Network security posture assessment method

Abstract

The invention provides a network security posture assessment method. The method comprises the following steps: producing a vulnerability list, an atomic attack list and an attack evidence list according to the acquired vulnerability information, network attack information and attack evidence; creating a bayesian network; acquiring atomic attack posterior probability; detecting the authenticity of the causal relationship between the atomic attack and the attack evidence in the bayesian network; building a network attack system framework and producing a bayesian attack graph; acquiring node attack probability of atomic attack; acquiring vulnerability threat degree and dividing into three levels, namely, Root authority level, User authority level and None authority level; displaying the overall assessment result of the network security posture according to the three levels of the vulnerability thread degree and early warning values corresponding to the three levels; performing early warning when the vulnerability thread degree exceeds the early warning levels corresponding to the three levels. The network security posture assessment method has the characteristics of being simple in model, accurate in assessment result and wide in applicable scope, and can be widely applied to the field of network security.

Description

technical field [0001] The invention relates to assessment technology, in particular to a network security situation assessment method. Background technique [0002] With the development of science and technology, network security issues have already become the focus of attention. In recent years, the number of network attack incidents has continued to increase. Various scientific research units study various security technical measures, evaluate network security situation, and prevent or even solve network attack problems. In the network security situation assessment technology, vulnerability exploit threat assessment technology has always been a key technology in the field of security situation assessment. [0003] Vulnerability utilization threat assessment methods include vulnerability severity assessment method and global security situation assessment method. The vulnerability severity assessment method mainly evaluates the severity of each vulnerability based on the ...

AI Technical Summary

Problems solved by technology

The global security situation assessment method first establishes a vulnerability assessment model based on the attack graph or Bayesian network, and then evaluates the overall security status of the system according to the status of all vulnerabilities in the system, and based on experience or vulnerability assessment system (CVSS, Common Vulnerability Scoring System) to obtain the probability of each vulnerability being successfully exploited; however, the vulnerability assessment model of the existing global security situation assessment method is relatively complex, and the accuracy of the assessment results is low

[0004] It can be seen that in the prior art, the network security situation assessment method has problems such as low accuracy of assessment results.

Images