CN103368976A - Network security evaluation device based on attack graph adjacent matrix - Google Patents
Network security evaluation device based on attack graph adjacent matrix Download PDFInfo
- Publication number
- CN103368976A CN103368976A CN2013103290961A CN201310329096A CN103368976A CN 103368976 A CN103368976 A CN 103368976A CN 2013103290961 A CN2013103290961 A CN 2013103290961A CN 201310329096 A CN201310329096 A CN 201310329096A CN 103368976 A CN103368976 A CN 103368976A
- Authority
- CN
- China
- Prior art keywords
- network
- main frame
- matrix
- attack graph
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention provides a network security evaluation device based on an attack graph adjacent matrix. The network security evaluation device comprises an information collection device, an atom attack graph generation device, a matrix calculation device, a network safety analyzing device and a result appearing device, wherein the information collection device is used for collecting all information in a network; the atom attack graph generation device is used for generating an initial atom attack graph between a main engine pair needed for carrying out subsequent analysis on network safety; the matrix calculation device is used for converting the generated atom attack graph into the corresponding adjacent matrix and is also used for calculating a corresponding iteration matrix of the adjacent matrix through setting iteration times; the network safety analyzing device is used for obtaining information including a key main engine, a key path and the like on the basis of the finally-generated iteration matrix; the result appearing device is used for visually appearing the found key main engine and key path and a network vulnerability index. The network security evaluation device disclosed by the invention is high in efficiency and is suitable for large-scale and high-speed networks. The network security evaluation device can improve the instantaneity of evaluating a target network. The evaluation accuracy rate is high, and the key path and the key main engine can be accurately recognized. The visualization degree is high so that the network security evaluation device is convenient for a manager to check, analyze and maintain.
Description
Technical field
A kind of network security assessment device based on the attack graph adjacency matrix that the present invention proposes belongs to the computer network security technology field.
Background technology
Along with informationalized popularization, China netizen quantity is constantly soaring.According to the 31st the China Internet network state of development statistical report of issuing CNNIC (CNNIC) in January, 2013, end in by the end of December, 2012, China has had 5.64 hundred million netizens, and comparing with statistics in by the end of June, 2012 has increased by 0.26 hundred million person-time; Internet penetration has reached 42.1%, than improving 3.8 percentage points the end of the year 2011.Industrialization and network technology are constantly updated progressive, computer network penetrated into we work, living and studying every aspect, bring great convenience for our daily life, for example: we can utilize, and network is done shopping, booking tickets and plane ticket, predetermined hotel, check that news understands up-to-date information both domestic and external, online stock trading as early as possible Simultaneously also there is own portal website in a lot of state enterprises, so that computer network is regardless of being that more and more important effect is all being brought into play in civilian, commercialization or national defence field.
Because networking does not initially have too much consideration safety problem and the defective of ICP/IP protocol itself, also have economic interests to order about lower increasing lawless person network is attacked destruction, stolen user sensitive information etc.In recent years assault occurs again and again, and the attack means that the assailant uses is also more brilliant.Only the great assault of outburst in 2012 just has more than ten to rise, comprising: the stolen event of source code, great hacker attack event, Malware are wreaked havoc event, information-leakage event, great Vulnerability events, operating system security event, go abroad from domestic well-known e-commerce website-store, Jingdone district esbablished corporation Symantec and Zappos, LinkedIn etc. have been subjected to attack, even the well-known institutions of higher learning such as Harvard University of Cambridge of Britain, the U.S. all fail to escape death by sheer luck.Above these attacks make us send out economizing, and network security problem has become the great bottleneck of restriction country and enterprise's long term growth, so analysis and evaluation security status exactly can help the network management personnel to improve the network protection ability.Assault is no matter be to individual, enterprise or country all can bring about great losses, according to statistics, only Chinese netizen need to just reach more than 150 hundred million for the expense of network attack payment every year, has great economic benefit and practical value so network security managed.And to will network security being assessed exactly on the basis that network security manages; threat and the influence degree that may bring by abundant assessment unsafe factor and seek crucial main frame and crucial attack path the basis on, thereby the possibility by taking appropriate measures initiatively protection calculation machine and network security reduction system to be attacked and destroy.
Traditional leak assessment tool be with each independently the risk that may bring of leak simply superpose and the leak of merely depositing in awareness network critic network safe condition exactly.In the real network environment, the authority that the attack main frame is wanted to obtain destination host is come destination host is operated, and the centre often needs through a plurality of main frames as springboard.And network attack map is from assailant's angle analysis-by-synthesis network configuration and vulnerability information, not only can know and know leak and the fragility of depositing in the network, can also find that attack path crucial in the complex network and crucial main frame are so that the safety analysis personnel can take measures to improve internet security targeted specifically.The researcher has made a lot of researchs and has obtained certain achievement to this both at home and abroad, has proposed a lot of attack graph generation models and algorithm.Yet the attack graph of utilizing existing method to generate is applicable to small scale network (main frame number of units<5), and the attack graph of utilizing these methods to generate in the extensive especially ultra-large network will very complicatedly, huge be unfavorable for being further analyzed.The employing adjacency matrix only need to be to setting up simple atomic strike figure, do not need to set up all attack paths, not only be conducive to the network manager and find out quickly and easily the first kind in the large scale network and the crucial main frame of Equations of The Second Kind, thereby help the keeper to have emphasis ground that network is carried out security maintenance, wherein the crucial main frame of the first kind refers to that the fail safe of main frame self is very large to the safety effects of other main frames in the network, also might be attacked in case be subjected in the attacking network a lot of main frames; The crucial main frame of Equations of The Second Kind refers to that a lot of main frames can be launched a offensive to this main frame in the network.
Network security assessment needs hard real-time, height visualization result, so this patent proposes to use the method for calculating Iterative Matrix based on atomic strike figure adjacency matrix that internet security is assessed, propose simultaneously monotonicity hypothesis: the assailant can not launch a offensive in order to obtain existing authority, the assailant can not advance yet a series of attack state get back to again before the state of process that is to say and not deposit the loop; Can reduce attack graph complexity, improve the visual of attack graph.
Patent related to the present invention
Log in State Intellectual Property Office of the People's Republic of China, according to keyword " attack graph " search, find 4 Patents, according to keyword " network security assessment " search, find 2 Patents.
A kind of attack drawing generating method of depth-first (application number: 200710144693.1)
This patent has proposed a kind of attack drawing generating method based on the depth-first algorithm, all security factors of at first collecting current network consist of initial condition, then use prolog systematic search assailant to arrive the network state that to pass through before the dbjective state, according to the structure of the dependence between the network state that searches attack path, the attack path with structure is combined into network attack map at last again.The advantage of this patent is that the depth-first algorithm that uses has not only reduced the scale of attack graph, and can also be so that do not deposit non-destination node in the attack graph.This invention mainly is the proposition of attack graph generating algorithm, also is that simple generation attack graph does not have deep attack graph is analyzed finally.
Attack graph generation system (the application number: 200810037824.0) of network-oriented security alarm association
This patent has proposed a related attack graph generation system of network-oriented security alarm of being set up module, knowledge base and attack graph generation module by network initial configuration information module, OVAL vulnerability scanning report collection module, Connectivity analysis of network module, data structure.The advantage of this attack graph generation system is to be beneficial to Project Realization, but this patent just generates attack graph, does not come network security is carried out further analysis and evaluation with attack graph.
A kind of intrusion response mode (application number: 201110181511.4) based on attack graph
This patent is to propose operation, respond and lose three kinds of costs and select corresponding safeguard procedures with this on the basis of reference model-IRAG model of intrusion detection and response.The present invention only considers next step attack process of assailant's the response of attack, system and assailant, mainly be the attack that response action and assailant for system select Income Maximum, and the network security assessment relation based on the attack graph adjacency matrix that we propose not very large.
A kind of Network Safety Analysis (application number: 201210224533.9) of finding the solution K maximum probability attack graph
This patent mainly is the problem of depositing in the network security assessment algorithm based on the access level vector in order to solve by the front K bar attack path of each node storage accumulated probability maximum: can only identify the maximum probability path that generates each node of attacking network and the front K bar attack path that can not generate attacking network node maximum probability.The present invention has just considered the problem of attack path, does not but assess for other factors, so assessment is comprehensive not.
A kind of (application number: 200910050505.8) of network safety evaluation method based on NBA
This patent connects one in the network or independently wraps and regard a stream as, come the network behavior parameter of every main frame in the phase-split network by recorded stream through the attribute of all streams of network, and calculate the maximum threshold values of the network behavior parameter permission of each main frame, if the characteristic ginseng value of certain main frame just thinks that greater than maximum threshold values network occurs unusually in the network.Mainly be a kind of network safety evaluation method of behavioural analysis Network Based, and the network safety evaluation method relation based on the attack graph adjacency matrix that we propose is little.
A kind of vulnerability scanning system of network-oriented security evaluation and processing method thereof (application number: 200910112916.5)
This patent combines vulnerability scanning system and intruding detection system, and introduced warning function and scheduling feature, so that system can carry out vulnerability scanning and security evaluation to objective network selectively and form that portion is comparatively objective, accurately vulnerability scanning report.The present invention is the network time notice warning module that abnormal conditions occur and is produced by warning module and to report to the police and come whole network is scanned by dispatching process module driver sweep engine modules.This patent can not be identified the important informations such as critical path and crucial main frame.
Summary of the invention
Purpose of the present invention is in the following technical problem that solves:
One, high efficiency is applicable to extensive and express network
One of design object of the present invention is can be applicable in catenet and the express network; further take to defend accordingly safeguard measure to guarantee the safety of network thereby can carry out analysis and evaluation to large-scale computer network security, this has just proposed very high requirement to the efficient of internet security appraisal procedure proposed by the invention.The internet security appraisal procedure that the present invention proposes is based on atomic strike figure adjacency matrix, only need to know that basic invasion does not need to obtain in advance all attack paths and sets up atomic strike figure, therefore have very high efficient, the attack graph of setting up simultaneously neither be so complicated and calculates with matrix network security is assessed and can be used in the large network environment.
Two, internet security is carried out the data of analysis and evaluation more reliable
One of design object of the present invention is that network security is carried out the data of analysis and evaluation is more reliable, thereby can search out exactly crucial main frame so that the network manager can have emphasis ground that objective network is safeguarded.The network security assessment device that the present invention proposes is that each main frame in the reaction network is configured to initial adjacency matrix to a simple attack figure of basic attack relation, and utilizes handling function that it is carried out interative computation, obtains final Iterative Matrix.Usually really to establish a capital be experience according to the network management personnel to critical host, and the critical host of determining in such cases has very strong subjective consciousness, might not be the crucial main frame that truly reflects network condition.And use based on the method network overall security of Iterative Matrix analyze and the searching of the crucial main frame of two classes on all more accurate, reliable.
Three, visualization is high
One of design object of the present invention be with the result visualization after the assessment show, the main frame or the path that the network management personnel are known clearly go wrong in the network, convenient and safe attendant safeguards, manages network.The network security assessment device that the present invention proposes is finally to network security assessment.
In order to address the above problem, the present invention by the following technical solutions:
A kind of network security assessment device based on the attack graph adjacency matrix is characterized in that comprising:
Information collection apparatus: all information in the real-time collecting network;
Atomic strike figure generating apparatus: generate to network security carry out the needed main frame of subsequent analysis to initial atomic strike figure;
The matrix computations device: the one, the atomic strike figure that generates is converted into corresponding adjacency matrix, the 2nd, by being set, iterations calculates Iterative Matrix corresponding to adjacency matrix;
Network Safety Analysis device: obtain the information such as the crucial main frame of two classes, critical path on the basis of the Iterative Matrix that generates at last, if the maximum probability that certain paths is attacked is greater than the initial threshold of setting then claim that this path is critical path.
The result presents device: dynamically show in the crucial main frame of two classes that will finally find and the critical path network topological diagram.
In the technique scheme, described information receiver: collect network topology, routing rule and firewall information in the objective network, utilize scanning tools or webmastering software to obtain the network equipment and host configuration information, adopt vulnerability scanning strategy scan for networks main frame to obtain the basic configuration information of host computer system and the vulnerability information of depositing.
In the technique scheme, described vulnerability scanning strategy is divided into two kinds of active and passive types,
Active vulnerability scanning strategy: the difference according to the scanning means is divided into again Host Based Hole Detection and based on network Hole Detection;
Host Based Hole Detection: installation agent or service on the destination host, file system, registration table, system service and the audit information of access main frame, it is complete that to scan institute leaky;
Based on network Hole Detection: mainly be by the network remote scanning computer;
Passive type vulnerability scanning strategy: based on the characteristic matching principle: the network data flow of target acquisition main frame and it is analyzed passively, then with database in the vulnerability definitions rule mate to judge whether host computer system deposits leak.
In the technique scheme, described atomic strike figure generating apparatus: the network topological information, the main frame vulnerability information that utilize information collection apparatus to obtain, be 1 to generate main frame to an initial atomic strike figure according to general host machine attack figure generating algorithm by limiting the attack step number, determine attack graph state node weight, namely determine to implement the probability of success attack;
The definite of attack graph state node weight can use PageRank computation model R (H)=(1-d)/N+d* (R (H
1)/C (H
1)+...+R (H
n)/C (H
n)), wherein n represents the quantity of state node in the attack graph, the weights of R (H) expression attack graph state node H, and d is that the general value of damping coefficient is 0.85, R (H
i) expression points to the H of state node H
iThe weights of node, C (H
i): state node H
iThe quantity of out-degree camber line.Also can use the AccessComplexity field attribute value E in the NVD database to quantize to be used for representing weight, as: E be height then weight be during 0.35, E is then weight be that 0.61, E is 0.71 for low then weight, E is that indefinite right of speech value of refetching also is 0.71.Can be take the CAPEC storehouse as determining the foundation of weights, Very Low, Low, Medium, High, five ranks of Very High in typical attack possibility occurrence in the attack information and assailant's ability and the knowledge requirement attribute are quantized, last span is fallen in the interval [0,1].
In the technique scheme, described matrix computations device:
With the main frame that generates to atomic strike figure be converted into corresponding adjacency matrix: if between two main frames<H
i, H
jCan generate the then attack graph adjacency matrix element a of correspondence of attack graph
Ij=Weight; H wherein
i, H
jExpression main frame i and main frame j, i, j=1,2 ..., n (n is All hosts quantity sum in the network), Weight then is that weight represents H
iTo H
jThe maximum probability of success attack.
The assailant utilizes leak that main frame is attacked to cause the main frame loss of assets, the assets size of loss is not only relevant with the attack of the leak that utilizes and initiation, also the significance level with assets is closely related, so the loss of state node is to be determined by the significance level of main frame and the degree of danger of leak.
We use L (h, v) represent the node loss, L (h, v)=C (h) * S (v), wherein C (h) represents the significance level of main frame, we provide service to be divided into different grades to it is quantized with the different of network function according to main frame, and its span is fallen in the interval [0,1]; The order of severity that S (v) expression fragility works the mischief utilizes the CVSS scoring to quantize, and its span is fallen in the interval [0,10].
Adjacency matrix A=(a
Ij)
M * l, B=(b
Ij)
M * l, all be that 0, C is a m * n matrix with diagonal entry, and the element among the C simultaneously diagonal entry be 0 all, be denoted as
A wherein
Ij, b
IjRepresent respectively the element among adjacency matrix A and the B, the row, column of m, l representing matrix.
If A=B, m=l, then C is the 2 step Iterative Matrix of A, so
The n step Iterative Matrix that just is called A.
In the technique scheme, described Network Safety Analysis device:
Look for place's critical path by checking in each time loss Iterative Matrix of calculating greater than the element value of given threshold value;
Each row element in the Iterative Matrix that generates at last sued for peace respectively and according to from big to small ordering, find out greater than given threshold value line number, and then obtain the crucial main frame of the first kind,
Each column element in the Iterative Matrix that generates at last obtained and according to descending ordering, find out greater than the row of given threshold value number, and then obtain the crucial main frame of Equations of The Second Kind;
Come that with the method for weighted average polymerization main frame fragility is carried out polymerization simultaneously and try to achieve the level of security that network vulnerability Index Assessment value is judged objective network.
In the technique scheme, described result presents device:
To display visually among the crucial main frame that obtain and the critical path network topology structure figure, and the network security rank is represented with different colors.
The beneficial effect that technical solution of the present invention is brought:
One, high efficiency is applicable to extensive and express network
Appraisal procedure of the present invention is based on main frame to an atomic strike figure, do not need to generate all attack paths and make up attack graph, so the complexity of attack graph is not high, is applicable to extensive and express network.
Two, the assessment accuracy rate is high, can identify exactly critical path and crucial main frame
Network security assessment device of the present invention is that each main frame in the reaction network is configured to initial adjacency matrix to a simple attack figure of basic attack relation, and utilizes handling function that it is carried out interative computation, obtains final Iterative Matrix.Find out critical host by the experience of the analysis of matrix being found out crucial main frame and critical path rather than being depended merely on the network management personnel, so the assessment accuracy rate is high.
Three, real-time, visualization is high
Information and Rapid Establishment that appraisal procedure of the present invention is based on the real-time collecting objective network get up main frame to a simple attack figure, use matrix computations speed quick, improve to a certain extent the real-time that objective network is assessed.Show dynamically among the crucial main frame that the present invention finds out the most at last and the critical path network topology structure figure and network safety grade is represented with different colours, so visualization is high, make things convenient for the network management personnel to check, analyze, process.
Description of drawings
Fig. 1 be simple main frame of the present invention to atomic strike figure.
Embodiment
The below provides a specific embodiment of the network security assessment device of the present invention's proposition, and the present embodiment is not only applicable to mininet, and is applicable equally to catenet.
The embodiment of the invention one:
The execution mode of information collection apparatus
From the network topology structure chart, can obtain the connected mode of each main frame in the network.Generally, network is divided into the several different zone that is separated by fire compartment wall or router, and the main frame in each zone is interconnected.If do not know network topological diagram, then utilize various route search algorithms and related protocol to comprise: DNS, ICMP, SNMP, RIP, OSPF, operating system and architecture related protocol obtain the routing iinformation of each equipment in the whole network, then utilize the Automatic generation of information that acquires to need topology diagram.Utilize scanning tools or webmastering software to obtain the network equipment and host configuration information.Because main frame need to provide service must open self port, so exist by the possibility of long-range attack, main frame self is also being deposited fragility simultaneously, so need to obtain the vulnerability information deposited on network and the equipment in network, can come the equipment deposited in scan for networks and the network by the vulnerability scanning strategy.
Wherein the vulnerability scanning strategy is divided into two kinds of active and passive types, again active vulnerability scanning strategy is divided into these two kinds of Host Based Hole Detection and based on network Hole Detection according to the difference of scanning means; Wherein Host Based Hole Detection is installation agent or service on destination host, file system, registration table, system service and the audit information of access main frame, and it is complete that to scan institute leaky; And based on network Hole Detection mainly is by the network remote scanning computer; Passive type vulnerability scanning strategy is based on the characteristic matching principle to carry out: the network data flow of target acquisition main frame and it is analyzed passively, then with database in the vulnerability definitions rule mate to judge whether host computer system deposits leak.
The execution mode of atomic strike figure generating apparatus
The various elements such as server, subscriber's main station, router and fire compartment wall are arranged in the network, and we are referred to as main frame with these elements that may deposit safety issue in this patent.The network topological information, the main frame vulnerability information that utilize information collection apparatus to obtain generate initial atomic strike figure, and this need to determine that weight namely implements the probability of success attack.Attack graph state node weight can be used PageRank computation model R (H)=(1-d)/N+d* (R (H among the present invention
1)/C (H
1)+...+R (H
n)/C (H
n)), wherein n represents the quantity of state node in the attack graph, the weights of R (H) expression attack graph state node H, and d is that the general value of damping coefficient is 0.85, R (H
i) expression points to the H of state node H
iThe weights of node, C (H
i): state node H
iThe quantity of out-degree camber line.Also can use the AccessComplexity field attribute value E in the NVD database to quantize to be used for representing weight, as: E be height then weight be during 0.35, E is then weight be that 0.61, E is 0.71 for low then weight, E is that indefinite right of speech value of refetching also is 0.71.Can be take the CAPEC storehouse as determining the foundation of weights, Very Low, Low, Medium, High, five ranks of Very High in typical attack possibility occurrence in the attack information and assailant's ability and the knowledge requirement attribute are quantized, last span is fallen in the interval [0,1].
The execution mode of matrix computations device
With the main frame that generates to atomic strike figure be converted into corresponding adjacency matrix: if between two main frames<H
i, H
jCan generate the then attack graph adjacency matrix element a of correspondence of attack graph
Ij=Weight; H wherein
i, H
jExpression main frame i and main frame j, i, j=1,2 ..., n (n is All hosts quantity sum in the network), Weight then is that weight represents H
iTo H
jThe maximum probability of success attack.
The assailant utilizes leak that main frame is attacked to cause the main frame loss of assets, the assets size of loss is not only relevant with the attack of the leak that utilizes and initiation, also the significance level with assets is closely related, so the loss of state node is to be determined by the significance level of main frame and the degree of danger of leak.Use L (h, v) represent the node loss, L (h, v)=C (h) * S (v), wherein C (h) represents the significance level of main frame, we provide service to be divided into different grades to it is quantized with the different of network function according to main frame, and its span is fallen in the interval [0,1]; The order of severity that S (v) expression fragility works the mischief utilizes the CVSS scoring to quantize, and its span is fallen in the interval [0,10].
Adjacency matrix A=(a
Ij)
M * l, B=(b
Ij)
M * l, all be that 0, C is a m * n matrix with diagonal entry, and the element among the C
Diagonal entry is 0 all simultaneously, is denoted as
A wherein
Ij, b
IjRepresent respectively the element among adjacency matrix A and the B, the row, column of m, l representing matrix.If A=B, m=l, then C is the 2 step Iterative Matrix of A, so
The n step Iterative Matrix that just is called A.
Can calculate corresponding Iterative Matrix so that the back is assessed network security by corresponding iterations is set in this device.The atomic strike figure of hypotheses creation is illustrated in fig. 1 shown below, the significance level of the value representation main frame in the node wherein, and the fragility that then represents of the probability back of the expression successful attack of front is utilized the harm that causes in the logarithm on the limit of connected node.Its corresponding adjacency matrix A is
The execution mode of network security assessment device
By checking in each time loss Iterative Matrix of calculating the element value greater than given threshold value, if in the element value main frame loss adjacency matrix then represent that it is exactly a critical path that two main frames are once attacked formed path by leak; If in the Iterative Matrix that iteration will generate at last each row element sue for peace respectively and according to from big to small the ordering, find out greater than given threshold value line number, and then obtain the crucial main frame of the first kind, each column element in the Iterative Matrix that generates at last obtained and according to descending ordering, find out greater than the row of given threshold value number, and then obtain the crucial main frame of Equations of The Second Kind.For example, element value b among the main frame loss adjacency matrix B
46And b
56All greater than the initial threshold 0.7 of setting, it all is critical path to the formed path of atomic strike that main frame 7 carries out that the atomic strike path that illustrates that main frame 4 utilizes that leak carries out main frame 7 and main frame 5 utilize fragility.Suppose that the iterations of setting is exactly 1, then after each row element summation of adjacency matrix A according to from big to small ordering be: the third line 1.0〉the 2nd row 0.9=the 1st row 0.9〉the 5th row 0.7〉the 4th row 0.6〉the 6th row 0, the 3rd, two, one row element and all greater than initial threshold 0.8 wherein, main frame 1 then is described, 2,3 belong to the crucial main frame of the first kind; After each column element summation of adjacency matrix A according to from big to small ordering be: the 4th row 1.3=the 6th row 1.3〉the 2nd row 0.6=the 5th row 0.6〉the 3rd row 0.3〉first row 0, wherein the 4th row and the 6th column element and all illustrate then that greater than initial threshold main frame 4,6 belongs to Equations of The Second Kind key main frame; Wherein threshold value also can be along with adjusting according to environmental evolution.
Come that with the method for weighted average polymerization main frame fragility is carried out polymerization simultaneously and try to achieve the level of security that network vulnerability Index Assessment value is judged objective network.
The result presents the execution mode of device
To show dynamically in crucial main frame that find out and the critical path network topological diagram, if critical path be a main frame through several main frames as springboard carry out multiple attack just be penetrated into the formed path of destination host need first this path to be found out in the topological structure use again overstriking the line Dynamic Display out; The crucial main frame of the first kind and Equations of The Second Kind just represents with red and Huang respectively in the topology diagram; The fragility of the current network then upper right corner of topological structure body represents with rectangular block, different colors represents network and is in different states, represent that such as redness network is in the grave danger state at this moment, yellow expression is in the hole etc., generate simultaneously a tendency chart of throwing the net the in time dynamic change of network fragility index, and generate corresponding log information, be convenient to the network management personnel and carry out the checking of later stage, analytical work.
Claims (8)
1. network security assessment device based on the attack graph adjacency matrix is characterized in that comprising:
Information collection apparatus: all information in the real-time collecting network;
Atomic strike figure generating apparatus: generate to network security carry out the needed main frame of subsequent analysis to initial atomic strike figure;
The matrix computations device: the one, the atomic strike figure that generates is converted into corresponding adjacency matrix, the 2nd, by being set, iterations calculates Iterative Matrix corresponding to adjacency matrix;
Network Safety Analysis device: obtain crucial main frame, critical path information on the basis of the final Iterative Matrix that generates.
2. a kind of network security assessment device based on the attack graph adjacency matrix according to claim 1, it is characterized in that: described information receiver: collect network topology, routing rule and firewall information in the objective network, utilize scanning tools or webmastering software to obtain the network equipment and host configuration information, obtain the basic configuration information of host computer system and the vulnerability information of depositing with vulnerability scanning strategy scan for networks main frame.
3. a kind of network security assessment device based on the attack graph adjacency matrix according to claim 2 is characterized in that:
Described vulnerability scanning strategy is divided into two kinds of active and passive types,
Active vulnerability scanning strategy: the difference according to the scanning means is divided into again Host Based Hole Detection and based on network Hole Detection;
Host Based Hole Detection: installation agent or service on the destination host, file system, registration table, system service and the audit information of access main frame, it is complete that to scan institute leaky;
Based on network Hole Detection: mainly be by the network remote scanning computer;
Passive type vulnerability scanning strategy: based on the characteristic matching principle: the network data flow of target acquisition main frame and it is analyzed passively, then with database in the vulnerability definitions rule mate to judge whether host computer system deposits leak.
4. a kind of network security assessment device based on the attack graph adjacency matrix according to claim 3 is characterized in that:
Atomic strike figure generating apparatus: the network topological information, the main frame vulnerability information that utilize information collection apparatus to obtain generate initial atomic strike figure, determine attack graph state node weight, namely determine to implement the probability of success attack.
5. a kind of network security assessment device based on the attack graph adjacency matrix according to claim 4 is characterized in that:
With the main frame that generates to atomic strike figure be converted into corresponding adjacency matrix: between two main frames<Hi, Hj〉can generate then corresponding attack graph adjacency matrix element aij=Weight of attack graph; Hi wherein, Hj represents main frame i and main frame j, i, j=1,2 ..., n, n are All hosts quantity sums in the network, Weight then is that weight represents that Hi is to the maximum probability of Hj success attack;
Use L (h, v) represent the node loss, L (h, v)=C (h) * S (v), wherein C (h) represents the significance level of main frame, provide service to be divided into different grades to it is quantized with the different of network function according to main frame, its span is fallen in the interval [0,1]; The order of severity that S (v) expression fragility works the mischief utilizes the CVSS scoring to quantize, and its span is fallen in the interval [0,10];
The matrix computations device:
Adjacency matrix A=(a
Ij)
M * l, B=(b
Ij)
M * l, all be that 0, C is a m * n matrix with diagonal entry, and the element among the C
Diagonal entry is 0 all simultaneously, is denoted as
A wherein
Ij, b
IjRepresent respectively the element among adjacency matrix A and the B, the row, column of m, l representing matrix.If A=B, m=l, then C is the 2 step Iterative Matrix of A, so
The n step Iterative Matrix that just is called A.
6. a kind of network security assessment device based on the attack graph adjacency matrix according to claim 5 is characterized in that:
The Network Safety Analysis device:
Look for place's critical path by checking in each time loss Iterative Matrix of calculating greater than the element value of given threshold value;
Each row element in the Iterative Matrix that generates at last sued for peace respectively and according to from big to small ordering, find out greater than given threshold value line number, and then obtain the crucial main frame of the first kind,
Each column element in the Iterative Matrix that generates at last obtained and according to descending ordering, find out greater than the row of given threshold value number, and then obtain the crucial main frame of Equations of The Second Kind;
Come that with the method for weighted average polymerization main frame fragility is carried out polymerization simultaneously and try to achieve the level of security that network vulnerability Index Assessment value is judged objective network.
7. a kind of network security assessment device based on the attack graph adjacency matrix according to claim 6 is characterized in that:
Comprise that also the result presents device: show formally dynamically in the crucial main frame that will find out and critical path and the current network fragility index network topological diagram that calculates;
Generate the tendency chart of in time dynamic change of network fragility index of throwing the net, and generate corresponding log information.
8. a kind of network security assessment device based on the attack graph adjacency matrix according to claim 3 is characterized in that, definite use PageRank computation model R (H)=(1-d) of attack graph state node weight/N+d* (R (H
1)/C (H
1)+...+R (H
n)/C (H
n)), wherein n represents the quantity of state node in the attack graph, the weights of R (H) expression attack graph state node H, and d is that the general value of damping coefficient is 0.85, R (H
i) expression points to the H of state node H
iThe weights of node, C (H
i): state node H
iThe quantity of out-degree camber line.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310329096.1A CN103368976B (en) | 2013-07-31 | 2013-07-31 | Network security evaluation device based on attack graph adjacent matrix |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310329096.1A CN103368976B (en) | 2013-07-31 | 2013-07-31 | Network security evaluation device based on attack graph adjacent matrix |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103368976A true CN103368976A (en) | 2013-10-23 |
| CN103368976B CN103368976B (en) | 2015-03-04 |
Family
ID=49369513
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310329096.1A Active CN103368976B (en) | 2013-07-31 | 2013-07-31 | Network security evaluation device based on attack graph adjacent matrix |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103368976B (en) |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105704093A (en) * | 2014-11-25 | 2016-06-22 | ***通信集团设计院有限公司 | Firewall access control strategy debugging method, device and system |
| CN105991521A (en) * | 2015-01-30 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Network risk assessment method and network risk assessment device |
| CN106657144A (en) * | 2017-01-20 | 2017-05-10 | 北京理工大学 | Dynamic protection path planning method based on reinforcement learning |
| CN106850607A (en) * | 2017-01-20 | 2017-06-13 | 北京理工大学 | The quantitative estimation method of the network safety situation based on attack graph |
| CN107135221A (en) * | 2017-05-10 | 2017-09-05 | 上海海事大学 | A kind of method of gradual solution K maximum probability attack paths |
| CN107332802A (en) * | 2016-04-28 | 2017-11-07 | ***通信集团江西有限公司 | A kind of firewall policy monitoring method and device |
| CN107566376A (en) * | 2017-09-11 | 2018-01-09 | 中国信息安全测评中心 | One kind threatens information generation method, apparatus and system |
| CN108270774A (en) * | 2017-12-22 | 2018-07-10 | 杭州安恒信息技术有限公司 | A kind of attack detection and means of defence based on attack graph |
| CN108959931A (en) * | 2017-05-24 | 2018-12-07 | 阿里巴巴集团控股有限公司 | Leak detection method and device, information interacting method and equipment |
| CN109977680A (en) * | 2019-03-13 | 2019-07-05 | 北京国舜科技股份有限公司 | A kind of business datum security risk recognition methods and system |
| CN110289995A (en) * | 2019-06-11 | 2019-09-27 | 同济大学 | Based on the social networks behavior monitoring method and device using attribute attack graph |
| CN110401626A (en) * | 2019-03-14 | 2019-11-01 | 腾讯科技(深圳)有限公司 | A kind of hacker attack hierarchical detection method and device |
| CN110460481A (en) * | 2019-09-12 | 2019-11-15 | 南京经纬信安科技有限公司 | A kind of recognition methods of network key assets |
| CN110557393A (en) * | 2019-09-05 | 2019-12-10 | 腾讯科技(深圳)有限公司 | network risk assessment method and device, electronic equipment and storage medium |
| CN110572409A (en) * | 2019-09-16 | 2019-12-13 | 国家计算机网络与信息安全管理中心 | Industrial Internet security risk prediction method, device, equipment and storage medium |
| CN110781453A (en) * | 2019-09-23 | 2020-02-11 | 太原理工大学 | Complex theory battle network fragile edge identification method |
| CN111193617A (en) * | 2019-12-17 | 2020-05-22 | 中移(杭州)信息技术有限公司 | Webpage tampering identification method and device, electronic equipment and storage medium |
| CN112003864A (en) * | 2020-08-25 | 2020-11-27 | 上海聚水潭网络科技有限公司 | Website security detection system and method based on full flow |
| CN112114579A (en) * | 2020-09-28 | 2020-12-22 | 哈尔滨工业大学(威海) | Industrial control system safety measurement method based on attack graph |
| CN112819336A (en) * | 2021-02-03 | 2021-05-18 | 国家电网有限公司 | Power monitoring system network threat-based quantification method and system |
| CN112904817A (en) * | 2021-01-19 | 2021-06-04 | 哈尔滨工业大学(威海) | Global safety detection system for intelligent manufacturing production line and working method thereof |
| CN113051575A (en) * | 2021-03-25 | 2021-06-29 | 深圳市联软科技股份有限公司 | Method and system for generating red and blue attack resisting exercise scheme based on graph database |
| US11187797B2 (en) | 2018-10-31 | 2021-11-30 | Institute Of Electronics, Chinese Academy Of Sciences | Method for range ambiguity suppression based on multi-degree-of-freedom frequency modulation signal |
| CN113779591A (en) * | 2021-09-16 | 2021-12-10 | 中国民航大学 | Network host node security risk assessment method based on host importance |
| CN113949570A (en) * | 2021-10-18 | 2022-01-18 | 北京航空航天大学 | Penetration test attack path selection method and system based on attack graph |
| CN114143109A (en) * | 2021-12-08 | 2022-03-04 | 安天科技集团股份有限公司 | Visual processing method, interaction method and device for attack data |
| CN114301716A (en) * | 2022-02-22 | 2022-04-08 | 绿盟科技集团股份有限公司 | Network security assessment method and device, network security equipment and storage medium |
| CN115296896A (en) * | 2022-08-03 | 2022-11-04 | 中国电子科技集团公司信息科学研究院 | Attack path dynamic generation method and device and electronic equipment |
| CN117579398A (en) * | 2024-01-17 | 2024-02-20 | 国网浙江省电力有限公司 | Attack path prediction method and device based on distributed energy system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101162993A (en) * | 2007-11-29 | 2008-04-16 | 哈尔滨工程大学 | Network risk analysis method |
| CN102098306A (en) * | 2011-01-27 | 2011-06-15 | 北京信安天元科技有限公司 | Network attack path analysis method based on incidence matrixes |
-
2013
- 2013-07-31 CN CN201310329096.1A patent/CN103368976B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101162993A (en) * | 2007-11-29 | 2008-04-16 | 哈尔滨工程大学 | Network risk analysis method |
| CN102098306A (en) * | 2011-01-27 | 2011-06-15 | 北京信安天元科技有限公司 | Network attack path analysis method based on incidence matrixes |
Non-Patent Citations (2)
| Title |
|---|
| 王如义: "基于关联分析的漏洞检测和安全评估技术研究", 《中国优秀硕士学位论文全文数据库》, 10 July 2012 (2012-07-10) * |
| 钟尚勤: "基于主机攻击图的网络安全性研究", 《中国博士学位论文全文数据库》, 26 November 2012 (2012-11-26) * |
Cited By (51)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105704093A (en) * | 2014-11-25 | 2016-06-22 | ***通信集团设计院有限公司 | Firewall access control strategy debugging method, device and system |
| CN105704093B (en) * | 2014-11-25 | 2018-06-12 | ***通信集团设计院有限公司 | A kind of firewall access control policy error-checking method, apparatus and system |
| CN105991521B (en) * | 2015-01-30 | 2019-06-21 | 阿里巴巴集团控股有限公司 | Network risk assessment method and device |
| CN105991521A (en) * | 2015-01-30 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Network risk assessment method and network risk assessment device |
| CN107332802A (en) * | 2016-04-28 | 2017-11-07 | ***通信集团江西有限公司 | A kind of firewall policy monitoring method and device |
| CN107332802B (en) * | 2016-04-28 | 2020-08-07 | ***通信集团江西有限公司 | Firewall policy monitoring method and device |
| CN106657144A (en) * | 2017-01-20 | 2017-05-10 | 北京理工大学 | Dynamic protection path planning method based on reinforcement learning |
| CN106850607A (en) * | 2017-01-20 | 2017-06-13 | 北京理工大学 | The quantitative estimation method of the network safety situation based on attack graph |
| CN106850607B (en) * | 2017-01-20 | 2019-09-20 | 北京理工大学 | The quantitative estimation method of network safety situation based on attack graph |
| CN106657144B (en) * | 2017-01-20 | 2019-06-28 | 北京理工大学 | A kind of dynamic protection paths planning method based on enhancing study |
| CN107135221B (en) * | 2017-05-10 | 2020-05-05 | 上海海事大学 | Method for progressively solving K maximum probability attack path |
| CN107135221A (en) * | 2017-05-10 | 2017-09-05 | 上海海事大学 | A kind of method of gradual solution K maximum probability attack paths |
| CN108959931A (en) * | 2017-05-24 | 2018-12-07 | 阿里巴巴集团控股有限公司 | Leak detection method and device, information interacting method and equipment |
| CN108959931B (en) * | 2017-05-24 | 2022-03-01 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and device, information interaction method and equipment |
| CN107566376B (en) * | 2017-09-11 | 2020-05-05 | 中国信息安全测评中心 | Threat information generation method, device and system |
| CN107566376A (en) * | 2017-09-11 | 2018-01-09 | 中国信息安全测评中心 | One kind threatens information generation method, apparatus and system |
| CN108270774A (en) * | 2017-12-22 | 2018-07-10 | 杭州安恒信息技术有限公司 | A kind of attack detection and means of defence based on attack graph |
| US11187797B2 (en) | 2018-10-31 | 2021-11-30 | Institute Of Electronics, Chinese Academy Of Sciences | Method for range ambiguity suppression based on multi-degree-of-freedom frequency modulation signal |
| CN109977680A (en) * | 2019-03-13 | 2019-07-05 | 北京国舜科技股份有限公司 | A kind of business datum security risk recognition methods and system |
| CN110401626B (en) * | 2019-03-14 | 2022-02-18 | 腾讯科技(深圳)有限公司 | Hacker attack grading detection method and device |
| CN110401626A (en) * | 2019-03-14 | 2019-11-01 | 腾讯科技(深圳)有限公司 | A kind of hacker attack hierarchical detection method and device |
| CN110289995A (en) * | 2019-06-11 | 2019-09-27 | 同济大学 | Based on the social networks behavior monitoring method and device using attribute attack graph |
| CN110289995B (en) * | 2019-06-11 | 2021-02-02 | 同济大学 | Social network behavior monitoring method and device based on attribute attack graph |
| CN110557393A (en) * | 2019-09-05 | 2019-12-10 | 腾讯科技(深圳)有限公司 | network risk assessment method and device, electronic equipment and storage medium |
| CN110460481B (en) * | 2019-09-12 | 2022-02-25 | 南京经纬信安科技有限公司 | Identification method of network key assets |
| CN110460481A (en) * | 2019-09-12 | 2019-11-15 | 南京经纬信安科技有限公司 | A kind of recognition methods of network key assets |
| CN110572409A (en) * | 2019-09-16 | 2019-12-13 | 国家计算机网络与信息安全管理中心 | Industrial Internet security risk prediction method, device, equipment and storage medium |
| CN110572409B (en) * | 2019-09-16 | 2021-10-12 | 国家计算机网络与信息安全管理中心 | Industrial Internet security risk prediction method, device, equipment and storage medium |
| CN110781453A (en) * | 2019-09-23 | 2020-02-11 | 太原理工大学 | Complex theory battle network fragile edge identification method |
| CN110781453B (en) * | 2019-09-23 | 2023-11-24 | 太原理工大学 | Network fragile edge recognition method based on complex theory |
| CN111193617B (en) * | 2019-12-17 | 2022-10-18 | 中移(杭州)信息技术有限公司 | Webpage tampering identification method and device, electronic equipment and storage medium |
| CN111193617A (en) * | 2019-12-17 | 2020-05-22 | 中移(杭州)信息技术有限公司 | Webpage tampering identification method and device, electronic equipment and storage medium |
| CN112003864A (en) * | 2020-08-25 | 2020-11-27 | 上海聚水潭网络科技有限公司 | Website security detection system and method based on full flow |
| CN112003864B (en) * | 2020-08-25 | 2022-01-14 | 上海聚水潭网络科技有限公司 | Website security detection system and method based on full flow |
| CN112114579A (en) * | 2020-09-28 | 2020-12-22 | 哈尔滨工业大学(威海) | Industrial control system safety measurement method based on attack graph |
| CN112904817B (en) * | 2021-01-19 | 2022-08-12 | 哈尔滨工业大学(威海) | Global safety detection system for intelligent manufacturing production line and working method thereof |
| CN112904817A (en) * | 2021-01-19 | 2021-06-04 | 哈尔滨工业大学(威海) | Global safety detection system for intelligent manufacturing production line and working method thereof |
| CN112819336A (en) * | 2021-02-03 | 2021-05-18 | 国家电网有限公司 | Power monitoring system network threat-based quantification method and system |
| CN112819336B (en) * | 2021-02-03 | 2023-12-15 | 国家电网有限公司 | Quantification method and system based on network threat of power monitoring system |
| CN113051575A (en) * | 2021-03-25 | 2021-06-29 | 深圳市联软科技股份有限公司 | Method and system for generating red and blue attack resisting exercise scheme based on graph database |
| CN113779591A (en) * | 2021-09-16 | 2021-12-10 | 中国民航大学 | Network host node security risk assessment method based on host importance |
| CN113779591B (en) * | 2021-09-16 | 2023-11-03 | 中国民航大学 | Network host node security risk assessment method based on host importance |
| CN113949570A (en) * | 2021-10-18 | 2022-01-18 | 北京航空航天大学 | Penetration test attack path selection method and system based on attack graph |
| CN114143109A (en) * | 2021-12-08 | 2022-03-04 | 安天科技集团股份有限公司 | Visual processing method, interaction method and device for attack data |
| CN114143109B (en) * | 2021-12-08 | 2023-11-10 | 安天科技集团股份有限公司 | Visual processing method, interaction method and device for attack data |
| CN114301716B (en) * | 2022-02-22 | 2023-05-26 | 绿盟科技集团股份有限公司 | Network security assessment method and device, network security equipment and storage medium |
| CN114301716A (en) * | 2022-02-22 | 2022-04-08 | 绿盟科技集团股份有限公司 | Network security assessment method and device, network security equipment and storage medium |
| CN115296896A (en) * | 2022-08-03 | 2022-11-04 | 中国电子科技集团公司信息科学研究院 | Attack path dynamic generation method and device and electronic equipment |
| CN115296896B (en) * | 2022-08-03 | 2023-07-18 | 中国电子科技集团公司信息科学研究院 | Attack path dynamic generation method and device and electronic equipment |
| CN117579398A (en) * | 2024-01-17 | 2024-02-20 | 国网浙江省电力有限公司 | Attack path prediction method and device based on distributed energy system |
| CN117579398B (en) * | 2024-01-17 | 2024-04-02 | 国网浙江省电力有限公司 | Attack path prediction method and device based on distributed energy system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103368976B (en) | 2015-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103368976B (en) | Network security evaluation device based on attack graph adjacent matrix | |
| CN112738015B (en) | Multi-step attack detection method based on interpretable convolutional neural network CNN and graph detection | |
| CN110620759B (en) | Multi-dimensional association-based network security event hazard index evaluation method and system | |
| CN105871882B (en) | Network security risk analysis method based on network node fragility and attack information | |
| CN115296924B (en) | Network attack prediction method and device based on knowledge graph | |
| CN107277039A (en) | A kind of network attack data analysis and intelligent processing method | |
| CN107241352A (en) | A kind of net security accident classificaiton and Forecasting Methodology and system | |
| CN104539626A (en) | Network attack scene generating method based on multi-source alarm logs | |
| CN103368979A (en) | Network security verifying device based on improved K-means algorithm | |
| CN104125217A (en) | Cloud data center real-time risk assessment method based on mainframe log analysis | |
| CN104348652A (en) | Method and device for evaluating system security based on correlation analysis | |
| CN102137115A (en) | Method for evaluating malicious code attack effect of communication network | |
| CN116366376B (en) | APT attack traceability graph analysis method | |
| CN114021040A (en) | Method and system for alarming and protecting malicious event based on service access | |
| CN115225384B (en) | Network threat degree evaluation method and device, electronic equipment and storage medium | |
| CN115021997A (en) | Network intrusion detection system based on machine learning | |
| CN110298170B (en) | Power SCADA system security assessment method considering blind attack factors | |
| CN115795330A (en) | Medical information anomaly detection method and system based on AI algorithm | |
| CN116996286A (en) | Network attack and security vulnerability management framework platform based on big data analysis | |
| CN106101071A (en) | The method that defence link drain type CC that a kind of Behavior-based control triggers is attacked | |
| CN117235600A (en) | User abnormal behavior detection method and system | |
| CN111191230A (en) | Fast network attack backtracking mining method based on convolutional neural network and application | |
| CN102611714B (en) | Based on the network intrusions Forecasting Methodology of contact discovery technique | |
| Zhang et al. | An active defense model and framework of insider threats detection and sense | |
| CN113489709B (en) | Flow detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Chen Ting Inventor after: Zhang Xiaosong Inventor after: Niu Weina Inventor after: Chen Ruidong Inventor after: Wang Dong Inventor after: Zhang Jiansong Inventor after: Jiang Wei Inventor after: Li Jianbin Inventor before: Zhang Xiaosong Inventor before: Niu Weina Inventor before: Chen Ruidong Inventor before: Wang Dong Inventor before: Zhang Jiansong Inventor before: Li Jianbin |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: ZHANG XIAOSONG NIU WEINA CHEN RUIDONG WANG DONG ZHANG JIANSONG LI JIANBIN TO: CHEN TING ZHANG XIAOSONG NIU WEINA CHEN RUIDONG WANG DONG ZHANG JIANSONG JIANG WEI LI JIANBIN |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhang Xiaosong Inventor after: Niu Weina Inventor after: Chen Ruidong Inventor after: Wang Dong Inventor after: Chen Ting Inventor after: Zhang Jiansong Inventor after: Jiang Wei Inventor after: Li Jianbin Inventor before: Chen Ting Inventor before: Zhang Xiaosong Inventor before: Niu Weina Inventor before: Chen Ruidong Inventor before: Wang Dong Inventor before: Zhang Jiansong Inventor before: Jiang Wei Inventor before: Li Jianbin |
|
| CB03 | Change of inventor or designer information | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: CHEN TING ZHANG XIAOSONG NIU WEINA CHEN RUIDONG WANG DONG ZHANG JIANSONG JIANG WEI LI JIANBIN TO: ZHANG XIAOSONG NIU WEINA CHEN RUIDONG WANG DONG CHEN TING ZHANG JIANSONG JIANG WEI LI JIANBIN |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |