CN110378115B - Data layer system of information security attack and defense platform - Google Patents
Data layer system of information security attack and defense platform Download PDFInfo
- Publication number
- CN110378115B CN110378115B CN201910683803.4A CN201910683803A CN110378115B CN 110378115 B CN110378115 B CN 110378115B CN 201910683803 A CN201910683803 A CN 201910683803A CN 110378115 B CN110378115 B CN 110378115B
- Authority
- CN
- China
- Prior art keywords
- module
- attack
- data
- behavior
- log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data layer system of an information security attack and defense platform, which comprises a client data interface, a user space module, a data transmission module, a Trojan analysis data module, a production log module, an attack behavior module, a dense network management module, a warning module, a security protection database module, a security protection data cloud space module, a data layer module, a database module and a platform module. According to the data layer device and the system of the information security attack and defense platform, when new data are introduced and output to the cloud platform, automatic information analysis and rapid resource configuration can be realized, rapid change of software and hardware environments and attack and defense means is supported, and the data layer device is provided with the Trojan horse analysis data module, the secret network management module, the warning module and the security protection database module, so that effective data analysis and processing can be performed, daily difficult attack behaviors can be effectively resisted, and the automatic defense effect of the cloud platform is achieved.
Description
Technical Field
The invention relates to an information security attack and defense platform system, in particular to a data layer device and a data layer system of an information security attack and defense platform, and belongs to the technical field of information security attack and defense.
Background
The network security situation at home and abroad is increasingly severe, China pays attention to network security, information security has promoted the national security level, the biggest threats faced by computer networks are attacks of opponents and computer crimes, one is active attack, and the effectiveness and integrity of information are selectively destroyed in various modes; the other type is passive attack, which is to acquire, intercept, steal and decipher important confidential information without influencing the normal work of the network, thereby causing the leakage of confidential data, but as most of the core chip, the operating system, the database, the network equipment and the core technology thereof are mastered and controlled abroad, the security of China is greatly threatened, and the power industry which is the important national civilian foundation is the first to take the lead, in order to reduce the security problems and hidden dangers of the network and the information system, improve the protection capability of the information security, strengthen the security detection and evaluation capability of the network and the information system, deal with the information security threat and make up the defects of the core technology.
With the wide development and application of information technology, the situation of information safety is increasingly severe, the situation of prism gate event, snowden event and heart bleeding loophole refract the situation of international information safety and increase temperature, and under the situation of information safety network battle, the power grid safety protection faces deeper safety threat.
The security problem is becoming more and more serious with the increase of network security products and the advancement of technology. Security threats such as viruses, trojans, hacking, phishing, DDOS, etc. are endlessly characterized. In addition, for the existing loophole of the power information system, social hackers use various methods, such as using a server system to have a weak password, implanting a virus trojan file into the server, so as to steal sensitive information in the power system or tamper website content. Many units do not establish an information security attack and defense exercise platform for simulating hacker attack, the information security protection is weak, and a malicious attacker can acquire sensitive information by using a system vulnerability login system, so that a power supply scheme, a guarantee scheme, a transformer substation building structure diagram, an electric main wiring diagram, an information machine room topological diagram, related sensitive information and the like of a unit power system are leaked.
The data layer system is an important part of the information security attack and defense platform, is a resource library of the information security attack and defense platform, and provides various data, information and tool resources through linkage with other systems of the platform. The operation effectiveness of the data layer system influences whether an information security attack and defense platform can effectively realize network security evaluation, attack and defense confrontation, new product inspection and test, and a series of evaluation and evaluation on aspects such as network architecture, design process, host security, data security and the like.
The applicant searches a large number of patent documents in a patent network in the conception process, for example, Chinese patent application No. CN201510183914.0 discloses 'the invention discloses a data layer system of an information security attack and defense platform, which is provided with a tool library module, a scene configuration library module, a courseware library module, a security information library module, a log library module, an attack behavior library module and a platform library module, wherein a complete, efficient and uniform data layer system is provided for the information security attack and defense platform in a mode of combining virtual equipment and entity equipment through independent operation of seven resource library modules, linkage among the modules and linkage of the modules and external data, so that the information security attack and defense platform is helped to effectively realize network security evaluation, attack and defense countermeasures, new product inspection and test, and a series of evaluation and evaluation on the aspects of network architecture, design process, host security, data security and the like' because Chinese patent application No. CN201510183914.0 discloses a data layer system of the information security attack and defense platform The system is controlled by permission during data access and data output, automated processing is carried out through a preset management flow, and the data is matched and updated with water inlet data of a safety information database module, all the operations are carried out on line in real time by information safety personnel, daily attack and defense data are formed into logs, effective protective measures cannot be carried out according to different attack modes, the problem of data intervention or modification cannot be known at the first time, and the problem that daily trojan horse intervention is resisted automatically and a manager is informed to handle the data cannot be solved.
Disclosure of Invention
The invention mainly aims to provide a data layer device and a system of an information security attack and defense platform, when new data is intervened and output in a cloud platform, the automatic information analysis and the rapid resource configuration can be realized, the rapid change of software and hardware environments and attack and defense means can be supported, a Trojan analysis data module, a dense network management module, a warning module and a security protection database module are arranged for carrying out effective data analysis and processing, daily attack behaviors which are difficult to defend can be effectively resisted, the automatic defense effect of the cloud platform can be achieved, the data leakage can be effectively prevented, the information data security of the cloud platform can be ensured, the attack and defense behaviors of an attack machine and the security protection platform can be respectively monitored, attack and defense behaviors logs are formed, attack and defense behaviors logs are obtained from the attack machine and the security protection platform, key information of the attack and defense behaviors is extracted, and quantitative analysis can be carried out on attack and defense results or reinforced results, carry out quantitative analysis to information security personnel's operating habits from the data aspect, thereby training and leak hunting, make up and leak distribution with pertinence, leak characteristics in a time quantum make analysis or even prejudge, thereby utilize the data that collect to the maximize, and safety protection database module passes through safety protection data cloud space module and updates the latest information data of offending and defending of storage in real time, again by warning module rapid analysis latest change data and notice the administrator, the administrator needs carry out effective safe data analysis to data once more and handles, the effect that can promote cloud platform information data protection greatly.
The purpose of the invention can be achieved by adopting the following technical scheme:
a data layer system of an information security attack and defense platform comprises a client data interface, a user space module, a data transmission module, a Trojan horse analysis data module, a production log module, an attack behavior module, a dense network management module, a warning module, a security protection database module, a security protection data cloud space module, a data layer module, a database module and a platform module;
a user space module: a user enters an operating space environment data reading platform and a data production and data storage system operating interface, wherein the user space module mainly comprises an access module, an IP address configuration identification module and a tool module, the tool module mainly comprises a tool pack module and a tool library interface module, the tool pack module is used for classified storage of tools, the tool interface module is used for deployment of tool data and provides a tool data use interface for the user space module, the access module accesses the cloud platform in a browser mode, the IP address configuration identification module is used for automatically identifying a current access IP address and use equipment, and the tool module is used for the user space module to browse the interface tool for use, wherein the tool pack module comprises a collection tool used for target network detection and partial scanning, scanning loopholes and analyzing the loopholes; the password tool is used for a password dictionary automatic generation tool and remote password disassembly;
trojan analysis data module: the method comprises the following steps of capturing an executable file newly generated or modified by a system by adopting four elements of sample basic information, dangerous authority comment, virus detection and dynamic behavior and a running screenshot to form sample file output, internally arranging a plurality of virus scanning engines to scan and analyze the sample file, and distinguishing known viruses from unknown attacks and capturing and analyzing Trojan horse samples;
a production log module: the data activity change of each module is used, the data is stored in a log form, and the daily log data storage and the log data transmission are used;
an attack behavior module: the system is used for storing all attack behavior data and quickly analyzing key elements of attack behaviors;
the secret network management module: capturing an attack behavior on the cloud platform, wherein the region can identify the existing attack, and identifies unknown attack behavior and unknown malicious codes through characteristics and behaviors to provide safety support for the cloud platform in time;
the warning module: the warning module is mainly composed of a notification warning module and a high-level manager data processing module, the notification warning module is connected with the data layer interface, the warning module searches and analyzes the latest data change information and notifies the high-level manager data processing module, wherein the high-level manager data processing module comprises a user access authority module, a user authority submodule and a user management submodule, the high-level manager data processing module controls the state of the access authority module, the user authority submodule is set and managed due to each authority, the user management submodule is used for managing a platform functional system, and the functional system comprises data addition, updating, deletion, viewing and closing;
the safety protection database module: key elements for storing high-end safety protection data and resisting attack behaviors;
safety protection data cloud space module: the latest comprehensive striking system for the safety protection database extension can utilize a resource sharing technology;
a data layer module: the interfaces used for the modules are connected respectively, the use data is imported and exported to form a resource pool, the use resources are selected from the resource pool according to the needs, and the operation results can be uniformly recorded and stored;
a database module: the system comprises a behavior log database, a behavior log acquisition module, a normalization processing module and a comparison module, wherein the behavior log database is used for storing the behavior log after normalization processing, the database module comprises a reading module, a matching module, an attack behavior log acquisition module and a normalization processing module, the reading module is used for reading attack and defense behavior key information from the behavior production log module, the matching module is used for presetting attack and defense behavior key elements for matching, the attack behavior log acquisition module is used for forming log storage by an execution subject, a behavior execution object, behavior execution time, a behavior execution address, behavior execution actions and a behavior execution mode of an attack behavior, and the normalization processing module is used for performing normalization processing on the attack and defense behavior log and storing the production log module;
a platform module: the method is used for displaying the information data of most information security attack and defense platforms in a centralized manner.
The production log module comprises an attack monitoring module, an attack log obtaining module, a preset attack extraction key module and a log normalization storage module;
an attack monitoring module: respectively monitoring the attack behaviors of a plurality of attack clients to form an attack behavior log;
an attack log obtaining module: acquiring an attack and defense behavior log from an attack client and a protection data layer;
presetting an attack extraction key module: performing normalization processing on the attack and defense behavior logs, and extracting attack and defense behavior key information corresponding to each attack and defense behavior key element from the attack and defense behavior logs according to preset attack and defense behavior key elements;
the log normalization storage module: and storing the attack and defense behavior logs after the normalization processing into a behavior log database.
The data layer module mainly comprises an authentication interface module, a report interface module and a log query interface module;
the authentication interface module is used for sending a user access data query application request to the high-level manager data processing module for authentication;
the report interface module is used for sending a data report query request to the high-level manager data processing module for authentication;
the log query interface module is used for sending a user query data authentication request to the high-level manager data processing module for authentication.
The invention has the beneficial technical effects that:
1. the invention provides a data layer device and a system of an information security attack and defense platform, when new data are intervened and output in a cloud platform, the automatic information analysis and the rapid resource configuration can be realized, the rapid change of software and hardware environments and attack and defense means is supported, effective data analysis and processing are carried out by a Trojan analysis data module, a dense network management module, a warning module and a security protection database module, the daily difficult attack behavior can be effectively resisted, the automatic defense effect of the cloud platform is achieved, the data leakage can be effectively prevented, the information data security of the cloud platform is ensured, the attack and defense behaviors of an attack side machine and the security protection platform can be respectively monitored, an attack and defense behavior log is formed, the attack and defense behavior log is obtained from the attack side machine and the security protection platform, the key information of the attack and defense behavior is extracted, 2, the invention can also carry out quantitative analysis on the attack and defense result or the reinforced result, carry out quantitative analysis to information security personnel's operating habits from the data aspect, thereby training and leak hunting, make up and leak distribution with pertinence, leak characteristics in a time quantum make analysis or even prejudge, thereby utilize the data that collect to the maximize, and safety protection database module passes through safety protection data cloud space module and updates the latest information data of offending and defending of storage in real time, again by warning module rapid analysis latest change data and notice the administrator, the administrator needs carry out effective safe data analysis to data once more and handles, the effect that can promote cloud platform information data protection greatly.
Drawings
FIG. 1 is a system diagram of a preferred embodiment of a data layer apparatus and system for an information security defense platform according to the present invention;
FIG. 2 is a user space system diagram of a preferred embodiment of a data layer apparatus and system of an information security defense platform according to the present invention;
FIG. 3 is a system diagram of a log library of a preferred embodiment of a data layer apparatus and system of an information security defense platform according to the present invention;
FIG. 4 is a diagram of a security intelligence system of a preferred embodiment of a data plane apparatus and system of an information security defense platform according to the present invention;
FIG. 5 is a data layer system diagram of a preferred embodiment of a data layer apparatus and system for an information security defense platform according to the present invention;
fig. 6 is a system diagram of a storage library of a data layer device and system of an information security defense platform according to a preferred embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention more clear and definite for those skilled in the art, the present invention is further described in detail below with reference to the examples and the accompanying drawings, but the embodiments of the present invention are not limited thereto.
In this embodiment, as shown in fig. 1, the data layer device and system of the information security attack and defense platform provided in this embodiment include a client data interface, a user space module, a data transmission module, a Trojan analysis data module, a production log module, an attack behavior module, a dense network management module, a warning module, a security protection database module, a security protection data cloud space module, a data layer module, a database module, and a platform module; a user space module: a user enters an operation space environment data reading platform and an operation interface of a data production and data storage system; trojan analysis data module: the method comprises the steps of capturing an executable file newly generated or modified by a system by adopting four elements of sample basic information, risk evaluation, virus detection and dynamic behavior and a running screenshot to form sample file output, arranging a plurality of virus scanning engines in the executable file, scanning and analyzing the sample file, and distinguishing known viruses from unknown attacks and capturing and analyzing Trojan horse samples; a production log module: the data for each module is actively changed and stored in a log form, and the data are used for daily log data storage and log data transmission; an attack behavior module: the system is used for storing all attack behavior data and quickly analyzing key elements of attack behaviors; the secret network management module: capturing an attack behavior on the cloud platform, wherein the region can identify the existing attack, and identifies unknown attack behavior and unknown malicious codes through characteristics and behaviors to provide safety support for the cloud platform in time; the warning module: the system is used for collecting the change data cloud platform daily and providing safety information warning information; the safety protection database module: key elements for storing high-end safety protection data and resisting attack behaviors; safety protection data cloud space module: the latest comprehensive percussion system for safety protection database extension can utilize resource sharing technology; a data layer module: the interfaces respectively used for the modules are connected, the use data are imported and exported to form a resource pool, the use resources are selected from the resource pool according to the needs, and the operation results can be uniformly recorded and stored; a database module: the system is used for storing the attack and defense behavior logs after normalization processing in a behavior log database; a platform module: the method is used for displaying the information data of most information security attack and defense platforms in a centralized manner.
In this embodiment, as shown in fig. 2, the user space module mainly includes an access module, an IP address configuration identification module, and a tool module, where the access module accesses the cloud platform by using a browser, the IP address configuration identification module is used to automatically identify a currently accessed IP address and a currently used device, and the tool module is used by the user space module to browse an interface tool.
In this embodiment, as shown in fig. 2, the tool module mainly includes a tool kit module and a tool library interface module, the tool kit module is used for storing tools in a classified manner, and the tool interface module is used for deploying tool data and providing a user space module with a tool data use interface.
In this embodiment, as shown in fig. 2, the toolkit module includes a collecting tool for target network detection and partial scanning, scanning vulnerability and analyzing the vulnerability; the password tool is used for automatic password dictionary generation and remote password disassembly.
In this embodiment, as shown in fig. 3, the production log module includes an attack monitoring module, an attack log obtaining module, a preset attack extraction key module, and a log normalization storage module, where the attack monitoring module: respectively monitoring the attack behaviors of a plurality of attack clients to form an attack behavior log; an attack log obtaining module: acquiring an attack and defense behavior log from an attack client and a protection data layer; presetting an attack key extraction module: performing normalization processing on the attack and defense behavior logs, and extracting attack and defense behavior key information corresponding to each attack and defense behavior key element from the attack and defense behavior logs according to preset attack and defense behavior key elements; the log normalization storage module: and storing the attack and defense behavior log after the normalization processing in a behavior log database.
In this embodiment, as shown in fig. 4, the warning module mainly includes a notification warning module and a high-level manager data processing module, the notification warning module is connected to the data layer interface, and the warning module searches and analyzes the latest data change information to notify the high-level manager data processing module.
In this embodiment, as shown in fig. 4, the senior manager data processing module includes a user access right module, a user right submodule, and a user management submodule, the senior manager data processing module controls the state of the access right module, the user right submodule performs setting and management due to various rights, the rights include login, access, and independent access rights of a data layer, the user management submodule is used for managing a platform function system, and the function system includes data addition, update, deletion, viewing, and closing.
In this embodiment, as shown in fig. 5, the data layer module mainly includes an authentication interface module, a report interface module, and a log query interface module; the authentication interface module is used for sending a user access data query application request to the high-level manager data processing module for authentication; the report interface module is used for sending a data report query request to the high-level manager data processing module for authentication; the log query interface module is used for sending a user query data authentication request to the high-level manager data processing module for authentication.
In this embodiment, as shown in fig. 6, the database module includes a reading module, a matching module, an attack behavior log obtaining module, and a normalization processing module, where the reading module is configured to read key information of an attack behavior from the behavior production log module, the matching module is configured to preset key elements of the attack behavior for matching, the attack behavior log obtaining module is configured to form a log storage by an execution subject of the attack behavior, a behavior execution object, a behavior execution time, a behavior execution address, a behavior execution action, and a behavior execution mode, and the normalization processing module is configured to perform normalization processing on the attack behavior log and store the production log module.
To sum up, in this embodiment, when new data is involved and output in the cloud platform, automatic information analysis and resource configuration can be realized, and rapid changes of software and hardware environments and attack and defense means are supported, and a Trojan analysis data module, a dense network management module, a warning module and a security protection database module are provided to perform effective data analysis and processing, so as to effectively counter the difficult daily attack behavior, achieve the automatic defense effect of the cloud platform, effectively prevent data leakage, ensure the information data security of the cloud platform, monitor the attack and defense behaviors of the attack side machine and the security protection platform respectively, form an attack and defense behavior log, obtain the attack and defense behavior log from the attack side machine and the security protection platform, extract key information of the attack and defense behavior log, and perform quantitative analysis on the attack and defense result or the reinforcement result, carry out quantitative analysis to information security personnel's operating habits from the data aspect, thereby training and leak hunting, make up and leak distribution with pertinence, leak characteristics in a time quantum make analysis or even prejudge, thereby utilize the data that collect to the maximize, and safety protection database module passes through safety protection data cloud space module and updates the latest information data of offending and defending of storage in real time, again by warning module rapid analysis latest change data and notice the administrator, the administrator needs carry out effective safe data analysis to data once more and handles, the effect that can promote cloud platform information data protection greatly.
The above description is only for the purpose of illustrating the present invention and is not intended to limit the scope of the present invention, and any person skilled in the art can substitute or change the technical solution of the present invention and its conception within the scope of the present invention.
Claims (3)
1. The utility model provides a data layer system of information security attack and defense platform which characterized in that: the system comprises a client data interface, a user space module, a data transmission module, a Trojan horse analysis data module, a production log module, an attack behavior module, a honeynet management module, a warning module, a safety protection database module, a safety protection data cloud space module, a data layer module, a database module and a platform module;
a user space module: the system comprises an environment data reading platform, a data production and data storage system operation interface, a user space module and a tool module, wherein the environment data reading platform is used for a user to enter an operation space, the user space module mainly comprises an access module, an IP address configuration identification module and a tool library interface module, the tool package module is used for classified storage of tools, the tool interface module is used for deployment of tool data and provides a tool data use interface for the user space module, the access module accesses the cloud platform in a browser mode, the IP address configuration identification module is used for automatically identifying a current access IP address and use equipment, and the tool module is used for the user space module to browse the interface tool for use, wherein the tool package module comprises a collection tool used for target network detection and partial scanning, scanning loopholes and analyzing the loopholes; the password tool is used for a password dictionary automatic generation tool and remote password dismantling;
trojan analysis data module: acquiring four elements of basic information, dangerous authority comment, virus detection and dynamic behavior of a sample and an operation screenshot, capturing an executable file newly generated or modified by a system to form sample file output, internally arranging a plurality of virus scanning engines, scanning and analyzing the sample file, and distinguishing known viruses from unknown attacks and capturing and analyzing Trojan horse samples;
a production log module: the log data storage and log data transmission device is used for storing the data activity change of each module in a log form and storing daily log data and transmitting the log data;
an attack behavior module: the system is used for storing all attack behavior data and quickly analyzing key elements of attack behaviors;
the honey net management module: the attack behavior of the cloud platform is captured, the module can identify the existing attack, and can identify unknown attack behavior and unknown malicious codes through characteristics and behaviors so as to provide safety support for the cloud platform in time;
the warning module: the warning module is mainly composed of a notification warning module and a high-level manager data processing module, the notification warning module is connected with the data layer interface, the warning module searches and analyzes the latest data change information and notifies the high-level manager data processing module, wherein the advanced manager data processing module comprises a user access authority module, a user authority submodule and a user management submodule, the advanced manager data processing module controls the state of the user access authority module, the user authority submodule sets and manages each authority, the user management submodule is used for managing a platform functional system, and the functional system comprises data addition, updating, deletion, viewing and closing;
the safety protection database module: key elements for storing high-end safety protection data and resisting attack behaviors;
safety protection data cloud space module: the latest comprehensive percussion system for safety protection database extension can utilize resource sharing technology;
a data layer module: the system comprises a plurality of modules, a resource pool, a data processing module and a data processing module, wherein the modules are used for connecting interfaces of the modules, importing and exporting use data to form the resource pool, selecting use resources in the resource pool according to needs, and uniformly recording and storing operation results;
a database module: the system comprises a behavior log database, a behavior log generation module, an attack behavior log acquisition module, a normalization processing module and a behavior log storage module, wherein the behavior log database is used for storing an attack and defense behavior log after normalization processing, the database module comprises a reading module, a matching module, an attack behavior log acquisition module and a normalization processing module, the reading module is used for reading attack and defense behavior key information from the behavior log generation module, the matching module is used for matching according to preset attack and defense behavior key elements, the attack behavior log acquisition module is used for forming a log storage by an execution subject, a behavior execution object, a behavior execution time, a behavior execution address, a behavior execution action and a behavior execution mode of an attack behavior, and the normalization processing module is used for performing the attack and defense behavior log normalization processing and storing in the behavior log generation module;
a platform module: the method is used for displaying the information data of most information security attack and defense platforms in a centralized manner.
2. The data layer system of the information security attack and defense platform according to claim 1, characterized in that: the production log module comprises an attack monitoring module, an attack log obtaining module, a preset attack extraction key module and a log normalization storage module;
an attack monitoring module: respectively monitoring the attack behaviors of a plurality of attack client sides to form attack behavior logs;
an attack log obtaining module: acquiring an attack and defense behavior log from an attack client and a protection data layer;
presetting an attack extraction key module: performing normalization processing on the attack and defense behavior logs, and extracting attack and defense behavior key information corresponding to each attack and defense behavior key element from the attack and defense behavior logs according to preset attack and defense behavior key elements;
the log normalization storage module: and storing the attack and defense behavior logs after the normalization processing into a behavior log database.
3. The data layer system of the information security attack and defense platform according to claim 1, characterized in that: the data layer module mainly comprises an authentication interface module, a report interface module and a log query interface module;
the authentication interface module is used for sending a user access data query application request to the high-level manager data processing module for authentication;
the report interface module is used for sending a user query data report request to the advanced manager data processing module for authentication;
the log query interface module is used for sending a user query data authentication request to the high-level manager data processing module for authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910683803.4A CN110378115B (en) | 2019-07-26 | 2019-07-26 | Data layer system of information security attack and defense platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910683803.4A CN110378115B (en) | 2019-07-26 | 2019-07-26 | Data layer system of information security attack and defense platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110378115A CN110378115A (en) | 2019-10-25 |
| CN110378115B true CN110378115B (en) | 2022-08-30 |
Family
ID=68256499
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910683803.4A Active CN110378115B (en) | 2019-07-26 | 2019-07-26 | Data layer system of information security attack and defense platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110378115B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111107090A (en) * | 2019-12-20 | 2020-05-05 | 深圳职业技术学院 | Data layer system of information security attack and defense platform |
| CN114257522B (en) * | 2021-12-21 | 2024-01-12 | 浙江国利网安科技有限公司 | Network security attack and defense demonstration system, method, device and storage medium |
| CN114338143A (en) * | 2021-12-27 | 2022-04-12 | 国网浙江省电力有限公司温州供电公司 | Data layer system of information security attack and defense platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103401886A (en) * | 2013-08-20 | 2013-11-20 | 江苏君立华域信息安全技术有限公司 | Implementation method of information security attack-defense confrontation |
| CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
| CN104778073A (en) * | 2015-04-17 | 2015-07-15 | 广东电网有限责任公司信息中心 | Novel information security attack and defense experiment platform and implementation method thereof |
| CN104809404A (en) * | 2015-04-17 | 2015-07-29 | 广东电网有限责任公司信息中心 | Data layer system of information security attack-defense platform |
-
2019
- 2019-07-26 CN CN201910683803.4A patent/CN110378115B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103401886A (en) * | 2013-08-20 | 2013-11-20 | 江苏君立华域信息安全技术有限公司 | Implementation method of information security attack-defense confrontation |
| CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
| CN104778073A (en) * | 2015-04-17 | 2015-07-15 | 广东电网有限责任公司信息中心 | Novel information security attack and defense experiment platform and implementation method thereof |
| CN104809404A (en) * | 2015-04-17 | 2015-07-29 | 广东电网有限责任公司信息中心 | Data layer system of information security attack-defense platform |
Non-Patent Citations (2)
| Title |
|---|
| 工业控制系统信息安全防护技术研究;康荣保等;《通信技术》;20180810(第08期);第1965-1971页 * |
| 蜜罐系统与安管平台联动结合的研究与实践;邵艾青等;《电信科学》;20171220;第256-261页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110378115A (en) | 2019-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gu et al. | DIAVA: a traffic-based framework for detection of SQL injection attacks and vulnerability analysis of leaked data | |
| CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
| CN110378115B (en) | Data layer system of information security attack and defense platform | |
| CN107046543A (en) | A kind of threat intelligence analysis system traced to the source towards attack | |
| Yi et al. | An intelligent communication warning vulnerability detection algorithm based on IoT technology | |
| Dahbul et al. | Enhancing honeypot deception capability through network service fingerprinting | |
| CN111510463B (en) | Abnormal behavior recognition system | |
| Wang et al. | Using ontologies to perform threat analysis and develop defensive strategies for mobile security | |
| CN113037713A (en) | Network attack resisting method, device, equipment and storage medium | |
| Zou et al. | An approach for detection of advanced persistent threat attacks | |
| Miranda-Calle et al. | Exploratory data analysis for cybersecurity | |
| CN105871775A (en) | Security protection method and DPMA protection model | |
| Subramanian et al. | Modeling and predicting cyber hacking breaches | |
| Limsaiprom et al. | Social network anomaly and attack patterns analysis | |
| Zhao et al. | Network security model based on active defense and passive defense hybrid strategy | |
| Soh et al. | Setting optimal intrusion-detection thresholds | |
| Teeraratchakarn et al. | Automated monitoring and behavior analysis for proactive security operations | |
| Wang et al. | Network attack detection based on domain attack behavior analysis | |
| Flaglien et al. | Identifying malware using cross-evidence correlation | |
| Asante et al. | DIGITAL FORENSIC READINESS FRAMEWORK BASED ON HONEYPOT AND HONEYNET FOR BYOD | |
| CN110933064A (en) | Method and system for determining user behavior track | |
| Kumazaki et al. | Cyber Attack Stage Tracing System based on Attack Scenario Comparison. | |
| Asante et al. | Digital Forensic Readiness Framework Based on Honeypot Technology for BYOD | |
| Subhan et al. | Unveiling Attack Patterns: A Study of Adversary Behavior from Honeypot Data | |
| Li et al. | New Active Defense Technology under the Background of Power Information Network Security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220812 Address after: 518001 2318 Anhui building, 6007 Shennan Avenue, Tian'an community, Shatou street, Futian District, Shenzhen City, Guangdong Province Applicant after: Shenzhen Sanxi Software Technology Co.,Ltd. Address before: Longxi Garden, South Huijing Road, Tianhe District, Guangzhou City, Guangdong Province, 510000 Applicant before: Ding Juxian |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |