A method for automatic real-time judging of IT system security situation

Abstract

The invention discloses a method for automatically judging the security situation of an IT (information technology) system in real time, and belongs to the technical field of network information. The method includes the steps: 1) automatically acquiring security flaw situation data of the IT system to generate a flaw threat database; 2) extracting flaws of nodes and pre-conditions and post-conditions used by flaw threat from the flaw threat database and generating an internal association diagram of each node; 3) building a knowledge base describing the threat influence relation among the nodes according to association of the nodes and setting a relation predicate set and a threat predicate calculus set for each node; and 4) determining a node set M with the threat influence relation with each node X according to the knowledge base, calculating the node X and each node Y in the set M according to the predicate calculus set, and judging the threat relation between the node X and the node Y. By the method, sensing of the security situation of the system is greatly accelerated, and the security risk of the system is reduced.

Description

technical field [0001] The invention relates to a method for judging a security situation of a network information system (IT system), in particular to an automatic real-time judging method for a security situation of an IT system, belonging to the technical field of network information system security. Background technique [0002] IT system vulnerability security situation awareness / judgment can be understood as knowing the distribution of vulnerabilities and deducing the impact of exploiting vulnerabilities by mastering IT system configuration information, as well as the potential security threat pathways and security threat evolution of IT systems. At present, IT system administrators are in a passive state of vulnerability security situation awareness, relying on manual collection of security vulnerability information and analysis of system security status, which makes managers lack initiative, timeliness, and overall awareness of IT system vulnerability security situati...

AI Technical Summary

Problems solved by technology

At present, IT system administrators are in a passive state of vulnerability security situation awareness, relying on manual collection of security vulnerability information and analysis of system security status, which makes managers lack initiative, timeliness, and overall awareness of IT system vulnerability security situation. Can only respond to security incidents passively, and cannot ensure that system vulnerability security management achieves predictable threat control

[0003] 针对上述问题,文献:Ascalableapproachtoattackgraphgeneration.XinmingOu,WayneF.Boyer,andMilesA.McQueen.In13thACMConferenceonComputerandCommunicationsSecurity(CCS2006),Alexandria,VA,U.S.A.,October2006.;MulVAL:Alogic-basednetworksecurityanalyzer.XinmingOu,SudhakarGovindavajhala,andAndrewW.Appel.In14thUSENIXSecuritySymposium,Baltimore, Maryland,U.S.A.,August2005;JohnWilliams,PramodKalapa,StevenNoel,″TopologicalVulnerabilityAnalysis--AutomaticallyPredictingPossiblePathsofCyberAttack,″10thAnnualAirForceIntelligence,Surveillance,andReconnaissance(ISR)AgencyCommunicationsandInformationConference,SanAntonio,Texas,November2010.试图使用攻击图方法来分析IT系统的安全状态,但是因为 The vulnerability information of the IT system evolves dynamically, and the known attack graph cannot reflect the security threat status of the IT system in real time. At the same time, this method does not consider the impact of threat correlation

Therefore, it is impossible to automatically determine the security situation of IT system vulnerabilities in real time

Images