CN107203720A - risk value calculating method and device - Google Patents
risk value calculating method and device Download PDFInfo
- Publication number
- CN107203720A CN107203720A CN201611262416.6A CN201611262416A CN107203720A CN 107203720 A CN107203720 A CN 107203720A CN 201611262416 A CN201611262416 A CN 201611262416A CN 107203720 A CN107203720 A CN 107203720A
- Authority
- CN
- China
- Prior art keywords
- value
- target device
- target
- attack
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiments of the invention provide a kind of risk value calculating method and device.Obtain the apparatus value of target device;Obtain target device itself exist leak, the leak can by attack utilization target of attack equipment;The probable value that the leak analysis target device existed according to target device itself is attacked by attack;The target attack behavior for the leak target of attack equipment that statistics can exist using target device itself;Obtain the first influence degree value of each target attack behavior each respectively to target device;The the first influence degree value of the probable value attacked according to the apparatus value, target device by attack and each target attack behavior each respectively to target device, calculates first value-at-risk of all target attack behaviors to target device.The degree of accuracy of the obtained all target attack behaviors to the value-at-risk of target device is calculated by the embodiment of the present invention higher.
Description
Technical field
The present embodiments relate to field of computer technology, more particularly to a kind of method and device of value-at-risk.
Background technology
Currently, enterprise includes many equipment, illegal when the equipment itself has leak for any one equipment
Molecule by attack using the leak may malicious attack equipment so that cause equipment can not normal work, and then give
Enterprise brings loss, and in order to protect the equipment in enterprise, it is necessary to calculate the value-at-risk of the equipment in enterprise, the value-at-risk of equipment is
The probable value of loss is brought after equipment is under attack.
Wherein, prior art provides a kind of risk value calculating method, including:
Technical staff can manually set each attack each respectively after attack equipment to the of equipment in advance
One influence degree value, and manually set equipment itself each leak that may be present each to influence journey to the second of equipment respectively
Angle value.
In the value-at-risk of computing device, the leak that equipment can exist with detection device itself, and obtain what is pre-set
The the second influence degree value of each leak detected each respectively to equipment.
It is then determined that the attack of equipment can be attacked using the leak, then obtain each pre-set and determine
Attack each respectively after attack equipment to the first influence degree value of equipment, the first influence degree then obtained
Highest the first influence degree value is searched in value.Afterwards by highest the first influence degree value sum and the second all influence journeys
Angle value is multiplied, and obtains the probable value that equipment is attacked.
The second all influence degree value sums is multiplied with the apparatus value of equipment again all attacks determined
Influence degree value of the behavior to equipment;All attacks determined are attacked with equipment the influence degree value of equipment
Value-at-risk of all attacks that probable value multiplication is determined to equipment.
However, inventor has found during the embodiment of the present invention is realized, this scheme of the prior art is at least deposited
In following shortcoming:The value-at-risk to equipment calculated is accurate.
The content of the invention
To overcome problem present in correlation technique, the embodiment of the present invention provides a kind of risk value calculating method and device.
First aspect according to embodiments of the present invention includes there is provided a kind of risk value calculating method, methods described:
Obtain the apparatus value of target device;
The leak of the target device itself presence is obtained, the leak can be utilized by attack and attack the mesh
Marking device;The probable value that the target device according to the leak analysis is attacked by attack;
Statistics can enough attack the target attack behavior of the target device using the leak, obtain each target and attack
Hit the first influence degree value of behavior each respectively to the target device;
According to the apparatus value, the probable value and each target attack behavior each respectively to the target device
The first influence degree value, calculate the first value-at-risk of all target attack behaviors to the target device.
Wherein, it is described according to the apparatus value, the probable value and each target attack behavior each respectively to institute
The first influence degree value of target device is stated, first value-at-risk of all target attack behaviors to the target device, bag is calculated
Include:
For each target attack behavior, according to the apparatus value, the probable value and the target attack behavior
To the first influence degree value of the target device, second risk of the target attack behavior to the target device is calculated
Value;
According to the second value-at-risk of each target attack behavior each respectively to the target device, all targets are calculated
First value-at-risk of the attack to the target device.
Wherein, the apparatus value for obtaining target device, including:
Obtain confidentiality, integrality, availability and the business correlation of the target device;
According to the confidentiality, the integrality, the availability and the business correlation, calculated according to equation below
Obtain the apparatus value of the target device:
Wherein, W is the apparatus value, and C is the confidentiality, and I is the integrality, and A is the availability, and B is institute
Business correlation is stated, N is the first predetermined threshold value, and M is the second predetermined threshold value.
Wherein, the probable value that the target device according to the leak analysis is attacked by attack, including:
Obtain the second influence degree value of each described leak each respectively to the target device;
According to the second influence degree value of each described leak each respectively to the target device, according to equation below
Calculate the probable value that the target device is attacked by attack:
T=Vmax+logx(V’);
Wherein, T is the probable value, VmaxFor highest the second influence degree value in all second influence degree values;
V ' is other all second influence degrees in addition to highest the second influence degree value in all second influence degree values
The summation of value, X is the 3rd predetermined threshold value.
Wherein, it is described to obtain the first influence degree of each target attack behavior each respectively to the target device
Value, including:
For each target attack behavior, the target attack behavior is obtained to the of the confidentiality of the target device
Three influence degree values, to the 3rd influence degree value of the integrality of the target device, to the 3rd of the availability of the equipment the
3rd influence degree value of influence degree value and business correlation to the target device;
According to threeth influence degree value of the target attack behavior to the confidentiality of the target device, to the target
3rd influence degree value of the integrality of equipment, the 3rd influence degree value to the availability of the equipment and to the target
3rd influence degree value of the business correlation of equipment, calculates the target attack behavior according to equation below and the target is set
The first standby influence degree value:
Wherein, S is first influence degree value of the target attack behavior to the target device, and c is that the target is attacked
Threeth influence degree value of the behavior to the confidentiality of the target device is hit, i is that the target attack behavior is set to the target
3rd influence degree value of standby integrality, a is threeth shadow of the target attack behavior to the availability of the target device
Degree value is rung, and b is threeth influence degree value of the target attack behavior to the business correlation of equipment;X is the 4th pre-
If threshold value, Y is the 5th predetermined threshold value.
Wherein, it is described according to the apparatus value, the probable value and the target attack behavior to the of target device
One influence degree value, calculates second value-at-risk of the target attack behavior to the target device, including:
For each target attack behavior, according to the apparatus value, the probable value and the target attack behavior
To the first influence degree value of the target device, the target attack behavior is calculated to the target device according to equation below
The second value-at-risk;
R=W*T*S;
Wherein, R is second value-at-risk of the target attack behavior to the target device, and S is the target attack row
For the first influence degree value to the target device.
Wherein, second value-at-risk according to each target attack behavior each respectively to the target device, meter
First value-at-risk of all target attack behaviors to the target device is calculated, including:
According to the second value-at-risk of each target attack behavior each respectively to the target device, all targets are calculated
First value-at-risk of the attack to the target device:
Q=Rmax+logk(R’);
Wherein, Q is all target attack behaviors to the first value-at-risk of the target device, RmaxFor in each target
Attack is each respectively to the value-at-risk of highest second in the second value-at-risk of the target device;R ' is in each mesh
Attack is marked each respectively to other in addition to the value-at-risk of highest second in the second value-at-risk of the target device
The summation of all second value-at-risks, K is the 6th predetermined threshold value.
Second aspect according to embodiments of the present invention includes there is provided a kind of risk value calculation apparatus, described device:
First acquisition module, the apparatus value for obtaining target device;
Second acquisition module, the leak for obtaining the target device itself presence, the leak can be gone by attack
The target device is attacked for utilization;Analysis module, for according to the leak analysis target device by attack
The probable value of attack;
Statistical module, for counting the target attack behavior of the target device that can enough be attacked using the leak, the
Three acquisition modules, for obtaining the first influence degree value of each target attack behavior each respectively to the target device;
First computing module, for according to the apparatus value, the probable value and each target attack behavior each
Respectively to the first influence degree value of the target device, first wind of all target attack behaviors to the target device is calculated
Danger value.
Wherein, the first computing module includes:
First computing unit, for for each target attack behavior, according to the apparatus value, the probable value and
The target attack behavior calculates the target attack behavior to the target to the first influence degree value of the target device
Second value-at-risk of equipment;
Second computing unit, for the second wind according to each target attack behavior each respectively to the target device
Danger value, calculates first value-at-risk of all target attack behaviors to the target device.
Wherein, first acquisition module includes:
First acquisition unit, confidentiality, integrality, availability and business correlation for obtaining the target device;
3rd computing unit, for related to the business according to the confidentiality, the integrality, the availability
Property, the apparatus value for obtaining the target device is calculated according to equation below:
Wherein, W is the apparatus value, and C is the confidentiality, and I is the integrality, and A is the availability, and B is institute
Business correlation is stated, N is the first predetermined threshold value, and M is the second predetermined threshold value.
Wherein, the analysis module includes:
Second acquisition unit, each journey is influenceed for obtaining each described leak on the second of the target device respectively
Angle value;
4th computing unit, for each influenceing journey to the second of the target device respectively according to each described leak
Angle value, the probable value that the target device is attacked by attack is calculated according to equation below:
T=Vmax+logx(V’);
Wherein, T is the probable value, VmaxFor highest the second influence degree value in all second influence degree values;
V ' is other all second influence degrees in addition to highest the second influence degree value in all second influence degree values
The summation of value, X is the 3rd predetermined threshold value.
Wherein, the 3rd acquisition module includes:
3rd acquiring unit, for for each target attack behavior, obtaining the target attack behavior to the mesh
3rd influence degree value of the confidentiality of marking device, to the 3rd influence degree value of the integrality of the target device, to described
3rd influence degree value of the 3rd influence degree value of the availability of equipment and the business correlation to the target device;
5th computing unit, for the 3rd influence according to the target attack behavior on the confidentiality of the target device
Degree value, to the 3rd influence degree value of the integrality of the target device, on the 3rd influence journey of the availability of the equipment
3rd influence degree value of angle value and business correlation to the target device, calculates the target according to equation below and attacks
Hit first influence degree value of the behavior to the target device:
Wherein, S is first influence degree value of the target attack behavior to the target device, and c is that the target is attacked
Threeth influence degree value of the behavior to the confidentiality of the target device is hit, i is that the target attack behavior is set to the target
3rd influence degree value of standby integrality, a is threeth shadow of the target attack behavior to the availability of the target device
Degree value is rung, and b is threeth influence degree value of the target attack behavior to the business correlation of equipment;X is the 4th pre-
If threshold value, Y is the 5th predetermined threshold value.
Wherein, first computing unit specifically for:
For each target attack behavior, according to the apparatus value, the probable value and the target attack behavior
To the first influence degree value of the target device, the target attack behavior is calculated to the target device according to equation below
The second value-at-risk;
R=W*T*S;
Wherein, R is second value-at-risk of the target attack behavior to the target device, and S is the target attack row
For the first influence degree value to the target device.
Second computing unit specifically for:
According to the second value-at-risk of each target attack behavior each respectively to the target device, all targets are calculated
First value-at-risk of the attack to the target device:
Q=Rmax+logk(R’);
Wherein, Q is all target attack behaviors to the first value-at-risk of the target device, RmaxFor in each target
Attack is each respectively to the value-at-risk of highest second in the second value-at-risk of the target device;R ' is in each mesh
Attack is marked each respectively to other in addition to the value-at-risk of highest second in the second value-at-risk of the target device
The summation of all second value-at-risks, K is the 6th predetermined threshold value.
The third aspect according to embodiments of the present invention is applied to business there is provided a kind of risk value calculating method, methods described
System, the operation system includes multiple target devices, and methods described includes:
Obtain the first value-at-risk of each target device in the operation system, the first value-at-risk of each target device
According to:Probable value that the apparatus value of the target device, the target device gone out according to leak analysis are attacked by attack and
According to first influence degree value of the corresponding each target attack row of the target device to the target device, gained is calculated;
According to the value-at-risk of each target device, the value-at-risk of the operation system is calculated according to equation below:
U=Qmax+logk(Q’);
Wherein, U is the value-at-risk of the operation system, QmaxFor each target device in the operation system
The value-at-risk of highest first in first value-at-risk;Q ' is the first risk of each target device in the operation system
The summation of all first value-at-risks of other in addition to the value-at-risk of highest first in value;K is the 6th predetermined threshold value.
Fourth aspect according to embodiments of the present invention is applied to business there is provided a kind of risk value calculation apparatus, described device
System, the operation system includes multiple target devices, it is characterised in that described device includes:
4th acquisition module, the first value-at-risk for obtaining each target device in the operation system, each mesh
First value-at-risk of marking device according to:The apparatus value of the target device, the target device gone out according to leak analysis are attacked
Behavior attack probable value and according to first influence degree of the corresponding each target attack row of the target device to the target device
Value, calculates gained;
Second computing module, for the value-at-risk according to each target device, the business is calculated according to equation below
The value-at-risk of system:
U=Qmax+logk(Q’);
Wherein, U is the value-at-risk of the operation system, QmaxFor each target device in the operation system
The value-at-risk of highest first in first value-at-risk;Q ' is the first risk of each target device in the operation system
The summation of all first value-at-risks of other in addition to the value-at-risk of highest first in value;K is the 6th predetermined threshold value.
Technical scheme provided in an embodiment of the present invention can include the following benefits:
Wherein, the first value-at-risk of target device should be attacked depending on apparatus value, the target device of target device
The the first influence degree value of the probable value and each target attack behavior of behavior attack each respectively to target device.
The probable value that target device is attacked by attack should depend on the leak that target device itself is present, and with attacking
The first influence degree value that behavior is hit to target device is unrelated.
Target attack behavior to the first influence degree value of target device should depend on target device apparatus value and
Target attack behavior the 3rd influence degree value respectively to the integrality of target device, the 3rd shadow to the confidentiality of target device
Ring the 3rd influence of degree value, the 3rd influence degree value on the availability of target device and the business correlation on target device
Degree value, it is unrelated with the leak that target device itself is present.
But, in the prior art, the probable value that equipment is attacked be according to equipment itself exist each leak each
The the first influence degree value of the second influence degree value and each attack each respectively to equipment respectively to equipment is calculated
Obtain, include this dependent variable that should not be included:The first influence degree of each attack each respectively to equipment
Value.
And, in the prior art, attack be to the first influence degree value of equipment according to equipment attacked it is general
The apparatus value of rate value and equipment calculates what is obtained, that is, attack is according to equipment itself to the first value-at-risk of equipment
What the apparatus value calculating of the second influence degree value and equipment of each leak existed each respectively to equipment was obtained, including
This dependent variable that should not do not included:The second influence degree of each leak that equipment itself is present each respectively to equipment
Value.
Therefore, all target attack behaviors calculated according to risk value calculating method of the prior art are to target device
Value-at-risk it is inaccurate, and in embodiments of the present invention, obtain the apparatus value of target device;Target device itself is obtained to exist
Leak, the leak can by attack utilization target of attack equipment;The leak analysis existed according to target device itself
The probable value that target device is attacked by attack;The leak target of attack equipment that statistics can exist using target device itself
Target attack behavior;Obtain the first influence degree value of each target attack behavior each respectively to target device;According to
The probable value and each target attack behavior that the apparatus value, target device are attacked by attack are each set to target respectively
The first standby influence degree value, calculates first value-at-risk of all target attack behaviors to target device.
It can be seen that, target device in the embodiment of the present invention is according to target device itself by the probable value that attack is attacked
What the leak of presence was obtained, all target attack behaviors are to equipment valency that the first value-at-risk of target device is according to target device
Probable value that value, target device are attacked by attack and each target attack behavior each respectively to target device first
What influence degree was worth to, compared to prior art, obtained all target attack behaviors pair are calculated by the embodiment of the present invention
The degree of accuracy of first value-at-risk of target device is higher.
It should be appreciated that the general description of the above and detailed description hereinafter are only exemplary and explanatory, not
The embodiment of the present invention can be limited.
Brief description of the drawings
Accompanying drawing herein is merged in specification and constitutes the part of this specification, shows the implementation for meeting the present invention
Example, and be used to together with specification to explain the principle of the embodiment of the present invention.
Fig. 1 is a kind of flow chart of risk value calculating method according to an exemplary embodiment;
Fig. 2 is a kind of flow chart of risk value calculating method according to an exemplary embodiment;
Fig. 3 is a kind of block diagram of risk value calculation apparatus according to an exemplary embodiment.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the embodiment of the present invention.On the contrary, they be only with
As be described in detail in the appended claims, embodiment of the present invention some in terms of consistent apparatus and method example.
Fig. 1 is a kind of flow chart of risk value calculating method according to an exemplary embodiment, as shown in figure 1, should
Method is used in equipment, and this method comprises the following steps.
In step S101, the apparatus value of target device is obtained;
In embodiments of the present invention, target device can be computer, server, router or the interchanger in enterprise
Deng.
In embodiments of the present invention, the apparatus value of target device is at least embodied by following four:The secret of target device
Property, integrality, availability and business correlation.
Wherein, the confidentiality of target device includes:The degree of secrecy of the business data stored in target device.If storage
Business data degree of secrecy it is higher, then after target device is attacked, the secret of enterprise can be caused to be stolen, so to enterprise
The interests of industry bring very big loss.If the degree of secrecy of the business data of storage is relatively low, after target device is attacked, i.e.,
Make to cause the data of storage to be stolen, and then the interests of enterprise are brought compared with small loss.
The integrality of target device includes:The significance level of the data of the enterprise stored in target device.If target is set
The business data of standby middle storage is more complete, then illustrates that the significance level of business data stored in target device is higher, then in mesh
After marking device is attacked, the corrupted data or target device of enterprise can be caused to delay machine, and then bring very big to the interests of enterprise
Loss.If the business data stored in target device is more incomplete, the business data for illustrating to store in target device it is important
Degree is relatively low, then after target device is attacked, the machine even if corrupted data or target device of enterprise are delayed, and then to enterprise
Interests are brought compared with small loss.
The availability of target device includes:The duration that the business data stored in target device is used daily.If deposited
The duration that the business data of storage is used daily is longer, then after target device is attacked, can cause enterprise corrupted data or
Person's target device is delayed machine, so cause the duration that the business data stored in target device is used with should this duration for using
Between gap it is larger, and then very big loss is brought to the interests of enterprise.If the duration that the business data of storage is used daily
It is shorter, then after target device is attacked, the corrupted data or target device of enterprise can be caused to delay machine, and then target is set
Duration that the business data of standby middle storage is used and should between this duration for using gap it is smaller, and then to the interests of enterprise
Very little is brought to lose.
The business correlation of target device includes:The quantity of the business stored in target device is used the need in enterprise.
If using the quantity of the business stored in target device more the need in enterprise, after target device is attacked, if
The business data of storage is damaged, then the more business in enterprise can be caused not run normally, so to the loss of enterprise compared with
Greatly.If using the negligible amounts of the business stored in target device the need in enterprise, after target device is attacked, such as
The business data of fruit storage is damaged, then the less business only resulted in enterprise can not normally be run, the major part in enterprise
Business can continue normal operation, and then smaller to the loss of enterprise.
In embodiments of the present invention, technical staff can assess confidentiality, integrality, availability and the industry of target device in advance
Business correlation, and the confidentiality of target device, integrality, availability and business correlation are stored in locally, therefore, in this step
, can be directly from local confidentiality, integrality, availability and the business correlation for obtaining target device, then according to mesh in rapid
Marking device confidentiality, integrality, availability and business correlation, the equipment valency for obtaining target device is calculated according to equation below
Value:
Wherein, W is the apparatus value of target device, and C is the confidentiality of target device, and I is the integrality of target device, A
For the availability of target device, and the business correlation that B is target device, N is the first predetermined threshold value, and M is the second default threshold
Value.
Wherein, N and M can be with identical, can also be different, and the embodiment of the present invention is not limited to this.The embodiment of the present invention
Middle N and M can be 2.
In step s 102, the leak that target device itself is present is obtained, the leak can be utilized and attacked by attack
Hit target device;
In embodiments of the present invention, it is possible to use verify instrument in the leak locally pre-set, target device is carried out
Scanning comprehensively, the leak that target device itself is present is separated out by scanning result total score.
Attack includes:Cut off the power supply of target device, wooden horse or virus are implanted into target device, and damage mesh
Hardware element in marking device etc..
In step s 103, according to target device itself exist leak analysis target device by attack attack it is general
Rate value;
In this step, the second influence degree value of each leak each respectively to target device can be first obtained, so
The second influence degree value further according to each leak each respectively to target device, target device is calculated according to equation below afterwards
The probable value attacked by attack:
T=Vmax+logx(V’);
Wherein, T is the probable value that target device is attacked by attack, VmaxFor in each leak each respectively to mesh
Highest the second influence degree value in the influence degree value of marking device;V ' is each respectively to target device in each leak
The second influence degree value in other all second influence degree values in addition to highest the second influence degree value summation;
X is the 3rd predetermined threshold value, and X can be 10 etc., and the embodiment of the present invention is not limited to this.
In embodiments of the present invention, different leaks is different to the influence degree value of target device.For any one leakage
Hole, technical staff can assess second influence degree value of the leak to target device in advance, and the leak of the leak is identified
One record is constituted to the second influence degree value of target device with the leak, and is stored in the leak mark being locally stored and leakage
Hole is in the corresponding relation between the influence degree value of target device, for other each leaks, equally performing aforesaid operations.
Therefore, in embodiments of the present invention, the influence degree value of each leak each respectively to target device is being obtained
When, any one leak existed for target device itself can be according to the leak mark and leak being locally stored to target
Corresponding relation between the influence degree value of equipment, it is determined that the influence degree value corresponding with the leak mark of the leak, and make
For the second influence degree value of the influence degree value of this pair of target device.Other each leakages existed for target device itself
Hole, equally performs aforesaid operations, can so obtain the second influence degree value of each leak each respectively to target device.
In step S104, the target attack for the leak target of attack equipment that statistics can exist using target device itself
Behavior;
In embodiments of the present invention, for the leak that may be present of any one in target device, technical staff in advance can
Count:When there is the leak in target device, it is possible to use all attacks of the leak target of attack equipment, and will
The leak mark of the leak is recorded and stored with that can constitute one using all attacks of the leak target of attack equipment
In corresponding relation between the leak mark being locally stored and attack.For other in target device, each may be deposited
Leak, same execution aforesaid operations.
Therefore, in this step, any one leakage existed for the target device itself determined in step s 102
Hole, can be according to the corresponding relation between the leak mark being locally stored and attack, it is determined that being identified with the leak of the leak
Corresponding all attacks, other each leaks existed for the target device itself determined in step S102,
It is same to perform aforesaid operations, all attacks determined then are defined as target attack behavior.
In step S105, the first influence degree of each target attack behavior each respectively to target device is obtained
Value;
In embodiments of the present invention, the apparatus value of target device be at least by the confidentiality of target device, integrality, can
Embodied with property and business correlation.It is right after leak target of attack equipment of the attack using target device itself presence
First influence degree value of target device is also mainly reflected in the confidentiality to target device, integrality, availability and business
In the influence degree of at least one of correlation.
For any one may target of attack equipment attack, technical staff can assess the attack in advance
After target of attack equipment, to the 3rd influence degree value of the confidentiality of target device, and by the attack and the attack
Behavior is stored in the attack being locally stored and the influence of confidentiality to the 3rd influence degree value of the confidentiality of target device
In corresponding relation between degree value.And after assessing the attack target of attack equipment, to the integrality of target device
The 3rd influence degree value, and by the 3rd influence degree value of the attack and the attack to the integrality of target device
It is stored in the corresponding relation between the attack being locally stored and the influence degree value of integrality.And assess the attack row
After target of attack equipment, to the 3rd influence degree value of the availability of target device, and by the attack and the attack
Behavior is stored in the attack being locally stored and the influence of availability to the 3rd influence degree value of the availability of target device
In corresponding relation between degree value.And after assessing the attack target of attack equipment, to the business phase of target device
3rd influence degree value of closing property, and by the attack and threeth shadow of the attack to the business correlation of target device
Degree value is rung to be stored in the corresponding relation between the influence degree value for the attack and business correlation being locally stored.For
Other each may target of attack equipment attack, equally perform aforesaid operations.
Therefore, in this step, for any one target attack behavior, can according to the attack that is locally stored with
Corresponding relation between the influence degree value of confidentiality, it is determined that the influence degree of the confidentiality corresponding with the target attack behavior
Value, and it is used as threeth influence degree value of the target attack behavior to the confidentiality of target device.Then basis is locally stored
Corresponding relation between attack and the influence degree value of confidentiality, it is determined that the confidentiality corresponding with the target attack behavior
Influence degree value, and be used as threeth influence degree value of the target attack behavior to the confidentiality of target device.Further according to this
Corresponding relation between the attack of ground storage and the influence degree value of availability, it is determined that corresponding with the target attack behavior
Availability influence degree value, and be used as threeth influence degree value of the target attack behavior to the availability of target device.
Afterwards according to the corresponding relation between the attack that is locally stored and the influence degree value of business correlation, it is determined that with the target
The influence degree value of the corresponding business correlation of attack, and it is used as business phase of the target attack behavior to target device
3rd influence degree value of closing property.For other each target attack behaviors, aforesaid operations are equally performed.
For any one target attack behavior, the target attack behavior is being obtained to the 3rd of the confidentiality of target device
Influence degree value, the 3rd influence degree value to the integrality of target device, the 3rd influence degree value of the availability to equipment
And to the 3rd influence degree value of the business correlation of target device after, target can be set according to the target attack behavior
3rd influence degree value of standby confidentiality, the 3rd influence degree value, the availability to equipment to the integrality of target device
The 3rd influence degree value and business correlation to target device the 3rd influence degree value, being calculated according to equation below should
First influence degree value of the target attack behavior to target device:
Wherein, S is first influence degree value of the target attack behavior to target device, and c is the target attack behavior pair
3rd influence degree value of the confidentiality of target device, i is threeth shadow of the target attack behavior to the integrality of target device
Degree value is rung, a is threeth influence degree value of the target attack behavior to the availability of target device, and b is that the target is attacked
Hit threeth influence degree value of the behavior to the business correlation of equipment;Z is the 4th predetermined threshold value, and Y is the 5th predetermined threshold value.Its
In, Z and Y can be with identical, can also be different, and the embodiment of the present invention is not limited to this.Z and Y can be with the embodiment of the present invention
It is 2.
For other each target attack behaviors, aforesaid operations are equally performed.
In step s 106, the probable value attacked according to the apparatus value, target device by attack and each mesh
The the first influence degree value of attack each respectively to target device is marked, all target attack behaviors are calculated to target device
First value-at-risk.
Wherein, the first value-at-risk of target device should be attacked depending on apparatus value, the target device of target device
The the first influence degree value of the probable value and each target attack behavior of behavior attack each respectively to target device.
The probable value that target device is attacked by attack should depend on the leak that target device itself is present, and with attacking
The first influence degree value that behavior is hit to target device is unrelated.
Target attack behavior to the first influence degree value of target device should depend on target device apparatus value and
Target attack behavior the 3rd influence degree value respectively to the integrality of target device, the 3rd shadow to the confidentiality of target device
Ring the 3rd influence of degree value, the 3rd influence degree value on the availability of target device and the business correlation on target device
Degree value, it is unrelated with the leak that target device itself is present.
But, in the prior art, the probable value that equipment is attacked be according to equipment itself exist each leak each
The the first influence degree value of the second influence degree value and each attack each respectively to equipment respectively to equipment is calculated
Obtain, include this dependent variable that should not be included:The first influence degree of each attack each respectively to equipment
Value.
And, in the prior art, attack be to the first influence degree value of equipment according to equipment attacked it is general
The apparatus value of rate value and equipment calculates what is obtained, that is, attack is according to equipment itself to the first value-at-risk of equipment
What the apparatus value calculating of the second influence degree value and equipment of each leak existed each respectively to equipment was obtained, including
This dependent variable that should not do not included:The second influence degree of each leak that equipment itself is present each respectively to equipment
Value.
Therefore, all target attack behaviors calculated according to risk value calculating method of the prior art are to target device
Value-at-risk it is inaccurate, and in embodiments of the present invention, obtain the apparatus value of target device;Target device itself is obtained to exist
Leak, the leak can by attack utilization target of attack equipment;The leak analysis existed according to target device itself
The probable value that target device is attacked by attack;The leak target of attack equipment that statistics can exist using target device itself
Target attack behavior;Obtain the first influence degree value of each target attack behavior each respectively to target device;According to
The probable value and each target attack behavior that the apparatus value, target device are attacked by attack are each set to target respectively
The first standby influence degree value, calculates first value-at-risk of all target attack behaviors to target device.
It can be seen that, target device in the embodiment of the present invention is according to target device itself by the probable value that attack is attacked
What the leak of presence was obtained, all target attack behaviors are to equipment valency that the first value-at-risk of target device is according to target device
Probable value that value, target device are attacked by attack and each target attack behavior each respectively to target device first
What influence degree was worth to, compared to prior art, obtained all target attack behaviors pair are calculated by the embodiment of the present invention
The degree of accuracy of first value-at-risk of target device is higher.
In an alternative embodiment of the invention, referring to Fig. 2, step S106 includes:
In step s 201, for each target attack behavior, according to the apparatus value, target device by attack
The probable value of attack and the target attack behavior calculate the target attack behavior to mesh to the first influence degree value of target device
Second value-at-risk of marking device;
For any one target attack behavior, the probability attacked according to the apparatus value, target device by attack
Value and the target attack behavior calculate the target attack behavior pair to the first influence degree value of target device according to equation below
Second value-at-risk of target device:
R=W*T*S;
Wherein, R is second value-at-risk of the target attack behavior to target device, and S is the target attack behavior to target
First influence degree value of equipment.
In step S202, according to the second value-at-risk of each target attack behavior each respectively to target device, meter
Calculate first value-at-risk of all target attack behaviors to target device.
According to the second value-at-risk of each target attack behavior each respectively to target device, calculated according to equation below
First value-at-risk of all target attack behaviors to target device:
Q=Rmax+logk(R’);
Wherein, Q is all target attack behaviors to the first value-at-risk of target device, RmaxFor in each target attack
Behavior is each respectively to the value-at-risk of highest second in the second value-at-risk of target device;R ' is in each target attack row
For each respectively to all second risks of other in addition to the value-at-risk of highest second in the second value-at-risk of target device
The summation of value;K is the 6th predetermined threshold value, and K can be 10 etc., and the embodiment of the present invention is not limited to this.
Wherein, in the prior art, it is by the second wind in each target attack behavior each respectively to target device
The value-at-risk of highest second in the value of danger calculates precision as the first value-at-risk of all target attack behaviors to target device
It is relatively low.
And in embodiments of the present invention, all target attack behaviors are not only to depend on to the first value-at-risk of target device
The value-at-risk of highest second in the second value-at-risk of each target attack behavior each respectively to target device, but together
When the second value-at-risk depending on each target attack behavior each respectively to target device, therefore, compared to prior art,
The embodiment of the present invention can improve the degree of accuracy of all target attack behaviors of calculating to the first value-at-risk of target device.
Further, in embodiments of the present invention, when obtaining first risk of all target attack behaviors to target device
After value, in order to reduce the first value-at-risk of target device, the embodiment of the present invention can apply defensive measure to target device.
Wherein, in advance a variety of defensive measures can be locally located in technical staff, and different defensive measures are attacked for different
Behavior and leak are hit, therefore, it can the leak existed according to target device itself, and can exist using target device itself
Leak target of attack equipment attack, from the multiple defensive measures pre-set determine a defensive measure, utilize
The defensive measure determined is repaired to target terminal, and then reduces the first value-at-risk of target device.
However, technical staff is different in the validity of local each defensive measure of equipment in advance, there are some defence to arrange
Zero can be reduced to by the first value-at-risk of target device by applying, and have some defensive measures only to reduce a part for target device
First value-at-risk.
Therefore, after being repaired using the defensive measure determined to target terminal, in addition it is also necessary to according to equation below,
Determine the residual risk value of target device:
Q '=Q* (1-P);
Q ' is the residual risk value of target device, and P is the validity for the defensive measure determined, in the embodiment of the present invention
In, the validity bit of defensive measure is between 0~1.
Further, in an alternative embodiment of the invention, multiple target devices constitute an operation system, for business system
Each target device in system, obtains the first value-at-risk that Q is referred to as target device by being calculated in step S202, is calculating
, can be according to the first value-at-risk of each target device, according to following public affairs after first value-at-risk of each target device
Formula calculates the value-at-risk of operation system:
U=Qmax+logk(Q’);
Wherein, U is the value-at-risk of operation system, QmaxFor the highest in the first value-at-risk of each target device
First value-at-risk;Q ' is other institutes in addition to the value-at-risk of highest first in the first value-at-risk of each target device
There is the summation of the first value-at-risk;K is the 6th predetermined threshold value, and K can be 10 etc., and the embodiment of the present invention is not limited to this.
Wherein, in the prior art, it is by the risk of highest first in the first value-at-risk of each target device
Value calculates precision relatively low as operation system value-at-risk.
And in embodiments of the present invention, the value-at-risk of all operation systems is not dependent only on each target device
The value-at-risk of highest first in first value-at-risk, but the first value-at-risk of each target device is depended on simultaneously, therefore,
Compared to prior art, the embodiment of the present invention can improve the degree of accuracy of the value-at-risk of all operation systems of calculating.
Further, in embodiments of the present invention, after the value-at-risk of operation system is obtained, in order to reduce operation system
Value-at-risk, the embodiment of the present invention can to operation system apply defensive measure.
Wherein, in advance a variety of defensive measures can be locally located in technical staff, and different defensive measures are attacked for different
Behavior and leak are hit, therefore, it can the leak that the target device itself in operation system is present, and business can be utilized
The attack for the leak attack traffic system that target device itself in system is present, from the multiple defensive measures pre-set
One defensive measure of middle determination, is repaired using the defensive measure determined to the target terminal in operation system, and then is dropped
The value-at-risk of low operation system.
However, technical staff is different in the validity of local each defensive measure of equipment in advance, there are some defence to arrange
Zero can be reduced to by the value-at-risk of operation system by applying, and have some defensive measures only to reduce a part of risk of operation system
Value.
Therefore, after being repaired using the defensive measure determined to the target terminal in operation system, in addition it is also necessary to
According to equation below, the residual risk value of operation system is determined:
U '=U* (1-P);
Q ' is the residual risk value of operation system, and P is the validity for the defensive measure determined, in the embodiment of the present invention
In, the validity bit of defensive measure is between 0~1.
Fig. 3 is a kind of block diagram of risk value calculation apparatus according to an exemplary embodiment.Reference picture 3, the device
Including:
First acquisition module 11, the apparatus value for obtaining target device;
Second acquisition module 12, the leak for obtaining the target device itself presence, the leak can be attacked
Behavioral availability and attack the target device;Analysis module 13, is attacked for the target device according to the leak analysis
The probable value of behavior attack;
Statistical module 14, the target attack behavior of the target device can be enough attacked for counting using the leak,
3rd acquisition module 15, for obtaining the first influence degree of each target attack behavior each respectively to the target device
Value;
First computing module 16, for each according to the apparatus value, the probable value and each target attack behavior
From the first influence degree value respectively to the target device, all target attack behaviors are calculated to the first of the target device
Value-at-risk.
Wherein, the first computing module 16 includes:
First computing unit, for for each target attack behavior, according to the apparatus value, the probable value and
The target attack behavior calculates the target attack behavior to the target to the first influence degree value of the target device
Second value-at-risk of equipment;
Second computing unit, for the second wind according to each target attack behavior each respectively to the target device
Danger value, calculates first value-at-risk of all target attack behaviors to the target device.
Wherein, first acquisition module includes:
First acquisition unit, confidentiality, integrality, availability and business correlation for obtaining the target device;
3rd computing unit, for related to the business according to the confidentiality, the integrality, the availability
Property, the apparatus value for obtaining the target device is calculated according to equation below:
Wherein, W is the apparatus value, and C is the confidentiality, and I is the integrality, and A is the availability, and B is institute
Business correlation is stated, N is the first predetermined threshold value, and M is the second predetermined threshold value.
Wherein, the analysis module 13 includes:
Second acquisition unit, each journey is influenceed for obtaining each described leak on the second of the target device respectively
Angle value;
4th computing unit, for each influenceing journey to the second of the target device respectively according to each described leak
Angle value, the probable value that the target device is attacked by attack is calculated according to equation below:
T=Vmax+logx(V’);
Wherein, T is the probable value, VmaxFor highest the second influence degree value in all second influence degree values;
V ' is other all second influence degrees in addition to highest the second influence degree value in all second influence degree values
The summation of value, X is the 3rd predetermined threshold value.
Wherein, the 3rd acquisition module 15 includes:
3rd acquiring unit, for for each target attack behavior, obtaining the target attack behavior to the mesh
3rd influence degree value of the confidentiality of marking device, to the 3rd influence degree value of the integrality of the target device, to described
3rd influence degree value of the 3rd influence degree value of the availability of equipment and the business correlation to the target device;
5th computing unit, for the 3rd influence according to the target attack behavior on the confidentiality of the target device
Degree value, to the 3rd influence degree value of the integrality of the target device, on the 3rd influence journey of the availability of the equipment
3rd influence degree value of angle value and business correlation to the target device, calculates the target according to equation below and attacks
Hit first influence degree value of the behavior to the target device:
Wherein, S is first influence degree value of the target attack behavior to the target device, and c is that the target is attacked
Threeth influence degree value of the behavior to the confidentiality of the target device is hit, i is that the target attack behavior is set to the target
3rd influence degree value of standby integrality, a is threeth shadow of the target attack behavior to the availability of the target device
Degree value is rung, and b is threeth influence degree value of the target attack behavior to the business correlation of equipment;X is the 4th pre-
If threshold value, Y is the 5th predetermined threshold value.
Wherein, first computing unit specifically for:
For each target attack behavior, according to the apparatus value, the probable value and the target attack behavior
To the first influence degree value of the target device, the target attack behavior is calculated to the target device according to equation below
The second value-at-risk;
R=W*T*S;
Wherein, R is second value-at-risk of the target attack behavior to the target device, and S is the target attack row
For the first influence degree value to the target device.
Second computing unit specifically for:
According to the second value-at-risk of each target attack behavior each respectively to the target device, all targets are calculated
First value-at-risk of the attack to the target device:
Q=Rmax+logk(R’);
Wherein, Q is all target attack behaviors to the first value-at-risk of the target device, RmaxFor in each target
Attack is each respectively to the value-at-risk of highest second in the second value-at-risk of the target device;R ' is in each mesh
Attack is marked each respectively to other in addition to the value-at-risk of highest second in the second value-at-risk of the target device
The summation of all second value-at-risks, K is the 6th predetermined threshold value.
Technical scheme provided in an embodiment of the present invention can include the following benefits:
Wherein, the first value-at-risk of target device should be attacked depending on apparatus value, the target device of target device
The the first influence degree value of the probable value and each target attack behavior of behavior attack each respectively to target device.
The probable value that target device is attacked by attack should depend on the leak that target device itself is present, and with attacking
The first influence degree value that behavior is hit to target device is unrelated.
Target attack behavior to the first influence degree value of target device should depend on target device apparatus value and
Target attack behavior the 3rd influence degree value respectively to the integrality of target device, the 3rd shadow to the confidentiality of target device
Ring the 3rd influence of degree value, the 3rd influence degree value on the availability of target device and the business correlation on target device
Degree value, it is unrelated with the leak that target device itself is present.
But, in the prior art, the probable value that equipment is attacked be according to equipment itself exist each leak each
The the first influence degree value of the second influence degree value and each attack each respectively to equipment respectively to equipment is calculated
Obtain, include this dependent variable that should not be included:The first influence degree of each attack each respectively to equipment
Value.
And, in the prior art, attack be to the first influence degree value of equipment according to equipment attacked it is general
The apparatus value of rate value and equipment calculates what is obtained, that is, attack is according to equipment itself to the first value-at-risk of equipment
What the apparatus value calculating of the second influence degree value and equipment of each leak existed each respectively to equipment was obtained, including
This dependent variable that should not do not included:The second influence degree of each leak that equipment itself is present each respectively to equipment
Value.
Therefore, all target attack behaviors calculated according to risk value calculating method of the prior art are to target device
Value-at-risk it is inaccurate, and in embodiments of the present invention, obtain the apparatus value of target device;Target device itself is obtained to exist
Leak, the leak can by attack utilization target of attack equipment;The leak analysis existed according to target device itself
The probable value that target device is attacked by attack;The leak target of attack equipment that statistics can exist using target device itself
Target attack behavior;Obtain the first influence degree value of each target attack behavior each respectively to target device;According to
The probable value and each target attack behavior that the apparatus value, target device are attacked by attack are each set to target respectively
The first standby influence degree value, calculates first value-at-risk of all target attack behaviors to target device.
It can be seen that, target device in the embodiment of the present invention is according to target device itself by the probable value that attack is attacked
What the leak of presence was obtained, all target attack behaviors are to equipment valency that the first value-at-risk of target device is according to target device
Probable value that value, target device are attacked by attack and each target attack behavior each respectively to target device first
What influence degree was worth to, compared to prior art, obtained all target attack behaviors pair are calculated by the embodiment of the present invention
The degree of accuracy of first value-at-risk of target device is higher.
On the device in above-described embodiment, wherein modules perform the concrete mode of operation in relevant this method
Embodiment in be described in detail, explanation will be not set forth in detail herein.
Those skilled in the art will readily occur to its of the present invention after considering specification and putting into practice invention disclosed herein
Its embodiment.The application is intended to any modification, purposes or the adaptations of the embodiment of the present invention, these modifications,
Purposes or adaptations follow the general principle of the embodiment of the present invention and including undocumented skill of the embodiment of the present invention
Common knowledge or conventional techniques in art field.Description and embodiments are considered only as exemplary, the embodiment of the present invention
True scope and spirit pointed out by appended claim.
It should be appreciated that the accurate knot that the embodiment of the present invention is not limited to be described above and is shown in the drawings
Structure, and various modifications and changes can be being carried out without departing from the scope.The scope of the embodiment of the present invention is only by appended right
It is required that to limit.
Claims (10)
1. a kind of risk value calculating method, it is characterised in that methods described includes:
Obtain the apparatus value of target device;
The leak of the target device itself presence is obtained, the leak can be utilized by attack and attack the target and set
It is standby;The probable value that the target device according to the leak analysis is attacked by attack;
Statistics can enough attack the target attack behavior of the target device using the leak, obtain each target attack row
For the first influence degree value each respectively to the target device;
According to the apparatus value, the probable value and each target attack behavior each respectively to the target device
One influence degree value, calculates first value-at-risk of all target attack behaviors to the target device.
2. according to the method described in claim 1, it is characterised in that described according to the apparatus value, the probable value and every
The the first influence degree value of one target attack behavior each respectively to the target device, calculates all target attack behaviors pair
First value-at-risk of the target device, including:
For each target attack behavior, according to the apparatus value, the probable value and the target attack behavior to institute
The first influence degree value of target device is stated, second value-at-risk of the target attack behavior to the target device is calculated;
According to the second value-at-risk of each target attack behavior each respectively to the target device, all target attacks are calculated
First value-at-risk of the behavior to the target device.
3. method according to claim 2, it is characterised in that the apparatus value of the acquisition target device, including:
Obtain confidentiality, integrality, availability and the business correlation of the target device;
According to the confidentiality, the integrality, the availability and the business correlation, calculate and obtain according to equation below
The apparatus value of the target device:
<mrow>
<mi>W</mi>
<mo>=</mo>
<mo>{</mo>
<msub>
<mi>log</mi>
<mi>N</mi>
</msub>
<mfrac>
<mrow>
<msup>
<mi>M</mi>
<mi>C</mi>
</msup>
<mo>+</mo>
<msup>
<mi>M</mi>
<mi>I</mi>
</msup>
<mo>+</mo>
<msup>
<mi>M</mi>
<mi>A</mi>
</msup>
<mo>+</mo>
<msup>
<mi>M</mi>
<mi>B</mi>
</msup>
</mrow>
<mn>4</mn>
</mfrac>
<mo>}</mo>
<mo>;</mo>
</mrow>
Wherein, W is the apparatus value, and C is the confidentiality, and I is the integrality, and A is the availability, and B is the industry
Business correlation, N is the first predetermined threshold value, and M is the second predetermined threshold value.
4. method according to claim 3, it is characterised in that the target device according to the leak analysis is attacked
The probable value of behavior attack is hit, including:
Obtain the second influence degree value of each described leak each respectively to the target device;
According to the second influence degree value of each described leak each respectively to the target device, calculated according to equation below
The probable value that the target device is attacked by attack:
T=Vmax+logx(V’);
Wherein, T is the probable value, VmaxFor highest the second influence degree value in all second influence degree values;V ' is
Other all second influence degree values in addition to highest the second influence degree value in all second influence degree values
Summation, X is the 3rd predetermined threshold value.
5. method according to claim 4, it is characterised in that each target attack behavior of the acquisition is each right respectively
First influence degree value of the target device, including:
For each target attack behavior, threeth shadow of the target attack behavior to the confidentiality of the target device is obtained
Degree value is rung, to the 3rd influence degree value of the integrality of the target device, the 3rd influence on the availability of the equipment
3rd influence degree value of degree value and business correlation to the target device;
According to threeth influence degree value of the target attack behavior to the confidentiality of the target device, to the target device
Integrality the 3rd influence degree value, the 3rd influence degree value to the availability of the equipment and to the target device
Business correlation the 3rd influence degree value, calculate the target attack behavior to the target device according to equation below
First influence degree value:
<mrow>
<mi>S</mi>
<mo>=</mo>
<msub>
<mi>log</mi>
<mi>Y</mi>
</msub>
<msqrt>
<mfrac>
<mrow>
<msup>
<mi>Z</mi>
<mrow>
<mi>C</mi>
<mo>*</mo>
<mi>c</mi>
</mrow>
</msup>
<mo>+</mo>
<msup>
<mi>Z</mi>
<mrow>
<mi>I</mi>
<mo>*</mo>
<mi>i</mi>
</mrow>
</msup>
<mo>+</mo>
<msup>
<mi>Z</mi>
<mrow>
<mi>A</mi>
<mo>*</mo>
<mi>a</mi>
</mrow>
</msup>
<mo>+</mo>
<msup>
<mi>Z</mi>
<mrow>
<mi>B</mi>
<mo>*</mo>
<mi>b</mi>
</mrow>
</msup>
</mrow>
<mn>4</mn>
</mfrac>
</msqrt>
<mo>;</mo>
</mrow>
Wherein, S is first influence degree value of the target attack behavior to the target device, and c is the target attack row
For the 3rd influence degree value of the confidentiality to the target device, i is the target attack behavior to the target device
3rd influence degree value of integrality, a is threeth influence journey of the target attack behavior on the availability of the target device
Angle value, and b are threeth influence degree value of the target attack behavior to the business correlation of equipment;X is the 4th default threshold
Value, Y is the 5th predetermined threshold value.
6. method according to claim 5, it is characterised in that described according to the apparatus value, the probable value and institute
First influence degree value of the target attack behavior to target device is stated, the target attack behavior is calculated to the target device
Second value-at-risk, including:
For each target attack behavior, according to the apparatus value, the probable value and the target attack behavior to institute
The first influence degree value of target device is stated, the target attack behavior is calculated to the of the target device according to equation below
Two value-at-risks;
R=W*T*S;
Wherein, R is second value-at-risk of the target attack behavior to the target device, and S is the target attack behavior pair
First influence degree value of the target device.
7. method according to claim 6, it is characterised in that described each right respectively according to each target attack behavior
Second value-at-risk of the target device, calculates first value-at-risk of all target attack behaviors to the target device, including:
According to the second value-at-risk of each target attack behavior each respectively to the target device, all target attacks are calculated
First value-at-risk of the behavior to the target device:
Q=Rmax+logk(R’);
Wherein, Q is all target attack behaviors to the first value-at-risk of the target device, RmaxFor in each target attack
Behavior is each respectively to the value-at-risk of highest second in the second value-at-risk of the target device;R ' is to be attacked in each target
Behavior is hit each respectively to own other in addition to the value-at-risk of highest second in the second value-at-risk of the target device
The summation of second value-at-risk, K is the 6th predetermined threshold value.
8. a kind of risk value calculating method, methods described is applied to operation system, the operation system includes multiple targets and set
It is standby, it is characterised in that methods described includes:
Obtain the first value-at-risk of each target device in the operation system, the first value-at-risk root of each target device
According to:Probable value and root that the apparatus value of the target device, the target device gone out according to leak analysis are attacked by attack
According to first influence degree value of the corresponding each target attack row of the target device to the target device, gained is calculated;
According to the value-at-risk of each target device, the value-at-risk of the operation system is calculated according to equation below:
U=Qmax+logk(Q’);
Wherein, U is the value-at-risk of the operation system, QmaxFor first of each target device in the operation system
The value-at-risk of highest first in value-at-risk;In the first value-at-risks of the Q ' for each target device in the operation system
All first value-at-risks of other in addition to the value-at-risk of highest first summation;K is the 6th predetermined threshold value.
9. a kind of risk value calculation apparatus, it is characterised in that described device includes:
First acquisition module, the apparatus value for obtaining target device;
Second acquisition module, the leak for obtaining the target device itself presence, the leak can be by attack profit
With and attack the target device;Analysis module, is attacked for the target device according to the leak analysis by attack
Probable value;
Statistical module, can enough attack the target attack behavior of the target device, the 3rd obtains for counting using the leak
Modulus block, for obtaining the first influence degree value of each target attack behavior each respectively to the target device;
Computing module, for according to the apparatus value, the probable value and each target attack behavior each respectively to institute
The first influence degree value of target device is stated, first value-at-risk of all target attack behaviors to the target device is calculated.
10. a kind of risk value calculation apparatus, described device is applied to operation system, the operation system includes multiple targets and set
It is standby, it is characterised in that described device includes:
4th acquisition module, the first value-at-risk for obtaining each target device in the operation system, each target is set
The first standby value-at-risk according to:The apparatus value of the target device, the target device gone out according to leak analysis are by attack
The probable value of attack and according to first influence degree value of the corresponding each target attack row of the target device to the target device,
Calculate gained;
Second computing module, for the value-at-risk according to each target device, the operation system is calculated according to equation below
Value-at-risk:
U=Qmax+logk(Q’);
Wherein, U is the value-at-risk of the operation system, QmaxFor first of each target device in the operation system
The value-at-risk of highest first in value-at-risk;In the first value-at-risks of the Q ' for each target device in the operation system
All first value-at-risks of other in addition to the value-at-risk of highest first summation;K is the 6th predetermined threshold value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611262416.6A CN107203720B (en) | 2016-12-30 | 2016-12-30 | Risk value calculation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611262416.6A CN107203720B (en) | 2016-12-30 | 2016-12-30 | Risk value calculation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107203720A true CN107203720A (en) | 2017-09-26 |
| CN107203720B CN107203720B (en) | 2020-08-07 |
Family
ID=59904521
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611262416.6A Active CN107203720B (en) | 2016-12-30 | 2016-12-30 | Risk value calculation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107203720B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113469584A (en) * | 2021-09-02 | 2021-10-01 | 云账户技术(天津)有限公司 | Risk management method and device for business service operation |
| CN113806751A (en) * | 2021-09-24 | 2021-12-17 | 深信服科技股份有限公司 | Method, device and medium for determining vulnerability and intelligence information activity |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150432A (en) * | 2007-08-24 | 2008-03-26 | 北京启明星辰信息技术有限公司 | An information system risk evaluation method and system |
| US20100332889A1 (en) * | 2009-06-25 | 2010-12-30 | Vmware, Inc. | Management of information technology risk using virtual infrastructures |
| CN102402723A (en) * | 2011-11-03 | 2012-04-04 | 北京谷安天下科技有限公司 | Method and system for detecting security of information assets |
| US20120095946A1 (en) * | 2010-10-14 | 2012-04-19 | The Government Of The United States Of America, As Represented By The Secretary Of The Navy | Coupled METOC/INTEL Risk Assessment |
| CN102799954A (en) * | 2012-07-18 | 2012-11-28 | 中国信息安全测评中心 | Method and system for multi-objective optimization applied to risk assessment |
| CN103023889A (en) * | 2012-11-29 | 2013-04-03 | 武汉华中电力电网技术有限公司 | Safety margin risk quantification method |
-
2016
- 2016-12-30 CN CN201611262416.6A patent/CN107203720B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150432A (en) * | 2007-08-24 | 2008-03-26 | 北京启明星辰信息技术有限公司 | An information system risk evaluation method and system |
| US20100332889A1 (en) * | 2009-06-25 | 2010-12-30 | Vmware, Inc. | Management of information technology risk using virtual infrastructures |
| US20120095946A1 (en) * | 2010-10-14 | 2012-04-19 | The Government Of The United States Of America, As Represented By The Secretary Of The Navy | Coupled METOC/INTEL Risk Assessment |
| CN102402723A (en) * | 2011-11-03 | 2012-04-04 | 北京谷安天下科技有限公司 | Method and system for detecting security of information assets |
| CN102799954A (en) * | 2012-07-18 | 2012-11-28 | 中国信息安全测评中心 | Method and system for multi-objective optimization applied to risk assessment |
| CN103023889A (en) * | 2012-11-29 | 2013-04-03 | 武汉华中电力电网技术有限公司 | Safety margin risk quantification method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113469584A (en) * | 2021-09-02 | 2021-10-01 | 云账户技术(天津)有限公司 | Risk management method and device for business service operation |
| CN113469584B (en) * | 2021-09-02 | 2021-11-16 | 云账户技术(天津)有限公司 | Risk management method and device for business service operation |
| CN113806751A (en) * | 2021-09-24 | 2021-12-17 | 深信服科技股份有限公司 | Method, device and medium for determining vulnerability and intelligence information activity |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107203720B (en) | 2020-08-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10185832B2 (en) | Methods and systems for defending cyber attack in real-time | |
| KR101568224B1 (en) | Analysis device and method for software security | |
| CN104301302B (en) | Go beyond one's commission attack detection method and device | |
| CN103258165A (en) | Processing method and device for leak evaluation | |
| CN101950338A (en) | Bug repair method based on hierarchical bug threat assessment | |
| CN110493179B (en) | Network security situation awareness system and method based on time sequence | |
| CN105205394B (en) | Data detection method and device for intrusion detection | |
| CN113032792B (en) | System business vulnerability detection method, system, equipment and storage medium | |
| CN110598411A (en) | Sensitive information detection method and device, storage medium and computer equipment | |
| CN106254368A (en) | The detection method of Web vulnerability scanning and device | |
| CN103577323B (en) | Based on the software plagiarism detection method of dynamic keyword instruction sequence birthmark | |
| CN107819631A (en) | A kind of unit exception detection method, device and equipment | |
| CN103095485A (en) | Network risk assessment method based on combination of Bayesian algorithm and matrix method | |
| CN107508816A (en) | A kind of attack traffic means of defence and device | |
| CN108108624A (en) | Information security method for evaluating quality and device based on products & services | |
| CN107203720A (en) | risk value calculating method and device | |
| CN107506355A (en) | Object group technology and device | |
| Hassan et al. | Déjà Vu: Side-Channel Analysis of Mozilla's NSS | |
| CN106203100A (en) | A kind of integrity checking method and device | |
| CN106411951A (en) | Network attack behavior detection method and device | |
| Song et al. | A comprehensive approach to detect unknown attacks via intrusion detection alerts | |
| CN113824736B (en) | Asset risk handling method, device, equipment and storage medium | |
| WO2023052728A1 (en) | Method for analyzing the vulnerability of an information system to a cyber attack | |
| CN114553517A (en) | Nonlinear weighted network security assessment method, device, equipment and storage medium | |
| CN106790169A (en) | The means of defence and device of scanning device scanning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: Room 813, 8 / F, 34 Haidian Street, Haidian District, Beijing 100080 Patentee after: BEIJING ULTRAPOWER INFORMATION SAFETY TECHNOLOGY Co.,Ltd. Address before: 100107 Beijing city Haidian District wanquanzhuang Road No. 28 Wanliu new building 6 storey block A room 626 Patentee before: BEIJING ULTRAPOWER INFORMATION SAFETY TECHNOLOGY Co.,Ltd. |