李学民,顾丽旺,宫克.基于威胁情报的网络安全态势评估方法研究[J].情报工程,2023,9(4):003-013 |
基于威胁情报的网络安全态势评估方法研究 |
Research on Network Security Situation Assessment Methods Based on Cyber Threat Intelligence |
|
DOI:10.3772/j.issn.2095-915X.2023.04.001 |
中文关键词: 网络安全态势感知;态势评估;网络威胁情报;网络安全指标体系 |
英文关键词: Network Security Situation Awareness; Situation Assessment; Cyber Threat Intelligence; Indicator System of Network Security |
基金项目: |
作者 | 单位 | 李学民 | 1. 山东省大数据中心 济南 250011; | 顾丽旺 | 2. 山东省市场监管监测中心 济南 250014; | 宫克 | 3. 山东省网络安全与信息化技术中心 济南 250011 |
|
摘要点击次数: 1077 |
全文下载次数: 1804 |
中文摘要: |
[目的/意义]面对复杂多变的国内外网络安全威胁态势,传统的网络安全技术已经难以发现、评估安全状况,加强威胁情报技术的应用,提升网络安全态势评估的能力已成为网络安全态势评估领域的重要环节。[方法/过程] 利用网络安全态势评估方法估算隐患和威胁的影响范围与严重程度,发现网络安全隐患和威胁,掌握当前网络安全情报状况。将威胁情报应用到网络安全态势感知,从威胁态势、脆弱性态势和资产运行态势三个方面入手,构建网络安全态势评估指标体系。以网络安全态势评估指标为导向,构建层次化的网络安全态势评估方法。[结果/结论] 通过威胁情报能力的加入,网络安全检测能力得到提升,网络安全态势评估指标更加客观及准确,便于网络安全管理人员对网络安全整体管理做出更科学合理的决策。 |
英文摘要: |
[Objective/Significance] In the face of complex and ever-changing domestic and international cybersecurity threat situations, traditional cybersecurity technologies have become difficult to detect and evaluate security conditions. Strengthening the application of threat intelligence technology and enhancing the ability of cybersecurity situation assessment has become an important link in the field of cybersecurity situation assessment. [Methods/Processes] Using network security situation assessment methods to estimate the scope and severity of the impact of hidden dangers and threats, identify network security hidden dangers and threats, and grasp the current state of network security intelligence. Applying threat intelligence to network security situation assesment, starting from three aspects: threat situation, vulnerability situation, and asset operation situation, constructs a network security situational evaluation index system. Build a hierarchical network security situation assessment method guided by network security situation assessment indicators. [Results/Conclusions] By incorporating threat intelligence capabilities, network security detection capabilities have been improved, and network security situation assessment indicators have become more objective and accurate, making it easier for network security managers to make more scientific and reasonable decisions on the overall management of network security. |
查看全文
查看/发表评论 下载PDF阅读器 |
关闭 |