[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN110933083B - Vulnerability grade evaluation device and method based on word segmentation and attack matching - Google Patents

Vulnerability grade evaluation device and method based on word segmentation and attack matching Download PDF

Info

Publication number
CN110933083B
CN110933083B CN201911203420.9A CN201911203420A CN110933083B CN 110933083 B CN110933083 B CN 110933083B CN 201911203420 A CN201911203420 A CN 201911203420A CN 110933083 B CN110933083 B CN 110933083B
Authority
CN
China
Prior art keywords
vulnerability
attack
asset
information
similarity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911203420.9A
Other languages
Chinese (zh)
Other versions
CN110933083A (en
Inventor
任竹艳
朱挺
徐尼峰
郝玉虎
梁兆锁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Fufu Information Technology Co Ltd
Original Assignee
China Telecom Fufu Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Fufu Information Technology Co Ltd filed Critical China Telecom Fufu Information Technology Co Ltd
Priority to CN201911203420.9A priority Critical patent/CN110933083B/en
Publication of CN110933083A publication Critical patent/CN110933083A/en
Application granted granted Critical
Publication of CN110933083B publication Critical patent/CN110933083B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a vulnerability grade assessment device and a vulnerability grade assessment method based on word segmentation and attack matching, which are used for identifying vulnerability being threatened and utilized by associating an alarm generated by safety protection equipment with a vulnerability generated by a vulnerability scanner and carrying out priority identification on the vulnerability based on asset dimension so as to guide the development of safety operation and maintenance work. And generating a directed acyclic graph in a host-service-version-vulnerability-utilization mode by performing word segmentation and key information extraction on vulnerability information and security vulnerability base information. And performing word segmentation and key information extraction on the alarm information, then comparing the alarm information with a directed acyclic graph of the vulnerability, and calculating the similarity of the threat with the vulnerability by using a similarity algorithm, wherein the possibility that the threat with high similarity utilizes the vulnerability is higher. Thus locating the matched bugs and their assets in the directed acyclic graph, marking them as high processing priorities, and suggesting repair as early as possible.

Description

Vulnerability grade evaluation device and method based on word segmentation and attack matching
Technical Field
The invention relates to the technical field of network security, in particular to a vulnerability grade assessment device and method based on word segmentation and attack matching.
Background
The traditional vulnerability threat assessment method mainly comprises the steps of collecting vulnerability information through a vulnerability scanner, judging the repair priority based on the collected CVSS scores of vulnerability grades, and determining the risk value of assets by combining the value of the assets in part of assessment modes so as to realize the sequencing of vulnerabilities. The vulnerability can be unilaterally guided by only evaluating vulnerability, however, the vulnerability repair priority is still challenging for the work units with very large capital output. On the other hand, in actual work, security operation and maintenance personnel can find a large number of attack alarms from the inside and the outside through security protection equipment, the accuracy of the alarms depends on the compiling of attack characteristics, the alarms generate a plurality of trial actions, the results of the attacks cannot be substantially judged, and the alarms are generally sorted according to the alarm levels defined by the alarm equipment or in combination with the value of assets in the aspect of processing the alarms. The vulnerability scanning and the attack warning have the self-principle defects, a large amount of false reports occur only through the vulnerability scanning or only through the warning, and huge workload is increased for the actual work of the safety operation and maintenance personnel.
Disclosure of Invention
The invention aims to provide a vulnerability grade assessment device and method based on word segmentation and attack matching.
The technical scheme adopted by the invention is as follows:
a vulnerability grade assessment device based on word segmentation and attack matching comprises the following modules:
a data word segmentation module: segmenting the vulnerability information and the attack warning information, and extracting key information;
a graph generation module: generating a directed acyclic graph according to key information extracted from the vulnerability;
a similarity matching module: matching and calculating similarity in the directed acyclic graph according to key information extracted by the alarm;
an asset importance calculation module: calculating asset value according to the ip mutual access information;
a vulnerability level evaluation module: and calculating vulnerability scores and attack grades according to the similarity and the asset value in a weighting mode, and positioning high-risk vulnerabilities and attacks.
Further, the key information includes an operating system version, a middleware version, a vulnerability exploitation mode, an attack keyword, and vulnerability information exploited by the attack.
Further, the directed acyclic graph is a directed acyclic graph of a corresponding relation of a host-service-version-vulnerability-utilization mode.
Further, the similarity matching module calculates the similarity between the attack and the vulnerability by using the Jaccard similarity coefficient.
A vulnerability grade assessment method based on word segmentation and attack matching comprises the following steps:
step 1, performing word segmentation on vulnerability foundation base information and vulnerability information generated by a vulnerability scanner, and extracting key information;
step 2, generating a directed acyclic graph according to the extracted key information;
step 3, carrying out word segmentation on attack warning information generated by the safety protection equipment in real time, and extracting key information;
step 4, matching is carried out in the directed acyclic graph by using the word segmentation result of the attack warning information, and the similarity of the attack and the vulnerability is calculated by using the Jaccard similarity coefficient;
Figure BDA0002296423490000021
wherein a is attack, m is asset, P (a, m) is matching degree of attack and asset, and SV (v)i) Is to viVulnerability participle, SA (a) is attack participle to a, and Jaccard () is a Jaccard similarity calculation formula;
step 5, extracting the ip mutual access information according to the flow;
step 6, according to the ip mutual access information, the number of the nodes accessed by the assets is calculated, thereby calculating the importance of the assets,
Figure BDA0002296423490000022
where M () is the importance of the asset, initially set to a fixed value, and converges to a reasonable range over multiple iterations, F (M)i) Is miAccessible node set, T (m)j) Is accessible mjN is the total number of nodes, d is a damping factor, d is used to mitigate the sum of level leakageSinking in grade;
and 7, according to the similarity and the importance information of the assets, carrying out weighted calculation to obtain the grade score of the attack, thereby positioning the high-risk attack, wherein the calculation formula of the grade of the attack is as follows:
R(a,mi)=P(a,mi)M(mi)
where R (x) is the level of attack, P (x) is the degree of match of the attack to the asset, and M (x) is the importance of the asset;
and 8, calculating and determining the vulnerability grade according to the attack grade and in combination with the matched related vulnerabilities of the assets to extract the high-risk vulnerability, wherein the calculation formula of the vulnerability grade is as follows:
Figure BDA0002296423490000023
where vr (x) is the level of vulnerability, Jaccard (x) >0 means that the parts with Jaccard coefficients greater than 0 are summed, a is the attack, m is the asset, a is the attack set, e (a) is the set of assets that all a have attacked, and r (x) is the degree of match of the attack to the asset.
Further, the key information in step 1 or step 3 includes an operating system version, a middleware version, a vulnerability exploitation mode, an attack keyword, and an attack exploitation vulnerability.
Further, step 2 generates a directed acyclic graph of the corresponding relation of the host, the service, the version, the vulnerability and the utilization mode.
By adopting the technical scheme, the method and the system provided by the invention have the advantages that the asset dimension is established, the alarm generated by the safety protection equipment is associated with the vulnerability generated by the vulnerability scanner, the vulnerability being threatened and utilized is identified, and the priority identification is carried out to guide the development of the safety operation and maintenance work. And generating a directed acyclic graph in a host-service-version-vulnerability-utilization mode by performing word segmentation and key information extraction on vulnerability information and security vulnerability base information. And performing word segmentation and key information extraction on the alarm information, then comparing the alarm information with a directed acyclic graph of the vulnerability, and calculating the similarity of the threat with the vulnerability by using a similarity algorithm, wherein the possibility that the threat with high similarity utilizes the vulnerability is higher. Thus locating the matched bugs and their assets in the directed acyclic graph, marking them as high processing priorities, and suggesting repair as early as possible.
The method and the device have the advantages that the alarm generated by the safety protection equipment is associated with the bug generated by the bug scanner, the vulnerability which is being threatened and utilized is identified by calculating the similarity, and the priority identification is carried out to guide the development of the safety operation and maintenance work and reduce the workload of safety operation and maintenance personnel; by comparing the attack warning information with the vulnerability scanning information, the false warning information of some safety protection devices can be avoided; by matching the vulnerability information of the assets which are identified to be attacked, vulnerability early warning is timely pushed to the assets which possibly have similar vulnerabilities, and early prevention can be achieved before large-scale spread of attacks.
Drawings
The invention is described in further detail below with reference to the accompanying drawings and the detailed description;
FIG. 1 is a schematic flow chart of a vulnerability grade assessment method based on word segmentation and attack matching according to the present invention;
fig. 2 is a schematic diagram of a vulnerability class assessment apparatus architecture based on word segmentation and attack matching according to the present invention.
Detailed Description
The security risk needs to be researched and judged by combining three dimensions of threat, vulnerability and asset value, and in actual work, the threat can be generally identified by deploying security protection devices such as IPS, IDS and WAF. Vulnerabilities can be discovered using vulnerability scanners, baseline scanning tools, etc. to probe hosts, databases, application middleware, etc. The value of an asset is assessed based on the traffic it carries. Threats that leverage the associated vulnerabilities to valuable assets are paths that identify risks. This patent is based on asset dimension, adopts to be correlated with the warning that the safety protection equipment produced and the vulnerability that the vulnerability scanner produced, discerns the vulnerability that is being threatened and utilizes to carry out priority sign for the development of guide safety operation and maintenance work. And generating a directed acyclic graph in a host-service-version-vulnerability-utilization mode by performing word segmentation and key information extraction on vulnerability information and security vulnerability base information. And performing word segmentation and key information extraction on the alarm information, then comparing the alarm information with a directed acyclic graph of the vulnerability, and calculating the similarity of the threat with the vulnerability by using a similarity algorithm, wherein the possibility that the threat with high similarity utilizes the vulnerability is higher. Thus locating the matched bugs and their assets in the directed acyclic graph, marking them as high processing priorities, and suggesting repair as early as possible.
As shown in fig. 1 or fig. 2, the present invention discloses a vulnerability grade assessment device based on word segmentation and attack matching, which comprises the following modules:
a data word segmentation module: segmenting the vulnerability information and the attack warning information, and extracting key information;
a graph generation module: generating a directed acyclic graph according to key information extracted from the vulnerability;
a similarity matching module: matching and calculating similarity in the directed acyclic graph according to key information extracted by the alarm;
an asset importance calculation module: calculating asset value according to the ip mutual access information;
a vulnerability level evaluation module: and calculating vulnerability scores and attack grades according to the similarity and the asset value in a weighting mode, and positioning high-risk vulnerabilities and attacks.
Further, the key information includes an operating system version, a middleware version, a vulnerability exploitation mode, an attack keyword, and vulnerability information exploited by the attack.
Further, the directed acyclic graph is a directed acyclic graph of a corresponding relation of a host-service-version-vulnerability-utilization mode.
Further, the similarity matching module calculates the similarity between the attack and the vulnerability by using the Jaccard similarity coefficient.
A vulnerability grade assessment method based on word segmentation and attack matching comprises the following steps:
step 1, performing word segmentation on vulnerability foundation base information and vulnerability information generated by a vulnerability scanner, and extracting key information;
step 2, generating a directed acyclic graph according to the extracted key information;
step 3, carrying out word segmentation on attack warning information generated by the safety protection equipment in real time, and extracting key information;
step 4, matching is carried out in the directed acyclic graph by using the word segmentation result of the attack warning information, and the similarity of the attack and the vulnerability is calculated by using the Jaccard similarity coefficient;
Figure BDA0002296423490000041
wherein a is attack, m is asset, P (a, m) is matching degree of attack and asset, and SV (v)i) Is to viVulnerability participle, SA (a) is attack participle to a, and Jaccard () is a Jaccard similarity calculation formula;
step 5, extracting the ip mutual access information according to the flow;
step 6, according to the ip mutual access information, the number of the nodes accessed by the assets is calculated, thereby calculating the importance of the assets,
Figure BDA0002296423490000042
where M () is the importance of the asset, initially set to a fixed value, and converges to a reasonable range over multiple iterations, F (M)i) Is miAccessible node set, T (m)j) Is accessible mjThe node set of (1), N is the total number of nodes, d is a damping factor, and d is used for relieving and solving grade leakage and grade sinking;
and 7, according to the similarity and the importance information of the assets, carrying out weighted calculation to obtain the grade score of the attack, thereby positioning the high-risk attack, wherein the calculation formula of the grade of the attack is as follows:
R(a,mi)=P(a,mi)M(mi)
where R (x) is the level of attack, P (x) is the degree of match of the attack to the asset, and M (x) is the importance of the asset;
and 8, calculating and determining the vulnerability grade according to the attack grade and in combination with the matched related vulnerabilities of the assets to extract the high-risk vulnerability, wherein the calculation formula of the vulnerability grade is as follows:
Figure BDA0002296423490000043
where vr (x) is the level of vulnerability, Jaccard (x) >0 means that the parts with Jaccard coefficients greater than 0 are summed, a is the attack, m is the asset, a is the attack set, e (a) is the set of assets that all a have attacked, and r (x) is the degree of match of the attack to the asset.
Further, the key information in step 1 or step 3 includes an operating system version, a middleware version, a vulnerability exploitation mode, an attack keyword, and an attack exploitation vulnerability.
Further, step 2 generates a directed acyclic graph of the corresponding relation of the host, the service, the version, the vulnerability and the utilization mode.
By adopting the technical scheme, the vulnerability of threat utilization is identified by correlating the alarm generated by the safety protection equipment with the vulnerability generated by the vulnerability scanner, calculating the similarity, and carrying out priority identification to guide the development of safety operation and maintenance work and reduce the workload of safety operation and maintenance personnel; by comparing the attack warning information with the vulnerability scanning information, the false warning information of some safety protection devices can be avoided; by matching the vulnerability information of the assets which are identified to be attacked, vulnerability early warning is timely pushed to the assets which possibly have similar vulnerabilities, and early prevention can be achieved before large-scale spread of attacks.

Claims (7)

1. The utility model provides a vulnerability grade evaluation device based on participle and attack match which characterized in that: the system comprises the following modules:
a data word segmentation module: segmenting the vulnerability information and the attack warning information, and extracting key information;
a graph generation module: generating a directed acyclic graph according to key information extracted from the vulnerability;
a similarity matching module: according to the alarmMatching the extracted key information in the directed acyclic graph and calculating the similarity; calculating the similarity of the attack and the vulnerability by using the Jaccard similarity coefficient
Figure FDA0003407356880000011
Wherein a is attack, m is asset, P (a, m) is matching degree of attack and asset, and SV (v)i) Is to viVulnerability participle, SA (a) is attack participle to a, and Jaccard () is a Jaccard similarity calculation formula;
an asset importance calculation module: calculating asset value according to the ip mutual access information; according to the ip mutual access information, the number of nodes accessed by the assets is calculated, and therefore the importance of the assets is calculated
Figure FDA0003407356880000012
Where M () is the importance of the asset, F (M)i) Is miAccessible node set, T (m)j) Is accessible mjN is the total number of nodes, d is a damping factor, d is used for alleviating level leakage and level sinking;
a vulnerability level evaluation module: calculating vulnerability score and attack level according to the similarity and asset value weighting, and positioning high-risk vulnerabilities and attacks; according to the similarity and the importance information of the assets, the level score R (a, m) of the attack is obtained through weighted calculationi)=P(a,mi)M(mi) Where R (x) is the level of attack, P (x) is the degree of match of the attack to the asset, and M (x) is the importance of the asset; according to the attack level, combining the matched related vulnerabilities of the assets, calculating and determining the vulnerability level
Figure FDA0003407356880000013
Where VR (x) is the level of vulnerability, Jaccard (x)>0 is the sum of the parts with Jaccard coefficient more than 0, a is attack, m is asset, A is attack set, E (a) is the set of all the assets attacked by a, and R (x) is the matching degree of the attack and the asset.
2. The vulnerability grade assessment device based on word segmentation and attack matching according to claim 1, characterized in that: the key information comprises an operating system version, a middleware version, a vulnerability exploitation mode, an attack keyword and vulnerability information exploited by the attack.
3. The vulnerability grade assessment device based on word segmentation and attack matching according to claim 1, characterized in that: the directed acyclic graph is a directed acyclic graph of a corresponding relation of a host, a service, a version, a vulnerability and a utilization mode.
4. The vulnerability grade assessment device based on word segmentation and attack matching according to claim 1, characterized in that: and the similarity matching module calculates the similarity between the attack and the vulnerability by using the Jaccard similarity coefficient.
5. A vulnerability grade assessment method based on word segmentation and attack matching adopts the vulnerability grade assessment device based on word segmentation and attack matching of any one of claims 1 to 4, and is characterized in that: the method comprises the following steps:
step 1, performing word segmentation on vulnerability foundation base information and vulnerability information generated by a vulnerability scanner, and extracting key information;
step 2, generating a directed acyclic graph according to the extracted key information;
step 3, carrying out word segmentation on attack warning information generated by the safety protection equipment in real time, and extracting key information;
step 4, matching is carried out in the directed acyclic graph by using the word segmentation result of the attack warning information, and the similarity of the attack and the vulnerability is calculated by using the Jaccard similarity coefficient;
Figure FDA0003407356880000021
wherein a is attack, m is asset, P (a, m) is matching degree of attack and asset, and SV (v)i) Is to viVulnerability participle, SA (a) is participle against attack a, and Jaccard () is Jaccard similarityCalculating a formula;
step 5, extracting the ip mutual access information according to the flow;
step 6, according to the ip mutual access information, the number of the nodes accessed by the assets is calculated, thereby calculating the importance of the assets,
Figure FDA0003407356880000022
where M () is the importance of the asset, F (M)i) Is miAccessible node set, T (m)j) Is accessible mjN is the total number of nodes, d is a damping factor, d is used for alleviating level leakage and level sinking;
and 7, according to the similarity and the importance information of the assets, carrying out weighted calculation to obtain the grade score of the attack, thereby positioning the high-risk attack, wherein the calculation formula of the grade of the attack is as follows:
R(a,mi)=P(a,mi)M(mi)
where R (x) is the level of attack, P (x) is the degree of match of the attack to the asset, and M (x) is the importance of the asset;
and 8, calculating and determining the vulnerability grade according to the attack grade and in combination with the matched related vulnerabilities of the assets to extract the high-risk vulnerability, wherein the calculation formula of the vulnerability grade is as follows:
Figure FDA0003407356880000023
where vr (x) is the level of vulnerability, Jaccard (x) >0 means that the parts with Jaccard coefficients greater than 0 are summed, a is the attack, m is the asset, a is the attack set, e (a) is the set of assets that all a have attacked, and r (x) is the degree of match of the attack to the asset.
6. The vulnerability grade assessment method based on word segmentation and attack matching according to claim 5, characterized in that: the key information in step 1 or step 3 comprises an operating system version, a middleware version, a vulnerability exploitation mode, an attack keyword and an attack exploitation vulnerability.
7. The vulnerability grade assessment method based on word segmentation and attack matching according to claim 5, characterized in that: and 2, generating a directed acyclic graph of the corresponding relation of the host, the service, the version, the vulnerability and the utilization mode.
CN201911203420.9A 2019-11-29 2019-11-29 Vulnerability grade evaluation device and method based on word segmentation and attack matching Active CN110933083B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911203420.9A CN110933083B (en) 2019-11-29 2019-11-29 Vulnerability grade evaluation device and method based on word segmentation and attack matching

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911203420.9A CN110933083B (en) 2019-11-29 2019-11-29 Vulnerability grade evaluation device and method based on word segmentation and attack matching

Publications (2)

Publication Number Publication Date
CN110933083A CN110933083A (en) 2020-03-27
CN110933083B true CN110933083B (en) 2022-04-05

Family

ID=69848116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911203420.9A Active CN110933083B (en) 2019-11-29 2019-11-29 Vulnerability grade evaluation device and method based on word segmentation and attack matching

Country Status (1)

Country Link
CN (1) CN110933083B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112564988B (en) * 2021-02-19 2021-06-18 腾讯科技(深圳)有限公司 Alarm processing method and device and electronic equipment
CN113452707B (en) * 2021-06-28 2022-07-22 华中科技大学 Scanner network scanning attack behavior detection method, medium and terminal
CN114329486A (en) * 2021-12-24 2022-04-12 中电信数智科技有限公司 Asset vulnerability management method and device, electronic equipment and storage medium
CN114726642B (en) * 2022-04-26 2023-09-22 东北电力大学 Quantification system based on network threat of power monitoring system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105427172A (en) * 2015-12-04 2016-03-23 北京华热科技发展有限公司 Risk assessment method and system
CN106411578A (en) * 2016-09-12 2017-02-15 国网山东省电力公司电力科学研究院 Website monitoring system and method applicable to power industry
US9825989B1 (en) * 2015-09-30 2017-11-21 Fireeye, Inc. Cyber attack early warning system
US9948663B1 (en) * 2015-12-07 2018-04-17 Symantec Corporation Systems and methods for predicting security threat attacks

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11282017B2 (en) * 2015-07-11 2022-03-22 RiskRecon Inc. Systems and methods for monitoring information security effectiveness
US10270799B2 (en) * 2016-05-04 2019-04-23 Paladion Networks Private Limited Methods and systems for predicting vulnerability state of computer system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9825989B1 (en) * 2015-09-30 2017-11-21 Fireeye, Inc. Cyber attack early warning system
CN105427172A (en) * 2015-12-04 2016-03-23 北京华热科技发展有限公司 Risk assessment method and system
US9948663B1 (en) * 2015-12-07 2018-04-17 Symantec Corporation Systems and methods for predicting security threat attacks
CN106411578A (en) * 2016-09-12 2017-02-15 国网山东省电力公司电力科学研究院 Website monitoring system and method applicable to power industry

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于威胁情报多维度分析的攻击组织关联与研判系统;靳莉亚;《中国优秀硕士学位论文全文数据库(电子期刊)》;20190915;全文 *
基于模型学习的安全协议脆弱性分析关键技术研究;申莹珠;《中国优秀硕士学位论文全文数据库(电子期刊)》;20190115;全文 *

Also Published As

Publication number Publication date
CN110933083A (en) 2020-03-27

Similar Documents

Publication Publication Date Title
CN110933083B (en) Vulnerability grade evaluation device and method based on word segmentation and attack matching
CN108718310B (en) Deep learning-based multilevel attack feature extraction and malicious behavior identification method
CN110909811B (en) OCSVM (online charging management system) -based power grid abnormal behavior detection and analysis method and system
Chang et al. Intrusion detection by backpropagation neural networks with sample-query and attribute-query
CN113821804B (en) Cross-architecture automatic detection method and system for third-party components and security risks thereof
CN112491796A (en) Intrusion detection and semantic decision tree quantitative interpretation method based on convolutional neural network
US20210203686A1 (en) Reliability calculation apparatus, reliability calculation method and program
CN114039758A (en) Network security threat identification method based on event detection mode
CN109922065B (en) Quick identification method for malicious website
CN116366376B (en) APT attack traceability graph analysis method
CN110460611B (en) Machine learning-based full-flow attack detection technology
CN111177731A (en) Software source code vulnerability detection method based on artificial neural network
CN115499185A (en) Method and system for analyzing abnormal behavior of network security object of power monitoring system
Harbola et al. Improved intrusion detection in DDoS applying feature selection using rank & score of attributes in KDD-99 data set
CN111818055B (en) Network attack path analysis method based on dynamic feedback
CN116776334A (en) Office software vulnerability analysis method based on big data
CN104964736B (en) Optical fiber invasion vibration source identification method based on time-frequency characteristic maximum expected classification
CN115225336A (en) Vulnerability availability calculation method and device for network environment
CN109918901A (en) The method that real-time detection is attacked based on Cache
CN115987687B (en) Network attack evidence obtaining method, device, equipment and storage medium
CN115567325B (en) Threat hunting method based on graph matching
Sridevi et al. Genetic algorithm and artificial immune systems: A combinational approach for network intrusion detection
CN117633779A (en) Rapid deployment method and system for element learning detection model of network threat in power network
CN105791263A (en) Information security risk pre-warning method and management system
KR101863569B1 (en) Method and Apparatus for Classifying Vulnerability Information Based on Machine Learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant