CN102253948B - Method and device for searching information in multi-source information system - Google Patents
Method and device for searching information in multi-source information system Download PDFInfo
- Publication number
- CN102253948B CN102253948B CN 201010181851 CN201010181851A CN102253948B CN 102253948 B CN102253948 B CN 102253948B CN 201010181851 CN201010181851 CN 201010181851 CN 201010181851 A CN201010181851 A CN 201010181851A CN 102253948 B CN102253948 B CN 102253948B
- Authority
- CN
- China
- Prior art keywords
- search
- database
- information
- content
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention provides a method for searching information in a multi-source information system, relates to the field of information management and solves the problem that a plurality of description information associations for the same object cannot be searched in the prior art. The method comprises the following steps of: acquiring a searching sequence and searching contents set by a user for multiple kinds of description information of the same object; and searching by using corresponding searching contents in a database where the description information is stored according to the searching sequence set by the user. The technical scheme can be applied to the searching of the information.
Description
Technical field
The present invention relates to field of information management, relate in particular to a kind of in the multi-source information system method and apparatus of search information.
Background technology
The develop rapidly of Internet for propagation and the utilization of information brings great convenience, has also brought the huge challenge of information security simultaneously.In order to alleviate day by day serious safety problem, increasing enterprise and mechanism have disposed fire wall, intruding detection system (Intrusion Detection Systems, IDS), a series of Network Security Devices such as vulnerability scanning equipment, flow detection device, effectively reduce the security risk of enterprise, but brought simultaneously safety-relevant data dispersion, volume of event to be difficult to greatly the problems such as processing.
Take a buffer overflow attack as example, the detection data relevant to this attack may be distributed in the daily record of fire wall, IDS, flow detection device, may be present in the daily record of vulnerability detection equipment simultaneously to by the relevant information of attack main frame, the daily record of each checkout equipment is deposited in independently in database, the type of database is also different, and this has just brought very big inconvenience for safety analysis personnel's log analysis.Whether for example whether the safety analysis personnel according to buffer overflow attack of alarm decision of IDS during success, need to arrive first in the daily record of fire wall this attack of search and be blocked by fire wall; If block, need to search on destination host whether have corresponding leak in the daily record of vulnerability detection equipment.Because the daily record relevant from this warning is distributed in different databases, this just needs the safety analysis personnel repeatedly to search in different databases, and the event analysis process becomes complicated and wastes time and energy.How taking full advantage of the multi-source security log, realize the determination and analysis to attack, reduce the complexity of event analysis, is the technical matters that present network safety filed is badly in need of solution.
In order to address the above problem, the products such as safety management platform (Security Operations Center, SOC) have obtained using more and more widely.The principle of work of SOC product is the warning message that gathers the multi-source safety equipment, the daily record that is dispersed in a plurality of databases is concentrated in same database, the association search of the basic enterprising behaviour part that gathers in daily record, wherein association search is in dissimilar security log, searches the whole log informations relevant to search key.This scheme can solve to a certain extent data source and disperse the difficulty that causes to event analysis, but have the following disadvantages: at first, because data volume is excessive, or the reason in service management, in being difficult to all data of being correlated with are aggregated into same database in a lot of application scenarios, the event analysis process still might need to access the data in a plurality of disparate databases; Secondly, even all data have been aggregated in same database, the event analysis process need comprises a plurality of steps due to one time, the safety analysis personnel still need to write a plurality of structuring search (SQL) statements, repeatedly search in a plurality of tables of data, just can obtain the result of needs, and write, organize the process of SQL statement still very complicated, increase the weight of the operation maintenance cost of database, extended the development time of database.
Summary of the invention
The invention provides a kind of in the multi-source information system method and apparatus of search information, solving in prior art can't be to the problem of a plurality of descriptor association searches of same thing.
To achieve the above object of the invention, the invention provides following technical scheme:
A kind of in the multi-source information system method of search information, comprising:
Obtain the user and be search order and the search content of a plurality of descriptors settings of same thing;
According to the search order that described user arranges, adopt corresponding search content to search in storing the database of this descriptor.
Further, described method has following features: the described user of obtaining is search order and the search content of a plurality of descriptors settings of same thing, comprising:
When described user being detected and need to retrieve, send to described user and comprise the search order of asking every kind of information and the dialog box of search content;
Receive described user and fill in dialog box after completing.
Further, described method has following features: described search content comprises the content of search key, source and the Search Results of search key.
Further, described method has following features: the described search order that arranges according to described user, and adopt corresponding search content to search in storing the database of this descriptor, comprising:
If a plurality of descriptors of described same thing are not stored in same database, obtain the identity information for the database of this descriptor of storage;
Adopt the identity information of described database, identify described database for this descriptor of storage;
According to the search order that described user arranges, adopt corresponding search content to search in the database that identification obtains.
A kind of in the multi-source information system device of search information, comprising:
Acquisition module is used for obtaining the user and is search order and the search content of a plurality of descriptors settings of same thing;
Search module is used for the search order according to described user's setting, adopts corresponding search content to search in storing the database of this descriptor.
Further, described device has following features: described acquisition module comprises:
Transmitting element is used for when described user being detected and need to retrieve, and sends to described user to comprise the search order of asking every kind of information and the dialog box of search content;
Receiving element is used for receiving described user and fills in dialog box after completing.
Further, described method has following features: the search content when described search module is searched for comprises the content of search key, source and the Search Results of search key.
Further, described device has following features: described search module comprises:
Acquiring unit is used for when a plurality of descriptors of described same thing are not stored in same database, obtains the identity information for the database of this descriptor of storage;
Recognition unit is connected with described acquiring unit, for the identity information of the database that adopts described acquiring unit to obtain, identifies described database for this descriptor of storage;
Search unit is connected with described recognition unit, is used for the search order according to described user's setting, adopts corresponding search content to search in the database that described recognition unit identification obtains.
Technical scheme provided by the invention, when the user carries out association search, by man-machine interaction, the user is arranged on search order and the search content in each database between disparate databases, the search of realization between a plurality of databases, need not to develop the script file for association search between database, reduced the operation cost of system; Search for according to search key and Search Results that the user clearly indicates, improve the precision of search, reduced the complexity of search, the processing speed of raising system to searching for; Owing to only needing exploitation one personal-machine interaction page, be used for search order and the search key in each database and the Search Results of request user add database, implementation is simple and convenient.
Description of drawings
Fig. 1 be provided by the invention in the multi-source information system structural representation of the system embodiment of search information;
Fig. 2 is the structural representation of middle acquisition module 101 embodiment illustrated in fig. 1;
Fig. 3 is the structural representation of middle search module 102 embodiment illustrated in fig. 1;
Fig. 4 be provided by the invention in the multi-source information system schematic flow sheet of the embodiment of the method for search information;
Fig. 5 is search order and the search content information page structure schematic diagram that the user arranges every kind of information that obtain provided by the invention;
Fig. 6 is the page schematic diagram of setting up incidence relation between subquery point provided by the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with the accompanying drawings and the specific embodiments.
Fig. 1 be in the present invention in the multi-source information system structural representation of the device embodiment of search information.Device embodiment shown in Figure 1 mainly comprises acquisition module 101 and search module 102, wherein
Wherein the multi-source information system comprises the descriptor of number of different types, this dissimilar information refers to the information that same thing is described from different aspects, describe with concrete application example, comprise multiple checkout equipment as network safety system, the security log of each checkout equipment is exactly different descriptor, below is described with the safety management to a website.
The below is described further described device:
Fig. 2 is the structural representation of middle acquisition module 101 embodiment illustrated in fig. 1.Middle acquisition module 101 embodiment illustrated in fig. 2 comprises:
Transmitting element 201 is used for when described user being detected and need to retrieve, and sends to described user to comprise the search order of asking every kind of information and the dialog box of search content;
Receiving element 202 is used for receiving described user and fills in dialog box after completing.
Concrete, when the user searches for, described acquisition module 101 obtains the user to the needs of this search with the form of dialog box, specifically obtains successively by following several pages:
1, be used for the page that the request user arranges scope to be searched, wherein scope to be searched is comprised of the information of number of different types;
In the page, at first list much information, therefrom choose the information of required detection until the user after, generate corresponding query point, comprising initial query point and a plurality of subquery point, wherein the number of subquery point is the kind sum of information, for example, select the descriptor of 3, generated 3 sub-query point.
2, be used for the request user search order and search content to each descriptor are set, wherein search content comprises the content of search key, source and the Search Results of search key;
Due to search information can centralized stores in a total data storehouse, a total data storehouse namely is set, this total data storehouse can obtain from the database of only depositing specific security log; Also can be stored in respectively different databases, a database is only stored a kind of customizing messages.Below respectively above-mentioned two situations are introduced:
Below describe as an example of the management of a sub-query point example, other subquery points are similar, repeat no more.
Situation one is that the security log centralized stores of checkout equipment is in a total data storehouse
The request user is to each subquery point definition search order and search content in the page, wherein search order is that the user is according to self needs, define which step execution to the inquiry of this subquery point, wherein search content comprises the content of search key, source and the Search Results of search key, wherein the content of search key can for the starting condition of search, can be the Search Results that obtains from the information of searching for.If be the Search Results that obtains in the information of searching for, also need to explicitly point out this Search Results and obtain from that search information this moment, thereby the relation between clear and definite descriptor is set up the related information of descriptor, thereby realize association search.
Situation two is not all to be stored in same database for the security log of checkout equipment
For ease of the position of locator data, the page of situation two not only comprises the full content of situation one page, also comprises the database at definition subquery point place.When search order and search content are set, also to be provided for storing the identity information of the database of this information as the user, number as database.
Preferably, the present embodiment adopts discrete form storage information, compare with employing concentrated form (being the total data storehouse) management, need not the transmission of information between database, under the prerequisite that guarantees data security, saved the use of the network bandwidth, adopt again the mode of database numbering and search order to obtain access order to database, realize the search between integration across database, be provided between database the program of association search with user in prior art and compare, be easier to user's operation and use.
Fig. 3 is the structural representation of middle search module 102 embodiment illustrated in fig. 1.Middle search module 102 embodiment illustrated in fig. 3 comprises:
Acquiring unit 301 is used for when a plurality of descriptors of described same thing are not stored in same database, obtains the identity information for the database of this descriptor of storage;
Search unit is connected with described recognition unit 302, is used for the search order according to described user's setting, adopts corresponding search content to search in the database that described recognition unit 302 identifications obtain.
Concrete, after acquisition module 101 obtained search order and search key, described search module was searched for information successively according to the search order that acquisition module 101 obtains, in search procedure, search for corresponding search content according to the search key that acquisition module 101 obtains.The method of searching for according to search key and search content in prior art all is applicable to the present invention, repeats no more herein.
Fig. 4 be in the present invention in the multi-source information system schematic flow sheet of the embodiment of the method for search information.In conjunction with device embodiment shown in Figure 1, the method comprises:
Optionally, before step 401, the strategy that can set in advance according to system or user, the information of selection portion classifying type as scope to be searched, then asks the user to this scope to be searched, search order and search content to be set from a plurality of descriptors of same thing.
Further, in step 401, search content comprises the content of search key, source and the Search Results of search key, if wherein in the search key of the first information except comprising known search key, also comprise obtaining Search Results after the second information search, need the user that this search key is set to obtain after the second information search this moment, thereby set up the incidence relation of the first information and the second information.
Further, if each descriptor is stored in respectively in corresponding database, also need the identify label in user setup data storehouse, thereby guarantee to recognize fast database.
The below with provided by the invention in the multi-source information system method application example schematic flow sheet of search information.In conjunction with embodiment of the method shown in Figure 4, the below is to describe as example this application example:
For example, the security log of 3 kinds of safety detecting systems is arranged, be numbered respectively A, B and C, be followed successively by web page horse hanging monitoring system, domain name monitoring system and network flow monitoring system.
The Network Safety Analysis personnel need to be known the user scope that is subjected to certain to be hung the horse website and attack in customer group; When having detected the user, the multi-source information system need to search for, eject dialog box, also there are local whole safety detecting system in this dialog box, the user need in this can actual needs to select the safety detecting system searched for, it is scope to be searched, wherein allow the user to select in described search system all or part of safety detecting system as scope to be searched, in this example, describe as example to select whole search modules; After selecting scope to be searched, the information that the user searches for according to actual needs, determine the search order of each safety detecting system, be the user scope that is subjected to certain to be hung the horse website and attack in the search subscriber group due to this example, the search order in this example is the security log of the security log → network flow monitoring system of the security log → domain name monitoring system of web page horse hanging monitoring system.
The scope to be searched of determining according to the user, system generates start node, this start node comprises an input parameter, name is called webaddress, type is character string type, and add three sub-query nodes, the attribute of each subquery node is: sequence number (namely carrying out the order of search), database-name, database numbering (do not exist when above-mentioned security log is not stored in same database, otherwise do not need), the content of search key, source and the Search Results of search key.
The below is introduced each subquery point:
Subquery node 1: the search key of the database of web page horse hanging monitoring system (be designated hereinafter simply as and hang horse time period Data panel) is web site url, as
Http:// www.a.com, Search Results is start time and concluding time;
As shown in Figure 5, the attribute at the page comprises: sequence number is 1, and DSN is for hanging the horse time period, and input parameter is station address, is labeled as webaddress, and type is character string type; Output parameter is start time and concluding time, is labeled as begintime and endtime, and type is the date type; The SQL statement of inquiry is: select min (time) as begintime, max (time) as endtime fromwebsite_trojan_event where home_page=webaddress;
Subquery node 2: the search key of the database of domain name monitoring system is web site url and to the Search Results of web page horse hanging monitoring system, i.e. start time and concluding time, Search Results is the IP address of this web site url;
Attribute at the page comprises: sequence number is 2, and DSN is domain name Monitoring Data source, and input parameter is webaddress, and type is character string type; Begintime, endtime, type is the date type; Output parameter is the IP address, is labeled as ip, and type is character string type; The SQL statement of inquiry is: selectip from dnsmonitor where time between begimime and endtime anddnsname=webaddress.Wherein begintime, endtime are the Search Results of subquery point 1, also need to set up the incidence relation of two sub-query point, as shown in Figure 6.
Subquery node 3: the search key of the database of network flow monitoring system is the IP address of web site url, and start time and concluding time, Search Results is for the IP address of this web site url of access, as 192.168.1.1.
Attribute at the page comprises: sequence number is 3, and DSN is network flow Monitoring Data source, and input parameter is ip, and type is character string type; Begintime, endtime, type is the date type; Output parameter is IP address list, is labeled as srcip, and type is character string type; The SQL statement of inquiry is: selectdistinct srcip from v_netflow t where eventtime between begintime and endtimeand dstip=ip and dstport=80.
When the user arrange complete after, the multi-source information system adopts search key corresponding to each database and search order according to the search order of database, and above-mentioned three databases are searched for.
Search key at the database of web page horse hanging monitoring system is web site url, as
Http:// www.a.com, obtain start time and concluding time from the Search Results that obtains, as 2010-1-1~2010-1-2, obtain the time that wooden horse is implanted in this website;
Search key at the database of domain name monitoring system is
Http:// www.a.comAnd 2010-1-1~2010-1-2 is search key, and Search Results is the IP address of this web site url, obtains the IP address of adopting when wooden horse is implanted in this website;
The search key of the database of network flow monitoring system is IP address and the 2010-1-1~2010-1-2 of web site url, Search Results is the IP address of this web site url of access, obtains the IP address of accessing IP address, this website during this period of time implanting wooden horse.
In above-mentioned three search procedures, carry out the query task of subquery node 1: hang on Ma Jianceshuojuyuan at page, the input parameter with in the SQL statement of definition in subquery node 1 replaces with design parameter according to internodal incidence relation.Carry out SQL statement: select min (time) asbegintime, max (time) as endtime from website_trojan_event where home_page='
Www.a.com', and with begintime, endtime as output parameter, suppose that Query Result is respectively " 2010-1-1 " and " 2010-1-2 ";
Carry out the query task of subquery node 2: on domain name Monitoring Data source, the input parameter with in the SQL statement of definition in subquery node 2 replaces with design parameter according to internodal incidence relation.Carry out SQL statement: select ip from dnsmonitor where time between ' 2010-1-1 ' and ' 2010-1-2 ' and dnsname='
Www.a.com', and with ip as output parameter, suppose that Query Result is for " 192.168.1.1 ";
Carry out the query task of subquery node 3: on network flow Monitoring Data source, the input parameter with in the SQL statement of definition in subquery node 3 replaces with design parameter according to internodal incidence relation.Carry out SQL statement: select distinct srcip from v_netflow t where eventtime between ' 2010-1-1 ' and ' 2010-1-2 ' and dstip=' 192.168.1.1 ' and dstport=80, and with Query Result srcip as final output.
if the security log of above-mentioned three safety detecting systems is scattered, when selecting to need the database of search, also need the user that the identify label of this database is set, as database numbering etc., unlike the prior art be, when searching for, need not to converge to a total data storehouse that is used for providing the search informational function, reduced the transmission that aims at day between database and total data storehouse, reduce the cost of service management, simultaneously, realize comparing with the script that in prior art, exploitation is used for association search in the database of a plurality of dispersions, be easier to user's operation.
The method that the embodiment of the present invention provides is not limited to this, for a plurality of descriptors of describing same thing, and a plurality of descriptors exist information common factor (Search Results that is some descriptions is search key of another search information) or cause-effect relationship, both can think that these a plurality of descriptors form the multi-source information system, just can adopt method provided by the invention.For example, in bank management system, for a user, multi-source information comprises accounts information and business information, and when needs obtained assessment user's maximum consuming capacity, just need to analyze storage this moment to accounts information and business information.
The method that the present embodiment provides, when the user carries out association search, by man-machine interaction, search order and the search key in each database and the Search Results in request user setup data storehouse, the search of realization between a plurality of databases, need not to develop the script file for association search between database, reduced the operation cost of system; Search for according to search key and Search Results that the user clearly indicates, reduced the complexity of search, the processing speed of raising system to searching for; Owing to only needing exploitation one personal-machine interaction page, be used for search order and the search key in each database and the Search Results of request user add database, implementation is simple and convenient.
One of ordinary skill in the art will appreciate that all or part of step that realizes above-described embodiment is to come the relevant hardware of instruction to complete by program, described program can be stored in a kind of computer-readable recording medium, this program comprises step of embodiment of the method one or a combination set of when carrying out.
In addition, each functional unit in each embodiment of the present invention can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If described integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium of mentioning can be ROM (read-only memory), disk or CD etc.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the described protection domain of claim.
Claims (8)
1. the method for a search information in the multi-source information system, is characterized in that, comprising:
Obtain the user and be search order and the search content of a plurality of descriptors settings of same thing; Wherein, described descriptor is N, and search order is that the Search Results of N-1 is that search order is the search key of N, and N is the integer more than or equal to 2;
According to the search order that described user arranges, adopt corresponding search content to search in storing the database of this descriptor.
2. method according to claim 1, is characterized in that, describedly obtains the user and be search order and search content that a plurality of descriptors of same thing arrange, comprising:
When described user being detected and need to retrieve, send to described user and comprise the search order of asking every kind of information and the dialog box of search content;
Receive described user and fill in dialog box after completing.
3. method according to claim 1, is characterized in that, described search content comprises the content of search key, source and the Search Results of search key.
4. method according to claim 1, is characterized in that, the described search order that arranges according to described user adopts corresponding search content to search in storing the database of this descriptor, comprising:
If a plurality of descriptors of described same thing are not stored in same database, obtain the identity information for the database of this descriptor of storage;
Adopt the identity information of described database, identify described database for this descriptor of storage;
According to the search order that described user arranges, adopt corresponding search content to search in the database that identification obtains.
5. the device of a search information in the multi-source information system, is characterized in that, comprising:
Acquisition module, be used for obtaining the user and be search order and the search content of a plurality of descriptors settings of same thing, wherein, described descriptor is N, search order is that the Search Results of N-1 is that search order is the search key of N, and N is the integer more than or equal to 2;
Search module is used for the search order according to described user's setting, adopts corresponding search content to search in storing the database of this descriptor.
6. device according to claim 5, is characterized in that, described acquisition module comprises:
Transmitting element is used for when described user being detected and need to retrieve, and sends to described user to comprise the search order of asking every kind of information and the dialog box of search content;
Receiving element is used for receiving described user and fills in dialog box after completing.
7. device according to claim 5, is characterized in that, the search content when described search module is searched for comprises the content of search key, source and the Search Results of search key.
8. device according to claim 5, is characterized in that, described search module comprises:
Acquiring unit is used for when a plurality of descriptors of described same thing are not stored in same database, obtains the identity information for the database of this descriptor of storage;
Recognition unit is connected with described acquiring unit, for the identity information of the database that adopts described acquiring unit to obtain, identifies described database for this descriptor of storage;
Search unit is connected with described recognition unit, is used for the search order according to described user's setting, adopts corresponding search content to search in the database that described recognition unit identification obtains.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010181851 CN102253948B (en) | 2010-05-19 | 2010-05-19 | Method and device for searching information in multi-source information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010181851 CN102253948B (en) | 2010-05-19 | 2010-05-19 | Method and device for searching information in multi-source information system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102253948A CN102253948A (en) | 2011-11-23 |
| CN102253948B true CN102253948B (en) | 2013-06-19 |
Family
ID=44981219
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010181851 Expired - Fee Related CN102253948B (en) | 2010-05-19 | 2010-05-19 | Method and device for searching information in multi-source information system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102253948B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831136B (en) * | 2012-01-16 | 2015-09-16 | 中新力合股份有限公司 | A kind of information stores and searching method |
| CN103412913B (en) * | 2013-08-05 | 2018-02-27 | 北京永信至诚科技股份有限公司 | A kind of association search method and system |
| CN103744897A (en) * | 2013-12-24 | 2014-04-23 | 华为技术有限公司 | Associated search method and associated search system for fault information, and network management system |
| CN106933853A (en) * | 2015-12-30 | 2017-07-07 | 阿里巴巴集团控股有限公司 | A kind of files passe processing method and processing device |
| CN106446261B (en) * | 2016-10-17 | 2020-01-14 | 广东小天才科技有限公司 | Content searching method and device based on multi-platform interface |
| CN109194605B (en) * | 2018-07-02 | 2020-08-25 | 中国科学院信息工程研究所 | Active verification method and system for suspicious threat indexes based on open source information |
| CN113157996B (en) * | 2020-01-23 | 2022-09-16 | 久瓴(上海)智能科技有限公司 | Document information processing method and device, computer equipment and readable storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101105796A (en) * | 2007-08-06 | 2008-01-16 | 无敌科技(西安)有限公司 | Trans-word library inquiry method |
-
2010
- 2010-05-19 CN CN 201010181851 patent/CN102253948B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101105796A (en) * | 2007-08-06 | 2008-01-16 | 无敌科技(西安)有限公司 | Trans-word library inquiry method |
Non-Patent Citations (5)
| Title |
|---|
| 夏雪.综合报警关联技术在网络安全管理平台中的运用.《中国优秀硕士学位论文全文数据库》.2009,全文. |
| 王彦博等.面向网络态势感知的多源异构日志传感器设计.《传感器与微系统》.2010,第29卷(第3期),118-120. |
| 综合报警关联技术在网络安全管理平台中的运用;夏雪;《中国优秀硕士学位论文全文数据库》;20091231;全文 * |
| 陈龙等.融合多源日志辅助取证的事件场景关联方法.《重庆邮电大学学报(自然科学版)》.2007,第19卷(第5期),584-589. * |
| 面向网络态势感知的多源异构日志传感器设计;王彦博等;《传感器与微系统》;20100331;第29卷(第3期);118-120 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102253948A (en) | 2011-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102253948B (en) | Method and device for searching information in multi-source information system | |
| Khare et al. | Big data in IoT | |
| US11449562B2 (en) | Enterprise data processing | |
| CN107087001B (en) | distributed internet important address space retrieval system | |
| CN103942639B (en) | Policy management system and its method for policy consultation service system | |
| CN110795257A (en) | Method, device and equipment for processing multi-cluster operation records and storage medium | |
| CN105279272A (en) | Content aggregation method based on distributed web crawlers | |
| CN103685575A (en) | Website security monitoring method based on cloud architecture | |
| CN104144142A (en) | Web vulnerability discovery method and system | |
| CN110990447B (en) | Data exploration method, device, equipment and storage medium | |
| CN109905288A (en) | A kind of application service classification method and device | |
| CN106294826A (en) | A kind of company-data Query method in real time and system | |
| CN112685394A (en) | Real-time threat information correlation method, device and system based on Flink | |
| Islam et al. | An ontology-driven approach to automating the process of integrating security software systems | |
| CN107491463A (en) | The optimization method and system of data query | |
| CN111240847A (en) | Data processing method, device, medium and computing equipment | |
| CN111382206A (en) | Data storage method and device | |
| CN108876314B (en) | Career professional ability traceable method and platform | |
| CN101989939A (en) | Real-time data providing method, server and network | |
| CN102523309A (en) | Method and equipment for responding request of client side and acquiring and returning real-time data | |
| CN103647774A (en) | Web content information filtering method based on cloud computing | |
| CN102855297B (en) | A kind of method of control data transmission and connector | |
| CN103902725A (en) | Method and device for acquiring search engine optimization information | |
| Fengjuan et al. | The research on complex event processing method of internet of Things | |
| CN110110524A (en) | Vulnerability scanning and maintaining method for computing equipment system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130619 Termination date: 20190519 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |