Risk assessment method and device

文档序号:7952 发布日期:2021-09-17 浏览:37次 中文

1. A method of risk assessment, comprising:

acquiring an independent risk value of each electronic device in a system where the electronic device to be evaluated is located;

obtaining a risk value of the system according to a weighted average of the independent risk values of each electronic device in the system;

and determining a risk value for performing risk assessment on the electronic equipment to be assessed according to the risk value of the system and the independent risk value of the electronic equipment to be assessed.

2. The method of claim 1, wherein obtaining an independent risk value for each electronic device in a system in which the electronic device to be evaluated is located comprises:

when the risk state of first electronic equipment in the system is monitored to change, calculating an independent risk value of the first electronic equipment, and acquiring and storing independent risk values of other electronic equipment in the system except the first electronic equipment, wherein the first electronic equipment is any one electronic equipment in the system;

the risk state change of the first electronic device comprises one or more of the following items:

the version of the operating system of the first electronic device changes, the version of software run by the first electronic device changes, the password of the first electronic device changes, or the configuration of the first electronic device changes.

3. The method according to claim 1 or 2, characterized in that before obtaining the risk value of the system, the trust value of each electronic device in the system where the electronic device to be evaluated is located is obtained;

obtaining a risk value for the system from a weighted average of the individual risk values for each electronic device in the system, comprising:

taking the trust value of each electronic device as a weight, and obtaining a risk value of the system according to a weighted average of independent risk values of each electronic device in the system;

the trust value of the first electronic device is determined according to the connection condition of the first electronic device and the external accessory device, and the first electronic device is any one electronic device in the system.

4. The method of claim 3, wherein obtaining a trust value for each electronic device in a system in which the electronic device to be evaluated is located comprises:

when the trust state of first electronic equipment in the system is monitored to change, calculating the trust value of the first electronic equipment, and acquiring and storing the trust values of other electronic equipment except the first electronic equipment in the system;

the change of the trust state of the first electronic device comprises one or more of the following items:

the state of the first electronic device connected to the network changes or the number of devices connected to the first electronic device changes.

5. The method of claim 3, wherein the external accessory device comprises one or more of a device providing access services connected by wired means, a network device connected by wireless means, or a physical device connected by wired means, determining the trust value of the first electronic device, comprising:

determining a trust value of the first electronic device based on at least one of:

a connectivity with the device providing the access service, a number of network devices connected by wireless means, or a number of physical devices connected by wired means.

6. The method of any of claims 2, 4, 5, wherein obtaining the risk value for the system from a weighted average of the individual risk values for each electronic device in the system comprises:

obtaining a risk value for the system by:

wherein S is a risk value of the system,is a weighted average of the individual risk values of each electronic device in the system, n is the number of electronic devices comprised in the system, RiIs the independent risk value, t, of the ith electronic device in the systemiIs the trust value of the ith electronic device in the system.

7. The method of any of claims 2, 4, 5, wherein obtaining the risk value for the system from a weighted average of the individual risk values for each electronic device in the system comprises:

obtaining a risk value for the system by:

wherein S is a risk value of the system, S0To monitor a risk value of the system before a change in a risk status of a first electronic device in the system,is a weighted average of the individual risk values of each electronic device in the system, n is the number of electronic devices comprised in the system, RiIs the independent risk value, t, of the ith electronic device in the systemiAnd (4) setting k to be more than 0 and less than 1 for the trust value of the ith electronic equipment in the system.

8. The method of any one of claims 2, 4, and 5, wherein determining a risk value for risk assessment of the electronic device to be assessed from the risk value of the system and the independent risk value of the electronic device to be assessed comprises:

the risk value for risk assessment of the electronic device to be assessed is determined according to the following formula:

K=a*S+(1-a)*R*t;

and K is the risk value for performing risk evaluation on the electronic equipment to be evaluated, S is the risk value of the system, R is the independent risk value of the electronic equipment to be evaluated, t is the trust value of the electronic equipment to be evaluated, and a is more than 0 and less than 1.

9. A risk assessment device, comprising:

the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring an independent risk value of each electronic device in a system where the electronic device to be evaluated is located;

a processing unit for obtaining a risk value of the system from a weighted average of the individual risk values of each electronic device in the system;

the processing unit is further configured to determine a risk value for performing risk assessment on the electronic device to be assessed according to the risk value of the system and the independent risk value of the electronic device to be assessed.

10. An electronic device, characterized in that the electronic device comprises a processor and a memory,

the memory for storing computer programs or instructions;

the processor for executing a computer program or instructions in a memory, such that the method of any of claims 1-8 is performed.

Background

With the popularization and development of computer technology, the work and life range of people related to the related application of computer technology is wider and wider. However, various information of people is more exposed to the environment of the internet, so how to protect the information security of people becomes a problem to be solved in the current network security field.

Currently, the methods adopted for evaluating the security of electronic devices are as follows: and acquiring the security vulnerability of the electronic equipment, calculating to obtain an independent risk value of the electronic equipment according to the security vulnerability, and evaluating the security of the electronic equipment according to the independent risk value. It can be seen that, when the security of the electronic device is evaluated, only the security hole of the electronic device itself is considered, and the influence of the external environment on the electronic device is not considered, so that the accuracy of the security evaluation of the electronic device is low.

Disclosure of Invention

The application provides a risk assessment method and a risk assessment device, which are used for improving the accuracy of security assessment of electronic equipment.

In a first aspect, an embodiment of the present application provides a risk assessment method, including:

acquiring an independent risk value of each electronic device in a system where the electronic device to be evaluated is located;

obtaining a risk value of the system according to a weighted average of the independent risk values of each electronic device in the system;

and determining a risk value for performing risk assessment on the electronic equipment to be assessed according to the risk value of the system and the independent risk value of the electronic equipment to be assessed.

Based on the scheme, the systematic risk value is added in the process of calculating the risk value for performing risk assessment on the electronic equipment to be assessed, the influence of the surrounding environment on the electronic equipment is fully considered, the comprehensiveness and the accuracy of the risk value for performing risk assessment on the electronic equipment to be assessed are improved, and therefore the accuracy of the risk assessment can be improved.

In a possible manner, obtaining an independent risk value of each electronic device in a system in which the electronic device to be evaluated is located includes:

when the risk state of first electronic equipment in the system is monitored to change, calculating an independent risk value of the first electronic equipment, and acquiring and storing independent risk values of other electronic equipment in the system except the first electronic equipment, wherein the first electronic equipment is any one electronic equipment in the system;

the risk state change of the first electronic device comprises one or more of the following items:

the version of the operating system of the first electronic device changes, the version of software run by the first electronic device changes, the password of the first electronic device changes, or the configuration of the first electronic device changes.

Based on the scheme, the independent risk value of the electronic equipment with the changed risk state in the system can be updated according to the monitored risk state change of each electronic equipment in the system, and the scanning instruction is not required to be manually issued to update the independent risk value of the electronic equipment, so that the independent risk value of each electronic equipment is automatically updated, and the manual resources are saved.

In a possible mode, before obtaining the risk value of the system, obtaining the trust value of each electronic device in the system where the electronic device to be evaluated is located;

obtaining a risk value for the system from a weighted average of the individual risk values for each electronic device in the system, comprising:

taking the trust value of each electronic device as a weight, and obtaining a risk value of the system according to a weighted average of independent risk values of each electronic device in the system;

the trust value of the first electronic device is determined according to the connection condition of the first electronic device and the external accessory device, and the first electronic device is any one electronic device in the system.

Based on the scheme, when the risk value of the system is calculated, the trust value of each electronic device in the system is added, and different influences of different electronic devices on the system are fully considered, so that the acquired risk value of the system is more accurate.

In a possible manner, obtaining a trust value of each electronic device in a system in which the electronic device to be evaluated is located includes:

when the trust state of first electronic equipment in the system is monitored to change, calculating the trust value of the first electronic equipment, and acquiring and storing the trust values of other electronic equipment except the first electronic equipment in the system;

the change of the trust state of the first electronic device comprises one or more of the following items:

the state of the first electronic device connected to the network changes or the number of devices connected to the first electronic device changes.

In one possible approach, the determining the trust value of the first electronic device by the external accessory device includes one or more of a device providing an access service connected by a wired manner, a network device connected by a wireless manner, or a physical device connected by a wired manner, and includes:

determining a trust value of the first electronic device based on at least one of:

a connectivity with the device providing the access service, a number of network devices connected by wireless means, or a number of physical devices connected by wired means.

Based on the scheme, the trust value of the electronic equipment is determined according to the state of the electronic equipment connected with the network or the number of the equipment connected with the electronic equipment, so that the obtained trust value can accurately reflect different influences of different electronic equipment on the system, and the accuracy of the trust value of the system can be improved.

In one possible approach, obtaining the risk value of the system from a weighted average of the individual risk values of each electronic device in the system comprises:

obtaining a risk value of the system by the following formula:

wherein S is a risk value of the system,is a weighted average of the individual risk values of each electronic device in the system, n is the number of electronic devices comprised in the system, RiIs the independent risk value, t, of the ith electronic device in the systemiIs the trust value of the ith electronic device in the system.

In one possible approach, obtaining the risk value of the system from a weighted average of the individual risk values of each electronic device in the system comprises:

obtaining a risk value of the system by the following formula:

wherein S is a risk value of the system, S0To monitor a risk value of the system before a change in a risk status of a first electronic device in the system,is a weighted average of the individual risk values of each electronic device in the system, n is the number of electronic devices comprised in the system, RiIs the independent risk value, t, of the ith electronic device in the systemiAnd (4) setting k to be more than 0 and less than 1 for the trust value of the ith electronic equipment in the system.

Based on the scheme, the risk value of the system is determined together according to the risk value of the system before the risk state of the first electronic device is monitored to change and the weighted average value of the independent risk values of the electronic devices in the system, so that the risk value of the system is more accurate.

In one possible approach, determining a risk value for performing risk assessment on the electronic device to be assessed according to a risk value of the system and an independent risk value of the electronic device to be assessed includes:

the risk value for risk assessment of the electronic device to be assessed is determined according to the following formula:

K=a*S+(1-a)*R*t;

and K is the risk value for performing risk evaluation on the electronic equipment to be evaluated, S is the risk value of the system, R is the independent risk value of the electronic equipment to be evaluated, t is the trust value of the electronic equipment to be evaluated, and a is more than 0 and less than 1.

Based on the scheme, the risk value of the system and the trust value of the electronic equipment are added in the process of calculating the risk value for carrying out risk assessment on the electronic equipment, so that the risk value is more comprehensive and accurate, and the accuracy of the risk assessment is improved.

In a second aspect, an embodiment of the present application provides a risk assessment apparatus, including:

the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring an independent risk value of each electronic device in a system where the electronic device to be evaluated is located;

a processing unit for obtaining a risk value of the system from a weighted average of the individual risk values of each electronic device in the system;

the processing unit is further configured to determine a risk value for performing risk assessment on the electronic device to be assessed according to the risk value of the system and the independent risk value of the electronic device to be assessed.

In a possible manner, when acquiring the independent risk value of each electronic device in the system in which the electronic device to be evaluated is located, the acquiring unit is specifically configured to:

when the risk state of first electronic equipment in the system is monitored to be changed, the processing unit is instructed to calculate an independent risk value of the first electronic equipment, and independent risk values of other electronic equipment except the first electronic equipment in the system are obtained and stored, wherein the first electronic equipment is any one of the electronic equipment in the system;

the risk state change of the first electronic device comprises one or more of the following items:

the version of the operating system of the first electronic device changes, the version of software run by the first electronic device changes, the password of the first electronic device changes, or the configuration of the first electronic device changes.

In a possible manner, before obtaining the risk value of the system, the obtaining unit is further configured to obtain a trust value of each electronic device in the system in which the electronic device to be evaluated is located;

the processing unit is specifically configured to:

taking the trust value of each electronic device as a weight, and obtaining a risk value of the system according to a weighted average of independent risk values of each electronic device in the system;

the trust value of the first electronic device is determined according to the connection condition of the first electronic device and the external accessory device, and the first electronic device is any one electronic device in the system.

In a possible manner, when acquiring the trust value of each electronic device in the system in which the electronic device to be evaluated is located, the acquiring unit is specifically configured to:

when the trust state of first electronic equipment in the system is monitored to be changed, the processing unit is instructed to calculate the trust value of the first electronic equipment, and the trust values of other electronic equipment except the first electronic equipment in the system are obtained and stored;

the change of the trust state of the first electronic device comprises one or more of the following items:

the state of the first electronic device connected to the network changes or the number of devices connected to the first electronic device changes.

In a possible manner, the external accessory device includes one or more of a device providing an access service connected in a wired manner, a network device connected in a wireless manner, or a physical device connected in a wired manner, and the processing unit, when determining the trust value of the first electronic device, is specifically configured to:

determining a trust value of the first electronic device based on at least one of:

a connectivity with the device providing the access service, a number of network devices connected by wireless means, or a number of physical devices connected by wired means.

In a possible manner, the processing unit, when obtaining the risk value of the system according to a weighted average of the individual risk values of each electronic device in the system, is specifically configured to:

obtaining a risk value for the system by:

wherein S is a risk value of the system,is a weighted average of the individual risk values of each electronic device in the system, n is the number of electronic devices comprised in the system, RiIs the independent risk value, t, of the ith electronic device in the systemiIs the trust value of the ith electronic device in the system.

In a possible manner, the processing unit, when obtaining the risk value of the system according to a weighted average of the individual risk values of each electronic device in the system, is specifically configured to:

obtaining a risk value for the system by:

wherein S is a risk value of the system, S0To monitor a risk value of the system before a change in a risk status of a first electronic device in the system,is a weighted average of the individual risk values of each electronic device in the system, n is the number of electronic devices comprised in the system, RiIs the independent risk value, t, of the ith electronic device in the systemiAnd (4) setting k to be more than 0 and less than 1 for the trust value of the ith electronic equipment in the system.

In a possible manner, when determining a risk value for performing risk assessment on the electronic device to be assessed according to the risk value of the system and the independent risk value of the electronic device to be assessed, the processing unit is specifically configured to:

determining a risk value for risk assessment of the electronic device to be assessed according to the following formula:

K=a*S+(1-a)*R*t;

and K is the risk value for performing risk evaluation on the electronic equipment to be evaluated, S is the risk value of the system, R is the independent risk value of the electronic equipment to be evaluated, t is the trust value of the electronic equipment to be evaluated, and a is more than 0 and less than 1.

In a third aspect, an electronic device is provided that includes a processor and a memory. The memory is used for storing computer-executable instructions, and the processor executes the computer-executable instructions in the memory to perform the operational steps of the method of the first aspect or any one of the possible implementations of the first aspect by using hardware resources in the controller.

In a fourth aspect, the present application provides a computer-readable storage medium having stored therein instructions, which when executed on a computer, cause the computer to perform the method of the above-described aspects.

In addition, the beneficial effects of the second aspect to the fourth aspect can be referred to as the beneficial effects of the first aspect, and are not described herein again.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic architecture diagram of a security assessment system according to an embodiment of the present application;

fig. 2 is a schematic flowchart of a risk assessment method according to an embodiment of the present application;

fig. 3 is a schematic flowchart of a decision tree construction process provided in an embodiment of the present application;

fig. 4 is a schematic flow chart of another risk assessment method provided in the embodiments of the present application;

fig. 5 is a schematic structural diagram of a risk assessment apparatus according to an embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In order to facilitate understanding of the solutions proposed in the embodiments of the present application, first, technical terms related to the present application are described:

(1) the system comprises the following steps: is composed of a plurality of electronic devices, including a collection of electronic devices having a particular association. For example, a collection of electronic devices under the same intranet.

(2) Independent risk value: the method is used for representing the degree of danger brought to the electronic equipment by information such as bugs, weak passwords, conformity of configuration compliance items and the like existing on an operating system and software of the electronic equipment.

(3) Trust level: for characterizing the magnitude of the impact of the electronic device on system security.

(4) Trust value: and the value is quantified by the trust level and used for representing the influence of the electronic equipment on the system security.

(5) Decision tree: a predictive model represents a mapping between a characteristic attribute and an object value.

At present, only holes, weak passwords and the like of electronic equipment are considered when the security of the electronic equipment is evaluated, the influence of the external environment on the electronic equipment is not considered, the trust level of each piece of electronic equipment in the existing system is the same, the influence degree of different pieces of electronic equipment on the system is not reasonably applied, and therefore the evaluation on the security of the electronic equipment is not accurate. In addition, at present, for the security evaluation of the electronic device, a scanning instruction needs to be manually issued, security holes, weak passwords and the like of the electronic device are scanned, then the independent risk value of the electronic device is updated, automatic updating cannot be realized, and the efficiency is low.

The risk evaluation method and the risk evaluation device are characterized in that the risk value of the system is calculated firstly by combining the independent risk values of all electronic equipment of the system, then the risk value for evaluating the risk of the electronic equipment is calculated by combining the risk value of the system and the independent risk value of the electronic equipment, and the influence of the system on the risk of the electronic equipment is considered, so that the accuracy of the finally obtained risk value of the electronic equipment is improved, and the accuracy of safety evaluation on the electronic equipment is improved.

In the following, to facilitate understanding of the solution proposed in the present application, referring to fig. 1, a diagram of a security assessment system architecture provided by an embodiment of the present application is shown. The security assessment system shown in fig. 1 is used for implementing the risk assessment scheme provided by the present application, and specifically includes: risk assessment system 110, system under assessment 120, at least two electronic devices included in system 120. In fig. 1, a first electronic device 121 and a second electronic device 122 are taken as an example. It should be noted that fig. 1 is only an example, and the application does not specifically limit the number of electronic devices included in the system 120, and in fig. 1, only two electronic devices included in the system 120 are taken as an example for description. The risk assessment system 110 is configured to perform risk assessment on each electronic device in the system to be assessed 120, such as calculating an independent risk value of each electronic device, or calculating a risk value of the system to be assessed 120. For example, the risk assessment system 110 may obtain security vulnerabilities of various electronic devices from the various electronic devices of the system to be assessed 120. And calculating independent risk values of the electronic devices according to the security vulnerabilities. The manner in which the individual risk values are calculated is not particularly limited.

When the risk assessment system 110 triggers performing risk assessment, any possible implementation may be used:

in one possible approach, performing the risk assessment may be triggered by an administrator. For example, an administrator may trigger an evaluation instruction to the risk evaluation system 110, so that when the risk evaluation system 110 receives an evaluation instruction issued by a manager to perform risk evaluation on the system to be evaluated 120, security holes of each electronic device included in the system to be evaluated 120 are scanned, and an independent risk value of each electronic device is determined according to the security holes. In some scenarios, the system to be evaluated stores the independent risk values of the electronic devices after each calculation is completed. If the independent risk value of a certain electronic device changes, the saved independent risk value of the electronic device can be updated. Therefore, when the risk assessment system 110 receives an assessment instruction triggered by an administrator, the stored independent risk values of each electronic device in the system to be assessed 120 may be obtained, and further, the risk assessment of each electronic device may be further performed according to the independent risk values of each electronic device in the system to be assessed 120.

In a second possible manner, the risk assessment system 110 may monitor whether the risk status of each electronic device in the system to be assessed 120 changes, for example, the version of the operating system of the first electronic device or the second electronic device changes, the version of the running software changes, the password changes, the compliance of the configuration compliance changes, and the like. When monitoring that the risk state of certain electronic equipment in the system changes, the risk evaluation system can trigger execution of risk evaluation, acquire security holes of the electronic equipment with the changed risk state, determine the independent risk value of the electronic equipment with the changed risk state according to the security holes, and acquire the independent risk values of other electronic equipment except the electronic equipment with the changed risk state, which are stored in the risk evaluation system. And further perform risk assessment of each electronic device according to the independent risk value of each electronic device in the system to be assessed 120.

In a third possible approach, the risk assessment system 110 may monitor whether the trust status of one or more electronic devices in the system to be assessed 120 changes, for example, the status of a certain electronic device connected to the network changes, the number of devices connected in a wired manner changes, or the number of devices connected in a wireless manner changes. The risk assessment system 110 triggers the execution of risk assessment when it is monitored that the trust status of an electronic device changes.

In a fourth possible approach, the risk assessment system 110 may periodically perform risk assessment on each electronic device in the system to be assessed 120. The period can be set according to requirements.

In some possible embodiments, to improve the accuracy of the assessment, the risk assessment system 110 may also determine the risk value of the system in conjunction with the trust values of the various electronic devices. The manner in which the risk value of the system is determined is described in detail below and will not be described again.

As an example, the functions of the risk assessment system 110 described above may be implemented by one server or a cluster of servers. For example, referring to fig. 1, a schematic diagram of a server cluster when the server cluster is used to implement the function of the risk assessment system is shown. As an example, a server cluster for implementing a risk assessment function may include: the risk monitoring server 111 is configured to monitor whether a risk state of each electronic device in the system to be evaluated 120 changes. And the trust monitoring server 112 is configured to monitor whether trust states of electronic devices in the system to be evaluated 120 change. And the risk scanning server 113 is configured to scan each electronic device in the system to obtain a security vulnerability of the electronic device. And the risk evaluation server 114 is used for determining the independent risk value of the electronic equipment according to the security vulnerability of the electronic equipment. And the trust evaluation server 115 is used for determining or updating the trust value of the electronic device. And the system evaluation server 116 is used for jointly determining the risk value of the system according to the trust value and the independent risk value of the electronic equipment in the system. And the risk assessment server 114 is further configured to determine final risk values of the first electronic device and the second electronic device according to the risk values of the system and the independent risk values and the trust values of the first electronic device and the second electronic device. It should be noted that fig. 1 is only an example, the number of servers included in the risk assessment system is specifically limited, and the functions of the servers included in the risk assessment system are also not specifically limited.

The risk assessment scheme provided by the embodiment of the present application is described in detail below with reference to fig. 2.

The risk assessment system 201 obtains an independent risk value of each electronic device in the system to be assessed.

As an example, how to determine a risk value for evaluating a risk by an electronic device is described below by taking risk evaluation for the electronic device as an example. For convenience of description, the electronic device is referred to as an electronic device to be evaluated.

Optionally, the risk assessment system may store an independent risk value of each electronic device in the system to be assessed where the electronic device to be assessed is located. Or, the risk assessment system may also start scanning the electronic device whose state changes when it is determined that the risk state of any one of the electronic devices included in the system to be assessed changes, obtain one or more security holes of the electronic device, and calculate an independent risk value of the electronic device according to the one or more security holes. Then, the independent risk value of the electronic equipment except the electronic equipment with the changed risk state is obtained from the storage space of the electronic equipment.

The risk assessment system obtains a risk value for the system based on a weighted average of the individual risk values for each electronic device in the system under assessment 202.

Specifically, after the risk assessment system obtains the independent risk value of each electronic device in the system, the risk value of the system may be determined according to a weighted average of the independent risk values.

And 203, the risk assessment system determines the final risk value of the electronic equipment to be assessed according to the risk value of the system and the independent risk value of the electronic equipment to be assessed.

And the final risk value of the electronic equipment to be evaluated is a risk value used for performing security evaluation on the electronic equipment to be evaluated.

In some embodiments, the risk assessment system may obtain the independent risk value and the trust value of each electronic device in the system after triggering the risk assessment of the system to be assessed. The specific manner of triggering to perform risk assessment may refer to the four manners described in fig. 1, and details are not repeated here.

The obtaining of the independent risk value of each electronic device in the system may be obtaining of an independent risk value of each electronic device stored by the risk assessment system, or determining an independent risk value according to a security vulnerability of each electronic device obtained by scanning. For example, an electronic device, which is referred to as a first electronic device in the following, is used as an example to describe a process for determining an independent risk value according to a security vulnerability. The security vulnerabilities of the first electronic device that risk assessment system scans may be one or more. As an example, the risk assessment system may assign a risk level to each of the one or more security vulnerabilities based on a risk level of the security vulnerability. Each risk level has a corresponding risk level value, and the higher the risk level value is, the more dangerous the security vulnerability is. Further, the risk assessment system may calculate the security risk assessment value corresponding to each risk level from the lowest risk level to each level until the security risk assessment values corresponding to all security vulnerabilities included in the first electronic device are calculated. Determining a highest security risk assessment value of all security risk assessment values in the first electronic device as an independent risk value for the first electronic device.

Secondly, the trust value of each electronic device in the acquisition system may be the trust value of each electronic device stored in the acquisition system, or the trust value may be determined according to the trust status of each electronic device obtained by scanning, and optionally, the risk evaluation system may calculate the trust value of each electronic device according to the trust status by using an algorithm such as C4.5 or ID 3. For example, the trust value of the first electronic device in the system is calculated by using the C4.5 algorithm, and the first electronic device is any electronic device in the system. In order to clearly describe the process of calculating the trust value by using the C4.5 algorithm, a process of constructing a decision tree in the C4.5 algorithm is first described, and specifically, referring to a flowchart shown in fig. 3, a flowchart of a method for constructing a decision tree provided by an embodiment of the present application specifically includes:

301, sample selection.

Optionally, any number of electronic devices included in the system may be randomly selected as a sample, and the trust state of the selected electronic device may be obtained as a sample value. In one possible approach, the trust status may include a status of the selected electronic device connected to the network, i.e., a network connectivity status of the electronic device. As an example, in the process of selecting a sample, the sample value of the electronic device not connected to the network may be one, and the sample value of the electronic device connected to the network may be zero. In another possible approach, the trust status may also include the number of devices to which the selected electronic device is connected via a wired connection, such as a mouse, a keyboard, and a removable storage device to which the selected electronic device is connected via a wired connection. As an example, in the sample selection process, the selected electronic device may add one to the sample value of the electronic device every time the electronic device is connected to one device. In another possible approach, the trust status may further include the number of devices to which the selected electronic device is connected via a wireless connection, for example, the number of devices to which the selected electronic device is connected via bluetooth or a wireless hotspot. As an example, in the process of selecting a sample, the selected electronic device may add one to the sample value of each connected device in a wireless connection manner.

Optionally, the risk assessment system may further set a preset trust value according to an actual situation of each electronic device before performing risk assessment on each electronic device included in the system. That is, when the electronic device is initially deployed, a manager needs to set a preset trust value for the electronic device according to a physical environment where the electronic device is located or a purpose of the electronic device. That is, each electronic device in the system has a corresponding preset trust value.

Furthermore, a trust level can be correspondingly generated according to the selected trust state of the electronic equipment and the preset trust value, the trust level is used for representing the safety degree of the electronic equipment, and the higher the trust level is, the safer the electronic equipment is.

In the following, referring to table 1 below, five electronic devices are selected in the system as an example. Table 1 shows the correspondence between the selected sample values (trust status and preset trust value) of the five electronic devices and the trust level.

TABLE 1

Numbering Network connectivity Wireless device connectivity Wired device communication Preset trust value Trust ratings
1 1 3 2 5 V1
2 0 1 2 8 V5
3 0 1 2 2 V4
4 0 2 2 2 V2
5 1 0 2 6 V1

It should be noted that table 1 is only an example, the number of trust levels is not specifically limited in the present application, and in the embodiments of the present application, the trust levels include 5 levels (V1, V2, V3, V4, V5), the security levels of V1 to V5 are sequentially increased, the security level of V1 is the lowest, and the security level of V5 is the highest. Optionally, the trust level may be further quantized to a specific trust value. For example, the trust levels of V1-V5 may be sequentially quantized as t1-t5Five trust values, also from t1To t5Successively higher. Optionally, the range of the trust value may be [0, 1 ]]For example, trust level V1 corresponds to trust value t1The trust value t corresponding to the trust level V2 can be 02The trust value t corresponding to the trust level V3 can be 0.33The trust value t corresponding to the trust level V4 can be 0.54The trust value t corresponding to the trust level V5 can be 0.85Can take the value of 1. Specifically, the risk assessment system may store a correspondence between each trust level and a trust value.

302, a decision tree is constructed.

The decision tree is a prediction model and represents a mapping relation between characteristic attributes and object values, and the decision tree is composed of root attribute nodes and other data nodes. In this application, the characteristic attribute of the decision tree refers to a sample value, that is, a preset trust value of the selected electronic device, network connectivity (connectivity is 0, non-connectivity is 1), the number of devices connected by wire, and the number of devices connected by wireless. The object values of the decision tree refer to trust levels.

In some embodiments, since the 4 sample values serving as the feature attributes all participate in training the decision tree model and are discrete values, the information gain rates of the 4 feature attributes may be first calculated, and the feature attribute with the largest information gain rate is selected as the root attribute node of the decision tree. For example, a conditional entropy of an arbitrary feature attribute may be calculated, and an information gain rate of the feature attribute may be calculated from the conditional entropy. It can be known that, the larger the information gain rate is, the larger the influence of the characteristic attribute on the trust level is, after the root attribute node of the decision tree is determined, the preset trust value of the electronic device, the network connectivity, the number of the devices connected by wires, and the number of the devices connected by wires can be further used as other data nodes of the decision tree according to the sequence of the information gain rate from large to small, so as to construct a complete decision tree.

303, post-processing of the decision tree.

As an optional mode, after the decision tree is constructed, a pruning method for reducing error rate, a pessimistic pruning method and a cost complexity pruning method may be further adopted to perform post-processing on the generated decision tree, so as to avoid the occurrence of over-fitting, prevent over-learning, and reduce errors.

The risk assessment system can input the trust state of the first electronic device into the constructed decision tree, obtain the trust level of the first electronic device, and determine that the trust value corresponding to the trust level is the trust value of the first electronic device.

Further, after obtaining the independent risk value and the trust value of each electronic device, the risk assessment system may determine the risk value of the system jointly according to the independent risk value and the trust value of each electronic device. As an example, the risk assessment system may use the trust value of each electronic device as a weight, and perform a weighted average on the independent risk value of each electronic device in the system to obtain a weighted average of the independent risk values of the electronic devices included in the system, where the weighted average may be obtained by the following formula (1):

wherein the content of the first and second substances,is a weighted average of the individual risk values, R, of all electronic devices in the systemiIs an independent risk value, t, for the ith electronic device in the systemiIs the trust value of the ith electronic device in the system, and n is the number of the electronic devices contained in the system.

Optionally, the risk assessment system may further obtain a risk value of the system according to the weighted average after obtaining the weighted average. As an example, the system risk value may be the weighted average, for example, the system risk value may be determined according to the following formula (2):

wherein S is a risk value of the system,is a weighted average of the individual risk values for each electronic device in the system.

As another example, the system risk value may also be determined based on the weighted average and a previous risk value of the system, for example, the system risk value may be determined according to the following formula (3):

wherein S is the risk value of the system, S0Is the previous risk value of the system,and the weighted average value of the independent risk values of the electronic equipment in the system is 0 < k < 1.

Still further, after the risk evaluation system obtains the risk value of the system, the final risk value of the electronic device may be determined according to the risk value of the system, the independent risk value and the trust value of the electronic device to be evaluated in the system. For example, the final risk value of the electronic device may be determined according to the following equation (4):

K=a*S+(1-a)*R*t; (4)

k is the final risk value of the electronic equipment to be evaluated, S is the risk value of the system, R is the independent risk value of the electronic equipment to be evaluated, t is the independent risk value of the electronic equipment to be evaluated, and a is more than 0 and less than 1.

Optionally, the risk assessment system may store the final risk value of each electronic device, so that a manager may perform security assessment on the electronic device according to the final risk value of the electronic device.

In the following, for a further understanding of the aspects presented herein, reference will be made to specific examples. In this embodiment, an example is described in which a risk assessment system triggers risk assessment by monitoring that a trust state of one electronic device in the system changes, and subsequently, the electronic device whose trust state changes is referred to as an electronic device a, which is any one of electronic devices in an a-bit system. Referring to fig. 4, a flowchart of a risk assessment method provided in the embodiment of the present application is shown. The method specifically comprises the following steps:

the risk assessment system determines that the trust status of electronic device a has changed 401.

In some embodiments, the risk assessment system may monitor the electronic devices in the system in real time and determine that the trust status of electronic device a in the system has changed. The specific trust status change can be referred to the description in step 301 of fig. 3, and is not described herein again.

402, the risk assessment system determines the trust value of the electronic device a according to the changed trust status of the electronic device a.

As an example, the risk assessment system may calculate the trust value of the electronic device a according to the changed trust status of the electronic device a through algorithms such as C4.5, ID3, and the like. Of course, other algorithms may be used to calculate the trust value of the electronic device a, and this application is not limited in this respect.

The risk assessment system determines a risk value for the system 403.

Specifically, the risk assessment system may obtain the stored independent risk value of each electronic device in the system, and obtain the trust value of the electronic device other than the electronic device a in the system and the trust value of the electronic device a obtained in step 402. The risk assessment system may determine the risk value of the system jointly according to the independent risk value and the trust value of each electronic device in the system, for example, see formulas (1) - (3) in the above embodiments, which is not described herein again.

The risk assessment system determines a final risk value for each electronic device in the system based on the risk values of the system 404.

Optionally, after determining the risk value of the system, the risk assessment system may determine a final risk value of each electronic device according to the risk value of the system, the independent risk values and the trust values of each electronic device in the system. For example, see formula (4) in the above embodiments, and will not be described herein.

In some embodiments, the risk assessment system, after determining the final risk value for the electronic device, performs a security assessment for the electronic device based on the value of the final risk value. If it is determined that the final risk value of some electronic devices is too large, for example, greater than a certain set threshold value, an alarm notification may be issued to instruct a manager to perform bug fixing on the electronic devices. Optionally, the risk assessment system may further determine the influence of the electronic devices on the system security according to the trust values of the electronic devices, and the influence of the electronic devices with larger trust values on the system security is larger. And then the risk assessment system can instruct managers to preferentially repair electronic equipment which has a large influence on the system safety, so that the working efficiency of vulnerability repair is improved.

Based on the same concept as the method described above, referring to fig. 5, an apparatus 500 with a risk assessment function is provided for the embodiment of the present application. The apparatus 500 is capable of performing the various steps of the above-described method, and will not be described in detail herein to avoid repetition. The apparatus 500 comprises: an acquisition unit 501 and a processing unit 502.

An obtaining unit 501, configured to obtain an independent risk value of each electronic device in a system in which the electronic device to be evaluated is located;

a processing unit 502 for obtaining a risk value of the system according to a weighted average of the individual risk values of each electronic device in the system;

the processing unit 502 is further configured to determine a risk value for performing risk assessment on the electronic device to be assessed according to the risk value of the system and the independent risk value of the electronic device to be assessed.

In a possible manner, when acquiring the independent risk value of each electronic device in the system where the electronic device to be evaluated is located, the acquiring unit 501 is specifically configured to:

when the risk state of a first electronic device in the system is monitored to be changed, the processing unit 502 is instructed to calculate an independent risk value of the first electronic device, and to acquire and store independent risk values of other electronic devices in the system except the first electronic device, wherein the first electronic device is any one of the electronic devices in the system;

the risk state change of the first electronic device comprises one or more of the following items:

the version of the operating system of the first electronic device changes, the version of software run by the first electronic device changes, the password of the first electronic device changes, or the configuration of the first electronic device changes.

In a possible manner, before obtaining the risk value of the system, the obtaining unit 501 is further configured to obtain a trust value of each electronic device in the system where the electronic device to be evaluated is located;

the processing unit 502 is specifically configured to:

taking the trust value of each electronic device as a weight, and obtaining a risk value of the system according to a weighted average of independent risk values of each electronic device in the system;

the trust value of the first electronic device is determined according to the connection condition of the first electronic device and the external accessory device, and the first electronic device is any one electronic device in the system.

In a possible manner, when acquiring the trust value of each electronic device in the system where the electronic device to be evaluated is located, the acquiring unit 501 is specifically configured to:

when the trust state of the first electronic device in the system is monitored to be changed, the processing unit 502 is instructed to calculate the trust value of the first electronic device, and the trust values of other electronic devices except the first electronic device in the system are obtained and stored;

the change of the trust state of the first electronic device comprises one or more of the following items:

the state of the first electronic device connected to the network changes or the number of devices connected to the first electronic device changes.

In a possible manner, the external accessory device includes one or more of a device providing an access service connected in a wired manner, a network device connected in a wireless manner, or a physical device connected in a wired manner, and the processing unit 502 is specifically configured to, when determining the trust value of the first electronic device:

determining a trust value of the first electronic device based on at least one of:

a connectivity with the device providing the access service, a number of network devices connected by wireless means, or a number of physical devices connected by wired means.

In a possible manner, when obtaining the risk value of the system according to the weighted average of the independent risk values of each electronic device in the system, the processing unit 502 is specifically configured to:

obtaining a risk value for the system by:

wherein S is a risk value of the system,is a weighted average of the individual risk values of each electronic device in the system, n is the number of electronic devices comprised in the system, RiIs the independent risk value, t, of the ith electronic device in the systemiIs the trust value of the ith electronic device in the system.

In a possible manner, when obtaining the risk value of the system according to the weighted average of the independent risk values of each electronic device in the system, the processing unit 502 is specifically configured to:

obtaining a risk value for the system by:

wherein S is a risk value of the system, S0To monitor a risk value of the system before a change in a risk status of a first electronic device in the system,is a weighted average of the individual risk values of each electronic device in the system, n is the number of electronic devices comprised in the system, RiIs the independent risk value, t, of the ith electronic device in the systemiAnd (4) setting k to be more than 0 and less than 1 for the trust value of the ith electronic equipment in the system.

In a possible manner, when determining the risk value for performing the risk assessment on the electronic device to be assessed according to the risk value of the system and the independent risk value of the electronic device to be assessed, the processing unit 502 is specifically configured to:

determining a risk value for risk assessment of the electronic device to be assessed according to the following formula:

K=a*S+(1-a)*R*t;

and K is the risk value for performing risk evaluation on the electronic equipment to be evaluated, S is the risk value of the system, R is the independent risk value of the electronic equipment to be evaluated, t is the trust value of the electronic equipment to be evaluated, and a is more than 0 and less than 1.

Fig. 6 shows a schematic structural diagram of an electronic device 600 corresponding to the risk assessment system provided in the embodiment of the present application. The electronic device 600 in the embodiment of the present application may further include a communication interface 603, where the communication interface 603 is, for example, a network port, and the electronic device may transmit data through the communication interface 603.

In the embodiment of the present application, the memory 602 stores instructions executable by the at least one processor 601, and the at least one processor 601 may be configured to perform the steps performed by the risk assessment system by executing the instructions stored in the memory 602.

The processor 601 is a control center of the electronic device, and may connect various parts of the whole electronic device by using various interfaces and lines, by executing or executing instructions stored in the memory 602 and calling data stored in the memory 602. Alternatively, processor 601 may include one or more processing units, and processor 601 may integrate an application processor, which mainly handles operating systems and application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 601.

The processor 601 may be a general-purpose processor, such as a Central Processing Unit (CPU), digital signal processor, application specific integrated circuit, field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like, that may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application.

The memory 602, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 602 may include at least one type of storage medium, and may include, for example, a flash Memory, a hard disk, a multimedia card, a card-type Memory, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a charge Erasable Programmable Read Only Memory (EEPROM), a magnetic Memory, a magnetic disk, an optical disk, and so on.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

完整详细技术资料下载
上一篇:石墨接头机器人自动装卡簧、装栓机
下一篇:基于人工智能的云服务漏洞修复方法及大数据分析系统

网友询问留言

已有0条留言

还没有人留言评论。精彩留言会获得点赞!

精彩留言,会给你点赞!

技术分类