CN115834412A

Movatterモバイル変換

Info

Publication number: CN115834412A
Application number: CN202211372371.3A
Authority: CN
Inventors: 梁佳祥; 胡文斌; 孙毅; 周映; 卢昌温
Original assignee: China United Network Communications Group Co Ltd
Current assignee: China United Network Communications Group Co Ltd
Priority date: 2022-11-03
Filing date: 2022-11-03
Publication date: 2023-03-21

Abstract

Description

Translated fromChinese

网络安全态势评估方法、装置、电子设备及存储介质Network security situation assessment method, device, electronic equipment and storage medium

技术领域technical field

本申请涉及大数据技术，尤其涉及一种网络安全态势评估方法、装置、电子设备及存储介质。The present application relates to big data technology, and in particular to a network security situation assessment method, device, electronic equipment and storage medium.

背景技术Background technique

随着网络与信息技术的飞速发展，网络安全问题层出不穷，例如，海量的终端接入、传统的网络边界消失、网络攻击的隐秘性和复杂度大大增强等。对于网络安全防御提出了更高的要求，网络安全防护已经从被动防御向主动防护和智能防护转变。With the rapid development of network and information technology, network security issues emerge in an endless stream, such as massive terminal access, traditional network boundaries disappear, and the secrecy and complexity of network attacks are greatly enhanced. Higher requirements are put forward for network security defense, and network security protection has changed from passive defense to active protection and intelligent protection.

目前，应用网络安全态势感知有效感知网络安全威胁态势、洞悉网络及应用运行监控状态、通过全流量分析技术实现完整的网络攻击溯源取证，可以帮助安全人员采取针对性响应处置措施。因此，如何实现对待评估网络的实时有效的风险评估，提高待评估网络的安全性和可靠性，成为当前亟待解决的问题。At present, the application of network security situational awareness can effectively perceive the network security threat situation, gain insight into the monitoring status of network and application operation, and realize complete network attack source tracing and evidence collection through full traffic analysis technology, which can help security personnel take targeted response measures. Therefore, how to realize real-time and effective risk assessment of the network to be evaluated and improve the security and reliability of the network to be evaluated has become an urgent problem to be solved.

发明内容Contents of the invention

本申请提供一种网络安全态势评估方法、装置、电子设备及存储介质，用以实现对待评估网络实时有效的风险评估。The present application provides a network security situation assessment method, device, electronic equipment and storage medium, which are used to realize real-time and effective risk assessment of the network to be assessed.

第一方面，本申请提供一种网络安全态势评估方法，包括：将第一时段作为当前的第一目标时段，执行第一处理，得到所述第一时段下所述待评估网络的风险等级；其中，所述第一处理包括：获取第一目标时段下待评估网络的安全威胁指数和第二目标时段下所述待评估网络的安全威胁指数的均值；其中，所述第一目标时段属于所述第二目标时段且所述第一目标时段和所述第二目标时段的结束时刻相同；根据所述第一目标时段下待评估网络的安全威胁指数和所述第二目标时段下所述待评估网络的安全威胁指数的均值，计算获得所述第一目标时段下所述待评估网络的风险值；若所述第一目标时段下所述待评估网络的风险值小于第一风险阈值，则判定所述第一时段下所述待评估网络的风险等级为初级；若所述第一目标时段下所述待评估网络的风险值大于第一风险阈值且小于第二风险阈值，则判定所述第一时段下所述待评估网络的风险等级为中级；若所述第一目标时段下所述待评估网络的风险值大于第二风险阈值，则判定所述第一时段下所述待评估网络的风险等级为高级；其中，所述第一风险阈值小于第二风险阈值。In a first aspect, the present application provides a network security situation assessment method, including: using the first time period as the current first target time period, performing a first process to obtain the risk level of the network to be evaluated under the first time period; Wherein, the first processing includes: obtaining the average value of the security threat index of the network to be evaluated under the first target time period and the security threat index of the network to be evaluated under the second target time period; wherein, the first target time period belongs to the The second target period and the end time of the first target period and the second target period are the same; according to the security threat index of the network to be evaluated under the first target period and the to-be Evaluate the mean value of the security threat index of the network, and calculate and obtain the risk value of the network to be evaluated under the first target time period; if the risk value of the network to be evaluated under the first target time period is less than the first risk threshold, then Determining that the risk level of the network to be evaluated under the first time period is elementary; if the risk value of the network to be evaluated under the first target time period is greater than a first risk threshold and less than a second risk threshold, then determine that the The risk level of the network to be evaluated under the first time period is medium; if the risk value of the network to be evaluated under the first target time period is greater than the second risk threshold, it is determined that the network to be evaluated under the first time period The risk level of is high; wherein, the first risk threshold is smaller than the second risk threshold.

在一些实施方式中，所述根据所述第一目标时段下待评估网络的安全威胁指数和所述第二目标时段下所述待评估网络的安全威胁指数的均值，计算获得所述第一目标时段下所述待评估网络的风险值，包括：对所述第一目标时段下待评估网络的安全威胁指数和所述第二目标时段下所述待评估网络的安全威胁指数的均值，进行相关性计算，获得所述第一目标时段下所述待评估网络的风险值。In some embodiments, the first target is obtained by calculating according to the average value of the security threat index of the network to be evaluated under the first target period and the security threat index of the network to be evaluated under the second target period The risk value of the network to be evaluated under the time period includes: correlating the average value of the security threat index of the network to be evaluated under the first target time period and the security threat index of the network to be evaluated under the second target time period performance calculation to obtain the risk value of the network to be evaluated under the first target time period.

在一些实施方式中，所述获取第一目标时段下待评估网络的安全威胁指数和第二目标时段下所述待评估网络的安全威胁指数的均值，包括：分别将第一目标时段和第二目标时段作为目标时段，通过执行预定处理，得到所述第一目标时段下待评估网络的安全威胁指数和所述第二目标时段下所述待评估网络的安全威胁指数；根据所述第二目标时段下所述待评估网络的安全威胁指数和所述第二目标时段的时长，计算得到所述第二目标时段下所述待评估网络的安全威胁指数的均值；其中，所述预定处理包括：根据目标时段内所述待评估网络的历史安全事件，分析得到每个设备类型下单个设备在所述待评估网络中的安全威胁指数，所述历史安全事件数据包括目标时段内每个设备类型下的设备受攻击的严重程度、目标时段内每个设备类型下的设备受攻击的次数以及每个设备类型下单个设备在所述待评估网络中的权重；根据所述每个设备类型下单个设备在所述待评估网络中的安全威胁指数，计算得到所述目标时段内所述待评估网络的安全威胁指数。In some embodiments, the obtaining the average value of the security threat index of the network to be evaluated under the first target time period and the security threat index of the network to be evaluated under the second target time period includes: respectively dividing the first target time period and the second target time period The target time period is used as the target time period, and the security threat index of the network to be evaluated under the first target time period and the security threat index of the network to be evaluated under the second target time period are obtained by performing predetermined processing; according to the second target The security threat index of the network to be evaluated under the time period and the duration of the second target time period are calculated to obtain the mean value of the security threat index of the network to be evaluated under the second target time period; wherein the predetermined processing includes: According to the historical security events of the network to be evaluated within the target time period, the security threat index of a single device in the network to be evaluated is obtained by analyzing the security threat index of a single device under each device type, and the historical security event data includes The severity of the attack on the device, the number of attacks on each device type within the target period, and the weight of each device type in the network to be evaluated; according to the The security threat index in the network to be evaluated is calculated to obtain the security threat index of the network to be evaluated within the target time period.

在一些实施方式中，所述方法还包括：根据预定的网络层关系，确定所述待评估网络的网络类型；所述网络层包括系统层、主机层以及服务层；分别计算所述待评估网络的网络类型对应的权重和每个设备类型的权重的乘积结果，获得每个设备类型下单个设备在所述待评估网络中的权重。In some embodiments, the method further includes: determining the network type of the network to be evaluated according to a predetermined network layer relationship; the network layer includes a system layer, a host layer, and a service layer; The product result of the weight corresponding to the network type and the weight of each device type is obtained to obtain the weight of a single device in the network to be evaluated under each device type.

在一些实施方式中，所述根据所述每个设备类型下单个设备在所述待评估网络中的安全威胁指数，计算得到所述目标时段内所述待评估网络的安全威胁指数，包括：计算所述每个设备类型下单个设备在所述待评估网络中的安全威胁指数与该设备类型下的设备数量的乘积，得到所述待评估网络下每个设备类型的安全威胁指数；对所述待评估网络下所有设备类型的安全威胁指数进行求和计算，得到目标时段内所述待评估网络的安全威胁指数。In some implementations, the calculating the security threat index of the network to be evaluated within the target period according to the security threat index of a single device under each device type in the network to be evaluated includes: calculating The product of the security threat index of a single device in the network to be evaluated under each device type and the number of devices in the device type is obtained to obtain the security threat index of each device type in the network to be evaluated; The security threat indices of all device types under the network to be evaluated are summed to obtain the security threat index of the network to be evaluated within the target time period.

在一些实施方式中，所述根据目标时段内所述待评估网络的历史安全事件，分析得到每个设备类型下单个设备在所述待评估网络中的安全威胁指数，包括：针对每个设备类型，通过计算目标时段内所述设备类型下的设备受攻击的严重程度、目标时段内所述设备类型下的设备受攻击的次数以及所述设备类型下的单个设备在所述待评估网络中的权重的乘积结果，得到所述设备类型下单个设备在所述待评估网络中的安全威胁指数。In some embodiments, according to the historical security events of the network to be evaluated within the target period, analyzing and obtaining the security threat index of a single device in the network to be evaluated under each device type includes: for each device type , by calculating the severity of attacks on devices of the device type within the target period, the number of attacks on devices of the device type within the target period, and the number of attacks on a single device of the device type in the network to be evaluated The result of the product of the weights is to obtain the security threat index of a single device of the device type in the network to be evaluated.

在一些实施方式中，所述方法还包括：根据所述待评估网络的风险等级，生成与所述风险等级对应的第一预警信号；其中，不同风险等级对应的预警信号的类型的数量不同，且风险等级越高预警信号的类型的数量越多；向用户推送所述第一预警信号；其中，所述预警信号的类型包括声光信号、短信、邮件以及语音信号。In some implementations, the method further includes: according to the risk level of the network to be assessed, generating a first early warning signal corresponding to the risk level; wherein, the number of types of early warning signals corresponding to different risk levels is different, And the higher the risk level, the more the types of early warning signals; the first early warning signal is pushed to the user; wherein, the types of the early warning signals include sound and light signals, short messages, emails and voice signals.

在一些实施方式中，所述向用户推送所述预警信号之后，还包括：将所述第一时段之后的第二时段作为当前的第一目标时段，执行所述第一处理，得到所述第二时段下所述待评估网络的风险等级；若所述第二时段下所述待评估网络的风险等级和所述第一时段下所述待评估网络的风险等级相同，则生成第二预警信号；所述第二预警信号对应的风险等级高于所述第一预警信号对应的风险等级；向用户推送所述第二预警信号。In some embodiments, after pushing the warning signal to the user, it further includes: using the second time period after the first time period as the current first target time period, executing the first process to obtain the first time period The risk level of the network to be assessed under the second period; if the risk level of the network to be assessed under the second period is the same as the risk level of the network to be assessed under the first period, a second early warning signal is generated ; The risk level corresponding to the second early warning signal is higher than the risk level corresponding to the first early warning signal; pushing the second early warning signal to the user.

第二方面，本申请提供一种网络安全态势评估装置，包括：指示模块以及处理模块；所述指示模块用于将第一时段作为当前的第一目标时段，指示所述处理模块执行第一处理，得到所述第一时段下所述待评估网络的风险等级；所述处理模块包括：获取单元，用于获取第一目标时段下待评估网络的安全威胁指数和第二目标时段下所述待评估网络的安全威胁指数的均值；其中，所述第一目标时段属于所述第二目标时段且所述第一目标时段和所述第二目标时段的结束时刻相同；计算单元，用于根据所述第一目标时段下待评估网络的安全威胁指数和所述第二目标时段下所述待评估网络的安全威胁指数的均值，计算获得所述第一目标时段下所述待评估网络的风险值；判定单元，用于若所述第一目标时段下所述待评估网络的风险值小于第一风险阈值，则判定所述第一时段下所述待评估网络的风险等级为初级；若所述第一目标时段下所述待评估网络的风险值大于第一风险阈值且小于第二风险阈值，则判定所述第一时段下所述待评估网络的风险等级为中级；若所述第一目标时段下所述待评估网络的风险值大于第二风险阈值，则判定所述第一时段下所述待评估网络的风险等级为高级；其中，所述第一风险阈值小于第二风险阈值。In a second aspect, the present application provides a network security situation assessment device, including: an instruction module and a processing module; the instruction module is used to use the first time period as the current first target time period, and instruct the processing module to perform the first processing , to obtain the risk level of the network to be evaluated under the first period; Evaluate the mean value of the security threat index of the network; wherein, the first target period belongs to the second target period and the end time of the first target period and the second target period are the same; the calculation unit is configured to The average value of the security threat index of the network to be evaluated under the first target time period and the security threat index of the network to be evaluated under the second target time period is calculated to obtain the risk value of the network to be evaluated under the first target time period a determination unit, configured to determine that the risk level of the network to be assessed under the first period of time is elementary if the risk value of the network to be assessed under the first target period is less than a first risk threshold; The risk value of the network to be evaluated under the first target time period is greater than the first risk threshold and less than the second risk threshold, then it is determined that the risk level of the network to be evaluated under the first time period is medium; if the first target If the risk value of the network to be evaluated in the time period is greater than the second risk threshold, it is determined that the risk level of the network to be evaluated in the first time period is high; wherein the first risk threshold is smaller than the second risk threshold.

在一些实施方式中，所述计算单元具体用于：对所述第一目标时段下待评估网络的安全威胁指数和所述第二目标时段下所述待评估网络的安全威胁指数的均值，进行相关性计算，获得所述第一目标时段下所述待评估网络的风险值。In some embodiments, the calculation unit is specifically configured to: calculate the average value of the security threat index of the network to be evaluated under the first target time period and the security threat index of the network to be evaluated under the second target time period. The correlation calculation is to obtain the risk value of the network to be evaluated under the first target time period.

在一些实施方式中，所述获取单元具体用于：分别将第一目标时段和第二目标时段作为目标时段，通过执行预定处理，得到所述第一目标时段下待评估网络的安全威胁指数和所述第二目标时段下所述待评估网络的安全威胁指数；根据所述第二目标时段下所述待评估网络的安全威胁指数和第二目标时段的时长，计算得到所述第二目标时段下所述待评估网络的安全威胁指数的均值；其中，所述预定处理包括：根据目标时段内所述待评估网络的历史安全事件，分析得到每个设备类型下单个设备在所述待评估网络中的安全威胁指数，所述历史安全事件数据包括目标时段内每个设备类型下的设备受攻击的严重程度、目标时段内每个设备类型下的设备受攻击的次数以及每个设备类型下单个设备在所述待评估网络中的权重；根据所述每个设备类型下单个设备在所述待评估网络中的安全威胁指数，计算得到所述目标时段内所述待评估网络的安全威胁指数。In some implementations, the acquiring unit is specifically configured to: respectively use the first target time period and the second target time period as the target time period, and obtain the security threat index and The security threat index of the network to be assessed under the second target period; the second target period is calculated according to the security threat index of the network to be assessed under the second target period and the duration of the second target period The average value of the security threat index of the network to be evaluated is as follows; wherein, the predetermined processing includes: according to the historical security events of the network to be evaluated within the target period, analyze and obtain the information of a single device under each device type in the network to be evaluated The security threat index in , the historical security event data includes the severity of attacks on devices of each device type within the target period, the number of attacks on devices of each device type within the target period, and the individual The weight of the device in the network to be evaluated; according to the security threat index of a single device in the network to be evaluated under each device type, the security threat index of the network to be evaluated within the target period is calculated.

在一些实施方式中，所述装置还包括：确定模块，用于根据预定的网络层关系，确定所述待评估网络的网络类型；所述网络层包括系统层、主机层以及服务层；计算模块，用于分别计算所述待评估网络的网络类型对应的权重和每个设备类型的权重的乘积结果，获得每个设备类型下单个设备在所述待评估网络中的权重。In some embodiments, the device further includes: a determination module, configured to determine the network type of the network to be evaluated according to a predetermined network layer relationship; the network layer includes a system layer, a host layer, and a service layer; a calculation module is used to separately calculate the product result of the weight corresponding to the network type of the network to be evaluated and the weight of each device type, and obtain the weight of a single device of each device type in the network to be evaluated.

在一些实施方式中，所述获取单元用于根据所述每个设备类型下单个设备在所述待评估网络中的安全威胁指数，计算得到所述目标时段内所述待评估网络的安全威胁指数时，具体用于：计算所述每个设备类型下单个设备在所述待评估网络中的安全威胁指数与该设备类型下的设备数量的乘积，得到所述待评估网络下每个设备类型的安全威胁指数；对所述待评估网络下所有设备类型的安全威胁指数进行求和计算，得到所述目标时段内所述待评估网络的安全威胁指数。In some implementations, the acquiring unit is configured to calculate the security threat index of the network to be evaluated within the target period according to the security threat index of a single device of each device type in the network to be evaluated When, it is specifically used to: calculate the product of the security threat index of a single device in the network to be evaluated under each device type and the number of devices under the device type, and obtain the security threat index of each device type in the network to be evaluated A security threat index: summing and calculating the security threat indices of all types of devices under the network to be evaluated to obtain the security threat index of the network to be evaluated within the target time period.

在一些实施方式中，所述获取单元用于根据目标时段内所述待评估网络的历史安全事件，分析得到每个设备类型下单个设备在所述待评估网络中的安全威胁指数时，具体用于：针对每个设备类型，通过计算目标时段内所述设备类型下的设备受攻击的严重程度、目标时段内所述设备类型下的设备受攻击的次数以及所述设备类型下的单个设备在所述待评估网络中的权重的乘积结果，得到所述设备类型下单个设备在所述待评估网络中的安全威胁指数。In some implementations, the acquiring unit is configured to analyze and obtain the security threat index of a single device of each device type in the network to be evaluated according to the historical security events of the network to be evaluated within the target period, specifically using In: For each device type, by calculating the attack severity of the device under the device type within the target period, the number of attacks against the device under the device type within the target period, and the number of times a single device under the device type is attacked The result of the product of the weights in the network to be evaluated is to obtain the security threat index of a single device of the device type in the network to be evaluated.

在一些实施方式中，所述装置还包括：预警生成模块，用于根据所述待评估网络的风险等级，生成与所述风险等级对应的第一预警信号；其中，不同风险等级对应的预警信号的类型的数量不同，且风险等级越高预警信号的类型的数量越多；推送模块，用于向用户推送所述第一预警信号；其中，所述预警信号的类型包括声光信号、短信、邮件以及语音信号。In some embodiments, the device further includes: an early warning generation module, configured to generate a first early warning signal corresponding to the risk level according to the risk level of the network to be evaluated; wherein, the early warning signals corresponding to different risk levels The number of types is different, and the higher the risk level, the more the number of types of early warning signals; the push module is used to push the first early warning signal to the user; wherein, the types of the early warning signal include sound and light signals, short messages, mail and voice signals.

在一些实施方式中，所述指示模块，还用于将所述第一时段之后的第二时段作为当前的第一目标时段，指示所述处理模块执行所述第一处理，得到所述第二时段下所述待评估网络的风险等级；所述预警生成模块，还用于若所述第二时段下所述待评估网络的风险等级和所述第一时段下所述待评估网络的风险等级相同，则生成第二预警信号；所述第二预警信号对应的风险等级高于所述第一预警信号对应的风险等级；所述推送模块，还用于向用户推送所述第二预警信号。In some implementations, the instructing module is further configured to use the second time period after the first time period as the current first target time period, and instruct the processing module to execute the first processing to obtain the second The risk level of the network to be evaluated under the time period; the early warning generation module is also used to if the risk level of the network to be evaluated under the second time period and the risk level of the network to be evaluated under the first time period If they are the same, a second early warning signal is generated; the risk level corresponding to the second early warning signal is higher than the risk level corresponding to the first early warning signal; the push module is further configured to push the second early warning signal to the user.

第三方面，本申请提供一种电子设备，包括：处理器，以及与所述处理器通信连接的存储器；所述存储器存储计算机执行指令；所述处理器执行所述存储器存储的计算机执行指令，以实现用于实现如前所述的方法。In a third aspect, the present application provides an electronic device, including: a processor, and a memory communicatively connected to the processor; the memory stores computer-executable instructions; the processor executes the computer-executable instructions stored in the memory, to implement the methods used to implement the above.

第四方面，本申请提供一种计算机可读存储介质，所述计算机可读存储介质中存储有计算机执行指令，所述计算机执行指令被处理器执行时用于实现如前所述的方法。In a fourth aspect, the present application provides a computer-readable storage medium, wherein computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are used to implement the aforementioned method when executed by a processor.

本申请提供的网络安全态势评估方法、装置、电子设备及存储介质中，将第一时段作为当前的第一目标时段，执行第一处理，得到第一时段下待评估网络的风险等级；其中，第一处理包括：获取第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值；根据第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值，计算获得第一目标时段下待评估网络的风险值；若第一目标时段下待评估网络的风险值小于第一风险阈值，则判定第一时段下待评估网络的风险等级为初级；若第一目标时段下待评估网络的风险值大于第一风险阈值且小于第二风险阈值，则判定第一时段下待评估网络的风险等级为中级；若第一目标时段下待评估网络的风险值大于第二风险阈值，则判定第一时段下待评估网络的风险等级为高级。本申请的方案，将第一时段作为当前的第一目标时段，通过执行第一处理，得到了第一时段下待评估网络的风险等级，实现了对待评估网络的实时有效的风险评估，提高了待评估网络的安全性和可靠性。In the network security situation assessment method, device, electronic device, and storage medium provided by the present application, the first period is used as the current first target period, and the first process is performed to obtain the risk level of the network to be evaluated under the first period; wherein, The first process includes: obtaining the average value of the security threat index of the network to be evaluated under the first target time period and the security threat index of the network to be evaluated under the second target time period; according to the security threat index of the network to be evaluated under the first target time period and the second The average value of the security threat index of the network to be evaluated in the target time period is calculated to obtain the risk value of the network to be evaluated in the first target time period; if the risk value of the network to be evaluated in the first target time period is less than the first risk threshold, the first time period is determined The risk level of the network to be assessed is elementary; if the risk value of the network to be assessed in the first target period is greater than the first risk threshold and less than the second risk threshold, then it is determined that the risk level of the network to be assessed in the first period is intermediate; if If the risk value of the network to be evaluated in the first target time period is greater than the second risk threshold, it is determined that the risk level of the network to be evaluated in the first time period is high. In the scheme of this application, the first time period is taken as the current first target time period, and by performing the first processing, the risk level of the network to be evaluated in the first time period is obtained, which realizes real-time and effective risk assessment of the network to be evaluated, and improves the The security and reliability of the network to be evaluated.

附图说明Description of drawings

此处的附图被并入说明书中并构成本说明书的一部分，示出了符合本申请的实施例，并与说明书一起用于解释本申请的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description serve to explain the principles of the application.

图1为本申请实施例一提供的一种网络安全态势评估方法的流程示意图；FIG. 1 is a schematic flowchart of a network security situation assessment method provided in Embodiment 1 of the present application;

图2为本申请实施例二提供的一种网络安全态势评估方法的流程示意图；FIG. 2 is a schematic flowchart of a network security situation assessment method provided in Embodiment 2 of the present application;

图3为本申请实施例三提供的一种网络安全态势评估装置的结构示意图；FIG. 3 is a schematic structural diagram of a network security situation assessment device provided in Embodiment 3 of the present application;

图4为本申请实施例四提供的电子设备的结构示意图。FIG. 4 is a schematic structural diagram of an electronic device provided in Embodiment 4 of the present application.

通过上述附图，已示出本申请明确的实施例，后文中将有更详细的描述。这些附图和文字描述并不是为了通过任何方式限制本申请构思的范围，而是通过参考特定实施例为本领域技术人员说明本申请的概念。By means of the above drawings, specific embodiments of the present application have been shown, which will be described in more detail hereinafter. These drawings and text descriptions are not intended to limit the scope of the concept of the application in any way, but to illustrate the concept of the application for those skilled in the art by referring to specific embodiments.

具体实施方式Detailed ways

这里将详细地对示例性实施例进行说明，其示例表示在附图中。下面的描述涉及附图时，除非另有表示，不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反，它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present application as recited in the appended claims.

需要说明的是，本申请中对于术语的简要说明，仅是为了方便理解接下来描述的实施方式，而不是意图限定本申请的实施方式。除非另有说明，这些术语应当按照其普通和通常的含义理解。It should be noted that the brief description of the terms in this application is only for the convenience of understanding the implementations described below, and is not intended to limit the implementations of this application. These terms are to be understood according to their ordinary and usual meaning unless otherwise stated.

本申请中说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似或同类的对象或实体，而不必然意味着限定特定的顺序或先后次序，除非另外注明(Unless otherwise indicated)。应该理解这样使用的用语在适当情况下可以互换，例如能够根据本申请实施例图示或描述中给出那些以外的顺序实施。The terms "first" and "second" in the description and claims of this application and the above drawings are used to distinguish similar or similar objects or entities, and do not necessarily mean limiting a specific order or sequence. Unless otherwise indicated. It should be understood that the terms used in this way can be interchanged under appropriate circumstances, for example, they can be implemented in a sequence other than those shown in the illustrations or descriptions of the embodiments of the present application.

此外，术语“包括”和“具有”以及他们的任何变形，意图在于覆盖但不排他的包含，例如，包含了一系列组件的产品或设备不必限于清楚地列出的那些组件，而是可包括没有清楚地列出的或对于这些产品或设备固有的其它组件。本申请中使用的术语“模块”，是指任何已知或后来开发的硬件、软件、固件、人工智能、模糊逻辑或硬件或/和软件代码的组合，能够执行与该元件相关的功能。Furthermore, the terms "comprising" and "having" and any variations thereof, are intended to cover but not exclusively include, for example, a product or device comprising a series of components need not be limited to those components explicitly listed, but may include other components not expressly listed or inherent in these products or equipment. The term "module" as used in this application refers to any known or later developed hardware, software, firmware, artificial intelligence, fuzzy logic or combination of hardware and/or software codes capable of performing the functions associated with the element.

本申请各实施例中使用的术语“态势感知(Situational Awareness，简称SA)”，是指对一定时间和空间内的环境元素进行感知，并对感知到的元素的含义进行分析，最终预测这些元素在未来的发展状态。The term "Situational Awareness (SA)" used in the various embodiments of the present application refers to the perception of environmental elements within a certain time and space, and the analysis of the meaning of the perceived elements, and finally predicting the meaning of these elements state of development in the future.

本申请各实施例中使用的术语“网络安全态势感知(Cyberspace SituationAwareness，简称CSA)”是指将应用态势感知的相关技术对网络安全的领域，旨在大规模网络环境中对能够引起网络态势发生变化的安全要素进行获取、理解、显示以及最近发展趋势的顺延性预测，进而进行决策与行动。网络安全态势分为网络安全态势评估和网络安全态势预测两个重要步骤。The term "Cyberspace Situation Awareness (CSA)" used in each embodiment of the present application refers to the field of applying situation awareness related technologies to network security, aiming at the large-scale network environment that can cause network situations to occur. The changing security elements are acquired, understood, displayed, and the extensional prediction of the latest development trend is carried out, and then decisions and actions are made. The network security situation is divided into two important steps: network security situation assessment and network security situation prediction.

实际应用中，网络安全态势评估是网络安全态势感知的核心步骤，基于准确的网络安全态势评估结果，可以为网络安全状态的预测提供依据。通过网络安全态势评估，可以尽早地发现网络中的安全威胁，对安全威胁的影响范围与严重程度进行充分评估可以帮助管理人员掌握当前网络的安全状况，以便在安全威胁发生之前，针对安全威胁采取遏制和阻止措施，使待评估网络免受攻击和破坏，使得到充分保护。因此，对待评估网络实时有效的风险评估，可以提高待评估网络的安全性和可靠性。In practical applications, network security situation assessment is the core step of network security situation awareness. Based on accurate network security situation assessment results, it can provide a basis for network security state prediction. Through network security situation assessment, security threats in the network can be discovered as early as possible, and a full assessment of the scope and severity of security threats can help managers grasp the current network security situation, so that they can take action against security threats before they occur. Containment and blocking measures, so that the network under assessment is fully protected from attacks and damage. Therefore, the real-time and effective risk assessment of the network to be evaluated can improve the security and reliability of the network to be evaluated.

本发明提供网络安全态势评估方法，将第一时段作为当前的第一目标时段，执行第一处理，得到第一时段下待评估网络的风险等级，实现了对待评估网络的实时有效的风险评估，提高了待评估网络的安全性和可靠性。The present invention provides a network security situation assessment method, which uses the first time period as the current first target time period, executes the first process, obtains the risk level of the network to be evaluated in the first time period, and realizes real-time and effective risk assessment of the network to be evaluated. The security and reliability of the network to be evaluated are improved.

下面以具体的实施例对本申请的技术方案以及本申请的技术方案进行详细说明。下面这几个具体的实施例可以相互结合，对于相同或相似的概念或过程可能在某些实施例中不再赘述。在本申请的描述中，除非另有明确的规定和限定，各术语应在本领域内做广义理解。下面将结合附图，对本申请的实施例进行描述。The technical solutions of the present application and the technical solutions of the present application will be described in detail below with specific embodiments. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments. In the description of the present application, unless otherwise clearly specified and limited, each term should be interpreted in a broad sense within the field. Embodiments of the present application will be described below in conjunction with the accompanying drawings.

实施例一Embodiment one

图1为本申请实施例一提供的一种网络安全态势评估方法的流程示意图，本实施例的执行主体可以是网络安全态势评估装置，如图1所示，该方法包括：Figure 1 is a schematic flowchart of a network security situation assessment method provided in Embodiment 1 of the present application. The execution subject of this embodiment may be a network security situation assessment device, as shown in Figure 1 , the method includes:

S101、将第一时段作为当前的第一目标时段，获取第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值。S101. Using the first time period as the current first target time period, obtain the average value of the security threat index of the network to be evaluated in the first target time period and the security threat index of the network to be evaluated in the second target time period.

其中，第一目标时段属于第二目标时段且第一目标时段和第二目标时段的结束时刻相同。本实施例中，待评估网络的安全威胁指数用于表示待评估网络受到安全威胁的程度，安全威胁指数越大说明待评估网络受到的安全威胁越严重。Wherein, the first target time period belongs to the second target time period, and the end time of the first target time period and the second target time period are the same. In this embodiment, the security threat index of the network to be evaluated is used to indicate the degree of security threats to the network to be evaluated, and a larger security threat index indicates a more serious security threat to the network to be evaluated.

S102、根据第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值，计算获得第一目标时段下待评估网络的风险值；S102. According to the average value of the security threat index of the network to be evaluated in the first target time period and the security threat index of the network to be evaluated in the second target time period, calculate and obtain the risk value of the network to be evaluated in the first target time period;

关于第一目标时段下待评估网络风险值的计算方法，在一种可能的实施方式中，S102包括：Regarding the calculation method of the network risk value to be assessed under the first target period, in a possible implementation manner, S102 includes:

对第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值，进行相关性计算，获得第一目标时段下待评估网络的风险值。Perform correlation calculation on the average value of the security threat index of the network to be evaluated under the first target time period and the security threat index of the network to be evaluated under the second target time period, and obtain the risk value of the network to be evaluated under the first target time period.

示例性的，第一目标时段下待评估网络的安全威胁指数表示为X(t)，第二目标时段下待评估网络的安全威胁指数的均值表示为

第一目标时段下待评估网络的风险值表示为X_p。可选的，设置相关系数λ，满足0＜λ＜1，对第一目标时段下待评估网络的安全威胁指数X(t)和第二目标时段下待评估网络的安全威胁指数的均值

进行相关性计算，获得第一目标时段下待评估网络的风险值表达式为

Exemplarily, the security threat index of the network to be evaluated under the first target period is expressed as X(t), and the mean value of the security threat index of the network to be assessed under the second target period is expressed as

The risk value of the network to be evaluated under the first target period is denoted as X_p . Optionally, the correlation coefficient λ is set to satisfy 0<λ<1, and the mean value of the security threat index X(t) of the network to be evaluated under the first target period and the security threat index of the network to be evaluated under the second target period

Carry out correlation calculation, and obtain the risk value expression of the network to be evaluated under the first target period as

本实施方式中，通过第一目标时段下的待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值，进行相关性计算，获得第一目标数段下待评估网络的风险值，有效提高了第一目标数段下待评估网络的风险值的准确性。In this embodiment, the average value of the security threat index of the network to be evaluated under the first target time period and the security threat index of the network to be evaluated under the second target time period is used for correlation calculation to obtain the network to be evaluated under the first target period The risk value of the network effectively improves the accuracy of the risk value of the network to be evaluated under the first target number segment.

S103、判断第一目标时段下待评估网络的风险值是否小于第一风险阈值；S103. Determine whether the risk value of the network to be evaluated under the first target time period is less than the first risk threshold;

S104、若第一目标时段下待评估网络的风险值小于第一风险阈值，则判定第一时段下待评估网络的风险等级为初级；S104. If the risk value of the network to be evaluated in the first target time period is less than the first risk threshold, determine that the risk level of the network to be evaluated in the first time period is primary;

S105、若第一目标时段下待评估网络的风险值不小于第一风险阈值，则判断第一目标时段下待评估网络的风险值是否小于第二风险阈值；S105. If the risk value of the network to be assessed in the first target period is not less than the first risk threshold, determine whether the risk value of the network to be assessed in the first target period is less than the second risk threshold;

S106、若第一目标时段下待评估网络的风险值小于第二风险阈值，则判定第一时段下待评估网络的风险等级为中级；S106. If the risk value of the network to be evaluated in the first target time period is less than the second risk threshold, determine that the risk level of the network to be evaluated in the first time period is medium;

S107、若第一目标时段下待评估网络的风险值不小于第二风险阈值，则判定第一时段下待评估网络的风险等级为高级。S107. If the risk value of the network to be evaluated in the first target time period is not less than the second risk threshold, determine that the risk level of the network to be evaluated in the first time period is high.

其中，第一风险阈值小于第二风险阈值，第一风险阈值和第二风险阈值为待评估网络风险等级的判定依据。实际应用中，第一风险阈值和第二风险阈值根据待评估网络的历史风险值和历史网络风险情况确定。可以理解，对于不同的待评估网络，第一风险阈值和第二风险阈值不同。Wherein, the first risk threshold is smaller than the second risk threshold, and the first risk threshold and the second risk threshold are basis for determining the risk level of the network to be evaluated. In practical applications, the first risk threshold and the second risk threshold are determined according to the historical risk value of the network to be evaluated and the historical network risk situation. It can be understood that, for different networks to be evaluated, the first risk threshold and the second risk threshold are different.

在一种可能的实施方式中，该方法还包括：In a possible implementation manner, the method also includes:

根据待评估网络的风险等级，生成与风险等级对应的第一预警信号；其中，不同风险等级对应的预警信号的类型的数量不同，且风险等级越高预警信号的类型的数量越多；According to the risk level of the network to be evaluated, a first early warning signal corresponding to the risk level is generated; wherein, the number of types of early warning signals corresponding to different risk levels is different, and the higher the risk level, the greater the number of types of early warning signals;

向用户推送第一预警信号；其中，预警信号的类型包括声光信号、短信、邮件以及语音信号。Pushing the first warning signal to the user; wherein, the types of the warning signal include sound and light signals, short messages, emails and voice signals.

实际应用中，待评估网络的风险等级分为初级、中级以及高级；对应的，预警信号包括初级预警信号、中级预警信号以及高级预警信号。可以理解，预警信号的级别与待评估网络的风险等级对应，举例来说，第一目标时段下待评估网络的风险等级为初级，则生成的第一预警信号为初级预警信号；第一目标时段下待评估网络的风险等级为中级，则生成的第一预警信号为中级预警信号；第一目标时段下待评估网络的风险等级为高级，则生成的第一预警信号为高级预警信号。In practical applications, the risk levels of the network to be evaluated are divided into primary, intermediate, and advanced; correspondingly, early warning signals include primary early warning signals, intermediate early warning signals, and advanced early warning signals. It can be understood that the level of the early warning signal corresponds to the risk level of the network to be assessed. For example, if the risk level of the network to be assessed in the first target period is elementary, the generated first early warning signal is a primary early warning signal; the first target period If the risk level of the network to be assessed is medium, the generated first early warning signal is a medium level early warning signal; if the risk level of the network to be assessed under the first target period is high level, the generated first early warning signal is an advanced early warning signal.

具体的，不同风险等级对应的预警信号的类型的数量不同，且风险等级越高预警信号的类型的数量越多。举例来说，初级预警信号包括声光信号；中级预警信号包括声光信号以及短信；高级预警信号包括声光信号、短信、邮件以及语音信号。Specifically, the number of types of early warning signals corresponding to different risk levels is different, and the higher the risk level, the greater the number of types of early warning signals. For example, primary warning signals include sound and light signals; intermediate warning signals include sound and light signals and text messages; advanced warning signals include sound and light signals, text messages, emails and voice signals.

可选的，可以通过不同的预设路径发送不同等级的第一预警信号，举例来说，通过第一预设路径发送初级预警信号，通过第二预设路径发送中级预警信号，通过第三预设路径发送高级预警信号。对应的，不同的预设路径连接的报警器不同，报警器的类别与预警信号的类型对应。举例来说，第一预设路径连接声光报警器，第二预设路径连接声光报警器以及短信报警器，第二预设路径连接声光报警器、短信报警器、邮件报警器以及语音报警器。Optionally, different levels of first early warning signals can be sent through different preset paths. For example, a primary early warning signal is sent through a first preset path, an intermediate early warning signal is sent through a second Set up a route to send advanced warning signals. Correspondingly, the alarms connected to different preset paths are different, and the types of alarms correspond to the types of early warning signals. For example, the first preset path is connected to the sound and light alarm, the second preset path is connected to the sound and light alarm and the SMS alarm, and the second preset path is connected to the sound and light alarm, the SMS alarm, the mail alarm and the voice alarm. Alarm system.

本实施方式中，根据待评估网络的风险等级，生成与风险等级对应的第一预警信号，并向用户推送第一预警信号，实现了对待评估网络分级预警，风险等级越高预警信号的类型的数量越多，用户可以直观判断待评估网络的风险等级，以便于对安全威胁及时处理，提高了待评估网络的安全性和可靠性。In this embodiment, according to the risk level of the network to be evaluated, the first early warning signal corresponding to the risk level is generated, and the first early warning signal is pushed to the user, realizing the classification of the network to be evaluated and early warning, the higher the risk level, the type of early warning signal The larger the number, the user can intuitively judge the risk level of the network to be evaluated, so as to deal with security threats in a timely manner, and improve the security and reliability of the network to be evaluated.

在一种可能的实施方式中，向用户推送预警信号之后，还包括：In a possible implementation manner, after pushing the warning signal to the user, it further includes:

将第一时段之后的第二时段作为当前的第一目标时段，执行第一处理，得到第二时段下待评估网络的风险等级；Taking the second time period after the first time period as the current first target time period, performing the first process to obtain the risk level of the network to be evaluated under the second time period;

若第二时段下待评估网络的风险等级和第一时段下待评估网络的风险等级相同，则生成第二预警信号；第二预警信号对应的风险等级高于第一预警信号对应的风险等级；If the risk level of the network to be assessed in the second period is the same as the risk level of the network to be assessed in the first period, a second early warning signal is generated; the risk level corresponding to the second early warning signal is higher than the risk level corresponding to the first early warning signal;

向用户推送第二预警信号。Push the second warning signal to the user.

可以理解，第二时段下待评估网络的风险等级和第一时段下待评估网络的风险等级相同，表明待评估网络在第一时段下的安全威胁没有解除。实际应用中，第一预警信号对应的风险等级为初级或中级时，第二时段下待评估网络的风险等级和第一时段下待评估网络的风险等级相同，则生成高于第一预警信号对应的风险等级的第二预警信号。It can be understood that the risk level of the network to be assessed in the second period is the same as the risk level of the network to be assessed in the first period, indicating that the security threat of the network to be assessed in the first period has not been eliminated. In practical applications, when the risk level corresponding to the first early warning signal is primary or intermediate, and the risk level of the network to be evaluated in the second period is the same as the risk level of the network to be assessed in the first period, then a higher risk level than that corresponding to the first early warning signal is generated. The second warning signal of the level of risk.

可选的，第一预警信号对应的风险等级为高级时，第二时段下待评估网络的风险等级和第一时段下待评估网络的风险等级相同，则生成第三告警信号，用户接收到第三告警信号，停止待评估网络的使用。Optionally, when the risk level corresponding to the first early warning signal is high, and the risk level of the network to be evaluated in the second time period is the same as the risk level of the network to be evaluated in the first time period, a third warning signal is generated, and the user receives the first warning signal. Three warning signals, stop using the network to be evaluated.

本实施方式中，将第一时段之后的第二时段作为当前的第一目标时段，执行第一处理，得到第二时段下待评估网络的风险等级，并判断第二时段下待评估网络的风险等级和第一时段下待评估网络的风险等级是否相同，若相同则生成第二预警信号，用户接收到第二预警信号，可以及时获知待评估网络的安全威胁没有解除，以便用户及时对待评估网络的安全威胁进行处理。In this embodiment, the second time period after the first time period is taken as the current first target time period, and the first process is executed to obtain the risk level of the network to be evaluated in the second time period, and determine the risk of the network to be evaluated in the second time period Whether the level is the same as the risk level of the network to be evaluated under the first period, if they are the same, a second early warning signal will be generated. After receiving the second early warning signal, the user can know in time that the security threat of the network to be evaluated has not been eliminated, so that the user can timely treat the network to be evaluated address security threats.

本申请提供的网络安全态势评估方法中，获取第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值；根据第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值，计算获得第一目标时段下待评估网络的风险值；若第一目标时段下待评估网络的风险值小于第一风险阈值，则判定第一时段下待评估网络的风险等级为初级；若第一目标时段下待评估网络的风险值大于第一风险阈值且小于第二风险阈值，则判定第一时段下待评估网络的风险等级为中级；若第一目标时段下待评估网络的风险值大于第二风险阈值，则判定第一时段下待评估网络的风险等级为高级。本实施例中，将第一时段作为当前的第一目标时段，通过执行第一处理，得到了第一时段下待评估网络的风险等级，实现了对待评估网络的实时有效的风险评估，提高了待评估网络的安全性和可靠性。In the network security situation assessment method provided by this application, the average value of the security threat index of the network to be evaluated under the first target period and the security threat index of the network to be assessed under the second target period is obtained; The average value of the security threat index and the security threat index of the network to be evaluated under the second target time period is calculated to obtain the risk value of the network to be evaluated under the first target time period; if the risk value of the network to be evaluated under the first target time period is less than the first risk threshold , then it is determined that the risk level of the network to be evaluated in the first period is elementary; The risk level is medium; if the risk value of the network to be assessed in the first target period is greater than the second risk threshold, it is determined that the risk level of the network to be assessed in the first period is high. In this embodiment, the first time period is taken as the current first target time period, and the risk level of the network to be evaluated in the first time period is obtained by performing the first process, which realizes real-time and effective risk assessment of the network to be evaluated, and improves the The security and reliability of the network to be evaluated.

实施例二Embodiment two

图2为本申请实施例二提供的一种网络安全态势评估方法的流程示意图，如图1所示，S101包括：Fig. 2 is a schematic flowchart of a network security situation assessment method provided in Embodiment 2 of the present application. As shown in Fig. 1, S101 includes:

S201、分别将第一目标时段和第二目标时段作为目标时段，根据目标时段内待评估网络的历史安全事件，分析得到每个设备类型下单个设备在待评估网络中的安全威胁指数。S201. Taking the first target time period and the second target time period as target time periods, and according to the historical security events of the network to be evaluated within the target time period, analyze and obtain the security threat index of a single device of each device type in the network to be evaluated.

本实施例中，安全事件是指对待评估网络造成负面影响的事件。其中，历史安全事件数据包括目标时段内每个设备类型下的设备受攻击的严重程度、目标时段内每个设备类型下的设备受攻击的次数以及每个设备类型下单个设备在待评估网络中的权重。In this embodiment, a security event refers to an event that has a negative impact on the network to be evaluated. Among them, the historical security event data includes the severity of attacks on devices of each device type within the target period, the number of attacks on devices of each device type within the target period, and the number of attacks on a single device of each device type in the network to be evaluated. the weight of.

实际应用中，通过获取网络安全数据，并分析网络安全数据获得安全事件。关于安全事件的获取过程，在一种可能的实施方式中，S201之前，还包括：In practical applications, security events are obtained by acquiring network security data and analyzing the network security data. Regarding the obtaining process of security events, in a possible implementation manner, before S201, it also includes:

基于态势感知请求调取待评估网络的第一网络安全数据；Retrieving the first network security data of the network to be assessed based on the situational awareness request;

对第一网络安全数据进行预处理和格式化处理，得到第二网络安全数据；Preprocessing and formatting the first network security data to obtain the second network security data;

应用数据分析模型，分析第二网络安全数据，获取第二网络安全数据对应时段内的安全事件。The data analysis model is applied to analyze the second network security data, and the security events within the time period corresponding to the second network security data are obtained.

其中，态势感知请求包括身份验证信息和待评估网络信息；身份验证信息用于验证态势感知请求，身份验证通过，可以调取网络安全数据；待评估网络信息表征待评估网络，待评估网络信息包括态势感知时间、待评估网络标识。Among them, the situational awareness request includes identity verification information and network information to be evaluated; the identity verification information is used to verify the situational awareness request, and if the identity verification is passed, network security data can be retrieved; the network information to be evaluated represents the network to be evaluated, and the network information to be evaluated includes Situational awareness time, network identification to be evaluated.

其中，网络安全数据包括网络结构数据、网络服务数据、漏洞数据、脆弱性数据、威胁与入侵数据、用户异常行为数据等。可选的，待评估网络部署多种类型的传感器，不同类型的传感器对应不同类型的网络安全数据，网络安全数据由分布式采集系统获取。Among them, network security data includes network structure data, network service data, vulnerability data, vulnerability data, threat and intrusion data, abnormal user behavior data, etc. Optionally, multiple types of sensors are deployed on the network to be evaluated, and different types of sensors correspond to different types of network security data, and the network security data is acquired by a distributed collection system.

实际应用中，预处理包括数据过滤和数据填补，通过数据过滤可以删除第一网络安全数据中的重复数据和无用数据，通过数据填补可以对第一网络安全数据中的有损数据进行填补。将第一网络安全数据进行预处理后，通过格式化处理，得到统一格式的第二网络安全数据。示例性的，数据过滤方法可以是分组过滤、关键词过滤等；数据填补方法可以是均值插补、同类均值插补、极大似然估计、多重插补中的一个或多个缺失值填补方法。In practical applications, the preprocessing includes data filtering and data padding. Data filtering can delete duplicate data and useless data in the first network security data, and data padding can fill in lossy data in the first network security data. After the first network security data is preprocessed, the second network security data in a unified format is obtained through formatting. Exemplarily, the data filtering method can be group filtering, keyword filtering, etc.; the data filling method can be one or more missing value filling methods in mean value imputation, similar mean value imputation, maximum likelihood estimation, and multiple imputation .

可选的，将第二网络安全数据按照数据类型存储于分布式文件系统，以便为后续网络安全态势评估。Optionally, the second network security data is stored in the distributed file system according to the data type, so as to evaluate the subsequent network security situation.

示例性的，数据分析模型为数值统计模型、算法挖掘模型、人工智能模型等。具体的，应用数据分析模型，分析第二网络安全数据，获取第二网络安全数据对应时段的安全事件。举例来说，建立数值统计模型，分析第二网络安全数据，获取第二网络安全数据对应时间的安全事件。Exemplarily, the data analysis model is a numerical statistical model, an algorithm mining model, an artificial intelligence model, and the like. Specifically, the data analysis model is applied to analyze the second network security data, and the security events of the time period corresponding to the second network security data are acquired. For example, a numerical statistical model is established, the second network security data is analyzed, and the security events corresponding to the time of the second network security data are acquired.

在一种可能的实施方式中，S201具体包括：In a possible implementation manner, S201 specifically includes:

针对每个设备类型，通过计算目标时段内设备类型下的设备受攻击的严重程度、目标时段内设备类型下的设备受攻击的次数以及设备类型下的单个设备在待评估网络中的权重的乘积结果，得到设备类型下单个设备在待评估网络中的安全威胁指数。For each device type, by calculating the severity of attacks on devices under the device type within the target period, the number of attacks on devices under the device type within the target period, and the product of the weight of a single device under the device type in the network to be evaluated As a result, the security threat index of a single device in the network to be evaluated under the device type is obtained.

示例性的，设备受攻击的严重程度可以用设备受到攻击的等级来表示，攻击的等级越高，设备受攻击的程度越严重。举例来说，将设备受到攻击的等级分为重大、较大、一般。重大攻击可能造成设备瘫痪或信息丢失，较大攻击可能造成设备的无法连接网络，一般攻击可能造成设备的运行速率变慢。Exemplarily, the attack severity of the device may be expressed by the attack level of the device, and the higher the attack level is, the more serious the attack degree of the device is. For example, the level of attack on the device is divided into major, major, and general. A major attack may cause the device to be paralyzed or information lost, a large attack may cause the device to fail to connect to the network, and a general attack may cause the device to slow down.

实际应用中，设备类型下的设备受攻击的严重程度，是指该设备类型的所有设备受到攻击的严重程度。可选的，设备类型下的设备受攻击的严重程度，可以用该设备类型下的每个设备受攻击的严重程度的加权和表示。示例性的，目标时段内i设备类型下的设备受到攻击的严重程度可以用N(t)表示。In practical applications, the attack severity of a device under a device type refers to the attack severity of all devices of this device type. Optionally, the attack severity of the devices under the device type may be represented by the weighted sum of the attack severity of each device under the device type. Exemplarily, the attack severity of devices of device type i within the target period may be expressed by N(t).

其中，目标时段内设备类型下的设备受攻击的次数，是指该设备类型的所有设备受到攻击的次数。示例性的，目标时段内i设备类型下的设备受攻击的次数可以用d(t)表示。Wherein, the number of attacks on devices under the device type within the target time period refers to the number of times all devices of the device type are attacked. Exemplarily, the number of attacks on devices of device type i within the target period can be represented by d(t).

具体的，针对每个设备类型，通过计算目标时段内设备类型下的设备受攻击的严重程度、目标时段内设备类型下的设备受攻击的次数以及设备类型下的单个设备在待评估网络中的权重的乘积结果，得到设备类型下单个设备在待评估网络中的安全威胁指数。结合上述示例，举例来说，i设备类型单个设备在待评估网络中的安全威胁指数V_i的计算表达式为：Specifically, for each device type, by calculating the severity of the attack on the device under the device type within the target period, the number of attacks on the device under the device type within the target period, and the number of times a single device under the device type in the network to be evaluated The result of the product of the weights is to obtain the security threat index of a single device in the network to be evaluated under the device type. In combination with the above example, for example, the calculation expression of the security threat index V_i of a single device of type i in the network to be evaluated is:

V_i＝k·N(t)d(t)n_iV_i =k·N(t)d(t)n_i

其中，k为常数，N(t)为目标时段内i设备类型下设备受攻击的严重程度，d(t)为目标时段内i设备类型下设备受攻击的次数，n_i为i设备类型下单个设备在待评估网络中的权重。Among them, k is a constant, N(t) is the attack severity of devices under i device type in the target time period, d(t) is the number of attacks on devices under i device type within the target time period, and n_i is the attack severity of devices under i device type The weight of a single device in the network to be evaluated.

关于单个设备在待评估网络中的权重计算方式，在一种可能的实施方式中，该方法还包括：Regarding the weight calculation method of a single device in the network to be evaluated, in a possible implementation manner, the method further includes:

根据预定的网络层关系，确定待评估网络的网络类型；Determine the network type of the network to be evaluated according to the predetermined network layer relationship;

分别计算待评估网络的网络类型对应的权重和每个设备类型的权重的乘积结果，获得每个设备类型下单个设备在待评估网络中的权重。Calculate the product result of the weight corresponding to the network type of the network to be evaluated and the weight of each device type respectively, and obtain the weight of a single device in the network to be evaluated under each device type.

其中，待评估网络的网络类型是指待评估网络的网络层类型。示例性的，网络层包括系统层、主机层以及服务层。实际应用中，不同的待评估网络可以设置不同的网络层关系，根据预定的网络层关系，可以确定待评估网络的网络层类型。对应的，待评估网络的网络类型对应的权重为待评估网络的网络层类型对应的权重。可选的，根据不同网络层类型在待评估网络中的重要性，动态设置待评估网络中网络层类型对应的权重。Wherein, the network type of the network to be evaluated refers to the network layer type of the network to be evaluated. Exemplarily, the network layer includes a system layer, a host layer and a service layer. In practical applications, different network layer relationships can be set for different networks to be evaluated, and the network layer type of the network to be evaluated can be determined according to the predetermined network layer relationship. Correspondingly, the weight corresponding to the network type of the network to be evaluated is the weight corresponding to the network layer type of the network to be evaluated. Optionally, according to the importance of different network layer types in the network to be evaluated, the weight corresponding to the network layer type in the network to be evaluated is dynamically set.

其中，设备类型包括主机设备、网络设备、安全设备以及储存设备。可选的，可以根据不同设备类型的设备在待评估网络中的占比、重要性以及位置等，动态设置待评估网络中设备类型对应的权重。Wherein, the device type includes a host device, a network device, a security device, and a storage device. Optionally, weights corresponding to device types in the network to be evaluated may be dynamically set according to the proportion, importance, and location of devices of different device types in the network to be evaluated.

可以理解的是，对于单个设备在待评估网络中的权重，为单个设备对应的网络层类型的权重，与单个设备对应设备类型的权重的乘积。It can be understood that the weight of a single device in the network to be evaluated is the product of the weight of the network layer type corresponding to the single device and the weight of the device type corresponding to the single device.

本实施方式中，将单个设备对应的网络层类型的权重与单个设备对应设备类型的权重的乘积，作为单个设备在待评估网络中的权重，考虑了网络层关系和设备类型，提高了单个设备在待评估网络中的权重的准确性。In this embodiment, the product of the weight of the network layer type corresponding to a single device and the weight of the device type corresponding to a single device is used as the weight of a single device in the network to be evaluated, taking into account the network layer relationship and device type, and improving the performance of a single device. The accuracy of the weights in the network to be evaluated.

S202、根据每个设备类型下单个设备在待评估网络中的安全威胁指数，计算得到目标时段内待评估网络的安全威胁指数。S202. According to the security threat index of a single device of each device type in the network to be evaluated, calculate the security threat index of the network to be evaluated within the target time period.

实际应用中，待评估网络对应多个设备类型，每个设备类型对应多个设备。In practical applications, the network to be evaluated corresponds to multiple device types, and each device type corresponds to multiple devices.

在一种可能的实施方式中，S202具体包括：In a possible implementation manner, S202 specifically includes:

计算每个设备类型下单个设备在待评估网络中的安全威胁指数与该设备类型下的设备数量的乘积，得到待评估网络下每个设备类型的安全威胁指数；Calculate the product of the security threat index of a single device in the network to be evaluated under each device type and the number of devices under the device type to obtain the security threat index of each device type in the network to be evaluated;

对待评估网络下所有设备类型的安全威胁指数进行求和计算，得到目标时段内待评估网络的安全威胁指数。The security threat index of all device types under the network to be evaluated is summed to obtain the security threat index of the network to be evaluated within the target period.

示例性的，i设备类型对应的设备数量可以表示为m_i，i设备类型单个设备在待评估网络中的安全威胁指数为V_i，则待评估网络下i设备类型的安全威胁指数可以表示为V_im_i。Exemplarily, the number of devices corresponding to device type i can be expressed as m_i , and the security threat index of a single device of device type i in the network to be evaluated is V_i , then the security threat index of device type i in the network to be evaluated can be expressed as V_i m_i .

具体的，对待评估网络下所有设备类型的安全威胁指数进行求和计算，得到目标时段内待评估网络的安全威胁指数。结合上述示例，待评估网络对应设备类型的数量为n，目标时段内待评估网络的安全威胁指数可以表示为：Specifically, the security threat indices of all types of devices under the network to be assessed are summed to obtain the security threat index of the network to be assessed within the target time period. Combined with the above example, the number of equipment types corresponding to the network to be evaluated is n, and the security threat index of the network to be evaluated within the target period can be expressed as:

S203、根据第二目标时段下待评估网络的安全威胁指数和第二目标时段的时长，计算得到第二目标时段下待评估网络的安全威胁指数的均值。S203. According to the security threat index of the network to be evaluated in the second target time period and the duration of the second target time period, calculate an average value of the security threat index of the network to be evaluated in the second target time period.

示例性的，可以通过第二目标时段下待评估网络的安全威胁指数和第二目标时段的时长的比，来表示第二目标时段下待评估网络的安全威胁指数的均值。Exemplarily, the average value of the security threat index of the network to be evaluated in the second target period may be represented by a ratio of the security threat index of the network to be assessed in the second target period to the duration of the second target period.

本申请提供的网络安全态势评估方法中，分别将第一目标时段和第二目标时段作为目标时段，根据目标时段内待评估网络的历史安全事件，分析得到每个设备类型下单个设备在待评估网络中的安全威胁指数；根据每个设备类型下单个设备在待评估网络中的安全威胁指数，计算得到目标时段内待评估网络的安全威胁指数；根据第二目标时段下待评估网络的安全威胁指数和第二目标时段的时长，计算得到第二目标时段下待评估网络的安全威胁指数的均值。本实施例中，根据每个设备类型下单个设备在待评估网络中的安全威胁指数，计算得到目标时段内待评估网络的安全威胁指数，实现了对待评估网络的全面评估，有效提高了待评估网络的安全性和可靠性。In the network security situation assessment method provided by this application, the first target time period and the second target time period are respectively used as the target time period, and according to the historical security events of the network to be evaluated within the target time period, it is analyzed that the status of a single device under each device type is under evaluation. The security threat index in the network; according to the security threat index of a single device in the network to be evaluated under each device type, the security threat index of the network to be evaluated in the target period is calculated; according to the security threat of the network to be evaluated in the second target period The index and the duration of the second target time period are calculated to obtain the average value of the security threat index of the network to be evaluated under the second target time period. In this embodiment, according to the security threat index of a single device in the network to be evaluated under each device type, the security threat index of the network to be evaluated within the target period is calculated, which realizes a comprehensive evaluation of the network to be evaluated and effectively improves the Network security and reliability.

实施例三Embodiment Three

图3为本申请实施例三提供的一种网络安全态势评估装置的结构示意图，如图3所示，该装置包括：指示模块31以及处理模块32；FIG. 3 is a schematic structural diagram of a network security situation assessment device provided in Embodiment 3 of the present application. As shown in FIG. 3 , the device includes: anindication module 31 and aprocessing module 32;

指示模块31用于将第一时段作为当前的第一目标时段，指示处理模块32执行第一处理，得到第一时段下待评估网络的风险等级；处理模块32包括：Theinstruction module 31 is used to use the first time period as the current first target time period, and instruct theprocessing module 32 to execute the first processing to obtain the risk level of the network to be evaluated under the first time period; theprocessing module 32 includes:

获取单元321，用于获取第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值。The obtainingunit 321 is configured to obtain an average value of the security threat index of the network to be evaluated in the first target period and the security threat index of the network to be evaluated in the second target period.

计算单元322，用于根据第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值，计算获得第一目标时段下待评估网络的风险值。The calculation unit 322 is configured to calculate and obtain the risk value of the network to be assessed in the first target period according to the average value of the security threat index of the network to be assessed in the first target period and the security threat index of the network to be assessed in the second target period.

判定单元323，用于若第一目标时段下待评估网络的风险值小于第一风险阈值，则判定第一时段下待评估网络的风险等级为初级；若第一目标时段下待评估网络的风险值大于第一风险阈值且小于第二风险阈值，则判定第一时段下待评估网络的风险等级为中级；若一目标时段下待评估网络的风险值大于第二风险阈值，则判定第一时段下待评估网络的风险等级为高级。The determiningunit 323 is configured to determine that the risk level of the network to be assessed under the first target period is primary if the risk value of the network to be assessed under the first target period is less than the first risk threshold; if the risk level of the network to be assessed under the first target period is If the value is greater than the first risk threshold and less than the second risk threshold, it is determined that the risk level of the network to be evaluated in the first period is medium; if the risk value of the network to be assessed in a target period is greater than the second risk threshold, then the first period is determined The risk level of the network to be assessed is high.

在一种可能的实施方式中，获取单元321具体用于：分别将第一目标时段和第二目标时段作为目标时段，根据目标时段内待评估网络的历史安全事件，分析得到每个设备类型下单个设备在待评估网络中的安全威胁指数；根据第二目标时段下待评估网络的安全威胁指数和第二目标时段的时长，计算得到第二目标时段下待评估网络的安全威胁指数的均值；In a possible implementation manner, the obtainingunit 321 is specifically configured to: take the first target time period and the second target time period as the target time period respectively, and analyze and obtain the following information of each device type according to the historical security events of the network to be evaluated within the target time period. The security threat index of a single device in the network to be evaluated; according to the security threat index of the network to be evaluated under the second target period and the duration of the second target period, the mean value of the security threat index of the network to be evaluated under the second target period is calculated;

其中，预定处理包括：根据目标时段内待评估网络的历史安全事件，分析得到每个设备类型下单个设备在待评估网络中的安全威胁指数，历史安全事件数据包括每个设备类型下的设备受攻击的严重程度、每个设备类型下的设备受攻击的次数以及每个设备类型下单个设备在待评估网络中的权重；根据每个设备类型下单个设备在待评估网络中的安全威胁指数，计算得到目标时段内待评估网络的安全威胁指数。Among them, the scheduled processing includes: according to the historical security events of the network to be evaluated within the target period, analyze and obtain the security threat index of a single device under each device type in the network to be evaluated. The historical security event data includes the The severity of the attack, the number of times a device under each device type is attacked, and the weight of a single device under each device type in the network to be evaluated; according to the security threat index of a single device under each device type in the network to be evaluated, Calculate the security threat index of the network to be evaluated within the target period.

本实施例中，根据每个设备类型下单个设备在待评估网络中的安全威胁指数，计算得到目标时段内待评估网络的安全威胁指数，实现了对待评估网络的全面评估，有效提高了待评估网络的安全性和可靠性。In this embodiment, according to the security threat index of a single device in the network to be evaluated under each device type, the security threat index of the network to be evaluated within the target period is calculated, which realizes a comprehensive evaluation of the network to be evaluated and effectively improves the Network security and reliability.

在一种可能的实施方式中，该装置还包括：调取模块，用于基于态势感知请求调取待评估网络的第一网络安全数据；预处理模块，用于对第一网络安全数据进行预处理和格式化处理，得到第二网络安全数据；分析模块，用于应用数据分析模型，分析第二网络安全数据，获取第二网络安全数据对应时段内的安全事件。In a possible implementation manner, the device further includes: a retrieval module, configured to retrieve the first network security data of the network to be evaluated based on a situation awareness request; a preprocessing module, configured to preprocess the first network security data processing and formatting to obtain the second network security data; the analysis module is used to apply the data analysis model, analyze the second network security data, and obtain security events within the corresponding time period of the second network security data.

实际应用中，预处理包括数据过滤和数据填补，通过数据过滤可以删除第一网络安全数据中的重复数据和无用数据，通过数据填补可以对第一网络安全数据中的有损数据进行填补。将第一网络安全数据进行预处理后，通过格式化处理，得到统一格式的第二网络安全数据。In practical applications, the preprocessing includes data filtering and data padding. Data filtering can delete duplicate data and useless data in the first network security data, and data padding can fill in lossy data in the first network security data. After the first network security data is preprocessed, the second network security data in a unified format is obtained through formatting.

在一种可能的实施方式中，获取单元321用于根据目标时段内待评估网络的历史安全事件，分析得到每个设备类型下单个设备在待评估网络中的安全威胁指数时，具体用于：针对每个设备类型，通过计算目标时段内设备类型下的设备受攻击的严重程度、目标时段内设备类型下的设备受攻击的次数以及设备类型下的单个设备在待评估网络中的权重的乘积结果，得到设备类型下单个设备在待评估网络中的安全威胁指数。In a possible implementation manner, theacquisition unit 321 is configured to analyze and obtain the security threat index of a single device of each device type in the network to be evaluated according to the historical security events of the network to be evaluated within the target period, specifically for: For each device type, by calculating the severity of attacks on devices under the device type within the target period, the number of attacks on devices under the device type within the target period, and the product of the weight of a single device under the device type in the network to be evaluated As a result, the security threat index of a single device in the network to be evaluated under the device type is obtained.

实际应用中，设备类型下的设备受攻击的严重程度，是指该设备类型的所有设备受到攻击的严重程度。其中，目标时段内设备类型下的设备受攻击的次数，是指该设备类型的所有设备受到攻击的次数。In practical applications, the attack severity of a device under a device type refers to the attack severity of all devices of this device type. Wherein, the number of attacks on devices under the device type within the target time period refers to the number of times all devices of the device type are attacked.

在一种可能的实施方式中，该装置还包括：确定模块，用于根据预定的网络层关系，确定待评估网络的网络类型；计算模块，用于分别计算待评估网络的网络类型对应的权重和每个设备类型的权重的乘积结果，获得每个设备类型下单个设备在待评估网络中的权重。In a possible implementation manner, the device further includes: a determination module, configured to determine the network type of the network to be evaluated according to a predetermined network layer relationship; a calculation module, configured to respectively calculate the weight corresponding to the network type of the network to be evaluated and the weight of each device type to obtain the weight of a single device in the network to be evaluated under each device type.

本实施方式中，将单个设备对应的网络层类型的权重与单个设备对应设备类型的权重的乘积，作为单个设备在待评估网络中的权重，考虑了网络层关系和设备类型，提高了单个设备在待评估网络中的权重的准确性。根据每个设备类型下单个设备在待评估网络中的安全威胁指数，计算得到目标时段内待评估网络的安全威胁指数。In this embodiment, the product of the weight of the network layer type corresponding to a single device and the weight of the device type corresponding to a single device is used as the weight of a single device in the network to be evaluated, taking into account the network layer relationship and device type, and improving the performance of a single device. The accuracy of the weights in the network to be evaluated. According to the security threat index of a single device in the network to be evaluated under each device type, the security threat index of the network to be evaluated within the target period is calculated.

在一种可能的实施方式中，获取单元321用于根据每个设备类型下单个设备在待评估网络中的安全威胁指数，计算得到目标时段内待评估网络的安全威胁指数时，具体用于：In a possible implementation manner, the obtainingunit 321 is configured to calculate the security threat index of the network to be evaluated within the target period according to the security threat index of a single device in the network to be evaluated under each device type, specifically for:

关于第一目标时段下待评估网络风险值的计算方法，在一种可能的实施方式中，计算单元322，具体用于：Regarding the calculation method of the network risk value to be assessed under the first target period, in a possible implementation manner, the calculation unit 322 is specifically used to:

在一种可能的实施方式中，该装置还包括：预警生成模块，用于根据待评估网络的风险等级，生成与风险等级对应的第一预警信号；其中，不同风险等级对应的预警信号的类型的数量不同，且风险等级越高预警信号的类型的数量越多；推送模块，用于向用户推送第一预警信号；其中，预警信号的类型包括声光信号、短信、邮件以及语音信号。In a possible implementation manner, the device further includes: an early warning generation module, configured to generate a first early warning signal corresponding to the risk level according to the risk level of the network to be evaluated; wherein, the types of early warning signals corresponding to different risk levels The number is different, and the higher the risk level, the more the types of early warning signals; the push module is used to push the first early warning signal to the user; wherein, the types of early warning signals include sound and light signals, short messages, emails and voice signals.

实际应用中，待评估网络的风险等级分为初级、中级以及高级；对应的，预警信号包括初级预警信号、中级预警信号以及高级预警信号。可以理解，预警信号的级别与待评估网络的风险等级对应。In practical applications, the risk levels of the network to be evaluated are divided into primary, intermediate, and advanced; correspondingly, early warning signals include primary early warning signals, intermediate early warning signals, and advanced early warning signals. It can be understood that the level of the early warning signal corresponds to the risk level of the network to be assessed.

可选的，可以通过不同的预设路径发送不同等级的第一预警信号。对应的，不同的预设路径连接的报警器不同，报警器的类别与预警信号的类型对应。Optionally, different levels of first warning signals may be sent through different preset paths. Correspondingly, the alarms connected to different preset paths are different, and the types of alarms correspond to the types of early warning signals.

本实施方式中，预警生成模块根据待评估网络的风险等级，生成与风险等级对应的第一预警信号；推送模块向用户推送第一预警信号，实现了对待评估网络分级预警，风险等级越高预警信号的类型的数量越多，用户可以直观判断待评估网络的风险等级，以便于对安全威胁及时处理，提高了待评估网络的安全性和可靠性。In this embodiment, the early warning generation module generates the first early warning signal corresponding to the risk level according to the risk level of the network to be evaluated; the push module pushes the first early warning signal to the user, realizing the hierarchical early warning of the network to be evaluated. The greater the number of signal types, the user can intuitively judge the risk level of the network to be evaluated, so as to deal with security threats in time, and improve the security and reliability of the network to be evaluated.

在一种可能的实施方式中，指示模块31，还用于将第一时段之后的第二时段作为当前的第一目标时段，指示处理模块执行第一处理，得到第二时段下待评估网络的风险等级；预警生成模块，还用于若第二时段下待评估网络的风险等级和第一时段下待评估网络的风险等级相同，则生成第二预警信号；第二预警信号对应的风险等级高于第一预警信号对应的风险等级；推送模块，还用于向用户推送第二预警信号。In a possible implementation manner, the instructingmodule 31 is further configured to use the second time period after the first time period as the current first target time period, and instruct the processing module to perform the first processing to obtain the network to be evaluated under the second time period Risk level; the early warning generation module is also used to generate a second early warning signal if the risk level of the network to be assessed under the second period is the same as the risk level of the network to be assessed under the first period; the risk level corresponding to the second early warning signal is high The risk level corresponding to the first early warning signal; the push module is also used to push the second early warning signal to the user.

本实施方式中，指示模块将第一时段之后的第二时段作为当前的第一目标时段，执行第一处理，得到第二时段下待评估网络的风险等级；并判断第二时段下待评估网络的风险等级和第一时段下待评估网络的风险等级是否相同，若相同预警生成模块生成第二预警信号，用户接收到第二预警信号，可以及时获知待评估网络的安全威胁没有解除，以便用户及时对待评估网络的安全威胁进行处理。In this embodiment, the instruction module takes the second time period after the first time period as the current first target time period, executes the first process, obtains the risk level of the network to be evaluated in the second time period; and judges the network to be evaluated in the second time period Whether the risk level of the network to be evaluated is the same as the risk level of the network to be evaluated in the first period, if the same warning generation module generates a second warning signal, the user can receive the second warning signal, and can know in time that the security threat of the network to be evaluated has not been resolved, so that the user Timely processing of security threats to the assessed network.

本申请提供的网络安全态势评估装置中，获取单元获取第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值；计算单元根据第一目标时段下待评估网络的安全威胁指数和第二目标时段下待评估网络的安全威胁指数的均值，计算获得第一目标时段下待评估网络的风险值；若第一目标时段下待评估网络的风险值小于第一风险阈值，则判定单元判定第一时段下待评估网络的风险等级为初级；若第一目标时段下待评估网络的风险值大于第一风险阈值且小于第二风险阈值，则判定单元判定第一时段下待评估网络的风险等级为中级；若第一目标时段下待评估网络的风险值大于第二风险阈值，则判定单元判定第一时段下待评估网络的风险等级为高级。本实施例中，指示模块将第一时段作为当前的第一目标时段，指示处理模块执行第一处理，得到第一时段下待评估网络的风险等级，实现了对待评估网络的实时有效的风险评估，提高了待评估网络的安全性和可靠性。In the network security situation assessment device provided by the present application, the acquiring unit acquires the mean value of the security threat index of the network to be evaluated under the first target period and the security threat index of the network to be assessed under the second target period; The average value of the security threat index of the network to be evaluated and the security threat index of the network to be evaluated under the second target time period is calculated to obtain the risk value of the network to be evaluated under the first target time period; if the risk value of the network to be evaluated under the first target time period is less than The first risk threshold, the judging unit judges that the risk level of the network to be evaluated under the first time period is elementary; The risk level of the network to be evaluated in the first time period is medium; if the risk value of the network to be evaluated in the first target time period is greater than the second risk threshold, the determining unit determines the risk level of the network to be evaluated in the first time period to be high. In this embodiment, the instruction module takes the first time period as the current first target time period, instructs the processing module to execute the first process, and obtains the risk level of the network to be evaluated under the first time period, realizing real-time and effective risk assessment of the network to be evaluated , which improves the security and reliability of the network to be evaluated.

实施例四Embodiment four

图4为本申请实施例四提供的电子设备的结构示意图，如图4所示，该电子设备包括：FIG. 4 is a schematic structural diagram of the electronic device provided in Embodiment 4 of the present application. As shown in FIG. 4, the electronic device includes:

处理器(processor)41，主控装置还包括了存储器(memory)42；还可以包括通信接口(Communication Interface)43和总线44。其中，处理器41、存储器42、通信接口43、可以通过总线44完成相互间的通信。通信接口43可以用于信息传输。处理器41可以调用存储器42中的逻辑指令，以执行上述实施例的方法。The processor (processor) 41, the main control device also includes a memory (memory) 42; it may also include a communication interface (Communication Interface) 43 and abus 44. Among them, theprocessor 41 , thememory 42 , and thecommunication interface 43 can communicate with each other through thebus 44 . Thecommunication interface 43 can be used for information transmission. Theprocessor 41 can invoke logic instructions in thememory 42 to execute the methods of the above-mentioned embodiments.

此外，上述的存储器42中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时，可以存储在一个计算机可读取存储介质中。In addition, the above-mentioned logic instructions in thememory 42 may be implemented in the form of software functional units and when sold or used as an independent product, may be stored in a computer-readable storage medium.

存储器42作为一种计算机可读存储介质，可用于存储软件程序、计算机可执行程序，如本申请实施例中的方法对应的程序指令/模块。处理器41通过运行存储在存储器42中的软件程序、指令以及模块，从而执行功能应用以及数据处理，即实现上述方法实施例中的方法。Thememory 42, as a computer-readable storage medium, can be used to store software programs and computer-executable programs, such as program instructions/modules corresponding to the methods in the embodiments of the present application. Theprocessor 41 executes functional applications and data processing by running software programs, instructions and modules stored in thememory 42, that is, implements the methods in the foregoing method embodiments.

存储器42可包括存储程序区和存储数据区，其中，存储程序区可存储操作系统、至少一个功能所需的应用程序；存储数据区可存储根据终端设备的使用所创建的数据等。此外，存储器42可以包括高速随机存取存储器，还可以包括非易失性存储器。Thememory 42 may include a program storage area and a data storage area, wherein the program storage area may store an operating system and at least one application required by a function; the data storage area may store data created according to the use of the terminal device, and the like. In addition, thememory 42 may include a high-speed random access memory, and may also include a non-volatile memory.

本申请实施例还提供一种计算机可读存储介质，计算机可读存储介质中存储有计算机执行指令，计算机执行指令被处理器执行时用于实现任一实施例中的方法。例如，计算机可读存储介质可以是ROM、随机存取存储器(RAM)、CD-ROM、磁带、软盘和光数据存储设备等。The embodiment of the present application also provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are used to implement the method in any embodiment when executed by a processor. For example, the computer readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, and optical data storage device, among others.

本领域技术人员在考虑说明书及实践这里公开的发明后，将容易想到本申请的其它实施方案。本申请旨在涵盖本申请的任何变型、用途或者适应性变化，这些变型、用途或者适应性变化遵循本申请的一般性原理并包括本申请未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的，本申请的真正范围和精神由下面的权利要求书指出。Other embodiments of the present application will be readily apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any modification, use or adaptation of the application, these modifications, uses or adaptations follow the general principles of the application and include common knowledge or conventional technical means in the technical field not disclosed in the application . The specification and examples are to be considered exemplary only, with a true scope and spirit of the application indicated by the following claims.

应当理解的是，本申请并不局限于上面已经描述并在附图中示出的精确结构，并且可以在不脱离其范围进行各种修改和改变。本申请的范围仅由所附的权利要求书来限制。It should be understood that the present application is not limited to the precise constructions which have been described above and shown in the accompanying drawings, and various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.