CN117040783A - Network attack and defense efficiency evaluation system and method - Google Patents

Network attack and defense efficiency evaluation system and method Download PDF

Info

Publication number
CN117040783A
CN117040783A CN202310770389.7A CN202310770389A CN117040783A CN 117040783 A CN117040783 A CN 117040783A CN 202310770389 A CN202310770389 A CN 202310770389A CN 117040783 A CN117040783 A CN 117040783A
Authority
CN
China
Prior art keywords
evaluation
evaluation model
model
index
defense
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310770389.7A
Other languages
Chinese (zh)
Inventor
傅涛
伍宏院
蒋志强
胡志峰
郑逢强
郭超
赵贵娟
王府
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bozhi Safety Technology Co ltd
Original Assignee
Bozhi Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bozhi Safety Technology Co ltd filed Critical Bozhi Safety Technology Co ltd
Priority to CN202310770389.7A priority Critical patent/CN117040783A/en
Publication of CN117040783A publication Critical patent/CN117040783A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application discloses a system and a method for evaluating network attack and defense efficiency, wherein the system comprises: the system comprises an environment construction module, an attack and defense training module and an index system module; the attack and defense training module provides a network attack and defense training scene; the index system module provides construction indexes, a construction model, calculation and gives an evaluation result; the environment construction module provides a basic environment required by the attack and defense training. The application can effectively meet the application requirements of various complex network attack and defense scenes, and has convenient operation and high flexibility.

Description

Network attack and defense efficiency evaluation system and method
Technical Field
The application relates to a performance evaluation method, belongs to the technical field of network security, and particularly relates to a system and a method for evaluating network attack and defense performance.
Background
The network attack effect evaluation is to study the direct effect of the information system under the network attack in the complex network environment, and to test the effectiveness of the network attack by giving qualitative and quantitative evaluation analysis results. The task of the network attack effect evaluation is as follows: on the one hand, before network attack, predicting the expected combat effect of the attack mode; on the other hand, after the network attack task is completed, the actual combat effectiveness of the attack mode is mastered.
The network attack effect evaluation is different from and related to the common network security evaluation, and has the same points that the network attack effect evaluation is used for evaluating the security characteristics of the network, a certain performance index parameter is required to be acquired from a target network, and a specific evaluation model is used for processing the network attack effect evaluation and outputting an evaluation result; the method is characterized in that network security assessment focuses on checking the loopholes existing in the system, and is generally realized through system vulnerability scanning, while attack effect assessment focuses on researching the influence of attack on network security performance, and certain security performance indexes are required to be extracted to measure the change condition of the network performance before and after attack.
At present, the basic flow of network attack and defense effect evaluation comprises the following steps: firstly, carrying out network attack simulation based on a network attack test environment; then comprehensively tracking, recording, describing and analyzing the network attack behavior of the attack information system, classifying according to different attack modes, and establishing an information database of the network attack behavior; and giving an effect evaluation report of the evaluated network attack behavior according to the requirements of the evaluation model and the quantitative index by using the collected related information data.
However, the existing network attack and defense effect evaluation technology still has the following problems:
1. the consideration of network attack and defense scene complexity is quite poor. Along with the development of information technology, the network attack and defense field scene is more and more complex, however, the current efficiency evaluation is only applicable to a single attack and defense scene, is mostly a customized scheme, and cannot be flexibly applicable to a complex network attack and defense scene.
2. The evaluation means is single, and the requirements of complex network attack and defense scenes cannot be met;
3. the model is single in type, an embedded single model is often provided, the model is not editable and adjustable, and the model algorithm is relatively late and needs to be customized and developed again.
Disclosure of Invention
According to one aspect of the application, a network attack and defense efficiency evaluation system is provided, which can be applied to various complex network attack and defense application scenes, provides various evaluation models, supports custom editing, expands the evaluation models according to the needs of actual service types, and improves the suitability and accuracy of network attack and defense efficiency evaluation.
The network attack and defense efficacy evaluation system comprises:
the environment construction module is used for constructing a network environment;
the attack and defense training module is used for establishing a network attack and defense training scene;
the index system module is used for constructing indexes and is based on an index matching evaluation model; based on the evaluation model, analyzing the network security performance difference before and after the occurrence of the network attack task according to the security performance index to obtain a network attack effectiveness evaluation result;
wherein the evaluation model comprises: an existing evaluation model and a user-defined evaluation model; when the evaluation model is a user-defined evaluation model, the index system module acquires indexes constructed by the user and the user-defined evaluation model, and associates the indexes and the user-defined evaluation model.
Preferably, the index system module adopts at least one of the following modes when constructing the index: the user creates an index and imports the index.
Preferably, the method of introducing the index at least includes one of the following: file import and third party interface import.
Preferably, the existing assessment model comprises at least one of: classical analytic hierarchy process model, fuzzy analytic hierarchy process higher order algorithm model.
Preferably, the index system module performs the following steps when constructing the user-defined evaluation model: updating an algorithm library of the evaluation model, establishing a new evaluation model by utilizing a new algorithm, selecting indexes for verification, and finally generating the evaluation model for training.
Preferably, the construction mode of the evaluation model comprises at least one of the following: hierarchical modeling and DAG modeling.
Preferably, the index system is further used for matching calculation means of the evaluation model according to different evaluation modes in network attack and defense.
Preferably, the calculating means includes:
when the evaluation mode is that a plurality of referees are required to score, and finally summarizing and rechecking to obtain a final score, the evaluation model adopts a manual scoring mode based on a scoring card model;
when the evaluation mode is that part of objective questions need to be automatically scored and subjective questions need to be scored by a referee, the evaluation model adopts a semi-automatic scoring mode;
when the evaluation mode is all objective questions or all system scores need to be submitted, the evaluation model adopts an automatic scoring mode.
Preferably, the calculation mode of the evaluation model includes at least one of the following: rule engine computation, computation based on big data computation engine.
Preferably, the network attack and defense training scenario comprises at least one of the following: red-blue countermeasure, emergency response, security assessment, synergistic defenses;
when the network attack and defense training scene is a new scene, prompting a user to call the index system module, and constructing a user-defined evaluation model.
Preferably, the system further comprises a user center module for configuring and managing information of personnel participating in the network attack and defense training, wherein the personnel comprises: students taking part in the drill, guiding and regulating personnel, operation and maintenance personnel and referees.
Preferably, the system further comprises a system management module for system name, topic, online user management.
Preferably, the index system module further comprises a model recommendation sub-module, wherein the model recommendation sub-module is used for providing a selectable evaluation model for a user according to a recommendation index, and the rule of the recommendation index is matched according to the type of the attack and defense training scene.
According to still another aspect of the present application, there is provided a network attack and defense performance evaluation method, including:
constructing an index, and matching an evaluation model based on the index, wherein the evaluation model comprises: an existing evaluation model and a user-defined evaluation model; the user-defined evaluation model is associated with an index constructed by a user;
aiming at a network attack task, configuring a network environment and constructing a network attack and defense training scene;
based on the process data generated by the network attack and defense training, the evaluation model is utilized to carry out model evaluation, and a network attack efficiency evaluation result is output.
Preferably, the construction index adopts at least one of the following modes: creating an index and importing the index by a user; the index introduction mode at least comprises one of the following modes: file import and third party interface import.
Preferably, the existing assessment model comprises at least one of: classical analytic hierarchy process model, fuzzy analytic hierarchy process higher order algorithm model.
Preferably, the construction of the user-defined evaluation model includes the following steps: updating an algorithm library of the evaluation model, establishing a new evaluation model by utilizing a new algorithm, selecting indexes for verification, and finally generating the evaluation model for training.
Preferably, the construction mode of the evaluation model comprises at least one of the following: hierarchical modeling and DAG modeling.
Preferably, the calculation means of the evaluation model corresponds to different evaluation modes in network attack and defense, and comprises at least one of the following:
when the evaluation mode is that a plurality of referees are required to score, and finally summarizing and rechecking to obtain a final score, the evaluation model adopts a manual scoring mode based on a scoring card model;
when the evaluation mode is that part of objective questions need to be automatically scored and subjective questions need to be scored by a referee, the evaluation model adopts a semi-automatic scoring mode;
when the evaluation mode is all objective questions or all system scores are required to be submitted, the evaluation model adopts an automatic scoring mode;
preferably, the calculation mode of the evaluation model includes at least one of the following: rule engine computation, computation based on big data computation engine.
Preferably, the network attack and defense training scenario comprises at least one of the following: red-blue countermeasure, emergency response, security assessment, synergistic defenses;
when the network attack and defense training scene is a new scene, prompting a user to call the index system module, and constructing a user-defined evaluation model.
Preferably, the method further comprises the steps of configuring and managing personnel information of the network attack and defense training, wherein the personnel comprises the following steps: students taking part in the drill, guiding and regulating personnel, operation and maintenance personnel and referees.
Preferably, the performing model evaluation by using the evaluation model includes: and providing a selectable evaluation model for the user according to a recommendation index, wherein the rule of the recommendation index is selected and matched according to the type of the attack and defense training scene.
The application has the beneficial effects that:
1) The system and the method for evaluating the network attack and defense efficiency are suitable for complex network attack and defense scenes, and comprise the following steps: scene red and blue countermeasure, safety evaluation, emergency response, defense coordination and other various scenes. According to the performance index matching evaluation model in scene type, therefore the evaluation model of the application can be highly self-adaptive.
2) The assessment model library provided by the application not only comprises the existing assessment models, but also can be used for constructing user-defined assessment models according to requirements, and the assessment models are various in variety and easy to expand. In particular, for situations where the model accuracy is insufficient or new scenes are desired, editing the assessment model may be selected; or updating an algorithm library, modeling, selecting an index for online verification, and finally providing a verified model for training. The application reduces the difficulty of model configuration, improves the accuracy of the matching of the evaluation model, and can transversely expand the provided evaluation model according to different service types.
3) The calculation means of the evaluation model provided by the application is flexible and corresponds to different evaluation modes in network attack and defense. For example, when the evaluation mode is that a plurality of referees are required to score and finally summarize and recheck to obtain a final score, the application provides a manual scoring card model for the scene for the user to input and finally output the score; when the evaluation mode is that part of objective questions need to be automatically scored and subjective questions need to be scored by referees, the application provides a semi-automatic scoring model for the scene; the present application provides an automatic scoring model when the evaluation is all objective questions or requires total delivery of system scores.
4) The evaluation model provided by the application has various calculation modes, such as rule engine calculation and calculation based on big data calculation engine, and can support mass offline calculation and real-time calculation.
5) The modeling process of the evaluation model provided by the application is easier to understand by a user through graphical configuration.
Drawings
FIG. 1 is a schematic diagram of a network attack and defense performance evaluation system according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating a network attack and defense performance evaluation method according to an embodiment of the present application;
FIG. 3 is a user interface for modeling in accordance with one embodiment of the present application;
FIG. 4 is a user interface for performance evaluation according to one embodiment of the present application.
Detailed Description
The present application is described in detail below with reference to examples, but the present application is not limited to these examples.
Referring to fig. 1, a schematic structural diagram of a network attack and defense performance evaluation system according to an embodiment of the application is shown, where the system includes an environment construction module, an index system module, an attack and defense training module, a user center module, and a system management module. Wherein:
the environment construction module is used for constructing basic network environments required by network attack and defense training, including various router, virtual machine, attack machine and target machine environments;
the attack and defense training module is used for establishing a network attack and defense training scene, including training scenes such as red and blue countermeasure, emergency response, safety evaluation and defense coordination;
the index system module is used for constructing or selecting indexes; selecting or creating an assessment model, the creating an assessment model comprising: selecting the index for verification, submitting the model, and obtaining a user-defined evaluation model; analyzing the network security performance difference before and after the occurrence of the network attack task by using the evaluation model to obtain a network attack effectiveness evaluation result;
the user center module is used for configuring students, guide operators, operation and maintenance personnel, referees and the like participating in the exercise and managing personnel information;
the system management module is used for managing system names, topics and online users.
The index system module adopts modes including but not limited to: the user creates an index and imports the index. The manner of introducing the index includes, but is not limited to: file import and third party interface import.
The assessment models in the index system module are multiple in variety and easy to expand, and can be transversely expanded according to different service types, so that multiple adaptation models are provided for the network attack and defense training scene. By creating the evaluation model, the new scene needs can be met, and a set of templates such as index establishment, algorithm selection, modeling, adjustment and measurement are provided for users. According to different algorithms, the model can be longitudinally expanded, an existing algorithm can be selected, the algorithm is submitted, and meanwhile online modeling capability is provided. The algorithms include, but are not limited to, classical analytic hierarchy process, fuzzy analytic hierarchy process, and higher order algorithm models.
The index system module executes the following steps when constructing a user-defined evaluation model: updating an algorithm library of the evaluation model, establishing a new evaluation model by utilizing a new algorithm, selecting indexes for verification, and finally generating the evaluation model for training.
The construction mode of the evaluation model comprises but is not limited to layering modeling and DAG modeling.
The index system is also used for matching the calculation means of the evaluation model according to different evaluation modes in network attack and defense.
The calculation means includes:
when the evaluation mode is that a plurality of referees are required to score, and finally summarizing and rechecking to obtain a final score, the evaluation model adopts a manual scoring mode based on a scoring card model;
when the evaluation mode is that part of objective questions need to be automatically scored and subjective questions need to be scored by a referee, the evaluation model adopts a semi-automatic scoring mode;
when the evaluation mode is all objective questions or all system scores need to be submitted, the evaluation model adopts an automatic scoring mode.
The method is used for selecting one or more calculation means in a manual scoring mode, a semi-automatic scoring mode and an automatic scoring mode according to actual application requirements, and performing single use or combined use.
The calculation mode of the evaluation model includes, but is not limited to: rule engine computation, computation based on big data computation engine.
In one embodiment, the index system module further includes a model recommendation sub-module, configured to provide a selectable evaluation model list for a user, where evaluation models in the list may be arranged in descending order of recommendation indexes, and rules of the recommendation indexes are selected to match according to types of the attack and defense training scenarios. If the current training is red and blue, the evaluation model is screened from the evaluation model library according to red and blue countermeasure indexes, and the recommended models of different training scenes are different, so that the difficulty of model configuration is reduced; if the model accuracy is insufficient or attack and defense evaluation research is desired, a user-defined module can be selected to enter an evaluation model editing page, an algorithm library can be updated, modeling is performed, the selection index is verified on line, and finally the model is submitted for training.
The application also provides a network attack and defense efficiency evaluation method, as shown in fig. 2, in one embodiment, the method comprises the following steps:
s1: and constructing an index library.
The index may be created by the user himself, and also supports importing the index, including but not limited to: file import (Excel, markDown, txt, json), third party interface import (data may be collected from a machine or third party interface).
S2: and constructing an evaluation model.
Step S2 is performed on the basis of the index constructed in the step S1, and the model is submitted after modeling is completed.
The calculation means of the evaluation model corresponds to different evaluation modes in network attack and defense, and one or more of the following modes are adopted according to actual needs:
when the evaluation mode is that a plurality of referees are required to score, and finally summarizing and rechecking to obtain a final score, the evaluation model adopts a manual scoring mode based on a scoring card model;
when the evaluation mode is that part of objective questions need to be automatically scored and subjective questions need to be scored by a referee, the evaluation model adopts a semi-automatic scoring mode;
when the evaluation mode is all objective questions or all system scores need to be submitted, the evaluation model adopts an automatic scoring mode.
In one embodiment, modeling can be performed by a hierarchical modeling manner, including the following steps:
s211, opening the canvas, and dragging the index into the canvas;
s212, maintaining a hierarchical relationship layer by layer upwards, putting an algorithm module at the junction of the hierarchical nodes, inputting calculation rules, and arranging a calculation engine such as a drools in the background;
s213, modeling is completed and submitted.
In one embodiment, modeling may be performed by DAG modeling, comprising the steps of:
s221, opening the computing module in a canvas, and dragging the computing module into the canvas;
s222, submitting a pre-written calculation module jar which contains source codes with algorithm calculation processes, wherein the module is the same with real-time operation in offline mode, and the selected calculation scene modes are different;
s223, modeling is completed and submitted.
The application uses big data technology modeling to consider off-line and real-time calculation scenes.
And the offline scene adopts batch calculation and verifies the network attack and defense effects.
The real-time computing scene is mainly used for showing the situation of the drilling cockpit (living broadcast hall), and the showing comprises attack defending conditions and real-time score computing.
The front data access is realized through kafka access, spark technology is used in an offline scene, flink technology is used in a real-time calculation scene, and the calculated result is stored in an elastic search for a system to quickly inquire.
S3: attack and defense exercise is performed.
The attack and defense exercise is the source of the evaluation object. The application supports various scenes such as red and blue countermeasure, emergency response, cooperative defense, safety evaluation and the like. The method comprises the steps of configuring and managing personnel information of network attack and defense training, wherein the personnel comprises the following steps: students taking part in the drill, guiding and regulating personnel, operation and maintenance personnel and referees.
S4: and (5) debugging and completing the evaluation task.
Model evaluation is carried out based on network attack and defense process data, and model adjustment and measurement can be carried out in the evaluation process, wherein the adjustment and measurement contents comprise: and (5) configuring model output parameters, selecting a model algorithm, and finally outputting an evaluation result. And providing a selectable evaluation model for the user according to a recommendation index, wherein the rule of the recommendation index is selected and matched according to the type of the attack and defense training scene.
Example 1
Taking a red-blue countermeasure scene as an example, the network attack and defense performance evaluation system and method disclosed by the application are adopted in the scene, and the specific using steps are as follows.
1. And (5) constructing indexes and establishing an evaluation index library.
The attack and defense training related index information can be constructed by a mode of creation or import. The import may be imported from a third party interface, supporting online presentation and maintenance. The index preference can be filled in when the index preference is imported. Taking the red-blue countermeasure of the present embodiment as an example, the index may be filled with "red-blue countermeasure", and of course, may be a combination of a plurality of types.
2. And constructing an evaluation algorithm library and updating the algorithm.
The system itself is pre-fabricated with hierarchical classical analytic hierarchy process, fuzzy analytic hierarchy process model. The algorithm may be updated later, such as updating weights of classical hierarchies.
3. And (5) constructing a model and establishing an evaluation model library.
For example: when the model is constructed, the mode of constructing the model can be selected from layering modeling/DAG modeling. And finishing modeling according to the construction mode selected by the user, and entering into the painting. And dragging the indexes selected from the evaluation index library into a canvas, maintaining the hierarchical relationship layer by layer according to index preference or common index recommendation by default, and putting an algorithm module at the junction of the hierarchical nodes, as shown in figure 3. And the editing algorithm module is used for selecting an algorithm from the evaluation algorithm library, inputting a calculation rule and submitting a model.
4. And (5) performing attack and defense training.
And selecting a model, wherein when a leader configures indexes of the attack and defense training, an evaluation model library matches the model according to the recommended indexes in real time, and in the embodiment, the evaluation model is selected by a user according to the ranking of the recommended indexes from top to bottom. The range of the recommended index is designed according to 0-5, 5 is recommended optimally, 0 is unmatched, and 1-4 are matched in different degrees.
Assuming that indexes configured in the current training are A, B and C respectively, the evaluation model library calculates a recommendation index according to the satisfaction degree of the indexes according to the A, B and C three indexes. Such as: when the three indexes of A, B, C are simultaneously satisfied, the recommendation index is 5; when only A, B index is met, the recommended index should be 3.3 (2/3*5), the others are pushed inward in turn. When the indexes are not matched, prompting the user to re-model, and informing the user whether the missing indexes are imported. The application solves the technical problems that the evaluation models in the existing system training are all fixed and the indexes in the models cannot be expanded.
5. And (5) completing evaluation of network attack effectiveness.
As shown in FIG. 4, the application provides multiple evaluation modes for users according to the practical training scene.
When the evaluation mode is that a plurality of referees are required to score and final scores are obtained through final summarization and rechecking, the application provides a manual scoring card model for the scene, namely user input and system output scores;
when the evaluation mode is that part of objective questions need to be automatically scored and subjective questions need to be scored by referees, the application provides a semi-automatic scoring model for the scene;
the present application provides an automatic scoring model when the evaluation is all objective questions or requires total delivery of system scores.
While the application has been described in terms of preferred embodiments, it will be understood by those skilled in the art that various changes and modifications can be made without departing from the scope of the application, and it is intended that the application is not limited to the specific embodiments disclosed.

Claims (9)

1. A network attack and defense performance evaluation system, the system comprising:
the environment construction module is used for constructing a network environment;
the attack and defense training module is used for establishing a network attack and defense training scene;
the index system module is used for constructing indexes and matching an evaluation model according to the indexes; based on the evaluation model, analyzing the network security performance difference before and after the occurrence of the network attack task according to the security performance index to obtain a network attack effectiveness evaluation result;
wherein the evaluation model comprises: an existing evaluation model and a user-defined evaluation model; when the evaluation model is a user-defined evaluation model, the index system module acquires indexes constructed by the user and the user-defined evaluation model, and associates the indexes and the user-defined evaluation model.
2. The system for evaluating network attack and defense performance according to claim 1, wherein the index system module is configured to use at least one of the following methods: creating an index and importing the index by a user;
preferably, the method of introducing the index at least includes one of the following: file importing and third party interface importing;
preferably, the existing assessment model comprises at least one of: classical analytic hierarchy process model, fuzzy analytic hierarchy process higher order algorithm model;
preferably, the index system module performs the following steps when constructing the user-defined evaluation model: updating an algorithm library of the evaluation model, establishing a new evaluation model by utilizing a new algorithm, selecting indexes for verification, and finally generating the evaluation model for training;
preferably, the construction mode of the evaluation model comprises at least one of the following: hierarchical modeling and DAG modeling;
preferably, the index system is further used for matching calculation means of an evaluation model according to different evaluation modes in network attack and defense;
preferably, the calculating means includes:
when the evaluation mode is that a plurality of referees are required to score, and finally summarizing and rechecking to obtain a final score, the evaluation model adopts a manual scoring mode based on a scoring card model;
when the evaluation mode is that part of objective questions need to be automatically scored and subjective questions need to be scored by a referee, the evaluation model adopts a semi-automatic scoring mode;
when the evaluation mode is all objective questions or all system scores are required to be submitted, the evaluation model adopts an automatic scoring mode;
preferably, the calculation mode of the evaluation model includes at least one of the following: rule engine computation, computation based on big data computation engine.
3. The network attack and defense performance evaluation system according to claim 1, wherein the network attack and defense training scenario comprises at least one of: red-blue countermeasure, emergency response, security assessment, synergistic defenses;
when the network attack and defense training scene is a new scene, prompting a user to call the index system module, and constructing a user-defined evaluation model.
4. The system for evaluating the effectiveness of network attack and defense according to claim 1, further comprising a user center module for configuring and managing information of personnel participating in the training of network attack and defense, wherein the personnel comprises: students taking part in the drill, guiding and regulating personnel, operation and maintenance personnel and referees.
5. The system of claim 1, further comprising a system management module for managing system names, topic configuration, and online user management.
6. The system of claim 1, wherein the index system module further comprises a model recommendation sub-module for providing a selectable evaluation model for the user according to a recommendation index, wherein the rules of the recommendation index are matched according to the type of the attack and defense training scenario.
7. The network attack and defense efficiency evaluation method is characterized by comprising the following steps:
constructing an index, and matching an evaluation model based on the index, wherein the evaluation model comprises: an existing evaluation model and a user-defined evaluation model; the user-defined evaluation model is associated with an index constructed by a user;
aiming at a network attack task, configuring a network environment and constructing a network attack and defense training scene;
based on the process data generated by the network attack and defense training, the evaluation model is utilized to carry out model evaluation, and a network attack efficiency evaluation result is output.
8. The network attack and defense performance evaluation method according to claim 7, wherein the manner of constructing the index at least includes one of: creating an index and importing the index by a user; the index introduction mode at least comprises one of the following modes: file importing and third party interface importing;
preferably, the existing assessment model comprises at least one of: classical analytic hierarchy process model, fuzzy analytic hierarchy process higher order algorithm model;
preferably, the construction of the user-defined evaluation model includes the following steps: updating an algorithm library of the evaluation model, establishing a new evaluation model by utilizing a new algorithm, selecting indexes for verification, and finally generating the evaluation model for training;
preferably, the construction mode of the evaluation model comprises at least one of the following: hierarchical modeling and DAG modeling;
preferably, the calculation means of the evaluation model corresponds to different evaluation modes in network attack and defense, and comprises at least one of the following:
when the evaluation mode is that a plurality of referees are required to score, and finally summarizing and rechecking to obtain a final score, the evaluation model adopts a manual scoring mode based on a scoring card model;
when the evaluation mode is that part of objective questions need to be automatically scored and subjective questions need to be scored by a referee, the evaluation model adopts a semi-automatic scoring mode;
when the evaluation mode is all objective questions or all system scores are required to be submitted, the evaluation model adopts an automatic scoring mode;
preferably, the calculation mode of the evaluation model includes at least one of the following: rule engine computation, computation based on big data computation engine.
9. The network attack and defense performance evaluation method according to claim 7, wherein the network attack and defense training scenario comprises at least one of: red-blue countermeasure, emergency response, security assessment, synergistic defenses;
when the network attack and defense training scene is a new scene, prompting a user to call the index system module, and constructing a user-defined evaluation model;
preferably, the method further comprises the steps of configuring and managing personnel information of the network attack and defense training, wherein the personnel comprises the following steps: students, guide operators, operation and maintenance personnel and referees who participate in the exercise;
preferably, the performing model evaluation by using the evaluation model includes: and providing a selectable evaluation model for the user according to a recommendation index, wherein the rule of the recommendation index is selected and matched according to the type of the attack and defense training scene.
CN202310770389.7A 2023-06-27 2023-06-27 Network attack and defense efficiency evaluation system and method Pending CN117040783A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310770389.7A CN117040783A (en) 2023-06-27 2023-06-27 Network attack and defense efficiency evaluation system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310770389.7A CN117040783A (en) 2023-06-27 2023-06-27 Network attack and defense efficiency evaluation system and method

Publications (1)

Publication Number Publication Date
CN117040783A true CN117040783A (en) 2023-11-10

Family

ID=88630635

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310770389.7A Pending CN117040783A (en) 2023-06-27 2023-06-27 Network attack and defense efficiency evaluation system and method

Country Status (1)

Country Link
CN (1) CN117040783A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117952481A (en) * 2024-03-26 2024-04-30 西安中科天塔科技股份有限公司 Construction method, device, equipment and storage medium of efficiency evaluation system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117952481A (en) * 2024-03-26 2024-04-30 西安中科天塔科技股份有限公司 Construction method, device, equipment and storage medium of efficiency evaluation system

Similar Documents

Publication Publication Date Title
Zhu et al. A multi-constraint learning path recommendation algorithm based on knowledge map
CN107038508A (en) The study point tissue and execution route of the learning ability modeling of knowledge based collection of illustrative plates and the target drives of dynamic self-adapting recommend method
Korzh et al. Methods for forming an informational image of a higher education institution.
CN107025509A (en) Decision system and method based on business model
WO2002037447A2 (en) Automated individualized learning program creation system and associated methods
CN106897861A (en) A kind of project management system
CN117040783A (en) Network attack and defense efficiency evaluation system and method
Alasad et al. A system dynamics-based model for demand forecasting in PPP infrastructure projects–A case of toll roads
Mohammady et al. Integrated fuzzy AHP and fuzzy VIKOR model for supplier selection in an agile and modular virtual enterprise
Gao et al. Learning path generator based on knowledge graph
Mariyanti Development of mobile learning applications for android based on artificial intelligence
Sheketa et al. Formal methods for solving technological problems in the infocommunications routines of intelligent decisions making for drilling control
CN108182512B (en) Resume evaluation method and device
CN112860973A (en) Organization health assessment method based on social network analysis
Skublewska-Paszkowska et al. ACM/IEEE recommendations for computing curricula and the needs of the Polish CS industry
Li et al. Intelligent Decision‐Making System for Martial Arts Competition Using Deep Learning
CN109739896B (en) Data analysis method and device for online learning platform
Daniati et al. Evaluation Framework for Decision Making Based on Sentiment Analysis in Social Media
CN106446213A (en) Service ranking method and device based on artificial intelligence
Gamalel-Din The smart tutor: Student-centered case-based adaptive intelligent e-tutoring
Stytz et al. Progress and Prospects for the Development of Computer Generated Actors for Military Simulation, Part 3—The Road Ahead
Abidin et al. Analysis of a rule-based curriculum plan optimization system with Spearman rank correlation
Wu An Empirical Study on the Application of Big Data Intelligent Analysis System in Optimizing College Physical Education
Susanto et al. Information management of web application based environmental performance management in Concentrating Division of PTFI
CN117113730B (en) Training course content, configuration and simulation generation method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination