CN112232623A - Risk assessment method and related device - Google Patents

Risk assessment method and related device Download PDF

Info

Publication number
CN112232623A
CN112232623A CN202010923372.7A CN202010923372A CN112232623A CN 112232623 A CN112232623 A CN 112232623A CN 202010923372 A CN202010923372 A CN 202010923372A CN 112232623 A CN112232623 A CN 112232623A
Authority
CN
China
Prior art keywords
matrix
index
risk assessment
event
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010923372.7A
Other languages
Chinese (zh)
Inventor
葛健民
朱明浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dahua Technology Co Ltd
Original Assignee
Zhejiang Dahua Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dahua Technology Co Ltd filed Critical Zhejiang Dahua Technology Co Ltd
Priority to CN202010923372.7A priority Critical patent/CN112232623A/en
Publication of CN112232623A publication Critical patent/CN112232623A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/18Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Human Resources & Organizations (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Economics (AREA)
  • Computational Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Strategic Management (AREA)
  • Educational Administration (AREA)
  • Operations Research (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Game Theory and Decision Science (AREA)
  • Probability & Statistics with Applications (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a risk assessment method and a related device, wherein the risk assessment method comprises the following steps: acquiring historical statistical parameters of target factors in the index events to form the historical statistical parameters into a score list matrix of the index events; acquiring a first judgment matrix corresponding to the importance characteristic of the target factor; calculating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix; and performing set matrix operation on the first weight matrix and the score list matrix to obtain a risk evaluation score of the index event. By the mode, risk assessment can be carried out under the condition that no historical data exists, abnormal and abrupt assessment scores cannot be generated, corresponding calculation amount is small, and the corresponding assessment system is high in operation speed and efficiency.

Description

Risk assessment method and related device
Technical Field
The present disclosure relates to the field of risk assessment technologies, and in particular, to a risk assessment method and a related device.
Background
Along with the rise and development of urbanization of various countries in the world, the income per capita is continuously improved, the operational wealth per capita is continuously increased, the bank business volume is continuously increased, the basic data of a bank system is expanded, and therefore the corresponding log data, alarm data and running water data volume are obviously increased. Meanwhile, with the development of information technology, worms, trojans and the like on the network frequently appear, the security risk of the information system is continuously increased, and hackers can take advantage of the loophole of the system and the errors in operation and maintenance, so that the network model capable of predicting the risk in advance has great value.
However, the existing bank risk quantitative evaluation methods all require a large amount of historical data to model, and because the corresponding models are not provided with upper and lower boundary thresholds, the evaluation results of special off-spectra are easily generated.
Disclosure of Invention
The technical problem mainly solved by the application is to provide a risk assessment method and a related device, and the risk assessment method can solve the problems that in the prior art, a large amount of historical data is needed for risk assessment, a special off-spectrum result is easily generated, and the calculation amount is large.
In order to solve the above technical problem, the first technical solution adopted by the present application is: provided is a risk assessment method, wherein the risk assessment method comprises: acquiring historical statistical parameters of target factors in the index events to form the historical statistical parameters into a score list matrix of the index events; acquiring a first judgment matrix corresponding to the importance characteristic of the target factor; calculating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix; and performing set matrix operation on the first weight matrix and the score list matrix to obtain a risk evaluation score of the index event.
The method comprises the following steps of obtaining historical statistical parameters of target factors in index events, and forming the historical statistical parameters into a score list matrix of the index events, wherein the step of obtaining the historical statistical parameters of the target factors in the index events comprises the following steps: acquiring historical statistical parameters of target factors in the index events; and carrying out normalization operation on the historical statistical parameters so as to form the historical statistical parameters after the normalization operation into a score list matrix.
The method comprises the following steps of obtaining historical statistical parameters of target factors in index events, and forming the historical statistical parameters into a score list matrix of the index events, wherein the step of obtaining the historical statistical parameters of the target factors in the index events comprises the following steps: acquiring historical statistical parameters of target factors in the index events; and calculating the historical statistical parameters according to the maximum-minimum criterion so as to form the corresponding calculated scores into a score list matrix.
The step of performing set matrix operation on the first weight matrix and the score list matrix to obtain the risk assessment score of the index event comprises the following steps: and after the first weight matrix is transferred, performing inner product operation on the first weight matrix and the score list matrix to obtain a risk evaluation score of the index event.
The method comprises the following steps of obtaining a first judgment moment corresponding to the importance feature of the target factor, wherein the number of the target factor in the index event comprises at least two, and the step of obtaining the first judgment moment corresponding to the importance feature of the target factor comprises the following steps: a first judgment matrix is obtained, wherein the first judgment matrix is correspondingly configured according to the relative importance of each target factor in the index event to other target factors.
The method comprises the following steps of obtaining historical statistical parameters of target factors in the index events so as to form a score list matrix of the index events, wherein the index events comprise at least two sub-index events, each sub-index event further comprises a target factor, and the step of forming the historical statistical parameters into the score list matrix of the index events comprises the following steps: acquiring historical statistical parameters of target factors in each sub-index event in the index events so as to form the historical statistical parameters into a score list matrix of at least two sub-index events; the step of obtaining a first judgment matrix corresponding to the importance characteristic of the target factor includes: acquiring at least two first judgment matrixes corresponding to the importance characteristics of the target factors of each sub-index event; the step of operating the first judgment matrix through a preset rule to convert the first judgment matrix into a first weight matrix comprises the following steps: respectively operating each first judgment matrix through a preset rule so as to respectively convert each first judgment matrix into a corresponding first weight matrix; the step of performing set matrix operation on the first weight matrix and the score list matrix to obtain the risk assessment score of the index event comprises the following steps: performing set matrix operation on each first weight matrix and the corresponding score list matrix to obtain risk evaluation scores of at least two sub-index events; acquiring a second judgment matrix correspondingly configured according to the relative importance of each sub-index event in the index events to other sub-index events; calculating the second judgment matrix through a preset rule so as to convert the second judgment matrix into a second weight matrix; and performing set matrix operation on the second weight matrix and the list matrix generated correspondingly by the risk evaluation scores of the at least two sub-index events to obtain the risk evaluation score of the index event.
The method comprises the following steps of obtaining a risk assessment score of an index event, wherein the number of the index event comprises at least two, and after the step of performing set matrix operation on a first weight matrix and a score list matrix to obtain the risk assessment score of the index event, the method further comprises the following steps: and calculating the average value of the acquired risk assessment scores of the at least two index events.
In order to solve the above technical problem, the second technical solution adopted by the present application is: provided is a risk assessment method, wherein the risk assessment method comprises: acquiring historical statistical parameters of target factors in index events of target risk assessment items to form the historical statistical parameters into a score list matrix of the index events; acquiring a third judgment matrix corresponding to the importance characteristic of the target factor; calculating the third judgment matrix through a preset rule so as to convert the third judgment matrix into a third weight matrix; performing set matrix operation on the third weight matrix and the score list matrix to obtain a risk evaluation score of the index event; acquiring a fourth judgment matrix corresponding to the importance characteristic of the index event; calculating the fourth judgment matrix through a preset rule so as to convert the fourth judgment matrix into a fourth weight matrix; and performing set matrix operation on the fourth weight matrix and the list matrix corresponding to the risk assessment scores of the index events to obtain the risk assessment scores of the target risk assessment items.
The method comprises the following steps of obtaining historical statistical parameters of target factors in index events of target risk assessment items, and forming a score list matrix of the index events by the historical statistical parameters, wherein the index events comprise at least two sub-index events, each sub-index event further comprises a target factor, and the step of forming the historical statistical parameters into the score list matrix of the index events comprises the following steps: acquiring historical statistical parameters of target factors in each sub-index event in the index events of the target risk assessment items, and constructing the historical statistical parameters into a score list matrix of at least two sub-index events; the step of obtaining a third judgment matrix corresponding to the importance characteristic of the target factor includes: acquiring at least two third judgment matrixes corresponding to the importance characteristics of the target factors of each sub-index event; the step of calculating the third judgment matrix according to a preset rule to convert the third judgment matrix into a third weight matrix includes: respectively operating each third judgment matrix through a preset rule so as to respectively convert each third judgment matrix into a corresponding third weight matrix; the step of performing set matrix operation on the third weight matrix and the score list matrix to obtain the risk assessment score of the index event comprises the following steps: performing set matrix operation on each third weight matrix and the corresponding score list matrix to obtain risk evaluation scores of at least two sub-index events; acquiring a fifth judgment matrix correspondingly configured according to the relative importance of each sub-index event in the index events to other sub-index events; calculating the fifth judgment matrix through a preset rule to convert the fifth judgment matrix into a fifth weight matrix; and performing set matrix operation on the fifth weight matrix and the list matrix generated correspondingly by the risk evaluation scores of the at least two sub-index events to obtain the risk evaluation score of the index event.
The target risk assessment items comprise one of self-service bank risk assessment, website security risk assessment, security platform application condition assessment and platform comprehensive application.
The target risk assessment item is self-service bank security risk assessment, the index event is a security event, the index event comprises a first sub-index event and a second sub-index event, the first sub-index event is threatening, the second sub-index event is fragile, the threatening target factors are alarming, abnormal behavior alarming and prompting, and the fragile target factors are misoperation types, equipment offline, equipment failure and video opening failure rate.
In order to solve the above technical problem, the third technical solution adopted by the present application is: provided is a risk assessment apparatus, wherein the risk assessment apparatus includes: the acquisition module is used for acquiring historical statistical parameters of the target factors in the index events and a first judgment matrix corresponding to the importance characteristics of the target factors; and the processing module is coupled with the acquisition module and used for forming the historical statistical parameters into a score list matrix of the index event, calculating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix, and further performing set matrix operation on the first weight matrix and the score list matrix so as to acquire the risk evaluation score of the index event.
In order to solve the above technical problem, a fourth technical solution adopted by the present application is: provided is a risk assessment apparatus, wherein the risk assessment apparatus includes: the acquisition module is used for acquiring historical statistical parameters of target factors in the index events of the target risk assessment items, a third judgment matrix corresponding to the importance characteristics of the target factors and a fourth judgment matrix corresponding to the importance characteristics of the index events; and the processing module is coupled with the acquisition module and used for configuring the historical statistical parameters into a score list matrix of the index event, calculating the third judgment matrix through a preset rule to convert the third judgment matrix into a third weight matrix, further performing set matrix calculation on the third weight matrix and the score list matrix to acquire the risk assessment score of the index event, calculating the fourth judgment matrix through the preset rule to convert the fourth judgment matrix into a fourth weight matrix, and performing set matrix calculation on the fourth weight matrix and the list matrix corresponding to the risk assessment score of the index event to acquire the risk assessment score of the target risk assessment item.
In order to solve the above technical problem, a fifth technical solution adopted by the present application is: providing an intelligent terminal, wherein the intelligent terminal comprises a memory and a processor which are coupled with each other; the memory stores program data; the processor is configured to execute the program data to implement the risk assessment method as described in any one of the above.
In order to solve the above technical problem, a sixth technical solution adopted in the present application is: there is provided a computer readable storage medium having stored thereon program data executable by a processor to implement a risk assessment method as defined in any one of the above.
The beneficial effect of this application is: different from the prior art, the risk assessment method in the embodiment of the application comprises the following steps: acquiring historical statistical parameters of target factors in the index events so as to correspondingly generate a score list matrix of the index events by the historical statistical parameters; acquiring a first judgment matrix corresponding to the importance characteristic of the target factor; calculating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix; the first weight matrix and the score list matrix are subjected to set matrix operation to obtain the risk evaluation score of the index event, so that an algorithm or a network model of a risk evaluation method can be constructed without the help of historical data, the obtained historical statistical parameters are directly subjected to corresponding operation to obtain the risk evaluation score of the index event, the first judgment matrix and the first weight matrix correspond to the importance degree characteristics of the target factors in the index event, the risk evaluation score obtained by the operation of the score list matrix corresponding to the historical statistical parameters cannot generate an abnormally sharp numerical value, the training and classification processing of a deep network learning model are not needed, the corresponding calculated amount is small, the operation speed of a corresponding evaluation system is high, and the efficiency is high.
Drawings
FIG. 1 is a schematic flow chart of a first embodiment of the risk assessment method of the present application;
FIG. 2 is a schematic flow chart of a second embodiment of the risk assessment method of the present application;
FIG. 3 is a schematic flow chart of a third embodiment of the risk assessment method of the present application;
FIG. 4 is a schematic flow chart of a fourth embodiment of the risk assessment method of the present application;
FIG. 5 is a schematic flow chart of a fifth embodiment of the risk assessment method of the present application;
FIG. 6 is a schematic structural diagram of a first specific application scenario of the risk assessment method of the present application;
FIG. 7 is a schematic structural diagram of a second specific application scenario of the risk assessment method of the present application;
FIG. 8 is a schematic structural diagram of a third specific application scenario of the risk assessment method of the present application;
fig. 9 is a schematic structural diagram of a fourth specific application scenario of the risk assessment method of the present application;
FIG. 10 is a schematic structural diagram of an embodiment of the risk assessment device of the present application;
FIG. 11 is a schematic structural diagram of an embodiment of the risk assessment device of the present application;
FIG. 12 is a schematic structural diagram of an embodiment of an intelligent terminal according to the present application;
FIG. 13 is a schematic structural diagram of an embodiment of a computer-readable storage medium of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flow chart of a risk assessment method according to a first embodiment of the present application. The embodiment comprises the following steps:
s11: and acquiring historical statistical parameters of the target factors in the index events to form the historical statistical parameters into a score list matrix of the index events.
Specifically, the intelligent terminal integrated with the risk assessment network model first obtains historical statistical parameters of target factors in index events aiming at risk assessment, for example, when the risk assessment is required for a security event in the self-service bank security risk assessment, historical statistical data such as the number of effective alarms, the number of abnormal behavior alarms, and the number of prompts (the sum of two failure occurrence times of a detector analyzed according to a prompt data model) and the like, which are statistically stored in a database corresponding to the self-service bank within a set time, are first obtained, wherein the set time can be any reasonable time such as 180 days, 120 days, 240 days and the like, and can be adjusted and set by a user as required, and corresponding historical statistical parameters can also be input into the risk assessment network model of the intelligent terminal by the user as required.
Further, after obtaining the historical statistical parameters of the target factors in the index event, the historical statistical parameters are sequentially arranged to form a score list matrix of the index event.
S12: and acquiring a first judgment matrix corresponding to the importance degree characteristics of the target factors.
Further, the result of analyzing and judging the importance characteristics of the target factors is obtained, and the given first judgment matrix, for example, the relative importance of each target factor in the security incident of the self-service bank is analyzed and judged by a professional for corresponding bank risk assessment, and the corresponding assessment parameters are input into the corresponding risk assessment network model to obtain the first judgment matrix.
The importance characteristic of the target factor specifically refers to a judgment result obtained by comparing importance degrees of risk evaluations among target factors included in the index event in risk evaluation of the index event, and corresponding quantitative parameters are correspondingly given to form a first judgment matrix.
Specifically, when the index event only includes one target factor, the target factor is compared with itself, and which is relatively more important in performing risk assessment on the index event, it can be known that the comparison result will be 1, that is, the corresponding first determination matrix is a one-dimensional matrix including only one element and number 1; when the number of the target factors in the index event is at least two, the importance characteristic of the target factor is the relative importance characteristic of each target factor in the index event relative to other target factors, that is, whether the importance degree of each target factor in the risk assessment of the index event is higher or lower relative to other target factors, when the quantization parameter corresponding to the importance degree characteristic of one of the target factors is determined to be 1, it indicates that the quantization parameter corresponding to the target factor with higher importance degree is more than 1, the quantization parameter corresponding to the target factor with lower importance degree is less than 1, and the corresponding quantization parameter can quantize the difference of the importance degree of the two quantization parameters, if the difference is large, the difference corresponding to the two quantization parameters is large, and if the difference is small, the difference corresponding to the two quantization parameters is small, so that the obtained quantization parameters form a corresponding first judgment matrix. The first judgment matrix can be reasonably input and adjusted by a user according to an actual application scene.
Specifically, taking target factors included in a security event in a self-service bank as an effective alarm, an abnormal behavior alarm and a prompt as an example, wherein the risk assessment network model compares the importance of the target factors in the index event pairwise according to an analytic hierarchy process to perform importance configuration, that is, the importance represents the relative importance between the target factors related to the index event, and the importance is distinguished as: equally important, slightly important, more important, very important, absolutely important, which correspond to the quantized values [1, 3, 5, 7, 9], respectively.
Therefore, when the corresponding risk assessment personnel judge that the importance of the abnormal behavior alarm and the prompt is lower than that of the effective alarm by taking the importance of the effective alarm as 1, the relative importance parameter of the abnormal behavior alarm can be determined to be 1/3 according to the corresponding relative importance, and the prompt is 1/5; when the importance of the abnormal behavior alarm is 3 and the importance of the effective behavior alarm and the prompt is judged to be lower than that of the effective alarm, the relative importance parameter of the effective alarm is determined to be 1 according to the corresponding relative importance, the prompt is 1/3, and the first judgment matrix A is obtained by sequentially processing the parameters:
Figure BDA0002667484570000081
it can be understood that the first determination matrix a is obtained by analyzing and determining the relative importance of the corresponding target factor by a risk assessment person according to his experience, for example, when it is determined that an effective alarm is more important than a security incident of an abnormal behavior alarm in an automated banking, and when determining the importance data of the effective alarm, the relative importance data of the abnormal behavior alarm is smaller, so as to input the sequentially obtained data into the corresponding risk assessment network model to obtain the first determination matrix a, and the corresponding parameter in the first determination matrix a may be other values, which can be reasonably assessed and determined by a user according to an actual application scenario, which is not limited in the present application.
S13: and operating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix.
Specifically, after the first judgment matrix is obtained, the first judgment matrix is operated through a preset rule so as to convert the first judgment matrix into a first weight matrix.
Taking the first determination matrix as the matrix a, the corresponding preset rule may be:
a_axis_0_sum=A.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W=list(b_axis_1_sum/sum(b_axis_1_sum))。
wherein, the W is a first weight matrix obtained by performing operation conversion on the first judgment matrix a.
S14: and performing set matrix operation on the first weight matrix and the score list matrix to obtain a risk evaluation score of the index event.
Specifically, after a first weight matrix and a score List matrix corresponding to a target factor in an index event are obtained, a set matrix operation is performed on the first weight matrix and the score List matrix, for example, taking the first weight matrix as W and the score List matrix as List11, the first weight matrix W is inverted and then is subjected to an inner product with the score List matrix List11, so as to obtain a risk assessment score of the index eventT*List11。
Different from the prior art, the risk assessment method in the embodiment includes: acquiring historical statistical parameters of target factors in the index events so as to correspondingly generate a score list matrix of the index events by the historical statistical parameters; acquiring a first judgment matrix corresponding to the importance characteristic of the target factor; calculating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix; the first weight matrix and the score list matrix are subjected to set matrix operation to obtain the risk evaluation score of the index event, so that an algorithm or a network model of a risk evaluation method can be constructed without the help of historical data, the obtained historical statistical parameters are directly subjected to corresponding operation to obtain the risk evaluation score of the index event, the first judgment matrix and the first weight matrix correspond to the importance degree characteristics of the target factors in the index event, the risk evaluation score obtained by the operation of the score list matrix corresponding to the historical statistical parameters cannot generate an abnormally sharp numerical value, the training and classification processing of a deep network learning model are not needed, the corresponding calculated amount is small, the operation speed of a corresponding evaluation system is high, and the efficiency is high.
Referring to fig. 2, fig. 2 is a schematic flow chart of a risk assessment method according to a second embodiment of the present application. The risk assessment method of the present embodiment is a flowchart of a detailed embodiment of the risk assessment method in fig. 1, and includes the following steps:
s21: and acquiring historical statistical parameters of the target factors in the index events.
Specifically, the intelligent terminal integrated with the risk assessment network model first obtains historical statistical parameters of target factors in index events aiming at risk assessment, for example, when the risk assessment is required for a security event in the self-service bank security risk assessment, historical statistical data such as the number of effective alarms, the number of abnormal behavior alarms, and the number of prompts (the sum of two failure occurrence times of a detector analyzed according to a prompt data model) and the like, which are statistically stored in a database corresponding to the self-service bank within a set time, are first obtained, wherein the set time can be any reasonable time such as 180 days, 120 days, 240 days and the like, and can be adjusted and set by a user as required, and corresponding historical statistical parameters can also be input into the risk assessment network model of the intelligent terminal by the user as required.
S22: and carrying out normalization operation on the historical statistical parameters so as to form the historical statistical parameters after the normalization operation into a score list matrix.
Furthermore, normalization operation is carried out on the acquired historical statistical parameters, so that the historical statistical parameters after normalization operation are sequentially arranged, a score list matrix of the index event is further formed, the subsequent calculation amount for risk assessment can be reduced, and the corresponding calculation efficiency can be improved.
In another embodiment, after obtaining the historical statistical parameters of the target factors in the index event, the historical statistical parameters may be further calculated according to a max-min criterion, such as min _ max normalization, so as to generate a score list matrix of the index event corresponding to the calculated corresponding scores.
Specifically, taking the index event as a device class of an automated banking machine, and a target factor in the index event as a non-security device class (currently, the ATM (automated teller machine) is only indicated, and the larger the number is, the less security is), in the device class of the automated banking machine, assuming that the maximum value of the number of the ATMs within the management range of the risk assessment network model in the corresponding intelligent terminal is 5, and the minimum value is 1, the number is scored in percentage, where the score of 5 is 0, and the score of 1 is 100, when the number of the ATMs is 2, the score of the non-security device class is: (2-5)/(1-5) × 100 ═ 75 points, i.e., the score list matrix for the corresponding index event is [75 ].
S23: and acquiring a first judgment matrix corresponding to the importance degree characteristics of the target factors.
S24: and operating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix.
S23 and S24 are the same as S12 and S13 in fig. 1, respectively, and please refer to S12 and S13 and the related text description thereof, which are not repeated herein.
S25: and after the first weight matrix is transferred, performing inner product operation on the first weight matrix and the score list matrix to obtain a risk evaluation score of the index event.
Specifically, taking the first weight matrix W and the score List matrix List11 as examples, the first weight matrix W is inverted and then inner-multiplied with the score List matrix List11 to obtain the risk assessment score Sccres ═ W of the index eventT*List11。
In other embodiments, when the number of indicator events includes at least two, after S25, the method further includes: and calculating the average value of the risk assessment scores of at least two acquired index events respectively, and taking the acquired average value as the final risk assessment score of the whole index event.
Referring to fig. 3, fig. 3 is a schematic flow chart of a risk assessment method according to a third embodiment of the present application. The risk assessment method of the present embodiment is a flowchart of a detailed embodiment of the risk assessment method in fig. 1, and in the present embodiment, the corresponding index event includes at least two sub-index events, and each sub-index event further includes at least one target factor, which includes the following steps:
s31: and acquiring historical statistical parameters of the target factors in each sub-index event in the index event so as to form the historical statistical parameters into a score list matrix of at least two sub-index events.
Specifically, the intelligent terminal integrated with the risk assessment network model firstly obtains the historical statistical parameters of the target factors included in each sub-index event in the index events which the intelligent terminal aims to perform risk assessment. For example, when a security event in self-service bank security risk assessment needs to be risk assessed, first, a history statistical parameter of threat of the security event, such as statistics stored in a database corresponding to the self-service bank within a set time, is obtained: historical statistical data such as the number of effective alarms, the number of abnormal behavior alarms, and the number of prompts (the sum of the two failure occurrence times of the detector analyzed according to a prompt data model); historical statistical parameters of the vulnerability of the security event: counting parameters such as misoperation times, equipment offline times, equipment failure times, video failure rate and the like; the set time can be any reasonable time such as 180 days, 120 days, 240 days and the like, the set time can be adjusted by a user according to needs, and corresponding historical statistical parameters can also be input into the risk assessment network model of the intelligent terminal by the user according to needs.
Further, after the historical statistical parameters of the target factors of each sub-index event in the index event are respectively obtained, the historical statistical parameters are sequentially arranged so as to respectively and correspondingly form a score list matrix of at least two sub-index events.
S32: and acquiring at least two first judgment matrixes corresponding to the importance characteristics of the target factors of each sub-index event.
Further, the result of analyzing and judging the relative importance of the target factor of each sub-index event is respectively obtained, and a first judgment matrix corresponding to each sub-index event is given. For example, the relative importance of each target factor in the threat and the vulnerability in the security event of the self-service bank is analyzed and judged by a professional of the corresponding bank risk assessment, so that the corresponding assessment parameters are input into the corresponding risk assessment network model, and a first judgment matrix of the threat and a first judgment matrix of the vulnerability are obtained.
It can be understood that the first determination matrix can be adjusted by the user according to the actual application scenario, and when the number of the target factors of one sub-index event is one, the corresponding first determination matrix is a one-dimensional matrix including only one element, numeral 1. When the number of the target factors in the sub-index event is at least two, the corresponding first judgment matrix is obtained by correspondingly configuring the relative importance of each target factor in the sub-index event to other target factors.
S33: and respectively operating each first judgment matrix through a preset rule so as to respectively convert each first judgment matrix into a corresponding first weight matrix.
Specifically, after the first judgment matrix of each sub-index event is obtained, each corresponding first judgment matrix is respectively operated through a preset rule, so that each first judgment matrix is respectively converted into a corresponding first weight matrix.
Taking the obtained first determination matrix as the matrices a and B as an example, the corresponding preset rule may be:
a_axis_0_sum=A.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W1=list(b_axis_1_sum/sum(b_axis_1_sum));
a_axis_0_sum=B.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W2=list(b_axis_1_sum/sum(b_axis_1_sum))。
wherein, W1And W2The first weight matrix is obtained by respectively operating the first judgment matrixes A and B corresponding to the two sub-index events. It can be understood that the first determination matrices a and B respectively correspond to different target factors in different sub-indicator events, and corresponding parameters included in the first determination matrices a and B may be the same or different, and may be given by a user through reasonable evaluation and determination according to an actual application scenario, which is not limited in the present application.
S34: and performing set matrix operation on each first weight matrix and the corresponding score list matrix to obtain the risk evaluation scores of at least two sub-index events.
Further, after at least two first weight matrixes corresponding to each sub-index event and a score list matrix corresponding to the historical statistical parameter of the target factor in each sub-index event are obtained, set matrix operation is respectively carried out on each first weight matrix and the corresponding score list matrix to obtain risk assessment scores of the at least two sub-index events.
Wherein, the index event aiming at risk assessment comprises two sub-index events, and the corresponding first weight matrixes are respectively W1And W2For example, the score List matrixes corresponding to the target factors in the two sub-indicator events are List11 and List12, so that two sub-indicators can be obtainedThe risk assessment scores of the events are respectively
Figure BDA0002667484570000132
And
Figure BDA0002667484570000133
s35: a second decision matrix is obtained that is configured according to the relative importance of each sub-indicator event in the indicator events to other sub-indicator events.
Specifically, the user sequentially analyzes and judges the relative importance of each sub-indicator event in the indicator event to other sub-indicator events, so as to correspondingly input corresponding parameters in the corresponding risk assessment network model, thereby configuring a second judgment matrix. For example, after the relative importance analysis is performed on the two sub-indicator events, a second judgment matrix is configured to be:
Figure BDA0002667484570000131
s36: and operating the second judgment matrix through a preset rule so as to convert the second judgment matrix into a second weight matrix.
Specifically, after the second decision matrix is obtained, the second decision matrix is calculated according to a preset rule, where taking the second decision matrix as matrix C as an example, the corresponding preset rule may be:
a_axis_0_sum=C.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W3=list(b_axis_1_sum/sum(b_axis_1_sum))。
wherein, W3The second weight matrix is obtained after the second judgment matrix C is subjected to operation conversion.
S37: and performing set matrix operation on the second weight matrix and the list matrix generated correspondingly by the risk evaluation scores of the at least two sub-index events to obtain the risk evaluation score of the index event.
Specifically, the second weight matrix W is obtained3Then, a list matrix generated by corresponding risk assessment Scores of at least two sub-index events is further obtained, and if the two sub-index events mentioned above are taken as an example, the list matrix is L ═ Scores1, Scores2]And further to the second weight matrix W3And performing set matrix calculation on the list matrix L to obtain risk evaluation scores of corresponding index events
Figure BDA0002667484570000141
Wherein, W3[0]Is W3First number of first columns in (1), W3[1]Is W3The first number of the second column in (b).
Referring to fig. 4, fig. 4 is a schematic flow chart of a risk assessment method according to a fourth embodiment of the present application.
S41: and acquiring historical statistical parameters of the target factors in the index events of the target risk assessment items to form the historical statistical parameters into a score list matrix of the index events.
Specifically, the intelligent terminal integrated with the risk assessment network model first obtains historical statistical parameters of target factors in index events of target risk assessment items. For example, when the user usage liveness in the security platform application situation evaluation needs to be evaluated for risk, first, the target factors in the index events statistically stored in the corresponding database of the security platform within a set time, such as the number of professional security personnel, the number of other personnel in the line, the number of outsourcing personnel and other statistical parameters in the user usage liveness are obtained. The set time can be any reasonable time such as 180 days, 120 days, 240 days and the like, the set time can be adjusted by a user according to needs, and corresponding historical statistical parameters can also be input into the risk assessment network model of the intelligent terminal by the user according to needs.
Further, after the historical statistical parameters of the target factors in the index event of the target risk assessment item are respectively obtained, namely the number of the full-time defenders, the number of other personnel in the line and the number of outsourcing personnel in the use activity of the user, the historical statistical parameters are respectively arranged in sequence to correspondingly generate the index event, namely the score list matrix of the use activity of the user.
Optionally, the target risk assessment item may be one of any reasonable risk assessment items such as risk assessment of self-service banks, security risk assessment of network points, application condition assessment of security platforms, and platform comprehensive application, and the comparison is not limited in the present application.
S42: and acquiring a third judgment matrix corresponding to the importance degree characteristics of the target factors.
Further, a result of analyzing and judging the relative importance of the target factor in the index event is obtained, and the given third judgment matrix is obtained, for example, after a professional for corresponding bank risk evaluation analyzes and judges the relative importance of each target factor in the security event of the self-service bank, the corresponding evaluation parameter is input into the corresponding risk evaluation network model, so as to obtain the third judgment matrix.
It can be understood that the third determination matrix can be adjusted by the user according to the actual application scenario, and when the number of the target factors is one, the corresponding third determination matrix is a one-dimensional matrix including only one element, numeral 1. And when the number of the target factors in the index event is at least two, the third judgment matrix is obtained by correspondingly configuring the relative importance of each target factor to other target factors.
Specifically, taking target factors included in a security event in a self-service bank as an effective alarm, an abnormal behavior alarm and a prompt as an example, wherein the risk assessment network model compares the importance of the target factors in the index event pairwise according to an analytic hierarchy process to perform importance configuration, that is, the importance represents the relative importance between the target factors related to the index event, and the importance is distinguished as: equally important, slightly important, more important, very important, absolutely important, which correspond to the quantized values [1, 3, 5, 7, 9], respectively.
Therefore, when the corresponding risk assessment personnel judge that the importance of the abnormal behavior alarm and the prompt is lower than that of the effective alarm by taking the importance of the effective alarm as 1, the relative importance parameter of the abnormal behavior alarm can be determined to be 1/3 according to the corresponding relative importance, and the prompt is 1/5; when the importance of the abnormal behavior alarm is 3 and the importance of the effective behavior alarm and the prompt is judged to be lower than that of the effective alarm, the relative importance parameter of the effective alarm can be determined to be 1 according to the corresponding relative importance, the prompt is 1/3, and a third judgment matrix D is obtained by sequentially processing the parameters:
Figure BDA0002667484570000151
it can be understood that the third determination matrix D is obtained by analyzing and determining the relative importance of the corresponding target factor by the risk assessment person according to the practical experience of the risk assessment person, for example, when the risk assessment person considers that the effective alarm is more important than the security event of the abnormal behavior alarm in the self-service bank, and when the importance data of the effective alarm is determined, the relative importance data of the abnormal behavior alarm is smaller, so that the sequentially obtained data is input into the corresponding risk assessment network model to obtain the third determination matrix D, and the corresponding parameter in the third determination matrix D may be other values, which can be reasonably assessed and determined by the user according to the practical application scenario, which is not limited in the present application.
S43: and operating the third judgment matrix through a preset rule so as to convert the third judgment matrix into a third weight matrix.
Specifically, after the third determination matrix is obtained, the third determination matrix is operated according to a preset rule to convert the third determination matrix into a third weight matrix.
Taking the third determination matrix as the matrix D, the corresponding preset rule may be:
a_axis_0_sum=D.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W4=list(b_axis_1_sum/sum(b_axis_1_sum))。
wherein, W4Namely, the third weight matrix is obtained after the third judgment matrix D is operated.
S44: and performing set matrix operation on the third weight matrix and the score list matrix to obtain a risk evaluation score of the index event.
Specifically, after a third weight matrix and a score list matrix corresponding to the index event are obtained, a set matrix operation is performed on the third weight matrix and the score list matrix, for example, the third weight matrix is taken as W4For example, the score List matrix is List14, and the third weight matrix W is inverted and then inner-multiplied with the score List matrix List14 to obtain the risk assessment score of the index event
Figure BDA0002667484570000161
S45: and acquiring a fourth judgment matrix corresponding to the importance characteristic of the index event.
Further, a result of analyzing and judging the relative importance of the index event in the target risk assessment item is obtained, and the given fourth determination matrix is obtained, for example, the relative importance of the security event and the asset value in the self-service bank is analyzed and judged by a professional for bank risk assessment, and the corresponding assessment parameter is correspondingly input into the corresponding risk assessment network model, so as to obtain the fourth determination matrix.
S46: and operating the fourth judgment matrix through a preset rule so as to convert the fourth judgment matrix into a fourth weight matrix.
Specifically, after the fourth determination matrix is obtained, the fourth determination matrix is operated according to a preset rule, so that the fourth determination matrix is converted into a fourth weight matrix.
Taking the fourth determination matrix as E, the corresponding preset rule may be:
a_axis_0_sum=E.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W5=list(b_axis_1_sum/sum(b_axis_1_sum))。
wherein, W5The fourth weight matrix is obtained after the fourth judgment matrix E is operated.
S47: and performing set matrix operation on the fourth weight matrix and the list matrix corresponding to the risk assessment scores of the index events to obtain the risk assessment scores of the target risk assessment items.
Specifically, the fourth weight matrix W is obtained5Then, a list matrix generated by corresponding risk assessment Scores of the corresponding index events is further obtained, and if the index events are still mentioned as an example, the list matrix is L1 ═ Scores4]And further to the fourth weight matrix W5And the list matrix L1 to obtain the risk assessment score of the corresponding target risk assessment item
Figure BDA0002667484570000171
In another embodiment, the number of index events in the target risk assessment item may further include at least two, that is, each index event may obtain its corresponding risk assessment score Scores4 through the above operation, and the corresponding list matrix L1 is also composed of at least two elements, so as to be further related to the fourth weight matrix W5And calculating a setting matrix to obtain a risk assessment score 5 of the target risk assessment item.
Referring to fig. 5, fig. 5 is a schematic flow chart of a risk assessment method according to a fifth embodiment of the present application. The risk assessment method of the present embodiment is a flowchart of a detailed embodiment of the risk assessment method in fig. 4, and in the present embodiment, the indicator event of the target risk assessment item includes at least two sub-indicator events, and each sub-indicator event further includes at least one target factor, which includes the following steps:
s51: and acquiring historical statistical parameters of the target factors in each sub-index event in the index events of the target risk assessment item, so as to form the historical statistical parameters into a score list matrix of at least two sub-index events.
Specifically, the intelligent terminal integrated with the risk assessment network model first obtains historical statistical parameters of target factors included in each sub-index event in the index events of the target risk assessment items.
Further, after the historical statistical parameters of the target factors of each sub-index event in the index event are respectively obtained, the historical statistical parameters are further respectively arranged in sequence so as to correspondingly and respectively form a score list matrix of at least two sub-index events.
Optionally, the target risk assessment item is a self-service bank security risk assessment, the index event is a security event, the index event further includes a first sub-index event and a second sub-index event, the first sub-index event is a threat, the second sub-index event is a vulnerability, the target factors of the threat are an alarm, an abnormal behavior alarm and a prompt, and the target factors of the vulnerability are a misoperation class, an equipment offline, an equipment failure and an open video failure rate.
It can be understood that, when a risk assessment needs to be performed on a security event in the self-service bank security risk assessment, first, obtaining a historical statistical parameter, such as threat of the security event, statistically stored in a corresponding database of the self-service bank within a set time: the number of effective alarms, the number of abnormal behavior alarms, the number of prompting times (the sum of the two failure occurrence times of the detector analyzed according to a prompting data model), and other statistical data; historical statistical parameters of the vulnerability of the security event: counting parameters such as misoperation times, equipment offline times, equipment failure times, video failure rate and the like; the set time can be any reasonable time such as 180 days, 120 days, 240 days and the like, the set time can be adjusted and set by a user according to needs, and corresponding historical statistical parameters can also be input into the risk assessment network model of the intelligent terminal by the user according to needs, so that after the historical statistical parameters are obtained, a threatening score list matrix of the security event and a vulnerability score list matrix of the security event are correspondingly and respectively formed.
In another embodiment, after obtaining the historical statistical parameters of the target factors in each sub-index event of the target risk assessment item, the method further comprises performing normalization operation on each historical statistical parameter, so that the normalized historical statistical parameters are correspondingly generated into a score list matrix of each sub-index event, thereby reducing the calculation amount in subsequent risk assessment and improving the corresponding calculation efficiency.
In another embodiment, after obtaining the historical statistical parameters of the target factors in each sub-indicator event, each historical statistical parameter may be further calculated according to a max-min criterion, such as min _ max normalization, so as to construct the calculated corresponding score as a score list matrix for each sub-indicator event.
Specifically, taking one of the sub-index events as an equipment class of the self-service bank, and taking a target factor in the sub-index event as a non-security equipment class (currently, the larger the number is, the less security is), in the equipment class of the self-service bank, as an example, assuming that the maximum value of the number of the ATMs in the management range of the risk assessment network model in the corresponding intelligent terminal is 5, and the minimum value is 1, the number is scored in percentage, wherein the score of 5 is 0, and the score of 1 is 100, when the number of the ATMs is 2, the score of the non-security equipment class is: (2-5)/(1-5) × 100 ═ 75 points, i.e., the score list matrix for the corresponding index event is [75 ].
S52: and acquiring at least two third judgment matrixes corresponding to the importance characteristics of the target factors of each sub-index event.
Further, the result of analyzing and judging the importance characteristics of the target factors in each sub-index event is respectively obtained, and a third judgment matrix corresponding to each sub-index event is given. For example, the relative importance of each target factor in the threat and the vulnerability in the security event of the self-service bank is analyzed and judged by a professional person for corresponding bank risk assessment, so that corresponding assessment parameters are input into a corresponding risk assessment network model, and a third judgment matrix of the threat and a third judgment matrix of the vulnerability are obtained.
It can be understood that the third determination matrix can be adjusted by the user according to the actual application scenario, and when the number of the target factors of one sub-index event is one, the corresponding third determination matrix is a one-dimensional matrix including only one element, numeral 1. And when the number of the target factors in the sub-index event is at least two, the corresponding third judgment matrix is obtained by correspondingly configuring the relative importance of each target factor in the sub-index event to other target factors.
S53: and respectively operating each third judgment matrix through a preset rule so as to respectively convert each third judgment matrix into a corresponding third weight matrix.
Specifically, after the third determination matrix of each sub-index event is obtained, each third determination matrix is respectively operated through a preset rule, so that each third determination matrix is respectively converted into a corresponding third weight matrix.
Taking the obtained corresponding third determination matrices F and G as examples, the corresponding preset rule may be:
a_axis_0_sum=F.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W6=list(b_axis_1_sum/sum(b_axis_1_sum));
a_axis_0_sum=G.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W7=list(b_axis_1_sum/sum(b_axis_1_sum))。
wherein, W6And W7Namely, the third weight matrix is obtained after the third judgment matrixes F and G are operated. It can be understood that the third determination matrices F and G respectively correspond to different target factors in different sub-indicator events, and corresponding parameters included in the third determination matrices F and G may be the same or different, and may be given by a user through reasonable evaluation and determination according to an actual application scenario, which is not limited in the present application.
S54: and performing set matrix operation on each third weight matrix and the corresponding score list matrix to obtain the risk evaluation scores of at least two sub-index events.
Further, after obtaining at least two third weight matrices corresponding to each sub-index event and a score list matrix corresponding to the historical statistical parameter of the target factor in each sub-index event, performing a set matrix operation on each third weight matrix and the corresponding score list matrix, for example, performing an inner product operation on each third weight matrix and the corresponding score list matrix after transforming each third weight matrix, so as to obtain risk assessment scores of at least two sub-index events.
Wherein the index event of the target risk assessment item comprises two sub-index events, and the corresponding third weight matrixes are respectively W6And W7For example, the score List matrixes corresponding to the two sub-index events are List13 and List14, respectively, and accordingly, the risk assessment scores of the two sub-index events are respectively
Figure BDA0002667484570000201
And
Figure BDA0002667484570000202
s55: and acquiring a fifth judgment matrix correspondingly configured according to the relative importance of each sub-index event in the index events to other sub-index events.
Further, the user sequentially analyzes and judges the relative importance of each sub-index event in the index events to other sub-index events, so as to correspondingly input corresponding parameters in the corresponding risk assessment network model, and configure a fifth judgment matrix.
S56: and operating the fifth judgment matrix through a preset rule to convert the fifth judgment matrix into a fifth weight matrix.
Further, after the fifth judgment matrix is obtained, the fifth judgment matrix is operated according to a preset rule, where taking the fifth judgment matrix as the matrix H as an example, the corresponding preset rule may be:
a_axis_0_sum=H.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W8=list(b_axis_1_sum/sum(b_axis_1_sum))。
wherein, W8The fifth weight matrix is obtained after the fifth judgment matrix H is operated.
S57: and performing set matrix operation on the fifth weight matrix and the list matrix generated correspondingly by the risk evaluation scores of the at least two sub-index events to obtain the risk evaluation score of the index event.
Specifically, the fifth weight matrix W is obtained8Then, a list matrix generated by corresponding risk assessment Scores of at least two sub-index events is further obtained, and if the two sub-index events mentioned above are still taken as an example, the list matrix is L2 ═ Scores6, Scores7]And further to the second weight matrix W3And the list matrix L2 for calculating the setting matrix to obtain the risk evaluation score of the corresponding index event
Figure BDA0002667484570000211
Wherein, W8[0]Is W8First number of first columns in (1), W8[1]Is W8The first number of the second column in (b).
S58: and acquiring a fourth judgment matrix corresponding to the relative importance of the index event.
Further, a result of analyzing and judging the relative importance of the index event in the target risk assessment item is obtained, and the given fourth determination matrix is obtained, for example, the relative importance of the security event and the asset value in the self-service bank is analyzed and judged by a professional for bank risk assessment, and the corresponding assessment parameter is input into the corresponding risk assessment network model to obtain the fourth determination matrix.
S59: and operating the fourth judgment matrix through a preset rule so as to convert the fourth judgment matrix into a fourth weight matrix.
Specifically, after the fourth determination matrix is obtained, the fourth determination matrix is operated according to a preset rule, so that the fourth determination matrix is converted into a fourth weight matrix.
Taking the fourth determination matrix as the matrix E, the corresponding preset rule may be:
a_axis_0_sum=E.sum(axis=0)
b=param/a_axis_0_sum
b_axis_1_sum=b.sum(axis=1)
W5=list(b_axis_1_sum/sum(b_axis_1_sum))。
wherein, W5The fourth weight matrix is obtained after the fourth judgment matrix E is operated.
S510: and performing set matrix operation on the fourth weight matrix and the list matrix corresponding to the risk assessment scores of the index events to obtain the risk assessment scores of the target risk assessment items.
Specifically, the fourth weight matrix W is obtained5Then, a list matrix generated corresponding to the risk assessment score of the corresponding index event is further obtained, and if the index event is still mentioned as an example, the list matrix is L3 ═ Scores8]And further to the fourth weight matrix W5And the list matrix L3 to obtain the risk assessment score of the corresponding target risk assessment item
Figure BDA0002667484570000221
In another embodiment, the number of index events in the target risk assessment item may further include at least two, that is, each index event may obtain its corresponding risk assessment score Scores8 through the above operation, and the element of the corresponding list matrix L3 is also composed of at least two elements, so as to be further combined with the fourth weight matrix W35And calculating a setting matrix to obtain a risk assessment score 9 of the target risk assessment item.
In another embodiment, the number of target risk assessment items may further include at least two, for example, when the number of self-service banks corresponding to self-service bank security risk assessment in the corresponding management area of the risk assessment network model of the corresponding intelligent terminal includes at least two, after S510, further including: and calculating the average value of the risk assessment scores of the at least two target risk assessment items which are respectively obtained, so as to take the obtained average value as the final risk assessment score of the whole target risk assessment item.
Please refer to fig. 6 to fig. 9, in which fig. 6 is a schematic structural diagram of a first specific application scenario of the risk assessment method of the present application, fig. 7 is a schematic structural diagram of a second specific application scenario of the risk assessment method of the present application, fig. 8 is a schematic structural diagram of a third specific application scenario of the risk assessment method of the present application, and fig. 9 is a schematic structural diagram of a fourth specific application scenario of the risk assessment method of the present application.
As shown in fig. 6, fig. 6 can be understood as a framework diagram of a risk assessment network model integrated on an intelligent terminal, and can also be understood as a software platform or an application program, and the risk assessment network model specifically includes a target layer, a criterion layer and an index layer, and the criterion layer further includes a criterion first layer and a criterion second layer. Therefore, the target layer, the criterion layer and the index layer respectively correspond to the target risk assessment items, the index events and the target factors in the risk assessment network model, and the criterion layer one and the criterion layer two respectively correspond to the sub index events.
Specifically, in fig. 6, the target risk assessment item, i.e. the self-service bank security risk, includes three index events: asset value, security incidents, and prevention and control capabilities; the security event further comprises two sub-index events: threat and vulnerability; and the threat includes three targeting factors: alarm, action and prompt; vulnerability includes four target factors: class of maloperation, equipment offline, equipment failure, and rate of open video failure. It can be known that after the historical statistical parameters of the target factors in each sub-index event are respectively obtained, a score list matrix of each sub-index event needs to be correspondingly generated, a first judgment matrix corresponding to each sub-index event is obtained according to the relative importance degree between the target factors in each sub-index event, the first judgment matrix is converted into a first weight matrix according to a preset rule, and the first weight matrix and the score list matrix are subjected to set matrix operation, so that the risk assessment score of each sub-index event is obtained.
Further, a second judgment matrix is obtained according to the relative importance of each sub-index event in the index event, after the corresponding calculation is carried out through the operation mode, the risk assessment score of the index event is obtained, in the same way, the risk assessment score of each index event, such as the risk assessment score of the asset value, the safety event and the prevention and control capability, is obtained in sequence, a corresponding third judgment matrix is obtained according to the analysis of the relative importance of the asset value, the safety event and the prevention and control capability, the third judgment matrix is converted into a third weight matrix, and the setting matrix operation is carried out through a list matrix formed by the risk assessment scores of the asset value, the safety event and the prevention and control capability, so that the risk assessment score of the target risk assessment item is obtained finally.
Therefore, based on the same operation rules as those described in fig. 6 and the corresponding text contents, the risk assessment score of the website security risk in fig. 7, the risk assessment score of the security platform application condition assessment in fig. 8, and the risk assessment score of the bank comprehensive risk assessment model in fig. 9 can be obtained, which are not described herein again. It can be understood that the risk assessment network models corresponding to fig. 6-9 are all independent software platforms, and the above-mentioned operation processing can be performed on the obtained historical statistical parameters of the corresponding target factors according to the analytic hierarchy process, so as to finally obtain the risk assessment scores of the target risk assessment items.
Based on the general inventive concept, the present application further provides an intelligent terminal, please refer to fig. 10, and fig. 10 is a schematic structural diagram of an embodiment of the risk assessment apparatus according to the present application. The risk assessment apparatus 101 in this embodiment includes an acquisition module 1011 and a processing module 1012 coupled to each other.
The obtaining module 1011 is configured to obtain historical statistical parameters of a target factor in an index event and a first determination matrix corresponding to an importance characteristic of the target factor; the processing module 1012 is configured to further configure the acquired historical statistical parameters as a score list matrix of the index event, and perform operation on the first determination matrix according to a preset rule to convert the first determination matrix into a first weight matrix, and further perform matrix setting operation on the first weight matrix and the score list matrix to acquire a risk assessment score of the index event.
Based on the general inventive concept, the present application further provides a risk assessment apparatus, please refer to fig. 11, and fig. 11 is a schematic structural diagram of another embodiment of the risk assessment apparatus according to the present application. The risk assessment device 111 in this embodiment comprises an acquisition module 1111 and a processing module 1112 coupled to each other.
The obtaining module 1111 is configured to obtain a historical statistical parameter of a target factor in an index event of the target risk assessment item, a third determination matrix corresponding to an importance feature of the target factor, and a fourth determination matrix corresponding to an importance feature of the index event; the processing module 1112 is configured to further configure the historical statistical parameters as a score list matrix of the indicator event, perform a calculation on the third determination matrix according to a preset rule to convert the third determination matrix into a third weight matrix, further perform a setting matrix calculation on the third weight matrix and the score list matrix to obtain a risk assessment score of the indicator event, perform a calculation on the fourth determination matrix according to a preset rule to convert the fourth determination matrix into a fourth weight matrix, and perform a setting matrix calculation on the fourth weight matrix and the list matrix corresponding to the risk assessment score of the indicator event to obtain a risk assessment score of the target risk assessment item.
Based on the general inventive concept, the present application further provides an intelligent terminal, please refer to fig. 12, and fig. 12 is a schematic structural diagram of an embodiment of the intelligent terminal of the present application.
The intelligent terminal 121 includes a memory 1211 and a processor 1212 coupled to each other, where the memory 1211 stores program data, and the processor 1212 is configured to execute the program data to implement the risk assessment method as described in any one of the above embodiments.
Optionally, the intelligent terminal 121 may be one of any intelligent terminals that can integrate a network model or a software platform, such as a mobile phone, a tablet computer, a computer, and a server, which is not limited in this application.
Based on the general inventive concept, the present application further provides a computer-readable storage medium, please refer to fig. 13, and fig. 13 is a schematic structural diagram of an embodiment of the computer-readable storage medium of the present application. Wherein the computer readable storage medium 131 has stored therein program data 1311, the program data 1311 being executable to implement a risk assessment method as described in any one of the above.
In one embodiment, the computer readable storage medium 131 may be a memory chip in a terminal, a hard disk, or other readable and writable storage tool such as a mobile hard disk or a flash disk, an optical disk, or the like, and may also be a server, or the like.
In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of processors or memories into only one logical division may be implemented in practice with additional divisions, such as at least two processors and memories implementing functions that may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or connection may be an indirect coupling or connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may also be distributed on at least two network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Different from the prior art, the risk assessment method in the application comprises the following steps: acquiring historical statistical parameters of target factors in the index events so as to correspondingly generate a score list matrix of the index events by the historical statistical parameters; acquiring a first judgment matrix corresponding to the importance characteristic of the target factor; calculating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix; the first weight matrix and the score list matrix are subjected to set matrix operation to obtain the risk evaluation score of the index event, so that an algorithm or a network model of a risk evaluation method can be constructed without the help of historical data, the obtained historical statistical parameters are directly subjected to corresponding operation to obtain the risk evaluation score of the index event, the first judgment matrix and the first weight matrix correspond to the importance degree characteristics of the target factors in the index event, the risk evaluation score obtained by the operation of the score list matrix corresponding to the historical statistical parameters cannot generate an abnormally sharp numerical value, the training and classification processing of a deep network learning model are not needed, the corresponding calculated amount is small, the operation speed of a corresponding evaluation system is high, and the efficiency is high.
The above description is only for the purpose of illustrating embodiments of the present application and is not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application or are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.

Claims (15)

1. A risk assessment method, characterized in that the risk assessment method comprises:
acquiring historical statistical parameters of target factors in index events to form the historical statistical parameters into a score list matrix of the index events;
acquiring a first judgment matrix corresponding to the importance characteristic of the target factor;
calculating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix;
and performing set matrix operation on the first weight matrix and the score list matrix to obtain a risk evaluation score of the index event.
2. The risk assessment method according to claim 1, wherein the step of obtaining historical statistical parameters of the target factors in the index event to constitute the historical statistical parameters as a score list matrix of the index event comprises:
acquiring the historical statistical parameters of the target factors in the index events;
and carrying out normalization operation on the historical statistical parameters so as to form the historical statistical parameters after the normalization operation into the score list matrix.
3. The risk assessment method according to claim 1, wherein the step of obtaining historical statistical parameters of the target factors in the index event to constitute the historical statistical parameters as a score list matrix of the index event comprises:
acquiring the historical statistical parameters of the target factors in the index events;
and calculating the historical statistical parameters according to a maximum-minimum criterion so as to form the corresponding calculated scores into the score list matrix.
4. The risk assessment method according to claim 1, wherein the step of performing a set matrix operation on the first weight matrix and the score list matrix to obtain the risk assessment score of the index event comprises:
and after the first weight matrix is transferred, performing inner product operation on the first weight matrix and the score list matrix to obtain a risk evaluation score of the index event.
5. The risk assessment method according to claim 1, wherein the number of the target factors in the index event includes at least two, and the step of obtaining the first determination matrix corresponding to the importance characteristics of the target factors includes:
and acquiring the first judgment matrix correspondingly configured according to the relative importance of each target factor in the index event to other target factors.
6. The risk assessment method according to claim 1, wherein the index event comprises at least two sub-index events, each sub-index event further comprises the target factor, and the step of obtaining historical statistical parameters of the target factors in the index event to construct the historical statistical parameters into a score list matrix of the index event comprises:
acquiring historical statistical parameters of the target factors in each sub-index event in the index events so as to form the historical statistical parameters into the score list matrix of at least two sub-index events;
the step of obtaining a first judgment matrix corresponding to the importance characteristic of the target factor includes:
acquiring at least two first judgment matrixes corresponding to the importance characteristics of the target factors of each sub-index event;
the step of operating the first judgment matrix through a preset rule to convert the first judgment matrix into a first weight matrix includes:
respectively operating each first judgment matrix according to the preset rule so as to respectively convert each first judgment matrix into the corresponding first weight matrix;
the step of performing a set matrix operation on the first weight matrix and the score list matrix to obtain a risk assessment score of the indicator event includes:
performing the set matrix operation on each first weight matrix and the corresponding score list matrix to obtain the risk evaluation scores of at least two sub-index events;
acquiring a second judgment matrix correspondingly configured according to the relative importance of each sub-index event in the index events to other sub-index events;
calculating the second judgment matrix according to the preset rule so as to convert the second judgment matrix into a second weight matrix;
and performing the set matrix operation on the second weight matrix and a list matrix generated correspondingly by the risk evaluation scores of at least two sub-index events to obtain the risk evaluation score of the index event.
7. The risk assessment method according to claim 1, wherein the number of the index events includes at least two, and after the step of performing the setting matrix operation on the first weight matrix and the score list matrix to obtain the risk assessment score of the index event, the method further comprises:
and calculating the average value of the acquired risk assessment scores of at least two index events.
8. A risk assessment method, characterized in that the risk assessment method comprises:
acquiring historical statistical parameters of target factors in index events of target risk assessment items to form the historical statistical parameters into a score list matrix of the index events;
acquiring a third judgment matrix corresponding to the importance characteristic of the target factor;
calculating the third judgment matrix through a preset rule so as to convert the third judgment matrix into a third weight matrix;
performing set matrix operation on the third weight matrix and the score list matrix to obtain a risk evaluation score of the index event;
acquiring a fourth judgment matrix corresponding to the importance characteristic of the index event;
calculating the fourth judgment matrix according to the preset rule so as to convert the fourth judgment matrix into a fourth weight matrix;
and performing the set matrix operation on the fourth weight matrix and a list matrix corresponding to the risk assessment scores of the index events to obtain the risk assessment scores of the target risk assessment items.
9. The risk assessment method according to claim 8, wherein the index event comprises at least two sub-index events, each sub-index event further comprises the target factor, and the step of obtaining historical statistical parameters of the target factors in the index events of the target risk assessment item to construct the historical statistical parameters into the score list matrix of the index events comprises:
acquiring historical statistical parameters of the target factors in each sub-index event in the index events of the target risk assessment item, so as to constitute the historical statistical parameters into the score list matrix of at least two sub-index events;
the step of obtaining a third determination matrix corresponding to the importance characteristic of the target factor includes:
acquiring at least two third judgment matrixes corresponding to the importance characteristics of the target factors of each sub-index event;
the step of calculating the third judgment matrix according to a preset rule to convert the third judgment matrix into a third weight matrix includes:
respectively operating each third judgment matrix according to the preset rule so as to respectively convert each third judgment matrix into a corresponding third weight matrix;
the step of performing a set matrix operation on the third weight matrix and the score list matrix to obtain a risk assessment score of the indicator event includes:
performing the set matrix operation on each third weight matrix and the corresponding score list matrix to obtain the risk evaluation scores of at least two sub-index events;
acquiring a fifth judgment matrix correspondingly configured according to the relative importance of each sub-index event in the index events to other sub-index events;
calculating the fifth judgment matrix according to the preset rule so as to convert the fifth judgment matrix into a fifth weight matrix;
and performing the set matrix operation on the fifth weight matrix and a list matrix generated correspondingly by the risk evaluation scores of at least two sub-index events to obtain the risk evaluation score of the index event.
10. The risk assessment method according to claim 8,
the target risk assessment item comprises one of self-service bank risk assessment, website security risk assessment, security platform application condition assessment and platform comprehensive application.
11. The risk assessment method according to claim 9,
the target risk assessment item is self-service bank security risk assessment, the index event is a security event, the index event comprises a first sub-index event and a second sub-index event, the first sub-index event is threatening, the second sub-index event is vulnerability, the threatening target factors are alarming, abnormal behavior alarming and prompting, and the vulnerability target factors are misoperation types, equipment offline, equipment failure and video opening failure rate.
12. A risk assessment device, characterized in that it comprises:
the acquisition module is used for acquiring historical statistical parameters of target factors in index events and a first judgment matrix corresponding to importance characteristics of the target factors;
and the processing module is coupled with the acquisition module and is used for configuring the historical statistical parameters into a score list matrix of the index event, operating the first judgment matrix through a preset rule so as to convert the first judgment matrix into a first weight matrix, and further performing set matrix operation on the first weight matrix and the score list matrix so as to acquire a risk evaluation score of the index event.
13. A risk assessment device, characterized in that it comprises:
the acquiring module is used for acquiring historical statistical parameters of target factors in index events of target risk assessment items, a third judging matrix corresponding to importance characteristics of the target factors and a fourth judging matrix corresponding to the importance characteristics of the index events;
a processing module, coupled to the obtaining module, configured to configure the historical statistical parameters as a score list matrix of the indicator event, perform operation on the third determination matrix according to a preset rule to convert the third determination matrix into a third weight matrix, further perform setting matrix operation on the third weight matrix and the score list matrix to obtain a risk assessment score of the indicator event, perform operation on the fourth determination matrix according to the preset rule to convert the fourth determination matrix into a fourth weight matrix, and perform the setting matrix operation on the fourth weight matrix and a list matrix corresponding to the risk assessment score of the indicator event to obtain a risk assessment score of the target risk assessment item.
14. An intelligent terminal, characterized in that the intelligent terminal comprises a memory and a processor coupled to each other;
the memory stores program data;
the processor is configured to execute the program data to implement the risk assessment method according to any one of claims 1-7 or 9-12.
15. A computer-readable storage medium, characterized in that the computer-readable storage medium stores program data executable to implement the risk assessment method according to any one of claims 1-7 or 9-12.
CN202010923372.7A 2020-09-04 2020-09-04 Risk assessment method and related device Pending CN112232623A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010923372.7A CN112232623A (en) 2020-09-04 2020-09-04 Risk assessment method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010923372.7A CN112232623A (en) 2020-09-04 2020-09-04 Risk assessment method and related device

Publications (1)

Publication Number Publication Date
CN112232623A true CN112232623A (en) 2021-01-15

Family

ID=74116494

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010923372.7A Pending CN112232623A (en) 2020-09-04 2020-09-04 Risk assessment method and related device

Country Status (1)

Country Link
CN (1) CN112232623A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833416A (en) * 2018-06-21 2018-11-16 北京市劳动保护科学研究所 A kind of SCADA system Information Security Risk Assessment Methods and system
CN109118074A (en) * 2018-08-03 2019-01-01 广州供电局有限公司 Electric operating methods of risk assessment, device, computer equipment and storage medium
WO2019237523A1 (en) * 2018-06-11 2019-12-19 平安科技(深圳)有限公司 Safety risk evaluation method and apparatus, computer device, and storage medium
CN111091276A (en) * 2019-12-04 2020-05-01 苏宁金融科技(南京)有限公司 Enterprise risk scoring method and device, computer equipment and storage medium
CN111144712A (en) * 2019-12-09 2020-05-12 佰聆数据股份有限公司 High-voltage power supply and utilization safety assessment method and system based on analytic hierarchy process, storage medium and computer equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019237523A1 (en) * 2018-06-11 2019-12-19 平安科技(深圳)有限公司 Safety risk evaluation method and apparatus, computer device, and storage medium
CN108833416A (en) * 2018-06-21 2018-11-16 北京市劳动保护科学研究所 A kind of SCADA system Information Security Risk Assessment Methods and system
CN109118074A (en) * 2018-08-03 2019-01-01 广州供电局有限公司 Electric operating methods of risk assessment, device, computer equipment and storage medium
CN111091276A (en) * 2019-12-04 2020-05-01 苏宁金融科技(南京)有限公司 Enterprise risk scoring method and device, computer equipment and storage medium
CN111144712A (en) * 2019-12-09 2020-05-12 佰聆数据股份有限公司 High-voltage power supply and utilization safety assessment method and system based on analytic hierarchy process, storage medium and computer equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吴庆全: "岩溶区公路隧道修筑风险评估方法及应用", 桥隧工程, 31 July 2017 (2017-07-31), pages 44 - 48 *

Similar Documents

Publication Publication Date Title
CN110417721B (en) Security risk assessment method, device, equipment and computer readable storage medium
EP2069993B1 (en) Security system and method for detecting intrusion in a computerized system
US9479518B1 (en) Low false positive behavioral fraud detection
CN106973038B (en) Network intrusion detection method based on genetic algorithm oversampling support vector machine
US8631081B2 (en) System and method for information risk management
CN112804196A (en) Log data processing method and device
CN110362999A (en) Abnormal method and device is used for detecting account
CN106548342A (en) A kind of credible equipment determines method and device
CN109583731B (en) Risk identification method, device and equipment
CN112989332A (en) Abnormal user behavior detection method and device
CN108092985A (en) Network safety situation analysis method, device, equipment and computer storage media
CN109936556A (en) Steal the monitoring method and device of account event
CN109871711B (en) Ocean big data sharing and distributing risk control model and method
CN110928859A (en) Model monitoring method and device, computer equipment and storage medium
CN116015979B (en) Intelligent security situation awareness method, system and storage medium
CN112232623A (en) Risk assessment method and related device
CN112733015B (en) User behavior analysis method, device, equipment and medium
CA3214663A1 (en) Systems and methods of generating risk scores and predictive fraud modeling
CN114443409A (en) Payment business system monitoring method, device and equipment and computer storage medium
CN112308294A (en) Default probability prediction method and device
CN117291615B (en) Visual contrast analysis method and device for overcoming anti-fraud based on network payment
CN118070294B (en) Safety operation and maintenance big data processing system based on multidimensional data
CN116578460B (en) Medical institution front-end data safety monitoring method, system and device
CN114553569B (en) Method, device, equipment and medium for establishing home network based on user information
KR102617150B1 (en) Device, method and program for preventing false positives based on artificial intelligence using rule filtering

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination