CN117914625A - Network security situation assessment method and system based on key information infrastructure - Google Patents
Network security situation assessment method and system based on key information infrastructure Download PDFInfo
- Publication number
- CN117914625A CN117914625A CN202410268507.9A CN202410268507A CN117914625A CN 117914625 A CN117914625 A CN 117914625A CN 202410268507 A CN202410268507 A CN 202410268507A CN 117914625 A CN117914625 A CN 117914625A
- Authority
- CN
- China
- Prior art keywords
- key information
- transmission path
- service
- information infrastructure
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000005540 biological transmission Effects 0.000 claims abstract description 114
- 238000011156 evaluation Methods 0.000 claims abstract description 15
- 238000004364 calculation method Methods 0.000 claims description 8
- 230000010354 integration Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 239000013598 vector Substances 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a network security situation assessment method and a system based on a key information infrastructure, which relate to the field of network security, and the method comprises the following steps: acquiring a data transmission path of each service system currently in service operation and service nodes in the data transmission path; comparing the acquired data transmission path and service node with the historical data transmission path and the historical service node in the last situation evaluation, and judging whether a new transmission path and service node exist or not; if yes, extracting the associated data information of the new transmission path and the service node, and judging whether the information belongs to a key information infrastructure or not; if yes, the new transmission path and the service node are incorporated into the key information infrastructure of the current service system; and evaluating the network security situation based on the newly obtained key information infrastructure. The method can monitor the real-time state of the key information infrastructure, so that the timeliness of the network security situation assessment result is stronger.
Description
Technical Field
The invention relates to the field of network security, in particular to a network security situation assessment method and system based on key information infrastructure.
Background
The critical information infrastructure (Critical Information Infrastructure, CII) refers to information systems and networks that are critical to national security, national economy and social life. These systems include critical facilities and networks in the fields of electricity, communications, finance, transportation, water conservation, energy, government, military, and the like. The security of the key information infrastructure is an important component for guaranteeing national security and social stability. Attack or destruction of critical information infrastructure can lead to serious consequences. Therefore, network security protection of critical information infrastructure is very important.
There may be differences in network facilities, information systems, digital assets, etc. in the critical information infrastructure involved for different critical services, and the requirements of different service nodes for network security are also different. At the same time, the key information infrastructure involved is also dynamically changing during the operation of the key business. These dynamically changing portions are likely to be the main targets of the attack.
Therefore, how to provide a network security situation assessment method with stronger instantaneity and more comprehensiveness is a problem to be solved at present.
Disclosure of Invention
In order to improve the problems, the invention provides a network security situation assessment method and a system based on key information infrastructure.
In a first aspect of an embodiment of the present invention, there is provided a network security posture assessment method based on a key information infrastructure, the method including:
Acquiring a data transmission path of each service system currently in service operation and service nodes in the data transmission path;
comparing the acquired data transmission path and service node with the historical data transmission path and the historical service node in the last situation evaluation, and judging whether a new transmission path and service node exist or not;
If yes, extracting the associated data information of the new transmission path and the service node, and judging whether the information belongs to a key information infrastructure or not;
if yes, the new transmission path and the service node are incorporated into the key information infrastructure of the current service system;
and evaluating the network security situation based on the newly obtained key information infrastructure.
Optionally, the step of extracting the associated data information of the new transmission path and the service node specifically includes:
for a new transmission path, determining relevant service nodes of the transmission path, and taking the service nodes which do not belong to the history as new service nodes;
extracting data flow information from the history service node to the new service node in the new transmission path;
Node equipment information of the new service node is extracted.
Optionally, the step of determining whether the key information infrastructure belongs to the key information infrastructure specifically includes:
judging whether the data flow information contains first key information infrastructure characteristics corresponding to the service type according to the service type related to the data flow information;
If so, further judging whether the node equipment information contains a second key information infrastructure feature based on the matched key information infrastructure feature;
if the second critical information infrastructure feature is included, then the determination is made as to the critical information infrastructure.
Optionally, the first key information infrastructure feature includes a data type feature, a data traffic feature, and a time sequence transmission feature, and the step of determining whether the data flow information includes the first key information infrastructure feature corresponding to the service type specifically includes:
Extracting data stream information in a preset time range aiming at a new transmission path;
respectively extracting data type characteristics, data flow characteristics and time sequence transmission characteristics of the data flow information;
determining a first matching degree condition of the data flow information and the first key information infrastructure feature based on the related service type;
And if the matching degree of the data flow information and the first key information infrastructure features reaches the first matching degree condition, judging that the data flow information contains the first key information infrastructure features corresponding to the service type.
