The steps of the attack path risk detection method described above.

本发明的技术方案中,获取各个网络设备之间的拓扑关系;根据所述拓扑关系确定目标网络设备对应的攻击路径;确定所述目标网络设备所在攻击路径上的相关网络设备;获取所述相关网络设备及所述目标网络设备的属性信息,并根据所述属性信息确定所述目标网络设备及所述相关网络设备的安全评分,其中,所述属性信息包括设备功能、设备版本、设备型号以及设备已安装的应用;根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径。如此,本发明根据目标网络设备以及相关网络设备的属性信息确定目标网络设备以及相关网络设备的安全评分,根据所述安全评分以及攻击路径上的网络设备数量确定每个攻击路径的风险值,根据所述风险值确定风险路径,达到在攻击发生前找到风险路径的目的。In the technical scheme of the present invention, the topology relationship between each network device is obtained; the attack path corresponding to the target network device is determined according to the topology relationship; the relevant network devices on the attack path where the target network device is located are determined; attribute information of the network device and the target network device, and determine the security score of the target network device and the related network device according to the attribute information, wherein the attribute information includes device function, device version, device model and The application installed on the device; according to the security score of the target network device and the related network device on each attack path, determine the risk path in each attack path. In this way, the present invention determines the security score of the target network device and the related network device according to the attribute information of the target network device and the related network device, and determines the risk value of each attack path according to the security score and the number of network devices on the attack path. The risk value determines the risk path, so as to achieve the purpose of finding the risk path before the attack occurs.

附图说明Description of drawings

图1是本发明实施例方案涉及的硬件运行环境的装置结构示意图;1 is a schematic diagram of a device structure of a hardware operating environment involved in an embodiment of the present invention;

图2为本发明攻击路径风险检测方法一实施例的流程示意图;FIG. 2 is a schematic flowchart of an embodiment of an attack path risk detection method according to the present invention;

图3为本发明攻击路径风险检测方法中步骤S500的细化流程示意图;FIG. 3 is a schematic flow chart of the refinement of step S500 in the attack path risk detection method of the present invention;

图4为本发明攻击路径风险检测方法中步骤S520的细化流程示意图;FIG. 4 is a schematic flow chart of the refinement of step S520 in the attack path risk detection method of the present invention;

图5为本发明攻击路径风险检测方法中步骤S510的细化流程示意图。FIG. 5 is a schematic diagram of a refinement flow of step S510 in the attack path risk detection method of the present invention.

本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization, functional characteristics and advantages of the present invention will be further described with reference to the accompanying drawings in conjunction with the embodiments.

具体实施方式Detailed ways

应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

本发明的主要技术方案是:The main technical scheme of the present invention is:

获取各个网络设备之间的拓扑关系;Obtain the topology relationship between various network devices;

根据所述拓扑关系确定目标网络设备对应的攻击路径;Determine the attack path corresponding to the target network device according to the topological relationship;

确定所述目标网络设备所在攻击路径上的相关网络设备;Determine the relevant network devices on the attack path where the target network device is located;

获取所述相关网络设备及所述目标网络设备的属性信息,并根据所述属性信息确定所述目标网络设备及所述相关网络设备的安全评分,其中,所述属性信息包括设备功能、设备版本、设备型号以及设备已安装的应用;Obtain attribute information of the relevant network device and the target network device, and determine the security score of the target network device and the relevant network device according to the attribute information, wherein the attribute information includes device function, device version , the device model, and the apps installed on the device;

根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径。A risk path is determined in each attack path according to the security scores of the target network device and the related network device on each attack path.

在相关技术中,大部分的技术和设备都是在被攻击后去溯源,或者是在被攻击时进行拦截,没有在攻击发生之前发现网络中可能存在的风险路径。In related technologies, most technologies and devices trace the source after being attacked, or intercept when attacked, and do not discover possible risk paths in the network before the attack occurs.

本发明的技术方案中,获取各个网络设备之间的拓扑关系;根据所述拓扑关系确定目标网络设备对应的攻击路径;确定所述目标网络设备所在攻击路径上的相关网络设备;获取所述相关网络设备及所述目标网络设备的属性信息,并根据所述属性信息确定所述目标网络设备及所述相关网络设备的安全评分,其中,所述属性信息包括设备功能、设备版本、设备型号以及设备已安装的应用;根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径。如此,本发明根据目标网络设备以及相关网络设备的属性信息确定目标网络设备以及相关网络设备的安全评分,根据所述安全评分以及攻击路径上的网络设备数量确定每个攻击路径的风险值,根据所述风险值确定风险路径,达到在攻击发生前找到风险路径的目的。In the technical scheme of the present invention, the topology relationship between each network device is obtained; the attack path corresponding to the target network device is determined according to the topology relationship; the relevant network devices on the attack path where the target network device is located are determined; attribute information of the network device and the target network device, and determine the security score of the target network device and the related network device according to the attribute information, wherein the attribute information includes device function, device version, device model and The application installed on the device; according to the security score of the target network device and the related network device on each attack path, determine the risk path in each attack path. In this way, the present invention determines the security score of the target network device and the related network device according to the attribute information of the target network device and the related network device, and determines the risk value of each attack path according to the security score and the number of network devices on the attack path. The risk value determines the risk path, so as to achieve the purpose of finding the risk path before the attack occurs.

如图1所示,图1是本发明实施例方案涉及的终端的硬件运行环境示意图。As shown in FIG. 1 , FIG. 1 is a schematic diagram of a hardware operating environment of a terminal involved in an embodiment of the present invention.

如图1所示,该终端可以包括:处理器1001,例如CPU,网络接口1004,用户接口1003,存储器1005,通信总线1002。其中,通信总线1002用于实现这些组件之间的连接通信。用户接口1003可以包括触摸屏和/或按键等,可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如存储器(non-vol at i l ememory),例如磁盘存储器。存储器1005可选的还可以是独立于前述处理器1001的存储装置。As shown in FIG. 1 , the terminal may include: a processor 1001 , such as a CPU, a network interface 1004 , a user interface 1003 , a memory 1005 , and a communication bus 1002 . Among them, the communication bus 1002 is used to realize the connection and communication between these components. The user interface 1003 may include a touch screen and/or keys, etc., and the optional user interface 1003 may also include a standard wired interface and a wireless interface. Optionally, the network interface 1004 may include a standard wired interface, a wireless interface (eg, non-vol at i l e memory), such as a disk storage. Optionally, the memory 1005 may also be a storage device independent of the aforementioned processor 1001 .

本领域技术人员可以理解,图1中示出的终端的结构并不构成对终端的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art can understand that the structure of the terminal shown in FIG. 1 does not constitute a limitation on the terminal, and may include more or less components than the one shown, or combine some components, or arrange different components.

如图1所示,作为一种计算机存储介质的存储器1005中可以包括操作系统、网络通信模块、用户接口模块以及攻击路径风险检测程序。As shown in FIG. 1 , the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module, and an attack path risk detection program.

在图1所示的终端中,网络接口1004主要用于连接后台服务器,与后台服务器进行数据通信;用户接口1003主要用于连接客户端(用户端),与客户端进行数据通信;而处理器1001可以用于调用存储器1005中存储的攻击路径风险检测程序,并执行以下操作:In the terminal shown in FIG. 1 , the network interface 1004 is mainly used to connect to the background server and perform data communication with the background server; the user interface 1003 is mainly used to connect to the client (client) and perform data communication with the client; and the processor 1001 can be used to invoke the attack path risk detection program stored in memory 1005 and perform the following operations:

获取各个网络设备之间的拓扑关系;Obtain the topology relationship between various network devices;

根据所述拓扑关系确定目标网络设备对应的攻击路径;Determine the attack path corresponding to the target network device according to the topological relationship;

确定所述目标网络设备所在攻击路径上的相关网络设备;Determine the relevant network devices on the attack path where the target network device is located;

获取所述相关网络设备及所述目标网络设备的属性信息,并根据所述属性信息确定所述目标网络设备及所述相关网络设备的安全评分,其中,所述属性信息包括设备功能、设备版本、设备型号以及设备已安装的应用;Obtain attribute information of the relevant network device and the target network device, and determine the security score of the target network device and the relevant network device according to the attribute information, wherein the attribute information includes device function, device version , the device model, and the apps installed on the device;

根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径。A risk path is determined in each attack path according to the security scores of the target network device and the related network device on each attack path.

进一步地,处理器1001可以调用存储器1005中存储的攻击路径风险检测程序,还执行以下操作:Further, the processor 1001 can call the attack path risk detection program stored in the memory 1005, and also perform the following operations:

根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,获取每个所述攻击路径的风险值;Obtain the risk value of each attack path according to the security score of the target network device and the related network device on each attack path;

根据所述风险值确定所述风险路径。The risk path is determined according to the risk value.

进一步地,处理器1001可以调用存储器1005中存储的攻击路径风险检测程序,还执行以下操作:Further, the processor 1001 can call the attack path risk detection program stored in the memory 1005, and also perform the following operations:

获取风险值最小或者风险值小于预设阈值的攻击路径;Obtain the attack path with the smallest risk value or the risk value less than the preset threshold;

根据风险值最小或者风险值小于预设阈值的攻击路径确定所述风险路径。进一步地,处理器1001可以调用存储器1005中存储的攻击路径风险检测程序,还执行以下操作:The risk path is determined according to an attack path with a minimum risk value or a risk value smaller than a preset threshold. Further, the processor 1001 can call the attack path risk detection program stored in the memory 1005, and also perform the following operations:

当风险值最小或者风险值小于预设阈值的攻击路径的数量为至少两个时,根据风险值最小或者风险值小于预设阈值的攻击路径上的网络设备数量确定风险路径;When the number of attack paths with the minimum risk value or the risk value less than the preset threshold is at least two, determine the risk path according to the number of network devices on the attack path with the minimum risk value or the risk value less than the preset threshold;

当风险值最小或者风险值小于预设阈值的攻击路径的数量为单个时,将风险值最小或者风险值小于预设阈值的攻击路径作为所述风险路径。When the number of attack paths with the smallest risk value or the risk value smaller than the preset threshold is single, the attack path with the smallest risk value or the risk value smaller than the preset threshold is used as the risk path.

进一步地,处理器1001可以调用存储器1005中存储的攻击路径风险检测程序,还执行以下操作:Further, the processor 1001 can call the attack path risk detection program stored in the memory 1005, and also perform the following operations:

根据同一所述攻击路径中的所述目标网路设备以及所述相关网络设备的安全评分确定所述攻击路径的总分值;Determine the total score value of the attack path according to the security scores of the target network device and the related network device in the same attack path;

根据所述总分值以及所述攻击路径上的设备数量确定所述攻击路径的风险值。The risk value of the attack path is determined according to the total score and the number of devices on the attack path.

进一步地,处理器1001可以调用存储器1005中存储的攻击路径风险检测程序,还执行以下操作:Further, the processor 1001 can call the attack path risk detection program stored in the memory 1005, and also perform the following operations:

将每个所述攻击路径的所述总分值除以所述攻击路径上的设备数量,得到所述攻击路径对应的平均分值;Divide the total score of each attack path by the number of devices on the attack path to obtain the average score corresponding to the attack path;

根据所述平均分值确定所述风险值。The risk value is determined based on the average score.

进一步地,处理器1001可以调用存储器1005中存储的攻击路径风险检测程序,还执行以下操作:Further, the processor 1001 can call the attack path risk detection program stored in the memory 1005, and also perform the following operations:

在所述拓扑关系对应的拓扑图中突出显示所述风险路径。The risk path is highlighted in the topology map corresponding to the topology relationship.

如图2所示,在本发明一实施例中,所述攻击路径风险检测方法包括以下步骤:As shown in FIG. 2, in an embodiment of the present invention, the attack path risk detection method includes the following steps:

步骤S100,获取各个网络设备之间的拓扑关系;Step S100, obtaining the topology relationship between each network device;

在本实施例中,通过手动设置或者对所有设备进行扫描,从而确定各个网络设备之间的拓扑关系。根据各个网络设备之间的拓扑关系绘制对应的拓扑图。In this embodiment, the topology relationship between each network device is determined by manually setting or scanning all devices. A corresponding topology map is drawn according to the topology relationship between each network device.

步骤S200,根据所述拓扑关系确定目标网络设备对应的攻击路径;Step S200, determining an attack path corresponding to the target network device according to the topology relationship;

在本实施例中,确定目标网络设备后,通过深度遍历根据各个网络设备之间的拓扑关系,找到所述目标网络设备的所有攻击路径。In this embodiment, after the target network device is determined, all attack paths of the target network device are found through in-depth traversal according to the topology relationship between each network device.

步骤S300,确定所述目标网络设备所在攻击路径上的相关网络设备;Step S300, determining the relevant network devices on the attack path where the target network device is located;

在本实施例中,所述攻击路径上的设备包括目标网络设备以及相关网络设备,由于确定攻击路径对应的风险值时需要确定各个攻击路径上的所有设备的安全评分,故在确定目标网络设备的所有攻击路径后,需要确定每个攻击路径上除目标网络设备外的相关网络设备。In this embodiment, the devices on the attack path include the target network device and related network devices. Since the risk value corresponding to the attack path needs to be determined, the security scores of all devices on each attack path need to be determined. Therefore, when determining the target network device After all attack paths have been identified, related network devices other than the target network device on each attack path need to be determined.

步骤S400,获取所述相关网络设备及所述目标网络设备的属性信息,并根据所述属性信息确定所述目标网络设备及所述相关网络设备的安全评分,其中,所述属性信息包括设备功能、设备版本、设备型号以及设备已安装的应用;Step S400: Obtain attribute information of the relevant network device and the target network device, and determine the security score of the target network device and the relevant network device according to the attribute information, wherein the attribute information includes device functions , device version, device model, and installed apps on the device;

在本实施例中,在确定各个攻击路径上的网络设备,即目标网络设备与相关网络设备后,获取所述目标网络设备以及所述相关网络设备的属性信息,其中,可通过获取用户在预设界面输入的信息得到所述属性信息,也可以通过扫描各个网络设备从而确定所述属性信息。所述属性信息包括设备功能、设备版本、设备型号以及设备已安装的应用。通过所述属性信息,根据预设计算方式确定所述目标网络设备以及所述相关网络设备的安全评分,所述安全评分越高,对应的网络设备越安全,不易被攻破。In this embodiment, after determining the network devices on each attack path, that is, the target network device and the related network device, the attribute information of the target network device and the related network device is obtained. It is assumed that the attribute information is obtained from the information input in the interface, and the attribute information can also be determined by scanning each network device. The attribute information includes device function, device version, device model, and installed applications of the device. Through the attribute information, the security score of the target network device and the related network device is determined according to a preset calculation method. The higher the security score is, the more secure the corresponding network device is and is not easily broken.

步骤S500,根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径。Step S500: Determine a risk path in each attack path according to the security scores of the target network device and the related network device on each attack path.

在本实施例中,在确定每个所述攻击路径上的各个网络设备的安全评分后,将每个所述攻击路径上的目标网络设备以及所有相关网络设备的安全评分相加,得到每个攻击路径对应的总分值。确定每个所述攻击路径上的网络设备数量,包括目标网络设备以及相关网络设备。将每个所述攻击路径的总分值除以所述攻击路径上的网络设备数量,得到所述攻击路径对应的平均分值,作为所述攻击路径的风险值。确定风险值最小的攻击路径或者风险值小于预设阈值的的攻击路径,作为风险路径。当风险值最小或者风险值小于预设阈值的攻击路径的数量为至少两个,根据风险值最小或者风险值小于预设阈值的攻击路径上的网络设备数量确定风险路径。In this embodiment, after determining the security scores of each network device on each of the attack paths, the security scores of the target network devices and all related network devices on each of the attack paths are added to obtain each The total score corresponding to the attack path. Determine the number of network devices on each of the attack paths, including target network devices and related network devices. The total score of each attack path is divided by the number of network devices on the attack path to obtain an average score corresponding to the attack path, which is used as the risk value of the attack path. Determine the attack path with the smallest risk value or the attack path with the risk value less than the preset threshold as the risk path. When the number of attack paths with the minimum risk value or the risk value less than the preset threshold is at least two, the risk path is determined according to the number of network devices on the attack path with the minimum risk value or the risk value less than the preset threshold.

综上所述,本发明的技术方案中,获取各个网络设备之间的拓扑关系;根据所述拓扑关系确定目标网络设备对应的攻击路径;确定所述目标网络设备所在攻击路径上的相关网络设备;获取所述相关网络设备及所述目标网络设备的属性信息,并根据所述属性信息确定所述目标网络设备及所述相关网络设备的安全评分,其中,所述属性信息包括设备功能、设备版本、设备型号以及设备已安装的应用;根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径。如此,本发明根据目标网络设备以及相关网络设备的属性信息确定目标网络设备以及相关网络设备的安全评分,根据所述安全评分以及攻击路径上的网络设备数量确定每个攻击路径的风险值,根据所述风险值确定风险路径,达到在攻击发生前找到风险路径的目的。To sum up, in the technical solution of the present invention, the topology relationship between each network device is obtained; the attack path corresponding to the target network device is determined according to the topology relationship; the relevant network devices on the attack path where the target network device is located are determined ; Obtain the attribute information of the relevant network equipment and the target network equipment, and determine the security score of the target network equipment and the relevant network equipment according to the attribute information, wherein the attribute information includes device functions, equipment version, device model, and installed applications on the device; according to the security score of the target network device and the related network device on each attack path, determine the risk path in each attack path. In this way, the present invention determines the security score of the target network device and the related network device according to the attribute information of the target network device and the related network device, and determines the risk value of each attack path according to the security score and the number of network devices on the attack path. The risk value determines the risk path, so as to achieve the purpose of finding the risk path before the attack occurs.

如图3所示,在本发明一实施例中,所述步骤S500包括:As shown in FIG. 3, in an embodiment of the present invention, the step S500 includes:

步骤S510,根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,获取每个所述攻击路径的风险值;Step S510, obtaining the risk value of each attack path according to the security score of the target network device and the relevant network device on each attack path;

步骤S520,根据所述风险值确定所述风险路径。Step S520, determining the risk path according to the risk value.

在本实施例中,获取每个攻击路径上的目标网络设备及所述相关网络设备的安全评分后,将同一攻击路径上所有网络设备对应的安全评分进行相加,得到所述攻击路径的总分值。获取每个攻击路径上的网络设备数量,包括目标网络设备以及相关网络设备。将每个所述攻击路径的总分值除以对应的网络设备数量,得到平均分值,作为所述攻击路径的风险值,风险值越小,通过所述攻击路径对目标网络设备进行攻击的可能性越大。将所述目标网络设备的攻击路径中风险值最小或者风险值小于预设阈值的攻击路径作为风险路径。当风险值最小或者风险值小于预设阈值的攻击路径的数量为至少两个时,根据风险值最小或者风险值小于预设阈值的攻击路径上的网络设备数量确定风险路径。如此,通过获取目标网络设备的所有攻击路径中网络设备的安全评分,确定每个攻击路径对应的风险值,根据所述风险值确定风险路径,达到在攻击发生前找到风险路径的目的。In this embodiment, after obtaining the security scores of the target network device and the related network devices on each attack path, the security scores corresponding to all network devices on the same attack path are added to obtain the total score of the attack path. points. Get the number of network devices on each attack path, including target network devices and related network devices. Divide the total score of each of the attack paths by the corresponding number of network devices to obtain an average score, which is used as the risk value of the attack path. more likely. Among the attack paths of the target network device, the attack path with the smallest risk value or the risk value less than the preset threshold is used as the risk path. When the number of attack paths with the smallest risk value or the risk value less than the preset threshold is at least two, the risk path is determined according to the number of network devices on the attack path with the smallest risk value or the risk value less than the preset threshold. In this way, by obtaining the security scores of the network devices in all attack paths of the target network device, the risk value corresponding to each attack path is determined, and the risk path is determined according to the risk value, so as to find the risk path before the attack occurs.

如图4所示,在本发明一实施例中,所述步骤S520包括:As shown in FIG. 4 , in an embodiment of the present invention, the step S520 includes:

步骤S521,获取风险值最小或者风险值小于预设阈值的攻击路径;Step S521, acquiring the attack path with the smallest risk value or the risk value less than a preset threshold;

步骤S522,根据风险值最小或者风险值小于预设阈值的攻击路径确定所述风险路径。Step S522: Determine the risk path according to the attack path with the smallest risk value or the risk value is less than a preset threshold.

在本实施例中,当确定目标网络设备所有攻击路径的风险值后,根据所述风险值确定风险路径。将所有所述攻击路径的风险值进行比较,若有至少两个攻击路径的风险值最小或者小于预设阈值,则确定风险值最小或者小于预设阈值的各个所述攻击路径上的网络设备数量,将网络设备数量少的攻击路径作为风险路径;若仅有一个攻击路径是风险值最小或者小于预设阈值时,将风险值最小或者小于预设阈值的攻击路径作为风险路径。如此,通过比较目标网络设备对应的风险路径的风险值,达到在攻击发生前找到风险路径的目的。In this embodiment, after the risk values of all attack paths of the target network device are determined, the risk paths are determined according to the risk values. Compare the risk values of all the attack paths, and if the risk values of at least two attack paths are the smallest or less than the preset threshold, determine the number of network devices on each of the attack paths with the smallest risk or less than the preset threshold , take the attack path with a small number of network devices as the risk path; if there is only one attack path with the smallest risk value or less than the preset threshold, the attack path with the smallest risk value or less than the preset threshold is taken as the risk path. In this way, by comparing the risk value of the risk path corresponding to the target network device, the purpose of finding the risk path before the attack occurs is achieved.

进一步地,在本发明一实施例中,所述步骤S522包括:Further, in an embodiment of the present invention, the step S522 includes:

当风险值最小或者风险值小于预设阈值的攻击路径的数量为至少两个时,根据风险值最小或者风险值小于预设阈值的攻击路径上的网络设备数量确定风险路径;When the number of attack paths with the minimum risk value or the risk value less than the preset threshold is at least two, determine the risk path according to the number of network devices on the attack path with the minimum risk value or the risk value less than the preset threshold;

当风险值最小或者风险值小于预设阈值的攻击路径的数量为单个时,将风险值最小或者风险值小于预设阈值的攻击路径作为所述风险路径。When the number of attack paths with the smallest risk value or the risk value smaller than the preset threshold is single, the attack path with the smallest risk value or the risk value smaller than the preset threshold is used as the risk path.

在本实施例中,在比较目标网络设备的所有攻击路径的风险值后,确定风险值最小的攻击路径或者风险值小于预设阈值的攻击路径。当风险值最小的攻击路径或者风险值小于预设阈值的攻击路径的数量为单个时,将风险值最小的攻击路径或者风险值小于预设阈值的攻击路径作为风险路径;当风险值最小的攻击路径或者风险值小于预设阈值的攻击路径的数量为至少两个时,确定所述风险值对应的攻击路径,并确定所述攻击路径中的网络设备数量,包括目标网络设备以及相关网络设备,比较多个攻击路径中的网络设备数量,将网络设备数量最小的攻击路径确定为风险路径。如此,当根据风险值找到至少两个攻击路径时,确定所述攻击路径中的网络设备数量,以数量较少的攻击路径作为风险路径,达到在攻击发生前找到风险路径的目的。In this embodiment, after comparing the risk values of all attack paths of the target network device, an attack path with the smallest risk value or an attack path with a risk value smaller than a preset threshold is determined. When the attack path with the smallest risk value or the number of attack paths with the risk value less than the preset threshold is single, the attack path with the smallest risk value or the attack path with the risk value less than the preset threshold is used as the risk path; when the attack path with the smallest risk value is the risk path When the number of paths or attack paths with a risk value less than a preset threshold is at least two, determine the attack path corresponding to the risk value, and determine the number of network devices in the attack path, including the target network device and related network devices, Compare the number of network devices in multiple attack paths, and determine the attack path with the smallest number of network devices as the risk path. In this way, when at least two attack paths are found according to the risk value, the number of network devices in the attack paths is determined, and the attack path with a smaller number is used as the risk path to achieve the purpose of finding the risk path before the attack occurs.

如图5所示,在本发明一实施例中,所述步骤S510包括:As shown in FIG. 5, in an embodiment of the present invention, the step S510 includes:

步骤S511,根据同一所述攻击路径中的所述目标网路设备以及所述相关网络设备的安全评分确定所述攻击路径的总分值;Step S511, determining the total score of the attack path according to the security scores of the target network device and the related network device in the same attack path;

步骤S512,根据所述总分值以及所述攻击路径上的设备数量确定所述攻击路径的风险值。Step S512: Determine the risk value of the attack path according to the total score and the number of devices on the attack path.

在本实施例中,在通过深度遍历并根据网络设备之间的拓扑关系找到攻击目标网络设备的所有攻击路径后,根据目标网络设备以及每个所述攻击路径中的相关网络设备的属性信息,确定目标网络设备以及每个所述攻击路径中的相关网络设备的安全评分。将同一攻击路径上的网络设备的安全评分相加,包括目标网络设备的安全评分以及该攻击路径中所述相关网络设备的安全评分,得到所述攻击路径的总分值。确定每个所述攻击路径中的网络设备数量。根据所述总分值以及所述攻击路径上的网络设备数量确定该攻击路径的风险值。如此,通过每个攻击路径中各个网络设备的安全评分确定所述攻击路径的总分值,确定所述攻击路径上的设备数量,根据攻击路径对应的总分值以及设备数量确定所述攻击路径的风险值,以便根据所述风险值确定风险路径,达到在攻击发生前找到风险路径的目的。In this embodiment, after finding all attack paths to attack the target network device through deep traversal and according to the topology relationship between network devices, according to the attribute information of the target network device and the related network devices in each of the attack paths, A security score for the target network device and associated network devices in each of the attack paths is determined. The security scores of the network devices on the same attack path are added together, including the security score of the target network device and the security scores of the related network devices in the attack path, to obtain the total score value of the attack path. Determine the number of network devices in each of the attack paths. The risk value of the attack path is determined according to the total score and the number of network devices on the attack path. In this way, the total score of the attack path is determined by the security score of each network device in each attack path, the number of devices on the attack path is determined, and the attack path is determined according to the total score corresponding to the attack path and the number of devices In order to determine the risk path according to the risk value, the purpose of finding the risk path before the attack occurs.

进一步地,在本发明一实施例中,所述步骤S512包括:Further, in an embodiment of the present invention, the step S512 includes:

将每个所述攻击路径的所述总分值除以所述攻击路径上的设备数量,得到所述攻击路径对应的平均分值;Divide the total score of each attack path by the number of devices on the attack path to obtain the average score corresponding to the attack path;

根据所述平均分值确定所述风险值。The risk value is determined based on the average score.

在本实施例中,根据获取每个攻击路径中网络设备的安全评分,确定攻击路径的总分值,并确定所述攻击路径上的网络设备数量。将每个所述攻击路径的总分值除以所述攻击路径的网络设备数量,得到所述攻击路径对应的平均分值。将所述平均分值作为所述攻击路径的风险值,所述风险值越低,通过所述攻击路径攻击目标网络设备越容易成功。如此,通过计算攻击路径对应的总分值以及确定对应的设备数量,得到所述攻击路径对应的风险值,从而确定风险路径,达到在攻击发生前找到风险路径的目的。In this embodiment, the total score value of the attack path is determined according to the obtained security score of network devices in each attack path, and the number of network devices on the attack path is determined. Divide the total score of each attack path by the number of network devices in the attack path to obtain an average score corresponding to the attack path. The average score is used as the risk value of the attack path. The lower the risk value is, the easier it is to successfully attack the target network device through the attack path. In this way, by calculating the total score value corresponding to the attack path and determining the corresponding number of devices, the risk value corresponding to the attack path is obtained, thereby determining the risk path and achieving the purpose of finding the risk path before the attack occurs.

进一步地,在本发明一实施例中,所述步骤S500之后,还包括:Further, in an embodiment of the present invention, after the step S500, the method further includes:

在所述拓扑关系对应的拓扑图中突出显示所述风险路径。The risk path is highlighted in the topology map corresponding to the topology relationship.

在本实施例中,确定各个网络设备之间的拓扑关系后,根据所述拓扑关系绘制对应的拓扑图。在确定风险路径后,在所述拓扑图中突出显示所述风险路径,例如,将所述风险路径以红色高亮显示。如此,通过在拓扑图中突出显示风险路径,提示用户目标网络设备最容易通过所述风险路径被攻击,以便用户通过在风险路径上添加一个安全设备等方法,有针对性的对网络链路进行优化以及防护。In this embodiment, after determining the topology relationship between each network device, a corresponding topology map is drawn according to the topology relationship. After the risk path is determined, the risk path is highlighted in the topology map, eg, the risk path is highlighted in red. In this way, by highlighting the risk path in the topology diagram, the user is reminded that the target network device is most likely to be attacked through the risk path, so that the user can carry out targeted analysis of the network link by adding a security device to the risk path and other methods. Optimization and protection.

此外,为了实现上述目的,本发明提供一种电子设备,所述电子设备包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的攻击路径风险检测程序,所述攻击路径风险检测程序被所述处理器执行时实现上述任一项所述的攻击路径风险检测方法的步骤。In addition, in order to achieve the above object, the present invention provides an electronic device, the electronic device includes a memory, a processor, and an attack path risk detection program stored on the memory and executable on the processor, the attack path risk detection program When the path risk detection program is executed by the processor, the steps of any one of the attack path risk detection methods described above are implemented.

此外,为了实现上述目的,本发明提供一种可读存储介质,所述可读存储介质上存储有攻击路径风险检测程序,所述攻击路径风险检测程序被处理器执行时实现上述任一项所述的攻击路径风险检测方法的步骤。In addition, in order to achieve the above object, the present invention provides a readable storage medium, on which an attack path risk detection program is stored, and when the attack path risk detection program is executed by a processor, any of the above-mentioned items are implemented. The steps of the attack path risk detection method described above.

上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages or disadvantages of the embodiments.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that the method of the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation. Based on such understanding, the technical solutions of the present invention can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products are stored in a storage medium (such as ROM/RAM) as described above. , magnetic disk, optical disc), including several instructions to make a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to execute the methods described in the various embodiments of the present invention.

以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only preferred embodiments of the present invention, and are not intended to limit the scope of the present invention. Any equivalent structure or equivalent process transformation made by using the contents of the description and drawings of the present invention, or directly or indirectly applied in other related technical fields , are similarly included in the scope of patent protection of the present invention.

Claims (9)

1.一种攻击路径风险检测方法,其特征在于,所述攻击路径风险检测方法包括以下步骤:1. an attack path risk detection method, is characterized in that, described attack path risk detection method comprises the following steps: 获取各个网络设备之间的拓扑关系;Obtain the topology relationship between various network devices; 根据所述拓扑关系确定目标网络设备对应的攻击路径;Determine the attack path corresponding to the target network device according to the topological relationship; 确定所述目标网络设备所在攻击路径上的相关网络设备;Determine the relevant network devices on the attack path where the target network device is located; 获取所述相关网络设备及所述目标网络设备的属性信息,并根据所述属性信息确定所述目标网络设备及所述相关网络设备的安全评分,其中,所述属性信息包括设备功能、设备版本、设备型号以及设备已安装的应用;Obtain attribute information of the relevant network device and the target network device, and determine the security score of the target network device and the relevant network device according to the attribute information, wherein the attribute information includes device function, device version , the device model, and the apps installed on the device; 根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径。A risk path is determined in each attack path according to the security scores of the target network device and the related network device on each attack path. 2.如权利要求1所述的攻击路径风险检测方法,其特征在于,所述根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径的步骤包括:2 . The attack path risk detection method according to claim 1 , wherein the risk is determined in each attack path according to the security score of the target network device and the related network device on each attack path. 3 . The steps of the path include: 根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,获取每个所述攻击路径的风险值;Obtain the risk value of each attack path according to the security score of the target network device and the related network device on each attack path; 根据所述风险值确定所述风险路径。The risk path is determined according to the risk value. 3.如权利要求2所述的攻击路径风险检测方法,其特征在于,所述根据所述风险值确定所述风险路径的步骤包括:3. The attack path risk detection method according to claim 2, wherein the step of determining the risk path according to the risk value comprises: 获取风险值最小或者风险值小于预设阈值的攻击路径;Obtain the attack path with the smallest risk value or the risk value less than the preset threshold; 根据风险值最小或者风险值小于预设阈值的攻击路径确定所述风险路径。The risk path is determined according to an attack path with a minimum risk value or a risk value smaller than a preset threshold. 4.如权利要求3所述的攻击路径风险检测方法,其特征在于,所述根据风险值最小或者风险值小于预设阈值的攻击路径确定所述风险路径的步骤包括:4. The attack path risk detection method according to claim 3, wherein the step of determining the risk path according to an attack path with a minimum risk value or a risk value less than a preset threshold comprises: 当风险值最小或者风险值小于预设阈值的攻击路径的数量为至少两个时,根据风险值最小或者风险值小于预设阈值的攻击路径上的网络设备数量确定风险路径;When the number of attack paths with the minimum risk value or the risk value less than the preset threshold is at least two, determine the risk path according to the number of network devices on the attack path with the minimum risk value or the risk value less than the preset threshold; 当风险值最小或者风险值小于预设阈值的攻击路径的数量为单个时,将风险值最小或者风险值小于预设阈值的攻击路径作为所述风险路径。When the number of attack paths with the smallest risk value or the risk value smaller than the preset threshold is single, the attack path with the smallest risk value or the risk value smaller than the preset threshold is used as the risk path. 5.如权利要求2所述的攻击路径风险检测方法,其特征在于,所述根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,获取每个所述攻击路径的风险值的步骤包括:5 . The attack path risk detection method according to claim 2 , wherein, according to the security score of the target network device and the related network device on each attack path, obtain each of the attack paths. 6 . The VaR steps include: 根据同一所述攻击路径中的所述目标网路设备以及所述相关网络设备的安全评分确定所述攻击路径的总分值;Determine the total score value of the attack path according to the security scores of the target network device and the related network device in the same attack path; 根据所述总分值以及所述攻击路径上的设备数量确定所述攻击路径的风险值。The risk value of the attack path is determined according to the total score and the number of devices on the attack path. 6.如权利要求5所述的攻击路径风险检测方法,其特征在于,所述根据所述总分值以及所述攻击路径上的设备数量确定所述攻击路径的风险值的步骤包括:6. The attack path risk detection method according to claim 5, wherein the step of determining the risk value of the attack path according to the total score and the number of devices on the attack path comprises: 将每个所述攻击路径的所述总分值除以所述攻击路径上的设备数量,得到所述攻击路径对应的平均分值;Divide the total score of each attack path by the number of devices on the attack path to obtain the average score corresponding to the attack path; 根据所述平均分值确定所述风险值。The risk value is determined based on the average score. 7.如权利要求1所述的攻击路径风险检测方法,其特征在于,所述根据每个攻击路径上的所述目标网络设备及所述相关网络设备的安全评分,在各个攻击路径中确定风险路径的步骤之后,还包括:7 . The attack path risk detection method according to claim 1 , wherein the risk is determined in each attack path according to the security score of the target network device and the related network device on each attack path. 8 . After the steps of the path, also include: 在所述拓扑关系对应的拓扑图中突出显示所述风险路径。The risk path is highlighted in the topology map corresponding to the topology relationship. 8.一种电子设备,其特征在于,所述电子设备包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的攻击路径风险检测程序,所述攻击路径风险检测程序被所述处理器执行时实现如权利要求1至7中任一项所述的攻击路径风险检测方法的步骤。8. An electronic device, characterized in that the electronic device comprises a memory, a processor, and an attack path risk detection program stored on the memory and executable on the processor, the attack path risk detection program The steps of implementing the attack path risk detection method according to any one of claims 1 to 7 when executed by the processor. 9.一种可读存储介质,其特征在于,所述可读存储介质上存储有攻击路径风险检测程序,所述攻击路径风险检测程序被处理器执行时实现如权利要求1至7中任一项所述的攻击路径风险检测方法的步骤。9. A readable storage medium, wherein an attack path risk detection program is stored on the readable storage medium, and when the attack path risk detection program is executed by a processor, any one of claims 1 to 7 is implemented. The steps of the attack path risk detection method described in item.
CN202210141537.4A 2022-02-16 2022-02-16 Attack path risk detection method, electronic device and readable storage medium Pending CN114598502A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210141537.4A CN114598502A (en) 2022-02-16 2022-02-16 Attack path risk detection method, electronic device and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210141537.4A CN114598502A (en) 2022-02-16 2022-02-16 Attack path risk detection method, electronic device and readable storage medium

Publications (1)

Publication Number Publication Date
CN114598502A true CN114598502A (en) 2022-06-07

Family

ID=81805857

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210141537.4A Pending CN114598502A (en) 2022-02-16 2022-02-16 Attack path risk detection method, electronic device and readable storage medium

Country Status (1)

Country Link
CN (1) CN114598502A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277250A (en) * 2022-09-23 2022-11-01 中国汽车技术研究中心有限公司 Vehicle-end attack path identification method, equipment and storage medium
CN115314393A (en) * 2022-10-12 2022-11-08 北京九鼎颐和科技有限公司 Network topology management method, system, terminal and storage medium
CN117097563A (en) * 2023-10-18 2023-11-21 中电科大数据研究院有限公司 Privacy protection-oriented data sharing method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103810558A (en) * 2012-11-06 2014-05-21 财团法人资讯工业策进会 Information security audit management and control system and method
CN110855722A (en) * 2020-01-16 2020-02-28 北京安博通科技股份有限公司 Host risk assessment method and device
CN111342988A (en) * 2018-12-19 2020-06-26 中国移动通信集团湖南有限公司 Situation awareness-based network security early warning method and device
US20200304534A1 (en) * 2019-03-22 2020-09-24 Hitachi, Ltd. Method and system for predicting an attack path in a computer network
CN113824676A (en) * 2020-11-13 2021-12-21 北京沃东天骏信息技术有限公司 Method and device for determining attack chain aiming at vulnerability

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103810558A (en) * 2012-11-06 2014-05-21 财团法人资讯工业策进会 Information security audit management and control system and method
CN111342988A (en) * 2018-12-19 2020-06-26 中国移动通信集团湖南有限公司 Situation awareness-based network security early warning method and device
US20200304534A1 (en) * 2019-03-22 2020-09-24 Hitachi, Ltd. Method and system for predicting an attack path in a computer network
CN110855722A (en) * 2020-01-16 2020-02-28 北京安博通科技股份有限公司 Host risk assessment method and device
CN113824676A (en) * 2020-11-13 2021-12-21 北京沃东天骏信息技术有限公司 Method and device for determining attack chain aiming at vulnerability

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277250A (en) * 2022-09-23 2022-11-01 中国汽车技术研究中心有限公司 Vehicle-end attack path identification method, equipment and storage medium
CN115314393A (en) * 2022-10-12 2022-11-08 北京九鼎颐和科技有限公司 Network topology management method, system, terminal and storage medium
CN117097563A (en) * 2023-10-18 2023-11-21 中电科大数据研究院有限公司 Privacy protection-oriented data sharing method and system
CN117097563B (en) * 2023-10-18 2023-12-19 中电科大数据研究院有限公司 Privacy protection-oriented data sharing method and system

Similar Documents

Publication Publication Date Title
CN114598502A (en) Attack path risk detection method, electronic device and readable storage medium
CN110380917B (en) Control method and device of federal learning system, terminal equipment and storage medium
US10447726B2 (en) Mitigating attacks on server computers by enforcing platform policies on client computers
US20140006507A1 (en) Dynamic Security Question Compromise Checking Based on Incoming Social Network Postings
CN110737891B (en) Host intrusion detection method and device
CN109327439B (en) Risk identification method and device for service request data, storage medium and equipment
CN110572409B (en) Industrial Internet security risk prediction method, device, equipment and storage medium
JP2023021223A (en) Attack state visualization device, attack state visualization method and program
CN109274632A (en) Method and device for identifying website
CN113810408B (en) Network attack organization detection method, device, equipment and readable storage medium
US20140007206A1 (en) Notification of Security Question Compromise Level based on Social Network Interactions
JP2017228277A (en) System and method for protecting computers from unauthorized remote administration
CN112087455B (en) A method, system, device and medium for generating WAF site protection rules
JP6375047B1 (en) Firewall device
CN110175833A (en) A kind of computer installation, method, system and medium for binding bank card information
CN111294347B (en) Safety management method and system for industrial control equipment
CN114157480B (en) Method, device, equipment and storage medium for determining network attack scheme
CN110599278B (en) Method, apparatus, and computer storage medium for aggregating device identifiers
CN109450853B (en) Malicious website determination method and device, terminal and server
WO2023065985A1 (en) Risk prediction method and apparatus for water heater flue, computer device, and medium
CN112527802B (en) Soft link method and device based on key value database
CN114500368A (en) Data transmission method and device and router adopting device
CN110719274B (en) Network security control method, device, device and storage medium
CN113326506A (en) Applet monitoring method and device
CN113360460B (en) Favorites sharing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220607