CN114896600B - Server threat assessment method and device, electronic equipment and storage medium - Google Patents

Server threat assessment method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114896600B
CN114896600B CN202210472308.0A CN202210472308A CN114896600B CN 114896600 B CN114896600 B CN 114896600B CN 202210472308 A CN202210472308 A CN 202210472308A CN 114896600 B CN114896600 B CN 114896600B
Authority
CN
China
Prior art keywords
threat
attack
node
probability
leaf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210472308.0A
Other languages
Chinese (zh)
Other versions
CN114896600A (en
Inventor
苏振宇
徐峥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202210472308.0A priority Critical patent/CN114896600B/en
Publication of CN114896600A publication Critical patent/CN114896600A/en
Application granted granted Critical
Publication of CN114896600B publication Critical patent/CN114896600B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/18Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Probability & Statistics with Applications (AREA)
  • Databases & Information Systems (AREA)
  • Operations Research (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a server threat assessment method, a device, electronic equipment and a storage medium, and relates to the technical field of threat assessment. The method comprises the following steps: determining a safety boundary of the system; determining one or more threat trees according to the security boundary, wherein the threat trees comprise a node set, and the node set at least comprises a root node, and the root node corresponds to one or more leaf nodes; calculating attack probability of each leaf node according to at least one threat index of the leaf node; determining an attack path of each threat tree according to the node set; and calculating the attack probability of each attack path according to the attack probability of each leaf node and the attack path. The application can respectively carry out threat decomposition on each threat tree in the security boundary, calculate the attack probability of each attack path of each threat tree, and facilitate the targeted establishment of risk reduction measures, thereby improving the security of the system.

Description

Server threat assessment method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of threat assessment technologies, and in particular, to a method, an apparatus, an electronic device, and a storage medium for server threat assessment.
Background
With the increasing severity of information security situation, the upgrading of software update is accelerated, malicious software and backdoor programs are flooded, a large number of system vulnerabilities and software defects are exposed, the importance of vulnerability restoration is increasingly highlighted, and security reinforcement relates to various aspects of network layout, security policy adjustment, configuration update, patch management and the like.
Threat assessment is an important security activity in the development process, and is carried out in the demand analysis and design stages of new products or new functions, and risks can be found so as to formulate abatement measures.
However, the existing threat assessment methods (such as data flow graphs, attack graphs, STRIDE methods, etc.) have the limitations of narrow applicability, poor assessment accuracy, etc.
Illustratively, the STRIE model is one of the commonly used threat models. STRIE represents six common attack and threat modes, namely identity spoofing (Spoofing identity), tampered data (TAMPERING WITH DATA), denial of service (Repudiation), information disclosure (Information disclosure), denial of service (Denial of service), and rights raising (Elevation of privilege), respectively. And (3) a STRIE threat six-element method, wherein a target system is hierarchically described by drawing a data flow diagram, and finally a threat list is output. The STRIDE belongs to a software model, is suitable for threat assessment of software systems, system function modules and the like, and needs to know the functions of the software systems and the composition relation of each module, for example, threat assessment is carried out on BMCs (Baseboard Management Controller, baseboard management controllers), application software and the like. Therefore, the STRIDE model is only suitable for evaluating a single software module, and is not suitable for being applied to scenes with a wider attack range.
Disclosure of Invention
In order to solve at least one problem mentioned in the background art, the application provides a server threat assessment method, a device, an electronic device and a storage medium, which can respectively carry out threat decomposition on each threat tree in a security boundary, calculate attack probability of each attack path of each threat tree, so as to make a risk reduction measure in a targeted manner, and improve the security of a system.
The specific technical scheme provided by the embodiment of the application is as follows:
in a first aspect, a server threat assessment method is provided, including:
determining a safety boundary of the system;
Determining one or more threat trees according to the security boundary, wherein the threat trees comprise a node set, and the node set at least comprises a root node, and the root node corresponds to one or more leaf nodes;
Calculating attack probability of each leaf node according to at least one threat index of the leaf node;
determining an attack path of each threat tree according to the node set;
and calculating the attack probability of each attack path according to the attack probability of each leaf node and the attack path.
Further, the threat indicators include at least one of potential loss, recurring difficulties, utilization difficulties, affected users, and discovery difficulties; the calculating attack probability of each leaf node according to at least one threat index of the leaf node comprises the following steps:
Obtaining the score of each threat index;
Constructing an evaluation matrix to quantify the weight of each threat index;
and calculating the attack probability of each leaf node according to the score and the weight of each threat index.
Further, the constructing an evaluation matrix quantifies a weight of each of the threat indicators, including:
Constructing an n multiplied by n evaluation matrix;
The evaluation matrix is converted to a uniform matrix by the following formula:
And calculating the weight of each threat index according to the consistent matrix through the following formula:
wherein n is the number of threat indexes, rik and rjk are elements in the evaluation matrix, r' ij is an element in the coincidence matrix, wi is a weight of threat index i, and a is an adjustment constant.
Further, the root node further corresponds to one OR more intermediate nodes, each intermediate node corresponds to one OR more leaf nodes, the relationship between each intermediate node AND each leaf node is one of an AND relationship AND an OR relationship, AND the determining an attack path of each threat tree according to the node set includes:
AND determining an attack path of each threat tree according to the AND relationship AND/OR the OR relationship between each intermediate node AND the leaf node under the threat tree.
Further, the calculating the attack probability of each attack path according to the attack probability of each leaf node and the attack path includes:
And calculating parent nodes of the leaf nodes layer by layer from the leaf nodes of each attack path according to a relation calculation strategy until the attack probability of the root node of the attack path is calculated.
Further, the relationship calculation policy includes:
If the child node is the AND relationship, calculating the product of attack probabilities of all the child nodes under the parent node to be used as the attack probability of the parent node;
if the child node is the OR relationship, the attack probability of the child node is directly used as the attack probability of the father node.
Further, the value range of a is as follows
In a second aspect, there is provided a server threat assessment apparatus, the apparatus comprising:
a security boundary module for determining a security boundary of the system;
A threat decomposition module, configured to determine one or more threat trees according to the security boundary, where the threat tree includes a node set, where the node set includes at least one root node, and the root node corresponds to one or more leaf nodes;
the threat quantification module is used for calculating the attack probability of each leaf node according to at least one threat index of the leaf node;
An attack path module, configured to determine an attack path of each threat tree according to the node set;
And the attack probability calculation module is used for calculating the attack probability of each attack path according to the attack probability of each leaf node and the attack path.
In a third aspect, an electronic device is provided that includes a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the server threat assessment method when executing the computer program.
In a fourth aspect, a computer-readable storage medium is provided, storing computer-executable instructions for performing the server threat assessment method.
The embodiment of the application has the following beneficial effects:
according to the server threat assessment method, the device, the electronic equipment and the storage medium, threat decomposition can be carried out on each threat tree in the security boundary, threat indexes of leaf nodes in the threat tree are quantitatively calculated, and then attack probability of each attack path of each threat tree is calculated, so that risk reduction measures can be formulated in a targeted mode, and therefore safety of a system is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 shows a general flow chart of a server threat assessment method provided by an embodiment of the application;
FIG. 2 shows a schematic architecture of an attack forest model provided by an embodiment of the present application;
FIG. 3 illustrates an edge computing architecture schematic according to one embodiment of the application;
FIG. 4 illustrates an edge network sub-threat tree schematic in accordance with one embodiment of the application;
FIG. 5 illustrates an edge infrastructure sub-threat tree schematic in accordance with one embodiment of the application;
FIG. 6 illustrates an edge application sub-threat tree schematic in accordance with one embodiment of the application;
FIG. 7 illustrates an edge data child threat tree schematic in accordance with an embodiment of the application;
Fig. 8 is a schematic structural diagram of a server threat assessment apparatus according to an embodiment of the present application;
FIG. 9 illustrates an exemplary system that may be used to implement various embodiments described in the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that the terms "S1", "S2", and the like are used for the purpose of describing the steps only, and are not intended to be construed to be specific as to the order or sequence of steps, nor are they intended to limit the present application, which is merely used to facilitate the description of the method of the present application, and are not to be construed as indicating the sequence of steps. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present application.
Example 1
The application provides a server threat assessment method, referring to fig. 1, the method comprises the following steps:
s1, determining a safety boundary of a system;
S2, determining one or more threat trees according to the safety boundary, wherein the threat trees comprise a node set, the node set at least comprises a root node, and the root node corresponds to one or more leaf nodes;
S3, calculating attack probability of each leaf node according to at least one threat index of the leaf node;
S4, determining an attack path of each threat tree according to the node set;
s5, according to the attack probability and the attack path of each leaf node, calculating the attack probability of each attack path.
Specifically, referring to fig. 2, in the threat discovery stage, a forest boundary is used as a safety target range, that is, the safety boundary of the system, each sub-threat tree in the forest/safety boundary is used as a specific attack target, and then threat decomposition is performed on each sub-threat tree. In order to accurately evaluate the threat probability and the generated attack path of each leaf node of each sub threat tree, threat indexes of the leaf nodes are defined, quantitative calculation is carried out on the threat indexes, and finally the attack probability of each attack path is calculated, so that risk reduction measures can be formulated in a targeted manner, and the safety of an information system/product can be improved.
Specifically, in the threat discovery stage, the boundary of the forest, that is, the security boundary of the system, needs to be determined first, and the forest may be divided into different assets/subsystems according to the application scene, so as to determine different sub-threat trees, and then threat analysis is performed on each sub-threat tree.
Specifically, referring to FIG. 2, attack forest/security boundary set Wherein T1, T2, …, tk are each threat tree in the security boundary, attack forest F is the union of all threat trees, and there is no direct association between each threat tree.
Specifically, each threat tree t= (N, a, R) in the security boundary, T contains one or more nodes, wherein: n= (G, M, L) is a set of non-empty finite nodes; a is an attack attribute set, namely a threat index set; r is an attack path, r= { < L1, L2, …, lk > |k e N }, and one attack path R is a minimum cut set of the threat tree T, i.e. a set of related leaf nodes < L1, L2, …, lk > implementing the threat tree root node G.
In some implementations, the threat indicators include at least one of potential losses, recurring difficulties, utilization difficulties, affected users, and discovery difficulties; based on this, S3 includes:
s31, obtaining scores of all threat indexes;
S32, constructing an evaluation matrix to quantify the weight of each threat index;
S33, calculating the attack probability of each leaf node according to the score and the weight of each threat index.
Specifically, the threat indexes of the leaf nodes include the following 5 evaluation indexes, namely DP, R, E, AU, D, and the threat index set a= (DP, R, E, AU, D). Wherein DP, R, E, AU, D E [0,10] and are integers; DP is potential loss, R is recurrence difficulty, E is utilization difficulty, AU is affected user, and D is discovery difficulty.
Specifically, the five attributes are first scored in the range of 0 to 10 points, i.e., similar experts score, with higher scores representing more serious corresponding risk levels. The risk of each leaf node is further quantified through the five threat indexes, wherein the attack probability calculation formula of the leaf node is as follows:
Wherein, Weight representing threat index corresponding to leaf node i, and Representing utility values of the corresponding threat indicators, i.e./>, respectively
In some embodiments, S32 comprises:
S321, constructing an n multiplied by n evaluation matrix;
S322, converting the evaluation matrix into a consistent matrix through the following formula:
s323, calculating the weight of each threat index according to the consistent matrix through the following formula:
where n is the number of threat indicators, rik and rjk are elements in the evaluation matrix, r' ij is an element in the coincidence matrix, wi is the weight of threat indicator i, and a is the adjustment constant.
Illustratively, n=5, i.e., the five threat indicators described above, are taken as examples. Based on five threat indicators of leaf nodes, an evaluation matrix C of 5x5 is first constructed as follows:
specifically, an element rij in the evaluation matrix C represents the importance degree of the element i relative to the element j, and the value of rij is more than or equal to 0 and less than or equal to 1; when 0.5 < rij is less than or equal to 1, the i is important than j, and the larger the value is, the higher the importance degree is represented; when rij is equal to or more than 0 and less than 0.5, i is not important to j, and the smaller the value is, the lower the importance degree is represented; when rij=0.5 times it is assumed that i is equally important as j. i, j E [0, n ], wherein DP, R, E, AU, D represent elements with numbers 1 to 5, respectively, and R12 in the evaluation matrix C represents that the importance degree of the 1 st element DP with respect to the 2 nd element R is 0.8, R13 represents that the importance degree of the 1 st element DP with respect to the 3 rd element E is 0.7, …, R41 represents that the importance degree of the 4 th element AU with respect to the 1 st element DP is 0.4, and so on.
Illustratively, the evaluation matrix C is then converted into a consistent matrix C' according to the formula in S322:
And then calculating according to the formula in S323 to obtain the weight vector of the consistent matrix C', and further obtaining the weight of each threat index.
In some embodiments, the range of values for a in the S323 formula isWherein, when a gets/>The degree of difference in weight is greatest when this is done. Therefore, in order to maximize the degree of difference in weights, a=2 here, since n=5.
Illustratively, the weight vector of the resulting coincidence matrix C' is W c=(0.28 0.17 0.14 0.25 0.16)T. Further, W DP=0.28、WR=0.17、WE=0.14、WAU=0.25、WD =0.16 is obtained; and finally, calculating the attack probability P (L i) of each leaf node by combining the utility value of the threat index. By the method, the attack probability of each leaf node can be accurately quantized, subjective factors of the dimension scores of the threat indexes are reduced, an evaluation matrix is constructed to weight the threat indexes, and threat analysis is carried out on each leaf node as objectively as possible.
In some embodiments, the root node further corresponds to one OR more intermediate nodes, each intermediate node corresponds to one OR more leaf nodes, the relationship between each intermediate node AND each leaf node is one of an AND relationship AND an OR relationship, based on which S4 comprises:
AND determining an attack path of each threat tree according to the AND relationship AND/OR the OR relationship between each intermediate node AND the leaf nodes under the threat tree.
Specifically, each threat tree t= (N, a, R) in the security boundary. Wherein: n= (G, M, L), G being a root node, M being an intermediate node, L being a leaf node, AND g=1, M being greater than OR equal to 1 (M e Z), L being greater than OR equal to 1 (L e Z), the relationship between the respective M, L nodes being an AND relationship OR an OR relationship. The root node G is the final attack target, the intermediate node M is the intermediate step of the attack, and the leaf node L is the specific attack method.
Based on this, in some embodiments, S5 comprises:
And calculating parent nodes of the leaf nodes layer by layer from the leaf nodes of each attack path according to the relation calculation strategy until the attack probability of the root node of the attack path is calculated.
Wherein the relationship calculation policy includes: if the child nodes are in an AND relationship, calculating the product of attack probabilities of all the child nodes under the parent node to serve as the attack probability of the parent node; if the child node is an OR relationship, the attack probability of the child node is directly used as the attack probability of the father node.
Specifically, P m represents the probability of success of attacking the parent node, and P m1、Pm2、…、Pmn represents the probability of success of implementing the attack of each child node under the corresponding parent node. The father node is a root node or an intermediate node; the child nodes are intermediate nodes or leaf nodes.
Specifically, for the nodes of the AND relationship, the probability of success of the attack of the parent node is the multiplier of the probability of success of the attack of each child node below the probability, namely:
Pm=Pm1×Pm2×…×Pmn
for the nodes of the OR relationship, the probability of success of the parent node attack is the probability of success of the next single child node attack, namely:
Pm={Pm1,Pm2,…,Pmn}
For a single leaf node, the attack success probability is the attack probability of the leaf node calculated before. And calculating the father node of the leaf node layer by layer according to the relation calculation strategy until the attack probability of the root node of the attack path is calculated, so as to obtain the attack probability of each attack path.
In some embodiments, after calculating the attack probability P (R i) of each attack path of each threat tree, risk mitigation measures may also be formulated targeted. For main attack paths, for example, the attack probability of the attack path exceeds a certain threshold (50 percent, etc.), threat countermeasures are formulated, and the safety investment is enhanced to cope with the risks possibly existing, so that the safety of the product is improved.
In this embodiment, by adopting attack forest threat assessment, the method and the device can be applied to a scene with a wider scope of attack targets, namely, a plurality of attack targets exist in a safety boundary, each attack target serves as a threat tree, threat decomposition is performed on each threat tree in the safety boundary, threat indexes of leaf nodes in the threat tree are quantitatively calculated, further attack probability of each attack path of each threat tree is calculated, and the facing safety threat is determined, so that risk reduction measures can be formulated in a targeted manner, and the safety of the system is improved.
Taking an edge computing scene as an example, the embodiment of the method is further described by combining an attack forest model:
Specifically, referring to fig. 3, edge computing is a form of distributed computing that stores and processes data at the network edge side, and edge refers to any computing resource and network resource from a data source to a cloud computing center. The edge calculation consists of an end layer, an edge layer, a cloud layer and a network among three layers, according to a general framework of the edge calculation, the end-edge access, the cloud-edge access and the whole edge layer can be used as a safety boundary of a forest, and the edge network, the edge infrastructure, the edge application and the edge data are used as specific attack targets, so that corresponding threat trees are respectively constructed, and referring to fig. 4 to 7.
In the following, the edge application threat tree shown in fig. 6 is taken as an example to specifically describe, and the threat quantization analysis of the edge network threat tree, the edge infrastructure threat tree and the edge data threat tree may refer to the specific implementation of the edge application threat tree.
Specifically, the edge application threat tree in fig. 6 is subjected to specific threat decomposition, and a leaf node is used for representing a specific attack means.
Wherein the root node G3 describes an attack edge application; the intermediate node M1 represents identity, credentials and access management defects, M2 represents an unsafe interface, M3 represents a malicious administrator, M4 represents lack of access control, M5 represents utilization of the unsafe interface, and M6 represents an API programming interface attack; leaf node L1 represents a single credential identity authentication cracking attack, L2 represents a lack of security credentials, L3 represents unauthorized access, L4 represents unauthorized access, L5 represents management interface destruction, L6 represents application tampering, L7 represents code loopholes, L8 represents malicious backdoors, L9 represents theft manager accounts, and L10 represents password brute force cracking.
Specifically, threat quantification analysis is performed on each leaf node L, five threat indexes of each leaf node are scored, attack probability of each leaf node is calculated according to the correlation method of S3, and the threat indexes (DP, R, E, AU, D) of each leaf node and the attack probability are shown in the following table 1:
table edge applied threat tree threat quantitative analysis table
Exemplary, for example, for leaf node L1, the threat metrics that have been calculated according to the above example have weights W DP=0.28、wR=0.17、WE=0.14、WAU=0.25、WD =0.16, combined with the threat metrics scores in table one, may yield
Specifically, according to the AND relationship AND the OR relationship of each node in the edge application threat tree in fig. 6, it may be determined that there are 9 attack paths R, which are respectively: r1= { L1}, r2= { L2}, r3= { L3}, r4= { L4}, r5= { L5, L6}, r6= { L7}, r7= { L8}, r8= { L9}, r9= { L10}.
Specifically, for a single leaf node, its attack probability is that of the leaf node itself; for AND relationship nodes, such as L5 AND L6 nodes under M5, M5 is the parent node, with the probability being the product of the attack probabilities of leaf node L5 AND leaf node L6; for OR relation nodes, the nodes are independent of each other, and serve as different attack paths to respectively calculate corresponding attack probabilities.
Illustratively, the attack probability of the attack path is further calculated, referring to the following table two:
attack probability of threat tree attack path applied by two edges of table
Specifically, as can be seen from the second table, the attack probabilities of the R6, R7 and R9 attack paths are higher and exceed 50 percent, so that the risk of edge application tampering, code loopholes, manager authority leakage and the like can be prevented.
In this embodiment, an edge computing scenario may be considered, an end-edge access, a cloud-edge access, and an entire edge layer are taken as a forest safety boundary, an edge network, an edge infrastructure, an edge application, and edge data are taken as specific attack targets, corresponding threat trees are respectively constructed, threat decomposition is performed, and each attack path of each threat tree is calculated, so as to determine a security threat possibly faced in edge computing, so as to make a risk reduction measure in a targeted manner, thereby improving the security of an edge computing system.
Example two
The present application also provides a server threat assessment apparatus, and referring to fig. 8, which includes a security boundary module, a threat decomposition module, a threat quantification module, an attack path module, and an attack probability calculation module.
The safety boundary module is used for determining the safety boundary of the system; a threat decomposition module, configured to determine one or more threat trees according to the security boundary, where the threat tree includes a node set, where the node set includes at least one root node, and the root node corresponds to one or more leaf nodes; the threat quantification module is used for calculating the attack probability of each leaf node according to at least one threat index of the leaf node; an attack path module, configured to determine an attack path of each threat tree according to the node set; and the attack probability calculation module is used for calculating the attack probability of each attack path according to the attack probability of each leaf node and the attack path.
Further, the threat indicators include at least one of potential loss, recurring difficulties, utilization difficulties, affected users, and discovery difficulties; the threat quantification module is also used for obtaining the score of each threat index; and a weight for constructing an evaluation matrix to quantify each of the threat indicators; and the attack probability of each leaf node is calculated according to the score and the weight of each threat index.
Further, the threat quantification module is further configured to construct an n×n evaluation matrix; for converting the evaluation matrix into a uniform matrix by the following formula:
The threat quantification module is further configured to calculate, according to the coincidence matrix, a weight of each threat indicator according to the following formula:
wherein n is the number of threat indexes, rik and rjk are elements in the evaluation matrix, r' ij is an element in the coincidence matrix, wi is a weight of threat index i, and a is an adjustment constant.
Further, the root node further corresponds to one OR more intermediate nodes, each intermediate node corresponds to one OR more leaf nodes, the relationship between each intermediate node AND each leaf node is one of an AND relationship AND an OR relationship, AND based on this, the attack path module is further configured to determine an attack path of each threat tree according to the AND relationship AND/OR the OR relationship between each intermediate node AND each leaf node under the threat tree.
Further, the attack probability calculation module is further configured to calculate, from the leaf nodes of each attack path, the parent node of the leaf node layer by layer according to a relationship calculation policy until the attack probability of the root node of the attack path is calculated.
Further, the relation calculation strategy in the attack probability calculation module includes: if the child node is the AND relationship, calculating the product of attack probabilities of all the child nodes under the parent node to be used as the attack probability of the parent node; and if the child node is the OR relationship, directly taking the attack probability of the child node as the attack probability of the father node.
Further, the value range of a is as follows
The specific definition of the server threat assessment apparatus may be referred to above as the relevant definition of the server threat assessment method, and thus will not be described in detail herein. The various modules in the server threat assessment apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
Example III
The application also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor can realize the server threat assessment method when executing the program.
As shown in fig. 9, in some embodiments, the system can be configured as the above-described electronic device for the server threat assessment method in any of the described embodiments. In some embodiments, a system may include one or more computer-readable media (e.g., system memory or NVM/storage) having instructions and one or more processors (e.g., processor (s)) coupled with the one or more computer-readable media and configured to execute the instructions to implement the modules to perform the actions described in this disclosure.
For one embodiment, the system control module may include any suitable interface controller to provide any suitable interface to at least one of the processor(s) and/or any suitable device or component in communication with the system control module.
The system control module may include a memory controller module to provide an interface to the system memory. The memory controller modules may be hardware modules, software modules, and/or firmware modules.
The system memory may be used, for example, to load and store data and/or instructions for the system. For one embodiment, the system memory may include any suitable volatile memory, such as, for example, a suitable DRAM. In some embodiments, the system memory may comprise double data rate type four synchronous dynamic random access memory (DDR 4 SDRAM).
For one embodiment, the system control module may include one or more input/output (I/O) controllers to provide an interface to the NVM/storage device and the communication interface(s).
For example, NVM/storage may be used to store data and/or instructions. The NVM/storage may include any suitable nonvolatile memory (e.g., flash memory) and/or may include any suitable nonvolatile storage device(s) (e.g., one or more Hard Disk Drives (HDDs), one or more Compact Disc (CD) drives, and/or one or more Digital Versatile Disc (DVD) drives).
The NVM/storage may include a storage resource that is physically part of the device on which the system is installed or it may be accessed by the device without being part of the device. For example, the NVM/storage may be accessed over a network via the communication interface(s).
The communication interface(s) may provide an interface for the system to communicate over one or more networks and/or with any other suitable device. The system may wirelessly communicate with one or more components of a wireless network in accordance with any of one or more wireless network standards and/or protocols.
For one embodiment, at least one of the processor(s) may be packaged together with logic of one or more controllers (e.g., memory controller modules) of the system control module. For one embodiment, at least one of the processor(s) may be packaged together with logic of one or more controllers of the system control module to form a System In Package (SiP). For one embodiment, at least one of the processor(s) may be integrated on the same die as logic of one or more controllers of the system control module. For one embodiment, at least one of the processor(s) may be integrated on the same die with logic of one or more controllers of the system control module to form a system on chip (SoC).
In various embodiments, the system may be, but is not limited to being: a server, workstation, desktop computing device, or mobile computing device (e.g., laptop computing device, handheld computing device, tablet, netbook, etc.). In various embodiments, the system may have more or fewer components and/or different architectures. For example, in some embodiments, a system includes one or more cameras, a keyboard, a Liquid Crystal Display (LCD) screen (including a touch screen display), a non-volatile memory port, multiple antennas, a graphics chip, an Application Specific Integrated Circuit (ASIC), and a speaker.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, e.g., using Application Specific Integrated Circuits (ASIC), a general purpose computer or any other similar hardware device. In one embodiment, the software program of the present application may be executed by a processor to perform the steps or functions described above. Likewise, the software programs of the present application (including associated data structures) may be stored on a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. In addition, some steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
Furthermore, portions of the present application may be implemented as a computer program product, such as computer program instructions, which when executed by a computer, may invoke or provide methods and/or techniques in accordance with the present application by way of operation of the computer. Those skilled in the art will appreciate that the form of computer program instructions present in a computer readable medium includes, but is not limited to, source files, executable files, installation package files, etc., and accordingly, the manner in which the computer program instructions are executed by a computer includes, but is not limited to: the computer directly executes the instruction, or the computer compiles the instruction and then executes the corresponding compiled program, or the computer reads and executes the instruction, or the computer reads and installs the instruction and then executes the corresponding installed program. Herein, a computer-readable medium may be any available computer-readable storage medium or communication medium that can be accessed by a computer.
Communication media includes media whereby a communication signal containing, for example, computer readable instructions, data structures, program modules, or other data, is transferred from one system to another. Communication media may include conductive transmission media such as electrical cables and wires (e.g., optical fibers, coaxial, etc.) and wireless (non-conductive transmission) media capable of transmitting energy waves, such as acoustic, electromagnetic, RF, microwave, and infrared. Computer readable instructions, data structures, program modules, or other data may be embodied as a modulated data signal, for example, in a wireless medium, such as a carrier wave or similar mechanism, such as that embodied as part of spread spectrum technology. The term "modulated data signal" means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. The modulation may be analog, digital or hybrid modulation techniques.
An embodiment according to the application comprises an apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to operate a method and/or a solution according to the embodiments of the application as described above.
Example IV
Corresponding to the above embodiment, the present application also provides a computer-readable storage medium storing computer-executable instructions for performing a server threat assessment method.
In this embodiment, computer-readable storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. For example, computer-readable storage media include, but are not limited to, volatile memory, such as random access memory (RAM, DRAM, SRAM); and non-volatile memory such as flash memory, various read only memory (ROM, PROM, EPROM, EEPROM), magnetic and ferromagnetic/ferroelectric memory (MRAM, feRAM); and magnetic and optical storage devices (hard disk, tape, CD, DVD); or other now known media or later developed computer-readable information/data that can be stored for use by a computer system.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (8)

1. A method for server threat assessment, comprising:
determining a safety boundary of the system;
Determining one or more threat trees according to the security boundary, wherein the threat trees comprise a node set, and the node set at least comprises a root node, and the root node corresponds to one or more leaf nodes;
Calculating attack probability of each leaf node according to at least one threat index of the leaf node;
determining an attack path of each threat tree according to the node set;
According to the attack probability of each leaf node and the attack path, calculating the attack probability of each attack path;
the threat indicators include at least one of potential loss, recurring difficulty, utilization difficulty, affected users, and discovery difficulty; the calculating attack probability of each leaf node according to at least one threat index of the leaf node comprises the following steps:
Obtaining the score of each threat index;
Constructing an evaluation matrix to quantify the weight of each threat index;
Calculating attack probability of each leaf node according to the score and the weight of each threat index;
the constructing an evaluation matrix quantifies a weight of each of the threat indicators, including:
Constructing an n multiplied by n evaluation matrix;
The evaluation matrix is converted to a uniform matrix by the following formula:
And calculating the weight of each threat index according to the consistent matrix through the following formula:
wherein n is the number of threat indexes, rik and rjk are elements in the evaluation matrix, r' ij is an element in the coincidence matrix, wi is a weight of threat index i, and a is an adjustment constant.
2. The server threat assessment method of claim 1, wherein the root node further corresponds to one OR more intermediate nodes, each of the intermediate nodes corresponds to one OR more leaf nodes, the relationship between each intermediate node AND each leaf node is one of an AND relationship AND an OR relationship, the determining an attack path for each of the threat trees from the set of nodes comprises:
AND determining an attack path of each threat tree according to the AND relationship AND/OR the OR relationship between each intermediate node AND the leaf node under the threat tree.
3. The server threat assessment method of claim 2, wherein the calculating the attack probability for each of the attack paths from the attack probability for each of the leaf nodes and the attack paths comprises:
And calculating parent nodes of the leaf nodes layer by layer from the leaf nodes of each attack path according to a relation calculation strategy until the attack probability of the root node of the attack path is calculated.
4. The server threat assessment method of claim 3, wherein the relationship calculation policy comprises: if the child node is the AND relationship, calculating the product of attack probabilities of all the child nodes under the parent node to be used as the attack probability of the parent node;
if the child node is the OR relationship, the attack probability of the child node is directly used as the attack probability of the father node.
5. The server threat assessment method of claim 1, wherein the value range of a is
6. A server threat assessment apparatus, the apparatus comprising:
a security boundary module for determining a security boundary of the system;
A threat decomposition module, configured to determine one or more threat trees according to the security boundary, where the threat tree includes a node set, where the node set includes at least one root node, and the root node corresponds to one or more leaf nodes;
the threat quantification module is used for calculating the attack probability of each leaf node according to at least one threat index of the leaf node;
An attack path module, configured to determine an attack path of each threat tree according to the node set;
The attack probability calculation module is used for calculating the attack probability of each attack path according to the attack probability of each leaf node and the attack path;
The threat indicators include at least one of potential loss, recurring difficulty, utilization difficulty, affected users, and discovery difficulty; the threat quantification module is further used for obtaining the score of each threat index; and a weight for constructing an evaluation matrix to quantify each of the threat indicators; the attack probability of each leaf node is calculated according to the score and the weight of each threat index;
The threat quantification module is further configured to construct an n×n evaluation matrix; for converting the evaluation matrix into a uniform matrix by the following formula:
and the weight of each threat index is obtained through calculation according to the consistent matrix through the following formula:
wherein n is the number of threat indexes, rik and rjk are elements in the evaluation matrix, r' ij is an element in the coincidence matrix, wi is a weight of threat index i, and a is an adjustment constant.
7. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the server threat assessment method of any of claims 1 to 5 when the computer program is executed by the processor.
8. A computer-readable storage medium storing computer-executable instructions for performing the server threat assessment method of any of claims 1 to 5.
CN202210472308.0A 2022-04-29 2022-04-29 Server threat assessment method and device, electronic equipment and storage medium Active CN114896600B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210472308.0A CN114896600B (en) 2022-04-29 2022-04-29 Server threat assessment method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210472308.0A CN114896600B (en) 2022-04-29 2022-04-29 Server threat assessment method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114896600A CN114896600A (en) 2022-08-12
CN114896600B true CN114896600B (en) 2024-06-25

Family

ID=82718674

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210472308.0A Active CN114896600B (en) 2022-04-29 2022-04-29 Server threat assessment method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114896600B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101655787A (en) * 2009-02-24 2010-02-24 天津大学 Threat modeling method added with attack path formalization analysis

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10868825B1 (en) * 2018-08-14 2020-12-15 Architecture Technology Corporation Cybersecurity and threat assessment platform for computing environments
CN113065195B (en) * 2021-04-02 2023-04-14 中国第一汽车股份有限公司 Vehicle information security threat assessment method, device, medium and electronic equipment
CN113591134B (en) * 2021-09-28 2021-12-14 广东机电职业技术学院 Threat intelligence big data sharing method and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101655787A (en) * 2009-02-24 2010-02-24 天津大学 Threat modeling method added with attack path formalization analysis

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
面向对象的威胁建模方法;何可;李晓红;冯志勇;;计算机工程;20110220(第04期);全文 *

Also Published As

Publication number Publication date
CN114896600A (en) 2022-08-12

Similar Documents

Publication Publication Date Title
CN109787943B (en) Method and equipment for resisting denial of service attack
TW202113732A (en) Intelligent risk control decision-making method and system, business processing method and system
JP2016146631A (en) Method and apparatus for providing security to device
US11283622B2 (en) Signature verification for a blockchain ledger
CN112351031A (en) Generation method and device of attack behavior portrait, electronic equipment and storage medium
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN113225331A (en) Method, system and device for detecting host intrusion safety based on graph neural network
CN113704211B (en) Data query method and device, electronic equipment and storage medium
CN114896600B (en) Server threat assessment method and device, electronic equipment and storage medium
CN117556462A (en) Access method, access device and electronic equipment of power system
US20120063600A1 (en) Appraising systems with zero knowledge proofs
US9336408B2 (en) Solution for continuous control and protection of enterprise data based on authorization projection
CN110781500A (en) Data wind control system and method
CN111625846B (en) System state recording method of mobile terminal equipment
CN112769782A (en) Method and equipment for multi-cloud security baseline management
CN112861184A (en) Asset certification verification and generation method and device and electronic equipment
CN114172660B (en) Account management method, device and equipment of alliance chain and storage medium
CN114598509B (en) Method and device for determining vulnerability result
US9535955B1 (en) Modifying queries and rules for profile fetching and risk calculation
Esche et al. Developing defense strategies from attack probability trees in software risk assessment
Liu et al. DEFIA: Evaluate defense effectiveness by fusing behavior information of cyberattacks
Ndiaye et al. ADEFGuard: Anomaly detection framework based on Ethereum smart contracts behaviours
CN113094717B (en) Effect evaluation method and device, electronic equipment and readable storage medium
CN116996318A (en) Feasibility assessment method, device, equipment and medium for security protection strategy
CN116010265A (en) Intelligent system testing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant