CN109547242A - Network security efficiency evaluation method based on attacking and defending incidence matrix - Google Patents
Network security efficiency evaluation method based on attacking and defending incidence matrix Download PDFInfo
- Publication number
- CN109547242A CN109547242A CN201811358905.0A CN201811358905A CN109547242A CN 109547242 A CN109547242 A CN 109547242A CN 201811358905 A CN201811358905 A CN 201811358905A CN 109547242 A CN109547242 A CN 109547242A
- Authority
- CN
- China
- Prior art keywords
- network
- attack
- value
- performance
- calculating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The network security efficiency evaluation method based on attacking and defending incidence matrix that the present invention relates to a kind of, belongs to field of information security technology.The present invention comprehensively considers systemic defence ability, and network attacked after influence caused by business etc. for providing the performance of system, the performance of core asset and protective capacities, system, pass through the calculating of attacking and defending incidence matrix, using target network under fire front and back changing value, the weight of comprehensive multiple discrete points is cumulative, realizes the evaluation to network security efficiency.
Description
Technical field
The invention belongs to field of information security technology, and in particular to a kind of network security efficiency based on attacking and defending incidence matrix
Evaluation method.
Background technique
The complexity of network information system, uncertainty, the very big asymmetry of dynamic and attacking and defending two-sided information are peaces
The difficult point and network security of full risk measurement often face not backing, indefinite problem.With network information system data
Feature is varied complicated and changeable, such as: a variety of network system protocol, complicated network topology structure, application system abundant
System, various network and Secure Equipment System, while network system environment are also to continue variation, such as will increase new network
Node proposes the new patch of new network protocol, addition, increases new function.In general, the spy of network information system higher-dimension
Sign produces extremely complex rule, and security status is difficult to effectively describe.By how exploring to network information system
Security effectiveness carries out quantitative calculating, promotes security protection ability for network information system, the decision-making foundation of science is provided, to mention
It rises network security technology and management work provides strong support.
Network security efficiency calculate be under complicated network environment, by the defence capability of analysis system, system by
After attack availability, safety, in terms of variation degree, and attack and the result etc. that cancels each other out of defence are commented
Determine the efficiency value of network security.There are two main classes for the research to network security efficiency carried out at present, first is that laying particular emphasis on from network
Or the safety of system itself fragility angle evaluation network, second is that laying particular emphasis on from the angle that attack impacts internet security
Degree, measures the situation of change of internet security.But there is also following deficiencies for current research: first is that stressing to measure the effect attacked
Fruit, has ignored the effect of defence, and efficiency calculated result has limitation, one-sidedness;Second is that the reference index of security measure have it is de-
Tendency from practical objective reality, calculated result lose accuracy.
Summary of the invention
(1) technical problems to be solved
The technical problem to be solved by the present invention is how to design a kind of objective and accurate network security efficiency evaluation method.
(2) technical solution
In order to solve the above-mentioned technical problems, the present invention provides a kind of network security efficiency based on attacking and defending incidence matrix to comment
Valence method, comprising the following steps:
Step 1: it determines the element that network security efficiency calculates, and measures the factor of each computational element situation of change,
Obtain each factor of computational element by attacking forward and backward value using various counting device etc., and to the initial data of acquisition into
Row pretreatment;
Step 2: the numerical value that attack influences network performance is calculated, network performance influences usually to define between 0~100, and 100
It is minimum to indicate that network performance influences, 0 indicates that network performance influence is maximum;
Step 3: calculating the numerical value that attack influences assets performance;
Step 4: the intensity for the attack that computing system is subjected to, intensity value under fire define between 0~100, and 100 indicate
It using network attack generator, while simulating initiation 100 kinds or more and attacking, 0 indicates not initiate simulation attack;
Step 5: the protective capacities of computing system from intrusion prevention ability, checking and killing virus ability, identity distinguishing ability, is visited
It asks that these aspects of control ability, security audit ability are specifically calculated, and is averaged, by taking identity identifies as an example, definition 0~
Between 100, no password authentication is 0 point, and single-factor password authentication is 30 points, and double factor password authentication is 60 points, and double factor combines
Physical equipment certification is 90 points, and disposable biological feature verification is 100 points;
Step 6: calculating the numerical value of the defence evaluation of assets;
Step 7: calculating the numerical value that attack influences system business, system business influences to define between 0~100, and 100 indicate
System business influences minimum, and 0 indicates that system business influences maximum, and business can not work normally;
Step 8: calculating the numerical value of big data network safety situation evaluation, security postures value defines between 0~100,100 tables
Show that security postures are best, without alarm event and trouble free service to be disposed;80 indicate that security postures are good, there is a small amount of alarm event
Or trouble free service to be disposed;60 indicate that security postures are substantially qualified, more alarm event and trouble free service to be disposed;0 indicates to accuse
Alert event and trouble free service to be disposed, and do not handle for a long time;
Step 9: it is cumulative by the weight of the multiple discrete points of synthesis, the calculating of target network network security effectiveness is calculated
Value.
Preferably, anti-using network traffics probe, network monitor equipment, network audit equipment, network security in step 1
Each factor of the combination computational element of one or several of imperial equipment, network safety prevention software value forward and backward by attack.
Preferably, the pretreatment includes eliminating redundancy.
Preferably, step 2 includes:
Step 2.1: attack is calculated to the influence value of network throughput, network throughput influence value defines between 0~100,
100 indicate that network throughput influences minimum, and 0 indicates that network throughput influence is maximum;
Step 2.2: attack is calculated to the influence value of network packet loss rate, network packet loss rate influence value defines between 0~100,
100 indicate that Network Packet Loss is not present, and 0 indicates the obstructed i.e. whole packet losses of network;
Step 2.3: calculate attack to the influence value of network overall response time, network overall response influence value define 0~100 it
Between, 100 indicate there is no network respond it is very real-time, absolutely not wait;0 expression network is not responding to, and is being waited always;
Step 2.4: the numerical value that attack always influences network performance is calculated based on step 2.1 to 2.3, is repeatedly tested,
Test result is averaged.
Preferably, step 3 includes:
Step 3.1: calculating attack to the influence value of cpu performance, cpu performance influence value defines between 0~100, and 100 indicate
CPU usage is preceding completely the same with attack;0 expression CPU usage is chronically at 100%;
Step 3.2: calculating attack to the influence value of internal memory performance, internal memory performance influence value defines between 0~100,100 tables
Show that memory usage is preceding completely the same with attack;0 expression memory usage is chronically at 100%;
Step 3.3: calculating attack to the influence value of disk performance, disk performance influence value defines between 0~100,100 tables
Show that magnetic disc i/o processing capacity is preceding completely the same with attack;0 indicates the failure of magnetic disc i/o processing capacity, in complete unavailable shape
State;
Step 3.4: calculating the numerical value for the evaluation that attack always influences assets performance based on step 3.1 to 3.3, carry out multiple
Test, is averaged test result;
Preferably, step 6 includes: step 6.1: the interaction established between attack and defence, the attacking and defending to cancel each other out
Incidence matrix, changing value be calculated target network under fire before and after cumulative by the weight of the multiple discrete points of synthesis;
Step 6.2: by the number of success attack, success attack the time it takes, the value for the assets attacked,
The number of steps of needed for loophole number, attack needed for tool number, attack needed for attack, calculates the numerical value of the defence evaluation of assets.
(3) beneficial effect
The present invention comprehensively considers systemic defence ability and network attacked after to the performance of system, core asset
It is influenced caused by business that performance and protective capacities, system provide etc., by the calculating of attacking and defending incidence matrix, utilizes target network
The weight of the under fire changing value of front and back, comprehensive multiple discrete points is cumulative, realizes the evaluation to network security efficiency.On the one hand,
From the comprehensive effect for measuring network security of multiple dimensions, multiple granularities such as dynamic attacks, attack influence, systematic protection, core asset
Can, solve the problems, such as that there are one-sidedness and limitation for the existing assessment measurement element of traditional network security effectiveness analytical technology.
On the other hand, from network security entirety angle, the network security measures of effectiveness factor with metrizability is proposed, is overcome
The effect of network attack or network safety prevention be only equal to the limitation of network security efficiency, while embodying cyber-defence
With network attack both sides factor, the result obtained is more scientific objective.
Detailed description of the invention
Fig. 1 is flow chart of the method for the present invention.
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to of the invention
Specific embodiment is described in further detail.
The present invention determines the element that network security efficiency calculates first, and measure each computational element situation of change because
Son;Then anti-using network traffics probe, network monitor equipment, network audit equipment, network security defensive equipment, network security
The shield various countings device such as software obtains each computational element factor by attacking forward and backward value, and to the initial data of acquisition into
Row pretreatment, eliminates redundancy;Finally by the numerical value for calculating separately each computational element, the number of network security efficiency evaluation is calculated
Value.
In the present invention, network security efficiency computational element is divided into: { network damage effectiveness, assets damage effectiveness, business are injured
Effect, attack strength, systematic protection ability, big data security postures }.
The calculating of network damage effectiveness is the calculating of the performance change degree to network after being attacked;Network is measured to injure
The factor of effect are as follows: { handling capacity, packet loss, network overall response time }, wherein measuring the factor of network overall response time are as follows:
{ subscriber response time, server response time, network delay, network congestion time }.
Assets damage effectiveness calculate include 2 classes, first is that calculate attacked after assets performance change degree, second is that calculate money
The change of (including CPU, memory, disk, network throughput, network packet loss rate, network overall response time etc.) the security protection ability of production
Change, it is main by qualitatively estimating, such as 0 be defined as it is most weak, 100 be defined as it is most strong;Measure the factor of assets performance change are as follows:
{ cpu performance variation, internal memory performance variation, disk performance variation }, wherein measuring the factor of cpu performance variation are as follows: { processor is held
The non-idle thread percentage of time of row };Measure the factor of internal memory performance variation are as follows: { memory usage reads or is written from memory
The speed of memory };Measure the factor of disk performance variation are as follows: { disk read/write speed }.
Business damage effectiveness calculate be calculate attacked after system provide business function damage degree, measure business
The factor of damage effectiveness are as follows: { service disconnection, business error, service response delay, business are normal }.
Attack strength calculating is the calculating of the intensity for the attack being subjected to system, measures the factor of attack strength are as follows: { attack
Tool number needed for hitting successful number, success attack the time it takes, the value for the assets attacked, attack, attack
The number of steps of needed for required loophole number, attack }.
Systematic protection capacity calculation is the calculating to the protective capacities of system safety prevention measure, measures systematic protection ability
The factor are as follows: intrusion prevention ability, checking and killing virus ability, identity distinguishing ability, access control ability, security audit ability, plus
Close ability }.
The calculating of big data security postures is in such a way that data converge, by the audit log, the number that acquire a variety of isomeries
According to content etc., in conjunction with network countermeasure techniques, safety analysis assessment technology, big data processing technique, using data digging method from
Network safe state knowledge to be excavated in mass historical data, and provides the calculated result of definition, security postures value usually defines 0~
Between 100,100 indicate that security postures are best, and 0 indicates that security postures are worst.
As shown in Figure 1, specific step is as follows for the method for the present invention:
Step 1: determining the element that network security efficiency calculates, and measure the factor of each computational element situation of change.
Utilize network traffics probe, network monitor equipment, network audit equipment, network security defensive equipment, network safety prevention software
Each factor of the acquisition computational element such as equal various countings device value forward and backward by attack, and the initial data of acquisition is carried out
Redundancy etc. is eliminated in pretreatment.
Step 2: calculating the numerical value that attack influences network performance.Network performance influences usually to define between 0~100, and 100
It is minimum to indicate that network performance influences, 0 indicates that network performance influence is maximum.
Step 2.1: calculating attack to the influence value of network throughput.Network throughput influence value usually define 0~100 it
Between, 100 indicate that network throughput influences minimum, and 0 indicates that network throughput influence is maximum.
Step 2.2: calculating attack to the influence value of network packet loss rate.Network packet loss rate influence value usually define 0~100 it
Between, 100 indicate that Network Packet Loss is not present, and 0 indicates the obstructed i.e. whole packet losses of network.
Step 2.3: calculating attack to the influence value of network overall response time.Network overall response influence value usually defines 0~
Between 100,100 indicate there is no network respond it is very real-time, absolutely not wait;0 expression network is not responding to, and is being waited always.
Step 2.4: calculating the numerical value that attack always influences network performance, accuracy in order to ensure the test results carries out
Repeatedly test, is averaged test result.
Step 3: calculating the numerical value that attack influences assets performance.
Step 3.1: calculating attack to the influence value of cpu performance.Cpu performance influence value usually defines between 0~100, and 100
Indicate that CPU usage is preceding completely the same with attack;0 expression CPU usage is chronically at 100%.
Step 3.2: calculating attack to the influence value of internal memory performance.Internal memory performance influence value usually defines between 0~100,
100 indicate that memory usage is preceding completely the same with attack;0 expression memory usage is chronically at 100%.
Step 3.3: calculating attack to the influence value of disk performance.Disk performance influence value usually defines between 0~100,
100 indicate that magnetic disc i/o processing capacity is preceding completely the same with attack;0 indicates the failure of magnetic disc i/o processing capacity, is in and completely can not
Use state.
Step 3.4: calculating the numerical value of evaluation that attack always influences assets performance, in order to ensure the test results accurate
Property, it is repeatedly tested, test result is averaged.
Step 4: the intensity for the attack that computing system is subjected to.Intensity value under fire usually defines between 0~100, and 100
It indicates to utilize network attack generator, while simulating 100 kinds of initiation or more to attack, 0 indicates not initiate simulation attack.
Step 5: the protective capacities of computing system from intrusion prevention ability, checking and killing virus ability, identity distinguishing ability, is visited
Ask that control ability, security audit ability are specifically calculated, and be averaged.By taking identity identifies as an example, define between 0~100,
No password authentication is 0 point, and single-factor password authentication is 30 points, and double factor password authentication is 60 points, double factor combination physical equipment
Certification is 90 points, and disposable biological feature verification is 100 points.
Step 6: calculating the numerical value of the defence evaluation of assets.
Step 6.1: determining attacking and defending incidence matrix.Establish interaction between attack and defence, attacking of cancelling each other out
Anti- incidence matrix, changing value be calculated target network under fire before and after cumulative by the weight of the multiple discrete points of synthesis.
Step 6.2: calculating the numerical value of the defence evaluation of assets.Mainly spent by the number of success attack, success attack
Step needed for loophole number, attack needed for tool number, attack needed for the time of expense, the value for the assets attacked, attack
The value of the quantitatives such as rapid number.
Step 7: the numerical value of computing system service impact evaluation.Calculate the numerical value that attack influences system business.System industry
Business influences usually to define between 0~100, and 100 to indicate that system business influence minimum, and 0 to indicate that system business influences maximum, business without
Method works normally.
Step 8: calculating the numerical value of big data network safety situation evaluation.Security postures value usually defines between 0~100,
100 indicate that security postures are best, without alarm event and trouble free service to be disposed;80 indicate that security postures are good, there is a small amount of announcement
Alert event or trouble free service to be disposed;60 indicate that security postures are substantially qualified, more alarm event and trouble free service to be disposed;0
It indicates alarm event and trouble free service to be disposed, and does not handle for a long time.
Step 9: calculating the numerical value of network security efficiency evaluation.It is cumulative by the weight of the multiple discrete points of synthesis, it calculates
The calculated value of target network network security effectiveness out.
The present invention measures network security from multiple dimensions synthesis such as dynamic attacks, attack influence, systematic protection, core asset
Efficiency, not only propose the appraisal procedure of attack effect, also innovative proposes attacking and defending game incidence matrix, establishes and attacks
Interaction between hitting and defending, the relationship to cancel each other out, while also proposed the network security efficiency with metrizability
Evaluation factor overcomes the limitation that the effect of network attack is only equal to network security efficiency, ensure that assessment result
Scientific, accuracy has novelty.It is all to go to measure network peace from a side in existing Network security analysis technology
Full efficiency, or Network Attack Effects are equal to network security efficiency, or the safety prevention measure etc. that network has been taken
Be same as network security efficiency, network security efficiency be network attack and defend it is shifting, after game of cancelling out each other as a result, only
Consider to lack accuracy, confidence level from a side, needs to be integrated from network security entirety angle from multiple dimensions
Analysis just can guarantee that evaluation result is more accurate, scientific.If signatures generation assessment result and protection that the prior art is used
Capability analysis result is unified to be considered, and lacks effective analysis method and unified measurement index, can not be according to existing result
Deduce out network security efficiency value.The present invention proposes a kind of network security performance evaluation method, influenced from dynamic attacks, attack,
The comprehensive efficiency for measuring network security of multiple dimensions such as systematic protection, static assets, innovative proposes attacking and defending incidence matrix,
Establish attack and defence between interaction, cancel each other out relationship, overcome and be only equal to network attack or network protection
In the limitation of network security efficiency, the comprehensive of assessment result ensure that;Put forward to have the network of metrizability to pacify simultaneously
Full measures of effectiveness measures the factor, ensure that the accuracy of assessment result, creative.
Innovative point of the invention:
A) there is the characteristic of the more granularities of stage construction various dimensions for the security factor for causing network safe state to change,
The network security efficacy measure method of the more granularities of various dimensions is innovatively proposed, from dynamic attacks, attack influence, system is prevented
The many levels such as shield, core asset measure network security efficiency value, improve the scientific, reasonable of network security measures of effectiveness
Property, theoretical direction is provided to perfect Security Guarantee System, comprehensive sensing network security postures etc.;
B) network-combination yarn relationship confrontation matrix is innovatively proposed, effect, system caused by the network attack have
Two dimensions of protective capacities are set out, the knot effectively analyzing the mutual game between evaluation network attack and defence, cancelling each other out
Fruit avoids the limitation of assessment, improves the comprehensive of network security measures of effectiveness, to network security operation management, protection
Decision has directive significance;
C) it is directed to Network Attack Effects and systematic protection ability, the measurement factor with metrizability is proposed, avoids
Lead to the problem of assessment result inaccuracy since measurement index loses contact with reality in evaluation process, while can easily pacify to network
Full management and security risk assessment Directional Extension, improve the compatibility of this patent achievement.
D) this patent combination network-combination yarn countermeasure techniques, safety analysis assessment technology, big data processing technique, access is more
Extensive heterogeneous data source excavates network safe state knowledge using data digging method from mass historical data, optimizes net
Structure, the process of network security effectiveness parser promote this patent achievement for the processing capacity and efficiency of mass data, so that
Network safe state analysis assessment is more efficient, accurate, credible.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations
Also it should be regarded as protection scope of the present invention.
Claims (6)
1. a kind of network security efficiency evaluation method based on attacking and defending incidence matrix, which comprises the following steps:
Step 1: determining the element that network security efficiency calculates, and measure the factor of each computational element situation of change, utilize
Each factor of the acquisition computational element such as various counting device value forward and backward by attack, and the initial data of acquisition is carried out pre-
Processing;
Step 2: calculating the numerical value that attack influences network performance, network performance influences usually to define between 0~100, and 100 indicate
Network performance influences minimum, 0 expression network performance influence maximum;
Step 3: calculating the numerical value that attack influences assets performance;
Step 4: the intensity for the attack that computing system is subjected to, intensity value under fire are defined between 0~100, and 100 indicate benefit
It with network attack generator, while simulating 100 kinds of initiation or more and attacking, 0 indicates not initiate simulation attack;
Step 5: the protective capacities of computing system, from intrusion prevention ability, checking and killing virus ability, identity distinguishing ability, access control
These aspects of ability processed, security audit ability specifically are calculated, and are averaged, by taking identity identifies as an example, definition 0~100
Between, no password authentication is 0 point, and single-factor password authentication is 30 points, and double factor password authentication is 60 points, double factor combination physics
Equipment certification is 90 points, and disposable biological feature verification is 100 points;
Step 6: calculating the numerical value of the defence evaluation of assets;
Step 7: calculating the numerical value that attack influences system business, system business influence is defined between 0~100, and 100 indicate system
Service impact of uniting is minimum, and 0 indicates that system business influences maximum, and business can not work normally;
Step 8: calculating the numerical value of big data network safety situation evaluation, security postures value is defined between 0~100, and 100 indicate
Security postures are best, without alarm event and trouble free service to be disposed;80 indicate security postures it is good, have a small amount of alarm event or
Trouble free service to be disposed;60 indicate that security postures are substantially qualified, more alarm event and trouble free service to be disposed;0 indicates alarm
Event and trouble free service to be disposed, and do not handle for a long time;
Step 9: it is cumulative by the weight of the multiple discrete points of synthesis, the calculated value of target network network security effectiveness is calculated.
2. the method as described in claim 1, which is characterized in that in step 1, using network traffics probe, network monitor equipment,
The combination computational element of one or several of network audit equipment, network security defensive equipment, network safety prevention software it is each
The factor value forward and backward by attack.
3. the method as described in claim 1, which is characterized in that the pretreatment includes eliminating redundancy.
4. the method as described in claim 1, which is characterized in that step 2 includes:
Step 2.1: attack is calculated to the influence value of network throughput, network throughput influence value is defined between 0~100, and 100
It is minimum to indicate that network throughput influences, 0 indicates that network throughput influence is maximum;
Step 2.2: attack is calculated to the influence value of network packet loss rate, network packet loss rate influence value is defined between 0~100, and 100
It indicates that Network Packet Loss is not present, 0 indicates the obstructed i.e. whole packet losses of network;
Step 2.3: calculate attack to the influence value of network overall response time, network overall response influence value be defined on 0~100 it
Between, 100 indicate there is no network respond it is very real-time, absolutely not wait;0 expression network is not responding to, and is being waited always;
Step 2.4: the numerical value that attack always influences network performance being calculated based on step 2.1 to 2.3, is repeatedly tested, to survey
Test result is averaged.
5. the method as described in claim 1, which is characterized in that step 3 includes:
Step 3.1: calculating attack to the influence value of cpu performance, cpu performance influence value is defined between 0~100, and 100 indicate
CPU usage is preceding completely the same with attack;0 expression CPU usage is chronically at 100%;
Step 3.2: calculating attack to the influence value of internal memory performance, internal memory performance influence value is defined between 0~100, and 100 indicate
Memory usage is preceding completely the same with attack;0 expression memory usage is chronically at 100%;
Step 3.3: calculating attack to the influence value of disk performance, disk performance influence value is defined between 0~100, and 100 indicate
Magnetic disc i/o processing capacity is preceding completely the same with attack;0 indicates the failure of magnetic disc i/o processing capacity, is in complete down state;
Step 3.4: calculating the numerical value for the evaluation that attack always influences assets performance based on step 3.1 to 3.3, repeatedly surveyed
Examination, is averaged test result.
6. the method as described in claim 1, which is characterized in that step 6 includes: step 6.1: establishing between attack and defence
The attacking and defending incidence matrix interact, to cancel each other out, it is cumulative by the weight of the multiple discrete points of synthesis, target network is calculated
The under fire changing value of front and back;
Step 6.2: passing through the number of success attack, success attack the time it takes, the value for the assets attacked, attack
The number of steps of needed for loophole number, attack needed for required tool number, attack, calculates the numerical value of the defence evaluation of assets.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811358905.0A CN109547242A (en) | 2018-11-15 | 2018-11-15 | Network security efficiency evaluation method based on attacking and defending incidence matrix |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811358905.0A CN109547242A (en) | 2018-11-15 | 2018-11-15 | Network security efficiency evaluation method based on attacking and defending incidence matrix |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109547242A true CN109547242A (en) | 2019-03-29 |
Family
ID=65847622
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811358905.0A Pending CN109547242A (en) | 2018-11-15 | 2018-11-15 | Network security efficiency evaluation method based on attacking and defending incidence matrix |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109547242A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110489974A (en) * | 2019-08-21 | 2019-11-22 | 中国电子信息产业集团有限公司第六研究所 | Attacking and defending tool performance appraisal procedure, device, electronic equipment and computer readable storage medium |
CN114598534A (en) * | 2022-03-14 | 2022-06-07 | 葛晓磊 | Big data-based equipment detection early warning system |
CN114726601A (en) * | 2022-03-28 | 2022-07-08 | 北京计算机技术及应用研究所 | Graph structure-based information security simulation modeling and verification evaluation method |
CN115242502A (en) * | 2022-07-21 | 2022-10-25 | 广东电网有限责任公司 | Power system network security risk evaluation method, device, equipment and medium |
CN115549951A (en) * | 2022-08-15 | 2022-12-30 | 国家管网集团北方管道有限责任公司 | Network security evaluation method and system for industrial control system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581155A (en) * | 2012-08-08 | 2014-02-12 | 贵州电网公司信息通信分公司 | Information security situation analysis method and system |
CN103618691A (en) * | 2013-10-24 | 2014-03-05 | 中国航天科工集团第二研究院七〇六所 | Network security performance evaluation method |
US20140359780A1 (en) * | 2013-05-29 | 2014-12-04 | Cytegic Ltd. | Anti-cyber attacks control vectors |
CN108040062A (en) * | 2017-12-19 | 2018-05-15 | 湖北工业大学 | A kind of network security situation evaluating method based on evidential reasoning rule |
CN108306894A (en) * | 2018-03-19 | 2018-07-20 | 西安电子科技大学 | A kind of network security situation evaluating method and system that confidence level occurring based on attack |
-
2018
- 2018-11-15 CN CN201811358905.0A patent/CN109547242A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581155A (en) * | 2012-08-08 | 2014-02-12 | 贵州电网公司信息通信分公司 | Information security situation analysis method and system |
US20140359780A1 (en) * | 2013-05-29 | 2014-12-04 | Cytegic Ltd. | Anti-cyber attacks control vectors |
CN103618691A (en) * | 2013-10-24 | 2014-03-05 | 中国航天科工集团第二研究院七〇六所 | Network security performance evaluation method |
CN108040062A (en) * | 2017-12-19 | 2018-05-15 | 湖北工业大学 | A kind of network security situation evaluating method based on evidential reasoning rule |
CN108306894A (en) * | 2018-03-19 | 2018-07-20 | 西安电子科技大学 | A kind of network security situation evaluating method and system that confidence level occurring based on attack |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110489974A (en) * | 2019-08-21 | 2019-11-22 | 中国电子信息产业集团有限公司第六研究所 | Attacking and defending tool performance appraisal procedure, device, electronic equipment and computer readable storage medium |
CN114598534A (en) * | 2022-03-14 | 2022-06-07 | 葛晓磊 | Big data-based equipment detection early warning system |
CN114598534B (en) * | 2022-03-14 | 2024-03-19 | 郑州市数字政通信息技术有限公司 | Equipment detection early warning system based on big data |
CN114726601A (en) * | 2022-03-28 | 2022-07-08 | 北京计算机技术及应用研究所 | Graph structure-based information security simulation modeling and verification evaluation method |
CN115242502A (en) * | 2022-07-21 | 2022-10-25 | 广东电网有限责任公司 | Power system network security risk evaluation method, device, equipment and medium |
CN115242502B (en) * | 2022-07-21 | 2024-03-08 | 广东电网有限责任公司 | Method, device, equipment and medium for evaluating network security risk of power system |
CN115549951A (en) * | 2022-08-15 | 2022-12-30 | 国家管网集团北方管道有限责任公司 | Network security evaluation method and system for industrial control system |
CN115549951B (en) * | 2022-08-15 | 2023-06-16 | 国家管网集团北方管道有限责任公司 | Network security assessment method and system for industrial control system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109547242A (en) | Network security efficiency evaluation method based on attacking and defending incidence matrix | |
CN103618691B (en) | Network security performance evaluation method | |
US8401679B2 (en) | Methods and a system for detecting fraud in betting and lottery games | |
CN111949803B (en) | Knowledge graph-based network abnormal user detection method, device and equipment | |
CN109889476A (en) | A kind of network safety protection method and network security protection system | |
CN103888304B (en) | A kind of method for detecting abnormality and relevant apparatus of multinode application | |
CN107911396A (en) | Log in method for detecting abnormality and system | |
Chang et al. | Sensor placement algorithms for fusion-based surveillance networks | |
CN109167794A (en) | A kind of attack detection method of network-oriented system security measure | |
Liu et al. | Correlating multi-step attack and constructing attack scenarios based on attack pattern modeling | |
US20150172302A1 (en) | Interface for analysis of malicious activity on a network | |
CN108924084A (en) | A kind of network equipment safety evaluation method and device | |
Avalappampatty Sivasamy et al. | A dynamic intrusion detection system based on multivariate Hotelling’s T2 statistics approach for network environments | |
CN109561112A (en) | A kind of artificial intelligence real-time detection security attack system | |
CN107612927B (en) | Safety detection method for power dispatching automation system | |
CN115225384B (en) | Network threat degree evaluation method and device, electronic equipment and storage medium | |
CN115378711A (en) | Industrial control network intrusion detection method and system | |
CN116260715B (en) | Account safety early warning method, device, medium and computing equipment based on big data | |
Al-Araji et al. | Propose vulnerability metrics to measure network secure using attack graph | |
KR102574205B1 (en) | Method and apparatus for network attack detection | |
CN112217838A (en) | Network attack surface evaluation method based on cloud model theory | |
Khordadpour et al. | FIDS: Fuzzy Intrusion Detection System for simultaneous detection of DoS/DDoS attacks in Cloud computing | |
KR20200039200A (en) | Method and system for tracing and managing nuclear materials using permissioned and consortium blockchain | |
Bravo et al. | New Features of User's Behavior to Distributed Denial of Service Attacks Detection in Application Layer. | |
Ramasubramanian et al. | Quickprop neural network short-term forecasting framework for a database intrusion prediction system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190329 |