检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:马浩翔 陆晨晖 程茜 程圣铎 Ma Haoxiang;Lu Chenhui;Cheng Xi;Cheng Shengduo(Security Engineering Research Center,China Telecom Research Institute,Shanghai 201315,China)
机构地区:[1]中国电信股份有限公司研究院安全平台技术研发部,上海201315
出 处:《计算机应用与软件》2025年第4期366-372,共7页Computer Applications and Software
摘 要:针对当前网络安全风险评估体系中定性到定量的风险呈现缺失的问题,提出基于多维度特征的攻击者和资产风险评估方法;从攻击IP的角度设计了三种维度特征评估每个攻击IP,以此判定高威胁的攻击者;从资产IP的角度,设计了威胁维度特征评分和脆弱性维度特征评分,结合资产的识别与赋值,得到判定高风险的资产。提出的评估方法可以用于展示当前攻击者和系统的风险情况,最大化现有的防御能力,具有一定的理论意义和实践价值。According to the lack of the transition from qualitative risks to quantitative risks in the current cyber security risk assessment system,this paper proposed an intruder and asset risk assessment method based on multi-dimensional features.From the aspect of the intruder,this paper designed three dimensions to evaluate each intruder,and obtained the top-threat intruders.From the aspect of assets,this paper designed the dynamic scoring of threat dimensions and vulnerability dimensions.Combining the identification and value assignment of assets,we obtained the top-risk assets.The results of this paper can be used to display the current top-risk intruders and risked systems to security analysts,to maximize the existing defense countermeasure.The result is of theory significance and practical meanings.
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49