Optionally, the second key information infrastructure feature includes a device type feature, a deployment mode feature, and an operation status feature, and the step of determining whether the node device information includes the second key information infrastructure feature specifically includes:
Respectively extracting equipment type characteristics, deployment mode characteristics and running state characteristics of node equipment information;
firstly, comparing the device type features and the deployment mode features with the second key information infrastructure features in a pair-wise manner;
And under the condition that the matching is successful, further comparing the similarity of the running state features, and judging that the node equipment information contains the second key information infrastructure features if the second matching degree condition is met.
Optionally, the step of incorporating the new transmission path and the service node into the key information infrastructure of the current service system specifically includes:
And adding a new transmission path and service nodes on the basis of the historical data transmission path and the historical service nodes to obtain a new network topology structure of the service system.
Optionally, the step of evaluating the network security situation based on the newly obtained key information infrastructure specifically includes:
Based on a new network topology architecture, carrying out vulnerability and threat calculation on each service node again;
Obtaining a new running state evaluation result according to the calculation result;
and obtaining a network security situation assessment result based on the running state assessment result.
In a second aspect of the embodiment of the present invention, there is provided a network security posture assessment system based on a key information infrastructure, including:
the information acquisition unit is used for acquiring the data transmission paths of each service system and the service nodes in the data transmission paths when the service system is currently running;
the information comparison unit is used for comparing the acquired data transmission path and service node with the historical data transmission path and the historical service node in the last situation evaluation, and judging whether a new transmission path and service node exist or not;
An information judging unit, configured to extract associated data information of a new transmission path and a service node if the information is available, and judge whether the information belongs to a key information infrastructure;
An information integration unit, configured to incorporate the new transmission path and the service node into a key information infrastructure of the current service system if the new transmission path and the service node are the same;
And the situation assessment unit is used for carrying out network security situation assessment based on the newly obtained key information infrastructure.
Optionally, the information judging unit is specifically configured to:
for a new transmission path, determining relevant service nodes of the transmission path, and taking the service nodes which do not belong to the history as new service nodes;
extracting data flow information from the history service node to the new service node in the new transmission path;
Node equipment information of the new service node is extracted.
Optionally, the information judging unit is further specifically configured to:
judging whether the data flow information contains first key information infrastructure characteristics corresponding to the service type according to the service type related to the data flow information;
If so, further judging whether the node equipment information contains a second key information infrastructure feature based on the matched key information infrastructure feature;
if the second critical information infrastructure feature is included, then the determination is made as to the critical information infrastructure.
In a third aspect of an embodiment of the present invention, there is provided an electronic device, including:
One or more processors; a memory; one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the method of the first aspect.
In a fourth aspect of embodiments of the present invention, there is provided a computer readable storage medium having stored therein program code which is callable by a processor to perform the method according to the first aspect.
In summary, the network security situation assessment method and system based on the key information infrastructure can monitor the real-time state of the key information infrastructure, analyze and update the key information infrastructure in time according to the changes, and rapidly and accurately discover new security weaknesses, so that the network security situation assessment result has stronger timeliness and higher accuracy.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a method flow diagram of a network security posture assessment method for a key information infrastructure according to an embodiment of the present invention;
FIG. 2 is a functional block diagram of a network security posture assessment system of a critical information infrastructure according to an embodiment of the present invention;
Fig. 3 is a block diagram of an electronic device for performing a network security posture assessment method of a key information infrastructure according to an embodiment of the present application.
Fig. 4 is a block diagram of a computer-readable storage medium storing or carrying program code for implementing an abnormal ship identification method according to an embodiment of the present application.
Reference numerals:
An information acquisition unit 110; an information comparing unit 120; an information judgment unit 130; an information integrating unit 140; a situation assessment unit 150; an electronic device 300; a processor 310; a memory 320; a computer-readable storage medium 400; program code 410.
Detailed Description
The critical information infrastructure (Critical Information Infrastructure, CII) refers to information systems and networks that are critical to national security, national economy and social life. These systems include critical facilities and networks in the fields of electricity, communications, finance, transportation, water conservation, energy, government, military, and the like. The security of the key information infrastructure is an important component for guaranteeing national security and social stability. Attack or destruction of critical information infrastructure can lead to serious consequences. Therefore, network security protection of critical information infrastructure is very important.
There may be differences in network facilities, information systems, digital assets, etc. in the critical information infrastructure involved for different critical services, and the requirements of different service nodes for network security are also different. At the same time, the key information infrastructure involved is also dynamically changing during the operation of the key business. These dynamically changing portions are likely to be the main targets of the attack.
Therefore, how to provide a network security situation assessment method with stronger instantaneity and more comprehensiveness is a problem to be solved at present.
In view of this, the present inventors devised a network security posture assessment method and system based on a critical information infrastructure.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
In the description of the present invention, it should be noted that, directions or positional relationships indicated by terms such as "top", "bottom", "inner", "outer", etc., are directions or positional relationships based on those shown in the drawings, or those that are conventionally put in use, are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the apparatus or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like, are used merely to distinguish between descriptions and should not be construed as indicating or implying relative importance.
In the description of the present invention, it should also be noted that, unless explicitly specified and limited otherwise, the terms "disposed," "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
It should be noted that, without conflict, the embodiments of the present invention and features of the embodiments may be combined with each other.
The network security situation assessment method based on the key information infrastructure provided in this embodiment will be specifically described below.
Referring to fig. 1, the network security situation assessment method based on the key information infrastructure provided in this embodiment includes:
Step S101, obtaining the data transmission path of each service system when the service is running and the service node in the data transmission path.
The data transmission path refers to each network node and link through which data is transmitted in the transmission process from the source end to the destination end. In critical information infrastructure, different business systems often have different data transmission paths, depending on business requirements and network architecture. Knowledge of the data transmission path can help identify potential security risks and bottlenecks and take appropriate action to optimize and protect.
A service node in a data transmission path refers to a node or device that plays a critical role in the data transmission process. Such nodes include, but are not limited to, servers, databases, routers, switches, firewalls, and the like. They play an important role in the data transmission path, and are responsible for data processing, forwarding, storage and security protection. By monitoring and managing the service nodes, the states and performances of the nodes can be known in real time, and measures can be taken in time to ensure the smoothness and safety of data transmission.
Step S102, comparing the acquired data transmission path and service node with the historical data transmission path and the historical service node in the last situation assessment, and judging whether a new transmission path and service node exist. If so, step S103 is performed.
First, the historical data transmission path and the historical service node information at the last situation evaluation are collected. Such information may include network topology, device profiles, log records, and the like.
And comparing the acquired new data transmission path, the service node and the historical data, and comparing the change conditions of the nodes one by one. The results based on the comparison may differ in several ways:
newly adding a node: there are new nodes present in the data transmission path, possibly newly added servers, devices or other network components.
Deleting the node: there are nodes that disappear from the data transmission path, possibly due to equipment failure, upgrade replacement, or network adjustments.
Path change: connection modes between nodes, adjustment of routing rules, and the like.
Service node change: whether the functions or configurations of the service nodes are changed or not is identified, and the service nodes can be updated, new functions deployed and the like.
Aiming at the four situations, the scheme of the embodiment of the invention focuses on the newly added nodes and transmission paths.
It should be noted that after the discovery of the new node and the new transmission path, these updates belonging to the key information infrastructure cannot be directly confirmed, so that a comparative confirmation is required through the subsequent steps.
Step S103, extracting the associated data information of the new transmission path and the service node, and judging whether the information belongs to the key information infrastructure. If so, step S104 is performed.
Whether new transmission paths and service nodes belong to the critical information infrastructure is determined, the main way being that they have the critical properties of the critical information infrastructure as a result of the determination.
As a preferred mode of the embodiment of the present invention, step S103 specifically includes:
for a new transmission path, determining relevant service nodes of the transmission path, and taking the service nodes which do not belong to the history as new service nodes;
extracting data flow information from the history service node to the new service node in the new transmission path;
Node equipment information of the new service node is extracted.
For the new transmission path and the new service node are related to each other, the service nodes related to the new transmission path are not necessarily all new service nodes, and some of the service nodes may be existing historical service nodes, so that advanced combing is required to determine which service nodes belong to the new service node, and then further judgment is performed based on data flow information between the new service node and the historical service node.
