CN114598502A - Attack path risk detection method, electronic device and readable storage medium - Google Patents
Attack path risk detection method, electronic device and readable storage medium Download PDFInfo
- Publication number
- CN114598502A CN114598502A CN202210141537.4A CN202210141537A CN114598502A CN 114598502 A CN114598502 A CN 114598502A CN 202210141537 A CN202210141537 A CN 202210141537A CN 114598502 A CN114598502 A CN 114598502A
- Authority
- CN
- China
- Prior art keywords
- risk
- attack path
- path
- attack
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 24
- 238000000034 method Methods 0.000 claims abstract description 9
- 230000006870 function Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an attack path risk detection method, electronic equipment and a readable storage medium, wherein the attack path risk detection method comprises the following steps: acquiring a topological relation among network devices; determining an attack path corresponding to the target network equipment according to the topological relation; determining related network equipment on an attack path where the target network equipment is located; acquiring attribute information of the related network equipment and the target network equipment, and determining the security scores of the target network equipment and the related network equipment according to the attribute information; and determining a risk path in each attack path according to the security scores of the target network equipment and the related network equipment on each attack path. According to the method and the device, the security score is determined according to the attribute information of the network equipment, and the risk value of each attack path is determined according to the security score, so that the risk path is determined, and the purpose of finding the risk path before the attack occurs is achieved.
Description
Technical Field
The present invention relates to the field of network security, and in particular, to a method for detecting risk of attack path, an electronic device, and a readable storage medium.
Background
Network security is increasingly emphasized, and related network security technologies and devices are increasing. In order to enhance network security, some security devices are usually added to the local area network, but are still easily broken by hackers. Most techniques and devices go to the source after being attacked or intercept when being attacked, and risk paths which may exist in the network are not discovered before the attack occurs.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide an attack path risk detection method, which aims to perform security scoring according to attribute information of network equipment, find possible risk paths according to the security scoring and achieve the purpose of finding the risk paths before an attack occurs.
In order to achieve the above object, the present invention provides an attack path risk detection method, which includes the following steps:
acquiring a topological relation among network devices;
determining an attack path corresponding to the target network equipment according to the topological relation;
determining related network equipment on an attack path where the target network equipment is located;
acquiring attribute information of the related network equipment and the target network equipment, and determining the security scores of the target network equipment and the related network equipment according to the attribute information, wherein the attribute information comprises equipment functions, equipment versions, equipment models and installed applications of the equipment;
and determining a risk path in each attack path according to the security scores of the target network equipment and the related network equipment on each attack path.
Further, the step of determining a risk path in each attack path according to the security scores of the target network device and the related network devices on each attack path includes:
acquiring a risk value of each attack path according to the security scores of the target network equipment and the related network equipment on each attack path;
determining the risk path according to the risk value.
Further, the step of determining the risk path from the risk value comprises:
acquiring an attack path with the minimum risk value or the risk value smaller than a preset threshold value;
and determining the risk path according to the attack path with the minimum risk value or the risk value smaller than a preset threshold value.
Further, the step of determining the risk path according to the attack path with the minimum risk value or the risk value smaller than the preset threshold value includes:
when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold is at least two, determining the risk paths according to the number of the network devices on the attack paths with the minimum risk value or the risk value smaller than the preset threshold;
and when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold value is single, taking the attack paths with the minimum risk value or the risk value smaller than the preset threshold value as the risk paths.
Further, the step of obtaining the risk value of each attack path according to the security scores of the target network device and the related network devices on each attack path includes:
determining the total score of the attack path according to the security scores of the target network equipment and the related network equipment in the same attack path;
and determining the risk value of the attack path according to the total score and the number of the devices on the attack path.
Further, the step of determining the risk value of the attack path according to the total score and the number of devices on the attack path includes:
dividing the total score of each attack path by the number of devices on the attack path to obtain an average score corresponding to the attack path;
and determining the risk value according to the average score.
Further, after the step of determining a risk path in each attack path according to the security scores of the target network device and the related network devices on each attack path, the method further includes:
and highlighting and displaying the risk path in a topological graph corresponding to the topological relation.
Furthermore, in order to achieve the above object, the present invention provides an electronic device, which includes a memory, a processor, and an attack path risk detection program stored on the memory and operable on the processor, wherein the attack path risk detection program, when executed by the processor, implements the steps of the attack path risk detection method according to any one of the above aspects.
Furthermore, in order to achieve the above object, the present invention provides a readable storage medium having stored thereon an attack path risk detection program that, when executed by a processor, implements the steps of the attack path risk detection method described in any one of the above.
According to the technical scheme, the topological relation among all network devices is obtained; determining an attack path corresponding to the target network equipment according to the topological relation; determining related network equipment on an attack path where the target network equipment is located; acquiring attribute information of the related network equipment and the target network equipment, and determining the security scores of the target network equipment and the related network equipment according to the attribute information, wherein the attribute information comprises equipment functions, equipment versions, equipment models and installed applications of the equipment; and determining a risk path in each attack path according to the security scores of the target network equipment and the related network equipment on each attack path. Therefore, the invention determines the security scores of the target network device and the related network devices according to the attribute information of the target network device and the related network devices, determines the risk value of each attack path according to the security scores and the number of the network devices on the attack paths, and determines the risk paths according to the risk values, thereby achieving the purpose of finding the risk paths before the attacks occur.
Drawings
FIG. 1 is a schematic diagram of an apparatus in a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an attack path risk detection method according to an embodiment of the present invention;
fig. 3 is a detailed flowchart of step S500 in the attack path risk detection method according to the present invention;
fig. 4 is a detailed flowchart of step S520 in the attack path risk detection method according to the present invention;
fig. 5 is a detailed flowchart of step S510 in the attack path risk detection method according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The main technical scheme of the invention is as follows:
acquiring a topological relation among network devices;
determining an attack path corresponding to the target network equipment according to the topological relation;
determining related network equipment on an attack path where the target network equipment is located;
acquiring attribute information of the related network equipment and the target network equipment, and determining the security scores of the target network equipment and the related network equipment according to the attribute information, wherein the attribute information comprises equipment functions, equipment versions, equipment models and installed applications of the equipment;
and determining a risk path in each attack path according to the security scores of the target network equipment and the related network equipment on each attack path.
In the related art, most of the technologies and devices go to the source after being attacked or intercept when being attacked, and risk paths which may exist in the network are not discovered before the attack occurs.
According to the technical scheme, the topological relation among all network devices is obtained; determining an attack path corresponding to the target network equipment according to the topological relation; determining related network equipment on an attack path where the target network equipment is located; acquiring attribute information of the related network equipment and the target network equipment, and determining the security scores of the target network equipment and the related network equipment according to the attribute information, wherein the attribute information comprises equipment functions, equipment versions, equipment models and installed applications of the equipment; and determining a risk path in each attack path according to the security scores of the target network equipment and the related network equipment on each attack path. Therefore, the invention determines the security scores of the target network device and the related network devices according to the attribute information of the target network device and the related network devices, determines the risk value of each attack path according to the security scores and the number of the network devices on the attack paths, and determines the risk paths according to the risk values, thereby achieving the purpose of finding the risk paths before the attacks occur.
As shown in fig. 1, fig. 1 is a schematic diagram of a hardware operating environment of a terminal according to an embodiment of the present invention.
As shown in fig. 1, the terminal may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may comprise a touch screen and/or keys, etc., and the optional user interface 1003 may also comprise a standard wired interface, a wireless interface, etc. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., a non-vo l at i l element), such as a disk memory the memory 1005 may optionally be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration of the terminal shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and an attack path risk detection program.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to call the attack path risk detection program stored in the memory 1005 and perform the following operations:
acquiring a topological relation among network devices;
determining an attack path corresponding to the target network equipment according to the topological relation;
determining related network equipment on an attack path where the target network equipment is located;
acquiring attribute information of the related network equipment and the target network equipment, and determining the security scores of the target network equipment and the related network equipment according to the attribute information, wherein the attribute information comprises equipment functions, equipment versions, equipment models and installed applications of the equipment;
and determining a risk path in each attack path according to the security scores of the target network equipment and the related network equipment on each attack path.
Further, the processor 1001 may call an attack path risk detection program stored in the memory 1005, and also perform the following operations:
acquiring a risk value of each attack path according to the security scores of the target network equipment and the related network equipment on each attack path;
determining the risk path according to the risk value.
Further, the processor 1001 may call an attack path risk detection program stored in the memory 1005, and also perform the following operations:
acquiring an attack path with the minimum risk value or the risk value smaller than a preset threshold value;
and determining the risk path according to the attack path with the minimum risk value or the risk value smaller than a preset threshold value. Further, the processor 1001 may call an attack path risk detection program stored in the memory 1005, and also perform the following operations:
when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold is at least two, determining the risk paths according to the number of the network devices on the attack paths with the minimum risk value or the risk value smaller than the preset threshold;
and when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold value is single, taking the attack paths with the minimum risk value or the risk value smaller than the preset threshold value as the risk paths.
Further, the processor 1001 may call an attack path risk detection program stored in the memory 1005, and also perform the following operations:
determining the total score of the attack path according to the security scores of the target network equipment and the related network equipment in the same attack path;
and determining the risk value of the attack path according to the total score and the number of the devices on the attack path.
Further, the processor 1001 may call an attack path risk detection program stored in the memory 1005, and also perform the following operations:
dividing the total score of each attack path by the number of devices on the attack path to obtain an average score corresponding to the attack path;
and determining the risk value according to the average score.
Further, the processor 1001 may call an attack path risk detection program stored in the memory 1005, and also perform the following operations:
and highlighting and displaying the risk path in a topological graph corresponding to the topological relation.
As shown in fig. 2, in an embodiment of the present invention, the attack path risk detection method includes the following steps:
step S100, acquiring a topological relation among network devices;
in this embodiment, the topological relation between the network devices is determined by manual setting or scanning all the devices. And drawing a corresponding topological graph according to the topological relation among the network devices.
Step S200, determining an attack path corresponding to the target network equipment according to the topological relation;
in this embodiment, after the target network device is determined, all attack paths of the target network device are found through deep traversal according to the topological relation among the network devices.
Step S300, determining relevant network equipment on an attack path where the target network equipment is located;
in this embodiment, the devices on the attack path include a target network device and related network devices, and since security scores of all devices on each attack path need to be determined when determining a risk value corresponding to the attack path, after determining all attack paths of the target network device, it is necessary to determine the related network devices on each attack path except the target network device.
Step S400, obtaining attribute information of the related network equipment and the target network equipment, and determining the security scores of the target network equipment and the related network equipment according to the attribute information, wherein the attribute information comprises equipment functions, equipment versions, equipment models and installed applications of the equipment;
in this embodiment, after determining network devices on each attack path, that is, a target network device and a related network device, attribute information of the target network device and the related network device is obtained, where the attribute information may be obtained by obtaining information input by a user on a preset interface, or may be determined by scanning each network device. The attribute information includes a device function, a device version, a device model, and an installed application of the device. And determining the security scores of the target network equipment and the related network equipment according to a preset calculation mode through the attribute information, wherein the higher the security score is, the safer the corresponding network equipment is and the network equipment is not easy to be broken.
Step S500, according to the security scores of the target network device and the related network devices on each attack path, determining a risk path in each attack path.
In this embodiment, after the security scores of the network devices on each attack path are determined, the security scores of the target network device and all the related network devices on each attack path are added to obtain a total score corresponding to each attack path. And determining the number of network devices on each attack path, including the target network device and the related network devices. And dividing the total score of each attack path by the number of the network devices on the attack path to obtain an average score corresponding to the attack path, wherein the average score is used as a risk value of the attack path. And determining the attack path with the minimum risk value or the attack path with the risk value smaller than a preset threshold value as the risk path. And when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold is at least two, determining the risk paths according to the number of the network devices on the attack paths with the minimum risk value or the risk value smaller than the preset threshold.
In summary, in the technical solution of the present invention, a topological relationship between each network device is obtained; determining an attack path corresponding to the target network equipment according to the topological relation; determining related network equipment on an attack path where the target network equipment is located; acquiring attribute information of the related network equipment and the target network equipment, and determining the security scores of the target network equipment and the related network equipment according to the attribute information, wherein the attribute information comprises equipment functions, equipment versions, equipment models and installed applications of the equipment; and determining a risk path in each attack path according to the security scores of the target network equipment and the related network equipment on each attack path. Therefore, the invention determines the security scores of the target network device and the related network devices according to the attribute information of the target network device and the related network devices, determines the risk value of each attack path according to the security scores and the number of the network devices on the attack paths, and determines the risk paths according to the risk values, thereby achieving the purpose of finding the risk paths before the attacks occur.
As shown in fig. 3, in an embodiment of the present invention, the step S500 includes:
step S510, according to the security scores of the target network equipment and the related network equipment on each attack path, acquiring the risk value of each attack path;
step S520, determining the risk path according to the risk value.
In this embodiment, after obtaining the security scores of the target network device and the related network devices on each attack path, the security scores corresponding to all the network devices on the same attack path are added to obtain a total score of the attack path. And acquiring the number of the network devices on each attack path, wherein the number of the network devices comprises the target network device and the related network devices. Dividing the total score of each attack path by the number of the corresponding network devices to obtain an average score, wherein the average score is used as a risk value of the attack path, and the smaller the risk value is, the higher the possibility of attacking the target network device through the attack path is. And taking the attack path with the minimum risk value or the risk value smaller than a preset threshold value in the attack paths of the target network equipment as a risk path. And when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold is at least two, determining the risk paths according to the number of the network devices on the attack paths with the minimum risk value or the risk value smaller than the preset threshold. Therefore, the risk value corresponding to each attack path is determined by obtaining the security score of the network equipment in all the attack paths of the target network equipment, and the risk path is determined according to the risk value, so that the purpose of finding the risk path before the attack occurs is achieved.
As shown in fig. 4, in an embodiment of the present invention, the step S520 includes:
step S521, acquiring an attack path with the minimum risk value or the risk value smaller than a preset threshold value;
step S522, determining the risk path according to the attack path with the minimum risk value or the risk value smaller than the preset threshold.
In this embodiment, after determining the risk values of all attack paths of the target network device, the risk path is determined according to the risk values. Comparing the risk values of all the attack paths, if the risk values of at least two attack paths are minimum or smaller than a preset threshold, determining the number of the network devices on each attack path with the minimum risk value or smaller than the preset threshold, and taking the attack path with the small number of the network devices as a risk path; and if only one attack path has the minimum risk value or is smaller than a preset threshold value, taking the attack path with the minimum risk value or smaller than the preset threshold value as the risk path. Therefore, the risk value of the risk path corresponding to the target network equipment is compared, and the purpose of finding the risk path before the attack occurs is achieved.
Further, in an embodiment of the present invention, the step S522 includes:
when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold is at least two, determining the risk paths according to the number of the network devices on the attack paths with the minimum risk value or the risk value smaller than the preset threshold;
and when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold value is single, taking the attack paths with the minimum risk value or the risk value smaller than the preset threshold value as the risk paths.
In this embodiment, after comparing the risk values of all attack paths of the target network device, the attack path with the minimum risk value or the attack path with the risk value smaller than the preset threshold is determined. When the attack path with the minimum risk value or the number of the attack paths with the risk values smaller than the preset threshold value is single, taking the attack path with the minimum risk value or the attack path with the risk values smaller than the preset threshold value as a risk path; when the attack path with the minimum risk value or the number of the attack paths with the risk value smaller than the preset threshold value is at least two, determining the attack path corresponding to the risk value, determining the number of network devices in the attack path, including the target network device and the related network devices, comparing the number of the network devices in the plurality of attack paths, and determining the attack path with the minimum number of the network devices as the risk path. Thus, when at least two attack paths are found according to the risk value, the number of the network devices in the attack paths is determined, and the attack paths with less number are used as the risk paths, so that the purpose of finding the risk paths before the attack occurs is achieved.
As shown in fig. 5, in an embodiment of the present invention, the step S510 includes:
step S511, determining the total score of the attack path according to the security scores of the target network device and the related network devices in the same attack path;
and step S512, determining the risk value of the attack path according to the total score and the number of the devices on the attack path.
In this embodiment, after all attack paths of an attack target network device are found through deep traversal and according to a topological relation between network devices, security scores of the target network device and relevant network devices in each attack path are determined according to attribute information of the target network device and relevant network devices in each attack path. And adding the security scores of the network devices on the same attack path, wherein the security scores of the target network devices and the security scores of the related network devices in the attack path are included, and the total score of the attack path is obtained. And determining the number of network devices in each attack path. And determining the risk value of the attack path according to the total score and the number of the network devices on the attack path. Therefore, the total score of each attack path is determined through the security score of each network device in each attack path, the number of devices on each attack path is determined, and the risk value of each attack path is determined according to the total score corresponding to each attack path and the number of the devices, so that the risk path is determined according to the risk value, and the purpose of finding the risk path before the attack occurs is achieved.
Further, in an embodiment of the present invention, the step S512 includes:
dividing the total score of each attack path by the number of devices on the attack path to obtain an average score corresponding to the attack path;
and determining the risk value according to the average score.
In this embodiment, the total score of the attack path is determined according to the security score of the network device in each attack path, and the number of network devices on the attack path is determined. And dividing the total score of each attack path by the number of the network devices of the attack path to obtain the average score corresponding to the attack path. And taking the average score as a risk value of the attack path, wherein the lower the risk value is, the easier the target network equipment is attacked by the attack path. Therefore, the risk value corresponding to the attack path is obtained by calculating the total score corresponding to the attack path and determining the number of the corresponding devices, so that the risk path is determined, and the purpose of finding the risk path before the attack occurs is achieved.
Further, in an embodiment of the present invention, after the step S500, the method further includes:
and highlighting and displaying the risk path in a topological graph corresponding to the topological relation.
In this embodiment, after determining the topological relation among the network devices, a corresponding topological graph is drawn according to the topological relation. After determining the risk path, highlighting the risk path in the topological graph, e.g., highlighting the risk path in red. Therefore, the risk path is highlighted and displayed in the topological graph, and the user is prompted that the target network equipment is most easily attacked through the risk path, so that the user can optimize and protect the network link in a targeted manner by adding a safety device on the risk path and the like.
Furthermore, in order to achieve the above object, the present invention provides an electronic device, which includes a memory, a processor, and an attack path risk detection program stored on the memory and operable on the processor, wherein the attack path risk detection program, when executed by the processor, implements the steps of the attack path risk detection method according to any one of the above aspects.
Furthermore, in order to achieve the above object, the present invention provides a readable storage medium having stored thereon an attack path risk detection program which, when executed by a processor, implements the steps of the attack path risk detection method described in any one of the above.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (9)
1. An attack path risk detection method, characterized by comprising the steps of:
acquiring a topological relation among network devices;
determining an attack path corresponding to the target network equipment according to the topological relation;
determining related network equipment on an attack path where the target network equipment is located;
acquiring attribute information of the related network equipment and the target network equipment, and determining the security scores of the target network equipment and the related network equipment according to the attribute information, wherein the attribute information comprises equipment functions, equipment versions, equipment models and installed applications of the equipment;
and determining a risk path in each attack path according to the security scores of the target network equipment and the related network equipment on each attack path.
2. The attack path risk detection method according to claim 1, wherein the step of determining a risk path in each attack path according to the security scores of the target network device and the related network devices on each attack path comprises:
acquiring a risk value of each attack path according to the security scores of the target network equipment and the related network equipment on each attack path;
determining the risk path according to the risk value.
3. The attack path risk detection method according to claim 2, wherein the step of determining the risk path from the risk value comprises:
acquiring an attack path with the minimum risk value or the risk value smaller than a preset threshold value;
and determining the risk path according to the attack path with the minimum risk value or the risk value smaller than a preset threshold value.
4. The attack path risk detection method according to claim 3, wherein the step of determining the risk path according to the attack path having the minimum risk value or the risk value smaller than a preset threshold value comprises:
when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold is at least two, determining the risk paths according to the number of the network devices on the attack paths with the minimum risk value or the risk value smaller than the preset threshold;
and when the number of the attack paths with the minimum risk value or the risk value smaller than the preset threshold value is single, taking the attack paths with the minimum risk value or the risk value smaller than the preset threshold value as the risk paths.
5. The attack path risk detection method according to claim 2, wherein the step of obtaining the risk value of each attack path according to the security scores of the target network device and the related network devices on each attack path comprises:
determining the total score of the attack path according to the security scores of the target network equipment and the related network equipment in the same attack path;
and determining the risk value of the attack path according to the total score and the number of the devices on the attack path.
6. The attack path risk detection method according to claim 5, wherein the step of determining the risk value of the attack path based on the total score and the number of devices on the attack path comprises:
dividing the total score of each attack path by the number of devices on the attack path to obtain an average score corresponding to the attack path;
and determining the risk value according to the average score.
7. The attack path risk detection method according to claim 1, wherein after the step of determining a risk path in each attack path according to the security scores of the target network device and the related network devices on each attack path, the method further comprises:
and highlighting and displaying the risk path in a topological graph corresponding to the topological relation.
8. An electronic device, characterized in that the electronic device comprises a memory, a processor and an attack path risk detection program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the attack path risk detection method according to any one of claims 1 to 7.
9. A readable storage medium, characterized in that the readable storage medium has stored thereon an attack path risk detection program which, when executed by a processor, implements the steps of the attack path risk detection method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210141537.4A CN114598502A (en) | 2022-02-16 | 2022-02-16 | Attack path risk detection method, electronic device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210141537.4A CN114598502A (en) | 2022-02-16 | 2022-02-16 | Attack path risk detection method, electronic device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114598502A true CN114598502A (en) | 2022-06-07 |
Family
ID=81805857
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210141537.4A Pending CN114598502A (en) | 2022-02-16 | 2022-02-16 | Attack path risk detection method, electronic device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114598502A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277250A (en) * | 2022-09-23 | 2022-11-01 | 中国汽车技术研究中心有限公司 | Vehicle-end attack path identification method, equipment and storage medium |
| CN115314393A (en) * | 2022-10-12 | 2022-11-08 | 北京九鼎颐和科技有限公司 | Network topology management method, system, terminal and storage medium |
| CN117097563A (en) * | 2023-10-18 | 2023-11-21 | 中电科大数据研究院有限公司 | Privacy protection-oriented data sharing method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103810558A (en) * | 2012-11-06 | 2014-05-21 | 财团法人资讯工业策进会 | Information security audit management and control system and method |
| CN110855722A (en) * | 2020-01-16 | 2020-02-28 | 北京安博通科技股份有限公司 | Host risk assessment method and device |
| CN111342988A (en) * | 2018-12-19 | 2020-06-26 | 中国移动通信集团湖南有限公司 | Situation awareness-based network security early warning method and device |
| US20200304534A1 (en) * | 2019-03-22 | 2020-09-24 | Hitachi, Ltd. | Method and system for predicting an attack path in a computer network |
| CN113824676A (en) * | 2020-11-13 | 2021-12-21 | 北京沃东天骏信息技术有限公司 | Method and device for determining attack chain aiming at vulnerability |
-
2022
- 2022-02-16 CN CN202210141537.4A patent/CN114598502A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103810558A (en) * | 2012-11-06 | 2014-05-21 | 财团法人资讯工业策进会 | Information security audit management and control system and method |
| CN111342988A (en) * | 2018-12-19 | 2020-06-26 | 中国移动通信集团湖南有限公司 | Situation awareness-based network security early warning method and device |
| US20200304534A1 (en) * | 2019-03-22 | 2020-09-24 | Hitachi, Ltd. | Method and system for predicting an attack path in a computer network |
| CN110855722A (en) * | 2020-01-16 | 2020-02-28 | 北京安博通科技股份有限公司 | Host risk assessment method and device |
| CN113824676A (en) * | 2020-11-13 | 2021-12-21 | 北京沃东天骏信息技术有限公司 | Method and device for determining attack chain aiming at vulnerability |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277250A (en) * | 2022-09-23 | 2022-11-01 | 中国汽车技术研究中心有限公司 | Vehicle-end attack path identification method, equipment and storage medium |
| CN115314393A (en) * | 2022-10-12 | 2022-11-08 | 北京九鼎颐和科技有限公司 | Network topology management method, system, terminal and storage medium |
| CN117097563A (en) * | 2023-10-18 | 2023-11-21 | 中电科大数据研究院有限公司 | Privacy protection-oriented data sharing method and system |
| CN117097563B (en) * | 2023-10-18 | 2023-12-19 | 中电科大数据研究院有限公司 | Privacy protection-oriented data sharing method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114598502A (en) | Attack path risk detection method, electronic device and readable storage medium | |
| US9614863B2 (en) | System and method for analyzing mobile cyber incident | |
| CN109327439B (en) | Risk identification method and device for service request data, storage medium and equipment | |
| EP3113064A1 (en) | System and method for determining modified web pages | |
| CN110399720B (en) | File detection method and related device | |
| WO2015165412A1 (en) | Method for modifying webpage and apparatus for modifying webpage | |
| KR20130105627A (en) | Reputation checking obtained files | |
| CN108154031B (en) | Method, device, storage medium and electronic device for identifying disguised application | |
| CN113221032A (en) | Link risk detection method, device and storage medium | |
| US20180316712A1 (en) | Apparatus and methods for shortening user exposure to malicious websites | |
| CN114157480B (en) | Method, device, equipment and storage medium for determining network attack scheme | |
| US20180357404A1 (en) | Information processing method and apparatus, and electronic device | |
| EP4102772B1 (en) | Method and apparatus of processing security information, device and storage medium | |
| CN109495471B (en) | Method, device and equipment for judging WEB attack result and readable storage medium | |
| CN115001779A (en) | Verification method, device, equipment and medium of operation instruction | |
| CN106209748A (en) | The means of defence of internet interface and device | |
| CN114154153A (en) | Malicious code detection method and device, electronic equipment and storage medium | |
| CN115344315A (en) | Skin switching method and device of applet page and electronic equipment | |
| CN112087455A (en) | Method, system, equipment and medium for generating WAF site protection rule | |
| CN109684844B (en) | Webshell detection method and device, computing equipment and computer-readable storage medium | |
| CN109450853B (en) | Malicious website determination method and device, terminal and server | |
| CN115062304A (en) | Risk identification method and device, electronic equipment and readable storage medium | |
| KR101516565B1 (en) | Apparatus and method for auhentication using an image | |
| CN110875919B (en) | Network threat detection method and device, electronic equipment and storage medium | |
| CN113254932A (en) | Application program risk detection method and device, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |