CN102521496A

CN102521496A - Method and system for acquiring importance levels of evaluation indexes

Info

Publication number: CN102521496A
Application number: CN2011103975527A
Authority: CN
Inventors: 刘恒; 张利; 彭建芬; 江常青; 陈洪波; 姚轶展; 杜宇鸽; 陈军
Original assignee: Beijing Venus Information Security Technology Co Ltd; China Information Technology Security Evaluation Center
Current assignee: Beijing Venus Information Security Technology Co Ltd; China Information Technology Security Evaluation Center
Priority date: 2011-12-02
Filing date: 2011-12-02
Publication date: 2012-06-27

Abstract

The present invention provides a method and system for acquiring importance levels of evaluation indicators. The method includes: storing the scoring results obtained by m systems on n evaluation indicators X ₁ , X ₂ ,...,X _i ,...,X _n in the data set S, and saving each system The risk level of the risk level is stored in the data set R, and the entropy H(R) of the risk level in the data set R is calculated; after the information gain rate of n evaluation indicators is obtained, the obtained information gain rate is sorted to obtain n evaluation indicators Importance levels of indicators X ₁ , X ₂ , . . . , Xi _, . . . , X _n .

Description

Method and system for obtaining importance levels of evaluation indicators

技术领域 technical field

本发明涉及信息处理领域，尤其涉及一种评估指标的重要性级别的获取方法和系统。The present invention relates to the field of information processing, in particular to a method and system for acquiring importance levels of evaluation indicators.

背景技术 Background technique

信息安全风险评估就是从风险管理角度，运用科学的方法和手段，系统地分析信息系统所面临的威胁及其存在的脆弱性，评估安全事件一旦发生可能造成的危害程度，提出有针对性的抵御威胁的防护对策和整改措施。在评估过程中，根据不同行业的要求，提出对该行业信息系统的评估指标、评估内容，并根据评估指标值计算出系统的最终风险等级。Information security risk assessment is to use scientific methods and means from the perspective of risk management to systematically analyze the threats and vulnerabilities faced by information systems, assess the degree of harm that may be caused by security incidents, and propose targeted defense measures. Threat protection countermeasures and corrective actions. In the evaluation process, according to the requirements of different industries, the evaluation index and evaluation content of the information system of the industry are put forward, and the final risk level of the system is calculated according to the evaluation index value.

不同的行业有不同的评估指标、评估内容，在多个行业不同系统评估的基础上，对行业数据进行综合分析，从行业数据中找出规律、共性，提供一种全新的行业风险点重要程度的判断标准和方法，从而指导信息系统安全建设整改工作。对同一行业不同系统在统一的评估指标体系进行的评估及风险等级的计算得到的数据，从数据中发现哪些评估指标对于风险等级提供的信息量比较大，即哪些属性比较重要，目前没有相关的技术。Different industries have different evaluation indicators and evaluation content. Based on the evaluation of different systems in multiple industries, the industry data is comprehensively analyzed, and the laws and commonalities are found from the industry data to provide a new level of importance of industry risk points. Judgment standards and methods, so as to guide the rectification work of information system security construction. Based on the data obtained from the evaluation of different systems in the same industry in the unified evaluation index system and the calculation of the risk level, it is found from the data which evaluation indicators provide a relatively large amount of information for the risk level, that is, which attributes are more important, and there is currently no relevant technology.

发明内容 Contents of the invention

本发明提供一种评估指标的重要性级别的获取方法和系统，要解决的技术问题是如何客户准确地确定评估指标的重要性级别。The present invention provides a method and system for acquiring the importance level of evaluation indicators, and the technical problem to be solved is how to accurately determine the importance level of evaluation indicators for customers.

为解决上述技术问题，本发明提供了如下技术方案：In order to solve the problems of the technologies described above, the present invention provides the following technical solutions:

一种评估指标的重要性级别的获取方法，包括：A method for obtaining the importance level of evaluation indicators, including:

将得到m个系统分别对n个评估指标X₁，X₂，…，X_i，…，X_n所作出的评分结果保存在数据集S中，以及将每个系统的风险等级保存在数据集R中；Save the scoring results of m systems on n evaluation indicators X ₁ , X ₂ ,...,X _i ,...,X _n in the data set S, and save the risk level of each system in the data set R;

计算数据集R中风险等级的熵H(R)；Calculate the entropy H(R) of the risk level in the data set R;

对每个评估指标执行步骤A～C，包括：Perform steps A~C for each evaluation indicator, including:

步骤A、根据数据集S中评估指标X_i的评分结果，将对评估指标X_i做出相同评分结果的系统在数据集R所对应的全部风险等级作为评估指标X_i在数据集R中所对应的一个子集合，通过计算评估指标X_i对应的各子集合中风险等级的熵，得到数据集R中评估指标X_i的风险等级熵的加权值；Step A. According to the scoring results of the evaluation index _Xi in the data set S, all the risk levels corresponding to the system with the same scoring results for the evaluation index _Xi in the data set R are used as the evaluation index _Xi in the data set R For a corresponding sub-set, by calculating the entropy of the risk level in each sub-set corresponding to the evaluation index X _i , the weighted value of the risk level entropy of the evaluation index X _i in the data set R is obtained;

步骤B、根据数据集R中风险等级的熵以及数据集R中评估指标X_i的风险等级熵的加权值，得到评估指标X_i的信息增益；Step B, according to the entropy of the risk level in the data set R and the weighted value of the risk level entropy of the evaluation index _Xi in the data set R, the information gain of the evaluation index _Xi is obtained;

步骤C、采用评估指标X_i的信息增益以及评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵，计算评估指标X_i的信息增益率；Step C, using the information gain of the evaluation index X _i and the entropy of the number of elements in all subsets corresponding to the evaluation index _Xi relative to the number of elements in the data set R, to calculate the information gain rate of the evaluation index X _i ;

在得到n个评估指标的信息增益率后，对信息增益率进行排序，从而得到n个评估指标X₁，X₂，…，X_i，…，X_n的重要性级别。After obtaining the information gain ratios of the n evaluation indexes, the information gain ratios are sorted to obtain the importance levels of the n evaluation indexes X ₁ , X ₂ , . . . , Xi _, . . . , X _n .

优选的，所述方法还具有如下特点：所述计算数据集R中风险等级的熵H(R)所采用的计算表达式为：Preferably, the method also has the following characteristics: the calculation expression adopted for calculating the entropy H(R) of the risk level in the data set R is:

$H h ((R R)) = = - - {Σ Σ}_{j j = = 11}^{k k} per per (({C C}_{j j},, R R)) * * {log log}_{22} per per (({C C}_{j j},, R R))$

其中，C_j表示系统的一种风险等级，其中j＝1，…，K，per(C_j，S)表示数据集R中属于风险等级为C_j的系统个数占总数据集R中全部系统数量的比例。Among them, C _j represents a risk level of the system, where j=1,...,K, per(C _j , S) means that the number of systems in the data set R belonging to the risk level C _j accounts for all of the total data set R The ratio of the number of systems.

优选的，所述方法还具有如下特点：所述通过计算评估指标X_i对应的各子集合中风险等级的熵，得到数据集R中评估指标X_i的风险等级熵的加权值所采用的计算表达式为：Preferably, the method also has the following characteristics: the calculation method used to obtain the weighted value of the risk level entropy of the evaluation index X _i in the data set R is obtained by calculating the entropy of the risk level in each sub-set corresponding to the evaluation index X _i The expression is:

${H h}_{{X x}_{i i}} ((R R)) = = {Σ Σ}_{j j = = 11}^{l l} \frac{| | {R R}_{j j} | |}{| | R R | |} * * H h (({R R}_{j j}))$

其中，l表示数据集S中评估指标X_i的评分结果的种类；Among them, l represents the type of scoring results of the evaluation index _Xi in the data set S;

|R|表示数据集R中风险等级的个数；|R| indicates the number of risk levels in the data set R;

|R_i|表示子集合R_i中风险等级的个数；|R _i | indicates the number of risk levels in the subset R _i ;

H(R_i)表示集合R_i中风险等级的熵。H(R _i ) represents the entropy of the risk levels in the set R _i .

优选的，所述方法还具有如下特点：所述采用评估指标X_i的信息增益以及评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵，计算评估指标X_i的信息增益率，包括：Preferably, the method also has the following characteristics: the information gain of the evaluation index _Xi and the entropy of the number of elements in all subsets corresponding to the evaluation index _Xi relative to the number of elements in the data set R are used to calculate the evaluation index The information gain rate of _Xi , including:

计算评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵的计算表达式为The calculation expression for calculating the entropy of the number of elements in all subsets corresponding to the evaluation index _Xi relative to the number of elements in the data set R is

$Split split__Infox infox (({X x}_{i i})) = = - - {Σ Σ}_{i i = = 11}^{l l} ((((| | {R R}_{i i} | | / / | | R R | |)) * * {log log}_{22} ((| | {R R}_{i i} | | / / | | R R | |))));;$

计算评估指标X_i的信息增益与评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵的比值，得到评估指标X_i的信息增益率。Calculate the ratio of the information gain of the evaluation index _Xi to the entropy of the number of elements in all subsets corresponding to the evaluation index _Xi to the number of elements in the data set R, and obtain the information gain rate of the evaluation index _Xi .

一种评估指标的评分结果的修正方法，包括：A method for correcting scoring results of evaluation indicators, comprising:

采用上述方法，得到评估指标的重要性级别；Using the above method, the importance level of the evaluation index is obtained;

采用得到评估指标的重要性级别对系统当前所做出的评估指标的评分结果进行修正，得到修正后的各评估指标的评分结果。The scoring results of the evaluation indicators currently made by the system are corrected by using the importance levels of the obtained evaluation indicators, and the corrected scoring results of each evaluation indicator are obtained.

一种评估指标的重要性级别的获取装置，包括：An acquisition device for evaluating the importance level of indicators, comprising:

保存模块，用于将得到m个系统分别对n个评估指标X₁，X₂，…，X_i，…，X_n所作出的评分结果保存在数据集S中，以及将每个系统的风险等级保存在数据集R中；The save module is used to save the scoring results of m systems on n evaluation indicators X ₁ , X ₂ ,...,X _i ,...,X _n in the data set S, and save the risk of each system The ranks are saved in the dataset R;

计算模块，与所述保存模块相连，用于计算数据集R中风险等级的熵H(R)；A computing module, connected to the saving module, used to calculate the entropy H(R) of the risk level in the data set R;

执行模块，与所述保存模块和所述计算模块相连，用于对每个评估指标执行步骤A～C，包括：The execution module is connected with the storage module and the calculation module, and is used to execute steps A to C for each evaluation indicator, including:

排序模块，与所述计算模块相连，用于在得到n个评估指标的信息增益率后，对得到的信息增益率进行排序，得到n个评估指标X₁，X₂，…，X_i，…，X_n的重要性级别。A sorting module, connected to the calculation module, used to sort the obtained information gain ratios after obtaining the information gain ratios of n evaluation indexes, and obtain n evaluation indexes X ₁ , X ₂ ,...,X _i ,... , the importance level of X _n .

优选的，所述装置还具有如下特点：所述计算模块在计算数据集R中风险等级的熵H(R)所采用的计算表达式为：Preferably, the device also has the following characteristics: the calculation expression adopted by the calculation module to calculate the entropy H(R) of the risk level in the data set R is:

其中，C_j表示一种风险等级，其中j＝1，…，K，per(C_j，S)表示数据集R中属于风险等级为C_j的系统个数占总数据集R中全部系统数量的比例。Among them, C _j represents a risk level, where j=1,...,K, per(C _j , S) means that the number of systems in the data set R belonging to the risk level C _j accounts for the total number of systems in the data set R proportion.

优选的，所述装置还具有如下特点：所述执行模块在通过计算评估指标X_i对应的各子集合中风险等级的熵，得到数据集R中评估指标X_i的风险等级熵的加权值所采用的计算表达式为：Preferably, the device also has the following characteristics: the execution module obtains the weighted value of the risk level entropy of the evaluation index X _i in the data set R by calculating the entropy of the risk level in each subset corresponding to the evaluation index X _i The calculation expression used is:

优选的，所述装置还具有如下特点：Preferably, the device also has the following characteristics:

所述执行模块，用于在计算评估指标X_i的信息增益率时，计算评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵，并通过计算评估指标X_i的信息增益与评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵的比值，得到评估指标X_i的信息增益率；The execution module is used to calculate the entropy of the number of elements in all subsets corresponding to the evaluation index Xi relative to the number of elements in the data set _R when calculating the information gain rate of the evaluation index X _i , and calculate the evaluation index The ratio of the information gain of _Xi to the entropy of the number of elements in all subsets corresponding to the evaluation index _Xi to the number of elements in the data set R is obtained to obtain the information gain rate of the evaluation index _Xi ;

其中所述评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵的计算表达式为Wherein the calculation expression of the entropy of the number of elements in all subsets corresponding to the evaluation index X _i relative to the number of elements in the data set R is:

$Split split__Infox infox (({X x}_{i i})) = = - - {Σ Σ}_{i i = = 11}^{l l} ((((| | {R R}_{i i} | | / / | | R R | |)) * * {log log}_{22} ((| | {R R}_{i i} | | / / | | R R | |)))) . .$

一种评估指标的评分结果的修正系统，包括：A correction system for scoring results of evaluation indicators, comprising:

获取装置，用于采用上述装置，得到评估指标的重要性级别；obtaining means for obtaining the importance level of the evaluation index by using the above means;

修正装置，用于采用得到评估指标的重要性级别对系统当前所做出的评估指标的评分结果进行修正，得到修正后的各评估指标的评分结果。The correction device is used for correcting the scoring results of the evaluation indicators currently made by the system by using the obtained importance levels of the evaluation indicators, and obtaining the corrected scoring results of each evaluation indicator.

本发明提供的装置实施例，通过对同一行业的评估指标的信息增益率的计算，得出评估指标对风险等级影响的重要程度。信息增益率是信息增益与评估指标对应的全部子集合中元素个数相对于数据集R中元素个数的熵的比值，因此，与利用信息增益作为评估指标重要性的依据相比，基于信息增益率的方法更加合理，不会偏向指标取值多的指标。In the device embodiment provided by the present invention, the importance of the influence of the evaluation index on the risk level is obtained by calculating the information gain rate of the evaluation index in the same industry. The information gain rate is the ratio of the number of elements in all subsets corresponding to the information gain and the evaluation index to the entropy of the number of elements in the data set R. Therefore, compared with using information gain as the basis for evaluating the importance of the index, based on information The method of gain rate is more reasonable, and it will not be biased towards indicators with more values.

附图说明 Description of drawings

图1为本发明提供的评估指标的重要性级别的获取方法实施例的流程示意图；FIG. 1 is a schematic flow diagram of an embodiment of a method for obtaining the importance level of an evaluation indicator provided by the present invention;

图2为本发明提供的评估指标的重要性级别的获取系统实施例的结构示意图。FIG. 2 is a schematic structural diagram of an embodiment of a system for acquiring the importance level of evaluation indicators provided by the present invention.

具体实施方式 Detailed ways

为使本发明的目的、技术方案和优点更加清楚，下面将结合附图及具体实施例对本发明作进一步的详细描述。需要说明的是，在不冲突的情况下，本申请中的实施例及实施例中的特征可以相互任意组合。In order to make the purpose, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined arbitrarily with each other.

图1为本发明提供的评估指标的重要性级别的获取方法实施例的流程示意图。图1所示方法实施例包括：FIG. 1 is a schematic flowchart of an embodiment of a method for obtaining the importance level of an evaluation indicator provided by the present invention. The method embodiment shown in Fig. 1 comprises:

步骤101、将得到m个系统分别对n个评估指标X₁，X₂，…，X_i，…，X_n所做出的评分结果保存在数据集S中，以及将每个系统的风险等级保存在数据集R中；Step 101, save the scoring results made by m systems on n evaluation indicators X ₁ , X ₂ ,...,X _i ,...,X _n in the data set S, and save the risk level of each system saved in the dataset R;

以证券行业为例进行说明，根据GB/T 20984-2007《信息安全技术信息安全风险评估规范》以及证券业的特点对系统的资产、威胁、脆弱性以及已有措施分析将评估要素进一步细分。资产分为资产保密性(X₁)、资产完整性(X₂)、资产可用性(X₃)进行赋值；威胁从自然(X₄)、环境(X₅)、非授权人员(X₆)和授权人员(X₇)进行威胁分析；脆弱性识别从安全管理(X₈)、系统运维(X₉)、业务应用系统(X₁₀)、网络(X₁₁)、网络设备(X₁₂)、操作系统(X₁₃)、数据库(X₁₄)和安全设备脆弱性(X₁₅)进行识别；已有安全措施从安全管理与安全运维(X₁₆)、业务应用安全防护(X₁₇)、网络安全防护(X₁₈)、操作系统安全(X₁₉)以及数据库安全防护(X₂₀)这5个措施进行考虑。因此总共有20个评估指标。Taking the securities industry as an example, according to GB/T 20984-2007 "Information Security Technology Information Security Risk Assessment Specification" and the characteristics of the securities industry, the assessment elements are further subdivided by analyzing the assets, threats, vulnerabilities and existing measures of the system . Assets are divided into asset confidentiality (X ₁ ), asset integrity (X ₂ ), asset availability (X ₃ ) for assignment; threats from nature (X ₄ ), environment (X ₅ ), unauthorized personnel (X ₆ ) and Authorized personnel (X ₇ ) conduct threat analysis; vulnerability identification from security management (X ₈ ), system operation and maintenance (X ₉ ), business application system (X ₁₀ ), network (X ₁₁ ), network equipment (X ₁₂ ), operating system (X ₁₃ ), database (X ₁₄ ), and security device vulnerabilities (X ₁₅ ); existing security measures include security management and security operation and maintenance (X ₁₆ ), business application security protection (X ₁₇ ), network Consider the five measures of security protection (X ₁₈ ), operating system security (X ₁₉ ) and database security protection (X ₂₀ ). So there are 20 evaluation metrics in total.

对证券行业的10个不同系统的评估指标的评分以及风险等级为表1所示。其中指标的评分结果取值为1～9之间的整数，取值越大，风险越大。系统的风险等级为5级，从高到低依次排列为5，4，3，2，1。Table 1 shows the scores and risk levels of the evaluation indicators of 10 different systems in the securities industry. The scoring result of the indicator takes an integer between 1 and 9, and the greater the value, the greater the risk. The risk level of the system is 5 levels, ranked as 5, 4, 3, 2, 1 in descending order.

表1Table 1

步骤102、获取该数据集R的熵，其计算表示式为：Step 102, obtain the entropy of the data set R, and its calculation expression is:

其中，C_j表示一种风险等级，其中j＝1，2，…，k，k≤5，依次记为{C₁，C₂，…，C_k}，per(C_j，S)表示数据集R中属于风险等级为C_j的系统个数占总数据集R中全部系统数量的比例；Among them, C _j represents a risk level, where j=1, 2, ..., k, k≤5, which is recorded as {C ₁ , C ₂ , ..., C _k } in turn, per(C _j , S) represents the data The ratio of the number of systems belonging to the risk level C _j in the set R to the total number of systems in the total data set R;

以上例进行说明，根据风险等级可知，10个系统的风险等级可以分为5类，每类的系统个数均为2，因此

The above example illustrates that according to the risk level, the risk levels of 10 systems can be divided into 5 categories, and the number of systems in each category is 2, so

$H h ((R R)) = = - - {Σ Σ}_{j j = = 11}^{k k} per per (({C C}_{j j},, R R)) * * {log log}_{22} ((per per (({C C}_{j j},, R R))))$

$= = - - {Σ Σ}_{j j = = 11}^{55} \frac{22}{1010} {log log}_{22} \frac{22}{1010} = = {log log}_{22} 55 = = 2.3219 2.3219$

步骤103、计算每个评估指标的信息增益率，具体来说：Step 103, calculate the information gain rate of each evaluation index, specifically:

对每个评估指标执行步骤A～C，包括：Perform steps A to C for each evaluation indicator, including:

步骤A、根据数据集S中评估指标X_i的评分结果，将对评估指标X_i做出相同评分结果的系统在数据集R所对应的全部风险等级作为评估指标X_i在数据集R中所对应的一个子集合，通过计算评估指标X_i对应的各子集合中风险等级的熵，得到数据集R中评估指标X_i的风险等级熵的加权值；具体的计算表达式为：Step A. According to the scoring results of the evaluation index _Xi in the data set S, all the risk levels corresponding to the system with the same scoring results for the evaluation index _Xi in the data set R are used as the evaluation index _Xi in the data set R For a corresponding sub-set, by calculating the entropy of the risk level in each sub-set corresponding to the evaluation index X _i , the weighted value of the risk level entropy of the evaluation index X _i in the data set R is obtained; the specific calculation expression is:

|R|表示数据集R的系统的数量|R| represents the number of systems in the data set R

|R_i|表示子集合R_i的系统的数量|R _i | represents the number of systems of the subset R _i

H(R_i)表示子集合R_i中风险等级的熵。H(R _i ) represents the entropy of the risk levels in the subset R _i .

以计算评估指标X₁的风险等级的子集熵的加权值为例进行说明：Take the calculation of the weighted value of the subset entropy of the risk level of the evaluation index _X1 as an example to illustrate:

首先统计评估指标X₁的风险等级，具体来说，统计评估指标X₁在10个系统中的取值情况。然后统计指标X₁的每个取值对应的风险等级系统数以及相应的系统风险等级。具体的统计结果如下：评估指标X₁在10个系统中的取值为6种情况：1，2，3，5，6，7，因此R＝{R₁，R₂，…，R₆}，其中：First, the risk level of the evaluation index X ₁ is statistically calculated, specifically, the value of the evaluation index X ₁ in the 10 systems is statistically analyzed. Then count the number of risk level systems corresponding to each value of the index X ₁ and the corresponding system risk level. The specific statistical results are as follows: The evaluation index X ₁ has 6 values in 10 systems: 1, 2, 3, 5, 6, 7, so R={R ₁ , R ₂ ,...,R ₆ } ,in:

取值为1的有3个系统，3个系统的最终风险等级分别为1，3，4，记为R₁；There are 3 systems with a value of 1, and the final risk levels of the 3 systems are 1, 3, 4 respectively, denoted as R ₁ ;

取值为2的有1个系统，对应的系统风险等级为2，记为R₂；If the value is 2, there is 1 system, and the corresponding system risk level is 2, denoted as R ₂ ;

取值为3的有3个系统，3个系统的最终风险等级分别为1，3，5，记为R₃；There are 3 systems with a value of 3, and the final risk levels of the 3 systems are 1, 3, and 5 respectively, which are denoted as R ₃ ;

取值为5，6，7的分别有1个系统，对应的系统风险等级为4，5，2，分别记为R₄，R₅，R₆。The values of 5, 6, and 7 have one system respectively, and the corresponding system risk levels are 4, 5, and 2, which are respectively recorded as R ₄ , R ₅ , and R ₆ .

根据上述统计结果，计算结果如下：According to the above statistical results, the calculation results are as follows:

H(R₁)＝H(R₃)＝-0.1*3*log₂0.1＝0.9966H(R ₁ )=H(R ₃ )=-0.1*3*log ₂ 0.1=0.9966

H(R₂)＝H(R₄)＝H(R₅)＝H(R₆)＝-0.1*log₂0.1＝0.3322H(R ₂ )=H(R ₄ )=H(R ₅ )=H(R ₆ )=-0.1*log ₂ 0.1=0.3322

${H h}_{{X x}_{11}} ((R R)) = = {Σ Σ}_{j j = = 11}^{l l} \frac{| | {R R}_{j j} | |}{| | R R | |} * * H h (({R R}_{j j}))$

$= = 0.3 0.3 * * H h (({R R}_{11})) + + 0.1 0.1 * * H h (({R R}_{22})) + + 0.3 0.3 * * H h (({R R}_{33})) + + {Σ Σ}_{i i = = 44}^{66} 0.1 0.1 * * H h (({R R}_{i i}))$

$= = 0.7308 0.7308$

$Gain Gain (({X x}_{i i})) = = H h ((R R)) - - {H h}_{{x x}_{i i}} ((R R))$

以计算评估指标X₁的信息增益的为例，可以得到：Taking the calculation of the information gain of the evaluation index _X1 as an example, we can get:

$Gain Gain (({X x}_{11})) = = H h ((R R)) - - {H h}_{{X x}_{11}} ((R R)) = = 1.5911 1.5911$

步骤C、采用评估指标X_i的信息增益以及评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵，计算评估指标X_i的信息增益率；具体包括：Step C, using the information gain of the evaluation index _Xi and the entropy of the number of elements in all subsets corresponding to the evaluation index _Xi relative to the number of elements in the data set R, to calculate the information gain rate of the evaluation index _Xi ; specifically include:

计算评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵。计算表达式为Calculate the entropy of the number of elements in all subsets corresponding to the evaluation index _Xi relative to the number of elements in the data set R. The calculation expression is

$Split split__Infox infox (({X x}_{i i})) = = - - {Σ Σ}_{i i = = 11}^{j j} ((((| | {R R}_{i i} | | / / | | R R | |)) * * {log log}_{22} ((| | {R R}_{i i} | | / / | | R R | |))))$

对于评估指标X₁而言，For the evaluation index _X1 ,

$Split split__Infox infox (({X x}_{11})) = = - - {Σ Σ}_{i i = = 11}^{s the s} ((((| | {R R}_{i i} | | / / | | R R | |)) * * log log ((| | {R R}_{i i} | | / / | | R R | |))))$

$= = - - 22 * * 0.3 0.3 * * {log log}_{22} 0.3 0.3 - - 44 * * 0.1 0.1 * * {log log}_{22} 0.1 0.1$

$= = 2.3710 2.3710$

计算指标X_i的信息增益率的计算表达式为：The calculation expression for calculating the information gain rate of index _Xi is:

$Gain ratio Gain ratio (({X x}_{i i})) = = \frac{Gain Gain (({X x}_{i i}))}{Split split__Infox infox (({X x}_{i i}))}$

因此评估指标X₁的信息增益率为：Therefore, the information gain rate of the evaluation index _X1 is:

$Gain ratio Gain ratio (({X x}_{11})) = = \frac{Gain Gain (({X x}_{11}))}{Split split__Infox infox (({X x}_{11}))} = = 0.6711 0.6711$

按照上述处理流程，还可以得到其它指标的信息增益率为：According to the above processing flow, the information gain rate of other indicators can also be obtained:

步骤104、对得到的评估指标的信息增益率大小进行排序，得到评估指标的重要性级别。Step 104: Sort the obtained information gain ratios of the evaluation indicators to obtain the importance levels of the evaluation indicators.

评估要素的重要性从大到小的排名为：网络设备脆弱性(X₁₂)、数据库脆弱性(X₁₄)、安全设备脆弱性(X₁₅)、环境(X₅)威胁、资产可用性(X₃)、网络安全防护措施(X₁₈)、业务应用安全防护措施(X₁₇)、自然(X₄)威胁、资产完整性(X₂)、系统运维脆弱性(X₉)、授权人员威胁(X₇)、安全管理与安全运维措施(X₁₆)、安全管理脆弱性(X₈)、操作系统安全(X₁₉)措施、网络(X₁₁)脆弱性、操作系统脆弱性(X₁₃)、业务应用系统脆弱性(X₁₀)、资产保密性(X₁)、数据库安全防护措施(X₂₀)、非授权人员威胁(X₆)。The importance of the evaluation elements is ranked in descending order: network device vulnerability (X ₁₂ ), database vulnerability (X ₁₄ ), security device vulnerability (X ₁₅ ), environment (X ₅ ) threat, asset availability (X ₃ ), network security protection measures (X ₁₈ ), business application security protection measures (X ₁₇ ), natural (X ₄ ) threats, asset integrity (X ₂ ), system operation and maintenance vulnerabilities (X ₉ ), threats to authorized personnel (X ₇ ), security management and security operation and maintenance measures (X ₁₆ ), security management vulnerability (X ₈ ), operating system security (X ₁₉ ) measures, network (X ₁₁ ) vulnerability, operating system vulnerability (X ₁₃ ), business application system vulnerability (X ₁₀ ), asset confidentiality (X ₁ ), database security protection measures (X ₂₀ ), and threat of unauthorized personnel (X ₆ ).

根据风险评估的结果对数据进行分析得出：为了保证系统的安全，在证券业中要优先考虑的五个安全要素是网络设备的脆弱性、数据库的脆弱性、安全设备的脆弱性、环境威胁和资产可用性，这5个重点评估指标与当前证券业考虑的5个安全实体的内容比较一致。证券业的系统可根据评估指标的重要性和当前系统的情况在安全整改方面制定相应的整改措施。According to the analysis of the data based on the results of the risk assessment, it is concluded that in order to ensure the security of the system, the five security elements that should be given priority in the securities industry are the vulnerability of network equipment, the vulnerability of databases, the vulnerability of security equipment, and environmental threats. And asset availability, these five key evaluation indicators are relatively consistent with the content of the five security entities currently considered by the securities industry. The system of the securities industry can formulate corresponding rectification measures in terms of security rectification according to the importance of evaluation indicators and the current system situation.

需要说明的是，本实施例以获取证券行业中各评估指标的重要性级别为例进行说明，但不限于此，还同样可以计算其他行业中评估指标的重要性级别，只要输入该行业中不同系统对相同评估指标所组成的评分结果，就可以得到该行业内信息安全的评估指标的重要性指标；同理，本实施例以信息安全领域内评估指标进行处理，但不限于此，还可以获取行业内部事物处理能力的评估指标的重要性。It should be noted that this embodiment takes the importance level of each evaluation index in the securities industry as an example for illustration, but it is not limited to this, and the importance level of evaluation indicators in other industries can also be calculated, as long as the input is different in the industry. The system can obtain the importance index of the evaluation index of information security in the industry by scoring the result composed of the same evaluation index; similarly, this embodiment deals with the evaluation index in the field of information security, but it is not limited to this, and can also The importance of obtaining evaluation indicators for the industry's internal transaction processing capabilities.

另外，本实施例之所以能够客观准确地计算出评估指标的重要性级别，是因为所采用步骤103的计算表达式，通过对同一行业的评估指标的信息增益率的计算，得出评估指标对风险等级影响的重要程度。信息增益率是信息增益与根据指标取值划分所得子集合的熵的比值，因此，与利用信息增益作为评估指标重要性的依据相比，基于信息增益率的方法更加合理，不会偏向指标取值多的指标。In addition, the reason why this embodiment can objectively and accurately calculate the importance level of the evaluation index is because the calculation expression in step 103 is used to calculate the information gain rate of the evaluation index in the same industry, and the evaluation index has a significant impact on the evaluation index. The importance of the impact of the risk level. The information gain rate is the ratio of the information gain to the entropy of the sub-sets obtained by dividing the index value. Therefore, compared with using the information gain as the basis for evaluating the importance of the index, the method based on the information gain rate is more reasonable and will not bias the index selection. A multi-value indicator.

参考上述分析可知，步骤103中所使用的信息增益率的计算表达式是在机器学习中用来数据分类时建立数据分类模型，与本领域技术人员通常使用的方式完全不同，开辟了该计算表达式的一个新的应用领域。With reference to the above analysis, it can be seen that the calculation expression of the information gain rate used in step 103 is used in machine learning to establish a data classification model when classifying data, which is completely different from the method usually used by those skilled in the art, and opens up the calculation expression a new field of application.

以往指标的重要性的排序是通过专家对指标间的比较进行主观判断得到的，主观性大。本发明是从整体上通过计算指标的信息增益率得到的指标重要性的排序，因此更加准确、客观地反映出整个评估指标体系中指标的重要性。这种指标的重要性的排序可以修正专家对指标重要性的排序，从而使得风险等级更加准确。In the past, the ranking of the importance of indicators was obtained through the subjective judgment of experts on the comparison of indicators, which was highly subjective. The present invention ranks the importance of indexes obtained by calculating the information gain rate of the indexes as a whole, thus more accurately and objectively reflecting the importance of indexes in the entire evaluation index system. The ranking of the importance of the indicators can correct the ranking of the importance of the indicators by the experts, thereby making the risk level more accurate.

同一行业的评估指标重要性的得出为该行业信息系统安全建设整改工作提供了指导。为了使得整改工作更具有针对性，对风险等级有重要影响的评估指标进行重点整改，这对于提高整改工作的效率是非常必要的。The importance of evaluation indicators in the same industry is obtained to provide guidance for the rectification work of information system security construction in this industry. In order to make the rectification work more targeted, it is necessary to focus on the rectification of the evaluation indicators that have an important impact on the risk level, which is very necessary to improve the efficiency of the rectification work.

另外，本发明还提供一种评估指标的评分结果的修正方法实施例，包括：In addition, the present invention also provides an embodiment of a correction method for scoring results of evaluation indicators, including:

采用上文所述的方法，得到评估指标的重要性级别；Using the method described above, the importance level of the evaluation index is obtained;

采用得到评估指标的重要性级别对系统当前所作出的评估指标的评分结果进行修正，得到修正后的各评估指标的评分结果。Using the importance level of the evaluation index obtained, the scoring result of the evaluation index currently made by the system is corrected to obtain the corrected scoring result of each evaluation index.

举例来说，如果两个评估指标A和B，现有的评估指标A的评分结果低于评估指标B的评分结果，但根据获取到的重要性级别可知，评估指标A要比评估指标B的重要性高，则修正评估指标A和B中至少一个的评分结果，以使得评估指标A的评分结果要高于评估指标B的评分结果；相反亦然。For example, if there are two evaluation indicators A and B, the scoring result of the existing evaluation indicator A is lower than that of the evaluation indicator B, but according to the obtained importance level, the evaluation indicator A is higher than the evaluation indicator B. If the importance is high, the scoring result of at least one of the evaluation indicators A and B is corrected so that the scoring result of the evaluation indicator A is higher than the scoring result of the evaluation indicator B; and vice versa.

本发明提供的方法实施例，统计多个系统对相同评估指标的评分结果，并基于上述统计结果，计算每个评估指标的信息增益率，再根据信息增益率的大小得到评估指标的重要性级别，为客观准确的设置各评估指标的评分结果提供了理论依据，与现有技术中根据人为经验设置相比，更加准确和客观。In the method embodiment provided by the present invention, the scoring results of multiple systems for the same evaluation index are counted, and based on the above statistical results, the information gain rate of each evaluation index is calculated, and then the importance level of the evaluation index is obtained according to the size of the information gain rate , providing a theoretical basis for objectively and accurately setting the scoring results of each evaluation index, which is more accurate and objective compared with the setting based on human experience in the prior art.

图2为本发明提供的评估指标的重要性级别的获取装置的结构示意图。图2所示装置包括：FIG. 2 is a schematic structural diagram of a device for acquiring importance levels of evaluation indicators provided by the present invention. The device shown in Figure 2 includes:

保存模块201，用于将得到m个系统分别对n个评估指标X₁，X₂，…，X_i，…，X_n所作出的评分结果保存在数据集S中，以及将每个系统的风险等级保存在数据集R中；The saving module 201 is used to save the scoring results made by m systems on n evaluation indicators X ₁ , X ₂ ,...,X _i ,...,X _n in the data set S, and save each system's The risk level is saved in the dataset R;

计算模块202，与所述保存模块201相连，用于计算数据集R中风险等级的熵H(R)；Calculation module 202, connected to the preservation module 201, for calculating the entropy H(R) of the risk level in the data set R;

执行模块203，与所述保存模块201和所述计算模块202相连，用于对每个评估指标执行步骤A～C，包括：The execution module 203 is connected to the saving module 201 and the calculation module 202, and is used to execute steps A to C for each evaluation index, including:

排序模块204，与所述计算模块203相连，用于在得到n个评估指标的信息增益率后，对得到的信息增益率进行排序，得到n个评估指标X₁，X₂，…，X_i，…，X_n的重要性级别。The sorting module 204 is connected to the calculation module 203, and is used to sort the obtained information gain ratios after obtaining the information gain ratios of n evaluation indexes, so as to obtain n evaluation indexes X ₁ , X ₂ ,...,X _i , ..., the importance level of X _n .

其中，所述计算模块202在计算数据集R中风险等级的熵H(R)所采用的计算表达式为：Wherein, the calculation expression adopted by the calculation module 202 in calculating the entropy H(R) of the risk level in the data set R is:

其中，所述执行模块203在通过计算评估指标X_i对应的各子集合中风险等级的熵，得到数据集R中评估指标X_i的风险等级熵的加权值所采用的计算表达式为：Wherein, the execution module 203 obtains the weighted value of the risk level entropy of the evaluation index X _i in the data set R by calculating the entropy of the risk level in each sub-set corresponding to the evaluation index X _i . The calculation expression used is:

其中，所述执行模块203，用于在计算评估指标X_i的信息增益率时，计算评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵，并通过计算评估指标X_i的信息增益与评估指标X_i对应的全部子集合中元素个数相对于数据集R中元素个数的熵的比值，得到评估指标X_i的信息增益率；Wherein, the execution module 203 is configured to calculate the entropy of the number of elements in all subsets corresponding to the evaluation index _Xi relative to the number of elements in the data set R when calculating the information gain rate of the evaluation index _Xi , and pass Calculate the ratio of the information gain of the evaluation index X _i to the entropy of the number of elements in all subsets corresponding to the evaluation index X _i relative to the number of elements in the data set R, and obtain the information gain rate of the evaluation index X _i ;

另外，本发明提供一种评估指标的评分结果的修正系统，包括：In addition, the present invention provides a correction system for scoring results of evaluation indicators, including:

获取装置，用于采用图2所示装置，得到评估指标的重要性级别；The obtaining device is used to obtain the importance level of the evaluation index by using the device shown in Figure 2;

本发明提供的系统实施例，统计多个系统对相同评估指标的评分结果，并基于上述统计结果，计算每个评估指标的信息增益率，再根据信息增益率的大小得到评估指标的重要性级别，为客观准确的设置各评估指标的评分结果提供了理论依据，与现有技术中根据人为经验设置相比，更加准确和客观。The system embodiment provided by the present invention counts the scoring results of multiple systems for the same evaluation index, and calculates the information gain rate of each evaluation index based on the above statistical results, and then obtains the importance level of the evaluation index according to the information gain rate , which provides a theoretical basis for objectively and accurately setting the scoring results of each evaluation index, which is more accurate and objective compared with the setting based on human experience in the prior art.

以上所述，仅为本发明的具体实施方式，但本发明的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本发明揭露的技术范围内，可轻易想到变化或替换，都应涵盖在本发明的保护范围之内。因此，本发明的保护范围应以权利要求所述的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope described in the claims.

Claims

1. other acquisition methods of the significance level of an evaluation index is characterized in that, comprising:

To obtain m system respectively to n evaluation index X ₁, X ₂..., X _i..., X _nThe appraisal result of having done is kept among the data set S, and the risk class of each system is kept among the data set R;

The entropy H (R) of risk class among the computational data collection R;

To each evaluation index execution in step A～C, comprising:

Steps A, according to evaluation index X among the data set S _iAppraisal result, will be to evaluation index X _iThe system that makes identical appraisal result at the pairing whole risk class of data set R as evaluation index X _iA pairing son set in data set R is through calculating evaluation index X _iThe entropy of risk class obtains evaluation index X among the data set R in each corresponding subclass _iThe weighted value of risk class entropy;

Step B, according to evaluation index X among the entropy of risk class among the data set R and the data set R _iThe weighted value of risk class entropy, obtain evaluation index X _iInformation gain;

Step C, employing evaluation index X _iInformation gain and evaluation index X _iElement number calculates evaluation index X with respect to the entropy of element number among the data set R in corresponding whole subclass _iThe information gain rate;

After obtaining the information gain rate of n evaluation index, the information gain rate is sorted, thereby obtain n evaluation index X ₁, X ₂..., X _i..., X _nImportance information.

2. method according to claim 1 is characterized in that, the calculation expression that the entropy H (R) of risk class is adopted among the said computational data collection R is:

H (R) = - Σ_{j = 1}^{k} per (C_{j}, R) * \log_{2} per (C_{j}, R)

Wherein, C _jA kind of risk class of expression system, j=1 wherein ..., K, per (C _j, S) belonging to risk class among the expression data set R is C _jSystem's number account among the total data collection R all ratios of system quantities.

3. method according to claim 1 is characterized in that, and is said through calculating evaluation index X _iThe entropy of risk class obtains evaluation index X among the data set R in each corresponding subclass _iThe calculation expression that weighted value adopted of risk class entropy be:

H_{X_{i}} (R) = Σ_{j = 1}^{l} \frac{| R_{j} |}{| R |} * H (R_{j})

Wherein, l representes evaluation index X among the data set S _iThe kind of appraisal result;

| R| representes the number of risk class among the data set R;

| R _i| expression subclass R _iThe number of middle risk class;

H (R _i) expression set R _iThe entropy of middle risk class.

4. method according to claim 3 is characterized in that, said employing evaluation index X _iInformation gain and evaluation index X _iElement number calculates evaluation index X with respect to the entropy of element number among the data set R in corresponding whole subclass _iThe information gain rate, comprising:

Calculate evaluation index X _iElement number with respect to the calculation expression of the entropy of element number among the data set R does in corresponding whole subclass

Split_Infox (X_{i}) = - Σ_{i = 1}^{l} ((| R_{i} | / | R |) * \log_{2} (| R_{i} | / | R |));

Calculate evaluation index X _iInformation gain and evaluation index X _iElement number obtains evaluation index X with respect to the ratio of the entropy of element number among the data set R in corresponding whole subclass _iThe information gain rate.

5. the modification method of the appraisal result of an evaluation index is characterized in that, comprising:

Adopt like the arbitrary described method of claim 1 to 4, obtain the importance information of evaluation index;

Employing obtains the importance information of evaluation index the appraisal result of the current evaluation index of making of system is revised, and obtains the appraisal result of revised each evaluation index.

6. other deriving means of the significance level of an evaluation index is characterized in that, comprising:

Preserve module, be used for obtaining m system respectively to n evaluation index X ₁, X ₂..., X _i..., X _nThe appraisal result of having done is kept among the data set S, and the risk class of each system is kept among the data set R;

Computing module links to each other with said preservation module, is used for the entropy H (R) of computational data collection R risk class;

Execution module links to each other with said computing module with said preservation module, is used for each evaluation index execution in step A～C is comprised:

Order module links to each other with said computing module, is used for after obtaining the information gain rate of n evaluation index, the information gain rate that obtains being sorted, and obtains n evaluation index X ₁, X ₂..., X _i..., X _nImportance information.

7. device according to claim 6 is characterized in that, the calculation expression that the entropy H (R) of said computing module risk class in computational data collection R is adopted is:

H (R) = - Σ_{j = 1}^{k} per (C_{j}, R) * \log_{2} per (C_{j}, R)

Wherein, C _jRepresent a kind of risk class, j=1 wherein ..., K, per (C _j, S) belonging to risk class among the expression data set R is C _jSystem's number account among the total data collection R all ratios of system quantities.

8. device according to claim 6 is characterized in that, said execution module is passing through to calculate evaluation index X _iThe entropy of risk class obtains evaluation index X among the data set R in each corresponding subclass _iThe calculation expression that weighted value adopted of risk class entropy be:

H_{X_{i}} (R) = Σ_{j = 1}^{l} \frac{| R_{j} |}{| R |} * H (R_{j})

| R| representes the number of risk class among the data set R;

| R _i| expression subclass R _iThe number of middle risk class;

H (R _i) expression set R _iThe entropy of middle risk class.

9. device according to claim 8 is characterized in that:

Said execution module is used for calculating evaluation index X _iThe information gain rate time, calculate evaluation index X _iElement number is with respect to the entropy of element number among the data set R in corresponding whole subclass, and through calculating evaluation index X _iInformation gain and evaluation index X _iElement number obtains evaluation index X with respect to the ratio of the entropy of element number among the data set R in corresponding whole subclass _iThe information gain rate;

Wherein said evaluation index X _iElement number with respect to the calculation expression of the entropy of element number among the data set R does in corresponding whole subclass

Split_Infox (X_{i}) = - Σ_{i = 1}^{l} ((| R_{i} | / | R |) * \log_{2} (| R_{i} | / | R |)) .

10. the update the system of the appraisal result of an evaluation index is characterized in that, comprising:

Deriving means is used for adopting like the arbitrary described device of claim 6 to 9, obtains the importance information of evaluation index;

Correcting device is used to adopt the importance information that obtains evaluation index that the appraisal result of the current evaluation index of making of system is revised, and obtains the appraisal result of revised each evaluation index.