CN116996318A - Feasibility assessment method, device, equipment and medium for security protection strategy - Google Patents
Feasibility assessment method, device, equipment and medium for security protection strategy Download PDFInfo
- Publication number
- CN116996318A CN116996318A CN202311101431.2A CN202311101431A CN116996318A CN 116996318 A CN116996318 A CN 116996318A CN 202311101431 A CN202311101431 A CN 202311101431A CN 116996318 A CN116996318 A CN 116996318A
- Authority
- CN
- China
- Prior art keywords
- preset evaluation
- evaluation level
- index
- leaf node
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000011156 evaluation Methods 0.000 claims abstract description 217
- 230000002194 synthesizing effect Effects 0.000 claims description 50
- 230000015572 biosynthetic process Effects 0.000 claims description 29
- 238000003786 synthesis reaction Methods 0.000 claims description 29
- 230000015654 memory Effects 0.000 claims description 26
- 230000006870 function Effects 0.000 description 14
- 238000004364 calculation method Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000008439 repair process Effects 0.000 description 3
- 238000012502 risk assessment Methods 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000004445 quantitative analysis Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000001308 synthesis method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of information security, and discloses a feasibility assessment method, a device, equipment and a medium of a security protection strategy, wherein the method comprises the following steps: acquiring a security protection strategy to be evaluated; determining a corresponding attack mode based on a security protection strategy to be evaluated; according to the attack mode, attacking the system for implementing the security protection strategy to be evaluated to obtain the real state information; comparing the real state information with preset expected information to obtain a comparison document; and quantitatively analyzing according to the comparison document to obtain the feasibility score. The feasibility evaluation method of the safety protection strategy provided by the invention can be a scientific and effective evaluation method for qualitatively and quantitatively evaluating the implemented safety protection strategy, and can more effectively prove whether the implemented method has feasibility.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a feasibility assessment method, a device, equipment and a medium of a security protection strategy.
Background
In the current information security risk assessment, the importance of assessing the risk existing in the system is around the asset, threat and vulnerability, and the effectiveness of the existing security policy of the system is also considered, so that the comprehensive risk existing in the existing system and the acceptable risk range and degree can be reflected.
However, in the existing risk assessment, the feasibility assessment is rarely performed on the existing security policy, that is, the security policy is not assessed before the risk does not appear, and more, the existing vulnerability and the risk degree after being threatened are proposed, so that the true meaning of the risk assessment is lost.
The feasibility assessment of the security policy is to assess whether the security policy can resist threat, repair system loopholes and the like, and whether the degree of the capability belongs to the acceptance range of users or not is the scale of balance of security and cost. Because of the feasibility assessment of the security policy, the security policy is affected by a plurality of factors, such as the requirement of a user on security, the loopholes existing in the system, the threats of the system and the like, the factors have uncertainty and lack of information, the system cannot be described in an accurate language, but the security policy is roughly, vague and influenced by subjective judgment, and the security policy can only be described in a relatively vague or definite language, so that the description accords with subjectivity and expresses subjective accuracy. Therefore, a qualitative and quantitative method is needed to objectively and effectively evaluate the security policy.
Disclosure of Invention
In view of the above, the invention provides a feasibility assessment method, a device, equipment and a medium for a safety protection strategy, so as to solve the technical problem that the feasibility assessment of the safety strategy can not be qualitatively, quantitatively and objectively carried out by the existing scheme.
In a first aspect, the present invention provides a feasibility assessment method for a security protection policy, including: acquiring a security protection strategy to be evaluated; determining a corresponding attack mode based on a security protection strategy to be evaluated; according to the attack mode, attacking the system for implementing the security protection strategy to be evaluated to obtain real state information; comparing the real state information with preset expected information to obtain a comparison document; and quantitatively analyzing according to the comparison document to obtain a feasibility score.
According to the feasibility assessment method of the safety protection strategy, the safety protection strategy to be assessed is obtained; determining a corresponding attack mode based on a security protection strategy to be evaluated; according to the attack mode, attacking the system for implementing the security protection strategy to be evaluated to obtain real state information; comparing the real state information with preset expected information to obtain a comparison document; and quantitatively analyzing according to the comparison document to obtain a feasibility score, and knowing the feasibility of the implemented safety protection strategy based on the feasibility score. The feasibility evaluation method of the safety protection strategy provided by the invention can be a scientific and effective evaluation method for qualitatively and quantitatively evaluating the implemented safety protection strategy, and can more effectively prove whether the implemented method has feasibility.
In an alternative embodiment, the quantitatively analyzing according to the comparison document to obtain the feasibility score includes: generating an evaluation index of a tree structure based on the security protection strategy to be evaluated, wherein the evaluation index of the tree structure comprises a plurality of father node indexes and a plurality of leaf node indexes; obtaining judgment results of a plurality of expert groups on each leaf node index of the lowest layer in the tree structure with respect to each preset evaluation level according to the comparison document; upwardly synthesizing the judging result of the father node about each preset evaluation level according to the judging result of the leaf node index about each preset evaluation level; and gradually synthesizing the judgment results of the previous node about each preset evaluation level upwards according to the judgment results of the father node about each preset evaluation level until a feasibility score is generated.
And generating an evaluation index of the tree structure in a self-adaptive manner through a security protection strategy to be evaluated, and synthesizing the evaluation results of the leaf node index at the lowest layer about each preset evaluation level upwards to obtain a feasibility score, so that the evaluation is more accurate and comprehensive.
In an optional implementation manner, the step of synthesizing the evaluation result of the parent node about each preset evaluation level upward according to the evaluation result of the leaf node index about each preset evaluation level includes: acquiring basic credibility distribution values of the leaf node indexes about each preset evaluation level by each expert group according to the evaluation results of the leaf node indexes about each preset evaluation level; synthesizing the comprehensive basic credibility distribution value of the leaf node index about each preset evaluation level according to the basic credibility distribution value of each expert group about each preset evaluation level; and synthesizing the basic credibility distribution value of the father node index about each preset evaluation level according to the comprehensive basic credibility distribution value of each leaf node index about each preset evaluation level, and obtaining the judging result of the father node about each preset evaluation level.
And synthesizing the judgment results of each father node about each preset evaluation level through the basic credibility distribution values of each expert group about each preset evaluation level, and realizing quantitative calculation of the evaluation results.
In an alternative embodiment, the synthesizing the integrated basic credibility allocation value of the leaf node index with respect to each preset rating level according to the basic credibility allocation value of each expert group with respect to each preset rating level includes: multiplying the basic credibility distribution value of each expert group on each preset evaluation level of the leaf node index by the corresponding expert relative weight to obtain the basic credibility distribution value of each discounted expert group on each preset evaluation level of the leaf node index; and based on a distribution synthesis rule, synthesizing the comprehensive basic credibility allocation value of the leaf node index with respect to each preset evaluation level according to the basic credibility allocation value of each discounted expert group with respect to each preset evaluation level.
And discount is carried out on the basic credibility distribution value of the leaf node index about each preset evaluation level by each expert group through the relative weight of the expert, so that the calculation result is more accurate.
In an optional implementation manner, the synthesizing the basic reliability distribution value of the father node index about each preset evaluation level according to the basic reliability distribution value of each leaf node index about each preset evaluation level to obtain the evaluation result of the father node about each preset evaluation level includes: multiplying the basic credibility distribution value of each leaf node index with respect to each preset evaluation level by the corresponding index relative weight to obtain the basic credibility distribution value of each leaf node index after discount with respect to each preset evaluation level; and based on a distribution synthesis rule, synthesizing the basic credibility distribution value of the father node index about each preset evaluation level according to the basic credibility distribution value of each leaf node index about each preset evaluation level after discount, and obtaining the judgment result of the father node about each preset evaluation level.
And discount is carried out on the basic credibility distribution value of each leaf node index about each preset evaluation level through the relative weight of the indexes, so that the calculation result is more accurate.
In an alternative embodiment, the acquiring the security protection policy to be evaluated includes: and acquiring the security protection strategy to be evaluated from the strategy library based on the currently implemented automatic security strategy.
By acquiring the security protection policy to be evaluated from the policy repository based on the currently implemented automated security policy, the implemented security protection policy may be obtained, and further the implemented security protection policy may be evaluated.
In an alternative embodiment, after obtaining the feasibility scoring result, the method further comprises:
and carrying out evaluation according to the feasibility score and combining with a preset evaluation index value, and qualitatively evaluating the feasibility of the safety protection strategy to be evaluated.
And the qualitative assessment of the safety protection strategy can be realized by carrying out the assessment according to the feasibility score and combining with a preset judgment index value.
In a second aspect, the present invention provides a feasibility assessment device for a security protection policy, including: the strategy acquisition module is used for acquiring a safety protection strategy to be evaluated; the attack acquisition module is used for determining a corresponding attack mode based on the security protection strategy to be evaluated; the real information acquisition module is used for attacking the system for implementing the security protection strategy to be evaluated according to the attack mode to acquire real state information; the document acquisition module is used for comparing the real state information with preset expected information to obtain a comparison document; and the scoring module is used for quantitatively analyzing according to the comparison document to obtain a feasibility score.
In an alternative embodiment, the scoring module includes: the index generation module is used for generating an evaluation index of a tree structure based on a security protection strategy to be evaluated, wherein the evaluation index of the tree structure comprises a plurality of father node indexes and a plurality of leaf node indexes; the judging module is used for acquiring judging results of a plurality of expert groups on leaf node indexes of each lowest layer in the tree structure with respect to each preset evaluation level according to the comparison document; the first synthesis module is used for synthesizing the judging results of the father node on each preset evaluation level upwards according to the judging results of the leaf node index on each preset evaluation level; and the second synthesis module is used for gradually synthesizing the judgment results of the previous node on each preset evaluation level upwards according to the judgment results of the father node on each preset evaluation level until a feasibility score is generated.
In an alternative embodiment, the first synthesis module comprises: the first credibility allocation module is used for acquiring basic credibility allocation values of the leaf node indexes about the preset evaluation grades of the expert groups according to the judgment results of the leaf node indexes about the preset evaluation grades; the second credibility allocation module is used for synthesizing the comprehensive basic credibility allocation value of the leaf node index about each preset evaluation level according to the basic credibility allocation value of each expert group about each preset evaluation level of the leaf node index; and the third credibility allocation module is used for synthesizing the basic credibility allocation value of the father node index about each preset evaluation level according to the comprehensive basic credibility allocation value of each leaf node index about each preset evaluation level to obtain the judgment result of the father node about each preset evaluation level.
In an alternative embodiment, the second trusted distribution module comprises: the first deduction module is used for multiplying the basic credibility distribution value of each expert group on the leaf node index about each preset evaluation level by the corresponding expert relative weight to obtain the basic credibility distribution value of each discounted expert group on the leaf node index about each preset evaluation level; and the third synthesis module is used for synthesizing the comprehensive basic credibility distribution value of the leaf node index about each preset evaluation level according to the basic credibility distribution value of the leaf node index about each preset evaluation level by each discounted expert group based on a distribution synthesis rule.
In an alternative embodiment, the third trusted distribution module comprises: the second discount module is used for multiplying the basic credibility distribution value of each leaf node index about each preset evaluation level by the corresponding index relative weight to obtain the basic credibility distribution value of each leaf node index about each preset evaluation level after discount; and the fourth synthesis module is used for synthesizing the basic credibility distribution value of the father node index about each preset evaluation level according to the basic credibility distribution value of each leaf node index about each preset evaluation level after discount based on a distribution synthesis rule, and obtaining the judgment result of the father node about each preset evaluation level.
In an alternative embodiment, the policy acquisition module is configured to acquire the security protection policy to be evaluated from the policy repository based on the currently implemented automated security policy.
In an alternative embodiment, the feasibility assessment device of the security protection policy further comprises:
the qualitative evaluation module is used for evaluating according to the feasibility score and the preset judgment index value, and qualitatively evaluating the feasibility of the safety protection strategy to be evaluated.
In a third aspect, the present invention provides a computer device comprising: the system comprises a memory and a processor, wherein the memory and the processor are in communication connection, the memory stores computer instructions, and the processor executes the computer instructions so as to execute the feasibility assessment method of the security protection strategy provided by the first aspect of the invention.
In a fourth aspect, the present invention provides a computer readable storage medium, where computer instructions are stored on the computer readable storage medium, where the computer instructions are configured to cause a computer to perform the feasibility assessment method for the security protection policy provided in the first aspect of the present invention.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a feasibility assessment method of a security protection strategy according to an embodiment of the present invention;
FIG. 2 is a flow chart of a feasibility assessment method of another security protection strategy according to an embodiment of the invention;
FIG. 3 is a schematic diagram of an evaluation index of a tree structure according to an embodiment of the present invention;
FIG. 4 is a block diagram of a feasibility assessment device for a security policy according to an embodiment of the invention;
fig. 5 is a schematic diagram of a hardware structure of a computer device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The feasibility assessment method of the safety protection strategy is suitable for the feasibility assessment of the automatic safety protection strategy, wherein the safety protection strategy can be implemented in various computer systems or equipment, such as a power system, a power management terminal and the like.
According to an embodiment of the present invention, there is provided a method for evaluating the feasibility of a security protection strategy, it being noted that the steps illustrated in the flowchart of the figures may be performed in a computer system, such as a set of computer executable instructions, and that, although a logical sequence is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in a different order than that illustrated herein.
The embodiment provides a feasibility assessment method of a security protection policy, which can be used for mobile terminals such as mobile phones and tablet computers, and as shown in fig. 1 and fig. 2, the feasibility assessment method of the security protection policy in the embodiment of the invention comprises the following steps:
step S101: and acquiring a security protection strategy to be evaluated.
Specifically, the security protection policy to be evaluated is a security protection policy generally related to an automatic security protection policy, and the system is protected by implementing the security protection policy. The security protection policy to be evaluated can be obtained from a preset policy library.
Step S102: and determining a corresponding attack mode based on the security protection strategy to be evaluated.
Specifically, common attack types of attack modes can be DDoS attack, SQL injection, cross-site script, key security and the like, attack targets can be system components, communication networks, core business processes and the like, and based on targets and types of security protection policy protection to be evaluated, an attack mode capable of verifying whether the protection policy is feasible can be selected.
Step S103: and attacking the system for implementing the security protection strategy to be evaluated according to the attack mode to obtain the real state information.
Specifically, the real state information is the influence on the system and the actual situation of each device caused by the security protection strategy to be evaluated when the security protection strategy is attacked, and the real state information is obtained by setting a plurality of monitoring points to monitor the actual situations of the system and each device.
Step S104: and comparing the real state information with preset expected information to obtain a comparison document.
Specifically, the preset expected information is the state of each monitoring point when the security protection strategy to be evaluated known before attack is attacked, and the states are counted to obtain the preset expected information. And comparing the preset expected information with the obtained real state information, and then integrating the records to generate a comparison document. In the comparison document, expected values and true values of the states of the systems are recorded, and the expected values and the true values are compared and integrated.
Step S105: and quantitatively analyzing according to the comparison document to obtain the feasibility score.
Specifically, the comparison document is evaluated by the expert group, the preset evaluation level includes high, medium and low, each group of experts evaluates the security protection policy to be evaluated according to the comparison document to obtain respective evaluation, for example, a certain group of experts evaluates: the probability of 0.2 is high, the probability of 0.4 is medium, the probability of 0.3 is low, the probability of 0.1 is low, then a scoring mode is determined by adopting a weight proportion method, a matrix method and other methods, and the judgments of all groups of experts are integrated, so that the final feasibility score is obtained.
According to the feasibility assessment method of the safety protection strategy, the safety protection strategy to be assessed is obtained; determining a corresponding attack mode based on a security protection strategy to be evaluated; according to the attack mode, attacking the system for implementing the security protection strategy to be evaluated to obtain the real state information; comparing the real state information with preset expected information to obtain a comparison document; and quantitatively analyzing according to the comparison document to obtain a feasibility score, and knowing the feasibility of the implemented safety protection strategy based on the feasibility score. The feasibility evaluation method of the safety protection strategy provided by the invention can be a scientific and effective evaluation method for qualitatively and quantitatively evaluating the implemented safety protection strategy, and can more effectively prove whether the implemented method has feasibility.
In an alternative embodiment, in step S105, quantitative analysis is performed according to the comparison document to obtain a feasibility score, including:
s1051: generating an evaluation index of a tree structure based on a security protection strategy to be evaluated, wherein the evaluation index of the tree structure comprises a plurality of father node indexes and a plurality of leaf node indexes.
Specifically, assume that the feasibility of the security protection policy to be evaluated is determined by m indexes T s Measured, where s=1, 2,3, …, m. If T s Can be subdivided into second layer indexes T according to actual conditions sp ,T sp The p sub-index representing the s-th index, and so on if it can be subdivided, forms a tree structure. The tree structure includes a number of parent node indicators and a number of leaf node indicators. Illustratively, as shown in FIG. 3, the metrics T of a certain security policy to be evaluated include threat defense metrics T 1 And vulnerability repair index T 2 Threat defense index T 1 The leaf node index of (1) comprises a network attack index T 11 Malicious code index T 12 Physical attack index T 13 Fault index T of software and hardware 14 And an override access index T 15 Vulnerability repair index T 2 The leaf node index of (1) comprises a physical vulnerability index T 21 Network structure index T 22 And a system vulnerability index T 23 。
S1052: and obtaining the judgment result of a plurality of expert groups on each leaf node index of the lowest layer in the tree structure with respect to each preset evaluation level according to the comparison document.
Specifically, L groups of expert groups { x }, are employed 1 ,x 2 ,x 3 ,…,x L Each group of experts gives a judging result to each index of the lowest layer of the tree structure, namely, the index of the leaf node of the lowest layer, wherein the judging result is made based on a preset judging level, the preset judging level comprises high, medium and low, and each group of experts judges the safety protection strategy to be evaluated according to the comparison document to obtain respective judgment, for example, a certain group of experts judges one index of the leaf node as follows: the probability of 0.2 is high, the probability of 0.4 is medium and high, the probability of 0.3 is low, and the probability of 0.1 is low.
S1053: and synthesizing the judging result of the father node about each preset evaluation level upwards according to the judging result of the leaf node index about each preset evaluation level.
Specifically, membership of a fuzzy theory is adopted to construct a mass function of an expert, the judging result given by the expert group is formed into L pieces of evidence provided by L groups of expert for the index, and the L pieces of evidence are synthesized to obtain evidence of an upper parent node, namely the judging result of the parent node about each preset evaluation level.
S1054: and gradually synthesizing the judgment results of the previous node about each preset evaluation level upwards according to the judgment results of the father node about each preset evaluation level until a feasibility score is generated.
And sequentially upwards, taking the evaluation result of the leaf nodes of the same layer of the same father node as evidence of the father node of the upper layer, gradually upwards synthesizing the evidence, and finally obtaining the feasibility score of the security protection strategy to be evaluated, namely the root node.
And (3) adaptively generating an evaluation index of the tree structure through a security protection strategy to be evaluated, and synthesizing the evaluation results of the leaf node index of the lowest layer about each preset evaluation level upwards to obtain a feasibility score, so that the evaluation is more accurate and comprehensive.
In an alternative embodiment, in step S1053, the step of synthesizing the evaluation result of the parent node about each preset evaluation level upward according to the evaluation result of the leaf node index about each preset evaluation level includes:
step a1: and acquiring the basic credibility distribution value of each expert group on the leaf node index about each preset evaluation level according to the judgment result of the leaf node index about each preset evaluation level.
Specifically, let a hypothetical space Θ be made up of some mutually exclusive and finite elements, called Θ as the recognition framework, if mass function m:2 θ →[0,1](2 θ A power set of Θ), and satisfies m (Φ) =0,then m is called the basic confidence allocation function on the identification framework Θ for any +.>A is in the hypothetical space ΘThe element, m (A), is the basic confidence allocation value of A.
All the judging indexes, including the leaf node index and the father node index, adopt the same assumption space theta, namely the assumption space theta = { high (h 1 ) Middle and high (h 2 ) Middle (h) 3 ) Low (h) 4 ) }. A total of 5 groups of experts are assumed for evaluation, each group being statistically independent, such as discussion expert group x 1 For the first index T 11 The percentage of the evaluation results based on the four classes is taken as the membership function value of each class, here also as expert group x 1 For T 11 Basic credibility assignment values about each preset evaluation level are thatWherein the membership function for each class is expressed as:
A={h 1 };/>A={h 2 };/>A={h 3 };/>
A={h 4 };A=Θ
constructing a basic credibility distribution value based on membership function, namelyWherein, expert group x 1 For T 11 The basic confidence score for each preset rating is expressed as:
other expert group pairs T 11 Basic credibility allocation value construction process and expert group x for each preset evaluation level 1 The same applies.
Step a2: and synthesizing the comprehensive basic credibility distribution value of the leaf node index about each preset evaluation level according to the basic credibility distribution value of the leaf node index about each preset evaluation level by each expert group.
Illustratively, the feasibility assessment of the security protection policy to be assessed is divided into 2 indicators, t= { T 1 ,T 2 And according to the weight analysis method, obtain T r Index relative weight a r (r=1,2)。
T 1 Dividing into 5 sub-indexes again, T 1 ={T 11 ,T 12 ,T 13 ,T 14 ,T 15 Similarly, according to the weight analysis method, T is obtained 1u Index relative weight a 1u (r=1, 2,3,4, 5). The index subset T can be obtained by the same way 2 A relative weight value of the element pair applied; obtaining expert relative weights b of the L groups of experts according to a weight analysis method i (i=1,2,3,…,L)。
In step a2, synthesizing the integrated basic credibility allocation value of the leaf node index about each preset evaluation level according to the basic credibility allocation value of each expert group about each preset evaluation level, including:
Step a21: multiplying the basic credibility distribution value of each expert group on the leaf node index about each preset evaluation level by the corresponding expert relative weight to obtain the basic credibility distribution value of each discounted expert group on the leaf node index about each preset evaluation level.
Specifically, an expert group x after discounting 1 The basic credibility distribution value expression function, that is, the mass function of the leaf node index with respect to each preset evaluation level is:
since the sum of the first four items of the adjusted basic credibility allocation value is not necessarily equal to 1 and does not satisfy definition 1 of the mass function, the reconstruction of the basic credibility allocation function only needs to modify the fifth element, namely
Repeating the above operation to obtain L groups of expert pairs T 11 Basic credibility distribution after discount about basic credibility distribution of each evaluation leveli=1,2,…,L。
Step a22: based on a distribution synthesis rule, synthesizing the comprehensive basic credibility distribution value of the leaf node index about each preset evaluation level according to the basic credibility distribution value of each discounted expert group about each preset evaluation level.
Specifically, the basic credibility distribution after discount is that T is obtained according to a distribution synthesis rule, namely formula (1) 11 Regarding the preset evaluation level h k Is assigned to (1) comprehensive basic credibility>m is called the basic confidence allocation function on the recognition framework Θ, for any +.>m (a) is called the basic confidence of a, there is:
wherein E is 1 Representing the same elements as a. According to the principle of formula (1)Synthesizing to obtain T 11 Regarding the preset evaluation level h k Is assigned a value of +.>
Repeating the steps to obtain discounted comprehensive basic credibility allocation values of the other four indexes
Step a3: and synthesizing the basic credibility distribution value of the father node index about each preset evaluation level according to the comprehensive basic credibility distribution value of each leaf node index about each preset evaluation level, and obtaining the judgment result of the father node about each preset evaluation level.
Specifically, step a3 includes:
step a31: multiplying the basic credibility distribution value of each leaf node index about each preset evaluation level by the corresponding index relative weight to obtain the basic credibility distribution value of each leaf node index about each preset evaluation level after discount.
Assigning a value to the post-discounted integrated base confidence levelMultiplying the relative weight of the corresponding index by a 1u (r=1, 2,3,4, 5), the basic confidence score of each leaf node index after discount with respect to each preset rating level is ∈ ->Because the sum of the first four items of the adjusted basic credibility allocation value is not necessarily equal to 1 and does not meet the definition 1 of the mass function, only the fifth element needs to be modified to reconstruct the basic credibility allocation function, so thatThe sum of the probabilities of the five parameters is 1.
Step a32: and based on a distribution synthesis rule, synthesizing the basic credibility distribution value of the father node index about each preset evaluation level according to the basic credibility distribution value of each leaf node index about each preset evaluation level after discount, and obtaining the judgment result of the father node about each preset evaluation level.
Specifically, the leaf node index is assigned a basic credibility value about each preset evaluation level according to the distribution synthesis method of the formula (1), namelySynthesizing to obtain father node index T 1 Assigned value of basic credibility of (a), father node index T 1 The basic confidence score of (c) is expressed as:
obtaining father node index T according to the same method 1 Assigned value of basic credibility of (c)Obtain->And->Then multiplying the index relative weight a by the corresponding index relative weight a r (r=1, 2) discounting to obtain a discounted basic confidence scoreObtaining the final evaluation result m of the safety protection strategy T by the distribution synthesis rule of the formula (1) T I.e. the final feasibility score.
According to the embodiment of the invention, the basic credibility distribution values of each expert group about each preset evaluation level are used for synthesizing the evaluation results of each father node about each preset evaluation level, so that the quantitative calculation of the evaluation results is realized.
The basic credibility distribution value of the leaf node index about each preset evaluation level is discounted by each expert group through the expert relative weight, and the basic credibility distribution value of each leaf node index about each preset evaluation level is discounted by the index relative weight, so that the calculation result is more accurate.
In some optional embodiments, step S101, obtaining a security protection policy to be evaluated includes:
and acquiring the security protection strategy to be evaluated from the strategy library based on the currently implemented automatic security strategy.
By acquiring the security protection policy to be evaluated from the policy repository based on the currently implemented automated security policy, the implemented security protection policy may be obtained, and further the implemented security protection policy may be evaluated.
In some alternative embodiments, after obtaining the feasibility scoring result, further comprising:
and carrying out evaluation according to the feasibility score and combining with a preset evaluation index value, and qualitatively evaluating the feasibility of the safety protection strategy to be evaluated.
Specifically, the evaluation result m of the security protection policy T T Expressed as:
m T =(m T (h 1 ),m T (h 2 ),m T (h 3 ),m T (h 4 ).m T (Θ))
by evaluating the result m T Calculating the trust measure Bel (h k ) Wherein, the method comprises the steps of, wherein,
where D is a subset of Θ and m (D) represents the basic trustworthiness of the subset. The preset evaluation index value is set to 50%, namely, a value greater than 50% is used as trust, and a value less than 50% is used as distrust. Obtain a letterTo any extent, if Bel (h 3 )>And 50% and less than 50% of the rest, the feasibility trust degree of the safety protection strategy is considered to be medium.
By evaluating according to the feasibility score and combining with a preset evaluation index value, the qualitative evaluation of the safety protection strategy can be realized.
The embodiment of the invention also provides a feasibility assessment device of the safety protection strategy, as shown in fig. 4, comprising:
a policy obtaining module 401, configured to obtain a security protection policy to be evaluated;
an attack acquisition module 402, configured to determine a corresponding attack mode based on a security protection policy to be evaluated;
The real information obtaining module 403 is configured to attack a system implementing a security protection policy to be evaluated according to an attack mode to obtain real state information;
the document acquisition module 404 is configured to compare the real state information with preset expected information to obtain a comparison document;
and the scoring module 405 is used for quantitatively analyzing according to the comparison document to obtain a feasibility score.
In an alternative embodiment, scoring module 405 includes:
the index generation module is used for generating an evaluation index of a tree structure based on a security protection strategy to be evaluated, wherein the evaluation index of the tree structure comprises a plurality of father node indexes and a plurality of leaf node indexes;
the judging module is used for acquiring judging results of a plurality of expert groups on leaf node indexes of each lowest layer in the tree structure with respect to each preset evaluation level according to the comparison document;
the first synthesis module is used for synthesizing the judging results of the father node on each preset evaluation level upwards according to the judging results of the leaf node index on each preset evaluation level;
and the second synthesis module is used for gradually synthesizing the judgment results of the previous node on each preset evaluation level upwards according to the judgment results of the father node on each preset evaluation level until a feasibility score is generated.
In an alternative embodiment, the first synthesis module includes:
the first credibility allocation module is used for acquiring basic credibility allocation values of the leaf node indexes about the preset evaluation grades of the expert groups according to the judgment results of the leaf node indexes about the preset evaluation grades;
the second credibility allocation module is used for synthesizing the comprehensive basic credibility allocation value of the leaf node index about each preset evaluation level according to the basic credibility allocation value of each expert group about each preset evaluation level of the leaf node index;
and the third credibility allocation module is used for synthesizing the basic credibility allocation value of the father node index about each preset evaluation level according to the comprehensive basic credibility allocation value of each leaf node index about each preset evaluation level to obtain the judgment result of the father node about each preset evaluation level.
In an alternative embodiment, the second trusted distribution module comprises:
the first deduction module is used for multiplying the basic credibility distribution value of each expert group on the leaf node index about each preset evaluation level by the corresponding expert relative weight to obtain the basic credibility distribution value of each discounted expert group on the leaf node index about each preset evaluation level;
And the third synthesis module is used for synthesizing the comprehensive basic credibility distribution value of the leaf node index about each preset evaluation level according to the basic credibility distribution value of the leaf node index about each preset evaluation level by each discounted expert group based on a distribution synthesis rule.
In an alternative embodiment, the third trusted distribution module comprises:
the second discount module is used for multiplying the basic credibility distribution value of each leaf node index about each preset evaluation level by the corresponding index relative weight to obtain the basic credibility distribution value of each leaf node index about each preset evaluation level after discount;
and the fourth synthesis module is used for synthesizing the basic credibility distribution value of the father node index about each preset evaluation level according to the basic credibility distribution value of each leaf node index about each preset evaluation level after discount based on a distribution synthesis rule, and obtaining the judgment result of the father node about each preset evaluation level.
In an alternative embodiment, the policy acquisition module 401 is configured to acquire the security protection policy to be evaluated from the policy repository based on the currently implemented automated security policy.
In an alternative embodiment, the feasibility assessment device of the security protection policy further comprises:
The qualitative evaluation module is used for evaluating according to the feasibility score and the preset judgment index value, and qualitatively evaluating the feasibility of the safety protection strategy to be evaluated.
Further functional descriptions of the above respective modules and units are the same as those of the above corresponding embodiments, and are not repeated here.
According to the feasibility assessment device for the safety protection strategy, the safety protection strategy to be assessed is obtained; determining a corresponding attack mode based on a security protection strategy to be evaluated; according to the attack mode, attacking the system for implementing the security protection strategy to be evaluated to obtain the real state information; comparing the real state information with preset expected information to obtain a comparison document; and quantitatively analyzing according to the comparison document to obtain a feasibility score, and knowing the feasibility of the implemented safety protection strategy based on the feasibility score. The feasibility evaluation method of the safety protection strategy provided by the invention can be a scientific and effective evaluation method for qualitatively and quantitatively evaluating the implemented safety protection strategy, and can more effectively prove whether the implemented method has feasibility.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a computer device according to an alternative embodiment of the present invention, as shown in fig. 5, the computer device includes: one or more processors 10, memory 20, and interfaces for connecting the various components, including high-speed interfaces and low-speed interfaces. The various components are communicatively coupled to each other using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions executing within the computer device, including instructions stored in or on memory to display graphical information of the GUI on an external input/output device, such as a display device coupled to the interface. In some alternative embodiments, multiple processors and/or multiple buses may be used, if desired, along with multiple memories and multiple memories. Also, multiple computer devices may be connected, each providing a portion of the necessary operations (e.g., as a server array, a set of blade servers, or a multiprocessor system). One processor 10 is illustrated in fig. 5.
The processor 10 may be a central processor, a network processor, or a combination thereof. The processor 10 may further include a hardware chip, among others. The hardware chip may be an application specific integrated circuit, a programmable logic device, or a combination thereof. The programmable logic device may be a complex programmable logic device, a field programmable gate array, a general-purpose array logic, or any combination thereof.
Wherein the memory 20 stores instructions executable by the at least one processor 10 to cause the at least one processor 10 to perform a method for implementing the embodiments described above.
The memory 20 may include a storage program area that may store an operating system, at least one application program required for functions, and a storage data area; the storage data area may store data created according to the use of the computer device, etc. In addition, the memory 20 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some alternative embodiments, memory 20 may optionally include memory located remotely from processor 10, which may be connected to the computer device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Memory 20 may include volatile memory, such as random access memory; the memory may also include non-volatile memory, such as flash memory, hard disk, or solid state disk; the memory 20 may also comprise a combination of the above types of memories.
The computer device also includes a communication interface 30 for the computer device to communicate with other devices or communication networks.
The embodiments of the present invention also provide a computer readable storage medium, and the method according to the embodiments of the present invention described above may be implemented in hardware, firmware, or as a computer code which may be recorded on a storage medium, or as original stored in a remote storage medium or a non-transitory machine readable storage medium downloaded through a network and to be stored in a local storage medium, so that the method described herein may be stored on such software process on a storage medium using a general purpose computer, a special purpose processor, or programmable or special purpose hardware. The storage medium can be a magnetic disk, an optical disk, a read-only memory, a random access memory, a flash memory, a hard disk, a solid state disk or the like; further, the storage medium may also comprise a combination of memories of the kind described above. It will be appreciated that a computer, processor, microprocessor controller or programmable hardware includes a storage element that can store or receive software or computer code that, when accessed and executed by the computer, processor or hardware, implements the methods illustrated by the above embodiments.
Although embodiments of the present invention have been described in connection with the accompanying drawings, various modifications and variations may be made by those skilled in the art without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope of the invention as defined by the appended claims.
Claims (16)
1. The feasibility assessment method of the safety protection strategy is characterized by comprising the following steps of:
acquiring a security protection strategy to be evaluated;
determining a corresponding attack mode based on a security protection strategy to be evaluated;
according to the attack mode, attacking the system for implementing the security protection strategy to be evaluated to obtain real state information;
comparing the real state information with preset expected information to obtain a comparison document;
and quantitatively analyzing according to the comparison document to obtain a feasibility score.
2. The method of claim 1, wherein quantitatively analyzing the comparison document to obtain a feasibility score comprises:
generating an evaluation index of a tree structure based on the security protection strategy to be evaluated, wherein the evaluation index of the tree structure comprises a plurality of father node indexes and a plurality of leaf node indexes;
obtaining judgment results of a plurality of expert groups on each leaf node index of the lowest layer in the tree structure with respect to each preset evaluation level according to the comparison document;
Upwardly synthesizing the judging result of the father node about each preset evaluation level according to the judging result of the leaf node index about each preset evaluation level;
and gradually synthesizing the judgment results of the previous node about each preset evaluation level upwards according to the judgment results of the father node about each preset evaluation level until a feasibility score is generated.
3. The method according to claim 2, wherein the synthesizing the evaluation result of the parent node with respect to each preset evaluation level upward based on the evaluation result of the leaf node index with respect to each preset evaluation level includes:
acquiring basic credibility distribution values of the leaf node indexes about each preset evaluation level by each expert group according to the evaluation results of the leaf node indexes about each preset evaluation level;
synthesizing the comprehensive basic credibility distribution value of the leaf node index about each preset evaluation level according to the basic credibility distribution value of each expert group about each preset evaluation level;
and synthesizing the basic credibility distribution value of the father node index about each preset evaluation level according to the comprehensive basic credibility distribution value of each leaf node index about each preset evaluation level, and obtaining the judging result of the father node about each preset evaluation level.
4. A method according to claim 3, wherein said synthesizing the integrated basic confidence score for the leaf node indicator for each preset rating level based on the basic confidence scores for each expert group for the leaf node indicator for each preset rating level comprises:
multiplying the basic credibility distribution value of each expert group on each preset evaluation level of the leaf node index by the corresponding expert relative weight to obtain the basic credibility distribution value of each discounted expert group on each preset evaluation level of the leaf node index;
and based on a distribution synthesis rule, synthesizing the comprehensive basic credibility allocation value of the leaf node index with respect to each preset evaluation level according to the basic credibility allocation value of each discounted expert group with respect to each preset evaluation level.
5. The method according to claim 3, wherein the synthesizing the basic reliability distribution value of the parent node index with respect to each preset evaluation level according to the basic reliability distribution value of each leaf node index with respect to each preset evaluation level, to obtain the evaluation result of the parent node with respect to each preset evaluation level, includes:
Multiplying the basic credibility distribution value of each leaf node index with respect to each preset evaluation level by the corresponding index relative weight to obtain the basic credibility distribution value of each leaf node index after discount with respect to each preset evaluation level;
and based on a distribution synthesis rule, synthesizing the basic credibility distribution value of the father node index about each preset evaluation level according to the basic credibility distribution value of each leaf node index about each preset evaluation level after discount, and obtaining the judgment result of the father node about each preset evaluation level.
6. The method of claim 1, wherein the obtaining the security protection policy to be evaluated comprises:
and acquiring the security protection strategy to be evaluated from the strategy library based on the currently implemented automatic security strategy.
7. The method of claim 1, further comprising, after obtaining the feasibility scoring result:
and carrying out evaluation according to the feasibility score and combining with a preset evaluation index value, and qualitatively evaluating the feasibility of the safety protection strategy to be evaluated.
8. A feasibility assessment device for a security protection strategy, comprising:
The strategy acquisition module is used for acquiring a safety protection strategy to be evaluated;
the attack acquisition module is used for determining a corresponding attack mode based on the security protection strategy to be evaluated;
the real information acquisition module is used for attacking the system for implementing the security protection strategy to be evaluated according to the attack mode to acquire real state information;
the document acquisition module is used for comparing the real state information with preset expected information to obtain a comparison document;
and the scoring module is used for quantitatively analyzing according to the comparison document to obtain a feasibility score.
9. The apparatus of claim 8, wherein the scoring module comprises:
the index generation module is used for generating an evaluation index of a tree structure based on a security protection strategy to be evaluated, wherein the evaluation index of the tree structure comprises a plurality of father node indexes and a plurality of leaf node indexes;
the judging module is used for acquiring judging results of a plurality of expert groups on leaf node indexes of each lowest layer in the tree structure with respect to each preset evaluation level according to the comparison document;
the first synthesis module is used for synthesizing the judging results of the father node on each preset evaluation level upwards according to the judging results of the leaf node index on each preset evaluation level;
And the second synthesis module is used for gradually synthesizing the judgment results of the previous node on each preset evaluation level upwards according to the judgment results of the father node on each preset evaluation level until a feasibility score is generated.
10. The apparatus of claim 9, wherein the first synthesis module comprises:
the first credibility allocation module is used for acquiring basic credibility allocation values of the leaf node indexes about the preset evaluation grades of the expert groups according to the judgment results of the leaf node indexes about the preset evaluation grades;
the second credibility allocation module is used for synthesizing the comprehensive basic credibility allocation value of the leaf node index about each preset evaluation level according to the basic credibility allocation value of each expert group about each preset evaluation level of the leaf node index;
and the third credibility allocation module is used for synthesizing the basic credibility allocation value of the father node index about each preset evaluation level according to the comprehensive basic credibility allocation value of each leaf node index about each preset evaluation level to obtain the judgment result of the father node about each preset evaluation level.
11. The apparatus of claim 10, wherein the second trusted distribution module comprises:
The first deduction module is used for multiplying the basic credibility distribution value of each expert group on the leaf node index about each preset evaluation level by the corresponding expert relative weight to obtain the basic credibility distribution value of each discounted expert group on the leaf node index about each preset evaluation level;
and the third synthesis module is used for synthesizing the comprehensive basic credibility distribution value of the leaf node index about each preset evaluation level according to the basic credibility distribution value of the leaf node index about each preset evaluation level by each discounted expert group based on a distribution synthesis rule.
12. The apparatus of claim 10, wherein the third trusted distribution module comprises:
the second discount module is used for multiplying the basic credibility distribution value of each leaf node index about each preset evaluation level by the corresponding index relative weight to obtain the basic credibility distribution value of each leaf node index about each preset evaluation level after discount;
and the fourth synthesis module is used for synthesizing the basic credibility distribution value of the father node index about each preset evaluation level according to the basic credibility distribution value of each leaf node index about each preset evaluation level after discount based on a distribution synthesis rule, and obtaining the judgment result of the father node about each preset evaluation level.
13. The apparatus of claim 8, wherein the policy acquisition module is configured to acquire the security protection policy to be evaluated from a policy repository based on a currently implemented automated security policy.
14. The apparatus of claim 8, wherein the feasibility assessment device of the security protection policy further comprises:
the qualitative evaluation module is used for evaluating according to the feasibility score and the preset judgment index value, and qualitatively evaluating the feasibility of the safety protection strategy to be evaluated.
15. A computer device, comprising:
a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the feasibility assessment method of the safety protection strategy of any one of claims 1 to 7.
16. A computer-readable storage medium having stored thereon computer instructions for causing a computer to perform the feasibility assessment method of a safety protection strategy according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311101431.2A CN116996318A (en) | 2023-08-29 | 2023-08-29 | Feasibility assessment method, device, equipment and medium for security protection strategy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311101431.2A CN116996318A (en) | 2023-08-29 | 2023-08-29 | Feasibility assessment method, device, equipment and medium for security protection strategy |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116996318A true CN116996318A (en) | 2023-11-03 |
Family
ID=88526761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311101431.2A Pending CN116996318A (en) | 2023-08-29 | 2023-08-29 | Feasibility assessment method, device, equipment and medium for security protection strategy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116996318A (en) |
-
2023
- 2023-08-29 CN CN202311101431.2A patent/CN116996318A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110070461B (en) | Health degree evaluation method and system for electric power information system | |
| US10445496B2 (en) | Product risk profile | |
| US10318740B2 (en) | Security risk scoring of an application | |
| CN108833416B (en) | SCADA system information security risk assessment method and system | |
| CN111680863A (en) | Network environment safety condition evaluation method based on analytic hierarchy process | |
| CN110633893A (en) | Policy efficiency monitoring method and device and computer equipment | |
| CN110457175B (en) | Service data processing method and device, electronic equipment and medium | |
| CN111669365B (en) | Network security test method and device | |
| CN109583731B (en) | Risk identification method, device and equipment | |
| KR102230441B1 (en) | Method, Device and program for generating security action report based on the results of the security vulnerability assessment | |
| CN114003920A (en) | Security assessment method and device for system data, storage medium and electronic equipment | |
| CN116633615A (en) | Access control method based on blockchain and risk assessment | |
| CN114021188A (en) | Method and device for interactive security verification of federated learning protocol and electronic equipment | |
| CN115225336A (en) | Vulnerability availability calculation method and device for network environment | |
| CN117376228B (en) | Network security testing tool determining method and device | |
| CN112529432B (en) | Voltage sag severity assessment method and device and electronic equipment | |
| Kozlov et al. | Some Method of Complex Structures Information Security Risk Assessment in Conditions of Uncertainty | |
| Upadhyaya et al. | An analytical framework for reasoning about intrusions | |
| CN115987544A (en) | Network security threat prediction method and system based on threat intelligence | |
| CN116996318A (en) | Feasibility assessment method, device, equipment and medium for security protection strategy | |
| CN115333806A (en) | Penetration test attack path planning method and device, electronic equipment and storage medium | |
| CN114971180A (en) | Network system risk assessment method and device, computer equipment and storage medium | |
| CN113918435A (en) | Application program risk level determination method and device and storage medium | |
| US20140359780A1 (en) | Anti-cyber attacks control vectors | |
| Yin et al. | A network security situation assessment model based on BP neural network optimized by DS evidence theory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |