US$519.00 · In stock Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 37027-2025: Cybersecurity technology - Criteria for determing network attack and network attack incident Status: Valid GB/T 37027: Evolution and historical versions
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
GB/T 37027-2025 | English | 519 |
Add to Cart
|
5 days [Need to translate]
|
Cybersecurity technology - Criteria for determing network attack and network attack incident
| Valid |
GB/T 37027-2025
|
GB/T 37027-2018 | English | 439 |
Add to Cart
|
4 days [Need to translate]
|
Information security technology -- Specifications of definition and description for network attack
| Valid |
GB/T 37027-2018
|
PDF similar to GB/T 37027-2025
Basic data Standard ID | GB/T 37027-2025 (GB/T37027-2025) | Description (Translated English) | Cybersecurity technology - Criteria for determing network attack and network attack incident | Sector / Industry | National Standard (Recommended) | Classification of Chinese Standard | L80 | Classification of International Standard | 35.030 | Word Count Estimation | 26,237 | Date of Issue | 2025-02-28 | Date of Implementation | 2025-09-01 | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 37027-2025: Cybersecurity technology - Criteria for determing network attack and network attack incident ---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
GB/T 37027-2025 English version. Cybersecurity technology - Criteria for determining network attack and network attack incident
ICS 35.030
CCSL80
National Standard of the People's Republic of China
Replace GB/T 37027-2018
Cybersecurity Technology
Criteria for determining cyber attacks and cyber attack incidents
Released on 2025-02-28
2025-09-01 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of Contents
Preface III
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 1
5 Descriptive information elements 2
5.1 Network Attack 2
5.2 Cyber Attack Incidents 2
6 Judgment Condition 3
6.1 Determination Overview 3
6.2 Determination criteria for network attacks 4
6.3 Determination criteria for network attack incidents 6
7 Counting methods 7
7.1 Counting Overview 7
7.2 Count of network attacks 7
7.3 Network attack incident count 7
Appendix A (Informative) Typical Attack Target Types 10
Appendix B (Informative) Typical Network Attack Process 12
Appendix C (Informative) Typical determination methods for network attacks and network attack incidents 14
Appendix D (Informative) Overview of Cyber Attacks and Cyber Attack Incidents 15
Appendix E (Informative) Information elements and counting examples for describing cyber attacks and cyber attack events 16
Reference 18
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents"
Drafting.
This document replaces GB/T 37027-2018 "Information Security Technology Network Attack Definition and Description Specification" and GB/T 37027-
Compared with.2018, in addition to structural adjustments and editorial changes, the main technical changes are as follows.
a) The definition of cyber attack has been changed (see 3.1, 3.1 of the.2018 edition);
b) Added the definition of cyber attack incidents (see 3.2);
c) Changed the descriptions of “Attack technical means” and “Security vulnerability types” in “Cyber Attack” (see 5.1, 6.2 and 6.3 of the.2018 version);
d) Added information description of network attack incidents (see 5.2);
e) Added criteria for determining network attacks (see 6.2);
f) Added the criteria for determining network attack events (see 6.3);
g) Added counting method for network attacks (see 7.2);
h) Added the counting method for network attack incidents (see 7.3).
This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260).
This document was drafted by. National Computer Network Emergency Technical Processing Coordination Center, National Computer Network Emergency Technical Processing Coordination Center
Beijing Branch, China Electronics Standardization Institute, China Mobile Communications Group Co., Ltd., Venusstar Information Technology Group Co., Ltd.
Co., Ltd., Antiy Technology Group Co., Ltd., Beijing Changting Technology Co., Ltd., National Industrial Information Security Development Research Center, Guoneng Digital
Zhi Technology Development (Beijing) Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd., Beijing Topsec Network Security Technology Co., Ltd.
Department of Information and Communications Technology, National Information Center (National E-Government External Network Management Center), China Academy of Information and Communications Technology, Guangdong Provincial Information Security Evaluation Center,
National Engineering Research Center for Information Security Common Technology Co., Ltd., Hangzhou Anheng Information Technology Co., Ltd., Beijing Shengxin Network Technology Co., Ltd.
Ltd., Qi'anxin Technology Group Co., Ltd., the Sixth Research Institute of China Electronics Information Industry Group Co., Ltd., Beijing Times New Prestige
Information Technology Co., Ltd., Jiangsu Junli Huayu Information Security Technology Co., Ltd., Beijing Zhongce Anhua Technology Co., Ltd., China Electronics Technology Network
Security Technology Co., Ltd., Beijing Shenzhou Green Alliance Technology Co., Ltd., 360 Digital Security Technology Group Co., Ltd., Hangzhou Deeptech
Technology Co., Ltd., the Third Research Institute of the Ministry of Public Security, the Heilongjiang Branch of the National Computer Network Emergency Response Technology Coordination Center, Changan Communications
TECHNOLOGY LIMITED.
The main drafters of this document are. Yan Hanbing, Rao Yu, Guo Jing, Chen Liang, Zhao Yan, Zhou Yingying, Lu Wei, Xu Jian, Lü Zhiquan, Han Zhihui, Wen Senhao,
Wang Huili, Zhu Xuefeng, Xu Yali, Li Yiming, Qiu Qin, Yang Tianshi, Liu Jianan, Yang Kun, Zhang Xiaofei, Niu Yuekun, Liu Weihua, An Gaofeng, Yan Guixun,
Dong Hang, Zhen Zhuo, Hu Jianxun, Chen Yanyu, Bian Jianchao, Liu Yong, Zhao Yunlong, Wang Lianqiang, Jin Jianjun, Yan Momo, Cao Xubo, Xiao Yanjun, Geng Guining,
Liu Jilin, Tao Yuan, Liu Kun, Zhang Luoshi.
The previous versions of this document and the documents it replaces are as follows.
---First published in.2018 as GB/T 37027-2018;
---This is the first revision.
Introduction
In recent years, with the popularization and rapid development of network applications, the methods and forms of network attacks have become more complex and varied, causing great challenges to network security.
Serious threat.
The determination of cyber attacks and cyber attack incidents involves many factors, including. the difference between cyber attacks and cyber attack incidents;
Definition and classification of cyber attacks and network attacks; roles, processes, key technologies, and consequence assessments involved in cyber attacks and network attacks;
With the increasing number of cyber attacks and cyber attack incidents,
Currently, there is no unified method for determining and counting network attacks and network attack incidents among various organizations, which leads to the fact that the methods used by various organizations to determine and count network attacks are inconsistent.
There are large differences in the network attack situation, making it difficult to effectively share and accurately perceive the network attack situation. Therefore, it is necessary to conduct a comprehensive analysis of network attacks and network attack events.
More accurate definitions and descriptions, unified classification, judgment and statistical criteria are given to lay a solid foundation for resisting network attacks and improve the network attack situation
The perception effect can enhance network security protection capabilities.
Cybersecurity Technology
Criteria for determining cyber attacks and cyber attack incidents
1 Scope
This document establishes the information elements for describing, determining and counting cyber-attacks and cyber-attack incidents.
This document is applicable to guiding organizations in carrying out activities such as monitoring and analysis, situational awareness, and information reporting of cyber attacks and cyber attack incidents.
2 Normative references
The contents of the following documents constitute essential clauses of this document through normative references in this document.
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document.
GB/T 20986-2023 Information security technology - Guidelines for the classification and grading of cybersecurity incidents
GB/T 30279-2020 Information security technology - Guidelines for the classification and grading of network security vulnerabilities
3 Terms and definitions
The terms and definitions defined in GB/T 20986-2023, GB/T 30279-2020 and the following apply to this document.
3.1
network attacknetworkattack
Through information network technology and various means, the security loopholes and security defects in the network are used to interfere with, control,
Any behavior that affects the normal operation of the network, such as sabotage, etc., as well as any behavior that endangers data security, such as stealing, abusing, tampering, and damaging network data.
3.2
Network attack incident network attack incident
Cyber attack (3.1) A security incident that causes or has the potential to cause business loss or harm.
4 Abbreviations
The following abbreviations apply to this document.
APT. Advanced Persistent Threat
ARP. Address Resolution Protocol (addressresolutionprotocol)
AS. Autonomous system
BGP. Border Gateway Protocol
DNS. Domain Name System (domainnamesystem)
HTTP. Hypertext Transfer Protocol
IOC. indicators of compromise
IP. Internet Protocol
WLAN. Wireless Local Area Network (wireless local area network)
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 37027-2025_English be delivered?Answer: Upon your order, we will start to translate GB/T 37027-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 37027-2025_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 37027-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 37027-2025?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 37027-2025 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|