CN112261034A - Network security protection system based on enterprise intranet - Google Patents
Network security protection system based on enterprise intranet Download PDFInfo
- Publication number
- CN112261034A CN112261034A CN202011121545.XA CN202011121545A CN112261034A CN 112261034 A CN112261034 A CN 112261034A CN 202011121545 A CN202011121545 A CN 202011121545A CN 112261034 A CN112261034 A CN 112261034A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- module
- intranet
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention belongs to the technical field of network protection, and particularly relates to a network security protection system based on an enterprise intranet. The system monitors external attacks in the enterprise network by means of external equipment, monitors and analyzes various types of abnormalities in the network, predicts and analyzes abnormal data, comprehensively analyzes the network and the security situation from the aspects of external threat alarm, internal security threat monitoring, prediction and the like, and forms a dual-mode enterprise internal network security protection system for external attack alarm and internal threat monitoring. A multi-dimensional anomaly detection system based on an actual security scene is provided in the aspect of security protection of an enterprise internal network. The monitoring and protecting capability of various types of security threats in the internal network of the enterprise is improved.
Description
Technical Field
The invention belongs to the technical field of network protection, and particularly relates to a network security protection system based on an enterprise intranet.
Background
The network security situation analysis mainly comprises the process of detecting, filtering, checking and alarming malicious attacks existing in the network. Generally, the security protection of the enterprise network mainly depends on traditional security devices such as a firewall, an IDS, a missing scan, etc., or a security management platform using these security devices as data sources as a protection main body, so as to implement the security protection of the enterprise intranet network.
The network security threat mainly takes the internet of an operator as a high-incidence scene, and the security threat has the characteristics of concealment, sporadic nature, destructiveness and the like. Most of the intranet is in an interconnected or logically isolated state with the internet, so that the intranet faces the same network security threat after the network threat is triggered in the internet. The safety protection measures of the intranet mainly include deploying a boundary firewall between the internet and the intranet, adding a blocking safety strategy and isolating external safety threats; deploying vulnerability scanning equipment at an internal network outlet to detect security vulnerability threats existing in network access flow; deploying intrusion detection equipment at an intranet outlet of an enterprise, and blocking and monitoring characteristic traffic with security threats in network access traffic; deploying an administration platform in an enterprise intranet, collecting and gathering log information of various safety equipment, and monitoring on the platform by means of alarm results built in the safety equipment; the main protection idea is to ensure the safety detection of the intranet and internet outlets and the safety of the intranet.
The current enterprise intranet network safety protection mode is mainly based on the deployment of boundary safety protection equipment, so that the safety threat from the outside is detected, and the network safety protection is realized. But network threats not only exist on external networks but also frequently occur within the network and are often regular. The security threat inside the network can more directly damage the internal network information system and can more easily acquire the key information in the network. Compared with the external network threat, the internal threat is more threatening to the security protection of the intranet, and the internal threat is gradually evolving into an important direction of the network security protection.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: how to provide a set of network security protection system of enterprise intranet, establish novel network security situation monitoring system of enterprise intranet.
(II) technical scheme
In order to solve the above technical problem, the present invention provides a network security protection system based on an enterprise intranet, comprising: the system comprises a threat characteristic library construction module, an abnormal behavior rule library construction module, a network data acquisition module, an external alarm data analysis module, an internal compliance detection module, an unknown threat prediction module and a network security situation alarm module;
the threat characteristic library construction module is used for extracting key identification fields in characteristic sample data of typical security threats, selecting security threats which can only identify independence in the sample data, and storing the identification information into data tables of different types, wherein the plurality of data tables form a security threat characteristic library;
the abnormal behavior rule base building module is used for carrying out data definition on typical user illegal behaviors in an enterprise intranet and storing the defined rule data into different types of data tables, and the plurality of data tables form an abnormal behavior rule base;
the network data acquisition module is used for acquiring original log data which can reflect the running states of the equipment and the system, including original running log data and operation log data of safety equipment, network equipment and an application system in an enterprise intranet, splitting the original log data, marking the meaning of fields according to different field attributes after splitting, deleting invalid fields and forming a data set with a uniform standard format;
the external alarm data analysis module is used for receiving the data set in the standard format and the security threat characteristic library, importing the data set in the standard format into the correlation analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the security characteristic database by calling an FP-growth algorithm in the correlation analysis model, and extracting the network data corresponding to the difference value of 0 after matching to generate the external alarm information of the enterprise network when the difference is 0;
the internal compliance detection module is used for receiving the data set in the standard format and the abnormal behavior rule base, importing the data set in the standard format into the association analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the abnormal behavior rule base by calling an FP-growth algorithm in the association analysis model, and extracting the network data corresponding to the difference value of 0 when the difference is 0 after matching to generate the abnormal behavior warning information in the enterprise network;
the unknown threat prediction module is used for receiving a data set in a standard format, transmitting the data set in the standard format into the data prediction model, processing and analyzing the data in the data set by the data prediction model, predicting the data state in the next period, finding a potential abnormal value, extracting network data corresponding to the abnormal value, and generating unknown threat warning information of the enterprise network;
the network security situation warning module is used for receiving the enterprise network external warning information, the enterprise network internal abnormal behavior warning information and the enterprise network unknown threat warning information, counting the warning information, and displaying the counted data to form the network security warning information of the enterprise intranet.
Wherein, the characteristic sample data of the typical security threat comprises sample data information of network viruses, trojans, worms and loophole security threats.
The abnormal behavior rule base building module is used for defining data of typical user illegal behaviors in an enterprise intranet, namely, abnormal behavior rules are defined through states of traffic access information, port access information and protocol use information of the behaviors.
The network data acquisition module splits original log data in a mode of regular expressions, key value pairs and analysis scripts.
And the data set in a uniform standard JSON format is output by the network data acquisition module.
And the data prediction model adopted by the unknown threat prediction module calls a K-means algorithm and an ALS algorithm to process and analyze the data in the data set.
The data prediction model takes 30 days as a time interval period, sets window sliding time to be 7 days, and predicts the data state of the next period.
The objects for statistical processing by the network security situation warning module include, for example, warning frequency summation, warning time interval statistics, and warning type statistics.
And the network security situation warning module displays the counted data by utilizing an E-Chart visualization tool.
The form of the network security situation warning module for displaying the counted data comprises a bar chart, a line chart and a two-dimensional area chart.
(III) advantageous effects
Compared with the prior art, the method and the system aim at the current safety protection situations of various scenes, solidified analysis models and incomplete data processing, an application scene and analysis model interaction system is established, full data analysis is carried out based on a big data technology, and the accuracy and the reliability of the platform for monitoring the application scene state are improved.
The invention breaks through the key technologies of multi-source data acquisition technology, data preprocessing technology, big data scene analysis, trend prediction and the like, forms a set of comprehensive intranet network safety protection model and realizes the comprehensive monitoring of intranet network scene safety.
The system monitors external attacks in the enterprise network by means of external equipment, monitors and analyzes various types of abnormalities in the network, predicts and analyzes abnormal data, comprehensively analyzes the network and the security situation from the aspects of external threat alarm, internal security threat monitoring, prediction and the like, and forms a dual-mode enterprise internal network security protection system for external attack alarm and internal threat monitoring. A multi-dimensional anomaly detection system based on an actual security scene is provided in the aspect of security protection of an enterprise internal network. The monitoring and protecting capability of various types of security threats in the internal network of the enterprise is improved. The actual measurement shows that the system can finish the analysis of the behavior data under most enterprise business scenes in one minute on a common server. Comprehensive safety protection capability for an enterprise intranet is achieved by means of comprehensive data acquisition capability and a powerful safety analysis technology. The method can comprehensively master external attack behaviors and internal violation and abnormal behaviors, and can early warn the security risk of enterprises. The network data processing capacity of the system is as follows: greater than 60,000EPS data collection capability. Greater than 150,000FPS data processing capability. PB level data storage capability. Query result second level return capability.
Drawings
FIG. 1 is a flow chart of the technical solution of the present invention.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
In order to solve the problems of the prior art, the invention provides a network security protection system based on an enterprise intranet, which carries out multidimensional analysis on multi-source high-magnitude security data in the enterprise intranet, so as to realize detection of various security threats in the network and prediction of security threats possibly existing in the network; the network safety protection system based on the enterprise intranet takes safety equipment alarm monitoring, internal compliance detection and in-network threat prediction as entry points to construct a network safety protection model based on the enterprise intranet; the flow of the network security protection system based on the intranet is shown in fig. 1.
The network security protection system based on the enterprise intranet comprises: the system comprises a threat characteristic library construction module, an abnormal behavior rule library construction module, a network data acquisition module, an external alarm data analysis module, an internal compliance detection module, an unknown threat prediction module and a network security situation alarm module;
the threat characteristic library construction module is used for extracting key identification fields in characteristic sample data of typical security threats, selecting security threats which can only identify independence in the sample data, and storing the identification information into data tables of different types, wherein the plurality of data tables form a security threat characteristic library;
the abnormal behavior rule base building module is used for carrying out data definition on typical user illegal behaviors in an enterprise intranet, such as access data of a source address and a destination address, storing the defined rule data into different types of data tables, and forming an abnormal behavior rule base by the multiple data tables;
the network data acquisition module is used for acquiring original log data which can reflect the running states of the equipment and the system, including original running log data and operation log data of safety equipment, network equipment and an application system in an enterprise intranet, splitting the original log data, marking the meaning of fields according to different field attributes after splitting, deleting invalid fields and forming a data set with a uniform standard format;
the external alarm data analysis module is used for receiving the data set in the standard format and the security threat characteristic library, importing the data set in the standard format into the correlation analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the security characteristic database by calling an FP-growth algorithm in the correlation analysis model, and extracting the network data corresponding to the difference value of 0 after matching to generate the external alarm information of the enterprise network when the difference is 0;
the internal compliance detection module is used for receiving the data set in the standard format and the abnormal behavior rule base, importing the data set in the standard format into the association analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the abnormal behavior rule base by calling an FP-growth algorithm in the association analysis model, and extracting the network data corresponding to the difference value of 0 when the difference is 0 after matching to generate the abnormal behavior warning information in the enterprise network;
the unknown threat prediction module is used for receiving a data set in a standard format, transmitting the data set in the standard format into the data prediction model, processing and analyzing the data in the data set by the data prediction model, predicting the data state in the next period, finding a potential abnormal value, extracting network data corresponding to the abnormal value, and generating unknown threat warning information of the enterprise network;
the network security situation warning module is used for receiving the enterprise network external warning information, the enterprise network internal abnormal behavior warning information and the enterprise network unknown threat warning information, counting the warning information, and displaying the counted data to form the network security warning information of the enterprise intranet.
Wherein, the characteristic sample data of the typical security threat comprises sample data information of network viruses, trojans, worms and loophole security threats.
The abnormal behavior rule base building module is used for defining data of typical user illegal behaviors in an enterprise intranet, namely, abnormal behavior rules are defined through states of traffic access information, port access information and protocol use information of the behaviors.
The network data acquisition module splits original log data in a mode of regular expressions, key value pairs and analysis scripts.
And the data set in a uniform standard JSON format is output by the network data acquisition module.
And the data prediction model adopted by the unknown threat prediction module calls a K-means algorithm and an ALS algorithm to process and analyze the data in the data set.
The data prediction model takes 30 days as a time interval period, sets window sliding time to be 7 days, and predicts the data state of the next period.
The objects for statistical processing by the network security situation warning module include, for example, warning frequency summation, warning time interval statistics, and warning type statistics.
And the network security situation warning module displays the counted data by utilizing an E-Chart visualization tool.
The form of the network security situation warning module for displaying the counted data comprises a bar chart, a line chart and a two-dimensional area chart.
Example 1
The operation flow of this embodiment is as follows:
the method comprises the following steps: initialization construction of threat characteristic library and abnormal behavior rule library
Inputting: extracting key identification fields in characteristic sample data of typical security threats, such as sample data information of security threats, such as network viruses, trojans, worms, bugs and the like, and adding identification data into an initialized threat characteristic library; and defining data of typical user violation behaviors in the intranet, such as access data of a source address and a destination address, and adding the defined data to an abnormal behavior rule base.
And (3) treatment: extracting key fields of characteristic sample data of typical security threats, selecting the security threats which can only identify the independence from the sample data, and storing the identification information into data tables of different types, wherein the plurality of data tables form a security threat characteristic library; the method comprises the steps of defining data of typical user illegal behaviors, namely defining abnormal behavior rules according to states of behavior traffic access information, port access information, protocol use information and the like, storing the defined rule data into different types of data tables, and forming an abnormal behavior rule base by a plurality of data tables.
And (3) outputting: a security threat characteristic library and an abnormal behavior rule library.
Step two: network data acquisition processing
Inputting: the original operation log data, operation log data and the like of the safety equipment, the network equipment and the application system in the enterprise intranet can reflect the information of the operation state of the equipment and the system.
And (3) treatment: splitting original log data acquired by equipment and a system by using a regular expression, a key value pair, an analysis script and other modes, labeling the meaning of a field according to different field attributes after splitting, deleting invalid fields, and forming a data set in a unified standard JSON format.
And (3) outputting: data set in standard format
Step three: external alarm data analysis
Inputting: a data set in a standard format, a security threat feature library.
And (3) treatment: and importing the data set in the standard format into an association analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in a security characteristic database by calling an FP-growth algorithm in the association analysis model, and extracting the network data corresponding to the difference value of 0 when the difference is 0 after matching to generate external alarm information.
And (3) outputting: and (4) warning information outside the enterprise network.
Step four: internal compliance testing
Inputting: a data set in a standard format and an abnormal behavior rule base.
And (3) treatment: and importing the data set in the standard format into an association analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the abnormal behavior rule base by calling an FP-growth algorithm in the association analysis model, and extracting the network data corresponding to the difference value of 0 when the difference is 0 after matching to generate the internal abnormal behavior alarm information.
And (3) outputting: and alarming information of abnormal behaviors in the enterprise network.
Step five: prediction of unknown threats
Inputting: data set in standard format
And (3) treatment: the data set in the standard format is transmitted into a data prediction model, the model calls a K-means algorithm and an ALS algorithm to process and analyze data in the data set, a 30-day interval period is used as a time interval period, window sliding time is set to be 7 days, the data state of the next period is predicted, potential abnormal values are found, network data corresponding to the abnormal values are extracted, and unknown threat warning information is generated.
And (3) outputting: and warning information of unknown threats of the enterprise network.
Step six: network security posture warning
Inputting: enterprise network external alarm information; warning information of abnormal behaviors in the enterprise network; and warning information of unknown threats of the enterprise network.
And (3) treatment: and performing statistical processing on the alarm information generated by the upper model, such as alarm frequency summation, alarm time period statistics, alarm type statistics and the like, and displaying the counted data by using an E-Chart visualization tool, such as a bar Chart, a line Chart, a two-dimensional area Chart and the like, so as to form the network security alarm information of the intranet.
And (3) outputting: and network security alarm information of the enterprise intranet.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (10)
1. The utility model provides a network safety protection system based on intranet which characterized in that, network safety protection system based on intranet includes: the system comprises a threat characteristic library construction module, an abnormal behavior rule library construction module, a network data acquisition module, an external alarm data analysis module, an internal compliance detection module, an unknown threat prediction module and a network security situation alarm module;
the threat characteristic library construction module is used for extracting key identification fields in characteristic sample data of typical security threats, selecting security threats which can only identify independence in the sample data, and storing the identification information into data tables of different types, wherein the plurality of data tables form a security threat characteristic library;
the abnormal behavior rule base building module is used for carrying out data definition on typical user illegal behaviors in an enterprise intranet and storing the defined rule data into different types of data tables, and the plurality of data tables form an abnormal behavior rule base;
the network data acquisition module is used for acquiring original log data which can reflect the running states of the equipment and the system, including original running log data and operation log data of safety equipment, network equipment and an application system in an enterprise intranet, splitting the original log data, marking the meaning of fields according to different field attributes after splitting, deleting invalid fields and forming a data set with a uniform standard format;
the external alarm data analysis module is used for receiving the data set in the standard format and the security threat characteristic library, importing the data set in the standard format into the correlation analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the security characteristic database by calling an FP-growth algorithm in the correlation analysis model, and extracting the network data corresponding to the difference value of 0 after matching to generate the external alarm information of the enterprise network when the difference is 0;
the internal compliance detection module is used for receiving the data set in the standard format and the abnormal behavior rule base, importing the data set in the standard format into the association analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the abnormal behavior rule base by calling an FP-growth algorithm in the association analysis model, and extracting the network data corresponding to the difference value of 0 when the difference is 0 after matching to generate the abnormal behavior warning information in the enterprise network;
the unknown threat prediction module is used for receiving a data set in a standard format, transmitting the data set in the standard format into the data prediction model, processing and analyzing the data in the data set by the data prediction model, predicting the data state in the next period, finding a potential abnormal value, extracting network data corresponding to the abnormal value, and generating unknown threat warning information of the enterprise network;
the network security situation warning module is used for receiving the enterprise network external warning information, the enterprise network internal abnormal behavior warning information and the enterprise network unknown threat warning information, counting the warning information, and displaying the counted data to form the network security warning information of the enterprise intranet.
2. The intranet-based network security protection system according to claim 1, wherein the characteristic sample data of typical security threats comprises sample data information of network viruses, trojans, worms and vulnerability security threats.
3. The intranet-based network security protection system according to claim 1, wherein the abnormal behavior rule base building module is configured to perform data definition on typical user violations in an intranet, that is, to define abnormal behavior rules according to states of traffic access information, port access information, and usage information of protocols of behaviors.
4. The intranet-based network security protection system according to claim 1, wherein the network data collection module splits original log data in a manner including regular expressions, key value pairs, and parsing scripts.
5. The intranet-based network security protection system according to claim 1, wherein the network data collection module outputs a data set in a unified JSON format.
6. The intranet-based network security protection system according to claim 1, wherein the data prediction model adopted by the unknown threat prediction module invokes a K-means algorithm or an ALS algorithm to process and analyze data in the data set.
7. The intranet-based network security protection system according to claim 6, wherein the data prediction model takes 30 days as a time interval period, sets a window sliding time to 7 days, and predicts the data state of the next period.
8. The intranet-based network security protection system according to claim 1, wherein the objects for statistical processing by the network security posture alarm module include alarm frequency summation, alarm time period statistics, and alarm type statistics.
9. The intranet-based network security protection system according to claim 1, wherein the network security posture warning module displays the counted data by using an E-Chart visualization tool.
10. The intranet-based network security protection system according to claim 9, wherein the network security situation warning module displays the counted data in a form including a bar graph, a line graph, and a two-dimensional area graph.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011121545.XA CN112261034A (en) | 2020-10-19 | 2020-10-19 | Network security protection system based on enterprise intranet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011121545.XA CN112261034A (en) | 2020-10-19 | 2020-10-19 | Network security protection system based on enterprise intranet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112261034A true CN112261034A (en) | 2021-01-22 |
Family
ID=74244063
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011121545.XA Pending CN112261034A (en) | 2020-10-19 | 2020-10-19 | Network security protection system based on enterprise intranet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112261034A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261033A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection method based on enterprise intranet |
| CN114598551A (en) * | 2022-03-29 | 2022-06-07 | 南方电网科学研究院有限责任公司 | Information network security early warning system for dealing with continuous threat attack |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
| CN111245793A (en) * | 2019-12-31 | 2020-06-05 | 西安交大捷普网络科技有限公司 | Method and device for analyzing abnormity of network data |
| CN112261033A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection method based on enterprise intranet |
-
2020
- 2020-10-19 CN CN202011121545.XA patent/CN112261034A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
| CN111245793A (en) * | 2019-12-31 | 2020-06-05 | 西安交大捷普网络科技有限公司 | Method and device for analyzing abnormity of network data |
| CN112261033A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection method based on enterprise intranet |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261033A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection method based on enterprise intranet |
| CN114598551A (en) * | 2022-03-29 | 2022-06-07 | 南方电网科学研究院有限责任公司 | Information network security early warning system for dealing with continuous threat attack |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112261033A (en) | Network security protection method based on enterprise intranet | |
| US8418247B2 (en) | Intrusion detection method and system | |
| EP2953298B1 (en) | Log analysis device, information processing method and program | |
| CN104509034B (en) | Pattern merges to identify malicious act | |
| NL2002694C2 (en) | Method and system for alert classification in a computer network. | |
| KR102225460B1 (en) | Method of detecting threat based on threat hunting using multi sensor data and apparatus using the same | |
| CN108040493A (en) | Security incident is detected using low confidence security incident | |
| CN105009132A (en) | Event correlation based on confidence factor | |
| CN112953971B (en) | Network security flow intrusion detection method and system | |
| US9961047B2 (en) | Network security management | |
| CN110460611B (en) | Machine learning-based full-flow attack detection technology | |
| CN112261034A (en) | Network security protection system based on enterprise intranet | |
| Ebrahimi et al. | Automatic attack scenario discovering based on a new alert correlation method | |
| KR20070077517A (en) | Profile-based web application intrusion detection system and the method | |
| Michalak et al. | Outlier Detection in Network Traffic Monitoring. | |
| Elshoush | An innovative framework for collaborative intrusion alert correlation | |
| CN114006719B (en) | AI verification method, device and system based on situation awareness | |
| El-Taj et al. | Intrusion detection and prevention response based on signature-based and anomaly-based: Investigation study | |
| Phutane et al. | A survey of intrusion detection system using different data mining techniques | |
| Sulaiman et al. | Big data analytic of intrusion detection system | |
| Azmi Bin Mustafa Sulaiman et al. | SIEM Network Behaviour Monitoring Framework using Deep Learning Approach for Campus Network Infrastructure | |
| EP2911362B1 (en) | Method and system for detecting intrusion in networks and systems based on business-process specification | |
| Pramudya et al. | Implementation of signature-based intrusion detection system using SNORT to prevent threats in network servers | |
| Gavrilovic et al. | Snort IDS system visualization interface for alert analysis | |
| Xu et al. | [Retracted] Method of Cumulative Anomaly Identification for Security Database Based on Discrete Markov chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210122 |
|
| RJ01 | Rejection of invention patent application after publication |