Disclosure of Invention
Aiming at the defects of the prior art, the invention provides an enterprise network security assessment method, an enterprise network security assessment system, a storage medium and electronic equipment.
The technical scheme of the enterprise network security assessment method is as follows:
Generating a final matrix according to network security condition data of each preset node of the enterprise network to be evaluated;
and calculating the similarity between the final matrix and a preset standard matrix, and obtaining a comprehensive security assessment result of the enterprise network to be assessed according to the similarity and a preset comprehensive weight value corresponding to the preset standard matrix.
The enterprise network security assessment method has the following beneficial effects:
According to the network security condition data of each preset node of the enterprise network to be evaluated, a final matrix is generated, the similarity between the final matrix and the preset standard matrix is calculated, and the comprehensive security evaluation result of the enterprise network to be evaluated can be determined according to the similarity, so that the evaluation accuracy of the enterprise network to be evaluated can be ensured, and a neural network model is not required to be established and trained, thereby achieving the purpose of greatly reducing the calculated amount.
Based on the scheme, the enterprise network security assessment method can be improved as follows.
Further, the method further comprises the following steps:
Acquiring a plurality of initial network communication data sent by a first preset node to a second preset node, acquiring a plurality of final network communication data received by the second preset node, determining a data packet loss rate between the first preset node and the second preset node according to the initial network communication data and the final network communication data until the packet loss rate corresponding to each two preset nodes which directly conduct data interaction is obtained, and correcting a comprehensive safety evaluation result according to all the packet loss rates, wherein the first preset node and the second preset node represent any two preset nodes which directly conduct data interaction in all the preset nodes.
The adoption of the further scheme has the beneficial effects that the comprehensive safety evaluation result is corrected through the packet loss rate, so that the evaluation accuracy of the enterprise network to be evaluated is further improved.
Further, the method further comprises the following steps:
And respectively embedding the network security condition data of each preset node into corresponding digital watermarks, and storing the corresponding digital watermarks.
The further scheme has the beneficial effects that by embedding the digital watermark, the tampering is prevented, and the accuracy of data tracing can be ensured.
Further, the process of generating the final matrix includes:
generating an initial matrix corresponding to each preset node according to the network security condition data of each preset node of the enterprise network to be evaluated, and generating the final matrix according to all the initial matrices.
Further, the network security condition data comprise abnormal event condition data, security hole condition data, data inflow in unit time and anti-attack capability level.
The technical scheme of the enterprise network security assessment system is as follows:
The system comprises a generation module and an evaluation module;
the generating module is used for generating a final matrix according to the network security condition data of each preset node of the enterprise network to be evaluated;
The evaluation module is used for calculating the similarity between the final matrix and a preset standard matrix and obtaining the comprehensive security evaluation result of the enterprise network to be evaluated according to the similarity and a preset comprehensive weight value corresponding to the preset standard matrix.
The enterprise network security assessment system has the following beneficial effects:
According to the network security condition data of each preset node of the enterprise network to be evaluated, a final matrix is generated, the similarity between the final matrix and the preset standard matrix is calculated, and the comprehensive security evaluation result of the enterprise network to be evaluated can be determined according to the similarity, so that the evaluation accuracy of the enterprise network to be evaluated can be ensured, and a neural network model is not required to be established and trained, thereby achieving the purpose of greatly reducing the calculated amount.
Based on the scheme, the enterprise network security assessment system can be improved as follows.
Further, the system also comprises a correction module, wherein the correction module is used for:
Acquiring a plurality of initial network communication data sent by a first preset node to a second preset node, acquiring a plurality of final network communication data received by the second preset node, determining a data packet loss rate between the first preset node and the second preset node according to the initial network communication data and the final network communication data until the packet loss rate corresponding to each two preset nodes which directly conduct data interaction is obtained, and correcting a comprehensive safety evaluation result according to all the packet loss rates, wherein the first preset node and the second preset node represent any two preset nodes which directly conduct data interaction in all the preset nodes.
The adoption of the further scheme has the beneficial effects that the comprehensive safety evaluation result is corrected through the packet loss rate, so that the evaluation accuracy of the enterprise network to be evaluated is further improved.
Further, the system also comprises a watermarking module, wherein the watermarking module is used for:
And respectively embedding the network security condition data of each preset node into corresponding digital watermarks, and storing the corresponding digital watermarks.
The further scheme has the beneficial effects that by embedding the digital watermark, the tampering is prevented, and the accuracy of data tracing can be ensured.
Further, the generating module is specifically configured to:
generating an initial matrix corresponding to each preset node according to the network security condition data of each preset node of the enterprise network to be evaluated, and generating the final matrix according to all the initial matrices.
Further, the network security condition data comprise abnormal event condition data, security hole condition data, data inflow in unit time and anti-attack capability level.
A storage medium of the present invention has instructions stored therein, which when read by a computer, cause the computer to perform an enterprise network security assessment method as set forth in any one of the above.
An electronic device of the present invention includes a processor and the storage medium described above, where the processor executes instructions in the storage medium.
Detailed Description
As shown in fig. 1, an enterprise network security assessment method according to an embodiment of the present invention includes the following steps:
s1, generating a final matrix according to network security condition data of each preset node of an enterprise network to be evaluated;
The enterprise network represents a network applied to an enterprise, and the nodes represent entity components or virtual components in the enterprise network, wherein the entity components can be specifically a server, a computer, a switch, a gateway, a memory, a router and the like, and the virtual components can be specifically a database, a cloud platform, a cloud memory and the like.
The network security condition data comprise abnormal event condition data, security hole condition data, data inflow in unit time and anti-attack capability level, and the preset nodes represent selected nodes.
Wherein, the process of generating the final matrix is as follows:
Generating an initial matrix corresponding to each preset node according to the network security condition data of each preset node of the enterprise network to be evaluated, and generating the final matrix according to all the initial matrices, specifically:
1) The specific form of the initial matrix can be set according to actual conditions, for example, the initial matrix is a matrix with 1 row and more columns, and because the network security condition data comprise abnormal event condition data, security hole condition data, data inflow in unit time and anti-attack capability level, at this time, the initial matrix is a matrix with 1 row and 4 columns, and the initial matrix can also be set as a matrix with 2 rows and 2 columns;
2) The security vulnerability situation data comprises vulnerability types, vulnerability grades, vulnerability influence ranges and vulnerability occurrence frequencies, wherein the evaluation standard of the data inflow in unit time is that the lower the security evaluation grade is, the attack resistance grade can be determined by a multi-intelligent system network attack resistance evaluation method based on characterization learning, a network behavior attack method based on FPGA or a scale-free network attack method based on random neighbor nodes, and the attack resistance grade of each preset node can be determined by other prior technologies as the data inflow in unit time is increased;
the method comprises the steps of quantifying each abnormal event condition data, security hole condition data, data inflow in unit time and anti-attack capacity level by manually setting a standard to obtain an initial matrix, and then arranging all the initial matrices according to a preset sequence, such as a preset node sequence, to generate the final matrix.
S2, calculating the similarity between the final matrix and a preset standard matrix, and obtaining a comprehensive security assessment result of the enterprise network to be assessed according to the similarity and a preset comprehensive weight value corresponding to the preset standard matrix.
The network security condition data, namely, abnormal event condition data, security hole condition data, data inflow in unit time and anti-attack capability level of each preset node are preset manually, are used as standard network security condition data and are respectively marked as standard abnormal event condition data, standard security hole condition data, data inflow in standard unit time and standard anti-attack capability level for reference, the standard abnormal event condition data, standard security hole condition data, data inflow in standard unit time and standard anti-attack capability level are quantified according to the same manually set standard, a matrix corresponding to each preset node is generated in a specific form of the initial matrix, and then the matrix corresponding to each preset node is arranged according to the preset sequence to generate a standard matrix. The method comprises the steps of generating a plurality of standard matrixes by changing specific values of standard abnormal event condition data, standard security vulnerability condition data, data inflow in standard unit time and standard anti-attack capability level, and verifying comprehensive weight values corresponding to each standard matrix and comprehensive security assessment results corresponding to each comprehensive weight value by a plurality of experts so as to improve accurate corresponding relations among network security condition data, preset comprehensive weight values and comprehensive security assessment results corresponding to each preset comprehensive weight value, and finally achieve the purpose of improving accuracy of comprehensive security assessment results of an enterprise network to be assessed.
In theory, any standard matrix can be used as a preset standard matrix, the similarity between the final matrix and the preset standard matrix is calculated, the similarity is specifically euclidean distance, mahalanobis distance or cosine similarity, and the comprehensive security evaluation result of the enterprise network to be evaluated is obtained according to the similarity and a preset comprehensive weight value corresponding to the preset standard matrix. Specifically:
The comprehensive safety evaluation results can be a first-level safety level, a second-level safety level, a third-level safety level and other safety levels, wherein the first-level safety level is the highest safety level, and other safety levels are analogized in sequence, for example, the comprehensive safety evaluation result corresponding to the comprehensive weight value of 10 is the first-level safety level, the comprehensive safety evaluation result corresponding to the comprehensive weight value of 9 to 10 is the second-level safety level, the comprehensive safety evaluation result corresponding to the comprehensive weight value of 8 to 9 is the second-level safety level, and the like, and for the convenience of calculation, a standard matrix corresponding to the highest safety level, namely the comprehensive weight value corresponding to the first-level safety level, is often used as a preset standard matrix, and concretely:
1) Taking a standard matrix corresponding to a comprehensive weight value with the value of 10 as a preset standard matrix, if the similarity between the final matrix and the preset standard matrix is 100%, the preset comprehensive weight value corresponding to the preset standard matrix is the comprehensive weight value of the enterprise network to be evaluated, and acquiring a comprehensive security evaluation result corresponding to the preset comprehensive weight value, namely a first-level security level, from the preset comprehensive security evaluation result corresponding to each comprehensive weight value, and taking the comprehensive security evaluation result as the comprehensive security evaluation result of the enterprise network to be evaluated.
2) Taking a standard matrix corresponding to a comprehensive weight value with the value of 10 as a preset standard matrix, if the similarity between the final matrix and the preset standard matrix is 50%, 50% of the preset comprehensive weight value corresponding to the preset standard matrix is the comprehensive weight value of the enterprise network to be evaluated, namely, the comprehensive weight value of the enterprise network to be evaluated is 5, and acquiring a comprehensive security evaluation result corresponding to the preset comprehensive weight value, namely, a five-level security level, from the preset comprehensive security evaluation results corresponding to each comprehensive weight value, and taking the comprehensive security evaluation result as the comprehensive security evaluation result of the enterprise network to be evaluated.
3) Taking a standard matrix corresponding to a comprehensive weight value with the value of 10 as a preset standard matrix, if the similarity between the final matrix and the preset standard matrix is 60%, 60% of the preset comprehensive weight value corresponding to the preset standard matrix is the comprehensive weight value of the enterprise network to be evaluated, namely the comprehensive weight value of the enterprise network to be evaluated is 6, and acquiring a comprehensive security evaluation result corresponding to the preset comprehensive weight value, namely a four-level security level, from the comprehensive security evaluation result corresponding to each preset comprehensive weight value to be used as the comprehensive security evaluation result of the enterprise network to be evaluated. And then upgrading the network security of the enterprise network to be evaluated according to the comprehensive security evaluation result.
4) And taking a standard matrix corresponding to the comprehensive weight value with the value of 10 as a preset standard matrix, and if the similarity between the final matrix and the preset standard matrix is 65%, and the comprehensive weight value of the enterprise network to be evaluated is 6.5, determining the comprehensive safety evaluation result corresponding to the preset comprehensive weight value as a four-level safety level. As a comprehensive security assessment result of the enterprise network to be assessed. And then upgrading the network security of the enterprise network to be evaluated according to the comprehensive security evaluation result.
According to the network security condition data of each preset node of the enterprise network to be evaluated, a final matrix is generated, the similarity between the final matrix and the preset standard matrix is calculated, and the comprehensive security evaluation result of the enterprise network to be evaluated can be determined according to the similarity, so that the evaluation accuracy of the enterprise network to be evaluated can be ensured, and a neural network model is not required to be established and trained, thereby achieving the purpose of greatly reducing the calculated amount.
Optionally, in the above technical solution, the method further includes:
S3, acquiring a plurality of initial network communication data sent by a first preset node to a second preset node, acquiring a plurality of final network communication data received by the second preset node, determining a data packet loss rate between the first preset node and the second preset node according to the initial network communication data and the final network communication data until the packet loss rate corresponding to each two preset nodes which directly conduct data interaction is obtained, and correcting a comprehensive safety evaluation result according to all the packet loss rates, wherein the first preset node and the second preset node represent any two preset nodes which directly conduct data interaction in all the preset nodes. And correcting the comprehensive safety evaluation result through the packet loss rate, and further improving the evaluation accuracy of the enterprise network to be evaluated. Specifically:
For example, in a unit time, for example, in 1 hour, the first preset node sends 100 pieces of initial network communication data to the second preset node, and the initial network communication data are divided into 10000 pieces of packets to be sent, when the second preset node receives 100 pieces of initial network communication data sent by the first preset node, 100 pieces of network communication data are received, that is, 100 pieces of final network communication data are received, but 9900 pieces of data packets are received in total, so that the packet loss rate is 1% until the packet loss rate corresponding to each two preset nodes which directly perform data interaction is obtained, if the total packet loss rate is 100, if the number of packet loss rates with values greater than 1% in the 100 packet loss rates exceeds 80%, the comprehensive security evaluation result is subjected to a level-down process, for example, when the comprehensive security evaluation result of the enterprise network to be evaluated obtained according to the final matrix is a level-down process, that is, the comprehensive security evaluation result of the enterprise network to be evaluated is a level-down security level.
Optionally, in the above technical solution, the method further includes:
S4, respectively embedding the network security condition data of each preset node into corresponding digital watermarks, and storing the corresponding digital watermarks. The watermark algorithm can be adopted to embed corresponding digital watermarks for network security condition data of each preset node respectively, the digital watermark verification process is generally executed through a qualified watermark verification mechanism, and the tamper is prevented by embedding the digital watermarks, so that the accuracy of data tracing can be ensured.
In the above embodiments, although steps S1, S2, etc. are numbered, only specific embodiments of the present application are given, and those skilled in the art may adjust the execution sequence of S1, S2, etc. according to the actual situation, which is also within the scope of the present application, and it is understood that some embodiments may include some or all of the above embodiments.
As shown in fig. 2, an enterprise network security assessment system 200 according to an embodiment of the present invention includes a generation module 210 and an assessment module 220;
the generating module 210 is configured to generate a final matrix according to network security data of each preset node of the enterprise network to be evaluated;
The evaluation module 220 is configured to calculate a similarity between the final matrix and a preset standard matrix, and obtain a comprehensive security evaluation result of the enterprise network to be evaluated according to the similarity and a preset comprehensive weight value corresponding to the preset standard matrix.
According to the network security condition data of each preset node of the enterprise network to be evaluated, a final matrix is generated, the similarity between the final matrix and the preset standard matrix is calculated, and the comprehensive security evaluation result of the enterprise network to be evaluated can be determined according to the similarity, so that the evaluation accuracy of the enterprise network to be evaluated can be ensured, and a neural network model is not required to be established and trained, thereby achieving the purpose of greatly reducing the calculated amount.
Optionally, in the above technical solution, the system further includes a correction module, where the correction module is configured to:
Acquiring a plurality of initial network communication data sent by a first preset node to a second preset node, acquiring a plurality of final network communication data received by the second preset node, determining a data packet loss rate between the first preset node and the second preset node according to the initial network communication data and the final network communication data until the packet loss rate corresponding to each two preset nodes which directly conduct data interaction is obtained, and correcting a comprehensive safety evaluation result according to all the packet loss rates, wherein the first preset node and the second preset node represent any two preset nodes which directly conduct data interaction in all the preset nodes.
And correcting the comprehensive safety evaluation result through the packet loss rate, and further improving the evaluation accuracy of the enterprise network to be evaluated.
Optionally, in the above technical solution, the system further includes a watermarking module, where the watermarking module is configured to:
And respectively embedding the network security condition data of each preset node into corresponding digital watermarks, and storing the corresponding digital watermarks. By embedding the digital watermark, tampering is prevented, and the accuracy of data tracing can be ensured.
Optionally, in the above technical solution, the generating module 210 is specifically configured to:
generating an initial matrix corresponding to each preset node according to the network security condition data of each preset node of the enterprise network to be evaluated, and generating the final matrix according to all the initial matrices.
Optionally, in the above technical solution, the network security condition data includes abnormal event condition data, security hole condition data, data inflow in unit time and anti-attack capability level.
The steps for implementing the corresponding functions of the parameters and the unit modules in the enterprise network security assessment system 200 according to the present invention are referred to in the embodiments of the enterprise network security assessment method, and are not described herein.
The storage medium of the embodiment of the invention stores instructions, when the instructions are read by a computer, the computer is caused to execute an enterprise network security assessment method according to any one of the above.
An electronic device according to an embodiment of the present invention includes a processor and the above-described storage medium, where the processor executes instructions in the storage medium. Wherein, the electronic equipment can be selected from computers, mobile phones and the like.
Those skilled in the art will appreciate that the present invention may be implemented as a system, method, or computer program product.
Accordingly, the present disclosure may be embodied in either entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or in a combination of hardware and software, referred to herein generally as a "circuit," module, "or" system. Furthermore, in some embodiments, the invention may also be embodied in the form of a computer program product in one or more computer-readable media, which contain computer-readable program code.
Any combination of one or more computer readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer-readable storage medium include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination thereof. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.