CN-116455656-B - Comprehensive evaluation method, system, equipment and medium for network effect

Abstract

The invention provides a network effect comprehensive evaluation method, a system, equipment and a medium, which relate to the technical field of network effect comprehensive evaluation and comprise the steps of establishing an attack cost index system and an attack effect index system on two sides of attack and defense through complex network attacks performed on n aggressors, collecting attack cost indexes and index data, performing standardized processing to obtain standardized index data on the two sides, performing variable weighting processing on subjective weights and objective weights of the indexes to obtain comprehensive variable weight vectors based on a game method, combining the standardized index data on the two sides and the comprehensive variable weight vectors, obtaining corresponding evaluation results based on a combined embedded comprehensive evaluation model, and comprehensively evaluating the evaluation results on the two sides of attack and defense to obtain comprehensive evaluation results of the whole network attack action. The network effect comprehensive evaluation method can be used for comprehensively evaluating the attack and defense parties under the complex network attack environment, and comprehensively evaluating the overall security situation of the network.

Inventors

• HAN TING
• LI XIANG
• TAO JING
• Qu Hengyi
• Cui Xueyao
• TAN XU
• YANG YANG
• CHEN KAILIANG
• A CHEN

Assignees

• 西安交通大学

Dates

Publication Date

20260512

Application Date

20230427

Claims (8)

1. 1. A method for comprehensively evaluating network effects, the method comprising: for complex network attack by n aggressors, an attack cost index system of an attack side and an attack effect index system of an attacked side are established, wherein n is an integer greater than or equal to 1; Forming a mapping relation of type-attribute and type-mode based on a single attack type of single attack, a combined attack type of multiple attacks and the number of types of attacks, respectively matching attack cost indexes of corresponding attack sides and attack effect indexes of attacked sides according to an attribute layer and a mode layer, collecting index data corresponding to the attack cost indexes and the attack effect indexes, and carrying out standardization processing to obtain standardized index data on two sides of the standardization processing; carrying out variable weighting processing on subjective weight and objective weight of the index to obtain a subjective variable weight vector and an objective variable weight vector, and combining the subjective variable weight vector and the objective variable weight vector by adopting a game method to obtain a comprehensive variable weight vector; Combining the standardized index data on the two sides and the comprehensive variable weight vector to respectively obtain weighted standardized index data matrixes of an attacked side and an attacked side, respectively evaluating the weighted standardized index data matrixes of the attacked side and the attacked side based on a combined embedded comprehensive evaluation model to obtain corresponding evaluation results, and synthesizing the evaluation results of the attacked side and the attacked side to obtain a comprehensive evaluation result of the whole network attack action; the comprehensive variable weight vector is obtained through the following steps: According to expert experience, sequentially comparing importance degrees related to indexes in pairs according to the principle of an bubbling sequencing method, and sequencing according to the importance degrees to obtain an index importance sequencing queue; Based on the index importance sequencing queue, sequentially calculating the importance degree between two adjacent indexes to obtain an importance degree ratio between the adjacent indexes; based on the importance ratio and subjective judgment between the adjacent indexes, obtaining a subjective variable weight vector; based on the conflict, correlation and discreteness of the indexes, combining the information entropy of the indexes to obtain an objective variable weight vector; Based on game theory, adopting conflicts among Nash equilibrium indexes, utilizing inherent information of index weights, and determining comprehensive variable weight vectors by taking the maximization benefit common point among different indexes as an optimal linear combination weight coefficient.
2. 2. The method of claim 1, wherein the establishing an attack cost indicator system on the attack side and an attack effect indicator system on the attacked side comprises: For an attack side, a target-attribute-index attack cost index system is established by combining factors and attributes of an attacker, wherein the factors of the attacker comprise attack attributes, attack modes, attack costs, attack side resources and network consumption, and the attributes comprise availability, confidentiality and cost; And for an attacked side, combining factors of attack equipment and an attack mode, and establishing a target-mode-index three-layer attack effect index system, wherein the factors of the attack equipment comprise system resource change, performance change, network change and running stability, and the modes comprise a resource consumption mode, a manipulation configuration mode, a permission acquisition mode, an interactive spoofing mode and a service utilization mode.
3. 3. The method of claim 1, wherein the obtaining of the two-sided normalized index data further comprises: The single attack type is obtained by determining an attack mode according to the attack attribute and the attack purpose of an attacker and directly matching an attack cost index and an attack effect index; The combined attack types of the attacks are respectively matched with specific indexes under each mode, and the attack cost indexes of the attack side and the attack effect indexes of the attacked side are aggregated.
4. 4. The method according to claim 1, wherein the comprehensive assessment result is obtained by: constructing a weighted normalized index data matrix based on the comprehensive variable weight vector; Loading a combined embedded evaluation model, and determining positive and negative ideal solution reference vectors of the weighted normalized index data matrix; calculating the association coefficient of the index and constructing an association coefficient matrix; Calculating the relevance value of each index data and positive and negative ideal solution reference vectors by the relevance coefficient matrix; calculating Euclidean distances between different evaluation object indexes and positive and negative ideal solution reference vectors; Combining the transverse association degree values of different indexes and the longitudinal Euclidean distances of different evaluation objects, and calculating the comprehensive closeness of the different evaluation objects; Based on the comprehensive closeness of different evaluation objects, the same-magnitude evaluation results of the attack side and the attacked side are calculated respectively, and the comprehensive evaluation results of the whole attack are obtained by combining the evaluation results of the attack side and the defended side.
5. 5. A network effect integrated assessment system, the system comprising: The two-side index system construction subsystem is used for constructing an attack cost index system of an attack side and an attack effect index system of an attacked side for complex network attacks by n attackers, wherein n is an integer greater than or equal to 1; The index data processing subsystem is used for forming a mapping relation of type-attribute and type-mode based on single attack type of single attack, combined attack type of multiple attacks and the number of types of attacks, respectively matching attack cost indexes of corresponding attack sides and attack effect indexes of attacked sides according to attribute layers and mode layers, collecting index data corresponding to the attack cost indexes and the attack effect indexes, and carrying out standardization processing to obtain standardized index data on two sides of the standardization processing; The game theory index weight changing subsystem is used for carrying out weight changing processing on subjective weight and objective weight of the index to obtain a subjective weight changing vector and an objective weight changing vector, and combining the subjective weight changing vector and the objective weight changing vector by adopting a game method to obtain a comprehensive weight changing vector; The comprehensive evaluation subsystem is used for combining the standardized index data on the two sides and the comprehensive variable weight vector to respectively obtain weighted standardized index data matrixes of the attack side and the attacked side, evaluating the weighted standardized index data matrixes of the attack side and the attacked side respectively based on a combined embedded comprehensive evaluation model to obtain corresponding evaluation results, and integrating the evaluation results of the attack side and the attacked side to obtain comprehensive evaluation results of the whole network attack action; the game theory metrics weighting subsystem is further configured to: the importance ranking module is used for sequentially comparing the importance degrees related to the indexes in pairs according to the principle of an bubbling ranking method and ranking the indexes according to the importance degrees according to the experience of an expert to obtain an index importance ranking queue; The importance ratio calculating module is used for calculating the importance between two adjacent indexes in sequence based on the index importance sequencing queue to obtain the importance ratio between the adjacent indexes; The subjective variable weight vector determining module is used for obtaining a subjective variable weight vector based on the importance ratio and subjective judgment between the adjacent indexes; the objective variable weight vector determining module is used for obtaining an objective variable weight vector by combining the information entropy of the index based on the conflict, the correlation and the discreteness of the index; the comprehensive variable weight vector determining module is used for determining a comprehensive variable weight vector by adopting conflicts among Nash equilibrium indexes and utilizing inherent information of index weights and taking the maximization benefit common point among different indexes as an optimal linear combination weight coefficient based on a game theory.
6. 6. The system of claim 5, wherein the integrated evaluation subsystem is further configured to: The weighted normalized index data matrix determining module is used for constructing a weighted normalized index data matrix based on the comprehensive variable weight vector; the positive and negative ideal solution reference vector determining module is used for determining positive and negative ideal solution reference vectors of the weighted normalized index data matrix; The association coefficient matrix construction module is used for calculating the association coefficient of the index and constructing an association coefficient matrix; The association degree value calculation module is used for calculating association degree values of each index data and positive and negative ideal solution reference vectors by the association coefficient matrix; The Euclidean distance calculation module is used for calculating Euclidean distances between different evaluation object index data and positive and negative ideal solution reference vectors; The comprehensive closeness calculating module is used for integrating the transverse association degree values of different indexes and the longitudinal Euclidean distances of different evaluation objects and calculating the comprehensive closeness of the different evaluation objects; the comprehensive evaluation result calculation module is used for respectively calculating the evaluation results of the same magnitude of the attack side and the attacked side based on the comprehensive closeness of different evaluation objects, and combining the evaluation results of the attack side and the defended side to obtain the comprehensive evaluation result of the whole attack.
7. 7. An electronic device, comprising: A memory for storing one or more programs; A processor; The network effect comprehensive assessment method according to any one of claims 1-4 is implemented when the one or more programs are executed by the processor.
8. 8. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the network effect comprehensive assessment method according to any one of claims 1-4.

Description

Comprehensive evaluation method, system, equipment and medium for network effect Technical Field The present invention relates to the field of network effect comprehensive evaluation technologies, and in particular, to a network effect comprehensive evaluation method, system, device, and medium. Background With the development of the Internet and information technology, various network attacks are endlessly developed, attack means of attackers are more and more diversified, attack presents a multi-source characteristic, the types and times of attacks on networks and facilities are in a situation of rising year by year, the faced network security forms are very serious, more attack opportunities are given to hackers in the age of everything interconnection, and the whole network security environment faces new challenges. Therefore, the method has strong practical significance in evaluating the attack effect generated by the network attack. The existing method for evaluating the network attack effect is mostly only from the perspective of an attacked party, the designed evaluation index system is relatively single, the attack result index system is only established from the perspective of a victim, and the dynamic change of the attack effect caused by the fact that the attacker adopts different attack means and attack cost to the victim can not be embodied. When evaluating the attack effect generated by one or more network attacks, the setting of the unilateral index Chang Quan value ignores the relevance and conflict relation between index data, thereby finally influencing the accuracy of the evaluation result. In addition, the current evaluation method is single, and complex network attacks need to be adaptively evaluated by combining a more comprehensive evaluation model. The comprehensive evaluation of the network attack is beneficial to forming more comprehensive understanding on the attack behavior, carrying out quantitative and qualitative evaluation on the attack effect, measuring the damage caused by the attack, and being beneficial to guiding the network system to promote the defending level and guaranteeing the safety and the stability of the system operation. Disclosure of Invention The invention provides a comprehensive evaluation method, system, equipment and medium for network effects, which are used for solving the problem that the existing evaluation method is single and cannot comprehensively carry out self-adaptive evaluation on network attacks. In a first aspect, an embodiment of the present invention provides a method for comprehensively evaluating network effects, where the method includes: for complex network attack by n aggressors, an attack cost index system of an attack side and an attack effect index system of an attacked side are established, wherein n is an integer greater than or equal to 1; Forming a mapping relation of type-attribute and type-mode based on a single attack type of single attack, a combined attack type of multiple attacks and the number of types of attacks, respectively matching attack cost indexes of corresponding attack sides and attack effect indexes of attacked sides according to an attribute layer and a mode layer, collecting index data corresponding to the attack cost indexes and the attack effect indexes, and carrying out standardization processing to obtain standardized index data on two sides of the standardization processing; carrying out variable weighting processing on subjective weight and objective weight of the index to obtain a subjective variable weight vector and an objective variable weight vector, and combining the subjective variable weight vector and the objective variable weight vector by adopting a game method to obtain a comprehensive variable weight vector; And combining the standardized index data on the two sides and the comprehensive variable weight vector to respectively obtain weighted standardized index data matrixes of the attacked side and the attacked side, and respectively evaluating the weighted standardized index data matrixes of the attacked side and the attacked side based on a combined embedded comprehensive evaluation model to obtain corresponding evaluation results, and integrating the evaluation results of the attacked side and the attacked side to obtain a comprehensive evaluation result of the whole network attack action. Based on the first aspect, the establishing an attack cost index system of the attack side and an attack effect index system of the attacked side includes: For an attack side, a target-attribute-index attack cost index system is established by combining factors and attributes of an attacker, wherein the factors of the attacker comprise attack attributes, attack modes, attack costs, attack side resources and network consumption, and the attributes comprise availability, confidentiality and cost; And for an attacked side, combining factors of attack equipment and an attack mode, and establishing a targ