Research on Network Security Evaluation System Oriented to Critical Information Infrastructure

doi:10.3969/j.issn.1671-1122.2019.09.023

Abstract

Abstract:

With the wide application of Internet and cloud computing, the security problem of critical information infrastructure has become increasingly prominent. At present, the three-tier hierarchical structure of the critical information infrastructure security index system has the problems that lacking of quantify indicators, and lacking of correlation between management indicators and technical indicators. These problems lead to the low degree of informatization and a long period of security risk assessment. In order to solve the above problems, this paper establishes the relationship between management indicators and technical indicators by introducing the knowledge graph, and forms the four-level network security quantitative evaluation system based on knowledge graph by classifying the actual situation data to refine the technical indicators. Through the practical application, the system can assess the security risk of Internet assets of critical information infrastructure in near real-time, and significantly improve the efficiency of supervision.

Key words: network security evaluation system, knowledge graph, indicator quantification

CLC Number:

TP309

Mengru GAO, Fangjun XIE, Hongqin DONG, Xiang LIN. Research on Network Security Evaluation System Oriented to Critical Information Infrastructure[J]. Netinfo Security, 2019, 19(9): 111-114.

References 11

[1]	LIU Yu.Information Decurity Evaluation and Its Index Research[D]. Beijing: Beijing Jiaotong University, 2014.
	刘昱. 信息安全评估及其指数研究[D].北京:北京交通大学,2014.
[2]	LI Jiayuan. Information Construction, Information Security and Information Security Evaluation Index System[J]. Information & Communications, 2012(4): 117.
	李嘉渊. 信息化建设、信息安全保障和信息安全评价指标体系[J].信息通信,2012(4):117.
[3]	WEN Weiping, GUO Ronghua, MEN Zheng, et al.Research and Implementation of Key Technology of Information Security Risk Assessment[J]. Netinfo Security, 2015, 15(2): 7-14.
	文伟平,郭荣华,孟正,等.信息安全风险评估关键技术研究与实现[J].信息网络安全,2015,15(2):7-14.
[4]	LI Tao, ZHANG Chi.Research on Network Security Risk Model Based on Information Security Standards[J]. Netinfo Security, 2016, 16(9): 177-183.
	李涛,张驰.基于信息安全等保标准的网络安全风险模型研究[J].信息网络安全,2016,16(9):177-183.
[5]	XI Rongrong, YUN Xiaochun, ZHANG Yongzheng.Quantitative Assessment Method of Network Threat Situation Based on Environment Attribute[J]. Journal of Software, 2015, 26(7): 1638-1649.
	席荣荣,云晓春,张永铮.基于环境属性的网络威胁态势量化评估方法[J].软件学报,2015,26(7):1638-1649.
[6]	YANG Hongyu, JIANG Hua.Multi-agent Network Security Risk Assessment Model Based on Attack Graph[J]. Computer Science, 2013, 40(2): 148-152.
	杨宏宇,江华.基于攻击图的多Agent网络安全风险评估模型[J].计算机科学,2013,40(2):148-152.
[7]	ZHU Lin.Visualization of Computer Network Security Based on Knowledge Graph[J]. Information Technology and Informatization, 2019(4): 73-75.
	朱琳. 基于知识图谱的计算机网络安全可视化研究[J].信息技术与信息化,2019(4):73-75.
[8]	CHEN Xianglong.Research on Threat Intelligence Credible Analysis System Based on Machine Learning[D]. Beijing: Beijing University of Posts and Telecommunications, 2019.
	程翔龙. 基于机器学习的威胁情报可信分析系统的研究[D].北京:北京邮电大学,2019.
[9]	LIANG Zhong, ZHOU Jiakun, ZHU Han, et al.Research on Information Security Knowledge Aggregation Technology Based on Security Ontology[J]. Netinfo Security, 2017, 17(4): 78-85.
	梁中,周嘉坤,朱汉,等.基于安全本体的信息安全知识聚合技术研究[J].信息网络安全,2017,17(4):78-85.
[10]	LIU Qiao, LI Yang, DUAN Hong, et al.Overview of Knowledge Mapping Techniques[J]. Journal of Computer Research and Development, 2016, 53(3): 582-600.
	刘峤,李杨,段宏,等.知识图谱构建技术综述[J].计算机研究与发展,2016,53(3):582-600.
[11]	National Information Security Standardization Technical Committee. Critical Information Infrastructure Security Control Measures[EB/OL]. , 2019-7-1.
	全国信息安全标准化技术委员会.关键信息基础设施安全控制措施[EB/OL]. https://www.tc260.org.cn/file/2018-06-13/0ca68c67-c92b-45dd-b199-d317b6d723b2.docx,2019-7-1.