CN103095477B - The processing system of a kind of abnormal alarm information and method - Google Patents

The processing system of a kind of abnormal alarm information and method Download PDF

Info

Publication number
CN103095477B
CN103095477B CN201110342501.4A CN201110342501A CN103095477B CN 103095477 B CN103095477 B CN 103095477B CN 201110342501 A CN201110342501 A CN 201110342501A CN 103095477 B CN103095477 B CN 103095477B
Authority
CN
China
Prior art keywords
abnormal alarm
alarm information
module
described abnormal
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110342501.4A
Other languages
Chinese (zh)
Other versions
CN103095477A (en
Inventor
李志鹏
王洪波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tols Tianxiang Net An Information Technology Co ltd
Original Assignee
BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd filed Critical BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd
Priority to CN201110342501.4A priority Critical patent/CN103095477B/en
Publication of CN103095477A publication Critical patent/CN103095477A/en
Application granted granted Critical
Publication of CN103095477B publication Critical patent/CN103095477B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Alarm Systems (AREA)

Abstract

The invention discloses a kind of processing system and the method for abnormal alarm information, this system can gather the abnormal alarm information on network, and to needing the login user processing described abnormal alarm information to carry out authentication, while described user carries out relevant treatment to described abnormal alarm information, the process state of abnormal alarm information described in monitoring analysis, and the process auditing result of abnormal alarm information can be circulated a notice of in real time, enable the user to understand its treatment progress quickly and easily, described system can also the access behavior of monitoring analysis abnormal alarm main frame, analyze warning Producing reason.By processing system and the method for described abnormal alarm information, it is possible to organically abnormal alarm information, personnel, flow process etc. are combined, improve the treatment effeciency of abnormal alarm information.

Description

The processing system of a kind of abnormal alarm information and method
Technical field
The present invention relates to internet arena, in particular, relate to the process of a kind of abnormal alarm information System and method.
Background technology
Along with the development of network technology and the extension of network size and complication, network behavior is the most increasingly Complicated and wayward, for the safety problem of Logistics networks system, network management personnel is usually at network Middle addition safety analysis equipment, when occurring abnormal conditions in network, described safety analysis equipment i.e. can be certainly Dynamic warning.
Along with development and the expansion of network size of network technology, some suspicious or illegal networks Steal, the network behavior such as network attack more frequent, and then cause safety analysis equipment in the short time In may produce substantial amounts of security alarm, generally, from Network Abnormal situation occurring to alarm signal The process that breath processes is: when abnormal conditions occurs in network system, and safety analysis equipment automatic alarm is logical Know that network management personnel is further according to warning message, to the Network anomalous behaviors occurred to network management personnel Processing accordingly, administration sections at different levels warning to be processed quantity is a lot.
It can be seen that the related work of substantial amounts of abnormal alarm information in prior art, it is all manually to carry out Processing, this allows for can not accomplishing to process in time to substantial amounts of abnormal alarm information to a certain extent, different The often generation of warning message cannot reasonably combine with follow-up process work to abnormal alarm The treatment effeciency of information is the lowest.
How the shortcoming existed based on above-mentioned prior art, provide the processing system of a kind of abnormal alarm information And method, it is possible to abnormal alarm information and actual workflow are organically combined, thus promotes Treatment effeciency to abnormal alarm information, is those skilled in the art's urgent problems.
Summary of the invention
In view of this, the invention provides a kind of processing system and the method for abnormal alarm information, to overcome Owing to abnormal alarm information and actual workflow organically can not being combined in prior art Cause to abnormal alarm information processing efficiency and the problem of low SI.
For achieving the above object, the present invention provides following technical scheme:
A kind of processing system of abnormal alarm information, including: information acquisition module, Certificate Authority module, Monitoring analysis module and messaging module;
Information acquisition module, for gathering the abnormal alarm information that safety analysis equipment produces;
Certificate Authority module, for carrying out body to the user of the processing system logging in described abnormal alarm information Part checking, and according to described the result to described user grants access scope;
Monitoring analysis module, for user described in real-time monitoring analysis to described abnormal alarm information operating Process state, described process state is the situation that can indicate that described abnormal alarm information processing process;
Messaging module, for the process state of the described abnormal alarm information of circular in real time.
Wherein, described monitoring analysis module specifically includes:
Reception determines module, is used for determining that described abnormal alarm information is received the most;
Distribution determines module, is used for determining that described abnormal alarm information is distributed the most;
Process determines module, is used for determining whether described abnormal alarm information has started to process;
Examination & verification determines module, for determining that to the verification result of described abnormal alarm information whether administrative center Through auditing and determining auditing result;
Process terminates to determine module, is used for determining that described abnormal alarm information is the most processed complete.
Preferably, also include:
Statistics management module, for adding up the type of abnormal alarm information, number of times, time, generation area And/or auditing result, and export include described type, number of times, time, generation area and/or auditing result Statistical report form.
Preferably, also include:
Abnormal monitoring module, for according to the access behavior to abnormal alarm main frame of the described abnormal alarm information Be monitored analyze, described abnormal alarm main frame be produce described abnormal alarm information there is IP address Equipment.
Wherein, described abnormal monitoring module is additionally operable to: go out described according to the interpretation of result of described monitoring analysis Abnormal alarm information Producing reason.
A kind of processing method of abnormal alarm information, including:
Gather the abnormal alarm information that safety analysis equipment produces;
The user of the processing system logging in described abnormal alarm information is carried out authentication, and according to described The result is to described user grants access scope;
User's process state to described abnormal alarm information operating described in monitoring analysis, described process in real time State is the situation that can indicate that described abnormal alarm information processing process;
Process state for the described abnormal alarm information of circular in real time.
Wherein, user's process state to described abnormal alarm information operating described in described real-time monitoring analysis Specifically include:
Determine that described abnormal alarm information is received the most;
Determine that described abnormal alarm information is distributed the most;
Determine whether described abnormal alarm information has started to process;
Determine that administrative center's verification result to described abnormal alarm information is the most through auditing and determining careful Core result;
Determine that described abnormal alarm information is the most processed complete.
Preferably, also include:
The statistics type of abnormal alarm information, number of times, time, generation area and/or auditing result, and defeated Go out the statistical report form including described type, number of times, time, generation area and/or auditing result.
Preferably, also include:
It is monitored analyzing to the access behavior of abnormal alarm main frame according to described abnormal alarm information, described Abnormal alarm main frame is the equipment with IP address producing described abnormal alarm information.
Preferably, also include:
Interpretation of result according to described monitoring analysis goes out described abnormal alarm information Producing reason.
Understand via above-mentioned technical scheme, compared with prior art, the invention discloses a kind of abnormal report The processing system of alarming information and method, this system can gather the abnormal alarm information on network, and to needing The user processing described abnormal alarm information carries out authentication, described user to described abnormal alarm While information carries out relevant treatment, the process state of abnormal alarm information described in monitoring analysis, and energy Enough process auditing result circulating a notice of abnormal alarm information in real time so that described user can be quickly and easily Solve its treatment progress, described system can also the access behavior of monitoring analysis abnormal alarm main frame, analyze Warning Producing reason.By processing system and the method for described abnormal alarm information, it is possible to organically will Abnormal alarm information, personnel, flow process etc. combine, and improve the treatment effeciency of abnormal alarm information.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that below, Accompanying drawing in description is only embodiments of the invention, for those of ordinary skill in the art, not On the premise of paying creative work, it is also possible to obtain other accompanying drawing according to the accompanying drawing provided.
Fig. 1 is the structural representation of a kind of abnormal alarm information processing system disclosed in the embodiment of the present invention;
Fig. 2 is the structural representation of monitoring analysis module disclosed in the embodiment of the present invention;
Fig. 3 is the structural representation of another kind of abnormal alarm information processing system disclosed in the embodiment of the present invention;
Fig. 4 is a kind of schematic flow sheet of abnormal alarm information processing method disclosed in the embodiment of the present invention;
Fig. 5 is the flow process of real-time monitoring analysis abnormal alarm information processing state disclosed in the embodiment of the present invention Schematic diagram;
Fig. 6 is the another kind of schematic flow sheet of abnormal alarm information processing method disclosed in the embodiment of the present invention;
Fig. 7 is the state flow chart that ministerial level disclosed in the embodiment of the present invention processes abnormal alarm information;
Fig. 8 is the state flow chart of provincial process abnormal alarm information disclosed in the embodiment of the present invention;
Fig. 9 is the state flow chart of prefecture-level process abnormal alarm information disclosed in the embodiment of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out Clearly and completely describe, it is clear that described embodiment is only a part of embodiment of the present invention, and It is not all, of embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing Go out the every other embodiment obtained under creative work premise, broadly fall into the scope of protection of the invention.
Embodiment one
Fig. 1 is the structural representation of a kind of abnormal alarm information processing system disclosed in the embodiment of the present invention, As it can be seen, the processing system 10 of described abnormal alarm information may include that
Information acquisition module 101, for gathering the abnormal alarm information that safety analysis equipment produces;
Here safety analysis equipment can be all supports SNMP (simple network management), SYSLOG The safety analysis equipment of agreements such as (system journals), described information acquisition module can in an active manner, Can also acquisition abnormity warning message from network in passive manner;
Certificate Authority module 102, for carrying out the user of the processing system logging in described abnormal alarm information Authentication, and according to described the result to described user grants access scope;
User carries out authentication to be entered by the certification existing hardware certificate of internal control personnel OK, when users log on, the hardware certificate that insertion system is given tacit consent to is needed, by the checking on described certificate Code or magnetic induction information determine the level of identity of login user, authorize described login according to described level of identity The corresponding access rights of user, level of identity is the highest, the administrative center's level belonging to the most described login user The highest, its authority accessing system and managing having is the most, and certainly, Certificate Authority works Cipher authentication can also be given, so can confirm the identity of login user more accurately;
Monitoring analysis module 103, for user described in real-time monitoring analysis to described abnormal alarm information operating Process state, described process state is the situation that can indicate that described abnormal alarm information processing process;
In the processing system of described abnormal alarm information, when the number of levels difference of administration section, accordingly Described process status number the most different, be divided into ministerial level, the provincial and situation of prefecture-level three grades in administration section Under, described process state include to be distributed, to be received, pending, process in, treat province examination & verification, save examine Core do not passes through, save examination & verification passes through, the portion's for the treatment of examination & verification, portion's examination & verification is not passed through, portion's examination & verification is passed through, located Ten kinds of states such as reason, relevant distribution, receive, process and the work such as examination & verification still done by management personnel, Described monitoring analysis module is used only to indicate the treatment progress of abnormal alarm information, so also allows at different levels Management personnel understand the disposition of all abnormal alarm information, are favorably improved work efficiency, according to institute Stating the function of monitoring analysis module 103, with reference to shown in Fig. 2, described monitoring analysis module 103 is concrete again May include that
Reception determines module 1031, is used for determining that described abnormal alarm information is received the most;
After Certificate Authority module 102 has been verified, described login user can enter the relevant page, Receiving newly generated abnormal alarm information, described login user can be by triggering " reception " on the page Button confirms that described abnormal alarm information receives, and system can also record each simultaneously according to log-on message The director of individual abnormal alarm information, it is simple to the carrying out of some subsequent statistical work;
Distribution determines module 1032, is used for determining that described abnormal alarm information is distributed the most;
After receiving described abnormal alarm information, administration section starts to distribute described abnormal alarm information, Described abnormal alarm information can be retained this grade of administration section and processes or be distributed to described by this grade of administration section The administration section of subordinate in area under one's jurisdiction, abnormal alarm information place processes, and first degree administration section is not to different The right of often warning message distribution;
Process determines module 1033, is used for determining whether described abnormal alarm information has started to process;
Described process determines that described abnormal alarm information the most can be opened by module 1033 according to management personnel Begin verify job analysis go out described abnormal alarm information whether have started to process, it is possible to determine described exception Warning message whether be in pending or process in state;
Examination & verification determines module 1034, for determining administrative center's verification result to described abnormal alarm information The most through auditing and determining auditing result;
The abnormal alarm information being disposed, the verification result of the most described abnormal alarm information needs to be sent to Upper management department for review, described examination & verification determines that module 1034 can be according to management personnel's touching on the page Send out whether the verification result of abnormal alarm information described in operation judges has started to examination & verification and can determine examination & verification knot Really, it is possible to determine whether the verification result of described abnormal alarm information is in pending state and judges described The verification result of abnormal alarm information is the most by examination & verification, by the verification of the abnormal alarm information of examination & verification Result continues to report, until by the examination & verification of highest administration section, not believed by the abnormal alarm of examination & verification The verification result of breath, is issued to next stage administration section automatically;
Process terminates to determine module 1035, is used for determining that described abnormal alarm information is the most processed complete;
When described user audits the verification result of complete described abnormal alarm information, by triggering on the page " finishing " button, described end determines that module 1035 determines that described abnormal alarm information is in processed shape State;
Messaging module 104, for process state and the auditing result of circular abnormal alarm information in real time;
This message communication module 104 can conveniently realize the communication between administration section at different levels, such as higher level It is aobvious that administration section of subordinate is issued rolling after extremely circulating a notice of or supervise information, users at different levels to log in by administration section Show current abnormal alarm information and the treatment progress of described current abnormal alarm information and auditing result, it is possible to Making administration section's quickly response process and the supervisor of emphasis abnormal alarm information, this module can be square simultaneously Just the exchange between all levels of management personnel;
In the present embodiment, the processing system of described abnormal alarm information first passes through information acquisition module collection Abnormal alarm information on network, then by Certificate Authority module to logging in described abnormal alarm information The user of processing system carries out authentication, for by the user grants access of authentication, then by prison User's process state to described abnormal alarm information operating described in the real-time monitoring analysis of module is analyzed in control, makes Obtaining described user and can understand the treatment progress of described abnormal alarm information quickly and easily, described system is also The process auditing result of abnormal alarm information can be circulated a notice of in real time, facilitate the communication between administration section at different levels. Abnormal alarm information, personnel, flow process etc. are organically combined by described system, improve abnormal alarm The treatment effeciency of information.
Embodiment two
Fig. 3 is the structural representation of another kind of abnormal alarm information processing system disclosed in the embodiment of the present invention, With reference to Fig. 3, the processing system 10 of described abnormal alarm information may include that
Information acquisition module 101, for gathering the abnormal alarm information that safety analysis equipment produces;
Certificate Authority module 102, for carrying out the user of the processing system logging in described abnormal alarm information Authentication, and according to described the result to described user grants access scope;
Monitoring analysis module 103, for user described in real-time monitoring analysis to described abnormal alarm information operating Process state, described process state is the situation that can indicate that described abnormal alarm information processing process;
In the present embodiment, described analysis monitoring module 103 specifically may include that
Reception determines module 1031, is used for determining that described abnormal alarm information is received the most;
Distribution determines module 1032, is used for determining that described abnormal alarm information is distributed the most;
Process determines module 1033, is used for determining whether described abnormal alarm information has started to process;
Examination & verification determines module 1034, for determining administrative center's verification result to described abnormal alarm information The most through auditing and determining auditing result;
Process terminates to determine module 1035, is used for determining that described abnormal alarm information is the most processed complete;
Messaging module 104, for process state and the auditing result of circular abnormal alarm information in real time;
Statistics management module 301, for adding up the type of abnormal alarm information, number of times, time, generating region Territory and/or auditing result, and export include described type, number of times, the time, generation area and/or examination & verification knot The statistical report form of fruit;
Described statistics management module 301 can with the relevant information of abnormal alarm information described in statistic record, and And statistical report form can be exported, statistical report form here can export in a variety of forms, such as cake chart, Block diagram, curve chart etc., described statistical report form can serve as the daily O&M of administration section at different levels, supervisor, The purposes such as abnormal alarm information analysis;
Abnormal monitoring module 302, for according to the described abnormal alarm information access line to abnormal alarm main frame For being monitored analyzing, and go out what described abnormal alarm information produced according to described monitoring analysis interpretation of result Reason;
Wherein, described abnormal alarm main frame is the equipment with IP address producing described abnormal alarm information, The access behavior of the described abnormal monitoring module 302 main frame to producing abnormal alarm information carries out close supervision, Analyze its warning reason, it is simple to administration section's process work to abnormal alarm information.
In the present embodiment, the processing system of described abnormal alarm information first passes through information acquisition module collection Abnormal alarm information on network, then by Certificate Authority module to logging in described abnormal alarm information The user of processing system carries out authentication, for by the user grants access of authentication, then by prison User's process state to described abnormal alarm information operating described in the real-time monitoring analysis of module, energy are analyzed in control Enough process auditing result being circulated a notice of abnormal alarm information by messaging module in real time, facilitate management at different levels Interdepartmental communication so that described user can understand the process of described abnormal alarm information quickly and easily Process, described system can also the access behavior of monitoring analysis abnormal alarm main frame, analyzing warning and producing Reason.Abnormal alarm information, personnel, flow process etc. are organically combined by this system, improve different The often treatment effeciency of warning message.
Embodiment three
Fig. 4 is a kind of schematic flow sheet of abnormal alarm information processing method disclosed in the embodiment of the present invention, With reference to shown in Fig. 4, the processing method of abnormal alarm information may include that
Step 401: gather the abnormal alarm information that safety analysis equipment produces;
Step 402: the user of the processing system logging in described abnormal alarm information is carried out authentication, and According to described the result to described user grants access scope;
Step 403: user's process state to described abnormal alarm information operating described in monitoring analysis in real time;
Wherein, described process state is the situation that can indicate that described abnormal alarm information processing process;Ginseng Examining Fig. 5, in actual applications, described step 403 specifically may comprise steps of:
Step 501: determine that described abnormal alarm information is received the most;
Step 502: determine that described abnormal alarm information is distributed the most;
Step 503: determine whether described abnormal alarm information has started to process;
Step 504: determine that administrative center's verification result to described abnormal alarm information is the most through examination & verification And determine auditing result;
Step 505: determine that described abnormal alarm information is the most processed complete.
Step 404: circulate a notice of process state and the auditing result of described abnormal alarm information in real time.
In the present embodiment, first the processing method of described abnormal alarm information gathers the abnormal alarm on network Information, then carries out authentication to the user of the processing system logging in described abnormal alarm information, is logical Cross the user grants access of authentication, then user described in real-time monitoring analysis is to described abnormal alarm information The process state of operation so that described user can understand the place of described abnormal alarm information quickly and easily Reason process, described method can circulate a notice of the process auditing result of abnormal alarm information simultaneously in real time, convenient each Communication between level administration section.Abnormal alarm information, personnel, flow process etc. are organically combined by described method Get up, improve the treatment effeciency of abnormal alarm information.
Embodiment four
Fig. 6 is the another kind of schematic flow sheet of abnormal alarm information processing method disclosed in the embodiment of the present invention, With reference to shown in Fig. 6, the processing method of abnormal alarm information may include that
Step 601: gather the abnormal alarm information that safety analysis equipment produces;
Step 602: the user of the processing system logging in described abnormal alarm information is carried out authentication, and According to described the result to described user grants access scope;
Step 603: user's process state to described abnormal alarm information operating described in monitoring analysis in real time;
Step 604: circulate a notice of process state and the auditing result of described abnormal alarm information in real time;
Step 605: the statistics type of abnormal alarm information, number of times, time, generation area and/or examination & verification As a result, and export and include the statistics report of described type, number of times, time, generation area and/or auditing result Table;
Step 606: the access behavior of abnormal alarm main frame is monitored point according to described abnormal alarm information Analysis, and go out described abnormal alarm information Producing reason according to described monitoring analysis interpretation of result.
In the present embodiment, first gather the abnormal alarm information on network, then to logging in described abnormal report The user of the processing system of alarming information carries out authentication, for by the user grants access of authentication, User's process state to described abnormal alarm information operating described in real-time monitoring analysis again, it is possible to lead in real time The process auditing result of report abnormal alarm information, facilitates the communication between administration section at different levels so that described use Family can understand the treatment progress of described abnormal alarm information quickly and easily;Further, additionally it is possible to prison The access behavior of abnormal alarm main frame is analyzed in control, analyzes warning Producing reason.The present embodiment is organically Abnormal alarm information, personnel, flow process etc. are combined, improves the treatment effeciency of abnormal alarm information.
Embodiment five
The present embodiment is in the case of administration section is divided into ministerial level, three-level management department provincial, prefecture-level, Specific embodiment abnormal alarm information, personnel and flow process combined, wherein, ministerial level manages Department is highest administration section, and prefecture-level administration section is lowermost level administration section, abnormal alarm information Process state include to be distributed, to be received, pending, process in, treat province examination & verification, save examination & verification do not lead to Cross, save examination & verification pass through, the portion's for the treatment of examination & verification, portion's examination & verification is not passed through, portion's examination & verification is passed through, processed etc. ten The state of kind.Fig. 7 is the state flow chart that ministerial level disclosed in the embodiment of the present invention processes abnormal alarm information, Shown in Figure 7, ministerial level administration section processes the state flow process of abnormal alarm information and may is that
Processing system in described abnormal alarm information has been received by all of abnormal alarm information, and portion When level management personnel have signed in in the processing system of described abnormal alarm event, described abnormal alarm information It is in state to be received;
After ministerial level management personnel have received described abnormal alarm information by operation, enter state to be distributed;
Ministerial level management personnel are by described abnormal alarm information or retain this grade of process, or are distributed to downwards provincial Newly-increased abnormal alarm information, retain this grade process abnormal alarm information transfer armed state to;
Ministerial level management personnel trigger " process " button of the display page, start to process what this grade of reservation processed Abnormal alarm information, described abnormal alarm information transfers state in process to;
Ministerial level administrative center is highest administrative center, and the abnormal alarm information of process need not again through examining Core, the abnormal alarm information being disposed proceeds to processed state;
It is in by the verification result of the provincial pending abnormal alarm information offered in provincial administration section and treats Portion's examination & verification state;
If described provincial pending abnormal alarm information is audited by ministerial level, the portion's of proceeding to examination & verification is passed through State, then proceedes to proceed to processed state;If described provincial pending abnormal alarm information is not led to Crossing ministerial level examination & verification, the portion's of proceeding to examination & verification is not by state, and is automatically issued to provincial newly-increased abnormal alarm letter In breath, enter provincial corresponding flow process.
Fig. 8 is the state flow chart of provincial process abnormal alarm information disclosed in the embodiment of the present invention, sees Shown in Fig. 8, provincial administration section processes the state flow process of abnormal alarm information and may is that
Have been received by, in provincial administration section, abnormal alarm information that ministerial level administration section issues and do not pass through portion The abnormal alarm information of level examination & verification and provincial management personnel have signed in the process of described abnormal alarm event Time in system, described abnormal alarm information is in state to be received;
After provincial management personnel have received described abnormal alarm information by operation, enter state to be distributed;
Provincial management personnel are by described abnormal alarm information or retain this grade of process, or are distributed to downwards districts and cities The newly-increased abnormal alarm information of level, the abnormal alarm information retaining this grade of process transfers armed state to;
Provincial management personnel trigger " process " button of the display page, start to process what this grade of reservation processed Abnormal alarm information, described abnormal alarm information transfers state in process to;
The verification result of the abnormal alarm information that this grade of reservation is processed by provincial management personnel is as provincial pending trial Nuclear information reports to ministerial level examination & verification, proceeds to the portion's for the treatment of examination & verification state;
It is in by the prefecture-level pending information offered in prefecture-level administration section and treats that province audits state;
If described prefecture-level pending information is by provincial examination & verification, proceeds to province's examination & verification and passed through state, so After using the verification result of described abnormal alarm information as provincial pending information reporting to ministerial level audit, turn Enter to treat that portion audits state;If described prefecture-level pending abnormal alarm information is not by provincial examination & verification, Proceed to province's examination & verification and do not pass through state, and be automatically issued in prefecture-level newly-increased abnormal alarm information, enter Prefecture-level corresponding flow process;
If described provincial pending abnormal alarm information is audited by ministerial level, the portion's of proceeding to examination & verification is passed through State, then proceedes to proceed to processed state;If described provincial pending abnormal alarm information is not led to Crossing ministerial level examination & verification, the portion's of proceeding to examination & verification is not by state, and is automatically issued to provincial newly-increased abnormal alarm letter In breath, enter provincial corresponding flow process.
Fig. 9 is the state flow chart of prefecture-level process abnormal alarm information disclosed in the embodiment of the present invention, ginseng As shown in Figure 9, the state flow process of prefecture-level administration section process abnormal alarm information may is that
Have been received by, in prefecture-level administration section, abnormal alarm information that provincial administration section issues and do not pass through The abnormal alarm information of provincial examination & verification and prefecture-level management personnel have signed in described abnormal alarm event Time in processing system, described abnormal alarm information is in state to be received;
After prefecture-level management personnel have received described abnormal alarm information by operation, enter armed state;
Prefecture-level management personnel trigger " process " button of the display page, start to process abnormal alarm information, Described abnormal alarm information transfers state in process to;
The verification result of described abnormal alarm information is examined as prefecture-level pending information reporting to provincial Core, proceeds to treat that province audits state;
If described prefecture-level pending information is by provincial examination & verification, proceeds to province's examination & verification and passed through state, so After using the verification result of described abnormal alarm information as provincial pending information reporting to ministerial level audit, turn Enter to treat that portion audits state;If described prefecture-level pending information is not by provincial examination & verification, proceed to province's examination & verification By state, and be automatically issued in prefecture-level newly-increased abnormal alarm information, enter prefecture-level accordingly Flow process;
If described provincial pending information is audited by ministerial level, the portion's of proceeding to examination & verification is by state, then Continue to proceed to processed state;If described provincial pending abnormal alarm information is not audited by ministerial level, Proceed to portion's examination & verification and do not pass through state, and be automatically issued in provincial newly-increased abnormal alarm information, enter and save The corresponding flow process of level.
During processing abnormal alarm information, can be by communication equipment by the place of abnormal alarm event The abnormal alarm information of reason state and emphasis supervisor is notified to the management personnel being correlated with in time so that each is different The often response of warning message processes more rapidly accurately.
In the present embodiment, the described administration sections at different levels handling process to abnormal alarm event, the most rationally Feasible, and implement convenient and swift, organically abnormal alarm information, personnel, flow process etc. are combined Come, improve the treatment effeciency of abnormal alarm information.
The system and method described in conjunction with the embodiments described herein can directly use hardware, processor The software module performed, or the combination of the two implements.Software module can be placed in random access memory (RAM), internal memory, read only memory (ROM), electrically programmable ROM, electrically erasable In ROM, depositor, hard disk, moveable magnetic disc, CD-ROM or technical field well known to any In the storage medium of other form.
Described above to the disclosed embodiments, makes professional and technical personnel in the field be capable of or uses The present invention.Multiple amendment to these embodiments will be aobvious and easy for those skilled in the art See, generic principles defined herein can without departing from the spirit or scope of the present invention, Realize in other embodiments.Therefore, the present invention is not intended to be limited to the embodiments shown herein, And it is to fit to the widest scope consistent with principles disclosed herein and features of novelty.

Claims (6)

1. the processing system of an abnormal alarm information, it is characterised in that including: information acquisition module, Certificate Authority module, monitoring analysis module and messaging module;
Information acquisition module, for gathering the abnormal alarm information that safety analysis equipment produces;
Certificate Authority module, for carrying out body to the user of the processing system logging in described abnormal alarm information Part checking, and according to described the result to described user grants access scope;
Monitoring analysis module, for user described in real-time monitoring analysis to described abnormal alarm information operating Process state, described process state is the situation that can indicate that described abnormal alarm information processing process;
Messaging module, for the process state of the described abnormal alarm information of circular in real time, it is achieved at different levels Communication between administration section;
Wherein, also include:
Statistics management module, for adding up the type of abnormal alarm information, number of times, time, generation area And/or auditing result, and export include described type, number of times, time, generation area and/or auditing result Statistical report form;
Described monitoring analysis module specifically includes:
Reception determines module, is used for determining that described abnormal alarm information is received the most;
Distribution determines module, is used for determining that described abnormal alarm information is distributed the most;
Process determines module, is used for determining whether described abnormal alarm information has started to process;
Examination & verification determines module, for determining that to the verification result of described abnormal alarm information whether administrative center Through auditing and determining auditing result;
Process terminates to determine module, is used for determining that described abnormal alarm information is the most processed complete.
System the most according to claim 1, it is characterised in that also include:
Abnormal monitoring module, for according to the access behavior to abnormal alarm main frame of the described abnormal alarm information Be monitored analyze, described abnormal alarm main frame be produce described abnormal alarm information there is IP address Equipment.
System the most according to claim 2, it is characterised in that described abnormal monitoring module is additionally operable to:
Interpretation of result according to described monitoring analysis goes out described abnormal alarm information Producing reason.
4. the processing method of an abnormal alarm information, it is characterised in that including:
Gather the abnormal alarm information that safety analysis equipment produces;
The user of the processing system logging in described abnormal alarm information is carried out authentication, and according to described The result is to described user grants access scope;
User's process state to described abnormal alarm information operating described in monitoring analysis, described process in real time State is the situation that can indicate that described abnormal alarm information processing process;
Circulate a notice of the process state of described abnormal alarm information in real time, it is achieved the communication between administration sections at different levels;
Wherein, also include:
The statistics type of abnormal alarm information, number of times, time, generation area and/or auditing result, and defeated Go out the statistical report form including described type, number of times, time, generation area and/or auditing result;
Described in described real-time monitoring analysis, the process state of described abnormal alarm information operating is specifically wrapped by user Include:
Determine that described abnormal alarm information is received the most;
Determine that described abnormal alarm information is distributed the most;
Determine whether described abnormal alarm information has started to process;
Determine that administrative center's verification result to described abnormal alarm information is the most through auditing and determining careful Core result;
Determine that described abnormal alarm information is the most processed complete.
Method the most according to claim 4, it is characterised in that also include:
It is monitored analyzing to the access behavior of abnormal alarm main frame according to described abnormal alarm information, described Abnormal alarm main frame is the equipment with IP address producing described abnormal alarm information.
Method the most according to claim 5, it is characterised in that also include:
Interpretation of result according to described monitoring analysis goes out described abnormal alarm information Producing reason.
CN201110342501.4A 2011-11-02 2011-11-02 The processing system of a kind of abnormal alarm information and method Active CN103095477B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110342501.4A CN103095477B (en) 2011-11-02 2011-11-02 The processing system of a kind of abnormal alarm information and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110342501.4A CN103095477B (en) 2011-11-02 2011-11-02 The processing system of a kind of abnormal alarm information and method

Publications (2)

Publication Number Publication Date
CN103095477A CN103095477A (en) 2013-05-08
CN103095477B true CN103095477B (en) 2016-08-31

Family

ID=48207640

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110342501.4A Active CN103095477B (en) 2011-11-02 2011-11-02 The processing system of a kind of abnormal alarm information and method

Country Status (1)

Country Link
CN (1) CN103095477B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109724663A (en) * 2018-11-15 2019-05-07 华电电力科学研究院有限公司 A method of improving automatic monitoring smoke discharge amount accuracy
CN111918233B (en) * 2020-07-03 2022-09-27 西北工业大学 Anomaly detection method suitable for wireless aviation network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588360A (en) * 2009-07-03 2009-11-25 深圳市安络大成科技有限公司 Associated equipment and method for internal network security management
CN101631040A (en) * 2009-08-24 2010-01-20 国家计算机网络与信息安全管理中心 Real-time monitoring warning system and method of unified management multi-business system
CN101707528A (en) * 2008-06-12 2010-05-12 广东高新兴通信股份有限公司 Method for transmitting alarm data of centralized monitoring system
CN102143017A (en) * 2010-11-25 2011-08-03 中国移动(深圳)有限公司 Service real-time monitoring method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101409888A (en) * 2008-11-20 2009-04-15 浪潮通信信息系统有限公司 Method for monitoring fault ticket in mobile communication network management system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101707528A (en) * 2008-06-12 2010-05-12 广东高新兴通信股份有限公司 Method for transmitting alarm data of centralized monitoring system
CN101588360A (en) * 2009-07-03 2009-11-25 深圳市安络大成科技有限公司 Associated equipment and method for internal network security management
CN101631040A (en) * 2009-08-24 2010-01-20 国家计算机网络与信息安全管理中心 Real-time monitoring warning system and method of unified management multi-business system
CN102143017A (en) * 2010-11-25 2011-08-03 中国移动(深圳)有限公司 Service real-time monitoring method and system

Also Published As

Publication number Publication date
CN103095477A (en) 2013-05-08

Similar Documents

Publication Publication Date Title
CN208227074U (en) Electric power monitoring system network security monitors terminal
CN104660402B (en) A kind of method, apparatus and system verified to terminal
KR101375813B1 (en) Active security sensing device and method for intrusion detection and audit of digital substation
CN104378228B (en) Network data security manages system and method
CN106934274A (en) A kind of weak passwurd detection method, apparatus and system
CN107733863A (en) Daily record adjustment method and device under a kind of distributed hadoop environment
CN103905459A (en) Cloud-based intelligent security defense system and defense method
CN105812200A (en) Abnormal behavior detection method and device
CN111191247A (en) Database security audit system
CN104378364B (en) A kind of Cooperative Analysis method at information security management center
CN110222498A (en) A kind of supervision management system and method based on mobile interchange cloud
CN106713229A (en) Intelligent power grid terminal trusted access system based on user behaviors and intelligent power grid terminal trusted access method thereof
CN103095477B (en) The processing system of a kind of abnormal alarm information and method
CN114021109A (en) System and method for realizing identity authentication and access management of workshop-level industrial control system in tobacco industry
CN103413202A (en) Automatic authorization relation collection method applied to operation and maintenance auditing system
CN110750784B (en) Security prevention and control method and system for automatic vending equipment
CN110049028A (en) Monitor method, apparatus, computer equipment and the storage medium of domain control administrator
CN112312341A (en) Intelligent monitoring method and system for communication of Internet of things of electric power based on block chain
CN104580090B (en) The method and device that security strategy O&M is assessed
CN110119629A (en) Private data management and data safety unified platform
CN111031050B (en) Monitoring method and device for electricity consumption information acquisition system
CN112087301A (en) Gas meter safety certification system based on state cryptographic algorithm
CN116346433A (en) Method and system for detecting network security situation of power system
Cusack et al. Acquisition of evidence from network intrusion detection systems
CN115643573A (en) Privileged account authentication method and system based on dynamic security environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Li Zhipeng

Inventor after: Wang Hongbo

Inventor after: LingHu Yongxing

Inventor before: Li Zhipeng

Inventor before: Wang Hongbo

CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing

Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing

Patentee before: BEIJING TOPWALK INFORMATION TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 100096 101, 1st to 7th floors, Building 3, Yard 6, Jianfeng Road (South Extension), Haidian District, Beijing

Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 100084 2a201, 202, building 2, yard 1, Nongda South Road, Haidian District, Beijing

Patentee before: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.