As we know, the network-security-situation is in danger, and it exists lots of software to attack system for free. The hacker gets the software easier, then they will launch large-scale network attack. In order to avoid this kind of threat, people have built the Data Center to collect and publish the alarm log from the different Network as to help analyzing the network. Besides, people study system risk assessment model and design automatic system vulnerability scan software to manage the harm from threat. But they have neglected some important aspects, the network attack is dynamic and threat relevance.The Dshield data center collects alarm logs from global sensors, and publishes logs in time. People can understand the Internet security information. We filter the Dshield whole harm log data, and analyze it. We try to find possibilities and versatilities to evaluate the threat. We introduce a concept the trend of port attack, and calculate the attack trend based on the security alerts.We analyze the theoretical knowledge of vulnerability scan software. It updates slowly, and is based on old theory. The pattern of network attack updates faster and faster. The network attack is more and more frequent. Current scanning software can't meet the need. We fetch part of the evaluation results through simplifying the process.We establish a model combining the threats assessment of local system with the security situation of current network, and re-evaluate the security level of local system. |