CN109547242A - Network security efficiency evaluation method based on attacking and defending incidence matrix - Google Patents

Network security efficiency evaluation method based on attacking and defending incidence matrix Download PDF

Info

Publication number
CN109547242A
CN109547242A CN201811358905.0A CN201811358905A CN109547242A CN 109547242 A CN109547242 A CN 109547242A CN 201811358905 A CN201811358905 A CN 201811358905A CN 109547242 A CN109547242 A CN 109547242A
Authority
CN
China
Prior art keywords
network
attack
value
performance
calculating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811358905.0A
Other languages
Chinese (zh)
Inventor
曾颖明
谢小权
吴明杰
王斌
陈志浩
马书磊
郭敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201811358905.0A priority Critical patent/CN109547242A/en
Publication of CN109547242A publication Critical patent/CN109547242A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The network security efficiency evaluation method based on attacking and defending incidence matrix that the present invention relates to a kind of, belongs to field of information security technology.The present invention comprehensively considers systemic defence ability, and network attacked after influence caused by business etc. for providing the performance of system, the performance of core asset and protective capacities, system, pass through the calculating of attacking and defending incidence matrix, using target network under fire front and back changing value, the weight of comprehensive multiple discrete points is cumulative, realizes the evaluation to network security efficiency.

Description

Network security efficiency evaluation method based on attacking and defending incidence matrix
Technical field
The invention belongs to field of information security technology, and in particular to a kind of network security efficiency based on attacking and defending incidence matrix Evaluation method.
Background technique
The complexity of network information system, uncertainty, the very big asymmetry of dynamic and attacking and defending two-sided information are peaces The difficult point and network security of full risk measurement often face not backing, indefinite problem.With network information system data Feature is varied complicated and changeable, such as: a variety of network system protocol, complicated network topology structure, application system abundant System, various network and Secure Equipment System, while network system environment are also to continue variation, such as will increase new network Node proposes the new patch of new network protocol, addition, increases new function.In general, the spy of network information system higher-dimension Sign produces extremely complex rule, and security status is difficult to effectively describe.By how exploring to network information system Security effectiveness carries out quantitative calculating, promotes security protection ability for network information system, the decision-making foundation of science is provided, to mention It rises network security technology and management work provides strong support.
Network security efficiency calculate be under complicated network environment, by the defence capability of analysis system, system by After attack availability, safety, in terms of variation degree, and attack and the result etc. that cancels each other out of defence are commented Determine the efficiency value of network security.There are two main classes for the research to network security efficiency carried out at present, first is that laying particular emphasis on from network Or the safety of system itself fragility angle evaluation network, second is that laying particular emphasis on from the angle that attack impacts internet security Degree, measures the situation of change of internet security.But there is also following deficiencies for current research: first is that stressing to measure the effect attacked Fruit, has ignored the effect of defence, and efficiency calculated result has limitation, one-sidedness;Second is that the reference index of security measure have it is de- Tendency from practical objective reality, calculated result lose accuracy.
Summary of the invention
(1) technical problems to be solved
The technical problem to be solved by the present invention is how to design a kind of objective and accurate network security efficiency evaluation method.
(2) technical solution
In order to solve the above-mentioned technical problems, the present invention provides a kind of network security efficiency based on attacking and defending incidence matrix to comment Valence method, comprising the following steps:
Step 1: it determines the element that network security efficiency calculates, and measures the factor of each computational element situation of change, Obtain each factor of computational element by attacking forward and backward value using various counting device etc., and to the initial data of acquisition into Row pretreatment;
Step 2: the numerical value that attack influences network performance is calculated, network performance influences usually to define between 0~100, and 100 It is minimum to indicate that network performance influences, 0 indicates that network performance influence is maximum;
Step 3: calculating the numerical value that attack influences assets performance;
Step 4: the intensity for the attack that computing system is subjected to, intensity value under fire define between 0~100, and 100 indicate It using network attack generator, while simulating initiation 100 kinds or more and attacking, 0 indicates not initiate simulation attack;
Step 5: the protective capacities of computing system from intrusion prevention ability, checking and killing virus ability, identity distinguishing ability, is visited It asks that these aspects of control ability, security audit ability are specifically calculated, and is averaged, by taking identity identifies as an example, definition 0~ Between 100, no password authentication is 0 point, and single-factor password authentication is 30 points, and double factor password authentication is 60 points, and double factor combines Physical equipment certification is 90 points, and disposable biological feature verification is 100 points;
Step 6: calculating the numerical value of the defence evaluation of assets;
Step 7: calculating the numerical value that attack influences system business, system business influences to define between 0~100, and 100 indicate System business influences minimum, and 0 indicates that system business influences maximum, and business can not work normally;
Step 8: calculating the numerical value of big data network safety situation evaluation, security postures value defines between 0~100,100 tables Show that security postures are best, without alarm event and trouble free service to be disposed;80 indicate that security postures are good, there is a small amount of alarm event Or trouble free service to be disposed;60 indicate that security postures are substantially qualified, more alarm event and trouble free service to be disposed;0 indicates to accuse Alert event and trouble free service to be disposed, and do not handle for a long time;
Step 9: it is cumulative by the weight of the multiple discrete points of synthesis, the calculating of target network network security effectiveness is calculated Value.
Preferably, anti-using network traffics probe, network monitor equipment, network audit equipment, network security in step 1 Each factor of the combination computational element of one or several of imperial equipment, network safety prevention software value forward and backward by attack.
Preferably, the pretreatment includes eliminating redundancy.
Preferably, step 2 includes:
Step 2.1: attack is calculated to the influence value of network throughput, network throughput influence value defines between 0~100, 100 indicate that network throughput influences minimum, and 0 indicates that network throughput influence is maximum;
Step 2.2: attack is calculated to the influence value of network packet loss rate, network packet loss rate influence value defines between 0~100, 100 indicate that Network Packet Loss is not present, and 0 indicates the obstructed i.e. whole packet losses of network;
Step 2.3: calculate attack to the influence value of network overall response time, network overall response influence value define 0~100 it Between, 100 indicate there is no network respond it is very real-time, absolutely not wait;0 expression network is not responding to, and is being waited always;
Step 2.4: the numerical value that attack always influences network performance is calculated based on step 2.1 to 2.3, is repeatedly tested, Test result is averaged.
Preferably, step 3 includes:
Step 3.1: calculating attack to the influence value of cpu performance, cpu performance influence value defines between 0~100, and 100 indicate CPU usage is preceding completely the same with attack;0 expression CPU usage is chronically at 100%;
Step 3.2: calculating attack to the influence value of internal memory performance, internal memory performance influence value defines between 0~100,100 tables Show that memory usage is preceding completely the same with attack;0 expression memory usage is chronically at 100%;
Step 3.3: calculating attack to the influence value of disk performance, disk performance influence value defines between 0~100,100 tables Show that magnetic disc i/o processing capacity is preceding completely the same with attack;0 indicates the failure of magnetic disc i/o processing capacity, in complete unavailable shape State;
Step 3.4: calculating the numerical value for the evaluation that attack always influences assets performance based on step 3.1 to 3.3, carry out multiple Test, is averaged test result;
Preferably, step 6 includes: step 6.1: the interaction established between attack and defence, the attacking and defending to cancel each other out Incidence matrix, changing value be calculated target network under fire before and after cumulative by the weight of the multiple discrete points of synthesis;
Step 6.2: by the number of success attack, success attack the time it takes, the value for the assets attacked, The number of steps of needed for loophole number, attack needed for tool number, attack needed for attack, calculates the numerical value of the defence evaluation of assets.
(3) beneficial effect
The present invention comprehensively considers systemic defence ability and network attacked after to the performance of system, core asset It is influenced caused by business that performance and protective capacities, system provide etc., by the calculating of attacking and defending incidence matrix, utilizes target network The weight of the under fire changing value of front and back, comprehensive multiple discrete points is cumulative, realizes the evaluation to network security efficiency.On the one hand, From the comprehensive effect for measuring network security of multiple dimensions, multiple granularities such as dynamic attacks, attack influence, systematic protection, core asset Can, solve the problems, such as that there are one-sidedness and limitation for the existing assessment measurement element of traditional network security effectiveness analytical technology. On the other hand, from network security entirety angle, the network security measures of effectiveness factor with metrizability is proposed, is overcome The effect of network attack or network safety prevention be only equal to the limitation of network security efficiency, while embodying cyber-defence With network attack both sides factor, the result obtained is more scientific objective.
Detailed description of the invention
Fig. 1 is flow chart of the method for the present invention.
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to of the invention Specific embodiment is described in further detail.
The present invention determines the element that network security efficiency calculates first, and measure each computational element situation of change because Son;Then anti-using network traffics probe, network monitor equipment, network audit equipment, network security defensive equipment, network security The shield various countings device such as software obtains each computational element factor by attacking forward and backward value, and to the initial data of acquisition into Row pretreatment, eliminates redundancy;Finally by the numerical value for calculating separately each computational element, the number of network security efficiency evaluation is calculated Value.
In the present invention, network security efficiency computational element is divided into: { network damage effectiveness, assets damage effectiveness, business are injured Effect, attack strength, systematic protection ability, big data security postures }.
The calculating of network damage effectiveness is the calculating of the performance change degree to network after being attacked;Network is measured to injure The factor of effect are as follows: { handling capacity, packet loss, network overall response time }, wherein measuring the factor of network overall response time are as follows: { subscriber response time, server response time, network delay, network congestion time }.
Assets damage effectiveness calculate include 2 classes, first is that calculate attacked after assets performance change degree, second is that calculate money The change of (including CPU, memory, disk, network throughput, network packet loss rate, network overall response time etc.) the security protection ability of production Change, it is main by qualitatively estimating, such as 0 be defined as it is most weak, 100 be defined as it is most strong;Measure the factor of assets performance change are as follows: { cpu performance variation, internal memory performance variation, disk performance variation }, wherein measuring the factor of cpu performance variation are as follows: { processor is held The non-idle thread percentage of time of row };Measure the factor of internal memory performance variation are as follows: { memory usage reads or is written from memory The speed of memory };Measure the factor of disk performance variation are as follows: { disk read/write speed }.
Business damage effectiveness calculate be calculate attacked after system provide business function damage degree, measure business The factor of damage effectiveness are as follows: { service disconnection, business error, service response delay, business are normal }.
Attack strength calculating is the calculating of the intensity for the attack being subjected to system, measures the factor of attack strength are as follows: { attack Tool number needed for hitting successful number, success attack the time it takes, the value for the assets attacked, attack, attack The number of steps of needed for required loophole number, attack }.
Systematic protection capacity calculation is the calculating to the protective capacities of system safety prevention measure, measures systematic protection ability The factor are as follows: intrusion prevention ability, checking and killing virus ability, identity distinguishing ability, access control ability, security audit ability, plus Close ability }.
The calculating of big data security postures is in such a way that data converge, by the audit log, the number that acquire a variety of isomeries According to content etc., in conjunction with network countermeasure techniques, safety analysis assessment technology, big data processing technique, using data digging method from Network safe state knowledge to be excavated in mass historical data, and provides the calculated result of definition, security postures value usually defines 0~ Between 100,100 indicate that security postures are best, and 0 indicates that security postures are worst.
As shown in Figure 1, specific step is as follows for the method for the present invention:
Step 1: determining the element that network security efficiency calculates, and measure the factor of each computational element situation of change. Utilize network traffics probe, network monitor equipment, network audit equipment, network security defensive equipment, network safety prevention software Each factor of the acquisition computational element such as equal various countings device value forward and backward by attack, and the initial data of acquisition is carried out Redundancy etc. is eliminated in pretreatment.
Step 2: calculating the numerical value that attack influences network performance.Network performance influences usually to define between 0~100, and 100 It is minimum to indicate that network performance influences, 0 indicates that network performance influence is maximum.
Step 2.1: calculating attack to the influence value of network throughput.Network throughput influence value usually define 0~100 it Between, 100 indicate that network throughput influences minimum, and 0 indicates that network throughput influence is maximum.
Step 2.2: calculating attack to the influence value of network packet loss rate.Network packet loss rate influence value usually define 0~100 it Between, 100 indicate that Network Packet Loss is not present, and 0 indicates the obstructed i.e. whole packet losses of network.
Step 2.3: calculating attack to the influence value of network overall response time.Network overall response influence value usually defines 0~ Between 100,100 indicate there is no network respond it is very real-time, absolutely not wait;0 expression network is not responding to, and is being waited always.
Step 2.4: calculating the numerical value that attack always influences network performance, accuracy in order to ensure the test results carries out Repeatedly test, is averaged test result.
Step 3: calculating the numerical value that attack influences assets performance.
Step 3.1: calculating attack to the influence value of cpu performance.Cpu performance influence value usually defines between 0~100, and 100 Indicate that CPU usage is preceding completely the same with attack;0 expression CPU usage is chronically at 100%.
Step 3.2: calculating attack to the influence value of internal memory performance.Internal memory performance influence value usually defines between 0~100, 100 indicate that memory usage is preceding completely the same with attack;0 expression memory usage is chronically at 100%.
Step 3.3: calculating attack to the influence value of disk performance.Disk performance influence value usually defines between 0~100, 100 indicate that magnetic disc i/o processing capacity is preceding completely the same with attack;0 indicates the failure of magnetic disc i/o processing capacity, is in and completely can not Use state.
Step 3.4: calculating the numerical value of evaluation that attack always influences assets performance, in order to ensure the test results accurate Property, it is repeatedly tested, test result is averaged.
Step 4: the intensity for the attack that computing system is subjected to.Intensity value under fire usually defines between 0~100, and 100 It indicates to utilize network attack generator, while simulating 100 kinds of initiation or more to attack, 0 indicates not initiate simulation attack.
Step 5: the protective capacities of computing system from intrusion prevention ability, checking and killing virus ability, identity distinguishing ability, is visited Ask that control ability, security audit ability are specifically calculated, and be averaged.By taking identity identifies as an example, define between 0~100, No password authentication is 0 point, and single-factor password authentication is 30 points, and double factor password authentication is 60 points, double factor combination physical equipment Certification is 90 points, and disposable biological feature verification is 100 points.
Step 6: calculating the numerical value of the defence evaluation of assets.
Step 6.1: determining attacking and defending incidence matrix.Establish interaction between attack and defence, attacking of cancelling each other out Anti- incidence matrix, changing value be calculated target network under fire before and after cumulative by the weight of the multiple discrete points of synthesis.
Step 6.2: calculating the numerical value of the defence evaluation of assets.Mainly spent by the number of success attack, success attack Step needed for loophole number, attack needed for tool number, attack needed for the time of expense, the value for the assets attacked, attack The value of the quantitatives such as rapid number.
Step 7: the numerical value of computing system service impact evaluation.Calculate the numerical value that attack influences system business.System industry Business influences usually to define between 0~100, and 100 to indicate that system business influence minimum, and 0 to indicate that system business influences maximum, business without Method works normally.
Step 8: calculating the numerical value of big data network safety situation evaluation.Security postures value usually defines between 0~100, 100 indicate that security postures are best, without alarm event and trouble free service to be disposed;80 indicate that security postures are good, there is a small amount of announcement Alert event or trouble free service to be disposed;60 indicate that security postures are substantially qualified, more alarm event and trouble free service to be disposed;0 It indicates alarm event and trouble free service to be disposed, and does not handle for a long time.
Step 9: calculating the numerical value of network security efficiency evaluation.It is cumulative by the weight of the multiple discrete points of synthesis, it calculates The calculated value of target network network security effectiveness out.
The present invention measures network security from multiple dimensions synthesis such as dynamic attacks, attack influence, systematic protection, core asset Efficiency, not only propose the appraisal procedure of attack effect, also innovative proposes attacking and defending game incidence matrix, establishes and attacks Interaction between hitting and defending, the relationship to cancel each other out, while also proposed the network security efficiency with metrizability Evaluation factor overcomes the limitation that the effect of network attack is only equal to network security efficiency, ensure that assessment result Scientific, accuracy has novelty.It is all to go to measure network peace from a side in existing Network security analysis technology Full efficiency, or Network Attack Effects are equal to network security efficiency, or the safety prevention measure etc. that network has been taken Be same as network security efficiency, network security efficiency be network attack and defend it is shifting, after game of cancelling out each other as a result, only Consider to lack accuracy, confidence level from a side, needs to be integrated from network security entirety angle from multiple dimensions Analysis just can guarantee that evaluation result is more accurate, scientific.If signatures generation assessment result and protection that the prior art is used Capability analysis result is unified to be considered, and lacks effective analysis method and unified measurement index, can not be according to existing result Deduce out network security efficiency value.The present invention proposes a kind of network security performance evaluation method, influenced from dynamic attacks, attack, The comprehensive efficiency for measuring network security of multiple dimensions such as systematic protection, static assets, innovative proposes attacking and defending incidence matrix, Establish attack and defence between interaction, cancel each other out relationship, overcome and be only equal to network attack or network protection In the limitation of network security efficiency, the comprehensive of assessment result ensure that;Put forward to have the network of metrizability to pacify simultaneously Full measures of effectiveness measures the factor, ensure that the accuracy of assessment result, creative.
Innovative point of the invention:
A) there is the characteristic of the more granularities of stage construction various dimensions for the security factor for causing network safe state to change, The network security efficacy measure method of the more granularities of various dimensions is innovatively proposed, from dynamic attacks, attack influence, system is prevented The many levels such as shield, core asset measure network security efficiency value, improve the scientific, reasonable of network security measures of effectiveness Property, theoretical direction is provided to perfect Security Guarantee System, comprehensive sensing network security postures etc.;
B) network-combination yarn relationship confrontation matrix is innovatively proposed, effect, system caused by the network attack have Two dimensions of protective capacities are set out, the knot effectively analyzing the mutual game between evaluation network attack and defence, cancelling each other out Fruit avoids the limitation of assessment, improves the comprehensive of network security measures of effectiveness, to network security operation management, protection Decision has directive significance;
C) it is directed to Network Attack Effects and systematic protection ability, the measurement factor with metrizability is proposed, avoids Lead to the problem of assessment result inaccuracy since measurement index loses contact with reality in evaluation process, while can easily pacify to network Full management and security risk assessment Directional Extension, improve the compatibility of this patent achievement.
D) this patent combination network-combination yarn countermeasure techniques, safety analysis assessment technology, big data processing technique, access is more Extensive heterogeneous data source excavates network safe state knowledge using data digging method from mass historical data, optimizes net Structure, the process of network security effectiveness parser promote this patent achievement for the processing capacity and efficiency of mass data, so that Network safe state analysis assessment is more efficient, accurate, credible.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations Also it should be regarded as protection scope of the present invention.

Claims (6)

1. a kind of network security efficiency evaluation method based on attacking and defending incidence matrix, which comprises the following steps:
Step 1: determining the element that network security efficiency calculates, and measure the factor of each computational element situation of change, utilize Each factor of the acquisition computational element such as various counting device value forward and backward by attack, and the initial data of acquisition is carried out pre- Processing;
Step 2: calculating the numerical value that attack influences network performance, network performance influences usually to define between 0~100, and 100 indicate Network performance influences minimum, 0 expression network performance influence maximum;
Step 3: calculating the numerical value that attack influences assets performance;
Step 4: the intensity for the attack that computing system is subjected to, intensity value under fire are defined between 0~100, and 100 indicate benefit It with network attack generator, while simulating 100 kinds of initiation or more and attacking, 0 indicates not initiate simulation attack;
Step 5: the protective capacities of computing system, from intrusion prevention ability, checking and killing virus ability, identity distinguishing ability, access control These aspects of ability processed, security audit ability specifically are calculated, and are averaged, by taking identity identifies as an example, definition 0~100 Between, no password authentication is 0 point, and single-factor password authentication is 30 points, and double factor password authentication is 60 points, double factor combination physics Equipment certification is 90 points, and disposable biological feature verification is 100 points;
Step 6: calculating the numerical value of the defence evaluation of assets;
Step 7: calculating the numerical value that attack influences system business, system business influence is defined between 0~100, and 100 indicate system Service impact of uniting is minimum, and 0 indicates that system business influences maximum, and business can not work normally;
Step 8: calculating the numerical value of big data network safety situation evaluation, security postures value is defined between 0~100, and 100 indicate Security postures are best, without alarm event and trouble free service to be disposed;80 indicate security postures it is good, have a small amount of alarm event or Trouble free service to be disposed;60 indicate that security postures are substantially qualified, more alarm event and trouble free service to be disposed;0 indicates alarm Event and trouble free service to be disposed, and do not handle for a long time;
Step 9: it is cumulative by the weight of the multiple discrete points of synthesis, the calculated value of target network network security effectiveness is calculated.
2. the method as described in claim 1, which is characterized in that in step 1, using network traffics probe, network monitor equipment, The combination computational element of one or several of network audit equipment, network security defensive equipment, network safety prevention software it is each The factor value forward and backward by attack.
3. the method as described in claim 1, which is characterized in that the pretreatment includes eliminating redundancy.
4. the method as described in claim 1, which is characterized in that step 2 includes:
Step 2.1: attack is calculated to the influence value of network throughput, network throughput influence value is defined between 0~100, and 100 It is minimum to indicate that network throughput influences, 0 indicates that network throughput influence is maximum;
Step 2.2: attack is calculated to the influence value of network packet loss rate, network packet loss rate influence value is defined between 0~100, and 100 It indicates that Network Packet Loss is not present, 0 indicates the obstructed i.e. whole packet losses of network;
Step 2.3: calculate attack to the influence value of network overall response time, network overall response influence value be defined on 0~100 it Between, 100 indicate there is no network respond it is very real-time, absolutely not wait;0 expression network is not responding to, and is being waited always;
Step 2.4: the numerical value that attack always influences network performance being calculated based on step 2.1 to 2.3, is repeatedly tested, to survey Test result is averaged.
5. the method as described in claim 1, which is characterized in that step 3 includes:
Step 3.1: calculating attack to the influence value of cpu performance, cpu performance influence value is defined between 0~100, and 100 indicate CPU usage is preceding completely the same with attack;0 expression CPU usage is chronically at 100%;
Step 3.2: calculating attack to the influence value of internal memory performance, internal memory performance influence value is defined between 0~100, and 100 indicate Memory usage is preceding completely the same with attack;0 expression memory usage is chronically at 100%;
Step 3.3: calculating attack to the influence value of disk performance, disk performance influence value is defined between 0~100, and 100 indicate Magnetic disc i/o processing capacity is preceding completely the same with attack;0 indicates the failure of magnetic disc i/o processing capacity, is in complete down state;
Step 3.4: calculating the numerical value for the evaluation that attack always influences assets performance based on step 3.1 to 3.3, repeatedly surveyed Examination, is averaged test result.
6. the method as described in claim 1, which is characterized in that step 6 includes: step 6.1: establishing between attack and defence The attacking and defending incidence matrix interact, to cancel each other out, it is cumulative by the weight of the multiple discrete points of synthesis, target network is calculated The under fire changing value of front and back;
Step 6.2: passing through the number of success attack, success attack the time it takes, the value for the assets attacked, attack The number of steps of needed for loophole number, attack needed for required tool number, attack, calculates the numerical value of the defence evaluation of assets.
CN201811358905.0A 2018-11-15 2018-11-15 Network security efficiency evaluation method based on attacking and defending incidence matrix Pending CN109547242A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811358905.0A CN109547242A (en) 2018-11-15 2018-11-15 Network security efficiency evaluation method based on attacking and defending incidence matrix

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811358905.0A CN109547242A (en) 2018-11-15 2018-11-15 Network security efficiency evaluation method based on attacking and defending incidence matrix

Publications (1)

Publication Number Publication Date
CN109547242A true CN109547242A (en) 2019-03-29

Family

ID=65847622

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811358905.0A Pending CN109547242A (en) 2018-11-15 2018-11-15 Network security efficiency evaluation method based on attacking and defending incidence matrix

Country Status (1)

Country Link
CN (1) CN109547242A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110489974A (en) * 2019-08-21 2019-11-22 中国电子信息产业集团有限公司第六研究所 Attacking and defending tool performance appraisal procedure, device, electronic equipment and computer readable storage medium
CN114598534A (en) * 2022-03-14 2022-06-07 葛晓磊 Big data-based equipment detection early warning system
CN114726601A (en) * 2022-03-28 2022-07-08 北京计算机技术及应用研究所 Graph structure-based information security simulation modeling and verification evaluation method
CN115242502A (en) * 2022-07-21 2022-10-25 广东电网有限责任公司 Power system network security risk evaluation method, device, equipment and medium
CN115549951A (en) * 2022-08-15 2022-12-30 国家管网集团北方管道有限责任公司 Network security evaluation method and system for industrial control system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581155A (en) * 2012-08-08 2014-02-12 贵州电网公司信息通信分公司 Information security situation analysis method and system
CN103618691A (en) * 2013-10-24 2014-03-05 中国航天科工集团第二研究院七〇六所 Network security performance evaluation method
US20140359780A1 (en) * 2013-05-29 2014-12-04 Cytegic Ltd. Anti-cyber attacks control vectors
CN108040062A (en) * 2017-12-19 2018-05-15 湖北工业大学 A kind of network security situation evaluating method based on evidential reasoning rule
CN108306894A (en) * 2018-03-19 2018-07-20 西安电子科技大学 A kind of network security situation evaluating method and system that confidence level occurring based on attack

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581155A (en) * 2012-08-08 2014-02-12 贵州电网公司信息通信分公司 Information security situation analysis method and system
US20140359780A1 (en) * 2013-05-29 2014-12-04 Cytegic Ltd. Anti-cyber attacks control vectors
CN103618691A (en) * 2013-10-24 2014-03-05 中国航天科工集团第二研究院七〇六所 Network security performance evaluation method
CN108040062A (en) * 2017-12-19 2018-05-15 湖北工业大学 A kind of network security situation evaluating method based on evidential reasoning rule
CN108306894A (en) * 2018-03-19 2018-07-20 西安电子科技大学 A kind of network security situation evaluating method and system that confidence level occurring based on attack

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110489974A (en) * 2019-08-21 2019-11-22 中国电子信息产业集团有限公司第六研究所 Attacking and defending tool performance appraisal procedure, device, electronic equipment and computer readable storage medium
CN114598534A (en) * 2022-03-14 2022-06-07 葛晓磊 Big data-based equipment detection early warning system
CN114598534B (en) * 2022-03-14 2024-03-19 郑州市数字政通信息技术有限公司 Equipment detection early warning system based on big data
CN114726601A (en) * 2022-03-28 2022-07-08 北京计算机技术及应用研究所 Graph structure-based information security simulation modeling and verification evaluation method
CN115242502A (en) * 2022-07-21 2022-10-25 广东电网有限责任公司 Power system network security risk evaluation method, device, equipment and medium
CN115242502B (en) * 2022-07-21 2024-03-08 广东电网有限责任公司 Method, device, equipment and medium for evaluating network security risk of power system
CN115549951A (en) * 2022-08-15 2022-12-30 国家管网集团北方管道有限责任公司 Network security evaluation method and system for industrial control system
CN115549951B (en) * 2022-08-15 2023-06-16 国家管网集团北方管道有限责任公司 Network security assessment method and system for industrial control system

Similar Documents

Publication Publication Date Title
CN109547242A (en) Network security efficiency evaluation method based on attacking and defending incidence matrix
CN103618691B (en) Network security performance evaluation method
US8401679B2 (en) Methods and a system for detecting fraud in betting and lottery games
CN111949803B (en) Knowledge graph-based network abnormal user detection method, device and equipment
CN109889476A (en) A kind of network safety protection method and network security protection system
CN103888304B (en) A kind of method for detecting abnormality and relevant apparatus of multinode application
CN107911396A (en) Log in method for detecting abnormality and system
Chang et al. Sensor placement algorithms for fusion-based surveillance networks
CN109167794A (en) A kind of attack detection method of network-oriented system security measure
Liu et al. Correlating multi-step attack and constructing attack scenarios based on attack pattern modeling
US20150172302A1 (en) Interface for analysis of malicious activity on a network
CN108924084A (en) A kind of network equipment safety evaluation method and device
Avalappampatty Sivasamy et al. A dynamic intrusion detection system based on multivariate Hotelling’s T2 statistics approach for network environments
CN109561112A (en) A kind of artificial intelligence real-time detection security attack system
CN107612927B (en) Safety detection method for power dispatching automation system
CN115225384B (en) Network threat degree evaluation method and device, electronic equipment and storage medium
CN115378711A (en) Industrial control network intrusion detection method and system
CN116260715B (en) Account safety early warning method, device, medium and computing equipment based on big data
Al-Araji et al. Propose vulnerability metrics to measure network secure using attack graph
KR102574205B1 (en) Method and apparatus for network attack detection
CN112217838A (en) Network attack surface evaluation method based on cloud model theory
Khordadpour et al. FIDS: Fuzzy Intrusion Detection System for simultaneous detection of DoS/DDoS attacks in Cloud computing
KR20200039200A (en) Method and system for tracing and managing nuclear materials using permissioned and consortium blockchain
Bravo et al. New Features of User's Behavior to Distributed Denial of Service Attacks Detection in Application Layer.
Ramasubramanian et al. Quickprop neural network short-term forecasting framework for a database intrusion prediction system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190329