[go: up one dir, main page]

CN110008097B - Comprehensive evaluation method of service-oriented information system attack effectiveness - Google Patents

Comprehensive evaluation method of service-oriented information system attack effectiveness Download PDF

Info

Publication number
CN110008097B
CN110008097B CN201910140785.5A CN201910140785A CN110008097B CN 110008097 B CN110008097 B CN 110008097B CN 201910140785 A CN201910140785 A CN 201910140785A CN 110008097 B CN110008097 B CN 110008097B
Authority
CN
China
Prior art keywords
attack
service
membership function
scale
weighting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910140785.5A
Other languages
Chinese (zh)
Other versions
CN110008097A (en
Inventor
黄迎春
冯永新
赵运弢
康潆允
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenyang Ligong University
Original Assignee
Shenyang Ligong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenyang Ligong University filed Critical Shenyang Ligong University
Priority to CN201910140785.5A priority Critical patent/CN110008097B/en
Publication of CN110008097A publication Critical patent/CN110008097A/en
Application granted granted Critical
Publication of CN110008097B publication Critical patent/CN110008097B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3447Performance evaluation by modeling
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Mathematical Optimization (AREA)
  • Computer Hardware Design (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Algebra (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Quality & Reliability (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A comprehensive evaluation method for attack efficiency of a service information system belongs to the technical field of network space security, and particularly relates to a comprehensive evaluation method for attack efficiency of a service information system. The invention provides a comprehensive evaluation method for attack efficiency of a four-dimensional weighted service information system. The invention comprises the following steps: 1) Establishing a multilevel evaluation index factor set of attack effectiveness of a service information system; 2) Establishing a weight set based on a four-dimensional weighting formula; 3) Establishing a multi-scale membership function of the terminal evaluation index factors; 4) And establishing a comprehensive evaluation model of attack efficiency of the service information system.

Description

服务化信息系统攻击效能综合评估方法Comprehensive evaluation method of service-oriented information system attack effectiveness

技术领域technical field

本发明属于网络空间安全技术领域,尤其涉及一种服务化信息系统攻击效能综合评估方法。The invention belongs to the technical field of cyberspace security, and in particular relates to a method for comprehensively evaluating attack effectiveness of a service-oriented information system.

背景技术Background technique

信息系统(Information system)是由计算机硬件、网络和通信设备、计算机软件、信息资源、信息用户和规章制度组成的以处理信息流为目的的人机一体化系统。信息系统具有一般意义的层次模型:物理层、操作系统层、工具层、数据层、功能层、业务层和用户层。信息系统的结构模式有集中式的结构模式、客户机/服务器(C/S)结构模式和浏览器/服务器(B/S)结构模式三种。Information system (Information system) is a human-computer integration system composed of computer hardware, network and communication equipment, computer software, information resources, information users and rules and regulations for the purpose of processing information flow. Information system has a general level model: physical layer, operating system layer, tool layer, data layer, functional layer, business layer and user layer. There are three structural modes of information systems: centralized structural mode, client/server (C/S) structural mode and browser/server (B/S) structural mode.

服务化信息系统通常是指采用了面向服务架构(SOA,service-orientedarchitecture)的信息系统。服务化信息系统具有可重用、松耦合、明确定义的接口、无状态的服务设计和基于开放标准等基本特性。SOA是一个组件模型,它将应用程序的不同功能单元(称为服务)通过这些服务之间定义良好的接口和契约联系起来。接口是采用中立的方式进行定义的,它应该独立于实现服务的硬件平台、操作系统和编程语言。这使得构建在各种这样的系统中的服务可以以一种统一和通用的方式进行交互。SOA包括三种角色:服务请求者,服务提供者和服务注册中心。服务请求者是一个应用程序、一个软件模块或需要一个服务的另一个服务。服务请求者发起对注册中心中的服务的查询,通过传输绑定服务,并且执行服务功能。服务请求者根据接口契约来执行服务。服务提供者是一个可通过网络寻址的实体,它接受和执行来自请求者的请求。服务提供者将自己的服务和接口契约发布到服务注册中心,以便服务请求者可以发现和访问该服务。服务注册中心是服务发现的支持者,它包含一个可用服务的存储库,并允许感兴趣的服务请求者查找服务提供者接口。Web服务是典型的SOA技术规范实现。Web服务采用Web服务描述语言(WSDL,Web ServicesDescription Language),统一描述、定义和集成(UDDI,Universal DescriptionDefinition and Integration)规范和简单对象访问协议(SOAP,Simple Object AccessProtocol)三要素组成。WSDL用来描述服务,UDDI用来注册和查找服务,而SOAP 用来在服务需求者和服务提供者之间传送消息。A service-oriented information system usually refers to an information system that adopts a service-oriented architecture (SOA, service-oriented architecture). Service-based information systems have basic characteristics such as reusability, loose coupling, well-defined interfaces, stateless service design and based on open standards. SOA is a component model that links different functional units of an application (called services) through well-defined interfaces and contracts between those services. The interface is defined in a neutral way, it should be independent of the hardware platform, operating system and programming language that implements the service. This allows services built into various such systems to interact in a unified and common way. SOA includes three roles: service requester, service provider and service registry. A service requester is an application, a software module, or another service that requires a service. The service requester initiates a query to the service in the registry, binds the service through transport, and executes the service function. The service requester executes the service according to the interface contract. A service provider is a network-addressable entity that accepts and executes requests from requesters. Service providers publish their services and interface contracts to the service registry so that service requesters can discover and access the service. A service registry is a service discovery enabler that contains a repository of available services and allows interested service requesters to look up service provider interfaces. Web service is a typical implementation of SOA technical specification. Web services are composed of three elements: Web Services Description Language (WSDL, Web Services Description Language), Unified Description, Definition and Integration (UDDI, Universal Description Definition and Integration) specification and Simple Object Access Protocol (SOAP, Simple Object Access Protocol). WSDL is used to describe services, UDDI is used to register and search services, and SOAP is used to transmit messages between service requesters and service providers.

服务化信息系统以服务和共享为核心,基于开放的标准和协议,具有松散耦合、支持应用系统高效整合和业务流程随需应变等特点。然而,系统在服务共享和开放的同时引入了更多的不安全因素,增加了被攻击的风险。例如:由于系统采用通用的运行时环境、跨平台异构系统间的数据共享和服务调用规范,因此存在访问数组越界、不信任应用程序提升权限、内存分配、程序集加载、异常处理、资源管理等安全风险。攻击方针对系统服务订阅、查询、发布等过程,通过截取、监听、接入、重置、转义、仿冒、重放、拒止、接管等攻击方法,有可能造成服务化信息系统的服务资源毁伤和信息欺骗。The service-oriented information system takes service and sharing as the core, is based on open standards and protocols, and has the characteristics of loose coupling, support for efficient integration of application systems, and on-demand business processes. However, the system introduces more insecure factors while sharing and opening services, which increases the risk of being attacked. For example: because the system adopts a common runtime environment, data sharing and service call specifications between cross-platform heterogeneous systems, there are access array out-of-bounds, untrusted application escalation of privileges, memory allocation, assembly loading, exception handling, resource management and other security risks. For the process of system service subscription, query, release, etc., the attacker may cause the service resources of the service-oriented information system to Mutilation and information deception.

对服务化信息系统的攻击效能进行综合评估,在网络攻防对抗中具有重要意义。通过对服务化信息系统攻击的效能给出定性和定量的评价,一方面有助于攻击方检验攻击行为的有效性,促使其不断开发新的攻击技术和手段;另一方面也有助于防御方采取更为有效的安全策略和方法,促进其安全性能的提升。It is of great significance to comprehensively evaluate the attack effectiveness of service-oriented information systems in network attack and defense confrontation. By giving qualitative and quantitative evaluations on the effectiveness of attacks on service-oriented information systems, on the one hand, it will help the attackers to test the effectiveness of the attack behavior, and prompt them to continuously develop new attack techniques and methods; on the other hand, it will also help the defenders. Adopt more effective security strategies and methods to promote the improvement of its security performance.

由于服务化信息系统是一种复杂的信息系统,对服务化信息系统的攻击可能会造成系统和服务在功能上、性能上的多种攻击效果,因此对服务化信息系统攻击效能的评估是一个综合评估问题。所谓综合评估,就是利用数学方法对一个复杂系统的多个因素信息进行加工和提炼,以求得其优劣等级的一种评估方法。综合评估主要包括权重确定和评估算法两个核心技术。目前,权重确定方法主要采用德尔菲(Delphi)法、层次分析(AHP,Analytic Hierarchy Process) 法、变异系数法和均方差法等方法;评估算法一般包括建立因素集、建立权重集、建立备择集、单因素评估、综合评估等基本步骤。Since the service-oriented information system is a complex information system, the attack on the service-oriented information system may cause various attack effects on the function and performance of the system and service, so the evaluation of the attack effectiveness of the service-oriented information system is a Comprehensive assessment questions. The so-called comprehensive evaluation is an evaluation method that uses mathematical methods to process and refine the information of multiple factors in a complex system to obtain its pros and cons. Comprehensive evaluation mainly includes two core technologies of weight determination and evaluation algorithm. At present, the weight determination methods mainly use Delphi (Delphi) method, Analytic Hierarchy Process (AHP, Analytic Hierarchy Process) method, variation coefficient method and mean square error method; evaluation algorithms generally include establishing factor sets, establishing weight sets, and establishing alternatives. Set, single factor evaluation, comprehensive evaluation and other basic steps.

服务化信息系统攻击效能的综合评估是一个非常复杂的问题,主要因为评估一般为多目标评价;评估指标不仅有定量的指标,也有难以定量的定性指标;评估准则不易确定,在一定程度上受人的主观影响。迄今为止,虽然有一些公开发表的针对信息系统、网络等攻击效能评估方法的报告、论文、专利等资料,但未见四维度赋权的服务化信息系统攻击效能综合评估方法资料。The comprehensive evaluation of service-oriented information system attack effectiveness is a very complicated problem, mainly because the evaluation is generally a multi-objective evaluation; evaluation indicators include not only quantitative indicators, but also qualitative indicators that are difficult to quantify; human subjective influence. So far, although there are some publicly published reports, papers, patents and other materials on attack effectiveness evaluation methods for information systems and networks, there is no information on comprehensive evaluation methods for attack effectiveness of service-oriented information systems with four-dimensional empowerment.

发明内容Contents of the invention

本发明就是针对上述问题,提供一种四维度赋权的服务化信息系统攻击效能综合评估方法。The present invention aims at the above problems and provides a four-dimensional weighted service information system attack effectiveness comprehensive evaluation method.

为实现上述目的,本发明采用如下技术方案,本发明包括以下步骤:To achieve the above object, the present invention adopts following technical scheme, and the present invention comprises the following steps:

1)建立服务化信息系统攻击效能多级评估指标因素集;1) Establish a multi-level evaluation index factor set for service-oriented information system attack effectiveness;

2)建立基于四维度赋权公式的权重集;2) Establish a weight set based on the four-dimensional weighting formula;

3)建立终端评估指标因素的多尺度隶属函数;3) Establish the multi-scale membership function of the terminal evaluation index factors;

4)建立服务化信息系统攻击效能综合评估模型。4) Establish a comprehensive evaluation model of service information system attack effectiveness.

作为一种优选方案,本发明所述步骤2)赋权公式输入由Delphi法、AHP 法、变异系数法和均方差法分别计算的指标因素集权重向量,通过一级赋权偏好因子α(0≤α≤1)和二级赋权偏好因子β(0≤β≤1)来综合加权计算权重集A,As a preferred solution, the step 2) weighting formula of the present invention is input by the index factor set weight vector calculated respectively by Delphi method, AHP method, variation coefficient method and mean square error method, through the first-level weighting preference factor α (0 ≤α≤1) and secondary weighting preference factor β(0≤β≤1) to comprehensively weight and calculate the weight set A,

A=αβDw+α(1-β)Aw+(1-α)(Vw+Sw) (1)A=αβD w +α(1-β)A w +(1-α)(V w +S w ) (1)

式(1)中,Dw、Aw、Vw和Sw分别表示Delphi法、AHP法、变异系数法和均方差法计算得出的指标因素集权重向量;一级赋权偏好因子α大于0.5表明评估偏重主观赋权;在α≠0时,二级赋权偏好因子β大于0.5表明在Delphi法和AHP法中更偏重采用Delphi法赋权;α和β越大,表明越偏重主观赋权,α和β越小,表明越偏重客观赋权;当α=0时,公式(1)完全采用客观赋权;当α=1 时,公式(1)完全采用主观赋权;当α=1,β=0时,公式(1)完全采用AHP法赋权;当α=1,β=1时,公式(1)完全采用Delphi法赋权。In formula (1), D w , A w , V w and S w represent the index factor set weight vectors calculated by Delphi method, AHP method, variation coefficient method and mean square error method respectively; the first-level weighting preference factor α is greater than 0.5 indicates that the evaluation is biased towards subjective weighting; when α≠0, the secondary weighting preference factor β greater than 0.5 indicates that the Delphi method is more weighted in the Delphi method and the AHP method; the larger α and β indicate that the more subjective weighting is emphasized The smaller the α and β, the more emphasis on objective weighting; when α=0, formula (1) completely adopts objective weighting; when α=1, formula (1) completely adopts subjective weighting; when α= 1. When β=0, the formula (1) completely uses the AHP method for weighting; when α=1, β=1, the formula (1) completely uses the Delphi method for weighting.

作为另一种优选方案,本发明所述步骤1)服务化信息系统攻击效能多级评估指标因素集为:As another preferred solution, step 1) of the present invention provides a service-based information system attack effectiveness multi-level evaluation index factor set as follows:

Figure BDA0001978460750000041
Figure BDA0001978460750000041

作为另一种优选方案,本发明所述步骤3)终端评估指标因素是指评估指标因素集树形结构中的终端(叶子)结点代表的指标因素;终端评估指标因素的多尺度隶属函数可分为离散尺度隶属函数和连续尺度隶属函数,离散尺度隶属函数分为二元离散尺度隶属函数和多元离散尺度隶属眼熟;连续尺度隶属函数的返回值为[0,1]区间的任意实数;二元离散尺度隶属函数的返回值为整数0或1;多元离散尺度隶属函数的返回值为[0,1]区间的多个(至少3个)离散实数。As another preferred solution, step 3 of the present invention) terminal evaluation index factor refers to the index factor represented by the terminal (leaf) node in the evaluation index factor set tree structure; the multi-scale membership function of the terminal evaluation index factor can be Divided into discrete scale membership functions and continuous scale membership functions, discrete scale membership functions are divided into binary discrete scale membership functions and multivariate discrete scale membership functions; the return value of the continuous scale membership function is any real number in the interval [0, 1]; two The return value of the meta-discrete-scale membership function is an integer of 0 or 1; the return value of the multi-variate discrete-scale membership function is a plurality (at least 3) of discrete real numbers in the interval [0, 1].

作为另一种优选方案,本发明所述述步骤4)首先建立服务化信息系统攻击效能的单因素评估模型;单因素评估是指单独从一个因素出发进行评估,采用终端指标因素隶属函数计算待评估的攻击方法j(j=1,2,…,n)分别对第 i(i=1,2,…,m)个指标因素ui的评估结果向量As another preferred solution, step 4) described in the present invention first establishes a single-factor evaluation model of service-oriented information system attack effectiveness; single-factor evaluation refers to evaluating from one factor alone, and adopts the terminal index factor membership function to calculate the pending The evaluated attack method j (j=1,2,…,n) respectively evaluates the i (i=1,2,…,m) index factor u i ’s evaluation result vector

Ri=(ri1,ri2,…,rin),i=1,2,…,m (2)R i =(r i1 ,r i2 ,…,r in ),i=1,2,…,m (2)

将各单因素评估结果向量为行组成矩阵Form each single factor evaluation result vector into a row matrix

Figure BDA0001978460750000051
Figure BDA0001978460750000051

将单因素评估矩阵R的每一列采用四维度赋权公式的权重集Use the weight set of the four-dimensional weighting formula for each column of the single-factor evaluation matrix R

A=(a1,a2,…,am) (4)A=(a 1 ,a 2 ,…,a m ) (4)

进行加权平均,得出综合评估向量Carry out a weighted average to obtain a comprehensive evaluation vector

Figure BDA0001978460750000052
Figure BDA0001978460750000052

表示综合m个指标因素时,n种攻击方法的攻击效能评估结果;Indicates the attack effectiveness evaluation results of n attack methods when m index factors are integrated;

式(4)和式(5)中:a1,a2,…,am分别表示m个指标因素ui由公式(1)计算出的赋权值;rij分别表示采用终端指标因素隶属函数计算待评估的攻击方法 j(j=1,2,…,n)分别对第i(i=1,2,…,m)个指标因素ui的评估结果;b1,b2,…,bn分别表示待评估的n种攻击方法的评估量化结果,b1,b2,…,bn的值越大表示攻击效果越好。In formula (4) and formula (5 ) : a 1 , a 2 ,..., a m represent the weighted values of m index factors u i calculated by formula (1); The function calculates the evaluation results of the i (i=1,2,...,m) index factor u i for the attack method j (j=1,2,...,n) to be evaluated; b 1 ,b 2 ,... , b n respectively represent the evaluation and quantification results of n attack methods to be evaluated, and the larger the value of b 1 , b 2 ,..., b n is, the better the attack effect is.

作为另一种优选方案,本发明带有标号的服务化信息系统攻击效能评估指标因素集:As another preferred solution, the service information system attack effectiveness evaluation index factor set with labels in the present invention:

Figure BDA0001978460750000061
Figure BDA0001978460750000061

首先将第一级评估指标因素集记作标号U={u1u2};其次,将ui(i=1,2)进一步划分为第二级评估指标因素集ui={ui1ui2…uij};第三,将uij(i=1,2;j=1,2) 进一步划分为第三级评估指标因素集uij={uij1uij2…uijp};最后,将 uijp(i=1,2;j=1,2;p=1,2,3)进一步划分为第四级评估指标因素集 uijp={uijp1uijp2…uijpq};wi,wij,wijp,wijpq分别表示各级评估指标因素对应的权值,它们的下标与对应的各指标因素下标相同。Firstly, the first-level evaluation index factor set is recorded as the label U={u 1 u 2 }; secondly, u i (i=1,2) is further divided into the second-level evaluation index factor set u i ={u i1 u i2 …u ij }; thirdly, u ij (i=1,2; j=1,2) is further divided into the third-level evaluation index factor set u ij ={u ij1 u ij2 …u ijp }; finally, Divide u ijp (i=1,2; j=1,2; p=1,2,3) into fourth-level evaluation index factor set u ijp ={u ijp1 u ijp2 … u ijpq }; w i , w ij , w ijp , and w ijpq respectively represent the weights corresponding to the evaluation index factors at all levels, and their subscripts are the same as the subscripts of the corresponding index factors.

作为另一种优选方案,本发明所述建立各级评估指标因素集的四维度赋权公式的权重集;每个权重集在设定赋权偏好因子α和β的情况下由公式(1)计算得出;各级指标因素集的四维度赋权公式的权重集如下;As another preferred solution, the present invention establishes the weight set of the four-dimensional weighting formula of the evaluation index factor sets at all levels; each weight set is determined by the formula (1) under the situation of setting the weighting preference factors α and β Calculated; the weight set of the four-dimensional weighting formula of the index factor sets at all levels is as follows;

Figure BDA0001978460750000071
Figure BDA0001978460750000071

式(6)中以A开头的向量表示各级指标因素集的权重向量,以A开头的变量对应带有标号的服务化信息系统攻击效能评估指标因素集中各评估指标因素的权值,满足关系In formula (6), the vectors beginning with A represent the weight vectors of index factor sets at all levels, and the variables beginning with A correspond to the weights of each evaluation index factor in the service information system attack effectiveness evaluation index factor set with a label, satisfying the relationship

Figure BDA0001978460750000072
Figure BDA0001978460750000072

其次,本发明终端评估指标因素共21个,下面分别给出定义;Secondly, there are a total of 21 terminal evaluation index factors in the present invention, and the definitions are given below respectively;

(1)主机提权等级隶属函数(1) Host privilege escalation level membership function

Figure BDA0001978460750000081
Figure BDA0001978460750000081

属多元离散尺度,其中x=0,1,2,3,4,5分别表示主机提权等级由低到高的6个等级;It is a multivariate discrete scale, where x=0, 1, 2, 3, 4, 5 respectively represent the 6 levels of host privilege escalation levels from low to high;

(2)提权成功时间隶属函数(2) Membership function of the success time of privilege escalation

Figure BDA0001978460750000082
Figure BDA0001978460750000082

属连续尺度,其中预设参数t表示攻击所能容忍的最大提权成功时间,自变量x表示攻击实际提权成功时间;It is a continuous scale, where the preset parameter t represents the maximum privilege escalation success time that the attack can tolerate, and the independent variable x represents the actual privilege escalation success time of the attack;

(3)权限稳定时间隶属函数(3) Membership function of authority stability time

Figure BDA0001978460750000083
Figure BDA0001978460750000083

属连续尺度,其中预设参数t表示攻击期望获得的最大权限稳定时间,自变量x表示攻击实际获得的权限稳定时间;It is a continuous scale, where the preset parameter t represents the maximum permission stabilization time expected by the attack, and the independent variable x represents the permission stabilization time actually obtained by the attack;

(4)信息资源毁伤隶属函数(4) Information resource damage membership function

Figure BDA0001978460750000084
Figure BDA0001978460750000084

属多元离散尺度,其中x=0,1,2,3,4,5分别表示信息资源毁伤等级由低到高的 6个等级;It is a multivariate discrete scale, where x=0, 1, 2, 3, 4, 5 represent 6 levels of information resource damage from low to high;

(5)主机系统瘫痪隶属函数(5) Membership function of host system paralysis

Figure BDA0001978460750000091
Figure BDA0001978460750000091

属二元离散尺度,其中x=0表示攻击未造成主机系统瘫痪,x=1表示攻击造成主机系统瘫痪;It is a binary discrete scale, where x=0 means that the attack did not cause the host system to be paralyzed, and x=1 means that the attack caused the host system to be paralyzed;

(6)业务功能欺骗隶属函数(6) Business function cheats membership function

Figure BDA0001978460750000092
Figure BDA0001978460750000092

属二元离散尺度,其中x=0表示攻击未造成业务功能欺骗,x=1表示攻击造成业务功能欺骗;It is a binary discrete scale, where x=0 means that the attack did not cause business function deception, and x=1 means that the attack caused business function deception;

(7)主机系统接管隶属函数(7) The host system takes over the membership function

Figure BDA0001978460750000093
Figure BDA0001978460750000093

属二元离散尺度,其中x=0表示攻击未造成主机系统接管,x=1表示攻击造成主机系统接管;It is a binary discrete scale, where x=0 means that the attack did not cause the host system to take over, and x=1 means that the attack caused the host system to take over;

(8)信息重要程度隶属函数(8) Membership function of information importance

Figure BDA0001978460750000094
Figure BDA0001978460750000094

属多元离散尺度,其中x=0,1,2,3,4,5分别表示攻击获取信息的重要程度由低到高的6个等级;It is a multivariate discrete scale, where x=0, 1, 2, 3, 4, 5 represent the 6 levels from low to high of the importance of information obtained by attacking;

(9)信息正确比率隶属函数(9) Membership function of information correct ratio

Figure BDA0001978460750000095
Figure BDA0001978460750000095

属连续尺度,其中预设参数t表示攻击期望获取的全部信息量,自变量x表示攻击实际获得的信息量;It is a continuous scale, where the preset parameter t represents the total amount of information expected to be obtained by the attack, and the independent variable x represents the amount of information actually obtained by the attack;

(10)信息提取时间隶属函数(10) Information extraction time membership function

Figure BDA0001978460750000101
Figure BDA0001978460750000101

属连续尺度,其中预设参数t表示攻击所能容忍的最大信息提取时间,自变量x表示攻击实际信息提取时间;It is a continuous scale, where the preset parameter t represents the maximum information extraction time that the attack can tolerate, and the independent variable x represents the actual information extraction time of the attack;

(11)破坏成功时间隶属函数(11) Destruction success time membership function

Figure BDA0001978460750000102
Figure BDA0001978460750000102

属连续尺度,其中预设参数t表示攻击所能容忍的最大破坏成功时间,自变量x表示攻击实际破坏成功时间;It is a continuous scale, where the preset parameter t represents the maximum damage success time that the attack can tolerate, and the independent variable x represents the actual damage success time of the attack;

(12)篡改成功比率隶属函数(12) Membership function of tampering success rate

Figure BDA0001978460750000103
Figure BDA0001978460750000103

属连续尺度,其中预设参数t表示服务篡改攻击的总次数,自变量x表示攻击实际服务篡改攻击成功的次数;It is a continuous scale, where the preset parameter t represents the total number of service tampering attacks, and the independent variable x represents the number of successful attacks on actual service tampering attacks;

(13)仿冒成功比率隶属函数(13) Counterfeit success rate membership function

Figure BDA0001978460750000104
Figure BDA0001978460750000104

属连续尺度,其中预设参数t表示服务仿冒攻击的总次数,自变量x表示攻击实际服务仿冒攻击成功的次数;It is a continuous scale, where the preset parameter t represents the total number of service spoofing attacks, and the independent variable x represents the number of successful attacking actual service spoofing attacks;

(14)拒止成功比率隶属函数(14) Rejection success rate membership function

Figure BDA0001978460750000105
Figure BDA0001978460750000105

属连续尺度,其中预设参数t表示服务拒止攻击的总次数,自变量x表示攻击实际服务拒止攻击成功的次数;It is a continuous scale, where the preset parameter t represents the total number of denial-of-service attacks, and the independent variable x represents the number of successful denial-of-service attacks;

(15)服务降级隶属函数(15) Service degradation membership function

Figure BDA0001978460750000111
Figure BDA0001978460750000111

属多元离散尺度,其中x=0,1,2,3,4,5分别表示服务降级等级由低到高的6个等级;It is a multivariate discrete scale, where x=0, 1, 2, 3, 4, 5 respectively represent 6 levels of service degradation from low to high;

(16)服务终止隶属函数(16) Service termination membership function

Figure BDA0001978460750000112
Figure BDA0001978460750000112

属二元离散尺度,其中x=0表示攻击未造成服务终止,x=1表示攻击造成服务终止;It is a binary discrete scale, where x=0 means that the attack did not cause service termination, and x=1 means that the attack caused service termination;

(17)服务欺骗隶属函数(17) Service deception membership function

Figure BDA0001978460750000113
Figure BDA0001978460750000113

属二元离散尺度,其中x=0表示攻击未造成服务欺骗,x=1表示攻击造成服务欺骗;It is a binary discrete scale, where x=0 means that the attack did not cause service deception, and x=1 means that the attack caused service deception;

(18)主机计算资源毁伤隶属函数(18) Host computing resource damage membership function

Figure BDA0001978460750000114
Figure BDA0001978460750000114

属连续尺度,其中预设参数t表示攻击期望造成最大的主机计算资源毁伤数量,自变量x表示攻击实际造成的主机计算资源毁伤数量;It is a continuous scale, where the preset parameter t represents the maximum amount of host computing resource damage expected to be caused by the attack, and the independent variable x represents the actual amount of host computing resource damage caused by the attack;

(19)主机存储资源毁伤隶属函数(19) Host storage resource damage membership function

Figure BDA0001978460750000115
Figure BDA0001978460750000115

属连续尺度,其中预设参数t表示攻击期望造成最大的主机存储资源毁伤数量,自变量x表示攻击实际造成的主机存储资源毁伤数量;It is a continuous scale, where the preset parameter t represents the maximum amount of host storage resource damage expected to be caused by the attack, and the independent variable x represents the actual amount of host storage resource damage caused by the attack;

(20)服务带宽毁伤隶属函数(20) Service bandwidth damage membership function

Figure BDA0001978460750000121
Figure BDA0001978460750000121

属连续尺度,其中预设参数t表示攻击期望造成的最大服务带宽毁伤数量,自变量x表示攻击实际造成的服务带宽毁伤数量;It is a continuous scale, where the preset parameter t represents the maximum amount of service bandwidth damage expected to be caused by the attack, and the independent variable x represents the actual amount of service bandwidth damage caused by the attack;

(21)服务时延毁伤隶属函数(21) Service delay damage membership function

Figure BDA0001978460750000122
Figure BDA0001978460750000122

属连续尺度,其中预设参数t表示攻击期望造成的最大服务时延毁伤数量,自变量x表示攻击实际造成的服务时延毁伤数量。It is a continuous scale, where the preset parameter t represents the maximum amount of service delay damage expected to be caused by the attack, and the independent variable x represents the actual amount of service delay damage caused by the attack.

另外,本发明服务化信息系统攻击效能综合评估模型如图1所示。In addition, the attack effectiveness comprehensive evaluation model of the service information system of the present invention is shown in FIG. 1 .

以A开头的向量表示各级指标因素集权重向量,其构成如公式(6)和(7) 所示。以B开头的向量表示各级综合评估结果向量,其计算方法如公式(2)、(3)、 (4)、(5)所示;The vector starting with A represents the weight vector of index factor sets at all levels, and its composition is shown in formulas (6) and (7). The vectors starting with B represent the comprehensive evaluation result vectors at all levels, and their calculation methods are shown in formulas (2), (3), (4), and (5);

服务化信息系统攻击效能综合评估模型符号含义Symbolic meaning of comprehensive evaluation model of service-oriented information system attack effectiveness

Figure BDA0001978460750000132
Figure BDA0001978460750000132

Figure BDA0001978460750000141
Figure BDA0001978460750000141

本发明有益效果。The invention has beneficial effects.

本发明首先建立了服务化信息系统攻击效能多级评估指标因素集。其次,建立四维度赋权公式。该公式在四维权重确定方法——德尔菲(Delphi)法、层次分析(AHP,Analytic Hierarchy Process)法、变异系数法和均方差法计算各级指标因素集权重向量的基础上,采用一级赋权偏好因子α和二级赋权偏好因子β来综合加权计算各级指标因集素的权重向量。第三,建立终端评估指标因素的多尺度隶属函数。多尺度隶属函数包括离散尺度隶属函数和连续尺度隶属函数。离散尺度隶属函数可分为二元离散尺度隶属函数和多元离散尺度隶属函数。最后,建立服务化信息系统攻击效能综合评估模型,实现服务化信息系统攻击效能的单因素评估和综合评估。The invention first establishes a multi-level evaluation index factor set of service-oriented information system attack effectiveness. Second, establish a four-dimensional weighting formula. Based on the four-dimensional weight determination methods—Delphi method, Analytic Hierarchy Process (AHP,Analytic Hierarchy Process) method, variation coefficient method and mean square error method to calculate the weight vectors of index factor sets at all levels, the formula adopts a first-level assignment method. Weighting preference factor α and secondary weighting preference factor β are used to comprehensively weight and calculate the weight vector of index factors at all levels. Third, establish the multi-scale membership function of the terminal evaluation index factors. Multi-scale membership functions include discrete-scale membership functions and continuous-scale membership functions. Discrete-scale membership functions can be divided into binary discrete-scale membership functions and multivariate discrete-scale membership functions. Finally, a comprehensive evaluation model of service-oriented information system attack effectiveness is established to realize single-factor evaluation and comprehensive evaluation of service-oriented information system attack effectiveness.

附图说明Description of drawings

图1是本发明服务化信息系统攻击效能综合评估模型。Fig. 1 is a comprehensive evaluation model of service information system attack effectiveness of the present invention.

具体实施方式Detailed ways

1.建立服务化信息系统攻击效能多级评估指标因素集1. Establish a multi-level evaluation index factor set for service-oriented information system attack effectiveness

带有标号的服务化信息系统攻击效能评估指标因素集如下。The service-oriented information system attack effectiveness evaluation index factors with labels are as follows.

Figure BDA0001978460750000161
Figure BDA0001978460750000161

首先将第一级评估指标因素集记作标号U={u1u2};其次,将ui(i=1,2)进一步划分为第二级评估指标因素集ui={ui1ui2…uij};第三,将uij(i=1,2;j=1,2) 进一步划分为第三级评估指标因素集uij={uij1uij2…uijp};最后,将 uijp(i=1,2;j=1,2;p=1,2,3)进一步划分为第四级评估指标因素集 uijp={uijp1uijp2…uijpq}。带有标号的服务化信息系统攻击效能评估指标因素集中,wi,wij,wijp,wijpq分别表示各级评估指标因素对应的权值,它们的下标与对应的各指标因素下标相同。Firstly, the first-level evaluation index factor set is recorded as the label U={u 1 u 2 }; secondly, u i (i=1,2) is further divided into the second-level evaluation index factor set u i ={u i1 u i2 …u ij }; thirdly, u ij (i=1,2; j=1,2) is further divided into the third-level evaluation index factor set u ij ={u ij1 u ij2 …u ijp }; finally, U ijp (i=1,2; j=1,2; p=1,2,3) is further divided into a fourth-level evaluation index factor set u ijp ={u ijp1 u ijp2 . . . u ijpq }. The service-oriented information system attack effectiveness evaluation index factors with labels are concentrated. w i , w ij , w ijp , and w ijpq respectively represent the weights corresponding to the evaluation index factors at all levels, and their subscripts are the same as the corresponding index factor subscripts same.

2.建立基于四维度赋权公式的权重集2. Establish a weight set based on the four-dimensional weighting formula

在带有标号的服务化信息系统攻击效能评估指标因素集的基础上,建立各级评估指标因素集的四维度赋权公式的权重集。每个权重集在设定赋权偏好因子α和β的情况下由公式(1)计算得出。各级指标因素集的四维度赋权公式的权重集如下。On the basis of the service-oriented information system attack effectiveness evaluation index factor set with labels, the weight set of the four-dimensional weighting formula of the evaluation index factor sets at all levels is established. Each weight set is calculated by formula (1) under the condition of setting weighting preference factors α and β. The weight set of the four-dimensional weighting formula of the index factor sets at all levels is as follows.

Figure BDA0001978460750000171
Figure BDA0001978460750000171

式(6)中以A开头的向量表示各级指标因素集的权重向量,以A开头的变量对应带有标号的服务化信息系统攻击效能评估指标因素集中各评估指标因素的权值,满足关系In formula (6), the vectors beginning with A represent the weight vectors of index factor sets at all levels, and the variables beginning with A correspond to the weights of each evaluation index factor in the service information system attack effectiveness evaluation index factor set with a label, satisfying the relationship

Figure BDA0001978460750000172
Figure BDA0001978460750000172

3.建立各终端评估指标因素的多尺度隶属函数3. Establish the multi-scale membership function of each terminal evaluation index factor

带有标号的服务化信息系统攻击效能评估指标因素集中,终端评估指标因素共21个,下面分别给出定义。The service information system attack effectiveness evaluation index factors with labels are concentrated, and there are 21 terminal evaluation index factors. The definitions are given below.

(1)主机提权等级隶属函数(1) Host privilege escalation level membership function

Figure BDA0001978460750000181
Figure BDA0001978460750000181

属多元离散尺度,其中x=0,1,2,3,4,5分别表示主机提权等级由低到高的6个等级。It is a multivariate discrete scale, where x=0, 1, 2, 3, 4, 5 respectively represent the 6 levels of host privilege escalation levels from low to high.

(2)提权成功时间隶属函数(2) Membership function of the success time of privilege escalation

Figure BDA0001978460750000182
Figure BDA0001978460750000182

属连续尺度,其中预设参数t表示攻击所能容忍的最大提权成功时间,自变量x表示攻击实际提权成功时间。It is a continuous scale, where the preset parameter t represents the maximum privilege escalation success time that the attack can tolerate, and the independent variable x represents the actual privilege escalation success time of the attack.

(3)权限稳定时间隶属函数(3) Membership function of authority stability time

Figure BDA0001978460750000183
Figure BDA0001978460750000183

属连续尺度,其中预设参数t表示攻击期望获得的最大权限稳定时间,自变量x表示攻击实际获得的权限稳定时间。It is a continuous scale, where the preset parameter t represents the maximum authorization stabilization time expected by the attack, and the independent variable x represents the actual authorization stabilization time obtained by the attack.

(4)信息资源毁伤隶属函数(4) Information resource damage membership function

Figure BDA0001978460750000191
Figure BDA0001978460750000191

属多元离散尺度,其中x=0,1,2,3,4,5分别表示信息资源毁伤等级由低到高的6个等级。It is a multivariate discrete scale, where x=0, 1, 2, 3, 4, 5 represent 6 levels of damage to information resources from low to high.

(5)主机系统瘫痪隶属函数(5) Membership function of host system paralysis

Figure BDA0001978460750000192
Figure BDA0001978460750000192

属二元离散尺度,其中x=0表示攻击未造成主机系统瘫痪,x=1表示攻击造成主机系统瘫痪。It is a binary discrete scale, where x=0 indicates that the attack did not cause the host system to be paralyzed, and x=1 indicates that the attack caused the host system to be paralyzed.

(6)业务功能欺骗隶属函数(6) Business function cheats membership function

Figure BDA0001978460750000193
Figure BDA0001978460750000193

属二元离散尺度,其中x=0表示攻击未造成业务功能欺骗,x=1表示攻击造成业务功能欺骗。It is a binary discrete scale, where x=0 means that the attack does not cause business function deception, and x=1 means that the attack causes business function deception.

(7)主机系统接管隶属函数(7) The host system takes over the membership function

Figure BDA0001978460750000194
Figure BDA0001978460750000194

属二元离散尺度,其中x=0表示攻击未造成主机系统接管,x=1表示攻击造成主机系统接管。It is a binary discrete scale, where x=0 indicates that the attack did not cause the host system to take over, and x=1 indicates that the attack caused the host system to take over.

(8)信息重要程度隶属函数(8) Membership function of information importance

Figure BDA0001978460750000201
Figure BDA0001978460750000201

属多元离散尺度,其中x=0,1,2,3,4,5分别表示攻击获取信息的重要程度由低到高的6个等级。It is a multivariate discrete scale, where x=0, 1, 2, 3, 4, 5 represent 6 levels from low to high of the importance of information obtained by attacking.

(9)信息正确比率隶属函数(9) Membership function of information correct ratio

Figure BDA0001978460750000202
Figure BDA0001978460750000202

属连续尺度,其中预设参数t表示攻击期望获取的全部信息量,自变量x表示攻击实际获得的信息量。It is a continuous scale, where the preset parameter t represents the total amount of information expected to be obtained by the attack, and the independent variable x represents the amount of information actually obtained by the attack.

(10)信息提取时间隶属函数(10) Information extraction time membership function

Figure BDA0001978460750000203
Figure BDA0001978460750000203

属连续尺度,其中预设参数t表示攻击所能容忍的最大信息提取时间,自变量x表示攻击实际信息提取时间。It is a continuous scale, where the preset parameter t represents the maximum information extraction time that the attack can tolerate, and the independent variable x represents the actual information extraction time of the attack.

(11)破坏成功时间隶属函数(11) Destruction success time membership function

Figure BDA0001978460750000204
Figure BDA0001978460750000204

属连续尺度,其中预设参数t表示攻击所能容忍的最大破坏成功时间,自变量x表示攻击实际破坏成功时间。It is a continuous scale, where the preset parameter t represents the maximum damage success time that the attack can tolerate, and the independent variable x represents the actual damage success time of the attack.

(12)篡改成功比率隶属函数(12) Membership function of tampering success rate

Figure BDA0001978460750000205
Figure BDA0001978460750000205

属连续尺度,其中预设参数t表示服务篡改攻击的总次数,自变量x表示攻击实际服务篡改攻击成功的次数。It is a continuous scale, where the preset parameter t represents the total number of service tampering attacks, and the independent variable x represents the number of successful service tampering attacks.

(13)仿冒成功比率隶属函数(13) Counterfeit success rate membership function

Figure BDA0001978460750000211
Figure BDA0001978460750000211

属连续尺度,其中预设参数t表示服务仿冒攻击的总次数,自变量x表示攻击实际服务仿冒攻击成功的次数。It is a continuous scale, where the preset parameter t represents the total number of service spoofing attacks, and the independent variable x represents the number of successful attacking actual service spoofing attacks.

(14)拒止成功比率隶属函数(14) Rejection success rate membership function

Figure BDA0001978460750000212
Figure BDA0001978460750000212

属连续尺度,其中预设参数t表示服务拒止攻击的总次数,自变量x表示攻击实际服务拒止攻击成功的次数。It is a continuous scale, where the preset parameter t represents the total number of denial of service attacks, and the independent variable x represents the number of successful denial of service attacks.

(15)服务降级隶属函数(15) Service degradation membership function

Figure BDA0001978460750000213
Figure BDA0001978460750000213

属多元离散尺度,其中x=0,1,2,3,4,5分别表示服务降级等级由低到高的6个等级。It is a multivariate discrete scale, where x=0, 1, 2, 3, 4, 5 respectively represent 6 levels of service degradation from low to high.

(16)服务终止隶属函数(16) Service termination membership function

Figure BDA0001978460750000214
Figure BDA0001978460750000214

属二元离散尺度,其中x=0表示攻击未造成服务终止,x=1表示攻击造成服务终止。It is a binary discrete scale, where x=0 means that the attack did not cause service termination, and x=1 means that the attack caused service termination.

(17)服务欺骗隶属函数(17) Service deception membership function

Figure BDA0001978460750000215
Figure BDA0001978460750000215

属二元离散尺度,其中x=0表示攻击未造成服务欺骗,x=1表示攻击造成服务欺骗。It is a binary discrete scale, where x=0 indicates that the attack does not cause service deception, and x=1 indicates that the attack causes service deception.

(18)主机计算资源毁伤隶属函数(18) Host computing resource damage membership function

Figure BDA0001978460750000221
Figure BDA0001978460750000221

属连续尺度,其中预设参数t表示攻击期望造成最大的主机计算资源毁伤数量,自变量x表示攻击实际造成的主机计算资源毁伤数量。It is a continuous scale, where the preset parameter t represents the maximum amount of host computing resource damage expected to be caused by the attack, and the independent variable x represents the actual amount of host computing resource damage caused by the attack.

(19)主机存储资源毁伤隶属函数(19) Host storage resource damage membership function

Figure BDA0001978460750000222
Figure BDA0001978460750000222

属连续尺度,其中预设参数t表示攻击期望造成最大的主机存储资源毁伤数量,自变量x表示攻击实际造成的主机存储资源毁伤数量。It is a continuous scale, where the preset parameter t represents the maximum amount of host storage resource damage expected to be caused by the attack, and the independent variable x represents the actual amount of host storage resource damage caused by the attack.

(20)服务带宽毁伤隶属函数(20) Service bandwidth damage membership function

Figure BDA0001978460750000223
Figure BDA0001978460750000223

属连续尺度,其中预设参数t表示攻击期望造成的最大服务带宽毁伤数量,自变量x表示攻击实际造成的服务带宽毁伤数量。It is a continuous scale, where the preset parameter t represents the maximum amount of service bandwidth damage expected to be caused by the attack, and the independent variable x represents the actual amount of service bandwidth damage caused by the attack.

(21)服务时延毁伤隶属函数(21) Service delay damage membership function

Figure BDA0001978460750000224
Figure BDA0001978460750000224

属连续尺度,其中预设参数t表示攻击期望造成的最大服务时延毁伤数量,自变量x表示攻击实际造成的服务时延毁伤数量。It is a continuous scale, where the preset parameter t represents the maximum amount of service delay damage expected to be caused by the attack, and the independent variable x represents the actual amount of service delay damage caused by the attack.

4.建立服务化信息系统攻击效能综合评估模型4. Establish a comprehensive evaluation model for service-oriented information system attack effectiveness

服务化信息系统攻击效能综合评估模型如图1所示。The comprehensive evaluation model of service information system attack effectiveness is shown in Figure 1.

以A开头的向量表示各级指标因素集权重向量,其构成如公式(6)和(7) 所示。以B开头的向量表示各级综合评估结果向量,其计算方法如公式(2)、(3)、 (4)、(5)所示。服务化信息系统攻击效能综合评估模型中各符号含义如下。The vector starting with A represents the weight vector of index factor sets at all levels, and its composition is shown in formulas (6) and (7). The vectors starting with B represent the vectors of comprehensive evaluation results at all levels, and their calculation methods are shown in formulas (2), (3), (4), and (5). The meanings of each symbol in the comprehensive evaluation model of service-oriented information system attack effectiveness are as follows.

Figure BDA0001978460750000232
Figure BDA0001978460750000232

Figure BDA0001978460750000241
Figure BDA0001978460750000241

可以理解的是,以上关于本发明的具体描述,仅用于说明本发明而并非受限于本发明实施例所描述的技术方案,本领域的普通技术人员应当理解,仍然可以对本发明进行修改或等同替换,以达到相同的技术效果;只要满足使用需要,都在本发明的保护范围之内。It can be understood that the above specific descriptions of the present invention are only used to illustrate the present invention and are not limited to the technical solutions described in the embodiments of the present invention. Those of ordinary skill in the art should understand that the present invention can still be modified or Equivalent replacements to achieve the same technical effect; as long as they meet the needs of use, they are all within the protection scope of the present invention.

Claims (1)

1.服务化信息系统攻击效能综合评估方法,其特征在于包括以下步骤:1. A comprehensive evaluation method for service-oriented information system attack effectiveness, which is characterized in that it includes the following steps: 1)建立服务化信息系统攻击效能多级评估指标因素集;1) Establish a multi-level evaluation index factor set for service-oriented information system attack effectiveness; 2)建立基于四维度赋权公式的权重集;2) Establish a weight set based on the four-dimensional weighting formula; 3)建立终端评估指标因素的多尺度隶属函数;3) Establish the multi-scale membership function of the terminal evaluation index factors; 4)建立服务化信息系统攻击效能综合评估模型;4) Establish a comprehensive evaluation model of service-oriented information system attack effectiveness; 所述步骤2)赋权公式输入由Delphi法、AHP法、变异系数法和均方差法分别计算的指标因素集权重向量,通过一级赋权偏好因子α,0≤α≤1和二级赋权偏好因子β,0≤β≤1来综合加权计算权重集A,Said step 2) the weighting formula is input by the index factor set weight vector calculated respectively by Delphi method, AHP method, variation coefficient method and mean square error method, through the first-level weighting preference factor α, 0≤α≤1 and the second-level weighting The weight preference factor β, 0≤β≤1 to comprehensively weight and calculate the weight set A, A=αβDw+α(1-β)Aw+(1-α)(Vw+Sw) (1)A=αβD w +α(1-β)A w +(1-α)(V w +S w ) (1) 式(1)中,0≤α≤1,0≤β≤1,Dw、Aw、Vw和Sw分别表示Delphi法、AHP法、变异系数法和均方差法计算得出的指标因素集权重向量;一级赋权偏好因子α大于0.5表明评估偏重主观赋权;在α≠0时,二级赋权偏好因子β大于0.5表明在Delphi法和AHP法中更偏重采用Delphi法赋权;α和β越大,表明越偏重主观赋权,α和β越小,表明越偏重客观赋权;当α=0时,公式(1)完全采用客观赋权;当α=1时,公式(1)完全采用主观赋权;当α=1,β=0时,公式(1)完全采用AHP法赋权;当α=1,β=1时,公式(1)完全采用Delphi法赋权;In formula (1), 0≤α≤1, 0≤β≤1, D w , A w , V w and S w respectively represent the index factors calculated by Delphi method, AHP method, variation coefficient method and mean square error method Set the weight vector; the first-level weighting preference factor α is greater than 0.5, indicating that the evaluation is biased towards subjective weighting; when α≠0, the second-level weighting preference factor β is greater than 0.5, indicating that the Delphi method and the AHP method are more weighted by the Delphi method ; The larger α and β indicate more emphasis on subjective weighting, the smaller α and β indicate more emphasis on objective weighting; when α=0, formula (1) fully adopts objective weighting; when α=1, formula (1) Fully adopt subjective weighting; when α=1, β=0, formula (1) completely adopts AHP method for weighting; when α=1, β=1, formula (1) completely adopts Delphi method for weighting ; 所述步骤1)服务化信息系统攻击效能多级评估指标因素集为:The step 1) multi-level evaluation index factor set of service-oriented information system attack effectiveness is:
Figure FDA0003904242950000011
Figure FDA0003904242950000011
Figure FDA0003904242950000021
Figure FDA0003904242950000021
 所述步骤3)终端评估指标因素是指评估指标因素集树形结构中的终端结点代表的指标因素;终端评估指标因素的多尺度隶属函数可分为离散尺度隶属函数和连续尺度隶属函数,离散尺度隶属函数分为二元离散尺度隶属函数和多元离散尺度隶属函数;连续尺度隶属函数的返回值为[0,1]区间的任意实数;二元离散尺度隶属函数的返回值为整数0或1;多元离散尺度隶属函数的返回值为[0,1]区间的多个离散实数;The step 3) terminal evaluation index factor refers to the index factor represented by the terminal node in the tree structure of the evaluation index factor set; the multi-scale membership function of the terminal evaluation index factor can be divided into a discrete scale membership function and a continuous scale membership function, Discrete scale membership functions are divided into binary discrete scale membership functions and multivariate discrete scale membership functions; the return value of the continuous scale membership function is any real number in the interval [0, 1]; the return value of the binary discrete scale membership function is an integer 0 or 1; The return value of the multivariate discrete scale membership function is a plurality of discrete real numbers in the interval [0, 1]; 所述步骤4)首先建立服务化信息系统攻击效能的单因素评估模型;单因素评估是指单独从一个因素出发进行评估,采用终端指标因素多尺度隶属函数计算待评估的攻击方法j,j=1,2,…,n分别对第i,i=1,2,…,m个指标因素ui的评估结果向量The step 4) first establishes a single-factor evaluation model of service-oriented information system attack effectiveness; single-factor evaluation refers to evaluating from one factor alone, and using the multi-scale membership function of the terminal index factor to calculate the attack method j to be evaluated, j= 1, 2,..., n are respectively the evaluation result vectors of i, i=1, 2,..., m index factors u i Ri=(ri1,ri2,…,rin),i=1,2,…,m (2)R i =(r i1 ,r i2 ,…,r in ),i=1,2,…,m (2) 将各单因素评估结果向量为行组成矩阵Form each single factor evaluation result vector into a row matrix
Figure FDA0003904242950000022
Figure FDA0003904242950000022
 将单因素评估矩阵R的每一列采用四维度赋权公式的权重集Use the weight set of the four-dimensional weighting formula for each column of the single-factor evaluation matrix R A=(a1,a2,…,am) (4)A=(a 1 ,a 2 ,…,a m ) (4) 进行加权平均,得出综合评估向量Carry out a weighted average to obtain a comprehensive evaluation vector
Figure FDA0003904242950000031
Figure FDA0003904242950000031
 表示综合m个指标因素时,n种攻击方法的攻击效能评估结果;Indicates the attack effectiveness evaluation results of n attack methods when m index factors are integrated; 式(4)和式(5)中:a1,a2,…,am分别表示m个指标因素ui由公式(1)计算出的赋权值;rij分别表示采用终端指标因素多尺度隶属函数计算待评估的攻击方法j,j=1,2,…,n分别对第i,i=1,2,…,m个指标因素ui的评估结果;b1,b2,…,bn分别表示待评估的n种攻击方法的评估量化结果,b1,b2,…,bn的值越大表示攻击效果越好;In formula (4) and formula (5): a 1 , a 2 ,..., a m represent the weighted values of m index factors u i calculated by formula (1); Scale membership function calculation The attack method j,j=1,2,...,n to be evaluated evaluates the i,i=1,2,...,m index factors u i respectively; b 1 ,b 2 ,... , b n respectively represent the evaluation and quantification results of the n attack methods to be evaluated, and the larger the value of b 1 , b 2 ,..., b n is, the better the attack effect is; 带有标号的服务化信息系统攻击效能评估指标因素集:The service-oriented information system attack effectiveness evaluation index factor set with labels: 首先将第一级评估指标因素集记作标号U={u1 u2};其次,将u1和u2进一步划分为第二级评估指标因素集,其中u1={u11,u12},u2={u21,u22};第三,将ukl,k=1,2,l=1,2进一步划分为第三级评估指标因素集ukl={ukl1 ukl2…uklp};最后,将uklp,k=1,2,l=1,2,p=1,2,3进一步划分为第四级评估指标因素集uklp={uklp1 uklp2…uklpq};wk,wkl,wklp,wklpq分别表示各级评估指标因素对应的权值,它们的下标与对应的各指标因素下标相同;Firstly, the first-level evaluation index factor set is recorded as the label U={u 1 u 2 }; secondly, u 1 and u 2 are further divided into the second-level evaluation index factor set, where u 1 ={u 11 ,u 12 }, u 2 ={u 21 ,u 22 }; thirdly, further divide u kl ,k=1,2,l=1,2 into the third-level evaluation index factor set u kl ={u kl1 u kl2 … u klp }; Finally, further divide u klp ,k=1,2,l=1,2,p=1,2,3 into the fourth-level evaluation index factor set u klp ={u klp1 u klp2 …u klpq }; w k , w kl , w klp , w klpq respectively represent the weights corresponding to the evaluation index factors at all levels, and their subscripts are the same as the subscripts of the corresponding index factors; 建立各级评估指标因素集的四维度赋权公式的权重集;每个权重集在设定赋权偏好因子α和β的情况下由公式(1)计算得出;各级指标因素集的四维度赋权公式的权重集如下;Establish the weight set of the four-dimensional weighting formula of the evaluation index factor sets at all levels; each weight set is calculated by formula (1) under the condition of setting the weighting preference factors α and β; the four-dimensional weighting formula of the index factor sets at all levels The weight set of the dimension weighting formula is as follows;
Figure FDA0003904242950000041
Figure FDA0003904242950000041
 式(6)中以A开头的向量表示各级指标因素集的权重向量,以A开头的变量对应带有标号的服务化信息系统攻击效能评估指标因素集中各评估指标因素的权值,满足关系In formula (6), the vectors beginning with A represent the weight vectors of index factor sets at all levels, and the variables beginning with A correspond to the weights of each evaluation index factor in the service information system attack effectiveness evaluation index factor set with a label, satisfying the relationship
Figure FDA0003904242950000042
Figure FDA0003904242950000042
 终端评估指标因素共21个,下面分别给出定义;There are a total of 21 terminal evaluation index factors, and the definitions are given below; (1)主机提权等级隶属函数(1) Host privilege escalation level membership function
Figure FDA0003904242950000051
Figure FDA0003904242950000051
 属多元离散尺度,其中x1=0,1,2,3,4,5分别表示主机提权等级由低到高的6个等级;It is a multivariate discrete scale, where x 1 = 0, 1, 2, 3, 4, 5 respectively represent the 6 levels of host privilege escalation levels from low to high; (2)提权成功时间隶属函数(2) Membership function of the success time of privilege escalation
Figure FDA0003904242950000052
Figure FDA0003904242950000052
 属连续尺度,其中预设参数t2表示攻击所能容忍的最大提权成功时间,自变量x2表示攻击实际提权成功时间;It is a continuous scale, where the preset parameter t 2 represents the maximum privilege escalation success time that the attack can tolerate, and the independent variable x 2 represents the actual privilege escalation success time of the attack; (3)权限稳定时间隶属函数(3) Membership function of authority stability time
Figure FDA0003904242950000053
Figure FDA0003904242950000053
 属连续尺度,其中预设参数t3表示攻击期望获得的最大权限稳定时间,自变量x3表示攻击实际获得的权限稳定时间;It is a continuous scale, where the preset parameter t3 represents the maximum permission stabilization time expected by the attack, and the independent variable x3 represents the permission stabilization time actually obtained by the attack; (4)信息资源毁伤隶属函数(4) Information resource damage membership function
Figure FDA0003904242950000054
Figure FDA0003904242950000054
 属多元离散尺度,其中x4=0,1,2,3,4,5分别表示信息资源毁伤等级由低到高的6个等级;It is a multivariate discrete scale, where x 4 = 0, 1, 2, 3, 4, 5 represent 6 levels of damage to information resources from low to high; (5)主机系统瘫痪隶属函数(5) Membership function of host system paralysis
Figure FDA0003904242950000061
Figure FDA0003904242950000061
 属二元离散尺度,其中x5=0表示攻击未造成主机系统瘫痪,x5=1表示攻击造成主机系统瘫痪;Belongs to a binary discrete scale, where x 5 = 0 means that the attack did not cause the host system to be paralyzed, and x 5 = 1 means that the attack caused the host system to be paralyzed; (6)业务功能欺骗隶属函数(6) Business function cheats membership function
Figure FDA0003904242950000062
Figure FDA0003904242950000062
 属二元离散尺度,其中x6=0表示攻击未造成业务功能欺骗,x6=1表示攻击造成业务功能欺骗;Belongs to a binary discrete scale, where x 6 =0 means that the attack did not cause business function deception, and x 6 =1 means that the attack caused business function deception; (7)主机系统接管隶属函数(7) The host system takes over the membership function
Figure FDA0003904242950000063
Figure FDA0003904242950000063
 属二元离散尺度,其中x7=0表示攻击未造成主机系统接管,x7=1表示攻击造成主机系统接管;Belongs to a binary discrete scale, where x 7 = 0 means that the attack did not cause the host system to take over, and x 7 = 1 means that the attack caused the host system to take over; (8)信息重要程度隶属函数(8) Membership function of information importance
Figure FDA0003904242950000064
Figure FDA0003904242950000064
 属多元离散尺度,其中x8=0,1,2,3,4,5分别表示攻击获取信息的重要程度由低到高的6个等级;It belongs to multivariate discrete scale, where x 8 =0, 1, 2, 3, 4, 5 represent 6 levels from low to high of the importance of information obtained by attack; (9)信息正确比率隶属函数(9) Membership function of information correct ratio
Figure FDA0003904242950000065
Figure FDA0003904242950000065
 属连续尺度,其中预设参数t9表示攻击期望获取的全部信息量,自变量x9表示攻击实际获得的信息量;It is a continuous scale, where the preset parameter t9 represents the total amount of information expected to be obtained by the attack, and the independent variable x9 represents the amount of information actually obtained by the attack; (10)信息提取时间隶属函数(10) Information extraction time membership function
Figure FDA0003904242950000071
Figure FDA0003904242950000071
 属连续尺度,其中预设参数t10表示攻击所能容忍的最大信息提取时间,自变量x10表示攻击实际信息提取时间;It is a continuous scale, where the preset parameter t 10 represents the maximum information extraction time that the attack can tolerate, and the independent variable x 10 represents the actual information extraction time of the attack; (11)破坏成功时间隶属函数(11) Destruction success time membership function
Figure FDA0003904242950000072
Figure FDA0003904242950000072
 属连续尺度,其中预设参数t11表示攻击所能容忍的最大破坏成功时间,自变量x11表示攻击实际破坏成功时间;It is a continuous scale, where the preset parameter t 11 represents the maximum damage success time that the attack can tolerate, and the independent variable x 11 represents the actual damage success time of the attack; (12)篡改成功比率隶属函数(12) Membership function of tampering success rate
Figure FDA0003904242950000073
Figure FDA0003904242950000073
 属连续尺度,其中预设参数t12表示服务篡改攻击的总次数,自变量x12表示攻击实际服务篡改攻击成功的次数;It is a continuous scale, wherein the preset parameter t 12 represents the total number of times of service tampering attacks, and the independent variable x 12 represents the number of successful attacks on actual service tampering attacks; (13)仿冒成功比率隶属函数(13) Counterfeit success rate membership function
Figure FDA0003904242950000074
Figure FDA0003904242950000074
 属连续尺度,其中预设参数t13表示服务仿冒攻击的总次数,自变量x13表示攻击实际服务仿冒攻击成功的次数;It is a continuous scale, wherein the preset parameter t 13 represents the total number of service counterfeiting attacks, and the independent variable x 13 represents the number of successful attacks against actual service counterfeiting attacks; (14)拒止成功比率隶属函数(14) Rejection success rate membership function
Figure FDA0003904242950000081
Figure FDA0003904242950000081
 属连续尺度,其中预设参数t14表示服务拒止攻击的总次数,自变量x14表示攻击实际服务拒止攻击成功的次数;It is a continuous scale, wherein the preset parameter t14 represents the total number of denial-of-service attacks, and the independent variable x14 represents the number of successful denial-of-service attacks; (15)服务降级隶属函数(15) Service degradation membership function
Figure FDA0003904242950000082
Figure FDA0003904242950000082
 属多元离散尺度,其中x15=0,1,2,3,4,5分别表示服务降级等级由低到高的6个等级;It is a multivariate discrete scale, where x 15 = 0, 1, 2, 3, 4, 5 respectively represent 6 levels of service degradation from low to high; (16)服务终止隶属函数(16) Service termination membership function
Figure FDA0003904242950000083
Figure FDA0003904242950000083
 属二元离散尺度,其中x16=0表示攻击未造成服务终止,x16=1表示攻击造成服务终止;It is a binary discrete scale, where x 16 = 0 means that the attack did not cause service termination, and x 16 = 1 means that the attack caused service termination; (17)服务欺骗隶属函数(17) Service deception membership function
Figure FDA0003904242950000084
Figure FDA0003904242950000084
 属二元离散尺度,其中x17=0表示攻击未造成服务欺骗,x17=1表示攻击造成服务欺骗;Belongs to a binary discrete scale, where x 17 =0 indicates that the attack does not cause service deception, and x 17 =1 indicates that the attack causes service deception; (18)主机计算资源毁伤隶属函数(18) Host computing resource damage membership function
Figure FDA0003904242950000085
Figure FDA0003904242950000085
 属连续尺度,其中预设参数t18表示攻击期望造成最大的主机计算资源毁伤数量,自变量x18表示攻击实际造成的主机计算资源毁伤数量;It is a continuous scale, where the preset parameter t 18 represents the maximum amount of host computing resource damage expected to be caused by the attack, and the independent variable x 18 represents the actual amount of host computing resource damage caused by the attack; (19)主机存储资源毁伤隶属函数(19) Host storage resource damage membership function
Figure FDA0003904242950000091
Figure FDA0003904242950000091
 属连续尺度,其中预设参数t19表示攻击期望造成最大的主机存储资源毁伤数量,自变量x19表示攻击实际造成的主机存储资源毁伤数量;It is a continuous scale, where the preset parameter t 19 represents the maximum amount of host storage resource damage expected to be caused by the attack, and the independent variable x 19 represents the actual amount of host storage resource damage caused by the attack; (20)服务带宽毁伤隶属函数(20) Service bandwidth damage membership function
Figure FDA0003904242950000092
Figure FDA0003904242950000092
 属连续尺度,其中预设参数t20表示攻击期望造成的最大服务带宽毁伤数量,自变量x20表示攻击实际造成的服务带宽毁伤数量;It is a continuous scale, where the preset parameter t 20 represents the maximum amount of service bandwidth damage expected to be caused by the attack, and the independent variable x 20 represents the actual amount of service bandwidth damage caused by the attack; (21)服务时延毁伤隶属函数(21) Service delay damage membership function
Figure FDA0003904242950000093
Figure FDA0003904242950000093
 属连续尺度,其中预设参数t21表示攻击期望造成的最大服务时延毁伤数量,自变量x21表示攻击实际造成的服务时延毁伤数量。It is a continuous scale, where the preset parameter t 21 represents the maximum amount of service delay damage expected to be caused by the attack, and the independent variable x 21 represents the actual amount of service delay damage caused by the attack.
CN201910140785.5A 2019-02-26 2019-02-26 Comprehensive evaluation method of service-oriented information system attack effectiveness Active CN110008097B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910140785.5A CN110008097B (en) 2019-02-26 2019-02-26 Comprehensive evaluation method of service-oriented information system attack effectiveness

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910140785.5A CN110008097B (en) 2019-02-26 2019-02-26 Comprehensive evaluation method of service-oriented information system attack effectiveness

Publications (2)

Publication Number Publication Date
CN110008097A CN110008097A (en) 2019-07-12
CN110008097B true CN110008097B (en) 2023-02-03

Family

ID=67166034

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910140785.5A Active CN110008097B (en) 2019-02-26 2019-02-26 Comprehensive evaluation method of service-oriented information system attack effectiveness

Country Status (1)

Country Link
CN (1) CN110008097B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108282468A (en) * 2018-01-03 2018-07-13 北京交通大学 A kind of application layer ddos attack detection method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108282468A (en) * 2018-01-03 2018-07-13 北京交通大学 A kind of application layer ddos attack detection method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于层次分析法的网络攻击效果评估方法研究;李雄伟等;《计算机工程与应用》;20061201(第24期);全文 *
基于熵权系数法的信息安全模糊风险评估;罗佳等;《计算机技术与发展》;20091010(第10期);全文 *

Also Published As

Publication number Publication date
CN110008097A (en) 2019-07-12

Similar Documents

Publication Publication Date Title
Prasad et al. BARTD: Bio-inspired anomaly based real time detection of under rated App-DDoS attack on web
CN105022964B (en) A kind of trustable network informative population method of Behavior-based control PREDICTIVE CONTROL
US20100269168A1 (en) System And Method For Developing A Risk Profile For An Internet Service
CN112583810B (en) Zero trust method for context-based virtual network
US20230040895A1 (en) System and method for developing a risk profile for an internet service
Lin et al. A blockchain-based secure data aggregation strategy using sixth generation enabled network-in-box for industrial applications
Odusami et al. A survey and meta‐analysis of application‐layer distributed denial‐of‐service attack
CN115208618B (en) Novel power system APT attack active defense method based on multi-level attack and defense game
Hosseini et al. Game theory approach for detecting vulnerable data centers in cloud computing network
CN115065564B (en) Access control method based on zero trust mechanism
CN113132398B (en) A Q-learning-based defense strategy prediction method for array honeypot systems
WO2021022875A1 (en) Distributed data storage method and system
Radanliev Review and comparison of US, EU, and UK regulations on cyber risk/security of the current blockchain technologies: viewpoint from 2023
CN116776324A (en) Abnormal user behavior processing method and system based on cloud computing service
CN110430158B (en) Collection agent deployment method and device
Palekar et al. IoT authentication model with optimized deep Q network for attack detection and mitigation
CN113360898B (en) Index weight determining method, network attack evaluating method and electronic equipment
CN110008097B (en) Comprehensive evaluation method of service-oriented information system attack effectiveness
CN112702321B (en) Distributed transaction current limiting method, device, equipment and storage medium
Tajeddine et al. A comprehensive reputation-based trust model for distributed systems
CN110471975B (en) Internet of things situation awareness calling method and device
CN115587374A (en) Trust value-based dynamic access control method and control system thereof
Amro Securing Internet of Things Devices with Federated Learning: A Privacy-Preserving Approach for Distributed Intrusion Detection.
CN107743070B (en) A kind of community division method and device for dual-attribute network
CN117424758B (en) Probing attack blocking method capable of adaptively adjusting access rights

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant