Method for assessing network vulnerability and electronic device
By using the ATT&CK model for vulnerability detection and analysis, the problem of vulnerability correlation construction and assessment is solved, enabling dynamic assessment of network vulnerabilities and effective analysis of multi-step attacks.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINESE PEOPLES LIBERATION ARMY UNIT 61660
- Filing Date
- 2023-04-20
- Publication Date
- 2026-06-26
AI Technical Summary
Existing technologies cannot effectively construct the correlation between vulnerabilities, nor can they efficiently assess network vulnerabilities, especially when facing multi-step attacks, they cannot assess the attack flow and exploitation relationships between vulnerabilities.
Based on the ATT&CK model, the correlation between vulnerabilities is constructed through vulnerability detection scanning, mapping, local metric calculation and global probability calculation. Vulnerability correlation analysis is performed using CVE numbers and ATT&CK sub-technique numbers to dynamically assess network vulnerability.
It enables the construction of correlations between vulnerabilities and efficient network vulnerability assessment, and can dynamically assess the vulnerability exploitation relationships of multi-step attacks, thereby improving the accuracy and efficiency of network vulnerability assessment.
Smart Images

Figure CN116865988B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of information security technology, and in particular to methods and electronic devices for assessing network vulnerabilities. Background Technology
[0002] Due to the continuous occurrence of security incidents such as personal information leaks and phishing attacks, basic network equipment, domain name systems, and other basic networks and critical infrastructure still face significant security risks. Cyberattacks are frequent, and multi-step attacks have become the main method of cyberattacks.
[0003] Multi-step attacks arrange single-step attacks according to a certain logical relationship, forming an attack sequence within a specific time and space, thereby achieving attack intentions that cannot be achieved by single-step attacks alone. Compared with traditional attack methods, multi-step attacks employ a wider range of techniques. Multi-step attacks using novel attack methods are typically represented by complex network attacks and APTs (advanced persistent threats), causing more severe damage and being more difficult to detect, thus being a significant factor affecting the current state of network security. Therefore, the detection and description of multi-step attacks has become a key focus in the field of network security. Discovering and describing multi-step attacks first requires studying network vulnerabilities and the exploitation relationships between different vulnerabilities.
[0004] However, traditional technologies typically describe network vulnerabilities based on static descriptions of individual vulnerabilities, failing to differentiate the risk levels of vulnerability attacks under different network attacks and their subsequent consequences. For example, CWE and CVSS provide static scores for software and hardware vulnerabilities, describing single-step attack threats; however, when faced with multiple vulnerabilities in a network, they cannot effectively establish correlations between vulnerabilities, nor can they provide dynamic network vulnerability assessments based on vulnerability correlations, or evaluate the attack flow and exploitation relationships between multiple attack steps.
[0005] Therefore, how to construct vulnerability correlations and how to efficiently assess network vulnerabilities are the problems that this invention aims to solve. Summary of the Invention
[0006] The purpose of this invention is to provide a method and electronic device for assessing network vulnerability, which can not only establish the correlation between vulnerabilities, but also efficiently assess network vulnerability.
[0007] According to one aspect of the present invention, at least one embodiment provides a method for assessing network vulnerability, comprising: acquiring network vulnerabilities, wherein the vulnerabilities include a first vulnerability; performing correlation analysis on the first vulnerability to obtain a second vulnerability with exploitable relationships, and obtaining a multi-step attack probability of the second vulnerability, wherein the multi-step attack probability represents the probability of continuing to attack the second vulnerability if the first vulnerability is attacked; and globally assessing the network vulnerability based on the multi-step attack probability.
[0008] According to another aspect of the present invention, at least one embodiment also provides an electronic device for assessing network vulnerability, comprising: a processor adapted to implement various instructions; and a memory adapted to store a plurality of instructions, said instructions being adapted to be loaded by the processor and executed by the method described above for assessing network vulnerability.
[0009] According to another aspect of the present invention, at least one embodiment also provides a system for assessing network vulnerability, comprising: the electronic device described above for assessing network vulnerability according to the present invention.
[0010] According to another aspect of the present invention, at least one embodiment also provides a computer-readable non-volatile storage medium storing computer program instructions that, when the computer executes the program instructions, perform the method described above for assessing network vulnerability according to the present invention.
[0011] Through the above embodiments of the present invention, by utilizing five steps including vulnerability detection scanning, vulnerability mapping, local vulnerability measurement calculation, vulnerability availability calculation, and global probability of vulnerability exploitation, it is possible not only to utilize the correlation between vulnerability points, but also to efficiently and dynamically achieve local and global vulnerability assessment. Attached Figure Description
[0012] To more clearly illustrate the specific embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the specific embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained from these drawings without creative effort.
[0013] Figure 1 This is a schematic diagram of a system for assessing network vulnerability according to an embodiment of the present invention;
[0014] Figure 2 This is a schematic diagram of an electronic device for assessing network vulnerability according to an embodiment of the present invention;
[0015] Figure 3 This is a flowchart of a method for assessing network vulnerability according to an embodiment of the present invention;
[0016] Figure 4 This is a schematic diagram of the network process environment according to an embodiment of the present invention;
[0017] Figure 5 This is a schematic diagram of the ATT&CK model according to an embodiment of the present invention;
[0018] Figure 6 This is a schematic diagram illustrating the relationship between vulnerabilities and subsequent attacks according to an embodiment of the present invention;
[0019] Figure 7 This is a schematic diagram of the topology of the relationship according to an embodiment of the present invention;
[0020] Figure 8 This is an optional schematic diagram according to an embodiment of the present invention. Detailed Implementation
[0021] The technical solution of the present invention will now be clearly and completely described with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0022] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this invention are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of the invention described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.
[0023] Typically, the vulnerability exploitation relationships in multi-step attack scenarios can be described using the cyber threat framework-kill chain model. This model summarizes multi-step attacks into stages such as target reconnaissance, weapon customization, delivery, exploitation, installation, channel establishment, and action execution. While this kill chain model describes the attacker's steps and intent, it only mentions the vulnerabilities that need to be exploited and does not explicitly describe the exploitable vulnerabilities in detail, making it difficult to establish a vulnerability exploitation chain.
[0024] To enrich the kill chain model, the ATT&CK model was later proposed. This model integrates known historical advanced threat attack tactics and techniques, forming a knowledge base framework that provides a general language for describing hacker behavior and abstracting hacker attacks. This knowledge base includes 12 tactics and 244 attack techniques, each of which specifically clarifies the vulnerabilities exploited from an attack perspective, facilitating vulnerability description. Therefore, this invention, based on the ATT&CK network threat framework, proposes a method for assessing network vulnerabilities. This method establishes a mapping relationship between CWE vulnerabilities, weak passwords, and vulnerabilities arising from violations of security policies and the threat framework. Utilizing the exploitation relationships between vulnerabilities, it dynamically achieves local and global vulnerability assessments, enabling the correlation assessment between vulnerabilities and network attack chains.
[0025] Based on this, the present invention provides a system for assessing network vulnerabilities. This system performs correlation analysis on vulnerabilities using the ATT&CK network threat framework model, and describes and assesses network vulnerabilities through vulnerability exploitation relationships. For example, the system maps and numbers vulnerabilities to attack techniques on the ATT&CK model that exploit them, uses the vulnerability's location on the ATT&CK model and its CVSS score (General Vulnerability Scoring System Index) as static local assessment indicators, and finally provides a global assessment of the vulnerability based on its exploitation rate and the number of times it has been exploited on the ATT&CK model. Figure 1 As shown, the environment of the system for assessing network vulnerability may include a hardware environment and a network environment. The hardware environment includes an electronic device 100 and a server 200 for assessing network vulnerability. The electronic device 100 for assessing network vulnerability can operate the server 200 through corresponding instructions, thereby reading, changing, adding data, etc.
[0026] The electronic device 100 used for assessing network vulnerability can be one or more, or can include multiple processing nodes, which can be presented externally as a whole. Optionally, the electronic device 100 used for assessing network vulnerability can also send the acquired data to the server 200, so that the server 200 can execute the method of the present invention for assessing network vulnerability. Optionally, the electronic device 100 used for assessing network vulnerability can be connected to the server 200 via a network. The aforementioned network includes wired networks and wireless networks. The wireless network includes, but is not limited to: wide area network, metropolitan area network, local area network, or mobile data network. Typically, the mobile data network includes, but is not limited to: Global System for Mobile Communications (GSM) network, Code Division Multiple Access (CDMA) network, Wideband Code Division Multiple Access (WCDMA) network, Long Term Evolution (LTE) communication network, Wi-Fi network, ZigBee network, Bluetooth-based network, etc. Different types of communication networks may be operated by different operators. The type of communication network does not constitute a limitation on the embodiments of the present invention.
[0027] The electronic device 100 used to assess network vulnerability, such as Figure 2 As shown, the system includes: a processor 202; and a memory 204 configured to store computer program instructions adapted for loading and execution by the processor of the method for assessing network vulnerability developed in this invention (which will be described in detail later). The processor 202 can be any suitable processor, such as a central processing unit, microprocessor, embedded processor, etc., and can adopt architectures such as x86 and ARM. The memory 204 can be any suitable storage device, such as a non-volatile storage device, including but not limited to magnetic storage devices, semiconductor storage devices, optical storage devices, etc., and can be arranged as a single storage device, a storage device array, or a distributed storage device; embodiments of this invention do not impose limitations on these arrangements.
[0028] Those skilled in the art will understand that the structure of the electronic device 100 described above for assessing network vulnerability is merely illustrative and does not limit the structure of the device. For example, the hardware platform 100 may also include... Figure 2 The diagram shows more or fewer components (such as transmission devices). The aforementioned transmission devices are used to receive or send data via a network. In one example, the transmission device is a radio frequency (RF) module used for wireless communication with the Internet.
[0029] Based on the above operating environment, at least one embodiment of the present invention proposes a method for assessing network vulnerability. This method can be loaded and executed by the processor 202 of an electronic device 100 for assessing network vulnerability, and at least solves the problems of constructing vulnerability correlations and efficiently assessing network vulnerability. Figure 3 The flowchart shown here illustrates a method for assessing network vulnerability. It should be noted that the steps illustrated in the flowchart can be executed in a computer system, such as a set of computer-executable instructions. Furthermore, although a logical order is shown in the flowchart, in some cases the steps shown or described may be performed in a different order than that presented here. The method may include the following steps:
[0030] Step S301: Obtain the network's vulnerabilities, including the first vulnerability;
[0031] Step S303: Perform correlation analysis on the first vulnerability to obtain a second vulnerability that has an exploitation relationship, and obtain the multi-step attack probability of the second vulnerability, wherein the multi-step attack probability represents the probability of continuing to attack the second vulnerability if the first vulnerability is attacked.
[0032] Step S305: Based on the multi-step attack probability, globally assess the network vulnerability.
[0033] In general, there is a firewall between attackers and devices in a network. If an attacker on the external network attempts to intrude into the internal network, this invention can not only take advantage of the correlation between vulnerabilities, but also efficiently and dynamically achieve local and global vulnerability assessments through five steps: vulnerability detection scanning, vulnerability mapping, local vulnerability measurement calculation, vulnerability exploitability calculation, and global probability of vulnerability exploitation.
[0034] In step S301, the vulnerabilities of the network are obtained. The network includes multiple device nodes, including a first node, a second node, ..., an Mth node. The first node includes multiple first vulnerabilities, and the second node includes multiple second vulnerabilities.
[0035] Optionally, obtaining network vulnerabilities may include: performing a full network scan of the network (such as an internal network) to obtain multiple first vulnerabilities of a first node, multiple second vulnerabilities of a second node, ..., and multiple M-th vulnerabilities of an M-th node, where each vulnerability can be one or more vulnerabilities. For example, the network may be scanned using the Nessus system to obtain an attack graph and vulnerability information for multiple device nodes.
[0036] In step S303, a correlation analysis is performed on the first vulnerability to obtain a second vulnerability with an exploitable relationship, and the multi-step attack probability of the second vulnerability is obtained. For example, the first and second numbers of the first vulnerability are obtained, where the first number is a CVE (Common Vulnerabilities and Exposures) number and the second number is an ATT&CK sub-technology number; using the CVE number and the ATT&CK sub-technology number, the second vulnerability with an exploitable relationship with the first vulnerability is obtained; based on the ATT&CK attack chain, the multi-step attack probability of the second vulnerability is obtained.
[0037] The process of obtaining the first and second vulnerability IDs mentioned above may include: searching the CVE database to obtain the first ID; obtaining the vulnerability exploitation method and vulnerability CVSS score based on the first ID; mapping the ATT&CK sub-technique ID to the corresponding vulnerability based on the vulnerability exploitation method, thus giving the vulnerability a first ID (CVE ID) and a second ID (ATT&CK sub-technique ID). This CVE ID can be used to obtain the vulnerability's general hazard CVSS score. For example... Figure 4 The network process environment shown is illustrated below, with the first example numbered as follows:
[0038] Table 1. Status of Device Nodes with Vulnerabilities
[0039]
[0040] Table 2. First Numbering Schematic Table
[0041]
[0042] The aforementioned method utilizes CVE numbers and ATT&CK sub-technique numbers to identify second vulnerabilities that have an exploitation relationship with the first vulnerability. Specifically, by using the vulnerability association relationships between vulnerabilities in the CVE table and their corresponding ATT&CK attacks, along with the ATT&CK sub-technique numbers, associated vulnerabilities (such as the second vulnerability) on other nodes that have an exploitation relationship with the first vulnerability can be identified. Subsequently, this invention further utilizes the vulnerability exploitation relationships to calculate the duration of subsequent attacks on the ATT&CK model attack chain after the vulnerability is exploited.
[0043] Although the complete attack chain described by the ATT&CK model varies depending on the type of network attack, they all generally begin with the "initial access" phase, which involves scanning and probing. For example, in a Distributed Denial-of-Service (DDoS) attack, the attacker may go through multiple phases, including initial access, defense evasion, lateral movement, and command and control, before finally reaching the impact phase and executing the denial-of-service attack. Therefore, the ATT&CK model provided in this invention... Figure 5As shown, the attack chain includes initial access, execution, persistence, authorization, defense evasion, as well as stages such as lateral movement, collection, C2, data infiltration, and impact. It creatively proposes to correlate CVE scores with network attack stages, achieving vulnerability assessment based on network attacks. Given that the current vulnerability exploitation stage and its tactical stage position within the ATT&CK are approximately consistent with the actual attack path length and the total attack stage length within the ATT&CK, this invention simplifies the attack chain of the ATT&CK model as follows: A represents the first vulnerability, and B represents the second vulnerability. This is the final stage of attacking the first vulnerability A. To attack the current location of the first vulnerable point A, To attack the first vulnerable point A, the actual distance experienced. The position of the first vulnerability A on the ATT&CK attack chain. The distance from the location of the first vulnerable point A to the ATT&CK attack chain.
[0044] The above, based on the ATT&CK attack chain, yields the multi-step attack probability of the second vulnerability. For example, it yields the multi-step attack probability of the second vulnerability. Among them, the local vulnerability threat score , The CVSS vulnerability score for the second vulnerability B. The location of the attack that exploited the first vulnerability, A, is the furthest point on ATT&CK. = The farthest position The subsequent movement distance, where n represents the n vulnerable points in the network, k is the kth vulnerable point in the network, and k ≤ n. It should be noted that the multi-step attack probability of the second vulnerable point... The probability of an attacker choosing to attack B as a subsequent attack when there are two or more subsequent attacks, provided that the current vulnerability A has been successfully exploited. The selectivity of a vulnerability depends on the magnitude of the local vulnerability of the vulnerability and the distribution of subsequent vulnerabilities.
[0045] In other words, this invention uses the exploitation rate of vulnerabilities to describe the transition probability after each vulnerability is exploited, thereby describing the network attack process and realizing the correlation analysis between vulnerabilities. The relationship between vulnerabilities and their subsequent attacks is as follows: Figure 6 As shown.
[0046] The following is an example of the local vulnerability of vulnerabilities calculated based on the data in Tables 1 and 2. First, determine the furthest distance on the ATT&CK attack chain after vulnerabilities A, B, C, D, E, and F are exploited. For example, vulnerabilities B and E can perform denial-of-service attacks, execute illegal code, disclose information, tamper with data, and perform denial-of-service attacks. Their corresponding distances on the ATT&CK attack chain are 12, 4, 7, and 11 respectively. The furthest distance for B and E is 12. , The CVE-2008-0076 score is 0.7499, indicating a local vulnerability threat. .
[0047] In step S305, the network vulnerability is globally assessed based on the multi-step attack probability. For example, the utilization rate of the second vulnerability is obtained using the multi-step attack probability; the global probability of the network is then obtained using the utilization rate of the second vulnerability.
[0048] The above-mentioned multi-step attack probability of utilizing the second vulnerability to obtain the utilization rate of the second vulnerability may include: constructing a topology of the utilization relationship between the first vulnerability and the second vulnerability, wherein, as shown in the figure... Figure 7 As shown, the exploitation relationship topology of a vulnerability in the attack graph can be divided into three cases: direct exploitation, OR exploitation, and AND exploitation. The utilization rate of the second vulnerability is obtained based on the exploitation relationship topology. This utilization rate represents the probability that a vulnerability in the entire network is selected by an attacker for attack. For example, if the first and second vulnerabilities have a direct exploitation relationship, then the utilization rate of the second vulnerability B is... Among them, the probability of the second vulnerability B being selected. The probability that the first vulnerability A is directly exploited. If the first and second vulnerabilities are in an OR-exploitation relationship, then the utilization rate of the third vulnerability C is... Among them, the probability of the third vulnerability point C being selected is... If the first and second vulnerabilities are in an AND-OPT relationship, then the utilization rate of the third vulnerability C is... Among them, the probability of the third vulnerability point C being selected is... .
[0049] An example of calculating utilization rate based on the data in Tables 1 and 2 is shown below. Figure 8 As shown. The selectivity is calculated based on the relationships between weaknesses; for example, the selectivity from start to weakness A is... Based on the calculated selectability of weaknesses, the vulnerability exploitation rate is calculated, where the initial probability of the host being successfully attacked is... Therefore, as ,but Calculate the utilization rates of B, C, D, E, and F accordingly.
[0050] The above-mentioned utilization rate of the second vulnerability is used to obtain the global probability of the network. Given that the three cases of topological exploitation mentioned above only represent the utilization rate on a single attack path, in reality, multiple attack chains intersect within the entire network, and the same vulnerability can be exploited by multiple attack chains. Therefore, to address the problem of the same vulnerability being exploited by multiple attack chains, this invention uses a weighted average method to calculate the global vulnerability exploitation probability, achieving dynamic vulnerability assessment based on network node location. For example, based on the first and second numbers and according to the ATT&CK model, multiple network attack chains are identified to calculate the multi-step attack probability; that is, based on the first and second numbers and according to ATT&CK, network attack chains are identified, and a weighted average method is used based on the attack chain length to calculate the global probability of the vulnerability being successfully exploited. Global Probability ,in, It is the utilization rate of the kth vulnerability. This indicates the length of the attack chain containing the k-th vulnerability. Let represent the length of the i-th attack chain, and r represent the number of attack chains associated with the vulnerability.
[0051] The following is an example of calculating the global probability based on the data in Tables 1 and 2. For instance, B and E both have the same vulnerability CVE-2006-0026 on host H3, but illegal code execution and data tampering are performed on H0-H3 and H1-H3 respectively, with ATT&CK distances of 4 and 11 respectively. Their global probabilities are... The global probability of the vulnerability is 0.3314.
[0052] Through the above-described embodiments of the present invention, vulnerabilities are mapped and numbered with attack techniques on ATT&CK that exploit these vulnerabilities. The location of the vulnerability on ATT&CK and the CVSS score are used as static local evaluation indicators of the vulnerability. Finally, a global evaluation of the vulnerability is given by the vulnerability utilization rate and the number of times the vulnerability is exploited on ATT&CK. It can not only construct and utilize the correlation between vulnerabilities, but also efficiently and dynamically realize the local and global evaluation of vulnerabilities.
[0053] Optionally, at least one embodiment of the present invention also provides a computer-readable non-volatile storage medium storing computer program instructions, which, when executed by a computer, execute the method for assessing network vulnerability developed in this invention.
[0054] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some or all of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of the present invention.
Claims
1. A method for assessing network vulnerability, characterized in that, include: Identify network vulnerabilities, wherein the vulnerabilities include a first vulnerability; A correlation analysis is performed on the first vulnerability to obtain a second vulnerability that has an exploitation relationship, and the multi-step attack probability of the second vulnerability is obtained, wherein the multi-step attack probability represents the probability of continuing to attack the second vulnerability if the first vulnerability is attacked; Based on the multi-step attack probability, the network vulnerability of the network is globally assessed; Among them, the second vulnerability identified through correlation analysis of the first vulnerability as having a exploitable relationship includes: Obtain the first and second numbers of the first vulnerability, wherein the first number is the CVE number and the second number is the ATT&CK sub-technology number; Using the CVE number and the ATT&CK sub-technology number, a second vulnerability that has an exploitation relationship with the first vulnerability is obtained; Based on the ATT&CK attack chain, the multi-step attack probability of the second vulnerability is obtained; The ATT&CK attack chain Where A represents the first vulnerability and B represents the second vulnerability, This is the final stage of attacking the first vulnerability A. To attack the current location of the first vulnerable point A, To attack the first vulnerable point A, the actual distance experienced. The position of the first vulnerability A on the ATT&CK attack chain. The distance from the location of the first vulnerability A to the ATT&CK attack chain is defined as follows: Based on the ATT&CK attack chain, the multi-step attack probability of obtaining the second vulnerability includes: The second vulnerability point has a high probability of multi-step attacks. ,in, , The CVSS vulnerability score for the second vulnerability B. The location of the attack that exploited the first vulnerability, A, is the furthest point on ATT&CK. = The farthest position The distance of subsequent movement, n represents the n vulnerable points of the network, k is the kth vulnerable point of the network, k≤n, B∈n.
2. The method according to claim 1, wherein the network includes a first node, the first node including the first vulnerability, characterized in that, Identifying network vulnerabilities includes: Perform a full network scan to identify the first vulnerability of the first node.
3. The method according to claim 1, characterized in that, Based on the multi-step attack probability, a global assessment of the network vulnerability includes: The utilization rate of the second vulnerability is obtained by utilizing the multi-step attack probability. The global probability of the network is obtained by utilizing the utilization rate of the second vulnerability.
4. The method according to claim 3, characterized in that, Using the aforementioned multi-step attack probability, the utilization rate of the second vulnerability is obtained by: Construct a topology of the exploitation relationship between the first vulnerability and the second vulnerability, wherein the topology of the exploitation relationship includes direct exploitation relationship, OR exploitation relationship, and both exploitation relationship; The utilization rate of the second vulnerability is obtained based on the topological relationship described above.
5. The method according to claim 4, wherein the network further comprises a third vulnerability C, characterized in that, The utilization rate of the second vulnerability point obtained based on the aforementioned topological utilization includes: If the first vulnerability and the second vulnerability have a direct exploitation relationship, then the utilization rate of the second vulnerability B is... Among them, the probability of the second vulnerability B being selected. The utilization rate of the first vulnerability A ;or If the first vulnerability and the second vulnerability are in an OR-exploitation relationship, then the utilization rate of the third vulnerability C is... Among them, the probability of the third vulnerability point C being selected is... ;or If the first vulnerability and the second vulnerability are in an AND-OP relationship, then the utilization rate of the third vulnerability C is... Among them, the probability of the third vulnerability point C being selected is... .
6. The method according to claim 5, characterized in that, The global probability of the network is obtained by utilizing the utilization rate of the second vulnerability, including: Global Probability ,in, It is the utilization rate of the kth vulnerability. This indicates the length of the attack chain containing the k-th vulnerability. Let represent the length of the i-th attack chain, and r represent the number of attack chains associated with the vulnerability.
7. Electronic devices used to assess network vulnerability, including: A processor, suitable for implementing various instructions; And a memory adapted to store multiple instructions adapted to be loaded and executed by a processor: the method for assessing network vulnerability as described in any one of claims 1-6.
8. A computer-readable non-volatile storage medium storing computer program instructions that, when executed by a computer, perform: the method for assessing network vulnerability as described in any one of claims 1-6.