面向关键信息基础设施的网络安全评价体系研究

doi:10.3969/j.issn.1671-1122.2019.09.023

信息网络安全 ›› 2019, Vol. 19 ›› Issue (9): 111-114.doi: 10.3969/j.issn.1671-1122.2019.09.023

面向关键信息基础设施的网络安全评价体系研究

高孟茹¹, 谢方军¹, 董红琴¹, 林祥²

1.上海市公安局网络安全保卫总队,上海 200025
2.上海交通大学信息安全学院,上海 200240

收稿日期:2019-07-15 出版日期:2019-09-10 发布日期:2020-05-11
作者简介:
作者简介：高孟茹（1990—）,女,江西,工程师,硕士,主要研究方向为网络安全;谢方军（1973—）,男,四川,高级工程师,博士,主要研究方向为网络安全及大数据分析;董红琴（1982—）,女,江苏,工程师,硕士,主要研究方向为网络安全;林祥（1979—）,男,福建,工程师,博士,主要研究方向为网络空间安全。
基金资助:
国家重点研发计划[2017YFC0821305];上海市科学技术委员会科研计划[18511105902,18JG0500400]

Research on Network Security Evaluation System Oriented to Critical Information Infrastructure

Mengru GAO¹, Fangjun XIE¹, Hongqin DONG¹, Xiang LIN²

1. Network Security Corps of Shanghai Public Security Bureau, Shanghai 200025, China
2. School of Cybersecurity, Shanghai Jiaotong University, Shanghai 200240, China

Received:2019-07-15 Online:2019-09-10 Published:2020-05-11

摘要/Abstract

摘要：

随着互联网和云计算的广泛应用,关键信息基础设施安全问题日益突出。当前关键信息基础设施安全保障评价指标体系的三层分级结构存在缺乏量化指标以及管理指标与技术指标缺乏关联等问题,这些问题导致安全风险评估过程信息化程度低、周期长。针对上述问题,文章引入知识图谱建立管理指标和技术指标之间的关联,同时通过实际态势数据分类细化技术指标,形成基于知识图谱技术的网络安全四级量化评价体系。通过监管部门实际应用,该体系可以实时地对关键信息基础设施的互联网资产进行网络安全风险评估,显著提升监管效率。

关键词: 网络安全评价体系, 知识图谱, 指标量化

Abstract:

With the wide application of Internet and cloud computing, the security problem of critical information infrastructure has become increasingly prominent. At present, the three-tier hierarchical structure of the critical information infrastructure security index system has the problems that lacking of quantify indicators, and lacking of correlation between management indicators and technical indicators. These problems lead to the low degree of informatization and a long period of security risk assessment. In order to solve the above problems, this paper establishes the relationship between management indicators and technical indicators by introducing the knowledge graph, and forms the four-level network security quantitative evaluation system based on knowledge graph by classifying the actual situation data to refine the technical indicators. Through the practical application, the system can assess the security risk of Internet assets of critical information infrastructure in near real-time, and significantly improve the efficiency of supervision.

Key words: network security evaluation system, knowledge graph, indicator quantification

中图分类号:

TP309

高孟茹, 谢方军, 董红琴, 林祥. 面向关键信息基础设施的网络安全评价体系研究[J]. 信息网络安全, 2019, 19(9): 111-114.

Mengru GAO, Fangjun XIE, Hongqin DONG, Xiang LIN. Research on Network Security Evaluation System Oriented to Critical Information Infrastructure[J]. Netinfo Security, 2019, 19(9): 111-114.

参考文献 11

[1]	LIU Yu.Information Decurity Evaluation and Its Index Research[D]. Beijing: Beijing Jiaotong University, 2014.
	刘昱. 信息安全评估及其指数研究[D].北京:北京交通大学,2014.
[2]	LI Jiayuan. Information Construction, Information Security and Information Security Evaluation Index System[J]. Information & Communications, 2012(4): 117.
	李嘉渊. 信息化建设、信息安全保障和信息安全评价指标体系[J].信息通信,2012(4):117.
[3]	WEN Weiping, GUO Ronghua, MEN Zheng, et al.Research and Implementation of Key Technology of Information Security Risk Assessment[J]. Netinfo Security, 2015, 15(2): 7-14.
	文伟平,郭荣华,孟正,等.信息安全风险评估关键技术研究与实现[J].信息网络安全,2015,15(2):7-14.
[4]	LI Tao, ZHANG Chi.Research on Network Security Risk Model Based on Information Security Standards[J]. Netinfo Security, 2016, 16(9): 177-183.
	李涛,张驰.基于信息安全等保标准的网络安全风险模型研究[J].信息网络安全,2016,16(9):177-183.
[5]	XI Rongrong, YUN Xiaochun, ZHANG Yongzheng.Quantitative Assessment Method of Network Threat Situation Based on Environment Attribute[J]. Journal of Software, 2015, 26(7): 1638-1649.
	席荣荣,云晓春,张永铮.基于环境属性的网络威胁态势量化评估方法[J].软件学报,2015,26(7):1638-1649.
[6]	YANG Hongyu, JIANG Hua.Multi-agent Network Security Risk Assessment Model Based on Attack Graph[J]. Computer Science, 2013, 40(2): 148-152.
	杨宏宇,江华.基于攻击图的多Agent网络安全风险评估模型[J].计算机科学,2013,40(2):148-152.
[7]	ZHU Lin.Visualization of Computer Network Security Based on Knowledge Graph[J]. Information Technology and Informatization, 2019(4): 73-75.
	朱琳. 基于知识图谱的计算机网络安全可视化研究[J].信息技术与信息化,2019(4):73-75.
[8]	CHEN Xianglong.Research on Threat Intelligence Credible Analysis System Based on Machine Learning[D]. Beijing: Beijing University of Posts and Telecommunications, 2019.
	程翔龙. 基于机器学习的威胁情报可信分析系统的研究[D].北京:北京邮电大学,2019.
[9]	LIANG Zhong, ZHOU Jiakun, ZHU Han, et al.Research on Information Security Knowledge Aggregation Technology Based on Security Ontology[J]. Netinfo Security, 2017, 17(4): 78-85.
	梁中,周嘉坤,朱汉,等.基于安全本体的信息安全知识聚合技术研究[J].信息网络安全,2017,17(4):78-85.
[10]	LIU Qiao, LI Yang, DUAN Hong, et al.Overview of Knowledge Mapping Techniques[J]. Journal of Computer Research and Development, 2016, 53(3): 582-600.
	刘峤,李杨,段宏,等.知识图谱构建技术综述[J].计算机研究与发展,2016,53(3):582-600.
[11]	National Information Security Standardization Technical Committee. Critical Information Infrastructure Security Control Measures[EB/OL]. , 2019-7-1.
	全国信息安全标准化技术委员会.关键信息基础设施安全控制措施[EB/OL]. https://www.tc260.org.cn/file/2018-06-13/0ca68c67-c92b-45dd-b199-d317b6d723b2.docx,2019-7-1.

面向关键信息基础设施的网络安全评价体系研究

Research on Network Security Evaluation System Oriented to Critical Information Infrastructure

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献 11

相关文章 1

编辑推荐

Metrics

本文评价