Scoring method and device for enterprise network safety situation awareness

A security situation and enterprise network technology, applied in the field of network security, can solve the problems of reducing the accuracy of network security situation awareness evaluation, enterprise managers cannot intuitively understand the network security situation, and the selection of weights is not unified.

Inactive Publication Date: 2019-12-27
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF8 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The above evaluation model mainly adopts the weighted average method. However, the weighted average method has no uniform standard for the selection of weights, and is often set according to experience, thereby reducing the accuracy of network security situational awareness assessment. Compared with the form of display scores, the use of graphic Or the complex form of the curve makes it impossible for enterprise managers to intuitively understand the network security situation of the day

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Scoring method and device for enterprise network safety situation awareness
  • Scoring method and device for enterprise network safety situation awareness
  • Scoring method and device for enterprise network safety situation awareness

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0062] figure 1 It is a flowchart of a scoring method for enterprise network security situational awareness provided by Embodiment 1 of the present invention.

[0063] refer to figure 1 , the method includes the following steps:

[0064] Step S101, obtaining security metadata, the security metadata includes multiple security metadata, and each security metadata includes multiple indicators;

[0065] Specifically, the plurality of security metadata includes flow data, asset data, alarm data, vulnerability data and event data. Traffic data includes x 11 ,x 12 ,...,x 1m Indicators and alarm data include x 21 ,x 22 ,...,x 2n Indicators, asset data including x 31 ,x 32 ,...,x 3r Indicators, vulnerability data including x 41 ,x 42 ,...,x 4s Metrics and event data include x 51 ,x 52 ,...,x 5t index. By obtaining indicators of traffic data, indicators of asset data, indicators of alarm data, indicators of vulnerability data and indicators of event data, the real secu...

Embodiment 2

[0115] figure 2 It is a schematic diagram of a scoring model for network security situational awareness provided by Embodiment 2 of the present invention.

[0116] refer to figure 2 Situational awareness is a process of acquiring, understanding, evaluating, and presenting elements that can cause changes in the network situation based on security big data, as well as predicting future development trends; situational awareness is to improve security threats from a global perspective. Discover an ability to recognize, understand, analyze, and respond to.

[0117] With the rapid development of network information technology, traditional network security threats such as Trojan horses, botnets, and phishing websites are increasing unabated, and new network attacks such as DDoS attacks and advanced persistent threats (APT) attacks are intensifying. A scoring model for network security situation awareness needs to be established to help security personnel intuitively monitor the s...

Embodiment 3

[0122] image 3 It is a schematic diagram of a scoring device for enterprise network security situation awareness provided by Embodiment 3 of the present invention.

[0123] refer to image 3 , the device consists of:

[0124] The obtaining unit 1 is used to obtain security metadata, the security metadata includes a plurality of security metadata, and each security metadata includes multiple indicators;

[0125] The processing unit 2 is used to calculate the information value corresponding to each index;

[0126] The selection unit 3 is used to select multiple indicators that meet the prediction conditions according to the information value corresponding to each indicator;

[0127] The weight coefficient calculation unit 4 is used to obtain the weight coefficient corresponding to each index by passing multiple indexes satisfying the prediction conditions through the logistic regression model;

[0128] The comprehensive score calculation unit 5 is used to calculate the curr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a scoring method and device for enterprise network safety situation awareness. The method comprises the following steps: obtaining safety metadata which comprises a plurality ofparts of safety metadata, and each part of safety metadata comprises a plurality of indexes; calculating an information value corresponding to each index; selecting a plurality of indexes meeting prediction conditions according to the information value corresponding to each index; obtaining a weight coefficient corresponding to each index through a logistic regression model according to the plurality of indexes meeting the prediction condition; calculating a current comprehensive score according to each index meeting the prediction condition and the weight coefficient corresponding to each index; wherein the prediction condition is that the information value corresponding to each index is greater than or equal to a preset information value; the multiple parts of safety element sub-data comprise flow data, asset data, alarm data, vulnerability data and event data, the weight coefficient corresponding to each index can be calculated through the logistic regression model, the accuracy ishigh, and the network safety situation of the day can be visually known through the current comprehensive score.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a scoring method and device for enterprise network security situation awareness. Background technique [0002] With the rapid development of computer network technology and the extensive application of large-scale, distributed high-speed networks, the Internet has penetrated into all aspects of people's study, work and life, and has become an important means of information exchange and resource sharing among people. While the scale of the Internet is developing rapidly, network security incidents related to it occur frequently, and network security issues are becoming increasingly prominent. The current security situation facing the Internet is mainly manifested in the following aspects: websites are implanted with backdoors, hidden attacks are on the rise, and user information on websites has become the focus of hackers stealing; phishing is becoming more and more rampa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/145H04L41/147H04L41/0631H04L63/20H04L63/30
Inventor 李起瑞范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap