信息网络安全 ›› 2019, Vol. 19 ›› Issue (9): 111-114.doi: 10.3969/j.issn.1671-1122.2019.09.023

• • 上一篇    下一篇

面向关键信息基础设施的网络安全评价体系研究

高孟茹1, 谢方军1, 董红琴1, 林祥2   

  1. 1.上海市公安局网络安全保卫总队,上海 200025
    2.上海交通大学信息安全学院,上海 200240
  • 收稿日期:2019-07-15 出版日期:2019-09-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:高孟茹(1990—),女,江西,工程师,硕士,主要研究方向为网络安全;谢方军(1973—),男,四川,高级工程师,博士,主要研究方向为网络安全及大数据分析;董红琴(1982—),女,江苏,工程师,硕士,主要研究方向为网络安全;林祥(1979—),男,福建,工程师,博士,主要研究方向为网络空间安全。

  • 基金资助:
    国家重点研发计划[2017YFC0821305];上海市科学技术委员会科研计划[18511105902,18JG0500400]

Research on Network Security Evaluation System Oriented to Critical Information Infrastructure

Mengru GAO1, Fangjun XIE1, Hongqin DONG1, Xiang LIN2   

  1. 1. Network Security Corps of Shanghai Public Security Bureau, Shanghai 200025, China
    2. School of Cybersecurity, Shanghai Jiaotong University, Shanghai 200240, China
  • Received:2019-07-15 Online:2019-09-10 Published:2020-05-11

摘要:

随着互联网和云计算的广泛应用,关键信息基础设施安全问题日益突出。当前关键信息基础设施安全保障评价指标体系的三层分级结构存在缺乏量化指标以及管理指标与技术指标缺乏关联等问题,这些问题导致安全风险评估过程信息化程度低、周期长。针对上述问题,文章引入知识图谱建立管理指标和技术指标之间的关联,同时通过实际态势数据分类细化技术指标,形成基于知识图谱技术的网络安全四级量化评价体系。通过监管部门实际应用,该体系可以实时地对关键信息基础设施的互联网资产进行网络安全风险评估,显著提升监管效率。

关键词: 网络安全评价体系, 知识图谱, 指标量化

Abstract:

With the wide application of Internet and cloud computing, the security problem of critical information infrastructure has become increasingly prominent. At present, the three-tier hierarchical structure of the critical information infrastructure security index system has the problems that lacking of quantify indicators, and lacking of correlation between management indicators and technical indicators. These problems lead to the low degree of informatization and a long period of security risk assessment. In order to solve the above problems, this paper establishes the relationship between management indicators and technical indicators by introducing the knowledge graph, and forms the four-level network security quantitative evaluation system based on knowledge graph by classifying the actual situation data to refine the technical indicators. Through the practical application, the system can assess the security risk of Internet assets of critical information infrastructure in near real-time, and significantly improve the efficiency of supervision.

Key words: network security evaluation system, knowledge graph, indicator quantification

中图分类号: