Host risk evaluation method and device

Abstract

The invention discloses a host risk evaluation method and a host risk evaluation device. The method comprises the following steps of: detecting the bug information and network connectivity information of all hosts in a network; determining an attack path in the network according to the bug information and the network connectivity information; and determining the total risk of any target host based on the bug information and the attack path. In the method and the device, the thought of actively and dynamically evaluating potential bugs and risks by the attack path is put forward for the first time, so that host risk evaluation is more perfect, and effects are more ideal. Own bugs of the host and threats from the attack path in the network are combined, so the potential risks of the host can be explored more deeply.

Description

technical field

[0001] The invention relates to the technical field of computer network security, in particular to a host computer risk assessment method and device. Background technique

[0002] In recent years, computer network attacks are increasing day by day, and people are facing more and more serious security threats from computer network systems. Security issues have become the main issues affecting Internet development and commercial applications. The most important and fundamental cause of network security problems is that computer systems have security loopholes and risks that can be penetrated and exploited. At present, the methods of host risk assessment can be divided into three categories according to the assessment object: asset assessment, vulnerability assessment and threat assessment. Among them, asset assessment is based on the input of asset security attributes, according to the asset assessment model, to obtain the security value of the asset, which is...

Images