[go: up one dir, main page]

CN113259334B - Network system security vulnerability correlation modeling and analyzing method - Google Patents

Network system security vulnerability correlation modeling and analyzing method Download PDF

Info

Publication number
CN113259334B
CN113259334B CN202110479627.XA CN202110479627A CN113259334B CN 113259334 B CN113259334 B CN 113259334B CN 202110479627 A CN202110479627 A CN 202110479627A CN 113259334 B CN113259334 B CN 113259334B
Authority
CN
China
Prior art keywords
vulnerability
network
penetration
model
layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110479627.XA
Other languages
Chinese (zh)
Other versions
CN113259334A (en
Inventor
张亚玲
张贵玲
王一川
姬文江
朱磊
任炬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Technology
Original Assignee
Xian University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Technology filed Critical Xian University of Technology
Priority to CN202110479627.XA priority Critical patent/CN113259334B/en
Publication of CN113259334A publication Critical patent/CN113259334A/en
Application granted granted Critical
Publication of CN113259334B publication Critical patent/CN113259334B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a modeling and analyzing method for security vulnerability relevance of a network system, which is implemented according to the following steps: step 1, selecting a network scene, and detecting a network vulnerability existing in the specific network scene; step 2, performing relevance analysis on the loopholes obtained in the step 1, and performing tangent plane on the loopholes in two dimensions of a system level and a network level; step 3, merging the system section and the network section, adding vulnerability hazards as a third dimension, and establishing a three-dimensional evaluation model; and 4, analyzing the model in the step 3, establishing a vulnerability hazard degree evaluation mechanism, and evaluating the health state of the system. The problem that the network hazard degree measurement standard is not accurate enough in the prior art is solved.

Description

一种网络系统安全漏洞关联性建模与分析方法A network system security vulnerability correlation modeling and analysis method

技术领域technical field

本发明属于网络攻防技术领域,涉及一种网络系统安全漏洞关联性建模与分析方法。The invention belongs to the technical field of network attack and defense, and relates to a network system security vulnerability correlation modeling and analysis method.

背景技术Background technique

随着互联网的不断发展以及网络攻击手法日益复杂,网络安全问题日益严重。攻击者经常利用低级别的软件漏洞来触发高级别的软件漏洞,达到损害或控制网络系统的目的。网络安全态势日益严重,安全事件频发,评估并且保护网络安全面临巨大挑战。With the continuous development of the Internet and the increasingly complex network attack methods, network security problems are becoming more and more serious. Attackers often exploit low-level software vulnerabilities to trigger high-level software vulnerabilities to damage or control network systems. The network security situation is becoming more and more serious, and security incidents occur frequently. Assessing and protecting network security faces enormous challenges.

对于网络和系统漏洞利用而言,在不同用户权限下产生的影响不同,漏洞被利用的先后顺序不同,产生的危害性也不同。如何挖掘网络系统漏洞和分析漏洞危害性日益复杂。因此,目前需要在多样化、复杂化的攻击中识别系统自身漏洞及漏洞之间的关联性。已有的漏洞关联性分析方法采用电商领域的“购物篮分析方法”,通过研究已经产生的漏洞,将不同漏洞关联起来并挖掘二者之间联系,但该方法也具有一定的局限性,比如它不够形式化,对于漏洞利用的前因后果没有很好的挖掘。网络漏洞关联性的形式化分析也是网络安全领域面临的一大挑战。For the exploitation of network and system vulnerabilities, the impact of different user rights is different, the sequence in which the vulnerabilities are exploited is different, and the harmfulness is also different. How to mine network system vulnerabilities and analyze the harm of vulnerabilities is becoming more and more complicated. Therefore, it is currently necessary to identify the vulnerabilities of the system itself and the correlation between vulnerabilities in diverse and complex attacks. The existing vulnerability correlation analysis method adopts the "shopping basket analysis method" in the field of e-commerce. By studying the vulnerabilities that have been generated, the different vulnerabilities are correlated and the relationship between the two is explored. However, this method also has certain limitations. For example, it is not formal enough, and it does not have a good understanding of the causes and consequences of vulnerability exploitation. Formal analysis of network vulnerability correlation is also a major challenge in the field of network security.

网络攻击手段日益多样复杂化,预测、分析和防御变得越来越困难,从单一漏洞危害系统变为多个漏洞互相关联,共同被攻击者利用,从而危害系统的安全性。本文提出一种尚未采用过的方法,对漏洞进行系统和网络维度切面,建立图模型,之后评估漏洞危害性,解决传统方法分析效率低、获得信息量少、分析方法不够体系化、不能得到漏洞深层隐秘关联性的问题。The methods of network attacks are increasingly diverse and complex, and prediction, analysis, and defense are becoming more and more difficult. From a single vulnerability jeopardizing the system to multiple vulnerabilities that are interconnected and exploited by attackers together, the security of the system is compromised. This paper proposes a method that has not yet been adopted. It analyzes the vulnerabilities in the system and network dimensions, establishes a graph model, and then evaluates the vulnerability of the vulnerability. It solves the problem that the traditional method has low analysis efficiency, less information obtained, and the analysis method is not systematic enough, and the vulnerability cannot be obtained. The problem of deep cryptic relevance.

目前,在网络安全领域,网络漏洞危害等级的评估愈发显得重要。At present, in the field of network security, the assessment of the hazard level of network vulnerabilities is becoming more and more important.

现有的安全漏洞风险评估系统对漏洞的危害程度只做了简单的评估,NVD发布的通用漏洞评分系统CVSS评分给出的评分在0.0~10.0之间,数值越大说明该漏洞越危险,造成的后果越严重;CVSS系统利用漏洞基本评分、生命周期评分和环境评分计算出CVSS评分,从而提供一个衡量漏洞严重程度的标准。The existing security vulnerability risk assessment system only makes a simple assessment of the degree of harm of the vulnerability. The CVSS score, a general vulnerability scoring system released by NVD, gives a score between 0.0 and 10.0. The larger the value, the more dangerous the vulnerability is. The more serious the consequences are; the CVSS system uses the vulnerability basic score, life cycle score and environmental score to calculate the CVSS score, thereby providing a standard to measure the severity of the vulnerability.

如何从复杂多样的漏洞中设计一种更加准确、有用的漏洞危害程度评估机制,更好衡量系统架构和网络层次的单个漏洞以及多个关联漏洞对于整个系统网络的危害程度,成为网络安全研究面临的新挑战。How to design a more accurate and useful vulnerability damage degree assessment mechanism from complex and diverse vulnerabilities, and better measure the damage degree of a single vulnerability and multiple associated vulnerabilities at the system architecture and network level to the entire system network, has become a challenge for network security research. new challenges.

发明内容SUMMARY OF THE INVENTION

本发明的目的是提供一种网络系统安全漏洞关联性建模与分析方法,解决了现有技术中存在的网络危害程度衡量标准不够准确的问题。The purpose of the present invention is to provide a network system security vulnerability correlation modeling and analysis method, which solves the problem that the network damage degree measurement standard in the prior art is not accurate enough.

本发明所采用的技术方案是,一种网络系统安全漏洞关联性建模与分析方法,具体按照以下步骤实施:The technical scheme adopted by the present invention is a method for modeling and analyzing the correlation of security vulnerabilities in a network system, which is specifically implemented according to the following steps:

步骤1、选定网络场景,检测特定网络场景中存在的网络漏洞;Step 1. Select a network scenario to detect network vulnerabilities existing in a specific network scenario;

步骤2、对步骤1得到的漏洞进行关联性分析,并针对漏洞在系统层次和网络层次两个维度进行切面;Step 2. Carry out correlation analysis on the vulnerabilities obtained in step 1, and analyze the vulnerabilities in two dimensions: system level and network level;

步骤3、将系统切面和网络切面进行合并,并加入漏洞危害作为第三维度,建立三维评估模型;Step 3. Combine the system aspect and the network aspect, and add vulnerability hazards as the third dimension to establish a three-dimensional evaluation model;

步骤4、对步骤3中的模型进行分析,并建立漏洞危害程度评估机制,评估系统的健康状态。Step 4: Analyze the model in step 3, and establish a vulnerability damage degree assessment mechanism to assess the health status of the system.

本发明的特点还在于:The feature of the present invention also lies in:

步骤1具体按照以下实施:设定攻击事件存在A、B、C三跳漏洞的渗透,其中每一跳漏洞渗透事件都属于对渗透路径上同一个设备的渗透,对漏洞的前因后果进行分析,判断漏洞X的*X和X*,形成漏洞渗透链,并对渗透过程进行形式化描述。Step 1 is specifically implemented as follows: it is assumed that there are three-hop vulnerability penetrations of A, B, and C in the attack event, in which each hop vulnerability penetration event belongs to the penetration of the same device on the penetration path, and the cause and effect of the vulnerability are analyzed and judged. * X and X * of vulnerability X form a vulnerability penetration chain, and formally describe the penetration process.

步骤2具体按照以下步骤实施:Step 2 is implemented according to the following steps:

步骤2.1,对形成的漏洞链进行系统维度的切面:Step 2.1, carry out the system dimension aspect of the formed vulnerability chain:

系统架构由上至下分为网络服务层、应用服务层、系统服务层、操作系统层、硬件层,根据漏洞所在的系统架构层次,对每一跳漏洞进行映射,漏洞用节点表示在系统架构图中,节点之间的前驱后继关系用带箭头的线表示,体现渗透的方向以及过程,将漏洞映射到系统架构的不同层面上,从而形成漏洞的系统切面图模型;The system architecture is divided into network service layer, application service layer, system service layer, operating system layer, and hardware layer from top to bottom. According to the system architecture level where the vulnerability is located, each hop vulnerability is mapped, and the vulnerability is represented by a node in the system architecture. In the figure, the predecessor-successor relationship between nodes is represented by lines with arrows, which reflect the direction and process of penetration, and map vulnerabilities to different levels of the system architecture, thereby forming a system slice model of vulnerabilities;

步骤2.2,建立网络切面图模型:Step 2.2, establish a network slice model:

按照网络维度对漏洞进行切面,网络层次自上而下可以分为应用层、传输层、网络层、数据链路层、物理层。根据漏洞的渗透情况以及所属的网络层次进行映射;映射过程中,具有前驱后继关系的漏洞节点用箭头指明,从而完成网络切面图模型的构建。According to the network dimension, the vulnerability can be divided into application layer, transport layer, network layer, data link layer and physical layer from top to bottom. Mapping is carried out according to the penetration of the vulnerability and the network level to which it belongs; during the mapping process, the vulnerability nodes with predecessor-successor relationships are indicated by arrows, thus completing the construction of the network slice graph model.

步骤3具体按照以下步骤实施:Step 3 is implemented according to the following steps:

步骤3.1,将经步骤2后得到的系统和网络切面进行合并,注意进行合并的系统切面和网络切面是通过同样的攻击渗透路径映射而成,合成模型在极坐标轴中构建;Step 3.1, merge the system and network aspects obtained after step 2, note that the combined system aspect and network aspect are mapped through the same attack penetration path, and the composite model is constructed in the polar coordinate axis;

步骤3.2,至此形成二维图模型,展示漏洞链在系统和网络层面的渗透方式以及位置,深层次、高准确性地分析漏洞关联性以及评估漏洞的危害程度;鉴于漏洞的危害等级不同,在二维极坐标系中加入第三维度,用漏洞危害作为第三维度,完善漏洞关联性模型图。Step 3.2, a two-dimensional graph model is formed so far, showing the penetration method and location of the vulnerability chain at the system and network levels, deeply and accurately analyzing the vulnerability correlation and assessing the degree of harm of the vulnerability; A third dimension is added to the two-dimensional polar coordinate system, and vulnerability hazards are used as the third dimension to improve the vulnerability correlation model diagram.

步骤4具体按照以下步骤实施:Step 4 is implemented according to the following steps:

步骤4.1,根据步骤3所得模型,并建立综合考虑系统和网络以及漏洞本身危害的评估机制;Step 4.1, according to the model obtained in step 3, and establish an assessment mechanism that comprehensively considers the harm of the system, the network and the vulnerability itself;

步骤4.2,设定漏洞在系统切面的渗透满足矢量S=(A1,B1,C1),在网络切面的渗透满足矢量P=(A2,B2,C2),其中A1,B1,C1,A2,B2,C2表示漏洞处于系统或网络的层次,从而得到漏洞渗透的转化图;Step 4.2, set the penetration of the vulnerability in the system aspect to satisfy the vector S=(A1, B1, C1), and the penetration in the network aspect to satisfy the vector P=(A2, B2, C2), where A1, B1, C1, A2, B2 , C2 indicates that the vulnerability is at the system or network level, so as to obtain the transformation map of vulnerability penetration;

步骤4.3,设定系统和网络切面的危害为两个固定值a、b,a、b取决于评估者对系统和网络的侧重程度,并且满足归一化条件,即:a+b=1;Step 4.3, set the hazards of the system and network aspects as two fixed values a, b, a and b depend on the evaluator's emphasis on the system and the network, and satisfy the normalization condition, namely: a+b=1;

步骤4.4,计算系统切面和网络切面的漏洞危害程度评估值;采用加权计算方法;Step 4.4, calculate the assessment value of the vulnerability damage degree of the system aspect and the network aspect; adopt the weighted calculation method;

步骤4.5,根据漏洞评估模型,进行漏洞危害评估;设定漏洞评估值V,本发明提出计算V的方法如下,计算系统和网络层次中漏洞危害的加权危害和,并左乘漏洞本身危害D,即:V=D·(a·S+b·P),D是由漏洞危害构成的n维行向量,行向量的每个元素从左至右依次代表从漏洞1到漏洞n的CVSS漏洞等级危害评分,之后计算评估值的模,更加立体客观地表示网络漏洞的危害程度。Step 4.5, according to the vulnerability assessment model, carry out vulnerability hazard assessment; set the vulnerability assessment value V, the present invention proposes a method for calculating V as follows, calculating the weighted hazard sum of the vulnerability hazards in the system and the network level, and multiplying the vulnerability itself hazard D by the left, That is: V=D·(a·S+b·P), D is an n-dimensional row vector composed of vulnerability hazards, and each element of the row vector represents the CVSS vulnerability level from vulnerability 1 to vulnerability n in turn from left to right Hazard score, and then calculate the modulo of the evaluation value to more three-dimensionally and objectively represent the degree of harm of network vulnerabilities.

本发明的有益效果是:本发明一种网络系统安全漏洞关联性建模与分析方法,解决了现有技术中存在的网络漏洞评分单一化、漏洞关联性分析非形式化、网络危害程度衡量标准不够准确的问题。针对特定场景下,网络攻击防御中对漏洞的逐步渗透,将漏洞进行关联性分析,然后对漏洞进行系统架构和网络层面的切面建模,最后将两个切面图模型进行合并以及评估。对漏洞进行系统维度和网络维度的切面,分析漏洞渗透以及评估网络危害程度,是一种对漏洞进行多维度划分和深层次关联分析的方法。对网络漏洞危害性的评估从传统的简单评分变成一个综合评估值,准确性更高,评估视角更加全面,漏洞分析更透彻,具有很强的参考性和实用性。The beneficial effects of the present invention are as follows: the present invention is a method for modeling and analyzing the correlation of security vulnerabilities in a network system, which solves the problems of single network vulnerability scoring, informal vulnerability correlation analysis, and network hazard degree measurement standards existing in the prior art. Inaccurate question. For specific scenarios, the gradual penetration of vulnerabilities in network attack defense, the correlation analysis of the vulnerabilities is carried out, and then the system architecture and network level aspect modeling of the vulnerabilities are performed, and finally the two aspect graph models are merged and evaluated. It is a method for multi-dimensional division and deep correlation analysis of vulnerabilities to analyze vulnerabilities in the system dimension and network dimension, analyze vulnerability penetration and assess the degree of network damage. The assessment of the hazard of network vulnerabilities has changed from a traditional simple score to a comprehensive evaluation value, with higher accuracy, more comprehensive evaluation perspective, and more thorough vulnerability analysis, which is highly useful and practical.

附图说明Description of drawings

图1是本发明一种网络系统安全漏洞关联性建模与分析方法的流程框图;Fig. 1 is the flow chart of a kind of network system security vulnerability correlation modeling and analysis method of the present invention;

图2是本发明一种网络系统安全漏洞关联性建模与分析方法中步骤4的流程框图;Fig. 2 is a flow chart of step 4 in a network system security vulnerability correlation modeling and analysis method of the present invention;

图3是本发明一种网络系统安全漏洞关联性建模与分析方法的前驱后继图;Fig. 3 is the predecessor and successor diagram of a kind of network system security vulnerability correlation modeling and analysis method of the present invention;

图4是采用本发明一种网络系统安全漏洞关联性建模与分析方法对漏洞进行系统维度切面产生的图模型;Fig. 4 is the graph model that adopts a kind of network system security vulnerability correlation modeling and analysis method of the present invention to carry out the system dimension slice generation to the vulnerability;

图5是采用本发明一种网络系统安全漏洞关联性建模与分析方法对漏洞进行网络维度切面产生的图模型。FIG. 5 is a graph model generated by using a network system security vulnerability correlation modeling and analysis method of the present invention to generate network dimension slices for vulnerabilities.

具体实施方式Detailed ways

下面结合附图和具体实施方式对本发明进行详细说明。The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.

本发明一种网络系统安全漏洞关联性建模与分析方法首先对漏洞的前驱、后继进行定义。The method for modeling and analyzing the correlation of security vulnerabilities in a network system of the present invention firstly defines the predecessor and successor of the vulnerability.

定义1.1:*B称作B的前驱当且仅当:漏洞X的发生导致漏洞B的发生,称漏洞X为*B;Definition 1.1: * B is called the precursor of B if and only if: the occurrence of vulnerability X leads to the occurrence of vulnerability B, and vulnerability X is called * B;

定义1.2:B*称作B的后继当且仅当:漏洞B的发生导致漏洞Y的发生,称漏洞Y为B*Definition 1.2: B * is called the successor of B if and only if: the occurrence of vulnerability B leads to the occurrence of vulnerability Y, and vulnerability Y is called B * .

本发明一种网络系统安全漏洞关联性建模与分析方法,如图1所示,具体按照以下步骤实施:A network system security vulnerability correlation modeling and analysis method of the present invention, as shown in Figure 1, is specifically implemented according to the following steps:

步骤1、选定网络场景,检测特定网络场景中存在的网络漏洞;Step 1. Select a network scenario to detect network vulnerabilities existing in a specific network scenario;

步骤1具体按照以下实施:设定攻击事件存在A、B、C三跳漏洞的渗透,其中每一跳漏洞渗透事件都属于对渗透路径上同一个设备的渗透,对漏洞的前因后果进行分析,判断漏洞X的*X和X*,形成漏洞渗透链,并对渗透过程进行形式化描述。Step 1 is specifically implemented as follows: It is assumed that there are three-hop vulnerability penetrations of A, B, and C in the attack event, in which each hop vulnerability penetration event belongs to the penetration of the same device on the penetration path, and the cause and effect of the vulnerability are analyzed and judged. * X and X* of vulnerability X form a vulnerability penetration chain, and formally describe the penetration process.

步骤2、对步骤1得到的漏洞进行关联性分析,并针对漏洞在系统层次和网络层次两个维度进行切面;Step 2. Carry out correlation analysis on the vulnerabilities obtained in step 1, and analyze the vulnerabilities in two dimensions: system level and network level;

步骤2具体按照以下步骤实施:Step 2 is implemented according to the following steps:

步骤2.1,对形成的漏洞链进行系统维度的切面:Step 2.1, carry out the system dimension aspect of the formed vulnerability chain:

系统架构由上至下分为网络服务层、应用服务层、系统服务层、操作系统层、硬件层,根据漏洞所在的系统架构层次,对每一跳漏洞进行映射,漏洞用节点表示在系统架构图中,节点之间的前驱后继关系用带箭头的线表示,体现渗透的方向以及过程,将漏洞映射到系统架构的不同层面上,从而形成漏洞的系统切面图模型;The system architecture is divided into network service layer, application service layer, system service layer, operating system layer, and hardware layer from top to bottom. According to the system architecture level where the vulnerability is located, each hop vulnerability is mapped, and the vulnerability is represented by a node in the system architecture. In the figure, the predecessor-successor relationship between nodes is represented by lines with arrows, which reflect the direction and process of penetration, and map vulnerabilities to different levels of the system architecture, thereby forming a system slice model of vulnerabilities;

步骤2.2,建立网络切面图模型:Step 2.2, establish a network slice model:

按照网络维度对漏洞进行切面,网络层次自上而下可以分为应用层、传输层、网络层、数据链路层、物理层。根据漏洞的渗透情况以及所属的网络层次进行映射;映射过程中,具有前驱后继关系的漏洞节点用箭头指明,从而完成网络切面图模型的构建。According to the network dimension, the vulnerability can be divided into application layer, transport layer, network layer, data link layer and physical layer from top to bottom. Mapping is carried out according to the penetration of the vulnerability and the network level to which it belongs; during the mapping process, the vulnerability nodes with predecessor-successor relationships are indicated by arrows, thus completing the construction of the network slice graph model.

步骤3、将系统切面和网络切面进行合并,并加入漏洞危害作为第三维度,建立三维评估模型;Step 3. Combine the system aspect and the network aspect, and add vulnerability hazards as the third dimension to establish a three-dimensional evaluation model;

步骤3具体按照以下步骤实施:Step 3 is implemented according to the following steps:

步骤3.1,将经步骤2后得到的系统和网络切面进行合并,注意进行合并的系统切面和网络切面是通过同样的攻击渗透路径映射而成,合成模型在极坐标轴中构建;Step 3.1, merge the system and network aspects obtained after step 2, note that the combined system aspect and network aspect are mapped through the same attack penetration path, and the composite model is constructed in the polar coordinate axis;

步骤3.2,至此形成二维图模型,展示漏洞链在系统和网络层面的渗透方式以及位置,深层次、高准确性地分析漏洞关联性以及评估漏洞的危害程度;鉴于漏洞的危害等级不同,在二维极坐标系中加入第三维度,用漏洞危害作为第三维度,完善漏洞关联性模型图。Step 3.2, a two-dimensional graph model is formed so far, showing the penetration method and location of the vulnerability chain at the system and network levels, deeply and accurately analyzing the vulnerability correlation and assessing the degree of harm of the vulnerability; A third dimension is added to the two-dimensional polar coordinate system, and vulnerability hazards are used as the third dimension to improve the vulnerability correlation model diagram.

步骤4、对步骤3中的模型进行分析,并建立漏洞危害程度评估机制,评估系统的健康状态。Step 4: Analyze the model in step 3, and establish a vulnerability damage degree assessment mechanism to assess the health status of the system.

如图3所示,步骤4具体按照以下步骤实施:As shown in Figure 3, step 4 is implemented according to the following steps:

步骤4.1,根据步骤3所得模型,并建立综合考虑系统和网络以及漏洞本身危害的评估机制;Step 4.1, according to the model obtained in step 3, and establish an assessment mechanism that comprehensively considers the harm of the system, the network and the vulnerability itself;

步骤4.2,设定漏洞在系统切面的渗透满足矢量S=(A1,B1,C1),在网络切面的渗透满足矢量P=(A2,B2,C2),其中A1,B1,C1,A2,B2,C2表示漏洞处于系统或网络的层次,从而得到漏洞渗透的转化图;Step 4.2, set the penetration of the vulnerability in the system aspect to satisfy the vector S=(A1, B1, C1), and the penetration in the network aspect to satisfy the vector P=(A2, B2, C2), where A1, B1, C1, A2, B2 , C2 indicates that the vulnerability is at the system or network level, so as to obtain the transformation map of vulnerability penetration;

步骤4.3,设定系统和网络切面的危害为两个固定值a、b,a、b取决于评估者对系统和网络的侧重程度,并且满足归一化条件,即:a+b=1;Step 4.3, set the hazards of the system and network aspects as two fixed values a, b, a and b depend on the evaluator's emphasis on the system and the network, and satisfy the normalization condition, namely: a+b=1;

步骤4.4,计算系统切面和网络切面的漏洞危害程度评估值;采用加权计算方法;Step 4.4, calculate the assessment value of the vulnerability damage degree of the system aspect and the network aspect; adopt the weighted calculation method;

步骤4.5,根据漏洞评估模型,进行漏洞危害评估;设定漏洞评估值V,计算V的方法如下,计算系统和网络层次中漏洞危害的加权危害和,并左乘漏洞本身危害D,即:V=D·(a·S+b·P),D是由漏洞危害构成的n维行向量,行向量的每个元素从左至右依次代表从漏洞1到漏洞n的CVSS漏洞等级危害评分,之后计算评估值的模,更加立体客观地表示网络漏洞的危害程度。Step 4.5, according to the vulnerability assessment model, carry out vulnerability hazard assessment; set the vulnerability assessment value V, and calculate V as follows: Calculate the weighted hazard sum of vulnerability hazards at the system and network levels, and multiply the vulnerability itself hazard D by the left, namely: V =D·(a·S+b·P), D is an n-dimensional row vector composed of vulnerability hazards, each element of the row vector represents the CVSS vulnerability level hazard score from vulnerability 1 to vulnerability n in turn from left to right, After that, the modulus of the evaluation value is calculated to more three-dimensionally and objectively represent the damage degree of the network vulnerability.

实施例Example

在网络系统中,某些用户信息的泄露会使得系统漏洞被激活,进而被渗透,有些渗透结果甚至可以再次被利用,步步深入系统内部,得到更高权限,为了掩盖渗透行为,渗透者对渗透痕迹进行擦除,为方便下一次攻击,渗透者进行留后门。In the network system, the leakage of some user information will activate the system loopholes and then infiltrate them. Some infiltration results can even be used again. Step by step, they can penetrate deep into the system to obtain higher rights. In order to cover up the infiltration behavior, the infiltrator The infiltration traces are erased. In order to facilitate the next attack, the infiltrator will leave a back door.

记A为系统版本太低造成的漏洞,攻击者通过此漏洞,造成系统出现溢出漏洞B,通过溢出,渗透者可以获得系统shell,进而通过利用shell引发提权漏洞C,渗透者通过普通用户登录系统,进行提权,获得管理员信息,登录后台,对网站的数据库或其他信息进行更改,最终攻击者成功提权。根据定义1.1,漏洞A表示为*B,根据定义1.2,漏洞C表示为B**B、B、B*之间关联性密切,一起作用于系统,对网络和系统造成巨大危害。Note that A is the vulnerability caused by the system version being too low. The attacker uses this vulnerability to cause an overflow vulnerability B in the system. Through the overflow, the infiltrator can obtain the system shell, and then use the shell to trigger the privilege escalation vulnerability C. The infiltrator logs in through ordinary users. System, escalate privileges, obtain administrator information, log in to the background, make changes to the database or other information of the website, and finally the attacker successfully escalates privileges. According to definition 1.1, vulnerability A is represented as * B, and according to definition 1.2, vulnerability C is represented as B * . * B, B, and B * are closely related and act on the system together, causing great harm to the network and the system.

将漏洞库中的漏洞进行系统维度切面,形成漏洞系统切面;Take the vulnerabilities in the vulnerability library to the system dimension aspect to form the vulnerability system aspect;

系统架构由上至下分为网络服务层、应用服务层、系统服务层、操作系统层、硬件层,根据漏洞所在的系统层次,将漏洞映射到系统架构的不同层面上,建立图模型,如图4所示,图中的漏洞点以及箭头表示漏洞的前驱后继和渗透过程,图模型由内圈向外圈表示系统层的不同层次,A1、B1、C1构成一条漏洞链,A1为一次利用系统低版本进行溢出事件,B1为一次系统溢出暴露shell事件,C1为一次利用shell漏洞进行提权事件,根据定义1.1,漏洞A1表示为*B1,根据定义1.2,漏洞C1表示为B1*,设定*B1在环形图中的权值时7,B1在环形图中的权值为8,B1*在环形图中的权值为9,得到矢量S=(7,8,9),假设本漏洞链的评估对于系统和网络的侧重度相同,则系统切面的危害权重记为1/2,得到危害程度评估值a.S。The system architecture is divided into network service layer, application service layer, system service layer, operating system layer, and hardware layer from top to bottom. As shown in Figure 4, the vulnerability points and arrows in the figure represent the predecessor, successor and penetration process of the vulnerability. The graph model represents the different levels of the system layer from the inner circle to the outer circle. A1, B1, and C1 form a vulnerability chain, and A1 is an exploit. The lower version of the system performs an overflow event, B1 is a system overflow exposure shell event, and C1 is a privilege escalation event using a shell vulnerability. According to definition 1.1, vulnerability A1 is represented as * B1, and according to definition 1.2, vulnerability C1 is represented as B1 * , set When the weight of * B1 in the ring diagram is 7, the weight of B1 in the ring diagram is 8, and the weight of B1 * in the ring diagram is 9, and the vector S=(7,8,9) is obtained, assuming this The evaluation of the vulnerability chain has the same emphasis on the system and the network, then the damage weight of the system aspect is recorded as 1/2, and the damage degree evaluation value aS is obtained.

建立网络维度的切面图模型。Build a slice graph model of the network dimension.

按照网络维度对漏洞进行切面,网络层次自上而下可以考虑应用层、传输层、网络层、数据链路层、物理层。根据漏洞的渗透情况以及所属网络层次,进行映射。映射过程中,用箭头指明渗透方向及过程,从而完成网络切面图模型的构建,如图5所示,图模型由内圈向外圈表示网络体系的不同层次。A2为一次利用系统低版本进行溢出事件,B2为一次系统溢出暴露shell事件,C2为一次利用shell漏洞进行提权事件,根据定义1.1,漏洞A2表示为*B2,根据定义1.2,漏洞C2表示为B2*,设定*B2在环形图中的权值为6,B2在环形图中的权值为8,B2*在环形图中的权值为10,得到矢量P=(6,8,10),假设本漏洞链的评估对于系统和网络的侧重度相同,则网络切面的危害权重记为1/2,得到危害程度评估值b.P。According to the network dimension, the vulnerability is sliced. The network layer can consider the application layer, transport layer, network layer, data link layer, and physical layer from top to bottom. Map according to the penetration of the vulnerability and the network level to which it belongs. In the mapping process, arrows are used to indicate the penetration direction and process, thus completing the construction of the network slice graph model. As shown in Figure 5, the graph model represents the different levels of the network system from the inner circle to the outer circle. A2 is an overflow event using a low version of the system, B2 is a system overflow exposing shell event, and C2 is a privilege escalation event using a shell vulnerability. According to definition 1.1, vulnerability A2 is represented as * B2, and according to definition 1.2, vulnerability C2 is represented as B2 * , set the weight of * B2 in the ring diagram to 6, the weight of B2 in the ring diagram to 8, and the weight of B2 * in the ring diagram to be 10, get the vector P=(6,8,10 ), assuming that the evaluation of this vulnerability chain has the same emphasis on the system and the network, the damage weight of the network aspect is recorded as 1/2, and the damage degree evaluation value bP is obtained.

将经步骤2后得到的系统和网络切面图模型进行合并,注意进行合并的系统切面模型和网络切面模型是通过同样的攻击渗透路径映射而成,为深层次、高准确性分析漏洞的关联性以及危害程度做准备。Merge the system and network aspect graph models obtained after step 2. Note that the combined system aspect model and network aspect model are mapped through the same attack penetration path, which is a deep and high-accuracy analysis of vulnerability correlations. and preparedness for hazards.

鉴于不同漏洞链的危害等级不同,在二维极坐标中加入第三维度,用漏洞危害D作为第三维度,完善漏洞关联性分析图模型的构建。In view of the different hazard levels of different vulnerability chains, the third dimension is added to the two-dimensional polar coordinates, and the vulnerability hazard D is used as the third dimension to improve the construction of the vulnerability correlation analysis graph model.

根据步骤4,用实例说明具体如下:According to step 4, the specific example is as follows:

将经步骤3后得到的模型进行分析,并建立综合考虑系统和网络以及漏洞本身危害程度的评估机制;Analyze the model obtained after step 3, and establish an evaluation mechanism that comprehensively considers the damage degree of the system, the network, and the vulnerability itself;

根据已知条件,漏洞链在系统切面的渗透危害程度满足矢量S=(A1,B1,C1),在网络切面的渗透危害程度满足矢量P=(A2,B2,C2),其中A1,B1,C1,A2,B2,C2表示漏洞处于系统或网络的层次,从而得到漏洞的渗透转化图,如图3所示;According to the known conditions, the penetration hazard degree of the vulnerability chain in the system aspect satisfies the vector S=(A1, B1, C1), and the penetration hazard degree in the network aspect satisfies the vector P=(A2, B2, C2), where A1, B1, C1, A2, B2, C2 indicate that the vulnerability is at the system or network level, so as to obtain the penetration transformation diagram of the vulnerability, as shown in Figure 3;

设定系统和网络切面的危害为两个固定值a、b,两个值满足归一化条件,即:a+b=1,设定在本漏洞链中,系统和网络的危害性侧重程度相同,即:a=b=1/2;The hazards of the system and network aspects are set as two fixed values a and b, and the two values satisfy the normalization condition, that is: a+b=1. Set in this vulnerability chain, the degree of emphasis on the hazards of the system and the network is set. The same, namely: a=b=1/2;

采用加权程度的评估值,根据本漏洞实例,得到系统切面的危害程度为a.S,网络切面的危害程度为b.P;Using the evaluation value of the weighted degree, according to this vulnerability example, the damage degree of the system aspect is obtained as a.S, and the damage degree of the network aspect is b.P;

根据漏洞评估模型,进行漏洞危害评估。设定漏洞评估值V,本发明提出根据模型图计算V的方法如下,计算系统架构和网络层次漏洞危害的加权和,并左乘漏洞本身危害D,即:V=D·(a·S+b·P),D是由漏洞危害构成的n维行向量,行向量的每个元素从左至右依次代表从漏洞1到漏洞n的CVSS漏洞等级危害评分,之后计算评估值的模,表示网络漏洞的危害程度。本案例中,由于有漏洞链有三个漏洞,故设定D为三维行向量D=(5,3,3),则危害程度V=D·(a·S+b.P)=(5,3,3)·{1/2·(7,8,9)+1/2·(6,8,10)},计算出矢量值V的值为(143/2,88,209/2),之后计算|V|为

Figure GDA0003606374220000101
用来表示整个网络系统产生的漏洞的危害程度,进而评估网络的健康状态。According to the vulnerability assessment model, perform vulnerability hazard assessment. Setting the vulnerability assessment value V, the present invention proposes a method for calculating V according to the model diagram as follows, calculating the weighted sum of the vulnerability hazards of the system architecture and the network level, and multiplying the vulnerability itself damage D by the left, namely: V=D·(a·S+ b·P), D is an n-dimensional row vector composed of vulnerability hazards. Each element of the row vector represents the CVSS vulnerability level hazard score from vulnerability 1 to vulnerability n in turn from left to right, and then the modulus of the evaluation value is calculated, indicating The severity of network vulnerabilities. In this case, since there are three loopholes in the loophole chain, D is set as a three-dimensional row vector D = (5, 3, 3), then the degree of damage V = D · (a · S + bP) = (5, 3, 3)·{1/2·(7,8,9)+1/2·(6,8,10)}, calculate the value of the vector value V as (143/2,88,209/2), and then calculate| V| is
Figure GDA0003606374220000101
It is used to express the damage degree of the vulnerabilities generated by the entire network system, and then evaluate the health status of the network.

采用本发明一种网络系统安全漏洞关联性建模与分析方法,利用网络中的漏洞并进行关联性分析,得到漏洞的前驱后继图,如图3所示。根据漏洞所属的系统层次和网络层次,对漏洞链进行切面并综合评估漏洞对于系统和网络的危害程度,如图4和图5所示,合并系统切面和网络切面,构建网络系统安全漏洞关联性分析模型。设定一种更加准确的危害性评估新方法,进而对网络系统安全漏洞进行评估。通过本发明一种网络系统安全漏洞关联性建模与分析方法对特定渗透场景中的漏洞进行系统和网络维度的切面建模,再结合应用场景,能够快速准确的评估漏洞的危害程度,进而评估网络的健康状态。By adopting the method for modeling and analyzing the correlation of network system security vulnerabilities of the present invention, the vulnerabilities in the network are utilized and the correlation analysis is performed to obtain the predecessor and successor diagram of the vulnerabilities, as shown in FIG. 3 . According to the system level and network level to which the vulnerability belongs, the vulnerability chain is sliced and the degree of harm of the vulnerability to the system and network is comprehensively assessed. Analytical model. Set up a new more accurate hazard assessment method to assess network system security vulnerabilities. Through the method for modeling and analyzing the correlation of network system security vulnerabilities of the present invention, the vulnerability in a specific penetration scenario is modeled in terms of system and network dimensions, and combined with the application scenario, the degree of harm of the vulnerability can be quickly and accurately evaluated, and then the evaluation The health status of the network.

现有的漏洞安全评估研究思路仅仅是对漏洞进行简单的关联性分析,参照其生命周期以及环境进行评分。本发明一种网络系统安全漏洞关联性建模与分析方法另辟蹊径,对漏洞链进行系统维度和网络维度的切面并构建图模型,解决了传统用CVSS评分评价漏洞简单化、准确性低的问题,对于未来网络安全方面漏洞危害等级的评估以及网络健康状态的衡量有一定的参考性。The existing research ideas of vulnerability security assessment are only simple correlation analysis of vulnerabilities, and scoring with reference to their life cycle and environment. A method for modeling and analyzing the correlation of security vulnerabilities in a network system of the present invention takes a new approach. The vulnerability chain is cut into the system dimension and the network dimension and a graph model is constructed, which solves the problems of simplification and low accuracy of traditional evaluation of vulnerabilities by CVSS scoring. It has certain reference for the evaluation of vulnerability hazard level in future network security and the measurement of network health status.

根据用户需要,按照本发明一种网络系统安全漏洞关联性建模与分析方法,可以对系统切面和网络切面的每一层进一步划分子层,更细致地刻画漏洞链,在网络安全评估领域具有很好地研究前景和研究价值。According to the needs of users, according to the method for modeling and analyzing the correlation of network system security vulnerabilities of the present invention, the system aspect and each layer of the network aspect can be further divided into sub-layers, and the vulnerability chain can be described in more detail. Good research prospects and research value.

本发明一种网络系统安全漏洞关联性建模与分析方法,解决了现有技术中存在的网络漏洞评分单一化、漏洞关联性分析非形式化、网络危害程度衡量标准不够准确的问题。针对特定场景下,网络攻击防御中对漏洞的逐步渗透,将漏洞进行关联性分析,然后对漏洞进行系统架构和网络层面的切面建模,最后将两个切面图模型进行合并以及评估。对漏洞进行系统维度和网络维度的切面,分析漏洞渗透以及评估网络危害程度,是一种对漏洞进行多维度划分和深层次关联分析的方法。对网络漏洞危害性的评估从传统的简单评分变成一个综合评估值,准确性更高,评估视角更加全面,漏洞分析更透彻,具有很强的参考性和实用性。The invention provides a network system security vulnerability correlation modeling and analysis method, which solves the problems existing in the prior art that the network vulnerability scoring is single, the vulnerability correlation analysis is informal, and the network hazard degree measurement standard is not accurate enough. For specific scenarios, the gradual penetration of vulnerabilities in network attack defense, the correlation analysis of the vulnerabilities is carried out, and then the system architecture and network level aspect modeling of the vulnerabilities are performed, and finally the two aspect graph models are merged and evaluated. It is a method for multi-dimensional division and deep correlation analysis of vulnerabilities to analyze vulnerabilities in the system dimension and network dimension, analyze vulnerability penetration and assess the degree of network damage. The assessment of the hazard of network vulnerabilities has changed from a traditional simple score to a comprehensive evaluation value, with higher accuracy, more comprehensive evaluation perspective, and more thorough vulnerability analysis, which is highly useful and practical.

Claims (2)

1. A network system security vulnerability correlation modeling and analyzing method is characterized by comprising the following steps:
step 1, selecting a network scene, and detecting a network vulnerability existing in the network scene;
step 2, performing relevance analysis on the loopholes obtained in the step 1, and performing tangent plane on the loopholes in two dimensions of a system level and a network level;
step 3, merging the system section and the network section, adding vulnerability hazards as a third dimension, and establishing a three-dimensional evaluation model;
step 4, analyzing the model in the step 3, establishing a vulnerability hazard degree evaluation mechanism, and evaluating the health state of the system;
the step 2 is specifically implemented according to the following steps:
step 2.1, performing a systematic dimensional tangent plane on the formed vulnerability chain:
system frameThe structure is divided into a network service layer, an application service layer, a system service layer, an operating system layer and a hardware layer from top to bottom, each jump vulnerability is mapped according to the system architecture level where the vulnerability is located, the vulnerability is represented in the system architecture diagram by nodes, the precursor successor relation between the nodes is represented by lines with arrows, the penetration direction and process are reflected, and the vulnerability is mapped to different layers of the system architecture, so that a system sectional graph model of the vulnerability is formed; wherein,*b is called the predecessor vulnerability of vulnerability B if and only if: the occurrence of leak X leads to the occurrence of leak B, which is called leak X*B;B*The successor called vulnerability B if and only if: the generation of the leak B causes the generation of a leak Y, and the leak Y is called B*
Step 2.2, establishing a network section graph model:
cutting the vulnerability according to network dimension, wherein the network layer is divided into an application layer, a transmission layer, a network layer, a data link layer and a physical layer from top to bottom; mapping according to the penetration condition of the vulnerability and the network hierarchy to which the vulnerability belongs; in the mapping process, vulnerability nodes with predecessor successor relations are indicated by arrows, so that the construction of a network section graph model is completed;
the step 3 is specifically implemented according to the following steps:
step 3.1, merging the system tangent plane and the network tangent plane obtained in the step 2, wherein the system tangent plane and the network tangent plane which are noticed to be merged are mapped through the same attack penetration path, and a synthetic model is constructed in a polar coordinate axis;
3.2, forming a two-dimensional graph model, displaying the penetration mode and the position of the vulnerability chain on the system and network layers, and deeply and accurately analyzing vulnerability relevance and evaluating the hazard degree of the vulnerability; adding a third dimension into the two-dimensional polar coordinate system in view of different damage grades of the vulnerability, and using vulnerability damage as the third dimension to perfect a vulnerability correlation model diagram;
the step 4 is specifically implemented according to the following steps:
4.1, establishing an evaluation mechanism comprehensively considering the system, the network and the damage of the bug per se according to the model obtained in the step 3;
step 4.2, setting the penetration of the vulnerability in a system section to meet a vector S (A1, B1 and C1) and setting the penetration of the vulnerability in a network section to meet a vector P (A2, B2 and C2), wherein A1, B1, C1, A2, B2 and C2 represent that the vulnerability is in the system or network level, and thus obtaining a conversion map of vulnerability penetration;
step 4.3, setting the damage of the system and the network section as two fixed values a, b, wherein the a and b depend on the degree of the emphasis of the evaluator on the system and the network, and the normalization condition is met, namely: a + b is 1;
4.4, calculating vulnerability hazard degree evaluation values of the system section and the network section; adopting a weighting calculation method;
step 4.5, evaluating vulnerability hazards according to the vulnerability evaluation model; setting a vulnerability assessment value V, and calculating the V by calculating the weighted hazard sum of vulnerability hazards in a system and a network layer and multiplying the vulnerability hazard D by the vulnerability: and V is D (a.S + b.P), D is an n-dimensional row vector consisting of vulnerability hazards, each element of the row vector sequentially represents CVSS vulnerability grade hazard scores from vulnerability 1 to vulnerability n from left to right, and then a model of an evaluation value is calculated to represent the hazard degree of the network vulnerability.
2. The method for modeling and analyzing the relevance of the security vulnerabilities of the network system according to claim 1, wherein the step 1 is implemented specifically as follows: setting penetration of A, B, C three-jump penetration of attack event, wherein each jump penetration belongs to penetration of the same equipment on penetration path, analyzing the precursor consequence of the penetration, and judging the penetration X*X and X*Forming a leak penetration chain, and formally describing a penetration process.
CN202110479627.XA 2021-04-30 2021-04-30 Network system security vulnerability correlation modeling and analyzing method Active CN113259334B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110479627.XA CN113259334B (en) 2021-04-30 2021-04-30 Network system security vulnerability correlation modeling and analyzing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110479627.XA CN113259334B (en) 2021-04-30 2021-04-30 Network system security vulnerability correlation modeling and analyzing method

Publications (2)

Publication Number Publication Date
CN113259334A CN113259334A (en) 2021-08-13
CN113259334B true CN113259334B (en) 2022-06-21

Family

ID=77223333

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110479627.XA Active CN113259334B (en) 2021-04-30 2021-04-30 Network system security vulnerability correlation modeling and analyzing method

Country Status (1)

Country Link
CN (1) CN113259334B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120151106B (en) * 2025-05-14 2025-08-01 新瑞数城技术有限公司 A method and system for an Internet of Things management platform for big data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763562A (en) * 2016-04-15 2016-07-13 全球能源互联网研究院 Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model
CN107196955A (en) * 2017-06-15 2017-09-22 北京理工大学 The network system active defense method analyzed based on vulnerability correlation
CN111131274A (en) * 2019-12-27 2020-05-08 国网四川省电力公司电力科学研究院 Non-invasive intelligent substation vulnerability detection method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10185832B2 (en) * 2015-08-12 2019-01-22 The United States Of America As Represented By The Secretary Of The Army Methods and systems for defending cyber attack in real-time
CN106789955B (en) * 2016-11-30 2019-11-15 山东省计算中心(国家超级计算济南中心) A network security situation assessment method
US10659488B1 (en) * 2017-02-28 2020-05-19 University Of South Florida Statistical predictive model for expected path length
CN108769018B (en) * 2018-05-29 2021-04-06 北京理工大学 Multidimensional and multi-granularity network space security measurement method
US11036865B2 (en) * 2018-07-05 2021-06-15 Massachusetts Institute Of Technology Systems and methods for risk rating of vulnerabilities

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763562A (en) * 2016-04-15 2016-07-13 全球能源互联网研究院 Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model
CN107196955A (en) * 2017-06-15 2017-09-22 北京理工大学 The network system active defense method analyzed based on vulnerability correlation
CN111131274A (en) * 2019-12-27 2020-05-08 国网四川省电力公司电力科学研究院 Non-invasive intelligent substation vulnerability detection method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
A novel network risk assessment method based on vulnerability correlation graph;Liu Guqing;《2014 IEEE Workshop on Electronics, Computer and Applications》;20140630;全文 *
A novel security risk assessment model for information system;Huiying Lv;《 2010 2nd International Conference on Advanced Computer Control》;20100617;全文 *
一种基于知识图谱的工业互联网安全漏洞研究方法;陶耀东等;《信息技术与网络安全》;20200110(第01期);全文 *
基于攻击图和模糊综合分析的网络威胁评估;罗运来等;《网络空间安全》;20200725(第07期);全文 *

Also Published As

Publication number Publication date
CN113259334A (en) 2021-08-13

Similar Documents

Publication Publication Date Title
Homer et al. A sound and practical approach to quantifying security risk in enterprise networks
Bhatt et al. Exploitability prediction of software vulnerabilities
Joh et al. Defining and assessing quantitative security risk measures using vulnerability lifecycle and cvss metrics
Liu et al. Improving VRSS-based vulnerability prioritization using analytic hierarchy process
Clemente et al. Is predicting software security bugs using deep learning better than the traditional machine learning algorithms?
CN110110529B (en) A method for mining key nodes in software network based on complex network
CN107103244B (en) AADL-based Web application architecture security evaluation method
Dai et al. Exploring risk flow attack graph for security risk assessment
Younis et al. Using software structure to predict vulnerability exploitation potential
Munaiah et al. Beyond the attack surface: Assessing security risk with random walks on call graphs
Olague et al. An empirical validation of object‐oriented class complexity metrics and their ability to predict error‐prone classes in highly iterative, or agile, software: a case study
CN112904817A (en) Global safety detection system for intelligent manufacturing production line and working method thereof
CN119484153A (en) A vulnerability accessibility rating method based on EPSS
Xiong et al. A method for assigning probability distributions in attack simulation languages
CN119788439B (en) A cross-domain resource sharing vulnerability detection method and system
Anjum Assessment of software vulnerabilities using best-worst method and two-way analysis
Joh et al. A framework for software security risk evaluation using the vulnerability lifecycle and CVSS metrics
Nour et al. Automa: Automated generation of attack hypotheses and their variants for threat hunting using knowledge discovery
CN113259334B (en) Network system security vulnerability correlation modeling and analyzing method
He et al. Recps: Privacy risk scoring for recommender systems
CN108769018B (en) Multidimensional and multi-granularity network space security measurement method
CN120017549A (en) A network security index evaluation system
CN118199920A (en) Attack graph attack path prediction method and device based on Bayesian network quantization
CN115862417A (en) A virtual simulation system and simulation method integrating attack and defense drill learning
CN114238992A (en) Threat vulnerability mining method based on big information security data and information security system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant