WO2019218874A1 - Network risk assessment method and system - Google Patents

Network risk assessment method and system Download PDF

Info

Publication number
WO2019218874A1
WO2019218874A1 PCT/CN2019/085189 CN2019085189W WO2019218874A1 WO 2019218874 A1 WO2019218874 A1 WO 2019218874A1 CN 2019085189 W CN2019085189 W CN 2019085189W WO 2019218874 A1 WO2019218874 A1 WO 2019218874A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
tested
risk
risk score
devices
Prior art date
Application number
PCT/CN2019/085189
Other languages
French (fr)
Chinese (zh)
Inventor
涂大志
郭景楠
王新成
王志
Original Assignee
深圳市联软科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市联软科技股份有限公司 filed Critical 深圳市联软科技股份有限公司
Publication of WO2019218874A1 publication Critical patent/WO2019218874A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the invention belongs to the field of internet technology, and particularly relates to a network risk assessment method and system.
  • the enterprise network risk assessment mainly has the following methods:
  • the present invention provides a network risk assessment method and system, which can introduce the importance degree of different types of devices in the network into the evaluation scope, and the evaluation result is more comprehensive.
  • a method for network risk assessment includes the following steps:
  • the network risk score is a weighted sum of all network devices in the network to be tested.
  • weighting calculation method of the network device is as follows:
  • Device_weight i cat_weight i ⁇ device_assess i ;
  • the device_weight i is the weight of the i-th network device
  • the cat_weight i is the weight of the i-th network device
  • the device_assess i is the device risk score of the i-th network device.
  • calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
  • category is the number of devices in the network to be tested.
  • the network device type of the network to be tested includes a server device, a network device, a computer device, a mobile device, an IoT device, and/or an ICS device.
  • the device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
  • the device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
  • the device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
  • the device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested;
  • the device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
  • the device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested.
  • the second aspect is a network risk assessment system, including:
  • the device detecting unit is configured to detect the device risk level of all the network devices in the network to be tested, and score the device risk level to obtain the device risk score;
  • the evaluation unit is configured to calculate the weight of the network device according to the device risk score of the network device and the corresponding weight value, and also calculate the network risk score of the network to be tested; the network risk score is the network to be tested.
  • weighting calculation method of the network device is as follows:
  • Device_weight i cat_weight i ⁇ device_assess i ;
  • the device_weight i is the weight of the i-th network device
  • the cat_weight i is the weight of the i-th network device
  • the device_assess i is the device risk score of the i-th network device.
  • calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
  • category is the number of devices in the network to be tested.
  • the network device type of the network to be tested includes a server device, a network device, a computer device, a mobile device, an IoT device, and/or an ICS device.
  • the device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
  • the device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
  • the device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
  • the device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested;
  • the device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
  • the device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested.
  • the network risk assessment method and system sets the corresponding weight value according to the importance degree of the network device, and uses the weight value to weight the device risk scores of each network device, and obtains the The weighted sum of all network devices in the network is measured to assess the risk of the network under test, and the importance of different types of devices in the network can be introduced into the evaluation scope, and the evaluation result is more comprehensive.
  • FIG. 1 is a flowchart of a method provided in Embodiment 1.
  • Embodiment 2 is a block diagram of a system provided by Embodiment 4.
  • the term “if” can be interpreted as “when” or “on” or “in response to determining” or “in response to detecting” depending on the context. .
  • the phrase “if determined” or “if detected [condition or event described]” may be interpreted in context to mean “once determined” or “in response to determining” or “once detected [condition or event described] ] or “in response to detecting [conditions or events described]”.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • Embodiment 1 provides a network risk assessment method, including the following steps:
  • the network device type of the network to be tested includes a server device, a network device, a computer device, a mobile device, an IoT device (abbreviation of Internet of Things), an ICS device (abbreviation of Industrial Control System), and/or other devices.
  • the server device weight value is 0.6
  • the network device weight value is 0.25.
  • general network device weight value can be set lower, for example: computer equipment
  • the mobile device and other devices have a weight of 0.05.
  • the weight value the sum of the weight values of all the network devices in the network to be tested is required to be 1. The greater the weight value, the greater the impact of the network risk score of the network to be tested. Conversely, the smaller the weight value, the smaller the impact of the network risk score of the network to be tested.
  • S2 detecting a device risk level of all network devices in the network to be tested, and scoring the device risk level to obtain a device risk score;
  • the device risk level of the network device can be detected periodically, for example, it can be detected once in one hour, so that the risk of the network device can be detected in real time.
  • the network device can use the following methods to evaluate the risk: 1. Set the detection rule, set multiple detection items, detect the network devices according to the detection items, and manually determine the risk level by the threat level of each detection item. The equipment risk level of the equipment. 2. Set the equipment inspection item, set the score for all inspection items, and obtain the equipment risk level of the equipment on the network according to the score of all inspection items. When scoring equipment risk levels, the greater the risk level of the equipment, the higher the score. The lower the risk level of the equipment, the lower the score.
  • S4 Calculate a network risk score of the network to be tested; the network risk score is a weighted sum of all network devices in the network to be tested.
  • the network risk score of the network to be tested includes the risk level of all the network devices, and the importance of each network device is reflected by the weighting.
  • the method can set the corresponding weight value according to the importance degree of the network device, weight the device risk score of each network device by using the weight value, and obtain the weighted sum of all the network devices in the network to be tested to evaluate the test.
  • the risk of the network can introduce the importance of different types of devices in the network into the evaluation scope, and the evaluation results are more comprehensive.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • the weighting calculation method of the network device is as follows:
  • Device_weight i cat_weight i ⁇ device_assess i ;
  • the device_weight i is the weight of the i-th network device
  • the cat_weight i is the weight of the i-th network device
  • the device_assess i is the device risk score of the i-th network device.
  • the weight value can be defined by the user, and the user can set the weight according to the situation of the respective enterprise.
  • calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
  • category is the number of devices in the network to be tested.
  • the method provided by the embodiment of the present invention is a brief description, and the part of the embodiment is not mentioned, and the corresponding content in the first embodiment can be referred to.
  • the method of the embodiment implements comprehensive evaluation on the basis of the risk assessment of the network equipment, introduces the importance degree of different types of equipment into the scope of investigation, and realizes the comprehensive evaluation of the enterprise network risk, and the network security administrator can clearly determine the network environment status according to the result. , develop appropriate security strategies.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • the device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
  • the device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
  • the device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
  • the device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested.
  • the device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
  • the device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested.
  • the device risk scores of the most severe values in the network devices are used for weighting.
  • the “computer device”, “mobile device”, “other device”, “IoT device”, and “ICS device” are weighted by the average value of the device risk scores in the network device.
  • the evaluation time is set by the user. When the evaluation time is reached, a network risk assessment is performed to calculate the network risk score of the network to be tested.
  • the method provided by the embodiment of the present invention is a brief description, and the part of the embodiment is not mentioned, and the corresponding content in the first embodiment and the second embodiment can be referred to.
  • Embodiment 4 is a diagrammatic representation of Embodiment 4:
  • Embodiment 4 provides a network risk assessment system, including:
  • the device detecting unit is configured to detect a device risk level of all the network devices in the network to be tested, and score the device risk level to obtain a device risk score;
  • the evaluation unit is configured to calculate the weight of the network device according to the device risk score of the network device and the corresponding weight value, and also calculate the network risk score of the network to be tested; the network risk score is the network to be tested.
  • weighting calculation method of the network device is as follows:
  • Device_weight i cat_weight i ⁇ device_assess i ;
  • the device_weight i is the weight of the i-th network device
  • the cat_weight i is the weight of the i-th network device
  • the device_assess i is the device risk score of the i-th network device.
  • calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
  • category is the number of devices in the network to be tested.
  • the network device type of the network to be tested includes a server device, a network device, a computer device, a mobile device, an IoT device, and/or an ICS device.
  • the device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
  • the device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
  • the device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
  • the device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested;
  • the device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
  • the device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested.
  • the disclosed systems and methods can be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, or an electrical, mechanical or other form of connection.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the embodiments of the present invention.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the instructions include a plurality of instructions for causing a computer device (which may be a personal computer, a server, or a single network device, etc.) to perform all or part of the steps of the methods of the various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided in the present invention are a network risk assessment method and system. The method comprises the following steps: respectively setting weight values of various types of network devices in a network to be tested; detecting device risk levels of all the network devices in the network to be tested and scoring the device risk levels to obtain device risk scores; computing the weights of the network devices respectively according to the device risk scores of the network devices and the corresponding weight values; and computing a network risk score of the network to be tested, wherein the network risk score is a weighted sum of all the network devices in the network to be tested. According to the method, corresponding weight values are set according to the importance degree of network devices, and after device risk scores of various network devices are weighted by using the weight values, the risk of a network to be tested is evaluated by solving a weighted sum of all the network devices in the network to be tested, such that the importance degree of different types of devices in a network can be introduced into an evaluation range, making an evaluation result more comprehensive.

Description

网络风险评估方法及系统Network risk assessment method and system 技术领域Technical field
本发明属于互联网技术领域,具体涉及网络风险评估方法及系统。The invention belongs to the field of internet technology, and particularly relates to a network risk assessment method and system.
背景技术Background technique
现有技术中,企业网络风险评价主要有以下几种方式:In the prior art, the enterprise network risk assessment mainly has the following methods:
1.设定检测规则。设定多条检测项,根据检测项对所有的单台在网设备进行检测,综合所有的检测结果人为确定风险等级,作为网络风险衡量指标;1. Set the detection rules. Set a plurality of detection items, and perform detection on all the single network devices according to the detection items, and comprehensively determine the risk level by using all the detection results as a network risk measurement index;
2.设定检查项目,所有检查项目设定分值,采取扣分机制,根据检查项目对网络进行检查,检查项不合格则根据威胁程度酌情扣分。2. Set the inspection items, set the scores for all inspection items, take the deduction mechanism, check the network according to the inspection items, and deduct the points according to the threat level if the inspection items are not qualified.
以上两种方法的评价粒度太粗疏,且不能对网络中设备的重要程度进行区分评估。The evaluation granularity of the above two methods is too coarse, and the importance of the equipment in the network cannot be evaluated differently.
发明内容Summary of the invention
针对现有技术中的缺陷,本发明提供网络风险评估方法及系统,能够将网络中不同类型的设备的重要程度引入评估范围,评估结果更全面。In view of the deficiencies in the prior art, the present invention provides a network risk assessment method and system, which can introduce the importance degree of different types of devices in the network into the evaluation scope, and the evaluation result is more comprehensive.
第一方面,一种网络风险评估方法,包括以下步骤:In a first aspect, a method for network risk assessment includes the following steps:
分别设置待测网络中各个类型的在网设备的权重值;Set the weight values of each type of network device in the network to be tested.
检测待测网络中所有在网设备的设备风险等级,对设备风险等级进行评分,得到设备风险分值;Detecting the device risk level of all network devices in the network to be tested, and scoring the device risk level to obtain the device risk score;
分别根据在网设备的设备风险分值和对应的权重值计算在网设备的加权;Calculating the weight of the network device according to the device risk score of the network device and the corresponding weight value;
计算待测网络的网络风险分值;所述网络风险分值为待测网络中所有在网设备的加权和。Calculating a network risk score of the network to be tested; the network risk score is a weighted sum of all network devices in the network to be tested.
进一步地,所述在网设备的加权计算方法如下:Further, the weighting calculation method of the network device is as follows:
device_weight i=cat_weight i×device_assess iDevice_weight i =cat_weight i ×device_assess i ;
其中,device_weight i为第i个在网设备的加权,cat_weight i为第i个在网设备的权重值,device_assess i为第i个在网设备的设备风险分值。 The device_weight i is the weight of the i-th network device, the cat_weight i is the weight of the i-th network device, and the device_assess i is the device risk score of the i-th network device.
进一步地,所述待测网络的网络风险分值enterprise_assess的计算方法如下:Further, the calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
Figure PCTCN2019085189-appb-000001
Figure PCTCN2019085189-appb-000001
其中,category为待测网络中在网设备的数量。进一步地,所述待测网络的在网设备类型包括服务器设备、网络设备、电脑设备、移动设备、IoT设备和/或ICS设备。Among them, category is the number of devices in the network to be tested. Further, the network device type of the network to be tested includes a server device, a network device, a computer device, a mobile device, an IoT device, and/or an ICS device.
进一步地,所述服务器设备的设备风险分值为在待测网络预设的评估时间内,服务器设备检测到的设备风险分值的最大值;Further, the device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
所述网络设备的设备风险分值为在待测网络预设的评估时间内,网络设备检测到的设备风险分值的最大值;The device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
所述电脑设备的设备风险分值为在待测网络预设的评估时间内,电脑设备检测到的设备风险分值的平均值;The device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
所述移动设备的设备风险分值为在待测网络预设的评估时间内,移动设备检测到的设备风险分值的平均值;The device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested;
所述IoT设备的设备风险分值为在待测网络预设的评估时间内,IoT设备检测到的设备风险分值的平均值;The device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
所述ICS设备的设备风险分值为在待测网络预设的评估时间内,ICS设备检测到的设备风险分值的平均值。The device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested.
第二方面,一种网络风险评估系统,包括:The second aspect is a network risk assessment system, including:
设置单元:用于分别设置待测网络中各个类型的在网设备的权重值;Setting unit: used to separately set the weight value of each type of network device in the network to be tested;
设备检测单元:用于检测待测网络中所有在网设备的设备风险等级,对设 备风险等级进行评分,得到设备风险分值;The device detecting unit is configured to detect the device risk level of all the network devices in the network to be tested, and score the device risk level to obtain the device risk score;
评估单元:用于分别根据在网设备的设备风险分值和对应的权重值计算在网设备的加权;还用于计算待测网络的网络风险分值;所述网络风险分值为待测网络中所有在网设备的加权和。The evaluation unit is configured to calculate the weight of the network device according to the device risk score of the network device and the corresponding weight value, and also calculate the network risk score of the network to be tested; the network risk score is the network to be tested. The weighted sum of all in-network devices.
进一步地,所述在网设备的加权计算方法如下:Further, the weighting calculation method of the network device is as follows:
device_weight i=cat_weight i×device_assess iDevice_weight i =cat_weight i ×device_assess i ;
其中,device_weight i为第i个在网设备的加权,cat_weight i为第i个在网设备的权重值,device_assess i为第i个在网设备的设备风险分值。 The device_weight i is the weight of the i-th network device, the cat_weight i is the weight of the i-th network device, and the device_assess i is the device risk score of the i-th network device.
进一步地,所述待测网络的网络风险分值enterprise_assess的计算方法如下:Further, the calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
Figure PCTCN2019085189-appb-000002
Figure PCTCN2019085189-appb-000002
其中,category为待测网络中在网设备的数量。Among them, category is the number of devices in the network to be tested.
进一步地,所述待测网络的在网设备类型包括服务器设备、网络设备、电脑设备、移动设备、IoT设备和/或ICS设备。Further, the network device type of the network to be tested includes a server device, a network device, a computer device, a mobile device, an IoT device, and/or an ICS device.
进一步地,所述服务器设备的设备风险分值为在待测网络预设的评估时间内,服务器设备检测到的设备风险分值的最大值;Further, the device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
所述网络设备的设备风险分值为在待测网络预设的评估时间内,网络设备检测到的设备风险分值的最大值;The device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
所述电脑设备的设备风险分值为在待测网络预设的评估时间内,电脑设备检测到的设备风险分值的平均值;The device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
所述移动设备的设备风险分值为在待测网络预设的评估时间内,移动设备检测到的设备风险分值的平均值;The device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested;
所述IoT设备的设备风险分值为在待测网络预设的评估时间内,IoT设备检测到的设备风险分值的平均值;The device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
所述ICS设备的设备风险分值为在待测网络预设的评估时间内,ICS设备检测到的设备风险分值的平均值。The device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested.
由上述技术方案可知,本发明提供的网络风险评估方法及系统,根据在网设备的重要程度设置相应的权重值,利用权重值对各个在网设备的设备风险分值进行加权后,求得待测网络中所有在网设备的加权和来评估待测网络的风险,能够将网络中不同类型的设备的重要程度引入评估范围,评估结果更全面。It can be seen from the above technical solution that the network risk assessment method and system provided by the present invention sets the corresponding weight value according to the importance degree of the network device, and uses the weight value to weight the device risk scores of each network device, and obtains the The weighted sum of all network devices in the network is measured to assess the risk of the network under test, and the importance of different types of devices in the network can be introduced into the evaluation scope, and the evaluation result is more comprehensive.
附图说明DRAWINGS
为了更清楚地说明本发明具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍。在所有附图中,类似的元件或部分一般由类似的附图标记标识。附图中,各元件或部分并不一定按照实际的比例绘制。In order to more clearly illustrate the specific embodiments of the present invention or the technical solutions in the prior art, the drawings to be used in the specific embodiments or the description of the prior art will be briefly described below. In all the figures, like elements or parts are generally identified by like reference numerals. In the figures, elements or parts are not necessarily drawn to scale.
图1为实施例一提供的方法流程图。FIG. 1 is a flowchart of a method provided in Embodiment 1.
图2为实施例四提供的系统的模块框图。2 is a block diagram of a system provided by Embodiment 4.
具体实施方式Detailed ways
下面将结合附图对本发明技术方案的实施例进行详细的描述。以下实施例仅用于更加清楚地说明本发明的技术方案,因此只作为示例,而不能以此来限制本发明的保护范围。需要注意的是,除非另有说明,本申请使用的技术术语或者科学术语应当为本发明所属领域技术人员所理解的通常意义。The embodiments of the technical solution of the present invention will be described in detail below with reference to the accompanying drawings. The following embodiments are only used to more clearly illustrate the technical solutions of the present invention, and thus are only examples, and are not intended to limit the scope of the present invention. It should be noted that the technical terms or scientific terms used herein should be used in the ordinary meaning as understood by those skilled in the art to which the invention belongs, unless otherwise stated.
应当理解,当在本说明书和所附权利要求书中使用时,术语“包括”和“包含”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。The use of the terms "comprising", "comprising", "","," The presence or addition of a plurality of other features, integers, steps, operations, elements, components, and/or collections thereof.
如在本说明书和所附权利要求书中所使用的那样,术语“如果”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测 到”。类似地,短语“如果确定”或“如果检测到[所描述条件或事件]”可以依据上下文被解释为意指“一旦确定”或“响应于确定”或“一旦检测到[所描述条件或事件]”或“响应于检测到[所描述条件或事件]”。As used in this specification and the appended claims, the term "if" can be interpreted as "when" or "on" or "in response to determining" or "in response to detecting" depending on the context. . Similarly, the phrase "if determined" or "if detected [condition or event described]" may be interpreted in context to mean "once determined" or "in response to determining" or "once detected [condition or event described] ] or "in response to detecting [conditions or events described]".
还应当进一步理解,在本发明说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It is further understood that the term "and/or" used in the description of the invention and the appended claims means any combination and all possible combinations of one or more of the associated listed items, .
实施例一:Embodiment 1:
参见图1,实施例一提供了一种网络风险评估方法,包括以下步骤:Referring to FIG. 1, Embodiment 1 provides a network risk assessment method, including the following steps:
S1:分别设置待测网络中各个类型的在网设备的权重值;S1: respectively setting weight values of each type of network device in the network to be tested;
具体地,所述待测网络的在网设备类型包括服务器设备、网络设备、电脑设备、移动设备、IoT设备(Internet of Things的缩写)、ICS设备(Industrial control system的缩写)和/或其他设备。对于比较重要的在网设备权重值设置得高一些,例如:服务器设备的权重值为0.6,网络设备的权重值为0.25.对于一般的在网设备权重值可以设置得低一些,例如:电脑设备、移动设备和其他设备的权重值均为0.05。在设置权重值时,要求待测网络中所有在网设备的权重值之和为1。权重值越大,对待测网络的网络风险分值的影响越大,反之,权重值越小,对待测网络的网络风险分值的影响越小。Specifically, the network device type of the network to be tested includes a server device, a network device, a computer device, a mobile device, an IoT device (abbreviation of Internet of Things), an ICS device (abbreviation of Industrial Control System), and/or other devices. . For the more important online device weight value is set higher, for example: the server device weight value is 0.6, the network device weight value is 0.25. For general network device weight value can be set lower, for example: computer equipment The mobile device and other devices have a weight of 0.05. When setting the weight value, the sum of the weight values of all the network devices in the network to be tested is required to be 1. The greater the weight value, the greater the impact of the network risk score of the network to be tested. Conversely, the smaller the weight value, the smaller the impact of the network risk score of the network to be tested.
S2:检测待测网络中所有在网设备的设备风险等级,对设备风险等级进行评分,得到设备风险分值;S2: detecting a device risk level of all network devices in the network to be tested, and scoring the device risk level to obtain a device risk score;
具体地,可以定时对在网设备的设备风险等级进行检测,例如,可以1个小时检测一次,这样能实时检测在网设备风险。在网设备可以采用以下方法评估风险:1、设定检测规则,设定多条检测项,根据检测项对在网设备进行检测,通过每条检测项的威胁程度人为确定风险等级,作为在网设备的设备风险等级。2、设定设备检查项目,所有检查项目设定分值,根据所有检查项目的得分得到在网设备的设备风险等级。对设备风险等级进行评分时,设备风险等级风险越大,分数越高。设备风险等级风险越小,分数越低。Specifically, the device risk level of the network device can be detected periodically, for example, it can be detected once in one hour, so that the risk of the network device can be detected in real time. The network device can use the following methods to evaluate the risk: 1. Set the detection rule, set multiple detection items, detect the network devices according to the detection items, and manually determine the risk level by the threat level of each detection item. The equipment risk level of the equipment. 2. Set the equipment inspection item, set the score for all inspection items, and obtain the equipment risk level of the equipment on the network according to the score of all inspection items. When scoring equipment risk levels, the greater the risk level of the equipment, the higher the score. The lower the risk level of the equipment, the lower the score.
S3:分别根据在网设备的设备风险分值和对应的权重值计算在网设备的加权;S3: calculating the weight of the network device according to the device risk score of the network device and the corresponding weight value respectively;
S4:计算待测网络的网络风险分值;所述网络风险分值为待测网络中所有在网设备的加权和。S4: Calculate a network risk score of the network to be tested; the network risk score is a weighted sum of all network devices in the network to be tested.
具体地,待测网络的网络风险分值中包含了所有在网设备的风险等级,同时通过加权反应了各个在网设备的重要程度。Specifically, the network risk score of the network to be tested includes the risk level of all the network devices, and the importance of each network device is reflected by the weighting.
该方法能够根据在网设备的重要程度设置相应的权重值,利用权重值对各个在网设备的设备风险分值进行加权后,求得待测网络中所有在网设备的加权和来评估待测网络的风险,能够将网络中不同类型的设备的重要程度引入评估范围,评估结果更全面。The method can set the corresponding weight value according to the importance degree of the network device, weight the device risk score of each network device by using the weight value, and obtain the weighted sum of all the network devices in the network to be tested to evaluate the test. The risk of the network can introduce the importance of different types of devices in the network into the evaluation scope, and the evaluation results are more comprehensive.
实施例二:Embodiment 2:
实施例二提供的方法,在实施例一的基础上,增加以下内容:The method provided in the second embodiment adds the following content on the basis of the first embodiment:
所述在网设备的加权计算方法如下:The weighting calculation method of the network device is as follows:
device_weight i=cat_weight i×device_assess iDevice_weight i =cat_weight i ×device_assess i ;
其中,device_weight i为第i个在网设备的加权,cat_weight i为第i个在网设备的权重值,device_assess i为第i个在网设备的设备风险分值。 The device_weight i is the weight of the i-th network device, the cat_weight i is the weight of the i-th network device, and the device_assess i is the device risk score of the i-th network device.
具体地,权重值可以由用户自行定义,用户可以根据各自企业的情况设置权重。Specifically, the weight value can be defined by the user, and the user can set the weight according to the situation of the respective enterprise.
进一步地,所述待测网络的网络风险分值enterprise_assess的计算方法如下:Further, the calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
Figure PCTCN2019085189-appb-000003
Figure PCTCN2019085189-appb-000003
其中,category为待测网络中在网设备的数量。Among them, category is the number of devices in the network to be tested.
本发明实施例所提供的方法,为简要描述,该实施例部分未提及之处,可参考实施例一中相应内容。The method provided by the embodiment of the present invention is a brief description, and the part of the embodiment is not mentioned, and the corresponding content in the first embodiment can be referred to.
本实施例的方法,在在网设备风险评价的基础上实现综合评价,将不同类型设备的重要程度引入考察范围,实现了企业网络风险综合评价,网络安全管理员能据此结果明确网络环境状况,制定适宜的安全策略。The method of the embodiment implements comprehensive evaluation on the basis of the risk assessment of the network equipment, introduces the importance degree of different types of equipment into the scope of investigation, and realizes the comprehensive evaluation of the enterprise network risk, and the network security administrator can clearly determine the network environment status according to the result. , develop appropriate security strategies.
实施例三:Embodiment 3:
实施例三提供的方法,在其他实施例的基础上,增加以下内容:The method provided in the third embodiment adds the following content on the basis of other embodiments:
所述服务器设备的设备风险分值为在待测网络预设的评估时间内,服务器设备检测到的设备风险分值的最大值;The device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
所述网络设备的设备风险分值为在待测网络预设的评估时间内,网络设备检测到的设备风险分值的最大值;The device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
所述电脑设备的设备风险分值为在待测网络预设的评估时间内,电脑设备检测到的设备风险分值的平均值;The device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
所述移动设备的设备风险分值为在待测网络预设的评估时间内,移动设备检测到的设备风险分值的平均值。The device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested.
所述IoT设备的设备风险分值为在待测网络预设的评估时间内,IoT设备检测到的设备风险分值的平均值;The device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
所述ICS设备的设备风险分值为在待测网络预设的评估时间内,ICS设备检测到的设备风险分值的平均值。The device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested.
具体地,由于“服务器设备”与“网络设备”风险具有在网内设备间传播的特征,用在网设备中最严重值的设备风险分值进行加权。而“电脑设备”、“移动设备”、“其他设备”、“IoT设备”、“ICS设备”则用在网设备中设备风险分值的平均值进行加权。评估时间由用户自行设置,评估时间达到时,进行一次网络的风险评估,计算待测网络的网络风险分值。Specifically, since the "server device" and "network device" risks have characteristics of being propagated between devices within the network, the device risk scores of the most severe values in the network devices are used for weighting. The "computer device", "mobile device", "other device", "IoT device", and "ICS device" are weighted by the average value of the device risk scores in the network device. The evaluation time is set by the user. When the evaluation time is reached, a network risk assessment is performed to calculate the network risk score of the network to be tested.
本发明实施例所提供的方法,为简要描述,该实施例部分未提及之处,可参考实施例一、二中相应内容。The method provided by the embodiment of the present invention is a brief description, and the part of the embodiment is not mentioned, and the corresponding content in the first embodiment and the second embodiment can be referred to.
实施例四:Embodiment 4:
参见图2,实施例四提供了一种网络风险评估系统,包括:Referring to FIG. 2, Embodiment 4 provides a network risk assessment system, including:
设置单元:用于分别设置待测网络中各个类型的在网设备的权重值;Setting unit: used to separately set the weight value of each type of network device in the network to be tested;
设备检测单元:用于检测待测网络中所有在网设备的设备风险等级,对设备风险等级进行评分,得到设备风险分值;The device detecting unit is configured to detect a device risk level of all the network devices in the network to be tested, and score the device risk level to obtain a device risk score;
评估单元:用于分别根据在网设备的设备风险分值和对应的权重值计算在网设备的加权;还用于计算待测网络的网络风险分值;所述网络风险分值为待测网络中所有在网设备的加权和。The evaluation unit is configured to calculate the weight of the network device according to the device risk score of the network device and the corresponding weight value, and also calculate the network risk score of the network to be tested; the network risk score is the network to be tested. The weighted sum of all in-network devices.
进一步地,所述在网设备的加权计算方法如下:Further, the weighting calculation method of the network device is as follows:
device_weight i=cat_weight i×device_assess iDevice_weight i =cat_weight i ×device_assess i ;
其中,device_weight i为第i个在网设备的加权,cat_weight i为第i个在网设备的权重值,device_assess i为第i个在网设备的设备风险分值。 The device_weight i is the weight of the i-th network device, the cat_weight i is the weight of the i-th network device, and the device_assess i is the device risk score of the i-th network device.
进一步地,所述待测网络的网络风险分值enterprise_assess的计算方法如下:Further, the calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
Figure PCTCN2019085189-appb-000004
Figure PCTCN2019085189-appb-000004
其中,category为待测网络中在网设备的数量。Among them, category is the number of devices in the network to be tested.
进一步地,所述待测网络的在网设备类型包括服务器设备、网络设备、电脑设备、移动设备、IoT设备和/或ICS设备。Further, the network device type of the network to be tested includes a server device, a network device, a computer device, a mobile device, an IoT device, and/or an ICS device.
进一步地,所述服务器设备的设备风险分值为在待测网络预设的评估时间内,服务器设备检测到的设备风险分值的最大值;Further, the device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
所述网络设备的设备风险分值为在待测网络预设的评估时间内,网络设备检测到的设备风险分值的最大值;The device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
所述电脑设备的设备风险分值为在待测网络预设的评估时间内,电脑设备检测到的设备风险分值的平均值;The device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
所述移动设备的设备风险分值为在待测网络预设的评估时间内,移动设备检测到的设备风险分值的平均值;The device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested;
所述IoT设备的设备风险分值为在待测网络预设的评估时间内,IoT设备检测到的设备风险分值的平均值;The device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
所述ICS设备的设备风险分值为在待测网络预设的评估时间内,ICS设备检测到的设备风险分值的平均值。The device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested.
本发明实施例所提供的装置,其实现原理及产生的技术效果和前述方法实施例相同,为简要描述,装置实施例部分未提及之处,可参考前述方法实施例中相应内容。The implementation principle and the technical effects of the device provided by the embodiments of the present invention are the same as those of the foregoing method embodiments. For a brief description, where the device embodiment is not mentioned, reference may be made to the corresponding content in the foregoing method embodiments.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口、装置或单元的间接耦合或通信连接,也可以是电的,机械的或其它的形式连接。In the several embodiments provided herein, it should be understood that the disclosed systems and methods can be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, or an electrical, mechanical or other form of connection.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本发明实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the embodiments of the present invention.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以是两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分,或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储 介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者单台在网设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention contributes in essence or to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium. The instructions include a plurality of instructions for causing a computer device (which may be a personal computer, a server, or a single network device, etc.) to perform all or part of the steps of the methods of the various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围,其均应涵盖在本发明的权利要求和说明书的范围当中。Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the foregoing embodiments may be modified, or some or all of the technical features may be equivalently replaced; and the modifications or substitutions do not deviate from the technical solutions of the embodiments of the present invention. The scope is intended to be included within the scope of the claims and the description of the invention.

Claims (10)

  1. 一种网络风险评估方法,其特征在于,包括以下步骤:A network risk assessment method, comprising the steps of:
    分别设置待测网络中各个类型的在网设备的权重值;Set the weight values of each type of network device in the network to be tested.
    检测待测网络中所有在网设备的设备风险等级,对设备风险等级进行评分,得到设备风险分值;Detecting the device risk level of all network devices in the network to be tested, and scoring the device risk level to obtain the device risk score;
    分别根据在网设备的设备风险分值和对应的权重值计算在网设备的加权;Calculating the weight of the network device according to the device risk score of the network device and the corresponding weight value;
    计算待测网络的网络风险分值;所述网络风险分值为待测网络中所有在网设备的加权和。Calculating a network risk score of the network to be tested; the network risk score is a weighted sum of all network devices in the network to be tested.
  2. 根据权利要求1所述网络风险评估方法,其特征在于,A network risk assessment method according to claim 1, wherein
    所述在网设备的加权计算方法如下:The weighting calculation method of the network device is as follows:
    device_weight i=cat_weight i×device_assess iDevice_weight i =cat_weight i ×device_assess i ;
    其中,device_weight i为第i个在网设备的加权,cat_weight i为第i个在网设备的权重值,device_assess i为第i个在网设备的设备风险分值。 The device_weight i is the weight of the i-th network device, the cat_weight i is the weight of the i-th network device, and the device_assess i is the device risk score of the i-th network device.
  3. 根据权利要求2所述网络风险评估方法,其特征在于,The network risk assessment method according to claim 2, characterized in that
    所述待测网络的网络风险分值enterprise_assess的计算方法如下:The calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
    Figure PCTCN2019085189-appb-100001
    Figure PCTCN2019085189-appb-100001
    其中,category为待测网络中在网设备的数量。Among them, category is the number of devices in the network to be tested.
  4. 根据权利要求1所述网络风险评估方法,其特征在于,A network risk assessment method according to claim 1, wherein
    所述待测网络的在网设备类型包括服务器设备、网络设备、电脑设备、移动设备、IoT设备和/或ICS设备。The types of network devices of the network to be tested include server devices, network devices, computer devices, mobile devices, IoT devices, and/or ICS devices.
  5. 根据权利要求4所述网络风险评估方法,其特征在于,A network risk assessment method according to claim 4, characterized in that
    所述服务器设备的设备风险分值为在待测网络预设的评估时间内,服务器设备检测到的设备风险分值的最大值;The device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
    所述网络设备的设备风险分值为在待测网络预设的评估时间内,网络设备检测到的设备风险分值的最大值;The device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
    所述电脑设备的设备风险分值为在待测网络预设的评估时间内,电脑设备检测到的设备风险分值的平均值;The device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
    所述移动设备的设备风险分值为在待测网络预设的评估时间内,移动设备检测到的设备风险分值的平均值;The device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested;
    所述IoT设备的设备风险分值为在待测网络预设的评估时间内,IoT设备检测到的设备风险分值的平均值;The device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
    所述ICS设备的设备风险分值为在待测网络预设的评估时间内,ICS设备检测到的设备风险分值的平均值。The device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested.
  6. 一种网络风险评估系统,其特征在于,包括:A network risk assessment system, comprising:
    设置单元:用于分别设置待测网络中各个类型的在网设备的权重值;Setting unit: used to separately set the weight value of each type of network device in the network to be tested;
    设备检测单元:用于检测待测网络中所有在网设备的设备风险等级,对设备风险等级进行评分,得到设备风险分值;The device detecting unit is configured to detect a device risk level of all the network devices in the network to be tested, and score the device risk level to obtain a device risk score;
    评估单元:用于分别根据在网设备的设备风险分值和对应的权重值计算在网设备的加权;还用于计算待测网络的网络风险分值;所述网络风险分值为待测网络中所有在网设备的加权和。The evaluation unit is configured to calculate the weight of the network device according to the device risk score of the network device and the corresponding weight value, and also calculate the network risk score of the network to be tested; the network risk score is the network to be tested. The weighted sum of all in-network devices.
  7. 根据权利要求6所述网络风险评估系统,其特征在于,A network risk assessment system according to claim 6 wherein:
    所述在网设备的加权计算方法如下:The weighting calculation method of the network device is as follows:
    device_weight i=cat_weight i×device_assess iDevice_weight i =cat_weight i ×device_assess i ;
    其中,device_weight i为第i个在网设备的加权,cat_weight i为第i个在网设备的权重值,device_assess i为第i个在网设备的设备风险分值。 The device_weight i is the weight of the i-th network device, the cat_weight i is the weight of the i-th network device, and the device_assess i is the device risk score of the i-th network device.
  8. 根据权利要求7所述网络风险评估系统,其特征在于,A network risk assessment system according to claim 7, wherein
    所述待测网络的网络风险分值enterprise_assess的计算方法如下:The calculation method of the network risk score enterprise_assess of the network to be tested is as follows:
    Figure PCTCN2019085189-appb-100002
    Figure PCTCN2019085189-appb-100002
    其中,category为待测网络中在网设备的数量。Among them, category is the number of devices in the network to be tested.
  9. 根据权利要求6所述网络风险评估系统,其特征在于,A network risk assessment system according to claim 6 wherein:
    所述待测网络的在网设备类型包括服务器设备、网络设备、电脑设备、移动设备、IoT设备和/或ICS设备。The types of network devices of the network to be tested include server devices, network devices, computer devices, mobile devices, IoT devices, and/or ICS devices.
  10. 根据权利要求9所述网络风险评估系统,其特征在于,A network risk assessment system according to claim 9, wherein
    所述服务器设备的设备风险分值为在待测网络预设的评估时间内,服务器设备检测到的设备风险分值的最大值;The device risk score of the server device is a maximum value of the device risk score detected by the server device during the evaluation time preset by the network to be tested;
    所述网络设备的设备风险分值为在待测网络预设的评估时间内,网络设备检测到的设备风险分值的最大值;The device risk score of the network device is a maximum value of the device risk score detected by the network device during the evaluation time preset by the network to be tested;
    所述电脑设备的设备风险分值为在待测网络预设的评估时间内,电脑设备检测到的设备风险分值的平均值;The device risk score of the computer device is an average value of the device risk scores detected by the computer device during the evaluation time preset by the network to be tested;
    所述IoT设备的设备风险分值为在待测网络预设的评估时间内,IoT设备检测到的设备风险分值的平均值;The device risk score of the IoT device is an average value of the device risk scores detected by the IoT device during the evaluation time preset by the network to be tested;
    所述ICS设备的设备风险分值为在待测网络预设的评估时间内,ICS设备检测到的设备风险分值的平均值;The device risk score of the ICS device is an average value of the device risk scores detected by the ICS device during the evaluation time preset by the network to be tested;
    所述移动设备的设备风险分值为在待测网络预设的评估时间内,移动设备检测到的设备风险分值的平均值。The device risk score of the mobile device is an average value of the device risk scores detected by the mobile device during the evaluation time preset by the network to be tested.
PCT/CN2019/085189 2018-05-14 2019-04-30 Network risk assessment method and system WO2019218874A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810455886.7 2018-05-14
CN201810455886.7A CN108650133A (en) 2018-05-14 2018-05-14 Network risk assessment method and system

Publications (1)

Publication Number Publication Date
WO2019218874A1 true WO2019218874A1 (en) 2019-11-21

Family

ID=63755006

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/085189 WO2019218874A1 (en) 2018-05-14 2019-04-30 Network risk assessment method and system

Country Status (2)

Country Link
CN (1) CN108650133A (en)
WO (1) WO2019218874A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11451571B2 (en) * 2018-12-12 2022-09-20 Palo Alto Networks, Inc. IoT device risk assessment and scoring
US11552954B2 (en) 2015-01-16 2023-01-10 Palo Alto Networks, Inc. Private cloud control
US11552975B1 (en) 2021-10-26 2023-01-10 Palo Alto Networks, Inc. IoT device identification with packet flow behavior machine learning model
US11671327B2 (en) 2017-10-27 2023-06-06 Palo Alto Networks, Inc. IoT device grouping and labeling
US11681812B2 (en) 2016-11-21 2023-06-20 Palo Alto Networks, Inc. IoT device risk assessment
US11683328B2 (en) 2017-09-27 2023-06-20 Palo Alto Networks, Inc. IoT device management visualization
US11689573B2 (en) 2018-12-31 2023-06-27 Palo Alto Networks, Inc. Multi-layered policy management
US11722875B2 (en) 2020-06-01 2023-08-08 Palo Alto Networks, Inc. IoT device discovery and identification
US11777965B2 (en) 2018-06-18 2023-10-03 Palo Alto Networks, Inc. Pattern match-based detection in IoT security

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108650133A (en) * 2018-05-14 2018-10-12 深圳市联软科技股份有限公司 Network risk assessment method and system
US20200358806A1 (en) * 2019-05-10 2020-11-12 Cybeta, LLC System and method for cyber security threat assessment
CN110311927B (en) * 2019-07-30 2022-05-27 中国工商银行股份有限公司 Data processing method and device, electronic device and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150229664A1 (en) * 2014-02-13 2015-08-13 Trevor Tyler HAWTHORN Assessing security risks of users in a computing network
CN106789955A (en) * 2016-11-30 2017-05-31 山东省计算中心(国家超级计算济南中心) A kind of network security situation evaluating method
CN107370633A (en) * 2017-09-12 2017-11-21 西安邮电大学 Network safety evaluation method based on node weights
CN108650133A (en) * 2018-05-14 2018-10-12 深圳市联软科技股份有限公司 Network risk assessment method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916831B (en) * 2012-09-18 2015-05-20 冯晋阳 Method and system for acquiring health degree of business system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150229664A1 (en) * 2014-02-13 2015-08-13 Trevor Tyler HAWTHORN Assessing security risks of users in a computing network
CN106789955A (en) * 2016-11-30 2017-05-31 山东省计算中心(国家超级计算济南中心) A kind of network security situation evaluating method
CN107370633A (en) * 2017-09-12 2017-11-21 西安邮电大学 Network safety evaluation method based on node weights
CN108650133A (en) * 2018-05-14 2018-10-12 深圳市联软科技股份有限公司 Network risk assessment method and system

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11552954B2 (en) 2015-01-16 2023-01-10 Palo Alto Networks, Inc. Private cloud control
US11681812B2 (en) 2016-11-21 2023-06-20 Palo Alto Networks, Inc. IoT device risk assessment
US11683328B2 (en) 2017-09-27 2023-06-20 Palo Alto Networks, Inc. IoT device management visualization
US11671327B2 (en) 2017-10-27 2023-06-06 Palo Alto Networks, Inc. IoT device grouping and labeling
US12021697B2 (en) 2017-10-27 2024-06-25 Palo Alto Networks, Inc. IoT device grouping and labeling
US11777965B2 (en) 2018-06-18 2023-10-03 Palo Alto Networks, Inc. Pattern match-based detection in IoT security
US11451571B2 (en) * 2018-12-12 2022-09-20 Palo Alto Networks, Inc. IoT device risk assessment and scoring
US11706246B2 (en) 2018-12-12 2023-07-18 Palo Alto Networks, Inc. IOT device risk assessment and scoring
US11689573B2 (en) 2018-12-31 2023-06-27 Palo Alto Networks, Inc. Multi-layered policy management
US11722875B2 (en) 2020-06-01 2023-08-08 Palo Alto Networks, Inc. IoT device discovery and identification
US11552975B1 (en) 2021-10-26 2023-01-10 Palo Alto Networks, Inc. IoT device identification with packet flow behavior machine learning model

Also Published As

Publication number Publication date
CN108650133A (en) 2018-10-12

Similar Documents

Publication Publication Date Title
WO2019218874A1 (en) Network risk assessment method and system
Mercer et al. Effective reproduction numbers are commonly overestimated early in a disease outbreak
CN103929330B (en) Domain name service method for evaluating quality and system
Reise Scoring method and the detection of person misfit in a personality assessment context
Siadati et al. Measuring the effectiveness of embedded phishing exercises
CN108924120B (en) Multi-dimensional state perception dynamic access control method
US20180253737A1 (en) Dynamicall Evaluating Fraud Risk
WO2019148587A1 (en) Competition object matching method in learning competition and apparatus
WO2022021977A1 (en) Underground industry account detection method and apparatus, computer device, and medium
WO2021179957A1 (en) Method and device for determining product use quality or performance
CN111401905A (en) Abnormal user identification method and device, electronic equipment and storage medium
WO2018097653A1 (en) Method and program for predicting chargeback fraud user
TW202014980A (en) Method and apparatus for detecting security awareness of user
WO2019218875A1 (en) Single network equipment risk assessment method and system
CN108491719A (en) A kind of Android malware detection methods improving NB Algorithm
Eduardo A. Sousa et al. Fighting under-price DoS attack in ethereum with machine learning techniques
Chen et al. Finite‐sample adjustments in variance estimators for clustered competing risks regression
CN112528505B (en) Reliability assessment method for exponential distribution type product
Li et al. Study on the distribution of CVSS environmental score
CN115865708A (en) Complex social network information processing method based on SIR-D model
CN114553517A (en) Nonlinear weighted network security assessment method, device, equipment and storage medium
US10284572B2 (en) Management method, management device, and management program
Jiang et al. Multi agent system-based dynamic trust calculation model and credit management mechanism of online trading
Bompada et al. On the robustness of relevance measures with incomplete judgments
Xinya et al. Confirmatory factor analysis under violations of structural and distributional assumptions: A comparison of robust Maximum likelihood and Bayesian estimation methods

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19804030

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/04/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19804030

Country of ref document: EP

Kind code of ref document: A1