CN110740141A - integration network security situation perception method, device and computer equipment - Google Patents
integration network security situation perception method, device and computer equipment Download PDFInfo
- Publication number
- CN110740141A CN110740141A CN201911116397.XA CN201911116397A CN110740141A CN 110740141 A CN110740141 A CN 110740141A CN 201911116397 A CN201911116397 A CN 201911116397A CN 110740141 A CN110740141 A CN 110740141A
- Authority
- CN
- China
- Prior art keywords
- security
- information
- perception
- situation
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses an integrated network security situation perception method, device and computer equipment, which are used for obtaining various security information generated by a monitored asset object and security equipment serving as a monitoring and control engine by butting various security equipment, subsystems and security data sources in a network, analyzing the attack threat degree and the self risk degree of the monitored asset object and a service object according to the security information data, comparing external threat information with internal security information to obtain a network security situation, presenting the security situation by six main dimensions of attack perception, risk perception, vulnerability perception, threat perception, asset perception and operation perception, and carrying out security operation-oriented early warning announcement and disposal according to the network security situation and a preset emergency disposal scheme so as to realize network omnibearing situation perception and response, bring convenience for security operation and maintenance of a company and provide technology and data support for continuous promotion of information security.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an integrated network security situation sensing method, an apparatus and a computer device.
Background
With the continuous development and development of the network, the basic environment of the traditional network is greatly changed, the network structure is more complex, the boundary is more fuzzy, various new security risks are more, the situation of the company network and the information security is increasingly severe and complex,
situational Awareness (situational Awareness) technology refers to the perception, understanding, and prediction of future states of elements or objects in an environment at a particular time and space. When the situation awareness technology is used in an automation and human-computer interface system, awareness (approach) refers to detecting and acquiring important clues or elements in the environment; comprehension (Comprehension) refers to the integration of perceived data and information, analyzing their relevance; prediction (Projection) refers to predicting future trends based on the perception and understanding of environmental information.
With the continuous advancement of informatization, the development of a novel industrial mode represented by industrial internet is vigorous, internet +' becomes a new state of the development of the economic society of China, a power grid system is the most important national key information infrastructure, once suffers from network attack, the normal development of national economy is seriously affected, and the loss is immeasurable.
Disclosure of Invention
The invention aims to provide an integrated network security situation sensing method, device and computer equipment, which realize network all-dimensional situation sensing and response, bring convenience to the security operation and maintenance of companies and provide technical and data support for the continuous improvement of information security.
In order to achieve the purpose, the invention adopts the following technical scheme:
the invention provides a integrated network security situation awareness method in an aspect, which comprises the following steps:
acquiring various security information generated by the monitored asset object and the security equipment serving as a monitoring management and control engine by butting various security equipment, subsystems and security data sources in a network;
analyzing the attack threat and self risk degree of the monitored asset object and the service object according to the safety information data, and comparing external threat information with internal safety information to obtain a network safety situation;
presenting the security situation through attack perception, risk perception, vulnerability perception, threat perception, asset perception and operation perception;
and according to the network security situation, carrying out safety operation and maintenance oriented early warning notification and disposal according to a preset emergency disposal scheme.
With reference to the , in an possible implementation manner of the , the acquiring various types of security information generated by the monitored asset object and the security device serving as the monitoring management and control engine by interfacing various types of security devices, subsystems and security data sources in the network specifically includes:
heterogeneous event logs reported by various devices or security subsystems are collected, and structured and unstructured massive security log information is collected in parallel;
performing normalization processing on various collected logs, and converting the multi-source logs into a description form of a system by using normalization fields and/or spare extension fields provided by the system;
and indexing the formatted log data, extracting the lemma of the original log text full text, and indexing the extracted lemma to realize indexing of the formatted field and the full text.
With reference to the aspect, in a second possible implementation manner of the aspect, the analyzing attack threats and self risk degrees of the monitored asset objects and the service objects according to the security information data, and comparing external threat information with internal security information to obtain a network security situation specifically includes:
the data processing technology based on the big data architecture adopts distributed information processing and index nodes, distributes the comparison analysis processing tasks to a plurality of processing nodes for parallel operation, and the management center node sorts and retrieves the processing results.
With reference to the aspect, in a third possible implementation manner of the aspect, the data processing technology based on a big data architecture adopts distributed information processing and index nodes, distributes a comparison analysis processing task to a plurality of processing nodes for parallel operation, and orchestrates and retrieves a processing result by a management center node, which specifically includes:
specific large-scale data statistics as well as threat potential analysis and desktop analysis, including batch statistics analysis, risk calculation analysis, real-time/historical association analysis, threat KPI analysis, trend analysis, full-text retrieval analysis, are performed using data analysis processing engines including, but not limited to, streaming computing engines, CEP engines, mining analysis engines, full-text retrieval engines, association analysis engines, contextual computing engines, and backtracking engines.
With reference to the , in a fourth possible implementation manner of the , the presenting a security situation through attack perception, risk perception, vulnerability perception, threat perception, asset perception, and operation perception specifically includes:
performing visual presentation on the sources, targets, scales, influences and results of all attack behaviors;
visually presenting the comprehensive security situation;
combing the assets and the business objects, and presenting the security situation from the perspective of the assets and the business objects to be monitored;
visually presenting vulnerability and vulnerability information which is exposed and utilized with high probability of each layer in the network;
visually presenting a potential threat source, external attack threat information and external vulnerability information;
and displaying the asset and service operation situation from the abnormal and threat information and the operation log of the asset and service system.
With reference to the , in a fifth possible implementation manner of the , the performing, according to the network security situation and according to a preset emergency disposal scheme, safety operation and maintenance oriented early warning notification and disposal specifically includes:
triggering alarm or early warning through a triggering rule, and triggering alarm or early warning by taking various types of safety information or situation analysis results as conditions;
and informing the triggered alarm and early warning information to related responsible personnel through various notification modes.
The invention provides an integrated network security situation awareness device in a second aspect, comprising:
the safety information acquisition module is used for acquiring various safety information generated by the monitored asset object and the safety equipment serving as the monitoring management and control engine by butting various safety equipment, subsystems and safety data sources in the network;
the network security situation acquisition module analyzes the attack threat of the monitored asset object and the service object and the self risk degree according to the security information data, and compares external threat information with internal security information to obtain a network security situation;
the security situation presentation module is used for presenting the security situation through attack perception, risk perception, vulnerability perception, threat perception, asset perception and operation perception;
and the early warning notice processing module is used for carrying out early warning notice and disposal facing to safe operation and maintenance according to the network safety situation and a preset emergency disposal scheme.
The -based cyber security situation awareness apparatus according to the second aspect of the present invention can implement the method according to the aspect, and achieve the same effects.
A third aspect of the present invention provides computer apparatus comprising a processor and a memory coupled to the processor, the memory storing a plurality of instructions that are loadable and executable by the processor to enable the processor to perform a network security situation awareness method.
The effect provided in the summary of the invention is only the effect of the embodiment, not all the effects of the invention, and technical solutions in the above technical solutions have the following advantages or beneficial effects:
according to the integrated network security situation perception method, the device and the computer equipment, the situation perception analysis and the presentation are carried out on various kinds of massive security element information of the whole network in a centralized mode, then the warning or the early warning is triggered by taking various kinds of security information or situation analysis results as conditions, finally related personnel are notified, and the response is rapidly carried out, so that the situation perception system which realizes perception, analysis, early warning and rapid treatment integrated intelligence is formed.
Drawings
FIG. 1 is a flow chart of an embodiment of the method of the present invention;
FIG. 2 is a schematic diagram of an embodiment of the apparatus of the present invention.
Detailed Description
The invention is described in detail below with reference to specific embodiments and examples for achieving different structures of the invention, in order to simplify the disclosure of the invention, furthermore, reference numerals and/or letters may be repeated in different examples, the repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or arrangements discussed.
The method provided by the invention can be implemented in the environment of a terminal which can comprise or more components including a processor, a memory and a display screen, wherein the memory stores at least instructions which are loaded and executed by the processor to implement the network security situation awareness method described in the following embodiments.
The processor, which may include or more processing cores, connects various parts throughout the terminal using various interfaces and lines, and performs various functions of the terminal and processes data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory, and calling data stored in the memory.
The Memory may include a Random Access Memory (RAM) or a Read-Only Memory (Read-Only Memory). The memory may be used to store instructions, programs, code sets, or instructions.
The display screen is used for displaying user interfaces of all the application programs.
In addition, those skilled in the art will appreciate that the above-described terminal configurations are not intended to be limiting, and that the terminal may include more or fewer components, or some components may be combined, or a different arrangement of components. For example, the terminal further includes a radio frequency circuit, an input unit, a sensor, an audio circuit, a power supply, and other components, which are not described herein again.
As shown in fig. 1, the method for sensing network security situation includes the following steps:
s1, acquiring various safety information generated by the monitored asset object and the safety equipment serving as a monitoring management and control engine by butting various safety equipment, subsystems and safety data sources in the network;
s2, analyzing the attack threat and self risk degree of the monitored asset object and the service object according to the safety information data, and comparing external threat information with internal safety information to obtain a network safety situation;
s3, presenting the security situation through attack perception, risk perception, vulnerability perception, threat perception, asset perception and operation perception;
and S4, according to the network security situation, carrying out early warning announcement and disposal for security operation and maintenance according to a preset emergency disposal scheme.
As embodiments of the present invention, in step S1, the acquiring of monitored asset objects and various types of security information generated by the security devices serving as the monitoring management and control engine by interfacing various types of security devices, subsystems, and security data sources in the network specifically includes:
and S11, collecting heterogeneous event logs reported by various devices or security subsystems, and realizing the collection of structured and unstructured massive security log information in parallel.
The network security situation awareness system acquires various security element information influencing the network environment security situation by butting various security devices, subsystems and security data sources in a network, wherein the security element information comprises attack information, object weakness information, system operation information and external threat information.
Wherein, the attack information comprises: network layer attack information, injection attack information, virus attack information, buffer overflow attack information and distributed denial of service attack information; object vulnerability class information includes: system vulnerability information, network vulnerability information, configuration vulnerability information; the system operation class information comprises: state exception information, operation exception information and flow access exception information; the external threat intelligence information includes: vulnerability intelligence information, threat intelligence information.
The data acquisition part of the network security situation awareness system is responsible for acquiring various security information generated by monitored asset objects in the network and security equipment serving as a monitoring management and control engine.
The security data acquisition module can collect heterogeneous event logs reported by various devices or security subsystems, and can also collect structured and unstructured massive security information in parallel, wherein the structured data is butted by series standard logs and structured information collection service interfaces, including but not limited to Syslog, SNMP Trap, WMI and the like, the collectable security element information comprises security events, operation logs, performance data and other information, the unstructured data consists of series documents or file collection APIs, and the information of vulnerability results, WEB/XML/texts and the like and various information data can be collected.
The system can be internally provided with log support for most common manufacturers and equipment types in the industry, and can also provide a convenient and flexible extension mechanism for management objects which are not supported at present, only log samples and communication protocol modes of the management objects are obtained, log analysis files in XML format are compiled and imported into the system, and the log collection capability of the management objects can be obtained without encoding.
In order to collect log information of various manufacturers and various types to the maximum extent, the system does not force what log protocol the management object has to have, but supports collecting logs in a plurality of protocol modes. These protocols include, but are not limited to: syslog, SNMP Trap, FTP, OPSEC LEA, NETBIOS, ODBC, WMI, Shell script, VIP, Web Service, and the like.
In the invention, the network security situation awareness system can be provided with a log collection function, and simultaneously supports distributed deployment of a plurality of log collectors in a user network, so that the log information of the management object is collected nearby, and the logs are normalized, classified, filtered and merged and then are gathered to the management center, thereby realizing the log collection of the distributed management object and effectively reducing the bandwidth occupation of log streams in the network.
S12, performing normalization processing on the collected various logs, and converting the multi-source logs into a description form of the system by using normalization fields and/or spare extension fields provided by the system.
The system provides normal fields including log receiving time, log generating time, log duration, user name, source address, source MAC address, source port, operation, destination address, destination MAC address, destination port, log event name, abstract, grade, original type, network protocol, network application protocol, equipment address, equipment name, equipment type, etc. besides, the system can also provide a plurality of spare fields for the analysis of the log personnel in high grade, the number of the fields can be dozens, and the quantity can be expanded according to the requirement of the security manager, so that stronger log description information is provided, the log after normal form is thorough and easy to read, the log information after normal form can further satisfy the complex multidimensional statistical analysis and audit requirement, the security technical personnel also can perform manual processing on each kind of log according to the best practice and related technical standards, and the log information of each kind of log is added into the description form of the system , so that the log information is more comprehensive.
In addition, the system can keep the original logs intact for investigation and evidence collection. The security analyst can also directly perform full-text retrieval on the original log.
And S13, indexing the formatted log data, extracting the lemma of the original full log text, and indexing the extracted lemma to realize indexing of the formatted field and the full text.
The full-text index does not limit the data format of the original log, can automatically analyze the collected heterogeneous log, and can still provide flexible and convenient analysis tools for safety analysts through the full-text index technology even if the system does not carry out formal description on the collected log, thereby greatly improving the flexible convenience of using the system.
In the practical application process, various information acquisition interfaces opened by the system are used for acquiring and summarizing the safety data monitored by the safety equipment or the system of any type of manufacturer, general acquisition of the safety data is realized through the information acquisition interfaces with rich and high compatibility, the manufacturer or the model of the safety equipment is not limited, and the safety data is finally integrated into a system safety element information analysis and display system of the platform to form complete and comprehensive station-type situation perception capability.
The system can carry out all-around fine-grained monitoring on various monitored objects and has rich monitoring indexes. The administrator can check the monitoring index information through rich visual charts; an alarm threshold value can be set for the monitoring index; data of the monitoring indexes can be stored and subjected to historical analysis.
Below the system security element acquisition layer are security devices and systems of various manufacturers in the organization network and a large number of IT assets to be protected and monitored. The massive safety monitoring data and operation logs which can be generated by the equipment and the assets, including external threat information, are collected and summarized through various information collection interfaces opened by the situation awareness system. The method realizes an important link in situation awareness for acquiring the information of the elements which possibly influence the security situation, namely reasonably integrates various security protection resources which are or will be built in the environment to form a security information source, and is the basis for realizing a complete omnibearing situation awareness system.
As embodiments of the present invention, in step S2, the monitored asset object and the service object are analyzed according to the security information data to obtain the network security posture by comparing the external threat information with the internal security information, which specifically includes:
the data processing technology based on the big data architecture adopts distributed information processing and index nodes, distributes the comparison analysis processing tasks to a plurality of processing nodes for parallel operation, and the management center node sorts and retrieves the processing results.
On the basis of gathering massive multi-directional security element information, the situation awareness platform system integrates the data, analyzes the data facing the cognition and monitoring of the overall security situation, and comprises the analysis of the attack threat and the self risk degree of assets and business objects, the analysis of the attack process and the attack target of complex attack, the analysis of the damage and the influence range of the attack, the analysis of attack threat traceability, the comparison analysis of external threat information and internal security information and the like. These analytical processing tasks will provide support for data and computational tasks for the upper-level posture presentation.
The security situation analysis module provides big data analysis computing power required by the situation awareness system in the processes of security monitoring, threat analysis and situation analysis. The module is based on a data processing technology of a big data framework, adopts distributed information processing and index nodes, can distribute heavy analysis processing tasks to a plurality of processing nodes for parallel operation, and is used for overall planning and calling processing results by a management center node. The architecture can dynamically expand or reduce nodes according to the scale of data analysis, has good flexibility, and can complete analysis processing of mass data according to actual requirements.
In the invention, in order to deal with various analysis and operation scenes, the module can provide series data analysis and processing engines as required, including but not limited to a stream type calculation engine, a CEP engine, a mining analysis engine, a full text retrieval engine, an association analysis engine, a situation calculation engine and a backtracking engine.
As embodiments of the present invention, in step S3, the security posture is presented through attack perception, risk perception, vulnerability perception, threat perception, asset perception, and operation perception, which specifically includes:
performing visual presentation on the sources, targets, scales, influences and results of all attack behaviors;
visually presenting the comprehensive security situation;
combing the assets and the business objects, and presenting the security situation from the perspective of the assets and the business objects to be monitored;
visually presenting vulnerability and vulnerability information which is exposed and utilized with high probability of each layer in the network;
visually presenting a potential threat source, external attack threat information and external vulnerability information;
and displaying the asset and service operation situation from the abnormal and threat information and the operation log of the asset and service system.
In the practical application process, all the safety element information can be collected and processed around the six main dimensions, namely all the data analysis and visual presentation can be carried out in the corresponding dimensions in the situation awareness process, so that the situation awareness information processing system which is huge and complex can be understood and constructed in different dimensions.
As embodiments of the present invention, in step S4, according to the network security situation, performing security operation and maintenance oriented early warning notification and disposal according to a preset emergency disposal scheme, specifically including:
s41, triggering alarm or early warning through a triggering rule, and triggering alarm or early warning by taking various types of safety information or situation analysis results as conditions;
and S42, informing the triggered alarm and early warning information to related responsible personnel through various notification modes.
The situation perception system can inform and handle the discovered safety problems and related early warnings through an early warning informing and handling module arranged in the system through situation analysis and situation presentation, alarms or early warnings are triggered through a triggering rule, various types of safety information or situation analysis results serve as conditions to trigger the alarms or early warnings, the triggered early warnings and alarm information have a special presentation interface, and the interface can provide functions of inquiring, tracing alarm events and the like and support graphical presentation of alarm levels and trends.
The early warning notification and handling module supports that triggered warning and early warning information is rapidly notified to related responsible personnel through various notification modes, so that the related personnel can know safety threats and situation early warning in real time, and response is conveniently and rapidly made. The supported announcement methods include: prompt box, short message, mail, script linkage, flying pigeon book transmission and the like.
The situation awareness system supports a mode of processing safety problems in a work order flow through any alarm, early warning or safety event, the safety problems are placed in a well-defined handling flow and are operated by appointed personnel and standard steps.
As shown in fig. 2, the -based network security situation awareness apparatus includes:
the safety information acquisition module 11 is used for acquiring various safety information generated by the monitored asset object and the safety equipment serving as a monitoring management and control engine by butting various safety equipment, subsystems and safety data sources in a network;
the network security situation acquisition module 12 is used for analyzing the attack threat of the monitored asset object and the service object and the self risk degree according to the security information data, and comparing external threat information with internal security information to obtain a network security situation;
the security situation presentation module 13 is used for presenting the security situation through attack perception, risk perception, vulnerability perception, threat perception, asset perception and operation perception;
and the early warning notification processing module 14 is used for carrying out early warning notification and disposal facing to the safe operation and maintenance according to the network safety situation and a preset emergency disposal scheme.
The invention also provides computer equipment, which includes a processor and a memory connected with the processor, the memory stores a plurality of instructions, the instructions can be loaded and executed by the processor, so that the processor can execute the network security situation awareness method in the above embodiment.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.
Claims (8)
1, integration network security situation perception method, characterized by comprising the following steps:
acquiring various security information generated by the monitored asset object and the security equipment serving as a monitoring management and control engine by butting various security equipment, subsystems and security data sources in a network;
analyzing the attack threat and self risk degree of the monitored asset object and the service object according to the safety information data, and comparing external threat information with internal safety information to obtain a network safety situation;
presenting the security situation through attack perception, risk perception, vulnerability perception, threat perception, asset perception and operation perception;
and according to the network security situation, carrying out safety operation and maintenance oriented early warning notification and disposal according to a preset emergency disposal scheme.
2. The -based network security situation awareness method as claimed in claim 1, wherein the acquiring of the monitored asset object and the various types of security information generated by the security device serving as the monitoring management and control engine by interfacing various types of security devices, subsystems and security data sources in the network specifically comprises:
heterogeneous event logs reported by various devices or security subsystems are collected, and structured and unstructured massive security log information is collected in parallel;
performing normalization processing on various collected logs, and converting the multi-source logs into a description form of a system by using normalization fields and/or spare extension fields provided by the system;
and indexing the formatted log data, extracting the lemma of the original log text full text, and indexing the extracted lemma to realize indexing of the formatted field and the full text.
3. The -based network security situation awareness method as claimed in claim 1, wherein the analyzing the monitored asset object and business object against attack threat and risk degree according to the security information data, and comparing external threat information with internal security information to obtain the network security situation comprises:
the data processing technology based on the big data architecture adopts distributed information processing and index nodes, distributes the comparison analysis processing tasks to a plurality of processing nodes for parallel operation, and the management center node sorts and retrieves the processing results.
4. The -based network security situation awareness method of claim 3, wherein the big data architecture-based data processing technology employs distributed information processing and index nodes, distributes the tasks of comparison analysis and processing to a plurality of processing nodes for parallel operation, and integrates and retrieves the processing results by a management center node, and specifically comprises:
specific large-scale data statistics as well as threat potential analysis and desktop analysis, including batch statistics analysis, risk calculation analysis, real-time/historical association analysis, threat KPI analysis, trend analysis, full-text retrieval analysis, are performed using data analysis processing engines including, but not limited to, streaming computing engines, CEP engines, mining analysis engines, full-text retrieval engines, association analysis engines, contextual computing engines, and backtracking engines.
5. The -based network security posture sensing method of claim 1, wherein the presenting of security posture through attack sensing, risk sensing, vulnerability sensing, threat sensing, asset sensing, and operation sensing specifically comprises:
performing visual presentation on the sources, targets, scales, influences and results of all attack behaviors;
visually presenting the comprehensive security situation;
combing the assets and the business objects, and presenting the security situation from the perspective of the assets and the business objects to be monitored;
visually presenting vulnerability and vulnerability information which is exposed and utilized with high probability of each layer in the network;
visually presenting a potential threat source, external attack threat information and external vulnerability information;
and displaying the asset and service operation situation from the abnormal and threat information and the operation log of the asset and service system.
6. The -based network security situation awareness method according to claim 1, wherein the performing, according to the network security situation, safety operation and maintenance-oriented early warning notification and disposal according to a preset emergency disposal scheme specifically includes:
triggering alarm or early warning through a triggering rule, and triggering alarm or early warning by taking various types of safety information or situation analysis results as conditions;
and informing the triggered alarm and early warning information to related responsible personnel through various notification modes.
7, integration network security situation perception device, characterized by, includes:
the safety information acquisition module is used for acquiring various safety information generated by the monitored asset object and the safety equipment serving as the monitoring management and control engine by butting various safety equipment, subsystems and safety data sources in the network;
the network security situation acquisition module analyzes the attack threat of the monitored asset object and the service object and the self risk degree according to the security information data, and compares external threat information with internal security information to obtain a network security situation;
the security situation presentation module is used for presenting the security situation through attack perception, risk perception, vulnerability perception, threat perception, asset perception and operation perception;
and the early warning notice processing module is used for carrying out early warning notice and disposal facing to safe operation and maintenance according to the network safety situation and a preset emergency disposal scheme.
A computer device of , comprising a processor and a memory coupled to the processor, the memory storing a plurality of instructions, the instructions being loadable and executable by the processor to enable the processor to perform the network security situation awareness method of any of claims 1-6 and .
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911116397.XA CN110740141A (en) | 2019-11-15 | 2019-11-15 | integration network security situation perception method, device and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911116397.XA CN110740141A (en) | 2019-11-15 | 2019-11-15 | integration network security situation perception method, device and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110740141A true CN110740141A (en) | 2020-01-31 |
Family
ID=69272930
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911116397.XA Pending CN110740141A (en) | 2019-11-15 | 2019-11-15 | integration network security situation perception method, device and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110740141A (en) |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111510428A (en) * | 2020-03-09 | 2020-08-07 | 联通(广东)产业互联网有限公司 | Security resource operation and maintenance platform system and control method |
| CN111726355A (en) * | 2020-06-17 | 2020-09-29 | 科技谷(厦门)信息技术有限公司 | Network security situation perception system based on big data |
| CN111770085A (en) * | 2020-06-28 | 2020-10-13 | 杭州安恒信息技术股份有限公司 | Network security system, method, equipment and medium |
| CN112039862A (en) * | 2020-08-21 | 2020-12-04 | 公安部第一研究所 | Multi-dimensional stereo network-oriented security event early warning method |
| CN112149120A (en) * | 2020-09-30 | 2020-12-29 | 南京工程学院 | Transparent transmission type double-channel electric power Internet of things safety detection system |
| CN112215505A (en) * | 2020-10-19 | 2021-01-12 | 国网山东省电力公司电力科学研究院 | Data security intelligent management and control platform suitable for electric power industry |
| CN112261034A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection system based on enterprise intranet |
| CN112261033A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection method based on enterprise intranet |
| CN112596984A (en) * | 2020-12-30 | 2021-04-02 | 国家电网有限公司大数据中心 | Data security situation sensing system under weak isolation environment of service |
| CN112651006A (en) * | 2020-12-07 | 2021-04-13 | 中国电力科学研究院有限公司 | Power grid security situation perception platform framework |
| CN112738063A (en) * | 2020-12-25 | 2021-04-30 | 山东钢铁集团日照有限公司 | Industrial control system network safety monitoring platform |
| CN112799956A (en) * | 2021-02-07 | 2021-05-14 | 杭州迪普科技股份有限公司 | Asset identification capability test method, device and system device |
| CN112953952A (en) * | 2021-03-02 | 2021-06-11 | 青岛海尔工业智能研究院有限公司 | Industrial security situation awareness method, platform, electronic device and storage medium |
| CN113014585A (en) * | 2021-03-03 | 2021-06-22 | 青岛海尔工业智能研究院有限公司 | Industrial security threat monitoring method, platform, electronic device and storage medium |
| CN113329017A (en) * | 2021-05-28 | 2021-08-31 | 江苏骏安信息测评认证有限公司 | Network security risk detection system and method |
| CN113472788A (en) * | 2021-06-30 | 2021-10-01 | 深信服科技股份有限公司 | Threat awareness method, system, equipment and computer readable storage medium |
| CN113709170A (en) * | 2021-09-01 | 2021-11-26 | 京东科技信息技术有限公司 | Asset safe operation system, method and device |
| CN113726780A (en) * | 2021-08-31 | 2021-11-30 | 平安科技(深圳)有限公司 | Network monitoring method and device based on situation awareness and electronic equipment |
| CN113938401A (en) * | 2021-08-27 | 2022-01-14 | 天津七所精密机电技术有限公司 | Naval vessel network security visualization system |
| CN114240013A (en) * | 2021-07-30 | 2022-03-25 | 北京永信至诚科技股份有限公司 | Key information infrastructure-oriented defense command method and system |
| CN114640548A (en) * | 2022-05-18 | 2022-06-17 | 宁波市镇海区大数据投资发展有限公司 | Network security sensing and early warning method and system based on big data |
| CN114745407A (en) * | 2022-04-28 | 2022-07-12 | 广东电网有限责任公司 | Security situation sensing method, device, equipment and medium for power internet of things |
| CN114785593A (en) * | 2022-04-21 | 2022-07-22 | 中网信安科技有限公司 | Controlled network space construction method |
| CN114928531A (en) * | 2022-05-06 | 2022-08-19 | 广西电网有限责任公司 | Network security integrated intelligent protection method and device, robot and medium |
| CN115001792A (en) * | 2022-05-27 | 2022-09-02 | 北京双湃智安科技有限公司 | Accuracy evaluation method for learning industrial Internet security perception system |
| CN115021953A (en) * | 2022-04-18 | 2022-09-06 | 广西电网有限责任公司电力科学研究院 | Network security monitoring device |
| CN115051879A (en) * | 2022-08-17 | 2022-09-13 | 珠海市鸿瑞信息技术股份有限公司 | Data analysis system of network security situation perception system based on machine learning |
| CN115134131A (en) * | 2022-06-20 | 2022-09-30 | 中能融合智慧科技有限公司 | Situation awareness-based Internet of things communication transmission system |
| CN115296860A (en) * | 2022-07-15 | 2022-11-04 | 智己汽车科技有限公司 | Vehicle safety operation and maintenance operation system based on central computing platform and vehicle |
| CN115567258A (en) * | 2022-09-16 | 2023-01-03 | 中国联合网络通信集团有限公司 | Network security situation awareness method, system, electronic device and storage medium |
| CN116016215A (en) * | 2022-12-30 | 2023-04-25 | 北京明朝万达科技股份有限公司 | Network security situation awareness method and device, storage medium and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867498A (en) * | 2009-04-17 | 2010-10-20 | 中国科学院软件研究所 | Network security situation evaluating method |
| US20140013434A1 (en) * | 2012-07-05 | 2014-01-09 | Tenable Network Security, Inc. | System and method for strategic anti-malware monitoring |
| CN105553957A (en) * | 2015-12-09 | 2016-05-04 | 国家电网公司 | Network safety situation awareness early-warning method and system based big data |
| CN106778253A (en) * | 2016-11-24 | 2017-05-31 | 国家电网公司 | Threat context aware information security Initiative Defense model based on big data |
| CN108494810A (en) * | 2018-06-11 | 2018-09-04 | 中国人民解放军战略支援部队信息工程大学 | Network security situation prediction method, apparatus and system towards attack |
-
2019
- 2019-11-15 CN CN201911116397.XA patent/CN110740141A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867498A (en) * | 2009-04-17 | 2010-10-20 | 中国科学院软件研究所 | Network security situation evaluating method |
| US20140013434A1 (en) * | 2012-07-05 | 2014-01-09 | Tenable Network Security, Inc. | System and method for strategic anti-malware monitoring |
| CN105553957A (en) * | 2015-12-09 | 2016-05-04 | 国家电网公司 | Network safety situation awareness early-warning method and system based big data |
| CN106778253A (en) * | 2016-11-24 | 2017-05-31 | 国家电网公司 | Threat context aware information security Initiative Defense model based on big data |
| CN108494810A (en) * | 2018-06-11 | 2018-09-04 | 中国人民解放军战略支援部队信息工程大学 | Network security situation prediction method, apparatus and system towards attack |
Cited By (42)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111510428A (en) * | 2020-03-09 | 2020-08-07 | 联通(广东)产业互联网有限公司 | Security resource operation and maintenance platform system and control method |
| CN111726355A (en) * | 2020-06-17 | 2020-09-29 | 科技谷(厦门)信息技术有限公司 | Network security situation perception system based on big data |
| CN111770085A (en) * | 2020-06-28 | 2020-10-13 | 杭州安恒信息技术股份有限公司 | Network security system, method, equipment and medium |
| CN112039862B (en) * | 2020-08-21 | 2022-12-27 | 公安部第一研究所 | Multi-dimensional stereo network-oriented security event early warning method |
| CN112039862A (en) * | 2020-08-21 | 2020-12-04 | 公安部第一研究所 | Multi-dimensional stereo network-oriented security event early warning method |
| CN112149120A (en) * | 2020-09-30 | 2020-12-29 | 南京工程学院 | Transparent transmission type double-channel electric power Internet of things safety detection system |
| CN112215505A (en) * | 2020-10-19 | 2021-01-12 | 国网山东省电力公司电力科学研究院 | Data security intelligent management and control platform suitable for electric power industry |
| CN112261034A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection system based on enterprise intranet |
| CN112261033A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection method based on enterprise intranet |
| CN112651006A (en) * | 2020-12-07 | 2021-04-13 | 中国电力科学研究院有限公司 | Power grid security situation perception platform framework |
| CN112651006B (en) * | 2020-12-07 | 2023-08-25 | 中国电力科学研究院有限公司 | Power grid security situation sensing system |
| CN112738063A (en) * | 2020-12-25 | 2021-04-30 | 山东钢铁集团日照有限公司 | Industrial control system network safety monitoring platform |
| CN112596984A (en) * | 2020-12-30 | 2021-04-02 | 国家电网有限公司大数据中心 | Data security situation sensing system under weak isolation environment of service |
| CN112799956B (en) * | 2021-02-07 | 2023-05-23 | 杭州迪普科技股份有限公司 | Asset identification capability test method, device and system device |
| CN112799956A (en) * | 2021-02-07 | 2021-05-14 | 杭州迪普科技股份有限公司 | Asset identification capability test method, device and system device |
| CN112953952A (en) * | 2021-03-02 | 2021-06-11 | 青岛海尔工业智能研究院有限公司 | Industrial security situation awareness method, platform, electronic device and storage medium |
| CN113014585A (en) * | 2021-03-03 | 2021-06-22 | 青岛海尔工业智能研究院有限公司 | Industrial security threat monitoring method, platform, electronic device and storage medium |
| CN113329017A (en) * | 2021-05-28 | 2021-08-31 | 江苏骏安信息测评认证有限公司 | Network security risk detection system and method |
| CN113472788A (en) * | 2021-06-30 | 2021-10-01 | 深信服科技股份有限公司 | Threat awareness method, system, equipment and computer readable storage medium |
| CN113472788B (en) * | 2021-06-30 | 2023-09-08 | 深信服科技股份有限公司 | Threat perception method, threat perception system, threat perception equipment and computer-readable storage medium |
| CN114240013A (en) * | 2021-07-30 | 2022-03-25 | 北京永信至诚科技股份有限公司 | Key information infrastructure-oriented defense command method and system |
| CN113938401A (en) * | 2021-08-27 | 2022-01-14 | 天津七所精密机电技术有限公司 | Naval vessel network security visualization system |
| CN113726780B (en) * | 2021-08-31 | 2022-10-11 | 平安科技(深圳)有限公司 | Network monitoring method and device based on situation awareness and electronic equipment |
| CN113726780A (en) * | 2021-08-31 | 2021-11-30 | 平安科技(深圳)有限公司 | Network monitoring method and device based on situation awareness and electronic equipment |
| CN113709170A (en) * | 2021-09-01 | 2021-11-26 | 京东科技信息技术有限公司 | Asset safe operation system, method and device |
| CN115021953A (en) * | 2022-04-18 | 2022-09-06 | 广西电网有限责任公司电力科学研究院 | Network security monitoring device |
| CN114785593A (en) * | 2022-04-21 | 2022-07-22 | 中网信安科技有限公司 | Controlled network space construction method |
| CN114745407B (en) * | 2022-04-28 | 2024-02-13 | 广东电网有限责任公司 | Security situation awareness method, device, equipment and medium of electric power Internet of things |
| CN114745407A (en) * | 2022-04-28 | 2022-07-12 | 广东电网有限责任公司 | Security situation sensing method, device, equipment and medium for power internet of things |
| CN114928531B (en) * | 2022-05-06 | 2023-09-05 | 广西电网有限责任公司 | Network security integrated intelligent protection method, device, robot and medium |
| CN114928531A (en) * | 2022-05-06 | 2022-08-19 | 广西电网有限责任公司 | Network security integrated intelligent protection method and device, robot and medium |
| CN114640548A (en) * | 2022-05-18 | 2022-06-17 | 宁波市镇海区大数据投资发展有限公司 | Network security sensing and early warning method and system based on big data |
| CN115001792A (en) * | 2022-05-27 | 2022-09-02 | 北京双湃智安科技有限公司 | Accuracy evaluation method for learning industrial Internet security perception system |
| CN115134131A (en) * | 2022-06-20 | 2022-09-30 | 中能融合智慧科技有限公司 | Situation awareness-based Internet of things communication transmission system |
| CN115134131B (en) * | 2022-06-20 | 2023-10-20 | 中能融合智慧科技有限公司 | Internet of things communication transmission system based on situation awareness |
| CN115296860B (en) * | 2022-07-15 | 2023-08-15 | 智己汽车科技有限公司 | Vehicle safety operation and maintenance operation system based on central computing platform and vehicle |
| CN115296860A (en) * | 2022-07-15 | 2022-11-04 | 智己汽车科技有限公司 | Vehicle safety operation and maintenance operation system based on central computing platform and vehicle |
| CN115051879B (en) * | 2022-08-17 | 2022-11-22 | 珠海市鸿瑞信息技术股份有限公司 | Data analysis system of network security situation perception system based on machine learning |
| CN115051879A (en) * | 2022-08-17 | 2022-09-13 | 珠海市鸿瑞信息技术股份有限公司 | Data analysis system of network security situation perception system based on machine learning |
| CN115567258A (en) * | 2022-09-16 | 2023-01-03 | 中国联合网络通信集团有限公司 | Network security situation awareness method, system, electronic device and storage medium |
| CN115567258B (en) * | 2022-09-16 | 2024-03-01 | 中国联合网络通信集团有限公司 | Network security situation awareness method, system, electronic equipment and storage medium |
| CN116016215A (en) * | 2022-12-30 | 2023-04-25 | 北京明朝万达科技股份有限公司 | Network security situation awareness method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110740141A (en) | integration network security situation perception method, device and computer equipment | |
| CN108039959B (en) | Data situation perception method, system and related device | |
| US20190108112A1 (en) | System and method for generating a log analysis report from a set of data sources | |
| CN111600898A (en) | Security alarm generation method, device and system based on rule engine | |
| CN110347716B (en) | Log data processing method, device, terminal equipment and storage medium | |
| CN109902297B (en) | Threat information generation method and device | |
| CN106371986A (en) | Log treatment operation and maintenance monitoring system | |
| US10885185B2 (en) | Graph model for alert interpretation in enterprise security system | |
| CN111162950B (en) | Fault event processing method, device and system | |
| CN111930886A (en) | Log processing method, system, storage medium and computer equipment | |
| CN112738040A (en) | Network security threat detection method, system and device based on DNS log | |
| CN112416872A (en) | Cloud platform log management system based on big data | |
| US10262133B1 (en) | System and method for contextually analyzing potential cyber security threats | |
| CN113395251A (en) | Machine learning safety scene detection method and device | |
| Hemdan et al. | Spark-based log data analysis for reconstruction of cybercrime events in cloud environment | |
| CN110879771A (en) | Log analysis system for user anomaly detection based on keyword sequence mining | |
| CN115712646A (en) | Alarm strategy generation method, device and storage medium | |
| CN113382015A (en) | Handling method, device, equipment and storage medium of network threat | |
| CN112910842B (en) | Network attack event evidence obtaining method and device based on flow reduction | |
| KR101543377B1 (en) | Apparatus and method for analyzing data using mapreduce based on nosql | |
| Naukudkar et al. | Enhancing performance of security log analysis using correlation-prediction technique | |
| Polozhentsev et al. | Novel Cyber Incident Management System for 5G-based Critical Infrastructures | |
| CN112953954B (en) | Industrial Internet security capability arrangement method | |
| KR102471618B1 (en) | Netflow based large-scale service network aceess tracking method and device and system therefor | |
| CN111814142A (en) | Big data rapid threat detection system based on OpenIOC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200131 |