CN103996006A - Information system security risk assessment method and device - Google Patents
Information system security risk assessment method and device Download PDFInfo
- Publication number
- CN103996006A CN103996006A CN201310050945.XA CN201310050945A CN103996006A CN 103996006 A CN103996006 A CN 103996006A CN 201310050945 A CN201310050945 A CN 201310050945A CN 103996006 A CN103996006 A CN 103996006A
- Authority
- CN
- China
- Prior art keywords
- weight
- behavior
- threat
- behaviors
- information system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012502 risk assessment Methods 0.000 title claims abstract description 8
- 230000006399 behavior Effects 0.000 claims abstract description 181
- 238000010276 construction Methods 0.000 claims description 6
- 238000011156 evaluation Methods 0.000 abstract description 14
- 238000011002 quantification Methods 0.000 abstract description 4
- 230000007547 defect Effects 0.000 abstract description 2
- 230000000246 remedial effect Effects 0.000 abstract 1
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012954 risk control Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an information system security risk assessment method. The method includes the steps of constructing a threatening behavior model bank, matching calling behaviors recorded in an information system with threatening behaviors in the threatening behavior model bank to obtain decision values of the matched calling behaviors, determining weighted values of the threatening behaviors according to the decision values of the matched calling behaviors, and enabling the weighted values of the threatening behaviors to be combined with a vulnerability weighted value and a remedial measure weighted value to obtain a risk grade. The invention further discloses an information system security risk assessment device. Through the scheme of the information system security risk assessment method and device, security risks of the information system can be measured in multi-dimensional mode, the defects of existing risk evaluation quantification are greatly made up for, the accuracy and credibility of threat evaluation are improved, and the core problem of risk quantification of the information system can be solved; consequently, users can conveniently and objectively know the condition of running risks of the information system, and the risks of the information system can be perceived.
Description
Technical Field
The present invention relates to information security technologies, and in particular, to a method and an apparatus for evaluating security risk of an information system.
Background
With the change of the IT technology, the whole national economic development can not leave the operation and support of information systems, and how to ensure the safe operation of the information systems becomes a central priority; according to the requirements of 2006-.
To realize initiative information security, the key is to solve the situation of how to evaluate the security risk of the information system or sense the risk early. The risk profile is further related to a number of factors, including: the vulnerability factor of the information system, the threat factor outside the system, the control measure, the compensation measure and other factors; these factors in turn interact and interact with each other.
In the prior art, the safety risk of an information system is evaluated mainly through the following three ways: firstly, from the threat perspective, namely judging the security event quantity of related equipment, mainly analyzing logs from security equipment and IT equipment, and extracting logs with high risk level from the logs for judgment; secondly, from the aspect of vulnerability, namely vulnerability evaluation is carried out on network facilities, host resources, code resources and the like related to the information bearing system, so that the height of the risk condition is obtained; and thirdly, comprehensively evaluating by combining the threat, the vulnerability and the asset value.
The existing risk evaluation system has major defects and shortcomings, which are mainly reflected in the following aspects:
firstly, the evaluation index depends on a single factor or is too complex to reflect the real risk condition; from the threat angle, the external attack condition can be truly reflected, but because the external threats are numerous and the sources are complex, both novel attacks and very old attacks exist, and the attack applicability also needs to be accurately discriminated, the evaluation of higher risk condition generally occurs, and the threat disposal and the development of compensation measures are not facilitated; from the aspect of vulnerability, the vulnerability condition of an information system can be truly reflected, but because the vulnerability is static, risks need to be formed and threatened to attack, the risk condition evaluation distortion often occurs, effective resources are not favorably put into risk control, and the cost is overlarge; comprehensive evaluation from threats, vulnerabilities and asset values can reflect the risk condition level comparatively, but the comprehensive evaluation relates to a three-dimensional system, and three factors are many-to-many relationships, so that the mapping relationship and the calculation are extremely complex, and the comprehensive evaluation is difficult to realize in practical use.
Secondly, the existing evaluation system only pays attention to risk threat, vulnerability and asset value, but neglects important compensation measures which are actually important factors for risk control.
Disclosure of Invention
In view of the above, the main objective of the present invention is to provide a method and an apparatus for evaluating security risk of an information system, which can measure security risk of the information system in multiple dimensions.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the invention provides a method for evaluating the security risk of an information system, which comprises the following steps:
constructing a threat behavior pattern library, matching the calling behaviors recorded by the information system with the threat behaviors in the threat behavior pattern library, acquiring the judgment values of the matched calling behaviors, and determining the weight of the threat behaviors according to the judgment values of the matched calling behaviors;
and combining the weight of the threat behavior with the weight of the vulnerability and the weight of the remedy measure to obtain the risk level.
In the above scheme, the constructing the threat behavior pattern library is: the specific threat behaviors are used as a classification principle, each type of threat behavior is mapped to a system function call set, each system function call set comprises more than one call behavior of a system Application Programming Interface (API) function represented by a triple (a module number, a function number and a rule number), and all the threat behaviors form a threat behavior pattern library.
In the above scheme, the matching of the call behavior recorded by the information system and the threat behavior in the threat behavior pattern library is as follows: and converting the format of the call behavior recorded by the information system into the format of a triple < module number, function number and rule number >, and matching the converted call behavior with the threat behavior in the threat behavior pattern library.
In the above scheme, the obtaining of the determination value of each matching call behavior is as follows: and counting the occurrence average value of each matched calling behavior, and obtaining the judgment value of each calling behavior according to the occurrence average value of each calling behavior.
In the above scheme, the risk level obtained by combining the weight of the threat behavior with the weight of the vulnerability and the weight of the remedy measure is: obtaining a risk level according to a risk level formula comprising a threat behavior weight, a vulnerability weight and a remedy weight;
risk rating (V) ═ Round1{ Log2[ (ax2) }The+B×2Vul+C×2Con)/3]}×Asset(value)
Wherein, The represents a threat behavior weight; vul represents the weight of vulnerability; con represents the weight of the compensation measure; round function is a function rounded to the numerical value by the number of digits specified, Round1 denotes the reserved 1-digit decimal number; asset (value) represents asset value; a is the coefficient of the weight of the threat behavior; b is the coefficient of the weight of the vulnerability; and C is the coefficient of the weight of the compensation measure.
The invention provides a device for evaluating the security risk of an information system, which comprises: the system comprises a construction module, a matching module, a judgment value acquisition module, a determination module and a risk grade acquisition module; wherein,
the construction module is used for constructing a threat behavior pattern library;
the matching module is used for matching the calling behaviors recorded by the information system with the threat behaviors in the threat behavior pattern library and sending the matched calling behaviors to the judgment value acquisition module;
the judgment value acquisition module is used for acquiring the judgment value of each matched calling behavior;
the determining module is used for determining a threat behavior weight according to the judging value;
and the risk level acquisition module is used for combining the weight of the threat behavior with the weight of the vulnerability and the weight of the remedy measure to obtain the risk level.
In the above scheme, the construction module is specifically configured to use a specific threat behavior as a classification rule, each type of threat behavior maps one system function call set, each system function call set includes more than one call behavior of a system API function represented by a triple < module number, function number, and rule number >, and all the threat behaviors constitute a threat behavior pattern library.
In the above scheme, the matching module is specifically configured to convert the format of the call behavior recorded by the information system into a format of a triple < module number, function number, and rule number >, and match the converted call behavior with the threat behavior in the threat behavior pattern library.
In the above scheme, the risk level obtaining module is specifically configured to obtain a risk level according to a risk level formula that includes a threat behavior weight, a vulnerability weight, and a remedy weight;
risk rating (V) ═ Round1{ Log2[ (ax2) }The+B×2Vul+C×2Con)/3]}×Asset(value)
Wherein, The represents a threat behavior weight; vul represents the weight of vulnerability; con represents the weight of the compensation measure; round function is a function rounded to the numerical value by the number of digits specified, Round1 denotes the reserved 1-digit decimal number; asset (value) represents asset value; a is the coefficient of the weight of the threat behavior; b is the coefficient of the weight of the vulnerability; and C is the coefficient of the weight of the compensation measure.
The invention provides a method and a device for evaluating the security risk of an information system, which are characterized by constructing a threat behavior pattern library, matching calling behaviors recorded by the information system with threat behaviors in the threat behavior pattern library, acquiring the decision value of each matched calling behavior, and determining the weight of the threat behavior according to the decision value of each matched calling behavior; combining the weight of the threat behavior with the weight of the vulnerability and the weight of the compensation measure to obtain a risk level; therefore, the safety risk of the information system can be measured in multiple dimensions, the shortage of the existing risk evaluation quantification is greatly overcome, the accuracy and credibility of threat judgment are improved, and the core problem of the risk quantification of the information system is solved, so that a user can conveniently and objectively know the risk condition of the operation of the information system, and the safety risk of the information system can be sensed.
Drawings
FIG. 1 is a schematic flow chart of a method for security risk assessment of an information system according to the present invention;
FIG. 2 is a schematic diagram of a threat behavior pattern library provided by the present invention;
fig. 3 is a schematic structural diagram of an apparatus for information system security risk assessment provided in the present invention.
Detailed Description
The basic idea of the invention is: constructing a threat behavior pattern library, matching the calling behaviors recorded by the information system with the threat behaviors in the threat behavior pattern library, acquiring the judgment values of the matched calling behaviors, and determining the weight of the threat behaviors according to the judgment values of the matched calling behaviors; and combining the weight of the threat behavior with the weight of the vulnerability and the weight of the remedy measure to obtain the risk level.
The invention is further described in detail below with reference to the figures and the specific embodiments.
The invention realizes a method for evaluating the security risk of an information system, which comprises the following steps as shown in figure 1:
step 101: constructing a threat behavior pattern library;
specifically, with specific threat behaviors as a classification principle, as shown in fig. 2, each type of threat behavior a maps a system function call set S, each system function call set S includes more than one call behavior of a system API function represented by a triple < module number, function number, and rule number >, the call behaviors included in the system function call set S are known threat behaviors, and all the threat behaviors a constitute a threat behavior pattern library;
the specific threat behaviors include: eavesdropping class, remote spyware class, intentional disclosure class, hacking class, system/network overload class, etc.
Step 102: matching the calling behavior recorded by the information system with the threat behavior in the threat behavior pattern library;
specifically, the format of the call behavior recorded by the information system is converted into the format of a triple < module number, function number, rule number >, and the converted call behavior is matched with the threat behavior in the threat behavior pattern library.
Step 103: acquiring a judgment value of each matched calling behavior;
specifically, the occurrence mean value of each matched calling behavior is counted, and a judgment value of each calling behavior is obtained according to the occurrence mean value of each calling behavior; here, the determination value is the number of attack successes or the number of attack failures;
the judgment value of each calling behavior obtained according to the occurrence average value of each calling behavior is as follows: counting attack results of each calling behavior in the occurrence mean value of each calling behavior, and taking the attack results as judgment values;
and the attack result is attack success times or attack failure times.
Step 104: determining a threat behavior weight according to the matched judgment value of each calling behavior;
specifically, when the decision value of the matched calling behavior is greater than a preset threshold value, the calling behavior is marked as a threat behavior, the number of all calling behaviors marked as threat behaviors is counted, and a weight of the threat behavior is determined.
Step 105: combining the weight of the threat behavior with the weight of the vulnerability and the weight of the compensation measure to obtain a risk level;
specifically, a risk level is obtained according to a risk level formula comprising a threat behavior weight, a vulnerability weight and a remedy weight;
risk rating (V) ═ Round1{ Log2[ (ax2) }The+B×2Vul+C×2Con)/3]}×Asset(value)
Wherein, The represents a threat behavior weight; vul represents the weight of vulnerability; con represents the weight of the compensation measure; round function is a function rounded to the numerical value by the number of digits specified, Round1 denotes the reserved 1-digit decimal number; asset (value) represents asset value; a is the coefficient of the weight of the threat behavior; b is the coefficient of the weight of the vulnerability; c is the coefficient of the weight of the compensation measure; according to the international basis for weight evaluation, it can be set as follows: a is 0.7, B is 0.5, C is 0.8;
the weight of the vulnerability is generally determined according to the vulnerability level evaluated in an international vulnerability library (CVE);
the weights of the compensation measures are generally assigned according to the robustness (the effectiveness of avoiding risks) of the compensation measures, and the higher the value is, the better the risk avoiding effect is.
In order to implement the above method, the present invention further provides an apparatus for evaluating security risk of an information system, which is generally disposed on a hardware device that provides API service using Linux Server, as shown in fig. 3, and the apparatus includes: the system comprises a construction module 31, a matching module 32, a judgment value acquisition module 33, a determination module 34 and a risk level acquisition module 35; wherein,
the constructing module 31 is used for constructing a threat behavior pattern library;
the matching module 32 is configured to match the call behaviors recorded by the information system with the threat behaviors in the threat behavior pattern library, and send each matched call behavior to the decision value obtaining module 33;
the decision value acquisition module 33 is configured to acquire a decision value of each matched call behavior;
the determining module 34 is configured to determine a threat behavior weight according to the determination value;
and the risk level obtaining module 35 is configured to combine the weight of the threat behavior with the weight of the vulnerability and the weight of the remedy measure to obtain a risk level.
The constructing module 31 is specifically configured to use a specific threat behavior as a classification rule, map a system function call set to each type of threat behavior, where each system function call set includes more than one call behavior of a system API function represented by a triple < module number, function number, and rule number >, and the call behaviors included in the system function call set are known threat behaviors, and all the threat behaviors constitute a threat behavior pattern library.
The matching module 32 is specifically configured to convert the format of the call behavior recorded by the information system into a format of a triple < module number, function number, and rule number >, and match the converted call behavior with the threat behavior in the threat behavior pattern library.
The risk level obtaining module 35 is specifically configured to obtain a risk level according to a risk level formula that includes a threat behavior weight, a vulnerability weight, and a remedy weight;
risk rating (V) ═ Round1{ Log2[ (ax2) }The+B×2Vul+C×2Con)/3]}×Asset(value)
Wherein, The represents a threat behavior weight; vul represents the weight of vulnerability; con represents the weight of the compensation measure; round function is a function rounded to the numerical value by the number of digits specified, Round1 denotes the reserved 1-digit decimal number; asset (value) represents asset value; a is the coefficient of the weight of the threat behavior; b is the coefficient of the weight of the vulnerability; c is the coefficient of the weight of the compensation measure; according to the international basis for weight evaluation, it can be set as follows: a is 0.7, B is 0.5, and C is 0.8.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.
Claims (9)
1. A method for information system security risk assessment, the method comprising:
constructing a threat behavior pattern library, matching the calling behaviors recorded by the information system with the threat behaviors in the threat behavior pattern library, acquiring the judgment values of the matched calling behaviors, and determining the weight of the threat behaviors according to the judgment values of the matched calling behaviors;
and combining the weight of the threat behavior with the weight of the vulnerability and the weight of the remedy measure to obtain the risk level.
2. The method of claim 1, wherein the library of threat behavior patterns is constructed by: the specific threat behaviors are used as a classification principle, each type of threat behavior is mapped to a system function call set, each system function call set comprises more than one call behavior of a system Application Programming Interface (API) function represented by a triple (a module number, a function number and a rule number), and all the threat behaviors form a threat behavior pattern library.
3. The method of claim 2, wherein matching the invocation behavior of the information system record with the threat behavior in the threat behavior pattern library is: and converting the format of the call behavior recorded by the information system into the format of a triple < module number, function number and rule number >, and matching the converted call behavior with the threat behavior in the threat behavior pattern library.
4. The method of claim 1, wherein the decision value for each call behavior on the get match is: and counting the occurrence average value of each matched calling behavior, and obtaining the judgment value of each calling behavior according to the occurrence average value of each calling behavior.
5. The method according to claim 1, wherein the risk level obtained by combining the weight of the threat behavior with the weight of the vulnerability and the weight of the remedy is: obtaining a risk level according to a risk level formula comprising a threat behavior weight, a vulnerability weight and a remedy weight;
risk rating (V) ═ Round1{ Log2[ (ax2) }The+B×2Vul+C×2Con)/3]}×Asset(value)
Wherein, The represents a threat behavior weight; vul represents the weight of vulnerability; con represents the weight of the compensation measure; round function is a function rounded to the numerical value by the number of digits specified, Round1 denotes the reserved 1-digit decimal number; asset (value) represents asset value; a is the coefficient of the weight of the threat behavior; b is the coefficient of the weight of the vulnerability; and C is the coefficient of the weight of the compensation measure.
6. An apparatus for information system security risk assessment, the apparatus comprising: the system comprises a construction module, a matching module, a judgment value acquisition module, a determination module and a risk grade acquisition module; wherein,
the construction module is used for constructing a threat behavior pattern library;
the matching module is used for matching the calling behaviors recorded by the information system with the threat behaviors in the threat behavior pattern library and sending the matched calling behaviors to the judgment value acquisition module;
the judgment value acquisition module is used for acquiring the judgment value of each matched calling behavior;
the determining module is used for determining a threat behavior weight according to the judging value;
and the risk level acquisition module is used for combining the weight of the threat behavior with the weight of the vulnerability and the weight of the remedy measure to obtain the risk level.
7. The apparatus according to claim 6, wherein the configuration module is specifically configured to use the specific threat behaviors as a classification rule, and each type of threat behavior maps a system function call set, and each system function call set includes more than one call behavior of a system API function represented by a triple < module number, function number, and rule number >, and all the threat behaviors constitute the threat behavior pattern library.
8. The apparatus according to claim 7, wherein the matching module is specifically configured to convert the format of the call behavior recorded by the information system into a format of a triple < module number, function number, rule number >, and match the converted call behavior with the threat behavior in the threat behavior pattern library.
9. The device according to claim 6, wherein the risk level obtaining module is specifically configured to obtain a risk level according to a risk level formula that includes a threat behavior weight, a vulnerability weight, and a remedy weight;
risk rating (V) ═ Round1{ Log2[ (ax2) }The+B×2Vul+C×2Con)/3]}×Asset(value)
Wherein, The represents a threat behavior weight; vul represents the weight of vulnerability; con represents the weight of the compensation measure; round function is a function rounded to the numerical value by the number of digits specified, Round1 denotes the reserved 1-digit decimal number; asset (value) represents asset value; a is the coefficient of the weight of the threat behavior; b is the coefficient of the weight of the vulnerability; and C is the coefficient of the weight of the compensation measure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310050945.XA CN103996006B (en) | 2013-02-17 | 2013-02-17 | A kind of method and apparatus of Evaluation of Information System Security Risk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310050945.XA CN103996006B (en) | 2013-02-17 | 2013-02-17 | A kind of method and apparatus of Evaluation of Information System Security Risk |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103996006A true CN103996006A (en) | 2014-08-20 |
| CN103996006B CN103996006B (en) | 2018-09-04 |
Family
ID=51310168
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310050945.XA Active CN103996006B (en) | 2013-02-17 | 2013-02-17 | A kind of method and apparatus of Evaluation of Information System Security Risk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103996006B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844169A (en) * | 2015-01-15 | 2016-08-10 | 中国移动通信集团安徽有限公司 | Method and device for information safety metrics |
| CN106407813A (en) * | 2016-05-17 | 2017-02-15 | 北京智言金信信息技术有限公司 | Data normalization processing apparatus and method for heterogeneous vulnerability scanner |
| CN106656996A (en) * | 2016-11-09 | 2017-05-10 | 航天科工智慧产业发展有限公司 | Information safety risk assessment method |
| CN107239707A (en) * | 2017-06-06 | 2017-10-10 | 国家电投集团河南电力有限公司技术信息中心 | A kind of threat data processing method for information system |
| CN108776861A (en) * | 2018-04-27 | 2018-11-09 | 中国铁路总公司 | Railway Communication safety risk estimating method and device |
| CN109684366A (en) * | 2018-12-20 | 2019-04-26 | 国家计算机网络与信息安全管理中心 | A kind of knowledge base group volume method for industrial control system risk assessment |
| CN110839000A (en) * | 2018-08-15 | 2020-02-25 | 中国信息通信研究院 | Method and device for determining security level of network information system |
| CN112565296A (en) * | 2020-12-24 | 2021-03-26 | 深信服科技股份有限公司 | Security protection method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101017458A (en) * | 2007-03-02 | 2007-08-15 | 北京邮电大学 | Software safety code analyzer based on static analysis of source code and testing method therefor |
| CN101374051A (en) * | 2008-08-22 | 2009-02-25 | 中国航天科工集团第二研究院七○六所 | Method for evaluating information system risk base on multi-element fusion |
| US20110173146A1 (en) * | 2006-06-12 | 2011-07-14 | John Harris Hnatio | Complexity systems management method |
| CN102238038A (en) * | 2011-07-26 | 2011-11-09 | 北京神州绿盟信息安全科技股份有限公司 | Network equipment security evaluation method and device |
| CN102799954A (en) * | 2012-07-18 | 2012-11-28 | 中国信息安全测评中心 | Method and system for multi-objective optimization applied to risk assessment |
-
2013
- 2013-02-17 CN CN201310050945.XA patent/CN103996006B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110173146A1 (en) * | 2006-06-12 | 2011-07-14 | John Harris Hnatio | Complexity systems management method |
| CN101017458A (en) * | 2007-03-02 | 2007-08-15 | 北京邮电大学 | Software safety code analyzer based on static analysis of source code and testing method therefor |
| CN101374051A (en) * | 2008-08-22 | 2009-02-25 | 中国航天科工集团第二研究院七○六所 | Method for evaluating information system risk base on multi-element fusion |
| CN102238038A (en) * | 2011-07-26 | 2011-11-09 | 北京神州绿盟信息安全科技股份有限公司 | Network equipment security evaluation method and device |
| CN102799954A (en) * | 2012-07-18 | 2012-11-28 | 中国信息安全测评中心 | Method and system for multi-objective optimization applied to risk assessment |
Non-Patent Citations (2)
| Title |
|---|
| 李江涛: "基于行为的病毒检测系统的设计与实现", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
| 黄水清等: "数字图书馆信息安全风险评估", 《现代图书情报技术》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844169B (en) * | 2015-01-15 | 2019-09-13 | 中国移动通信集团安徽有限公司 | Information security measure and device |
| CN105844169A (en) * | 2015-01-15 | 2016-08-10 | 中国移动通信集团安徽有限公司 | Method and device for information safety metrics |
| CN106407813A (en) * | 2016-05-17 | 2017-02-15 | 北京智言金信信息技术有限公司 | Data normalization processing apparatus and method for heterogeneous vulnerability scanner |
| CN106407813B (en) * | 2016-05-17 | 2020-04-07 | 北京摄星科技有限公司 | Heterogeneous vulnerability scanner data normalization processing device and method |
| CN106656996B (en) * | 2016-11-09 | 2020-09-15 | 航天科工智慧产业发展有限公司 | Information security risk assessment method |
| CN106656996A (en) * | 2016-11-09 | 2017-05-10 | 航天科工智慧产业发展有限公司 | Information safety risk assessment method |
| CN107239707A (en) * | 2017-06-06 | 2017-10-10 | 国家电投集团河南电力有限公司技术信息中心 | A kind of threat data processing method for information system |
| CN107239707B (en) * | 2017-06-06 | 2020-09-29 | 国家电投集团河南电力有限公司 | Threat data processing method for information system |
| CN108776861A (en) * | 2018-04-27 | 2018-11-09 | 中国铁路总公司 | Railway Communication safety risk estimating method and device |
| CN110839000A (en) * | 2018-08-15 | 2020-02-25 | 中国信息通信研究院 | Method and device for determining security level of network information system |
| CN110839000B (en) * | 2018-08-15 | 2022-02-08 | 中国信息通信研究院 | Method and device for determining security level of network information system |
| CN109684366A (en) * | 2018-12-20 | 2019-04-26 | 国家计算机网络与信息安全管理中心 | A kind of knowledge base group volume method for industrial control system risk assessment |
| CN112565296A (en) * | 2020-12-24 | 2021-03-26 | 深信服科技股份有限公司 | Security protection method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103996006B (en) | 2018-09-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103996006B (en) | A kind of method and apparatus of Evaluation of Information System Security Risk | |
| CN102710598B (en) | System and method for reducing security risk in computer network | |
| CN110825757B (en) | Equipment behavior risk analysis method and system | |
| CN107911396A (en) | Log in method for detecting abnormality and system | |
| Arias et al. | Spatial analysis of vicariance: a method for using direct geographical information in historical biogeography | |
| CN103136255B (en) | The method and apparatus of information management | |
| CN106209862A (en) | A kind of steal-number defence implementation method and device | |
| CN103440459A (en) | Function-call-based Android malicious code detection method | |
| CN107122669A (en) | A kind of method and apparatus for assessing leaking data risk | |
| CN106845836B (en) | Safety risk analysis method and system for environmental protection measures in power transmission and transformation engineering construction process | |
| CN107895122A (en) | A kind of special sensitive information active defense method, apparatus and system | |
| CN113487212A (en) | Risk monitoring method and device | |
| CN116962443B (en) | Storage data processing system based on cloud computing | |
| CN114157484A (en) | Data security storage system based on cloud computing | |
| CN115378711A (en) | Industrial control network intrusion detection method and system | |
| CN105208009A (en) | Safety detection method and apparatus of account number | |
| CN115796607A (en) | Acquisition terminal security portrait assessment method based on power consumption information analysis | |
| CN104848889A (en) | Fiber grating historic building monitoring and maintaining system based on Internet-of-things technology | |
| CN108833442A (en) | A kind of distributed network security monitoring device and its method | |
| CN117857225B (en) | Identity authentication system and method for new energy power station acquisition terminal | |
| CN116743479B (en) | Network security detection system and method based on big data | |
| CN114238330A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN109962916B (en) | Multi-attribute-based industrial internet security situation evaluation method | |
| CN116405242B (en) | Safety state identification method for data acquisition and monitoring system | |
| CN105897776A (en) | Safety management and control method based on cloud computation system and safety management and control system based on cloud computation system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |