Network security situation evaluation method

Abstract

The invention provides a network security situation evaluation method, which comprises the steps as follows: raw data are preprocessed, and the weight of each asset in a subnet and the weight of each subnet in the whole network are calculated; each asset is subject to external threat situation evaluation; each asset is subject to internal threat situation evaluation; by adopting a weight analysis method, each subnet is subject to external threat situation evaluation and internal threat situation evaluation; the network is subject to external threat situation evaluation and internal threat situation evaluation; firewall log information, intrusion information and vulnerability information are correlated in a crossed manner, so as to eliminate ineffective alarms; the security situation of each asset is comprehensively evaluated; the security situation of each subnet is comprehensively evaluated; and by adopting the weight analysis method, the security situation of the network is comprehensively evaluated. By adopting the network security situation evaluation method, the problem of single data source in the prior art is solved, a network security situation evaluation result is enabled to be more comprehensive and more accurate; the overall condition of the network security is truly reflected; and the evaluation result is intuitive and practical and can be directly used for guiding the command and the decision of network security management.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to a network security situation assessment method. technical background [0002] The Internet is a product of the information age and currently covers almost all important areas in the world. With the continuous expansion of network scale, network attacks and destructive behaviors are becoming more frequent, and the network security situation is becoming increasingly severe. In order to form a network security proactive protection capability, it is first necessary to understand the internal and external threats of the network and the overall security status. [0003] The network security situation assessment technology conducts in-depth comprehensive processing and analysis of factors affecting security in the network, evaluates the overall security status of the network in real time, and provides guidance for network security management command and decision-making. [00...

AI Technical Summary

Problems solved by technology

[0005] 1. Single data source: There are few basic data sources for network security situation assessment, resulting in one-sided network security situation assessment results, which cannot fully reflect the overall situation of network security;

[0006] 2. The assessment results are not accurate enough: the network security situation assessment algorithm design is unreas

Images