[go: up one dir, main page]

CN107172004A - The methods of risk assessment and device of a kind of Network Security Device - Google Patents

The methods of risk assessment and device of a kind of Network Security Device Download PDF

Info

Publication number
CN107172004A
CN107172004A CN201610130297.2A CN201610130297A CN107172004A CN 107172004 A CN107172004 A CN 107172004A CN 201610130297 A CN201610130297 A CN 201610130297A CN 107172004 A CN107172004 A CN 107172004A
Authority
CN
China
Prior art keywords
risk
storehouse
equipment
assessed
predetermined
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610130297.2A
Other languages
Chinese (zh)
Inventor
章倩
滕志猛
周娜
霍玉臻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201610130297.2A priority Critical patent/CN107172004A/en
Priority to PCT/CN2017/073933 priority patent/WO2017152742A1/en
Publication of CN107172004A publication Critical patent/CN107172004A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of methods of risk assessment of Network Security Device and device, by determining predetermined risk storehouse, extract effective configuration information related to the risk in equipment to be assessed, and the risk for triggering the equipment to be assessed is obtained according to the risk analysis result of effective configuration information, the risk that the predetermined risk storehouse risk of analysis and the equipment to be assessed have been triggered, take corresponding computational methods, obtain the secure state value value-at-risk of the equipment to be assessed, by the value-at-risk for analyzing risk, incidence relation between risk, the triggering times for every risk that the risk item of the equipment to be assessed has been triggered obtain the secure state value of equipment to be assessed correspondingly to be calculated, so that more directly perceived, accurately, effectively show current device safe condition.

Description

一种网络安全设备的风险评估方法和装置Method and device for risk assessment of network security equipment

技术领域technical field

本发明涉及网络安全技术领域,尤指一种网络安全设备的风险评估方法和装置。The invention relates to the technical field of network security, in particular to a risk assessment method and device for network security equipment.

背景技术Background technique

目前,随着互联网技术的不断发展,网络安全问题日益突出,企业网络中的多个位置都会部署防火墙、入侵防御系统、防病毒等安全产品,其中,企业与外网、商业合作伙伴之间的业务需求会时刻发生变化,并且公共漏洞和暴露(Common Vulnerabilities & Exposures,简称:CVE)、国家信息安全漏洞共享平台(China National Vulnerability Database,简称:CNVD)等权威机构时刻发布新发现的漏洞,这些都要求企业网络管理人员对网络安全设备的配置进行变更,从而保障企业网络的安全。At present, with the continuous development of Internet technology, network security issues have become increasingly prominent. Security products such as firewalls, intrusion prevention systems, and anti-viruses will be deployed in multiple locations in the enterprise network. Business requirements will change from time to time, and authoritative organizations such as Common Vulnerabilities & Exposures (CVE) and China National Vulnerability Database (CNVD) release newly discovered vulnerabilities all the time. Both require enterprise network managers to change the configuration of network security devices, so as to ensure the security of enterprise networks.

现有技术中,企业网络管理人员会通过开放防火墙某个端口,以便与商业合作伙伴进行业务交流,或者关闭某个端口,避免被某个漏洞利用等等办法来对网络安全设备的配置进行变更,同时通过特定的产品对网络安全设备的配置进行核查,以便及时发现配置中的漏洞。In the prior art, enterprise network managers will change the configuration of network security devices by opening a certain port of the firewall in order to communicate with business partners, or closing a certain port to avoid being exploited by a certain loophole, etc. , and at the same time check the configuration of network security devices through specific products, so as to find loopholes in the configuration in time.

但是,采用现有的技术,通过特定的产品来对网络安全设备配置结果的分析考虑并不全面,使得最终评估的结果不能准确、有效、多方面的反映网络安全设备的安全状态。However, using the existing technology, the analysis and consideration of the configuration results of the network security equipment through specific products is not comprehensive, so that the final evaluation results cannot reflect the security status of the network security equipment in an accurate, effective and multi-faceted manner.

发明内容Contents of the invention

为了解决上述技术问题,本发明提供了一种网络安全设备的风险评估方法和装置,能够更直观、准确、有效的表明当前设备安全状态。In order to solve the above technical problems, the present invention provides a risk assessment method and device for network security equipment, which can more intuitively, accurately and effectively indicate the current equipment security status.

为了达到本发明目的,第一方面,本发明提供了一种网络安全设备的风险评估方法,该方法包括:In order to achieve the purpose of the present invention, in the first aspect, the present invention provides a method for risk assessment of network security equipment, the method comprising:

确定预定的风险库,所述风险库包括多条风险项;determining a predetermined risk library, where the risk library includes a plurality of risk items;

提取出待评估设备中与所述风险项相关的有效配置信息,并根据有效配置信息的风险分析结果获取所述待评估设备触发的风险项;Extracting effective configuration information related to the risk item in the device to be evaluated, and obtaining risk items triggered by the device to be evaluated according to a risk analysis result of the effective configuration information;

分别分析预定的风险库中的风险项和所述待评估设备触发的风险项,采取相应的计算方法,得到所述待评估设备的安全状态值。Analyzing the risk items in the predetermined risk library and the risk items triggered by the equipment to be evaluated respectively, and adopting corresponding calculation methods to obtain the security state value of the equipment to be evaluated.

与现有技术相比,本发明提供了一种网络安全设备的风险评估方法,通过确定预定的风险库,提取出待评估设备中与所述风险项相关的有效配置信息,并根据有效配置信息的风险分析结果获取触发所述待评估设备的风险项,分别分析预定的风险库中风险项和所述待评估设备已触发的风险项,采取相应的计算方法,得到所述待评估设备的安全状态值风险值,这样分析风险项的风险值、风险项之间的关联关系、所述待评估设备的风险项已触发的每条风险项的触发次数来进行相应地计算得到待评估设备的安全状态值,使得更直观、准确、有效的表明当前设备安全状态。Compared with the prior art, the present invention provides a risk assessment method for network security equipment. By determining a predetermined risk library, effective configuration information related to the risk item in the equipment to be assessed is extracted, and according to the effective configuration information According to the risk analysis result, the risk items triggering the equipment to be evaluated are obtained, the risk items in the predetermined risk library and the risk items triggered by the equipment to be evaluated are respectively analyzed, and the corresponding calculation method is adopted to obtain the safety of the equipment to be evaluated. The risk value of the status value, in this way, analyze the risk value of the risk item, the relationship between the risk items, and the trigger times of each risk item that the risk item of the equipment to be evaluated has been triggered to calculate accordingly to obtain the safety of the equipment to be evaluated The status value makes it more intuitive, accurate and effective to indicate the current device security status.

第二方面,本发明提供了一种网络安全设备的风险评估装置,该装置包括:确定模块、提取模块和评估模块;In a second aspect, the present invention provides a risk assessment device for network security equipment, which comprises: a determination module, an extraction module and an assessment module;

所述确定模块,设置于确定预定的风险库,所述风险库包括多条风险项的配置信息,所述配置信息包括风险项的识别码和描述内容;The determining module is configured to determine a predetermined risk library, the risk library includes configuration information of multiple risk items, and the configuration information includes identification codes and descriptions of risk items;

所述提取模块,设置于提取出待评估设备中与所述风险项相关的有效配置信息,并根据有效配置信息的风险分析结果获取所述待评估设备触发的风险项;The extraction module is configured to extract effective configuration information related to the risk item in the device to be evaluated, and obtain risk items triggered by the device to be evaluated according to a risk analysis result of the effective configuration information;

所述评估模块,设置于分别分析预定的风险库中的风险项和所述待评估设备触发的风险项,采取相应的计算方法,得到所述待评估设备的安全状态值。The assessment module is configured to separately analyze the risk items in the predetermined risk library and the risk items triggered by the equipment to be assessed, and adopt corresponding calculation methods to obtain the security status value of the equipment to be assessed.

与现有技术相比,本发明提供了一种网络安全设备的风险评估装置,通过确定模块确定预定的风险库,提取模块提取出待评估设备中与所述风险项相关的有效配置信息,并根据有效配置信息的风险分析结果获取触发所述待评估设备的风险项,评估模块分别分析预定的风险库中风险项和所述待评估设备已触发的风险项,采取相应的计算方法,得到所述待评估设备的安全状态值风险值,这样分析风险项的风险值、风险项之间的关联关系、所述待评估设备的风险项已触发的每条风险项的触发次数来进行相应地计算得到待评估设备的安全状态值,使得更直观、准确、有效的表明当前设备安全状态。Compared with the prior art, the present invention provides a risk assessment device for network security equipment. The predetermined risk library is determined by the determination module, and the effective configuration information related to the risk item in the equipment to be evaluated is extracted by the extraction module, and According to the risk analysis result of the effective configuration information, the risk item that triggers the device to be evaluated is obtained, and the evaluation module separately analyzes the risk item in the predetermined risk library and the risk item that has been triggered by the device to be evaluated, and adopts a corresponding calculation method to obtain the Describe the risk value of the safety state value of the equipment to be evaluated, and analyze the risk value of the risk item, the relationship between the risk items, and the number of triggers of each risk item that has been triggered by the risk item of the equipment to be evaluated to calculate accordingly Obtaining the security status value of the equipment to be evaluated makes it more intuitive, accurate and effective to indicate the current security status of the equipment.

本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

附图说明Description of drawings

附图用来提供对本发明技术方案的进一步理解,并且构成说明书的一部分,与本申请的实施例一起用于解释本发明的技术方案,并不构成对本发明技术方案的限制。The accompanying drawings are used to provide a further understanding of the technical solution of the present invention, and constitute a part of the description, and are used together with the embodiments of the application to explain the technical solution of the present invention, and do not constitute a limitation to the technical solution of the present invention.

图1为本发明提供的一种网络安全设备的风险评估方法实施例一的流程示意图;FIG. 1 is a schematic flowchart of Embodiment 1 of a risk assessment method for a network security device provided by the present invention;

图2为本发明提供的一种网络安全设备的风险评估装置实施例一的结构示意图。FIG. 2 is a schematic structural diagram of Embodiment 1 of a risk assessment device for network security equipment provided by the present invention.

具体实施方式detailed description

为使本发明的目的、技术方案和优点更加清楚明白,下文中将结合附图对本发明的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。In order to make the purpose, technical solution and advantages of the present invention more clear, the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined arbitrarily with each other.

在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行。并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。The steps shown in the flowcharts of the figures may be performed in a computer system, such as a set of computer-executable instructions. Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

本发明实施例涉及的方法可以应用于网络安全系统中的单个设备,该网络安全设备可以是路由器、防火墙、行为管理器和核心交换机等设备,但并不限于此。The method involved in the embodiment of the present invention can be applied to a single device in a network security system, and the network security device can be a router, a firewall, a behavior manager, a core switch, etc., but is not limited thereto.

本发明实施例涉及的方法,旨在解决现有技术中通过特定的产品来对网络安全设备配置结果的分析考虑并不全面,使得最终评估的结果不能准确、有效、多方面的反映网络安全设备的安全状态的技术问题。The method involved in the embodiment of the present invention aims to solve the problem that the analysis and consideration of the configuration results of network security equipment through specific products in the prior art is not comprehensive, so that the final evaluation results cannot reflect the network security equipment in an accurate, effective and multi-faceted manner. technical issues of the state of security.

下面以具体地实施例对本发明的技术方案进行详细说明。下面这几个具体的实施例可以相互结合,对于相同或相似的概念或过程可能在某些实施例不再赘述。The technical solution of the present invention will be described in detail below with specific embodiments. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments.

图1为本发明提供的一种网络安全设备的风险评估方法实施例一的流程示意图。本实施例涉及的是实现网络安全设备的风险评估方法的具体过程。如图1所示,该方法包括:FIG. 1 is a schematic flowchart of Embodiment 1 of a method for risk assessment of a network security device provided by the present invention. This embodiment relates to the specific process of implementing the risk assessment method for network security equipment. As shown in Figure 1, the method includes:

S101、确定预定的风险库,所述风险库包括多条风险项。S101. Determine a predetermined risk library, where the risk library includes multiple risk items.

具体的,用户可以根据统一安全策略管控系统提供的标准风险库,也可以根据业务需求,自定义风险库来适合企业的需求,其中,该风险库包括了设备的所有漏洞信息,这里定义每个漏洞为一条风险项,例如:设备的管理员密码为默认值,设备开放了Telnet服务等等,但并不限于此。Specifically, users can manage and control the standard risk library provided by the system according to the unified security policy, or customize the risk library to meet the needs of the enterprise according to business needs. The risk library includes all vulnerability information of the device. Here, each Vulnerability is a risk item, for example: the administrator password of the device is the default value, the device has opened the Telnet service, etc., but it is not limited to this.

具体的,每条风险项都有风险项的识别码和描述内容,对每个风险项(也简称:漏洞)进行了详细的分析,并用相应的字段进行表示,这里每个风险项包含的字段有:风险项识别码、描述内容、风险项带来的风险值大小、风险项和风险项之间的关联关系等等,但并不限于此。Specifically, each risk item has the identification code and description of the risk item. Each risk item (also referred to as: vulnerability) is analyzed in detail and represented by corresponding fields. Here, the fields contained in each risk item There are: risk item identification code, description content, risk value brought by risk item, relationship between risk item and risk item, etc., but not limited thereto.

S102、提取出待评估设备中与所述风险项相关的有效配置信息,并根据有效配置信息的风险分析结果获取所述待评估设备触发的风险项。S102. Extract effective configuration information related to the risk item in the device to be evaluated, and obtain risk items triggered by the device to be evaluated according to a risk analysis result of the effective configuration information.

具体的,可以根据统一安全策略管控系统通过SSH远程连接到待评估的设备,根据风险库中风险项的配置信息对待评估设备的原始配置信息进行提取,提取待评估设备中与所述风险项相关的有效信息,即提取可能存在漏洞的所有相关的有效配置信息形成规范化数据,将所述规范化数据按照预定的风险库进行风险分析,获取所述待评估设备已触发的风险项,例如,风险库中存在一条关于管理员密码有效期的风险项,则需提取该待评估设备的原始配置信息中的有效数据,即密码有效期的信息,并在规范化的格式中设定密码有效期的字段,且该字段值即为采集到的密码有效期的值,但并不以此为限。Specifically, according to the unified security policy management and control system, you can remotely connect to the device to be evaluated through SSH, extract the original configuration information of the device to be evaluated according to the configuration information of the risk item in the risk library, and extract the information related to the risk item in the device to be evaluated. effective information, that is, to extract all relevant effective configuration information that may have vulnerabilities to form standardized data, and perform risk analysis on the standardized data according to the predetermined risk library, and obtain the risk items that have been triggered by the device to be evaluated, for example, the risk library If there is a risk item about the validity period of the administrator password, it is necessary to extract the valid data in the original configuration information of the device to be evaluated, that is, the information of the validity period of the password, and set the field of the validity period of the password in a standardized format, and the field The value is the value of the collected password validity period, but it is not limited thereto.

S103、分别分析预定的风险库中风险项和所述待评估设备触发的风险项,采取相应的计算方法,得到所述待评估设备的安全状态值。S103. Separately analyze the risk items in the predetermined risk library and the risk items triggered by the equipment to be evaluated, and adopt corresponding calculation methods to obtain the security state value of the equipment to be evaluated.

具体的,可根据用户选择的风险库分析所选择的风险库中的风险项,并对所述待评估设备触发的风险项进行分析,可以分析风险项的风险值、风险项之间的关联关系、触发风险项的风险值、触发风险项之间的关联关系等等,将分别分析后的结果采取相应的计算方法,获取所述待评估设备的安全状态值。Specifically, the risk items in the selected risk library can be analyzed according to the risk library selected by the user, and the risk items triggered by the device to be evaluated can be analyzed, and the risk value of the risk items and the relationship between risk items can be analyzed , the risk value of the triggering risk item, the association relationship among the triggering risk items, etc., and adopt a corresponding calculation method for the respectively analyzed results to obtain the security state value of the device to be evaluated.

本发明实施例提供的一种网络安全设备的风险评估方法,通过确定预定的风险库,提取出待评估设备中与所述风险项相关的有效配置信息,并根据有效配置信息的风险分析结果获取触发所述待评估设备的风险项,分析预定的风险库中风险项和所述待评估设备已触发的风险项,采取相应的计算方法,得到所述待评估设备的安全状态值风险值,通过分析风险项的风险值、风险项之间的关联关系、所述待评估设备的风险项已触发的每条风险项的触发次数来进行相应地计算得到待评估设备的安全状态值,使得更直观、准确、有效的表明当前设备安全状态。In the risk assessment method for network security equipment provided by an embodiment of the present invention, the effective configuration information related to the risk item in the equipment to be assessed is extracted by determining a predetermined risk library, and obtained according to the risk analysis results of the effective configuration information. Triggering the risk items of the equipment to be evaluated, analyzing the risk items in the predetermined risk library and the risk items that have been triggered by the equipment to be evaluated, and adopting a corresponding calculation method to obtain the risk value of the safety status value of the equipment to be evaluated, by Analyze the risk value of the risk item, the relationship between the risk items, and the number of triggers of each risk item that has been triggered by the risk item of the device to be evaluated, and calculate accordingly to obtain the security status value of the device to be evaluated, making it more intuitive , Accurately and effectively indicate the current equipment security status.

进一步地,在上述实施例的基础上,在上述步骤101确定预定的风险库之前,还包括:Further, on the basis of the above-mentioned embodiments, before the predetermined risk library is determined in the above-mentioned step 101, it also includes:

预先收集各配置类型的风险库,所述配置类型包括基线库和/或访问控制列表ACL库。Risk libraries of various configuration types are collected in advance, and the configuration types include baseline libraries and/or access control list ACL libraries.

具体的,本发明实施例的风险评估是从风险项的角度触发,通过预定的分析方法来判断待评估设备的配置是否存在风险项,并结合这些风险项存在的风险值来判断待评估设备的安全状态值,因此,预处理中需要对待评估设备的配置信息进行收集和描述,形成基线分析和/或ACL风险分析等配置类型所需的风险库,其中,风险库的形成参考了当前知名漏洞库,如CVE;也可以参考设备配置规范要求,如NIST关于防火墙配置规范,还可以参考通用的一些标准,如基线标准、合规标准、PCI标准等等,但并不限于此。Specifically, the risk assessment in the embodiment of the present invention is triggered from the perspective of risk items, and judges whether there are risk items in the configuration of the equipment to be evaluated through a predetermined analysis method, and judges the risk value of the equipment to be evaluated based on the risk values of these risk items. Security status value, therefore, the configuration information of the device to be evaluated needs to be collected and described in preprocessing, and a risk library required for configuration types such as baseline analysis and/or ACL risk analysis is formed. The formation of the risk library refers to the current well-known vulnerabilities Libraries, such as CVE; you can also refer to device configuration specifications, such as NIST's firewall configuration specifications, and you can also refer to some general standards, such as baseline standards, compliance standards, PCI standards, etc., but not limited thereto.

具体的,预先收集的风险库可以根据配置类型进行分类,将风险库具体区分为基线模块的基线库和ACL风险库,从而可以分别用于基线分析和ACL风险分析。Specifically, the pre-collected risk library can be classified according to the configuration type, and the risk library is specifically divided into the baseline library of the baseline module and the ACL risk library, so that they can be used for baseline analysis and ACL risk analysis respectively.

进一步地,在上述实施例的基础上,分析预定的风险库中的风险项,包括:Further, on the basis of the above-mentioned embodiments, analyzing the risk items in the predetermined risk library includes:

统计预定的风险库中的风险项的总数;Count the total number of risk items in the predetermined risk library;

采用CVSS3.0评分方法分析获取预定的风险库中的风险项的风险值;Use the CVSS3.0 scoring method to analyze and obtain the risk value of the risk item in the predetermined risk library;

确定预定风险库中任意两条风险项之间的关联关系,其中,触发第一条风险项必定会触发第二条风险项,且触发所述第二条风险项不会触发所述第一条风险项,则确定所述第一条风险项和第二条风险项之间存在关联。Determine the association relationship between any two risk items in the predetermined risk library, wherein triggering the first risk item will definitely trigger the second risk item, and triggering the second risk item will not trigger the first risk item risk item, it is determined that there is a relationship between the first risk item and the second risk item.

具体的,这里用于分析的风险库可以是统一安全策略管控系统提供的标准库、风险总库,也可以由用户根据自己的业务需求,组合而成的适合自身企业的自定义风险库,统计预定的风险库中的风险项的总数,并采用CVSS3.0评分方法分析获取预定的风险库中的风险项的风险值,统一安全策略管控系统采用官方最新的CVSS3.0评分方法,从漏洞的攻击途径、攻击复杂度、特权、用户交互、机密性、完整性、可用性等角度进行考虑,利用CVSS3.0评分公式,评估当前漏洞的风险值,并对漏洞得分进行定性分析,划分成严重、高、中、低、轻微五个等级,用以直观的判断当前漏洞的严重程度,采用公认的CVSS3.0评分方法,使得漏洞的风险值更加准确、可靠、可信。Specifically, the risk library used for analysis here can be the standard library and risk general library provided by the unified security policy management and control system, or a custom risk library suitable for the user's own enterprise combined by the user according to his business needs. Statistics The total number of risk items in the predetermined risk library, and use the CVSS3.0 scoring method to analyze and obtain the risk value of the risk items in the predetermined risk library. The unified security policy management and control system adopts the latest official CVSS3.0 scoring method, from the vulnerability Considering the attack path, attack complexity, privilege, user interaction, confidentiality, integrity, availability, etc., using the CVSS3. Five levels of high, medium, low, and minor are used to intuitively judge the severity of the current vulnerability, and the recognized CVSS3.0 scoring method is adopted to make the risk value of the vulnerability more accurate, reliable and credible.

其中,对于风险项与风险项之间的关联关系,主要是用来分析预定的风险库中的不同的风险项(即漏洞)之间的关联关系,这里关联关系的定义为:对风险库中任意两条风险项(即漏洞)A、B,如果触发风险项A的所有风险库规则必定会触发风险项B,并且触发风险项B的风险库规则不一定触发风险项A,则认为风险A与风险项B存在关联关系,其中风险项B包含风险项A。从定义可以看出,若不考虑这种包含关系,在对设备的安全得分进行计算时,则会导致触发被包含的风险项(即漏洞)的ACL规则被计算多次,导致设备的风险得分变高,安全得分降低。实际中,依据上述关联关系的定义,对风险库中的风险项进行关联关系分析,分析步骤如下:Among them, the relationship between risk items and risk items is mainly used to analyze the relationship between different risk items (that is, loopholes) in the predetermined risk library. The definition of the relationship here is: For any two risk items (that is, vulnerabilities) A and B, if all the risk library rules that trigger risk item A must trigger risk item B, and the risk library rules that trigger risk item B do not necessarily trigger risk item A, risk A is considered There is an association relationship with risk item B, where risk item B includes risk item A. It can be seen from the definition that if the inclusion relationship is not considered, when the security score of the device is calculated, the ACL rules that trigger the included risk items (that is, vulnerabilities) will be calculated multiple times, resulting in the risk score of the device The higher the value, the lower the safety score. In practice, according to the definition of the above association relationship, the risk item in the risk database is analyzed for the association relationship, and the analysis steps are as follows:

(1)对预定的风险库任意的两条风险项A、B,依据关联关系的定义,分析这两条风险项是否存在关联关系;(1) For any two risk items A and B in the predetermined risk database, analyze whether there is a relationship between the two risk items according to the definition of the relationship;

(2)若(1)中的风险项A、B存在关联关系,且B包含A,则在风险项B的“漏洞关联关系”字段添加风险项A的漏洞ID。(2) If there is a relationship between risk items A and B in (1), and B includes A, then add the vulnerability ID of risk item A to the "vulnerability relationship" field of risk item B.

例如:风险项R1检查外网到内网是否开放服务为ANY类型的规则,风险项R2检查外网到内网是否开放Telnet服务,风险项R3检查外网到内网是否开放X11服务,通过分析R1、R2、R3之间的关联关系可以得出结论:触发风险项R1的ACL规则必然会触发风险项R2、R3,因此,需在风险项R2和R3的“漏洞关联关系”字段添加值R1。这里若不考虑它们之间的关联关系,则会出现触发风险项R1的ACL规则被计算多次(例中可得出触发R1的每条ACL规则都被计算了3次)。将这种包含关系考虑进去,去除重复计算的ACL规则,提高了系统设备ACL模块和设备综合安全状态分析结果的准确性。For example: risk item R1 checks whether the service is open from the external network to the internal network is an ANY type rule, risk item R2 checks whether the Telnet service is open from the external network to the internal network, and risk item R3 checks whether the X11 service is open from the external network to the internal network, through analysis The relationship between R1, R2, and R3 can draw a conclusion: the ACL rule that triggers risk item R1 will inevitably trigger risk items R2, R3, therefore, the value R1 needs to be added to the "Vulnerability Association" field of risk items R2 and R3 . If the relationship between them is not considered here, the ACL rule triggering the risk item R1 will be calculated multiple times (in the example, it can be concluded that each ACL rule triggering R1 is calculated 3 times). Taking this inclusion relationship into consideration, the double-calculated ACL rules are removed, and the accuracy of the analysis results of the ACL module of the system equipment and the comprehensive security status of the equipment is improved.

进一步地,在上述实施例的基础上,分析所述待评估设备触发的风险项,包括:Further, on the basis of the above embodiments, analyzing the risk items triggered by the device to be evaluated includes:

若预定的风险库包括访问控制列表ACL库时,分析所述待评估设备触发的每条风险项的触发次数、风险项的风险值以及风险项之间的关联关系这三者中的一个或者多个。If the predetermined risk library includes an access control list ACL library, analyze one or more of the trigger times of each risk item triggered by the device to be evaluated, the risk value of the risk item, and the relationship between the risk items indivual.

具体的,若预定的风险库中是多种类型的ACL风险库,用户可根据选择的ACL风险库分析触发所述待评估设备的每条风险项的触发次数、风险项的风险值以及风险项之间的关联关系这三者中一个或者多个。需要说明的是,采用不同的风险库进行分析,检测出的漏洞信息也是不同的。下面将通过实施例来进行详细说明,具体如下:Specifically, if there are multiple types of ACL risk libraries in the predetermined risk library, the user can analyze the number of triggers for each risk item of the device to be evaluated, the risk value of the risk item, and the risk item according to the selected ACL risk library. One or more of the three. It should be noted that different risk databases are used for analysis, and the detected vulnerability information is also different. Below will be described in detail by embodiment, specifically as follows:

(1)根据用户选择的风险库对规范化的ACL策略数据进行风险分析,统计触发每条风险项(即漏洞)的ACL策略的识别码号;(1) Carry out risk analysis on the standardized ACL policy data according to the risk library selected by the user, and count the identification number of the ACL policy that triggers each risk item (that is, a loophole);

(2)对步骤(1)中的结果依据风险项与风险项之间的关联关系进行处理,去除重复计算的ACL策略的ID号,得到处理后的触发每条风险项的ACL策略的ID号;(2) Process the results in step (1) according to the relationship between the risk item and the risk item, remove the ID number of the double-counted ACL policy, and obtain the ID number of the ACL policy that triggers each risk item after processing ;

(3)根据(2)中的处理结果统计触发每条风险项的次数,其中一个ACL策略ID号则代表触发一次。例如,对于一个风险值较低的风险项,触发了1次和触发了100次,评估这个风险项给系统造成的安全影响是不同的,触发次数较多的风险项,表明这个风险项被使用的次数较高,而越多次的被使用,则说明存在恶意的使用次数相对是比较多的,从而增加了待评估设备的风险值。(3) According to the processing results in (2), count the number of times each risk item is triggered, and one ACL policy ID number represents one trigger. For example, for a risk item with a low risk value, it is triggered 1 time and triggered 100 times, and the evaluation of the security impact of this risk item on the system is different. A risk item with a higher number of triggers indicates that this risk item is used. The higher the number of times, and the more times it is used, it means that there are relatively more malicious uses, thus increasing the risk value of the device to be evaluated.

(4)根据(1)、(2)、(3)的分析结果,获取待评估设备ACL安全状态值。(4) According to the analysis results of (1), (2) and (3), obtain the ACL security status value of the equipment to be evaluated.

对于上述的分析过程(4),下面给出一种计算过程,具体如下:For the above analysis process (4), a calculation process is given below, specifically as follows:

统计预定的风险库中风险项总数M和触发每条风险项的ACL规则总数xi(i=1,2,…,n),按照计算公式得到安全状态值,其中,所述Sn为触发的风险项总分,所述St为未触发的风险项总分,所述所述所述权重值Ri为所述风险项的风险值,(i=1,2,3,…,n)为触发风险项,n小于等于M,(i=n+1,…,M)为未触发的风险项,xi取值1,2,3,…。Count the total number M of risk items in the predetermined risk library and the total number x i (i=1,2,...,n) of ACL rules that trigger each risk item, according to the calculation formula Obtain safe state value, wherein, described S n is the total score of the risk item of triggering, and described S t is the total score of risk item of non-triggering, and described said The weight value R i is the risk value of the risk item, (i=1,2,3,...,n) is the trigger risk item, n is less than or equal to M, (i=n+1,...,M) is Untriggered risk items, xi takes values 1, 2, 3,….

上述的流程中,通过分析ACL风险分析检测出的已触发的风险项(即漏洞)、风险项的风险值、风险项被触发的次数,分析了系统设备ACL模块的安全状态,并得出相应的安全状态值。In the above process, by analyzing the triggered risk items (that is, vulnerabilities), the risk value of the risk items, and the number of times the risk items are triggered by the ACL risk analysis, the security status of the ACL module of the system equipment is analyzed, and the corresponding The security status value of .

此方法在分析时,相对已有的技术考虑了风险项之间的关联关系、风险项被触发的次数问题,分析更加全面。而风险值的计算采用CVSS3.0评分技术,相对取经验值的方法,该方法更加可靠、可信。此外,计算得到系统安全状态值更直观、准确、有效的表明当前设备安全状态。Compared with existing technologies, this method considers the relationship between risk items and the number of times risk items are triggered during analysis, making the analysis more comprehensive. The calculation of the risk value adopts CVSS3.0 scoring technology, which is more reliable and credible than the method of taking empirical values. In addition, the calculated system security state value is more intuitive, accurate and effective to indicate the current equipment security state.

进一步地,在上述实施例的基础上,分析所述待评估设备触发的风险项,包括:Further, on the basis of the above embodiments, analyzing the risk items triggered by the device to be evaluated includes:

若预定的风险库包括基线库时,分析所述待评估设备触发的风险项的风险值。If the predetermined risk library includes the baseline library, analyze the risk value of the risk item triggered by the device to be evaluated.

具体的,若确定预定的风险库是多种类型的基线风险库,用户可根据选择的基线风险库分析每条风险项的风险值,并根据归一化的基线模块的数据,进行基线模块的风险分析。这里用于分析的基线库可以是统一安全策略管控系统自带的基线库,也可以是用户根据自身业务需求自定义的基线库,选择的基线库不同,最终的评估结果也不相同。下面将通过实施例来进行详细说明,具体如下:Specifically, if it is determined that the predetermined risk database is a variety of baseline risk databases, the user can analyze the risk value of each risk item according to the selected baseline risk database, and perform the baseline module based on the normalized baseline module data. Risk Analysis. The baseline library used for analysis here can be the baseline library that comes with the unified security policy management and control system, or it can be a baseline library customized by users according to their own business needs. Different baseline libraries are selected, and the final evaluation results are also different. Below will be described in detail by embodiment, specifically as follows:

(1)从风险库中选择出与基线相关的所有基线库,用户依据选择的基线库,对所述待评估设备的归一化基线数据进行基线分析;(1) Select all baseline libraries related to the baseline from the risk library, and the user performs baseline analysis on the normalized baseline data of the equipment to be evaluated according to the selected baseline library;

(2)根据(1)中检查出的已触发的风险项(即漏洞),风险项的风险值,进行安全状态值的计算;(2) Calculate the security status value according to the triggered risk item (that is, the loophole) and the risk value of the risk item checked out in (1);

(3)对于上述的分析过程(2),下面给出一种计算过程,具体如下:统计预定的风险库中风险项总数M,按照计算公式:(3) For the above-mentioned analysis process (2), a calculation process is given below, specifically as follows: the total number M of risk items in the predetermined risk library is counted, according to the calculation formula:

得到安全状态值,其中,所述S'n为触发的风险项总分,所述St'为未触发的风险项总分,所述所述所述权重值Ri为所述风险项的风险值,(i=1,2,3,…,n)为触发风险项,n小于等于M,(i=n+1,…,M)为未触发的风险项。Obtain the safety state value, wherein, said S' n is the total score of the triggered risk item, and said S t ' is the total score of the untriggered risk item, said said The weight value R i is the risk value of the risk item, (i=1,2,3,...,n) is the trigger risk item, n is less than or equal to M, (i=n+1,...,M) is Untriggered risk items.

上述的流程中,通过分析基线分析检测出的已触发的风险项(即漏洞)、风险项的风险值、分析了系统设备基线模块的安全状态,并得出相应的安全状态值。In the above process, the security status of the baseline module of the system equipment is analyzed by analyzing the triggered risk items (ie loopholes) detected by the baseline analysis, the risk values of the risk items, and the corresponding security status values are obtained.

此方法在分析时,对风险项(即漏洞)的风险值的计算采用CVSS3.0评分技术,相对取经验值的方法,该方法更加可靠、可信。此外,计算得到系统安全状态值更直观、准确、有效的表明当前设备安全状态。This method uses CVSS3.0 scoring technology to calculate the risk value of risk items (that is, loopholes) during analysis. Compared with the method of taking empirical values, this method is more reliable and credible. In addition, the calculated system security state value is more intuitive, accurate and effective to indicate the current equipment security state.

进一步地,在上述实施例的基础上,若确定预定的风险库包括基线库和访问控制列表ACL库时,分别分析预定的风险库中的风险项和所述待评估设备触发的风险项,采取相应的计算方法,得到所述待评估设备的安全状态值,下面将通过实施例来进行详细说明,具体如下:Further, on the basis of the above-mentioned embodiments, if it is determined that the predetermined risk library includes the baseline library and the access control list ACL library, respectively analyze the risk items in the predetermined risk library and the risk items triggered by the device to be evaluated, and take The corresponding calculation method is used to obtain the security state value of the device to be evaluated, which will be described in detail below through an embodiment, specifically as follows:

(1)判断待评估设备是否支持ACL风险分析,若支持则执行ACL模块的安全状态分析,具体执行方法,同上述实施例中ACL风险库,若不支持,则不执行;(1) judge whether the equipment to be evaluated supports ACL risk analysis, if it supports, then perform the security status analysis of the ACL module, the specific execution method is the same as the ACL risk library in the above-mentioned embodiment, if not supported, then do not execute;

(2)对待分析的设备执行基线模块的安全状态分析,具体执行方法,同实施例中基线库;(2) The security status analysis of the baseline module is performed on the equipment to be analyzed, and the specific execution method is the same as the baseline library in the embodiment;

(3)根据(1)和(2)的分析结果,分析设备的综合安全状态。(3) According to the analysis results of (1) and (2), analyze the comprehensive security state of the equipment.

对于上述的分析过程(3),按照计算公式进行计算:For the above analysis process (3), calculate according to the calculation formula:

其中,所述Sn为访问控制列表ACL库时所触发的风险项总分,所述St为为访问控制列表ACL库时未触发的风险项总分,所述S'n为基线库时所触发的触发的风险项总分,所述St'为为基线库时未触发的风险项总分。Wherein, the S n is the total score of the risk item triggered when the access control list ACL library, the S t is the total score of the risk item not triggered when the ACL library is the access control list, and the S' n is the baseline library. The total score of the triggered risk items, and the S t ' is the total score of the untriggered risk items when it is the baseline library.

通过对待评估设备综合安全状态分析,分析了基线分析和ACL分析检测出的已触发风险项(即漏洞)信息、风险项的风险值、风险项被触发的次数,分析了系统设备综合安全状态,并得出相应的安全状态值。Through the analysis of the comprehensive security status of the equipment to be evaluated, the information of the triggered risk items (that is, vulnerabilities), the risk value of the risk items, and the number of times the risk items are triggered are analyzed by the baseline analysis and ACL analysis, and the comprehensive security status of the system equipment is analyzed. And get the corresponding security state value.

此方法在分析时,相对已有的技术考虑风险项之间的关联关系、风险项被触发的次数问题,分析更加全面。而风险值的计算采用CVSS3.0评分技术,相对取经验值的方法,该方法更加可靠、可信。此外,计算得到系统安全状态值更直观、准确、有效的表明当前设备安全状态。Compared with the existing technology, this method considers the relationship between risk items and the number of times the risk items are triggered during the analysis, and the analysis is more comprehensive. The calculation of the risk value adopts CVSS3.0 scoring technology, which is more reliable and credible than the method of taking empirical values. In addition, the calculated system security state value is more intuitive, accurate and effective to indicate the current equipment security state.

图2为本发明提供的一种网络安全设备的风险评估装置实施例一的结构示意图,如图2所示,一种网络安全设备的风险评估装置,包括确定模块10、提取模块20和评估模块30;Figure 2 is a schematic structural diagram of Embodiment 1 of a risk assessment device for network security equipment provided by the present invention. As shown in Figure 2, a risk assessment device for network security equipment includes a determination module 10, an extraction module 20 and an assessment module 30;

所述确定模块10,设置于确定预定的风险库,所述风险库包括多条风险项的配置信息,所述配置信息包括风险项的识别码和描述内容;The determination module 10 is configured to determine a predetermined risk library, the risk library includes configuration information of multiple risk items, and the configuration information includes identification codes and descriptions of risk items;

所述提取模块20,设置于提取出待评估设备中与所述风险项相关的有效配置信息,并根据有效配置信息的风险分析结果获取所述待评估设备已触发的风险项;The extraction module 20 is configured to extract effective configuration information related to the risk item in the device to be evaluated, and obtain the risk item triggered by the device to be evaluated according to the risk analysis result of the effective configuration information;

所述评估模块30,设置于分别分析预定的风险库中的风险项和所述待评估设备触发的风险项,采取相应的计算方法,得到所述待评估设备的安全状态值。The assessment module 30 is configured to separately analyze the risk items in the predetermined risk library and the risk items triggered by the equipment to be assessed, and adopt corresponding calculation methods to obtain the security status value of the equipment to be assessed.

本发明实施例提供的一种网络安全设备的风险评估装置,包括:确定模块、提取模块和评估模块,通过确定模块确定预定的风险库,提取模块提取出待评估设备中与所述风险项相关的有效配置信息,并根据有效配置信息的风险分析结果获取触发所述待评估设备的风险项,评估模块分别分析预定的风险库中风险项和所述待评估设备已触发的风险项,采取相应的计算方法,得到所述待评估设备的安全状态值风险值,通过分析风险项的风险值、风险项之间的关联关系、所述待评估设备的风险项已触发的每条风险项的触发次数来进行相应地计算得到待评估设备的安全状态值,使得更直观、准确、有效的表明当前设备安全状态。A risk assessment device for network security equipment provided by an embodiment of the present invention includes: a determination module, an extraction module, and an evaluation module. According to the effective configuration information of the effective configuration information, and according to the risk analysis result of the effective configuration information, the risk item that triggers the device to be evaluated is obtained, and the evaluation module separately analyzes the risk item in the predetermined risk library and the risk item that has been triggered by the device to be evaluated, and takes corresponding measures. According to the calculation method, the risk value of the safety state value of the equipment to be evaluated is obtained, and the risk value of the risk item, the relationship between the risk items, and the triggering of each risk item that has been triggered by the risk item of the equipment to be evaluated are analyzed. The number of times is calculated accordingly to obtain the security status value of the equipment to be evaluated, which makes it more intuitive, accurate and effective to indicate the current security status of the equipment.

进一步地,在上述实施例的基础上,还包括:预处理模块40;Further, on the basis of the above embodiments, it also includes: a preprocessing module 40;

所述预处理模块40,设置于在确定预定的风险库之前,预先收集各配置类型的风险库,所述配置类型至少包括基线库和/或访问控制列表ACL库。The preprocessing module 40 is configured to pre-collect risk libraries of various configuration types before determining a predetermined risk library, and the configuration types include at least a baseline library and/or an access control list ACL library.

本发明实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,在此不再赘述。The device provided by the embodiment of the present invention can execute the above-mentioned method embodiment, and its implementation principle and technical effect are similar, and will not be repeated here.

进一步地,在上述实施例的基础上,所述评估模块30设置于分析预定的风险库中的风险项,是指:Further, on the basis of the above-mentioned embodiments, the evaluation module 30 is set to analyze the risk items in the predetermined risk library, which means:

所述评估模块设置于统计预定的风险库中的风险项的总数;The evaluation module is configured to count the total number of risk items in the predetermined risk library;

采用CVSS3.0评分方法分析获取预定的风险库中的风险项的风险值;Use the CVSS3.0 scoring method to analyze and obtain the risk value of the risk item in the predetermined risk library;

确定预定风险库中任意两条风险项之间的关联关系,其中,触发第一条风险项必定会触发第二条风险项,且触发所述第二条风险项不会触发所述第一条风险项,则确定所述第一条风险项和第二条风险项之间存在关联。Determine the association relationship between any two risk items in the predetermined risk library, wherein triggering the first risk item will definitely trigger the second risk item, and triggering the second risk item will not trigger the first risk item risk item, it is determined that there is a relationship between the first risk item and the second risk item.

进一步地,在上述实施例的基础上,所述评估模块30设置于分析所述待评估设备已触发的风险项,是指:Further, on the basis of the above-mentioned embodiments, the evaluation module 30 is configured to analyze the risk items triggered by the device to be evaluated, which means:

所述评估模块设置于若预定的风险库包括访问控制列表ACL库时,分析触发所述待评估设备触发的每条风险项的触发次数、风险项的风险值以及风险项之间的关联关系这三者中的一个或者多个。The evaluation module is configured to analyze the number of triggers of each risk item triggered by the device to be evaluated, the risk value of the risk item, and the relationship between the risk items if the predetermined risk library includes an access control list ACL library. one or more of the three.

本发明实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,在此不再赘述。The device provided by the embodiment of the present invention can execute the above-mentioned method embodiment, and its implementation principle and technical effect are similar, and will not be repeated here.

进一步地,在上述实施例的基础上,所述评估模块30设置于分析所述待评估设备触发的风险项,是指:Further, on the basis of the above embodiments, the evaluation module 30 is configured to analyze the risk items triggered by the device to be evaluated, which means:

所述评估模块30设置于若预定的风险库包括基线库时,分析所述待评估设备触发的风险项的风险值。The evaluation module 30 is configured to analyze the risk value of the risk item triggered by the device to be evaluated if the predetermined risk library includes a baseline library.

本发明实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,在此不再赘述。The device provided by the embodiment of the present invention can execute the above-mentioned method embodiment, and its implementation principle and technical effect are similar, and will not be repeated here.

虽然本发明所揭露的实施方式如上,但所述的内容仅为便于理解本发明而采用的实施方式,并非用以限定本发明。任何本发明所属领域内的技术人员,在不脱离本发明所揭露的精神和范围的前提下,可以在实施的形式及细节上进行任何的修改与变化,但本发明的专利保护范围,仍须以所附的权利要求书所界定的范围为准。Although the embodiments disclosed in the present invention are as above, the described content is only an embodiment adopted for understanding the present invention, and is not intended to limit the present invention. Anyone skilled in the field of the present invention can make any modifications and changes in the form and details of the implementation without departing from the spirit and scope disclosed by the present invention, but the scope of patent protection of the present invention must still be The scope defined by the appended claims shall prevail.

Claims (10)

1. a kind of methods of risk assessment of Network Security Device, it is characterised in that including:
Predetermined risk storehouse is determined, the risk storehouse includes a plurality of risk;
Extract effective configuration information related to the risk in equipment to be assessed, and according to effectively matching somebody with somebody The risk analysis result of confidence breath obtains the risk of the equipment triggering to be assessed;
The risk in predetermined risk storehouse and the risk of the equipment triggering to be assessed are analyzed respectively, are taken Corresponding computational methods, obtain the secure state value of the equipment to be assessed.
2. according to the method described in claim 1, it is characterised in that it is determined that predetermined risk storehouse it Before, in addition to:
The risk storehouse of each Configuration Type is collected in advance, and the Configuration Type at least includes baseline library and/or access Control list ACL storehouses.
3. method according to claim 2, it is characterised in that the wind in the predetermined risk storehouse of analysis Dangerous item, including:
The sum of risk in the predetermined risk storehouse of statistics;
The value-at-risk of the risk obtained in predetermined risk storehouse is analyzed using CVSS3.0 methods of marking;
The incidence relation between any two risks in predetermined risk storehouse is determined, wherein, trigger first Risk item inherently triggering Article 2 risk, and trigger the Article 2 risk item and will not trigger described the One risk, it is determined that there is association between first risk and the Article 2 risk.
4. method according to claim 3, it is characterised in that the analysis equipment triggering to be assessed Risk, including:
If predetermined risk storehouse includes access control list ACL storehouse, the equipment triggering to be assessed is analyzed Every risk triggering times, the value-at-risk of risk and risk between incidence relation this three One or more in person.
5. method according to claim 3, it is characterised in that the analysis equipment triggering to be assessed Risk, including:
If predetermined risk storehouse includes baseline library, the wind of the risk of the equipment triggering to be assessed is analyzed Danger value.
6. the risk assessment device of a kind of Network Security Device, it is characterised in that the device includes:It is determined that Module, extraction module and evaluation module;
The determining module, is arranged at and determines predetermined risk storehouse, and the risk storehouse includes a plurality of risk Configuration information, the configuration information includes the identification code and description content of risk;
The extraction module, is arranged at and extracts related to the risk in equipment to be assessed effective match somebody with somebody Confidence ceases, and obtains the wind that the equipment to be assessed is triggered according to the risk analysis result of effective configuration information Dangerous item;
The evaluation module, is arranged at and analyzes risk in predetermined risk storehouse respectively and described to be assessed The risk of equipment triggering, takes corresponding computational methods, obtains the safe condition of the equipment to be assessed Value.
7. device according to claim 6, it is characterised in that also include:Pretreatment module;
The pretreatment module, is arranged at it is determined that before predetermined risk storehouse, each configuration class is collected in advance The risk storehouse of type, the Configuration Type at least includes baseline library and/or access control list ACL storehouse.
8. device according to claim 7, it is characterised in that the evaluation module is arranged at analysis Risk in predetermined risk storehouse, refers to:
The evaluation module is arranged at the sum of the risk in the risk storehouse for counting predetermined;
The value-at-risk of the risk obtained in predetermined risk storehouse is analyzed using CVSS3.0 methods of marking;
The incidence relation between any two risks in predetermined risk storehouse is determined, wherein, trigger first Risk item inherently triggering Article 2 risk, and trigger the Article 2 risk item and will not trigger described the One risk, it is determined that there is association between first risk and the Article 2 risk.
9. device according to claim 8, it is characterised in that the evaluation module is arranged at analysis The risk of the equipment triggering to be assessed, refers to:
If the evaluation module is arranged at predetermined risk storehouse including access control list ACL storehouse, analysis Triggering times, the value-at-risk of risk and the risk of every risk of the equipment triggering to be assessed With one or more in the incidence relation of risk this three.
10. device according to claim 8, it is characterised in that the evaluation module is arranged at point The risk of the equipment triggering to be assessed is analysed, is referred to:
If the evaluation module is arranged at predetermined risk storehouse including baseline library, described to be assessed set is analyzed The value-at-risk of the risk of standby triggering.
CN201610130297.2A 2016-03-08 2016-03-08 The methods of risk assessment and device of a kind of Network Security Device Pending CN107172004A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610130297.2A CN107172004A (en) 2016-03-08 2016-03-08 The methods of risk assessment and device of a kind of Network Security Device
PCT/CN2017/073933 WO2017152742A1 (en) 2016-03-08 2017-02-17 Risk assessment method and apparatus for network security device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610130297.2A CN107172004A (en) 2016-03-08 2016-03-08 The methods of risk assessment and device of a kind of Network Security Device

Publications (1)

Publication Number Publication Date
CN107172004A true CN107172004A (en) 2017-09-15

Family

ID=59788976

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610130297.2A Pending CN107172004A (en) 2016-03-08 2016-03-08 The methods of risk assessment and device of a kind of Network Security Device

Country Status (2)

Country Link
CN (1) CN107172004A (en)
WO (1) WO2017152742A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683662A (en) * 2018-05-14 2018-10-19 深圳市联软科技股份有限公司 Separate unit online equipment methods of risk assessment and system
CN109819292A (en) * 2019-01-28 2019-05-28 北京牡丹电子集团有限责任公司数字电视技术中心 A kind of control method and remote media machine of remote media machine
CN110348704A (en) * 2019-06-25 2019-10-18 阿里巴巴集团控股有限公司 Risk Identification Method, apparatus and system
CN110851839A (en) * 2019-11-12 2020-02-28 杭州安恒信息技术股份有限公司 Risk-based asset scoring method and system
CN111488580A (en) * 2020-03-25 2020-08-04 杭州迪普科技股份有限公司 Safety hazard detection method, device, electronic device and computer readable medium
CN113159638A (en) * 2021-05-17 2021-07-23 国网山东省电力公司电力科学研究院 Intelligent substation layered health degree index evaluation method and device
CN113537662A (en) * 2020-04-15 2021-10-22 上海汽车集团股份有限公司 Risk detection method and device
CN115952509A (en) * 2022-12-30 2023-04-11 支付宝(杭州)信息技术有限公司 Method and device for evaluating change risk
CN116389016A (en) * 2021-12-24 2023-07-04 中国信息安全测评中心 Network security analysis method and system
CN116415237A (en) * 2023-03-03 2023-07-11 港珠澳大桥管理局 Risk device identification method, apparatus, computer device and storage medium
WO2024001666A1 (en) * 2022-06-29 2024-01-04 华为技术有限公司 Network risk assessment method and related apparatus
CN117972724A (en) * 2024-02-22 2024-05-03 北京天融信网络安全技术有限公司 API asset security management method and system, electronic equipment and storage medium

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995550A (en) * 2017-12-29 2019-07-09 上海华为技术有限公司 A kind of risk analysis method and device
CN111343135B (en) * 2018-12-19 2022-05-13 中国移动通信集团湖南有限公司 Network security situation detection method
US11768945B2 (en) 2020-04-07 2023-09-26 Allstate Insurance Company Machine learning system for determining a security vulnerability in computer software
CN113972992B (en) * 2020-07-23 2024-01-30 中国电信股份有限公司 Access method and device for SDP controller and computer storage medium
CN112351022B (en) * 2020-10-30 2022-07-12 新华三技术有限公司 Security protection method and device for trust zone
CN114024860B (en) * 2021-11-02 2023-11-21 国网安徽省电力有限公司电力科学研究院 A risk monitoring system for network security equipment
CN114298525A (en) * 2021-12-24 2022-04-08 中电金信软件有限公司 Database risk assessment method and device
CN115361227B (en) * 2022-09-22 2023-05-09 珠海市鸿瑞信息技术股份有限公司 Network security detection method based on data visualization
CN115964582B (en) * 2022-11-03 2023-09-19 太平洋电信股份有限公司 Network security risk assessment method and system
WO2024108343A1 (en) * 2022-11-21 2024-05-30 宁德时代新能源科技股份有限公司 Fault risk evaluation method and device, storage medium, and server

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143851A1 (en) * 2005-12-21 2007-06-21 Fiberlink Method and systems for controlling access to computing resources based on known security vulnerabilities
CN102799822B (en) * 2012-07-11 2015-06-17 中国信息安全测评中心 Software running security measurement and estimation method based on network environment
CN103258165B (en) * 2013-05-10 2016-10-05 华为技术有限公司 The treating method and apparatus of leak evaluation
CN105282131B (en) * 2015-02-10 2018-10-23 中国移动通信集团广东有限公司 Method of Information Security Evaluation, apparatus and system based on the scanning of risk item

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683662A (en) * 2018-05-14 2018-10-19 深圳市联软科技股份有限公司 Separate unit online equipment methods of risk assessment and system
CN109819292A (en) * 2019-01-28 2019-05-28 北京牡丹电子集团有限责任公司数字电视技术中心 A kind of control method and remote media machine of remote media machine
CN109819292B (en) * 2019-01-28 2021-01-29 北京牡丹电子集团有限责任公司数字电视技术中心 Control method of remote media machine and remote media machine
CN110348704A (en) * 2019-06-25 2019-10-18 阿里巴巴集团控股有限公司 Risk Identification Method, apparatus and system
CN110851839B (en) * 2019-11-12 2022-03-11 杭州安恒信息技术股份有限公司 Risk-based asset scoring method and system
CN110851839A (en) * 2019-11-12 2020-02-28 杭州安恒信息技术股份有限公司 Risk-based asset scoring method and system
CN111488580A (en) * 2020-03-25 2020-08-04 杭州迪普科技股份有限公司 Safety hazard detection method, device, electronic device and computer readable medium
CN113537662A (en) * 2020-04-15 2021-10-22 上海汽车集团股份有限公司 Risk detection method and device
CN113159638A (en) * 2021-05-17 2021-07-23 国网山东省电力公司电力科学研究院 Intelligent substation layered health degree index evaluation method and device
CN113159638B (en) * 2021-05-17 2023-04-18 国网山东省电力公司电力科学研究院 Intelligent substation layered health degree index evaluation method and device
CN116389016A (en) * 2021-12-24 2023-07-04 中国信息安全测评中心 Network security analysis method and system
WO2024001666A1 (en) * 2022-06-29 2024-01-04 华为技术有限公司 Network risk assessment method and related apparatus
CN115952509A (en) * 2022-12-30 2023-04-11 支付宝(杭州)信息技术有限公司 Method and device for evaluating change risk
CN116415237A (en) * 2023-03-03 2023-07-11 港珠澳大桥管理局 Risk device identification method, apparatus, computer device and storage medium
CN116415237B (en) * 2023-03-03 2024-03-19 港珠澳大桥管理局 Risk device identification method, apparatus, computer device and storage medium
CN117972724A (en) * 2024-02-22 2024-05-03 北京天融信网络安全技术有限公司 API asset security management method and system, electronic equipment and storage medium

Also Published As

Publication number Publication date
WO2017152742A1 (en) 2017-09-14

Similar Documents

Publication Publication Date Title
CN107172004A (en) The methods of risk assessment and device of a kind of Network Security Device
US11522899B2 (en) System and method for vulnerability management for connected devices
Meng et al. Design of intelligent KNN‐based alarm filter using knowledge‐based alert verification in intrusion detection
US8418247B2 (en) Intrusion detection method and system
Corona et al. Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
CN111726364B (en) Host intrusion prevention method, system and related device
KR20200025043A (en) Method and system for security information and event management based on artificial intelligence
Lahre et al. Analyze different approaches for ids using kdd 99 data set
CN110519276A (en) A method of detection Intranet transverse shifting attack
Ghafir et al. A survey on intrusion detection and prevention systems
CN116451215A (en) Correlation analysis method and related equipment
CN108933781A (en) Method, apparatus and computer readable storage medium for processing character string
CN117376005A (en) Intelligent analysis method and system for unauthorized access vulnerability
WO2018135964A1 (en) Method for protecting web applications by automatically generating application models
CN115150182B (en) Information system network attack detection method based on traffic analysis
Lee et al. Sierra: Ranking anomalous activities in enterprise networks
Beigh et al. Intrusion detection and prevention system: issues and challenges
KR20210083607A (en) System and method for exponentiation of security element to analyze danger
Liu et al. A framework for database auditing
KR20210062254A (en) Device of detecting unknown threats using correlation of external threat intelligence with the packet information detected by IDSP for internal networks
Dadkhah et al. Alert correlation through a multi components architecture
CN107835153A (en) A kind of fragility situation data fusion method
Anashkin et al. Implementation of Behavioral Indicators in Threat Detection and User Behavior Analysis
Zhang et al. Analysis of payload based application level network anomaly detection
KR20210141198A (en) Network security system that provides security optimization function of internal network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170915

WD01 Invention patent application deemed withdrawn after publication