As a preferred mode of the embodiment of the present invention, the whole judging process includes two stages, the first stage is the judgment for the data flow information and the second stage is the judgment for the node device information, and the purpose of the two stages is to judge whether they have the key properties of the key information infrastructure. The order of judgment is as follows:
judging whether the data flow information contains first key information infrastructure characteristics corresponding to the service type according to the service type related to the data flow information;
If so, further judging whether the node equipment information contains a second key information infrastructure feature based on the matched key information infrastructure feature;
if the second critical information infrastructure feature is included, then the determination is made as to the critical information infrastructure.
Only after the two phases of determination are completed can the properties of the new transmission path and the service node be determined.
As a preferred mode of the embodiment of the present invention, regarding the judgment of the data stream information of the transmission path, the feature related to the key property of the embodiment of the present invention is the first key information infrastructure feature. In particular, the first critical information infrastructure features include a data type feature, a data traffic feature, a timing transmission feature. In the operation process of the key information infrastructure, the generated data types and data traffic all show some specific characteristics, and meanwhile, the key information infrastructure further shows certain time sequence instant transmission characteristics, which are necessary conditions for judging whether the key information infrastructure is owned, but the characteristics do not necessarily belong to the key information infrastructure, so that further comparison and judgment are needed later.
The step of judging whether the data flow information contains the first key information infrastructure characteristic corresponding to the service type specifically comprises the following steps:
Extracting data stream information in a preset time range aiming at a new transmission path;
respectively extracting data type characteristics, data flow characteristics and time sequence transmission characteristics of the data flow information;
determining a first matching degree condition of the data flow information and the first key information infrastructure feature based on the related service type;
And if the matching degree of the data flow information and the first key information infrastructure features reaches the first matching degree condition, judging that the data flow information contains the first key information infrastructure features corresponding to the service type.
It should be noted that, the setting of the first matching degree condition is determined based on the related service types, and the implementation manners of the key attributes of the key information infrastructures corresponding to different services are different.
As a preferred mode of the embodiment of the present invention, the feature related to the key property of the key information infrastructure is the second key information infrastructure feature aiming at the judgment of the node equipment information of the service node.
The second key information infrastructure features include a device type feature, a deployment mode feature and an operation state feature, the device type feature corresponds to a feature of related information presented by a device type, the deployment mode feature refers to a mode of deployment and a deployment position of the device, the operation state feature refers to a device condition or a state condition of dynamic change related to an operation state, which can be obtained from the device in an operation process of the device, and the operation state feature includes but is not limited to a device resource use condition, a reaction delay, an operation temperature and the like.
The step of judging whether the node equipment information contains the second key information infrastructure feature specifically includes:
Respectively extracting equipment type characteristics, deployment mode characteristics and running state characteristics of node equipment information;
firstly, comparing the device type features and the deployment mode features with the second key information infrastructure features in a pair-wise manner;
And under the condition that the matching is successful, further comparing the similarity of the running state features, and judging that the node equipment information contains the second key information infrastructure features if the second matching degree condition is met.
It should be noted that in the second key information infrastructure feature, the device type feature and the deployment mode feature are compared in pairs, and only when two pieces of information match at the same time, the matching is calculated, which is related to the setting mode of the node device information of the service node. The specific node device may be a real hardware device or a virtual device when being set, so that the device type and the deployment mode need to be compared in pairs.
When the comparison process is completed, the new transmission path and the service node can be determined to belong to the key information infrastructure only through the comparison of the two stages.
Step S104, the new transmission path and service node are incorporated into the key information infrastructure of the current service system.
Compared with the state when situation evaluation is performed last time, the newly identified transmission paths and service nodes need to be incorporated into the key information infrastructure of the current service system to perform systematic analysis.
As a preferred mode of the embodiment of the present invention, step S104 specifically includes:
And adding a new transmission path and service nodes on the basis of the historical data transmission path and the historical service nodes to obtain a new network topology structure of the service system.
Step S105, performing network security situation assessment based on the newly obtained key information infrastructure.
New transmission paths and service nodes pose a potential threat to system security and may be targets for attacks to invade, which may affect system continuity and stability. Therefore, network security situation assessment needs to be carried out again after the new transmission path and service node are incorporated.
Specifically, the step S105 specifically includes:
Based on a new network topology architecture, carrying out vulnerability and threat calculation on each service node again;
Obtaining a new running state evaluation result according to the calculation result;
and obtaining a network security situation assessment result based on the running state assessment result.
As a preferred embodiment, the obtained expression form of the network security situation assessment result may be a network security situation index. The network security situation index consists of the vulnerability, threat and system operation evaluation state three indexes, and can be formed by a three-dimensional vectorTo describe the security situation of the node, wherein/>Evaluation value representing vulnerability of node,/>Representing node threat assessment value,/>And representing the evaluation result of the node running state.
Assuming that X represents vulnerability situation, calculating vulnerability assessment values of different nodes in a cluster according to a Bayesian network to obtain vulnerability vectors Determining influence degree/>, of vulnerability situation on different nodes according to distribution conditions of cluster nodes Then the vulnerability posture value of the whole network is:
After the situation of the vulnerability sub-dimension is obtained, the situation of threat and system operation evaluation is calculated by the same method, and then the calculation formula of the security situation index S of the whole network is calculated by the following formula:
wherein V represents the vulnerability sub-dimension situation value of the whole network, T represents the threat sub-dimension situation value of the whole network, and W represents the running state sub-dimension situation value of the whole network. Vulnerability sub-dimension weights representing the entire network,/>Threat sub-dimension weights representing the whole network,/>Representing the running state sub-dimensional weights of the entire network.
In the above network security situation index calculation process, the importance of the cluster nodes can be set according to the actual cluster characteristics, and the three sub-dimension weights can be set according to the attention points of the network security situations in different periods and in combination with the opinion of the network expert.
In summary, the method can monitor the real-time state of the key information infrastructure, analyze and update the changes in time, and quickly and accurately discover new security weaknesses, so that the network security situation assessment result has stronger timeliness and higher accuracy.
As shown in fig. 2, the network security situation assessment system of the key information infrastructure provided by the implementation of the present invention includes:
An information obtaining unit 110, configured to obtain a data transmission path and a service node in the data transmission path when each service system is currently running;
The information comparing unit 120 is configured to compare the obtained data transmission path and service node with a historical data transmission path and a historical service node when the situation evaluation is performed last time, and determine whether a new transmission path and service node exists;
An information judging unit 130, configured to extract the associated data information of the new transmission path and the service node if any, and judge whether the new transmission path and the service node belong to a key information infrastructure;
An information integration unit 140, configured to incorporate the new transmission path and the service node into a key information infrastructure of the current service system if the new transmission path and the service node are the same;
And a situation assessment unit 150, configured to perform network security situation assessment based on the newly obtained key information infrastructure.
As a preferred mode of the embodiment of the present invention, the information determining unit 130 is specifically configured to:
for a new transmission path, determining relevant service nodes of the transmission path, and taking the service nodes which do not belong to the history as new service nodes;
extracting data flow information from the history service node to the new service node in the new transmission path;
Node equipment information of the new service node is extracted.
As a preferred mode of the embodiment of the present invention, the information determining unit 130 is further specifically configured to:
judging whether the data flow information contains first key information infrastructure characteristics corresponding to the service type according to the service type related to the data flow information;
If so, further judging whether the node equipment information contains a second key information infrastructure feature based on the matched key information infrastructure feature;
if the second critical information infrastructure feature is included, then the determination is made as to the critical information infrastructure.
The network security situation assessment system of the key information infrastructure provided by the embodiment of the invention is used for realizing the network security situation assessment method of the key information infrastructure, so that the specific implementation is the same as the method and is not repeated here.
As shown in fig. 3, an embodiment of the present application provides a block diagram of an electronic device 300. The electronic device 300 may be a smart phone, tablet, electronic book, etc. capable of running an application program of the electronic device 300. The electronic device 300 of the present application may include one or more of the following components: a processor 310, a memory 320, and one or more application programs, wherein the one or more application programs may be stored in the memory 320 and configured to be executed by the one or more processors 310, the one or more program(s) configured to perform the method as described in the foregoing method embodiments.
Processor 310 may include one or more processing cores. The processor 310 utilizes various interfaces and lines to connect various portions of the overall electronic device 300, perform various functions of the electronic device 300, and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 320, and invoking data stored in the memory 320. Alternatively, the processor 310 may be implemented in at least one hardware form of digital signal processing (DIGITAL SIGNAL processing, DSP), field-programmable gate array (field-programmable GATE ARRAY, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 310 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for being responsible for rendering and drawing of display content; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 310 and may be implemented solely by a single communication chip.
Memory 320 may include random access memory (Random Access Memory, RAM) or read-only memory (ROM). Memory 320 may be used to store instructions, programs, code sets, or instruction sets. The memory 320 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the various method embodiments described below, etc. The storage data area may also store data created by the terminal in use (such as phonebook, audio-video data, chat-record data), etc.
As shown in fig. 4, an embodiment of the present invention provides a block diagram of a computer-readable storage medium 400. The computer readable medium has stored therein a program code 410, said program code 410 being callable by a processor for performing the method described in the above method embodiments.
The computer readable storage medium 400 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Optionally, computer readable storage medium 400 comprises a non-volatile computer readable medium (non-transitory computer-readable storage medium). The computer readable storage medium 400 has storage space for program code 410 that performs any of the method steps described above. These program code 410 can be read from or written to one or more computer program products. Program code 410 may be compressed, for example, in a suitable form.
In summary, the network security situation assessment method and system based on the key information infrastructure can monitor the real-time state of the key information infrastructure, analyze and update the key information infrastructure in time according to the changes, and rapidly and accurately discover new security weaknesses, so that the network security situation assessment result has stronger timeliness and higher accuracy.
In the several embodiments disclosed herein, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a read-only memory (ROM), a random access memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Claims (10)
1. The network security situation assessment method based on the key information infrastructure is characterized by comprising the following steps:
Acquiring a data transmission path of each service system currently in service operation and service nodes in the data transmission path;
comparing the acquired data transmission path and service node with the historical data transmission path and the historical service node in the last situation evaluation, and judging whether a new transmission path and service node exist or not;
If yes, extracting the associated data information of the new transmission path and the service node, and judging whether the information belongs to a key information infrastructure or not;
if yes, the new transmission path and the service node are incorporated into the key information infrastructure of the current service system;
and evaluating the network security situation based on the newly obtained key information infrastructure.
2. The network security posture assessment method based on the key information infrastructure according to claim 1, wherein the step of extracting the associated data information of the new transmission path and the service node specifically comprises:
for a new transmission path, determining relevant service nodes of the transmission path, and taking the service nodes which do not belong to the history as new service nodes;
extracting data flow information from the history service node to the new service node in the new transmission path;
Node equipment information of the new service node is extracted.
3. The network security posture assessment method based on the key information infrastructure according to claim 2, wherein the step of determining whether the network security posture assessment method belongs to the key information infrastructure specifically comprises:
judging whether the data flow information contains first key information infrastructure characteristics corresponding to the service type according to the service type related to the data flow information;
If so, further judging whether the node equipment information contains a second key information infrastructure feature based on the matched key information infrastructure feature;
if the second critical information infrastructure feature is included, then the determination is made as to the critical information infrastructure.
4. The network security posture assessment method based on the critical information infrastructure according to claim 3, wherein the first critical information infrastructure feature includes a data type feature, a data traffic feature, and a time sequence transmission feature, and the step of determining whether the data flow information includes the first critical information infrastructure feature corresponding to the service type specifically includes:
Extracting data stream information in a preset time range aiming at a new transmission path;
respectively extracting data type characteristics, data flow characteristics and time sequence transmission characteristics of the data flow information;
determining a first matching degree condition of the data flow information and the first key information infrastructure feature based on the related service type;
And if the matching degree of the data flow information and the first key information infrastructure features reaches the first matching degree condition, judging that the data flow information contains the first key information infrastructure features corresponding to the service type.
5. The network security posture assessment method based on the key information infrastructure according to claim 4, wherein the second key information infrastructure feature includes a device type feature, a deployment mode feature, and an operation status feature, and the step of determining whether the node device information includes the second key information infrastructure feature specifically includes:
Respectively extracting equipment type characteristics, deployment mode characteristics and running state characteristics of node equipment information;
firstly, comparing the device type features and the deployment mode features with the second key information infrastructure features in a pair-wise manner;
And under the condition that the matching is successful, further comparing the similarity of the running state features, and judging that the node equipment information contains the second key information infrastructure features if the second matching degree condition is met.
6. The network security posture assessment method based on the key information infrastructure according to any one of claims 1-5, characterized in that the step of incorporating the new transmission path and the service node into the key information infrastructure of the current service system specifically comprises:
And adding a new transmission path and service nodes on the basis of the historical data transmission path and the historical service nodes to obtain a new network topology structure of the service system.
7. The network security posture assessment method based on the key information infrastructure according to claim 6, wherein the step of performing network security posture assessment based on the newly obtained key information infrastructure specifically comprises:
Based on a new network topology architecture, carrying out vulnerability and threat calculation on each service node again;
Obtaining a new running state evaluation result according to the calculation result;
and obtaining a network security situation assessment result based on the running state assessment result.
8. A network security posture assessment system based on a key information infrastructure, comprising:
the information acquisition unit is used for acquiring the data transmission paths of each service system and the service nodes in the data transmission paths when the service system is currently running;
the information comparison unit is used for comparing the acquired data transmission path and service node with the historical data transmission path and the historical service node in the last situation evaluation, and judging whether a new transmission path and service node exist or not;
An information judging unit, configured to extract associated data information of a new transmission path and a service node if the information is available, and judge whether the information belongs to a key information infrastructure;
An information integration unit, configured to incorporate the new transmission path and the service node into a key information infrastructure of the current service system if the new transmission path and the service node are the same;
And the situation assessment unit is used for carrying out network security situation assessment based on the newly obtained key information infrastructure.
9. The network security posture assessment system based on the key information infrastructure of claim 8, wherein the information judgment unit is specifically configured to:
for a new transmission path, determining relevant service nodes of the transmission path, and taking the service nodes which do not belong to the history as new service nodes;
extracting data flow information from the history service node to the new service node in the new transmission path;
Node equipment information of the new service node is extracted.
10. The network security posture assessment system based on the key information infrastructure of claim 9, wherein the information judgment unit is further specifically configured to:
judging whether the data flow information contains first key information infrastructure characteristics corresponding to the service type according to the service type related to the data flow information;
If so, further judging whether the node equipment information contains a second key information infrastructure feature based on the matched key information infrastructure feature;
if the second critical information infrastructure feature is included, then the determination is made as to the critical information infrastructure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410268507.9A CN117914625B (en) | 2024-03-11 | 2024-03-11 | Network security situation assessment method and system based on key information infrastructure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410268507.9A CN117914625B (en) | 2024-03-11 | 2024-03-11 | Network security situation assessment method and system based on key information infrastructure |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117914625A true CN117914625A (en) | 2024-04-19 |
| CN117914625B CN117914625B (en) | 2024-05-24 |
Family
ID=90692247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410268507.9A Active CN117914625B (en) | 2024-03-11 | 2024-03-11 | Network security situation assessment method and system based on key information infrastructure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117914625B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130128786A1 (en) * | 2011-11-23 | 2013-05-23 | King Fahd University Of Petroleum And Minerals | Wireless sensor network with energy efficient protocols |
| CN107958322A (en) * | 2017-10-09 | 2018-04-24 | 中国电子科技集团公司第二十八研究所 | A kind of urban network spatial synthesis governing system |
| CN108418841A (en) * | 2018-05-18 | 2018-08-17 | 广西电网有限责任公司 | Next-generation key message infrastructure network Security Situation Awareness Systems based on AI |
| CN108449218A (en) * | 2018-05-29 | 2018-08-24 | 广西电网有限责任公司 | The network security situation sensing system of next-generation key message infrastructure |
| CN108494802A (en) * | 2018-05-22 | 2018-09-04 | 广西电网有限责任公司 | Key message infrastructure security based on artificial intelligence threatens Active Defending System Against |
| CN109067587A (en) * | 2018-08-20 | 2018-12-21 | 腾讯科技(深圳)有限公司 | The determination method and device of key message infrastructure |
| CN114240013A (en) * | 2021-07-30 | 2022-03-25 | 北京永信至诚科技股份有限公司 | Key information infrastructure-oriented defense command method and system |
-
2024
- 2024-03-11 CN CN202410268507.9A patent/CN117914625B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130128786A1 (en) * | 2011-11-23 | 2013-05-23 | King Fahd University Of Petroleum And Minerals | Wireless sensor network with energy efficient protocols |
| CN107958322A (en) * | 2017-10-09 | 2018-04-24 | 中国电子科技集团公司第二十八研究所 | A kind of urban network spatial synthesis governing system |
| CN108418841A (en) * | 2018-05-18 | 2018-08-17 | 广西电网有限责任公司 | Next-generation key message infrastructure network Security Situation Awareness Systems based on AI |
| CN108494802A (en) * | 2018-05-22 | 2018-09-04 | 广西电网有限责任公司 | Key message infrastructure security based on artificial intelligence threatens Active Defending System Against |
| CN108449218A (en) * | 2018-05-29 | 2018-08-24 | 广西电网有限责任公司 | The network security situation sensing system of next-generation key message infrastructure |
| CN109067587A (en) * | 2018-08-20 | 2018-12-21 | 腾讯科技(深圳)有限公司 | The determination method and device of key message infrastructure |
| CN114240013A (en) * | 2021-07-30 | 2022-03-25 | 北京永信至诚科技股份有限公司 | Key information infrastructure-oriented defense command method and system |
Non-Patent Citations (7)
| Title |
|---|
| G. KALOGRIDIS, M. SOORIYABANDARA, Z. FAN AND M. A. MUSTAFA: "Toward Unified Security and Privacy Protection for Smart Meter Networks", 《IEEE SYSTEMS JOURNAL》, vol. 8, no. 2, 30 June 2014 (2014-06-30), pages 641 - 654, XP011549100, DOI: 10.1109/JSYST.2013.2260940 * |
| I. M. ABDUL GHANI AZMI, S. ZULHUDA AND S. P. WIGATI JAROT: "Data breach on the critical information infrastructures: Lessons from the Wikileaks", 《PROCEEDINGS TITLE: 2012 INTERNATIONAL CONFERENCE ON CYBER SECURITY, CYBER WARFARE AND DIGITAL FORENSIC (CYBERSEC), KUALA LUMPUR, MALAYSIA, 2012》, 23 July 2012 (2012-07-23) * |
| 张新跃;冯燕春;李若愚;: "关键信息基础设施风险评估方法研究", 网络空间安全, no. 01, 25 January 2019 (2019-01-25) * |
| 朱钱祥: "工业关键基础设施信息安全动态防护技术研究", 《中国博士学位论文全文数据库(电子期刊) 信息科技辑》, 15 March 2020 (2020-03-15) * |
| 王泽政, 刘猛, 李鹏超: "服务关键信息基础设施的网络安全大流量回溯分析系统", 《2021年国家网络安全宣传周"网络安全产业发展论坛"论文集》, 11 October 2021 (2021-10-11) * |
| 王进法: "网络空间异常行为检测与识别研究", 《中国博士学位论文全文数据库(电子期刊) 信息科技辑》, 15 January 2022 (2022-01-15) * |
| 陶源;黄涛;张墨涵;黎水林;: "网络安全态势感知关键技术研究及发展趋势分析", 信息网络安全, no. 08, 10 August 2018 (2018-08-10) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117914625B (en) | 2024-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200412767A1 (en) | Hybrid system for the protection and secure data transportation of convergent operational technology and informational technology networks | |
| CN111786950B (en) | Network security monitoring method, device, equipment and medium based on situation awareness | |
| CN111355697B (en) | Detection method, device, equipment and storage medium for botnet domain name family | |
| US20230092522A1 (en) | Data packet processing method, apparatus, and electronic device, computer-readable storage medium, and computer program product | |
| US10282542B2 (en) | Information processing apparatus, information processing method, and computer readable medium | |
| CN109086182B (en) | Automatic database alarming method and terminal equipment | |
| US20130318615A1 (en) | Predicting attacks based on probabilistic game-theory | |
| US20160269431A1 (en) | Predictive analytics utilizing real time events | |
| CN109981326B (en) | Method and device for positioning household broadband sensing fault | |
| CN111598711A (en) | Target user account identification method, computer equipment and storage medium | |
| CN115426137A (en) | Malicious encrypted network flow detection tracing method and system | |
| CN117914625B (en) | Network security situation assessment method and system based on key information infrastructure | |
| CN113987519A (en) | Vulnerability rule base generation method and device, electronic equipment, storage medium and system | |
| CN111182522B (en) | Group partner determining method, device, electronic equipment and computer storage medium | |
| CN113704569A (en) | Information processing method and device and electronic equipment | |
| CN115827379A (en) | Abnormal process detection method, device, equipment and medium | |
| CN115859305A (en) | Knowledge graph-based industrial control security situation sensing method and system | |
| CN115834229A (en) | Message security detection method, device and storage medium | |
| CN115345324A (en) | Fault positioning method, device, equipment, storage medium and product | |
| CN115460110B (en) | Abnormal AS _ PATH detection method and device based on link prediction | |
| CN107770129B (en) | Method and device for detecting user behavior | |
| CN115913640B (en) | Large-scale network attack deduction and risk early warning method based on attack graph | |
| CN114338411B (en) | Weapon system network air model creation method, device, equipment and medium | |
| CN117914616A (en) | Network threat analysis processing method and system | |
| CN113127644A (en) | Construction method and system of safety knowledge graph |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |