CN112560026A - Method for realizing intelligent tracking analysis self-healing of information system alarm - Google Patents
Method for realizing intelligent tracking analysis self-healing of information system alarm Download PDFInfo
- Publication number
- CN112560026A CN112560026A CN202011478230.0A CN202011478230A CN112560026A CN 112560026 A CN112560026 A CN 112560026A CN 202011478230 A CN202011478230 A CN 202011478230A CN 112560026 A CN112560026 A CN 112560026A
- Authority
- CN
- China
- Prior art keywords
- information
- abnormal
- healing
- tracking analysis
- mirror image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 49
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000002159 abnormal effect Effects 0.000 claims abstract description 82
- 238000012216 screening Methods 0.000 claims abstract description 14
- 238000012795 verification Methods 0.000 claims abstract description 13
- 230000005540 biological transmission Effects 0.000 claims abstract description 10
- 238000012937 correction Methods 0.000 claims abstract description 7
- 238000012217 deletion Methods 0.000 claims abstract description 7
- 230000037430 deletion Effects 0.000 claims abstract description 7
- 238000011835 investigation Methods 0.000 claims abstract description 7
- 238000004519 manufacturing process Methods 0.000 claims abstract description 7
- 238000012544 monitoring process Methods 0.000 claims description 12
- 238000002372 labelling Methods 0.000 claims description 8
- 241000700605 Viruses Species 0.000 claims description 6
- 238000012106 screening analysis Methods 0.000 claims description 3
- 238000003672 processing method Methods 0.000 claims 1
- 238000012545 processing Methods 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000004069 differentiation Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Investigating Or Analysing Biological Materials (AREA)
Abstract
The invention discloses a method for realizing intelligent tracking analysis self-healing of information system alarm, which comprises the following steps: s1, information control, wherein information in an information control stage is compared in an information database, and then information screening and information transmission are carried out through processing of a central information processor; s2, information early warning, including information distinguishing, information verification and information warning; s3, information tracking analysis; s4, self-healing of information, including information investigation, information correction and information deletion; and S5, updating the system, including information sample production and information storage. According to the method for realizing the intelligent tracking analysis self-healing of the information system alarm, suspected abnormal information is operated in advance through the mirror image server, whether the abnormal information harms a main system or not is judged, the interference of the abnormal information on the main system is reduced, and the main system is enabled to keep high-speed operation.
Description
Technical Field
The invention relates to the technical field of information, in particular to a method for realizing intelligent tracking analysis self-healing of information system alarm.
Background
The information system is a man-machine integrated system composed of computer hardware, network and communication equipment, computer software, information resource, information user and regulation system and aimed at processing information flow. In short, the information system is a system for inputting data \ information and generating information through processing, and the information system has security risks from a human environment, a technical environment and a physical natural environment, and the security threats of the information system are ubiquitous. For the security problem of the large-scale enterprise information system, the security problem cannot be solved by utilizing some security products integrating information security technology, but technical, management and institutional factors must be considered to comprehensively solve the system security problem in an all-round way and establish an information system security guarantee system of the enterprise.
The existing information system has poor protection capability, cannot track and process information, easily causes a plurality of system bugs, and carries out technical innovation on the basis of the existing information system technology aiming at the above situation.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method for realizing intelligent tracking analysis self-healing of alarm of an information system, which solves the problems in the background technology.
In order to achieve the purpose, the invention is realized by the following technical scheme: an implementation method for intelligent tracking analysis self-healing of information system alarm comprises the following steps:
s1, information control, wherein information in the information control stage is compared in an information database and then is processed by a central information processor to carry out information screening and information transmission;
s2, information early warning, including information distinguishing, information verification and information warning;
s3, information tracking analysis;
s4, self-healing of information, including information investigation, information correction and information deletion;
and S5, updating the system, including information sample production and information storage.
Preferably, the information database in S1 stores abnormal information and virus information samples; the central information processor is used for receiving and carrying out comprehensive analysis on various instructions in the system; the information screening is used for receiving information transmitted from the outside and carrying out comparison screening analysis for distinguishing through an information database; and the information transmission is used for connecting the system with a big data server and updating abnormal information and virus information samples in the information database in time.
Preferably, the information early warning in S2 includes a main server and at least two mirror servers, where the information differentiation is connected to the main server and is used to differentiate normal information and abnormal information, the normal information enters the main server for command output, and the abnormal information enters the information verification for verification through the information differentiation; the information verification corresponds to a mirror image server and is used for verifying abnormal information from the information distinction, command circulation is carried out through the mirror image server after the abnormal information is received, the abnormal information which cannot complete normal command circulation enters the information alarm when circulation is completed and normally enters the main server; the information alarm is connected with a mirror image server, information is screened in the information database through information screening in S1 under the information control of S1 through the mirror image server, and the information is labeled after screening is corresponding to abnormal information.
Preferably, the information tracking analysis in S3 includes: the system comprises information labeling, information circulation, information monitoring and information analysis, wherein the information tracking analysis comprises a main server and at least more than two mirror image servers.
Preferably, the information label is used for labeling the received abnormal information, connecting a label information sequence at the end of the sequence of the abnormal information, and then performing command circulation on the abnormal information in the mirror image server.
Preferably, the information loop comprises a mirror image server, and is used for performing command loop on the marked abnormal information in the mirror image server, and the cycled command is connected to the main server through the mirror image server.
Preferably, the information monitoring is used for monitoring the state of the whole system after the command of the abnormal information enters the system through information circulation, and sending the abnormal information to information analysis after the abnormal information is found.
Preferably, the information analysis is used for receiving information transmission from information monitoring, and then whether the abnormal information is suitable for the system operation is analyzed through a self algorithm.
Preferably, the information investigation in S4 is used to investigate the abnormal information in the information analysis, find the abnormal information according to the tagged information sequence, and then transmit the abnormal information to the next step; the information correction is used for correcting abnormal information; the information deletion is used to delete abnormal information that cannot be corrected.
Preferably, in S5, the information sample production is used to label the abnormal information and process the abnormal information to generate a sample, and the information storage is used to store the abnormal information sample in the information database and update the information in the information database.
The invention provides a method for realizing intelligent tracking analysis self-healing of information system alarm, which has the following beneficial effects:
1. according to the method for realizing the intelligent tracking analysis self-healing of the information system alarm, suspected abnormal information is operated in advance through the mirror image server, whether the abnormal information harms a main system or not is judged, the interference of the abnormal information on the main system is reduced, and the main system is enabled to keep high-speed operation.
2. According to the method for realizing the intelligent tracking analysis self-healing of the alarm of the information system, similar abnormal information can be rapidly inquired through comparison and screening of the data information base, the information is corrected and processed corresponding to the corresponding processing mode, and the method is very efficient.
3. The method for realizing the intelligent tracking analysis self-healing of the alarm of the information system can track abnormal information, once the information harms a main system in the running process, the tracked information can be processed in a targeted manner, and the method has the characteristics of quick and accurate response.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments.
In the description of the present invention, "a plurality" means two or more unless otherwise specified; the terms "upper," "lower," "left," "right," "inner," "outer," "front," "rear," "leading," "trailing," and the like are used in an orientation or positional relationship indicated for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are not to be construed as limiting the invention. Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "connected" and "connected" are to be interpreted broadly, e.g., as being fixed or detachable or integrally connected; can be mechanically or electrically connected; may be directly connected or indirectly connected through an intermediate. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The invention provides a technical scheme that: an implementation method for intelligent tracking analysis self-healing of information system alarm comprises the following steps:
s1, information control, wherein information in the information control stage is compared in an information database and then is processed by a central information processor to carry out information screening and information transmission;
s2, information early warning, including information distinguishing, information verification and information warning;
s3, information tracking analysis;
s4, self-healing of information, including information investigation, information correction and information deletion;
and S5, updating the system, including information sample production and information storage.
Abnormal information and virus information samples are stored in the information database in the S1; the central information processor is used for receiving and carrying out comprehensive analysis on various instructions in the system; the information screening is used for receiving information transmitted from the outside and carrying out comparison screening analysis for distinguishing through an information database; and the information transmission is used for connecting the system with a big data server and updating abnormal information and virus information samples in the information database in time.
The information early warning in S2 comprises a main server and at least more than two mirror image servers, wherein the information distinguishing connection main server is used for distinguishing normal information and abnormal information, the normal information enters the main server for outputting a command, and the abnormal information enters the information verification for verification through the information distinguishing; the information verification corresponds to a mirror image server and is used for verifying abnormal information from the information distinction, command circulation is carried out through the mirror image server after the abnormal information is received, the abnormal information which cannot complete normal command circulation enters the information alarm when circulation is completed and normally enters the main server; the information alarm is connected with a mirror image server, information is screened in the information database through information screening in S1 under the information control of S1 through the connection of the mirror image server, and abnormal information is marked after screening is correspondingly carried out.
The information tracking analysis in the S3 includes: the system comprises information labeling, information circulation, information monitoring and information analysis, wherein the information tracking analysis comprises a main server and at least more than two mirror image servers.
The information marking is used for marking the received abnormal information, the end of the sequence of the abnormal information is connected with a marked information sequence, and then the abnormal information is subjected to command circulation in the mirror image server.
The information cycle comprises a mirror image server used for carrying out command cycle on the marked abnormal information in the mirror image server, and the command after the cycle is connected to the main server through the mirror image server.
The information monitoring is used for monitoring the state of the whole system after the command of abnormal information enters the system through information circulation, and sending the abnormal information to information analysis after the abnormal information is found.
The information analysis is used for receiving information transmission from information monitoring, and then whether the abnormal information is suitable for the system operation is analyzed through an algorithm of the information analysis.
The information investigation in the S4 is used for investigating abnormal information in the information analysis, finding the abnormal information according to the labeling information sequence and then transmitting the abnormal information to the next step; the information correction is used for correcting (namely correcting) abnormal information; the information deletion is used to delete abnormal information that cannot be corrected.
It should be understood that, while deleting the abnormal information that cannot be corrected, an information source of the abnormal information that cannot be corrected (i.e. a source that transmits the abnormal information that cannot be corrected) is also obtained and marked, or after determining the abnormal information that cannot be corrected, all information transmitted by the information source is suspended from being received.
And in the S5, the information sample production is used for labeling abnormal information and generating a sample in a processing mode, and the information storage is used for storing the abnormal information sample into an information database and updating the information in the information database.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (10)
1. An implementation method for intelligent tracking analysis self-healing of information system alarm is characterized by comprising the following steps:
s1, information control, wherein information in the information control stage is compared in an information database and then is processed by a central information processor to carry out information screening and information transmission;
s2, information early warning, including information distinguishing, information verification and information warning;
s3, information tracking analysis;
s4, self-healing of information, including information investigation, information correction and information deletion;
and S5, updating the system, including information sample production and information storage.
2. The method for implementing intelligent tracking analysis self-healing of information system alarm according to claim 1, characterized in that: abnormal information and virus information samples are stored in the information database in the S1; the central information processor is used for receiving and carrying out comprehensive analysis on various instructions in the system; the information screening is used for receiving information transmitted from the outside and carrying out comparison screening analysis for distinguishing through an information database; and the information transmission is used for connecting the system with a big data server and updating abnormal information and virus information samples in the information database in time.
3. The method for implementing intelligent tracking analysis self-healing of information system alarm according to claim 1, characterized in that: the information early warning in the S2 comprises a main server and at least more than two mirror image servers, wherein the information distinguishing connection main server is used for distinguishing normal information and abnormal information, the normal information enters the main server for outputting a command, and the abnormal information enters the information verification for verification through the information distinguishing; the information verification corresponds to a mirror image server and is used for verifying abnormal information from the information distinction, command circulation is carried out through the mirror image server after the abnormal information is received, the abnormal information which cannot complete normal command circulation enters the information alarm when circulation is completed and normally enters the main server; the information alarm is connected with a mirror image server, information is screened in the information database through information screening in S1 under the information control of S1 through the mirror image server, and the information is labeled after screening is corresponding to abnormal information.
4. The method for implementing intelligent tracking analysis self-healing of information system alarm according to claim 1, characterized in that: the information tracking analysis in S3 includes: the system comprises information labeling, information circulation, information monitoring and information analysis, wherein the information tracking analysis comprises a main server and at least more than two mirror image servers.
5. The method for implementing intelligent tracking analysis self-healing of information system alarms according to claim 4, characterized in that: the information label is used for labeling the received abnormal information, the label information sequence is connected at the tail of the sequence of the abnormal information, and then the abnormal information is subjected to command circulation in the mirror image server.
6. The method for implementing intelligent tracking analysis self-healing of information system alarms according to claim 4, characterized in that: the information cycle comprises a mirror image server used for carrying out command cycle on the marked abnormal information in the mirror image server, and the command after the cycle is connected to the main server through the mirror image server.
7. The method for implementing intelligent tracking analysis self-healing of information system alarms according to claim 4, characterized in that: the information monitoring is used for monitoring the state of the whole system after the command of abnormal information enters the system through information circulation, and sending the abnormal information to information analysis after the abnormal information is found.
8. The method for implementing intelligent tracking analysis self-healing of information system alarms according to claim 4, characterized in that: the information analysis is used for receiving information transmission from information monitoring and then analyzing whether the abnormal information is suitable for the system operation or not through an algorithm of the information analysis.
9. The method for implementing intelligent tracking analysis self-healing of information system alarms according to claim 8, characterized in that: the information investigation in the S4 is used for investigating abnormal information in the information analysis, finding the abnormal information according to the tagged information sequence, and then transmitting the abnormal information to the next step; the information correction is used for correcting abnormal information; the information deletion is used to delete abnormal information that cannot be corrected.
10. The method for implementing intelligent tracking analysis self-healing of information system alarm according to claim 1, characterized in that: and in the step S5, the information sample production is used for labeling abnormal information and generating a sample by a processing method, and the information storage is used for storing the abnormal information sample into an information database and updating information in the information database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011478230.0A CN112560026A (en) | 2020-12-15 | 2020-12-15 | Method for realizing intelligent tracking analysis self-healing of information system alarm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011478230.0A CN112560026A (en) | 2020-12-15 | 2020-12-15 | Method for realizing intelligent tracking analysis self-healing of information system alarm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112560026A true CN112560026A (en) | 2021-03-26 |
Family
ID=75063739
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011478230.0A Pending CN112560026A (en) | 2020-12-15 | 2020-12-15 | Method for realizing intelligent tracking analysis self-healing of information system alarm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112560026A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1668015A (en) * | 2004-12-20 | 2005-09-14 | 华中科技大学 | Cooperative intrusion detection based large-scale network security defense system |
| CN202798798U (en) * | 2012-07-17 | 2013-03-13 | 江西省电力公司信息通信分公司 | High availability system based on cloud computing technology |
| CN105204973A (en) * | 2015-09-25 | 2015-12-30 | 浪潮集团有限公司 | Abnormal behavior monitoring and analysis system and method based on virtual machine technology under cloud platform |
| CN108596229A (en) * | 2018-04-13 | 2018-09-28 | 北京华电智慧科技产业有限公司 | Online abnormal monitoring, diagnosing method and system |
| CN109358975A (en) * | 2018-09-28 | 2019-02-19 | 珠海市君天电子科技有限公司 | A kind of analysis method, device, electronic equipment and storage medium that software is operating abnormally |
| US20190066377A1 (en) * | 2017-08-22 | 2019-02-28 | Software Ag | Systems and/or methods for virtual reality based process optimization |
| CN109728979A (en) * | 2019-03-01 | 2019-05-07 | 国网新疆电力有限公司信息通信公司 | Automatic warning system and method suitable for information O&M comprehensive supervision platform |
-
2020
- 2020-12-15 CN CN202011478230.0A patent/CN112560026A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1668015A (en) * | 2004-12-20 | 2005-09-14 | 华中科技大学 | Cooperative intrusion detection based large-scale network security defense system |
| CN202798798U (en) * | 2012-07-17 | 2013-03-13 | 江西省电力公司信息通信分公司 | High availability system based on cloud computing technology |
| CN105204973A (en) * | 2015-09-25 | 2015-12-30 | 浪潮集团有限公司 | Abnormal behavior monitoring and analysis system and method based on virtual machine technology under cloud platform |
| US20190066377A1 (en) * | 2017-08-22 | 2019-02-28 | Software Ag | Systems and/or methods for virtual reality based process optimization |
| CN108596229A (en) * | 2018-04-13 | 2018-09-28 | 北京华电智慧科技产业有限公司 | Online abnormal monitoring, diagnosing method and system |
| CN109358975A (en) * | 2018-09-28 | 2019-02-19 | 珠海市君天电子科技有限公司 | A kind of analysis method, device, electronic equipment and storage medium that software is operating abnormally |
| CN109728979A (en) * | 2019-03-01 | 2019-05-07 | 国网新疆电力有限公司信息通信公司 | Automatic warning system and method suitable for information O&M comprehensive supervision platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210294820A1 (en) | Device discovery system | |
| EP2729895B1 (en) | Syntactical fingerprinting | |
| CN106888106A (en) | The extensive detecting system of IT assets in intelligent grid | |
| US8181069B2 (en) | Method and system for problem determination using probe collections and problem classification for the technical support services | |
| US9191398B2 (en) | Method and system for alert classification in a computer network | |
| CN106101130A (en) | A kind of network malicious data detection method, Apparatus and system | |
| CN107785073A (en) | Medical examination result-sharing methods, devices and systems based on block chain | |
| US10210068B2 (en) | Device topology definition system | |
| US11706236B2 (en) | Autonomous application of security measures to IoT devices | |
| US20170061133A1 (en) | Automated Security Vulnerability Exploit Tracking on Social Media | |
| CN105095769A (en) | Information service software vulnerability detection method | |
| CN110020262A (en) | Pushed information sending method, device, computer equipment and storage medium | |
| CN112817814A (en) | Abnormity monitoring method, system, storage medium and electronic device | |
| CN114124837A (en) | Asset information discovery system and method based on passive flow | |
| CN112560026A (en) | Method for realizing intelligent tracking analysis self-healing of information system alarm | |
| US20200280583A1 (en) | Url abnormality positioning method and device, and server and storage medium | |
| CN111090655B (en) | Early warning method and device based on monitoring data, electronic equipment and storage medium | |
| CN109474529B (en) | Method for feeding back terminal network associated data | |
| US20220173980A1 (en) | Ai machine learning technology based fault management system for network equpment that supports sdn open flow protocol | |
| KR102332727B1 (en) | Anomaly detection system using distrubuted storage of traffic of power plant contrl netwrok assets | |
| CN115544202A (en) | Alarm processing method, device and storage medium | |
| US20220182260A1 (en) | Detecting anomalies on a controller area network bus | |
| CN115022152A (en) | Method and device for judging threat degree of event and electronic equipment | |
| CN112988441A (en) | Exception handling method and device | |
| CN116260640B (en) | Information interception control method and system for big data analysis based on artificial intelligence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |