CN112766672A - Network security guarantee method and system based on comprehensive evaluation - Google Patents
Network security guarantee method and system based on comprehensive evaluation Download PDFInfo
- Publication number
- CN112766672A CN112766672A CN202110020829.8A CN202110020829A CN112766672A CN 112766672 A CN112766672 A CN 112766672A CN 202110020829 A CN202110020829 A CN 202110020829A CN 112766672 A CN112766672 A CN 112766672A
- Authority
- CN
- China
- Prior art keywords
- security
- safety
- management
- control platform
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 121
- 238000000034 method Methods 0.000 title claims abstract description 101
- 238000012502 risk assessment Methods 0.000 claims abstract description 23
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 17
- 238000007726 management method Methods 0.000 claims description 149
- 230000008569 process Effects 0.000 claims description 42
- 238000004891 communication Methods 0.000 claims description 22
- 238000012544 monitoring process Methods 0.000 claims description 17
- 238000005516 engineering process Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 9
- 230000006378 damage Effects 0.000 claims description 9
- 238000006243 chemical reaction Methods 0.000 claims description 8
- 238000013439 planning Methods 0.000 claims description 7
- 230000008447 perception Effects 0.000 claims description 3
- 230000033772 system development Effects 0.000 claims description 3
- 230000011218 segmentation Effects 0.000 claims description 2
- 238000000926 separation method Methods 0.000 claims description 2
- 230000007704 transition Effects 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 description 18
- 230000006870 function Effects 0.000 description 18
- 238000001514 detection method Methods 0.000 description 17
- 230000006399 behavior Effects 0.000 description 10
- 238000004458 analytical method Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 230000007246 mechanism Effects 0.000 description 6
- 238000011161 development Methods 0.000 description 4
- 230000018109 developmental process Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000011084 recovery Methods 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 241000700605 Viruses Species 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000004927 fusion Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000012669 compression test Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 238000012854 evaluation process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000000556 factor analysis Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 210000002569 neuron Anatomy 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
- 238000007670 refining Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2465—Query processing support for facilitating data mining operations in structured databases
-
- G06Q50/40—
Abstract
The invention relates to a network security guarantee method based on comprehensive evaluation, which comprises the following steps: s1, deploying each safety component and managing a safety management and control platform of each safety component; s2, each safety component actively collects the service information of the service object and reports the operation log of the safety component and the collected service information to the safety management and control platform; and S3, the safety management and control platform carries out unified risk assessment on the service information reported by the safety component based on a constructed risk assessment system. The invention also relates to a network security guarantee system based on comprehensive evaluation. The invention can integrate the risk evaluation framework and the evaluation system of the algorithm model to carry out real-time and comprehensive evaluation on the network.
Description
Technical Field
The invention relates to the technical field of network information security, in particular to a network security guarantee method and system based on comprehensive evaluation.
Background
At present, under heterogeneous network communication environment, the composition of the national railway ticket system is increasingly complex, and particularly in spring transportation, holidays and other high peak periods, the railway ticket system can face high concurrency of access of different users; meanwhile, according to the existing requirements, the time for single ticket selling is generally not more than 4 seconds, so that the system has extremely high real-time performance; furthermore, railway ticketing requires a real-name rule and a plurality of convenient ticketing methods such as the internet, so that the railway ticketing system is also confronted with increasingly severe network security threats.
Aiming at a national large-scale business system such as a railway ticket system, in order to meet the requirement of rapid business increase and guarantee the safety of a network, the risk faced by the network needs to be evaluated in real time, a single network safety evaluation system is generally adopted to evaluate the risk of the network in the prior art, the whole life cycle process of a normal business cannot be recorded and analyzed, a unified management and control mechanism is not provided to carry out centralized management and control on different safety equipment, a whole analysis and evaluation is carried out on logs, events, attacks and threats from a global perspective, a comprehensive risk situation cannot be formed, so that the comprehensive and accurate risk evaluation effect cannot be played in an actual large-scale complex business system, and the whole, comprehensive and deep safety guarantee capability cannot be provided.
Therefore, the network security assurance method in the prior art generally has the following defects:
(1) the evaluation information is not comprehensive. Because the prior art cannot perform comprehensive detection on 7-layer information of an Open System Interconnection Reference Model (OSI), the information for evaluating risks is not comprehensive enough, so that the evaluation result is unreliable;
(2) the evaluation means is single. Because a single network security evaluation system is mostly adopted to evaluate the network risk, a technical system integrating a risk evaluation framework and an algorithm model is lacked, the evaluation content is relatively single, and the problems of simple analysis method and low fusion level exist, so that the risk situation evaluation result is rough;
(3) the evaluation process is incomplete. The existing network security assessment system can not record and analyze the whole life cycle process of normal service and can not depict the whole process of occurrence, development and evolution of network threat behaviors in fine granularity;
(4) the evaluation system is not perfect. The existing network security assessment system is characterized in that single-point security devices are independent to each other to perform security detection and risk assessment on a network, and an effective management mechanism is not available to conduct unified management and control on scattered security devices, so that the devices lack cooperativity, information islands are often formed, the whole security risk situation is difficult to form, and the security protection requirement of complex services can not be met.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a network security assurance method and system based on comprehensive evaluation, which can integrate the risk evaluation framework and the evaluation system of the algorithm model to perform real-time comprehensive evaluation on the network, aiming at the above defects of the prior art.
The technical scheme adopted by the invention for solving the technical problems is as follows: a network security guarantee method based on comprehensive evaluation is constructed, and comprises the following steps:
s1, deploying each safety component and managing a safety management and control platform of each safety component;
s2, each safety component actively collects the service information of the service object and reports the operation log of the safety component and the collected service information to the safety management and control platform;
and S3, the safety management and control platform carries out unified risk assessment on the service information reported by the safety component based on a constructed risk assessment system.
In the network security assurance method based on comprehensive evaluation described in the present invention, the step S3 further includes:
s31, the safety management and control platform comprehensively analyzes the service information reported by each safety component to comprehensively detect the safety event covering OSI seven layers;
s32, the security management and control platform builds a security baseline and judges whether the security event belongs to a threat event or not based on the security baseline;
s33, the security management and control platform constructs a risk identification library, and differentiates and identifies the threat events based on the risk identification library to obtain the dangerous events which cause substantial harm to network security;
and S34, the safety management and control platform carries out risk situation assessment on the dangerous event based on an integrated assessment algorithm.
In the network security assurance method based on comprehensive evaluation described in the present invention, the step S32 further includes:
s321, the safety management and control platform builds a service state machine based on each service and associated service of the application system;
s322, the security management and control platform records the state machine of the normal business workflow and the conversion composition of the state machine, and forms the security baseline based on the full life cycle of the RAMS;
s323, the security management and control platform judges whether the security event belongs to a threat event or not based on the security baseline and the CAI state machine.
In the network security guaranteeing method based on comprehensive evaluation described in the present invention, in step S321, the service step state and state relationship of each service itself constitute a sub-service state machine, and the sub-service states and transition relationships of a plurality of interrelations constitute the service state machine.
In the network security assurance method based on comprehensive evaluation described in the present invention, the step S33 further includes:
s331, the safety management and control platform builds the risk identification library based on an international information technology safety general evaluation criterion, a system safety engineering capability maturity model process domain, an RAMS life curve, a time division module and an air separation model;
s332, the security management and control platform carries out differential identification on the threat events based on the risk identification library so as to judge whether the threat events are dangerous events causing substantial harm to network security from multiple dimensions.
In the network security guarantee method based on comprehensive evaluation, the system security engineering capability maturity model process domain comprises: a risk process domain, an engineering process domain and a guarantee process domain; the risk process domain comprises the steps of identifying risk factors contained in the safety assessment and system development process and arranging the risk factors according to the risk level; the engineering process domain comprises taking a solution to a problem caused by the risk factor, and the guaranty process domain comprises ensuring that the solution is valid and that the assurance is delivered to a user side.
In the network security guarantee method based on comprehensive evaluation, the time division model adopts an asynchronous task regulation control mode based on time slot allocation to construct a security calculation system under a multi-time constraint condition so as to flexibly divide time provided for the whole security calculation into a plurality of time slots and dynamically allocate the time to each calculation task in a self-adaptive manner, and each calculation task completes calculation in the own time slot.
In the network security guarantee method based on comprehensive evaluation, the space division model adopts a definable software scheduling control mode based on resource reuse to construct a security computing system under the condition of multi-resource constraint so as to immediately sense the physical operating condition of security equipment and bear security computing tasks thereon, and dynamically divide each computing task into fine granularity according to different computing modes and task load characteristics, thereby realizing the elastic planning and reconstruction of corresponding virtual resources.
In the network security guarantee method based on comprehensive evaluation, the security components comprise a network controller, a core controller, a host security agent module and a firewall; the security management and control platform comprises a security management module, a security monitoring and auditing module, a configuration management module, a situation perception module, a continuous security evolution module and a special security management control communication assembly; the safety component and the safety management and control platform communicate through a safety communication module.
Another technical solution adopted by the present invention to solve the technical problem is to construct a network security assurance system based on comprehensive evaluation, comprising a plurality of security components, a security management and control platform for managing each of the security components, and a security communication module, wherein the security components and the security management and control platform communicate through the security communication module; and a computer program is stored on the safety management and control platform, and when being executed by a processor on the safety management and control platform, the computer program realizes the network safety guarantee method based on comprehensive evaluation.
By implementing the network security guarantee method and system based on comprehensive evaluation, the risk evaluation framework and the evaluation system of the algorithm model can be integrated to carry out real-time comprehensive evaluation on the network.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flow chart of a first preferred embodiment of the network security assurance method based on comprehensive evaluation of the present invention;
FIG. 2 is a flowchart of the risk assessment steps of the preferred embodiment of the network security and safety method based on comprehensive assessment of the present invention;
FIG. 3 is a model diagram of the operation mechanism of the CIA state machine in the preferred embodiment of the network security and guarantee method based on comprehensive evaluation;
FIG. 4 is a schematic block diagram of a risk identification repository of a preferred embodiment of the network security and assurance method based on comprehensive evaluation of the present invention;
FIG. 5 is a schematic block diagram of an integrated evaluation algorithm of a preferred embodiment of the network security and assurance method based on comprehensive evaluation of the present invention;
fig. 6 is a schematic structural diagram of a network security and assurance system based on comprehensive evaluation according to a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention is based on a private safety management control protocol and a safety communication system, adopts a distributed management and control mode, deploys different safety components in a distributed mode, collects service information managed by the different safety components, reports the service information to a safety management and control platform of a safety management center in a unified way, carries out centralized management and comprehensive analysis on the collected various service information by the safety management and control platform, and carries out comprehensive evaluation on comprehensively detected safety events through a constructed risk evaluation system. Specifically, in the process of performing the overall evaluation, a safety baseline is formed according to the overall detection result, the state machine of the normal service workflow and the life curve of the compression test (RAMS). And then constructing an integrated framework of models such as Common Criterion (CC), a system Security engineering capability Maturity Model (SSE-CMM), RAMS (Reliability, availability, vitality, and Safety), a time-space-division Model and the like. And finally, based on the safety baseline and the constructed integrated framework, estimating the risk size by adopting a risk estimation algorithm according to the comprehensive detection result and the CIA state machine to form the overall risk situation.
Fig. 1 is a flowchart of a first preferred embodiment of the network security and protection method based on comprehensive evaluation according to the present invention. As shown in fig. 1, in step S1, each safety component and a safety management and control platform managing each safety component are deployed. In a preferred embodiment of the present invention, the security component may include, for example, a network hypervisor, a core hypervisor, a host security agent module, a firewall, and the like. The firewall may further include a manageable firewall, a manageable application firewall (cloud), and the like.
Preferably, the network management controller may be configured to monitor and compare the configuration, the port state, the flow rate, and the operation state of the network device according to the security standard configuration of the network device, send a security event if the comparison is inconsistent, monitor access of a terminal in the network in real time, block access of a non-authentication terminal, generate an alarm report, and prevent an illegal inline.
The core management controller is used for being responsible for security monitoring and auditing of a core service domain and an access database, and comprises security conditions such as user operation records, service application, monitoring processes and the like. Preferably, the core hypervisor may capture data packets of the entire network by using a monitoring system for protocol analysis and by using a bypass monitoring method, and use the data packets for some large database systems such as Sybase to transmit data by using a TDS protocol. The core management controller is responsible for security monitoring and auditing of a core service domain and an access database, comprises security conditions such as user operation records, service application, monitoring processes and the like, records the operation of all users on the core database in different time periods by analyzing interactive data between the users and the database server, and provides detailed information for data recovery and positioning illegal operation in the future.
The host controller can adopt a centralized and distributed management idea, the security management and control platform performs centralized management, receives the security policy of the security management and control platform, instantiates the security policy according to the managed host type, and realizes the decentralized control of the host. And monitoring and comparing the user, the configuration file, the process, the service and the interface of the host according to the safety reference configuration of the host, and sending a safety event if the comparison is inconsistent.
The controllable firewall has the functions of partition area, boundary protection and access control; can be used to form a security barrier between the internal network and the untrusted world according to the security rules set by the system administrator. Through a safe and efficient kernel, perfect security setting and transmission control are implemented, and potential intrusion damage is prevented. The controllable firewall can integrate the security technologies such as a content filtering function, an intrusion protection function, an anti-virus function, a vpn function, a flow control function, a user management function, a role authentication function and the like, and comprehensively support the functions such as QoS, High Availability (HA), log audit and the like. The system realizes intrusion detection and virus protection, helps a user to master the whole network information security situation in real time, and carries out early warning and emergency treatment on the outbreak network information security event in time.
The controllable application firewall (cloud) can further increase functions of intrusion detection, an anti-virus engine, application identification and control, web application protection and the like on the basis of the firewall. And supporting cloud deployment to form a fireproof cloud.
The host security agent module is used for authenticating and authorizing the identity of a host user, acquiring the state, reporting data and the like.
The safety management and control platform mainly provides safety basic services such as passwords and the like based on a PKI system, is supported by strong computing power provided by a brain-like computing system, adopts a PDRR model and a PDCA model to realize self-adaptive comprehensive detection, analysis, identification, response and management control, and has automatic and intelligent safety detection and identification capabilities. Therefore, the security management and control platform mainly comprises a security management module, a security monitoring and auditing module, a configuration management module, a situation awareness module and a continuous security evolution module.
Preferably, the security management module has functions of label management, authorization management, security domain management, security baseline management, policy management, monitoring management, response management and the like.
The configuration management module is used for carrying out unified centralized configuration and management on managed and controlled objects (safety components, network equipment and the like), and has the functions of user management, asset management, topology management, upgrading management and the like. Preferably, in a preferred embodiment of the present invention, when the network security assurance method based on comprehensive evaluation of the present invention is applied to a railway ticket system, it may mainly provide a method for managing and monitoring the operation condition of the railway ticket security system to an end user in a visual graphical interface and an intuitive manner, and provide a security management and system management operation interface for the user to configure and manage security components, such as issuing of firewall (cloud) rules, issuing of firewall (cloud) black and white lists. The configuration management module can be further used for supporting automatic scanning of the system, discovering the online running safety component and monitoring the state of the node of the safety component; the method provides management to users, performs identity authentication and authorization operation to an identity card, authorizes the users to be high-level administrators, has a topological graph of an authority management system, can perform initialization operation to a part center and a region center, creates a safety component node in the topological graph, and the like.
The safety monitoring and auditing module has the functions of safety event monitoring, safety state monitoring and conformity inspection, safety auditing strategy management, risk management and the like. The method can be used for performing safety audit and risk analysis on the operation condition of each safety component, and performing responsibility audit and emergency recovery on the components.
The situation awareness module has asset security, risk, attack and threat situation awareness functions, is used for collecting various data reported by security components, such as a network controller, a core controller and a host controller, relates to various threat data generated, processed, transmitted and stored by a third party, performs data fusion, data cleaning, data mining, feature extraction, dynamic response and prediction and machine learning on the full-essential-factor information of an ISO (international organization system) system structure of physics, network, system and application and the like, automatically learns, models and analyzes the data to form a rule, performs network situation assessment, network threat assessment and network situation prediction on a network space by utilizing the rule, and further performs visual, known, manageable, controllable, traceable and early warning on the security situation of the network space, thereby constructing multi-level, multi-angle, multi-granularity, complete and detailed data based on human, data, and the situation awareness of the security situation of the network space, And the security situation perception platform comprises resource objects such as machines and objects, space-time ranges, incidence relations and other elements.
The continuous safety evolution module has the functions of safety arrangement, treatment and recovery. The system is used for organizing the security application, flexibly calling a corresponding security strategy according to the behavior of an attacker, and further quickly, stably and consistently preparing the security coping capability; and configuring, controlling and managing the resources and operation of the system, wherein the configuration comprises user identity, system resource configuration, system loading and starting, exception handling of system operation, data and equipment backup and recovery and the like.
With the large-scale and complicated business system, the unknown risks faced by the network are continuously increased, and the brain-like computing system is required to provide strong computing power support in order to carry out comprehensive and real-time risk assessment on the OSI seven-layer model. Furthermore, due to the number of the working processes and the flow states of the service system and the complexity of conversion, real-time detection and filtering effects are achieved, the system service is not interfered, and a large computing force platform is required for support. Therefore, in the preferred embodiment, the security management and control platform includes a brain-like computing module, and the brain-like computing module adopts a parallel computing hypercube architecture system integrating computing, storage and communication. The method is characterized in that a basic parallel type brain neuron computing unit is realized based on a stable Hopfield neural network structure without self-feedback, a full-gridding decentralized advanced computing system is realized under the support of a customized operating system, an SDN full-switching network and a big data elastic storage network, and the method has super computing capacity, supports the elastic expansion of computing nodes and resources, and is convenient to deploy and install. The method provides great computing power for constructing the operation tree by analyzing and matching a plurality of operation sequence state record tracks of massive users. The PKI system provides various cryptographic services, security authentication and other functions required by the security system based on the national cryptographic algorithm.
In a further preferred embodiment of the invention, the security management and control platform may further comprise a dedicated security management control (YD-SOMN) communication component. The special safety management control (YD-SOMN) communication component provides data exchange and conversion standards of a safety management and control platform and each safety component based on a private safety protocol, and supports distributed automatic safety collaborative linkage control.
The safety component and the safety management and control platform communicate through a safety communication module. The safety communication module can be used as boundary equipment of a network and is used for automatically carrying out imperceptible data encryption and decryption on data in the network and providing services of key generation, safety management, data packet encryption operation and decryption operation. A multi-encryption algorithm is provided, and data is signed and encrypted, so that confidentiality, authenticity and non-repudiation of transmitted data are guaranteed; the integrity of the trusted path setting is completed, the safety of a transmission path and the safety of transmission data content are ensured, the national secret standard is supported, a complete system is formed by combining background service, and the method can be applied to various safety communication scenes.
In a preferred embodiment of the present invention, the deployment of the security management and control platform includes deploying the security management and control platform in a security management center, performing comprehensive analysis, detection and risk assessment on the service information reported by the distributed deployed security components by the security management and control platform, preprocessing the assessed risk events to generate a uniform security policy, and issuing the uniform security policy to each refined security component, and controlling each security component to continuously execute and optimize the security policy in a linkage manner.
In a preferred embodiment of the present invention, the deploying of the security component includes deploying various security components that can be managed and controlled by the security management and control platform in a distributed manner in the managed and controlled service object system according to the importance of the service and the requirements and targets of security guarantee, detecting the service objects managed by the different security components, and reporting the collected different service information to the security management and control platform. In a preferred embodiment of the present invention, the security component may include, for example, a network hypervisor, a core hypervisor, a host security agent module, a firewall, and the like. The firewall may further include a manageable firewall, a manageable application firewall (cloud), and the like. The service information includes, but is not limited to, an operating system, a log, software and hardware configuration, a vulnerability, a security label, a state, performance, a user role authority, an operation, an application workflow, a service chain, an attack chain, and the like of the network security protection system. The states comprise states of all state machines of the business working process, and the business state machines are generated and reported to the security management and control platform. For example, the host security agent module mainly detects the identity, authority class information, etc. of the host user. The firewall mainly detects access control information such as network area boundaries, security marks and the like. The host management and control device mainly detects host user, configuration file, process, service, interface, performance, vulnerability and state information. The core management controller mainly detects the information of user operation and service application of the database. The network management controller mainly detects user, configuration, port and flow information of the network equipment. The detection of invasion and virus information is further increased by the fireproof cloud, so that the detected and identified service information comprehensively covers the content of an OSI7 layer, and a foundation is provided for the comprehensive risk assessment of a subsequent security management and control platform.
In step S2, each security component actively collects the service information of the service object, and reports its own operation log and the collected service information to the security management and control platform.
In a preferred embodiment of the present invention, each of the security components actively performs real-time acquisition of service information according to a round-robin mechanism or a configured acquisition cycle, caches and encrypts an operation log of the security component and the acquired service information, and reports the operation log and the acquired service information to the security management and control platform in real time; and the safety management and control platform carries out comprehensive identification, detection and risk assessment on the service information by an open system interconnection communication reference model based on the subject and object mark of the subject user role authority.
In a further preferred embodiment of the present invention, each controllable distributed security component collects status and log information data of objects such as a network switch, a router, a service computing environment host, a server, and a database that are managed by each controllable distributed security component according to a polling mechanism or a collection cycle and an instruction configured by the security management control platform, and reports the data to the security management center in real time after being encrypted by the security communication module, thereby ensuring confidentiality, authenticity, and non-repudiation of transmitted data, and thus ensuring the reliability of the evaluated data, so that the security management and control platform performs comprehensive detection and risk evaluation on the trusted data. Specifically, the security management and control platform can realize seven-layer comprehensive identification of an Open System Interconnection Reference Model (OSI) based on a subject-object mark of a subject user role authority, wherein the seven-layer comprehensive identification comprises users, processes, files, base tables, protocols, operation instructions, parameters, codes, System calls, signals and the like; the method comprises the steps of carrying out OSI seven-layer comprehensive detection on an operating system, logs, software and hardware configuration, bugs, vulnerabilities, safety marks, states, performances, user role authorities, operations, application workflow, service chains, attack chains and the like of a safety protection system, and carrying out comprehensive detection, identification and risk assessment on the service information according to a pre-constructed safety service model.
In step S3, the security management and control platform performs a unified risk assessment on the service information reported by the security component based on the constructed risk assessment system. Preferably, the risk assessment system comprises: the system comprises a safety baseline, a risk identification library and a risk situation calculation library. Fig. 2 is a flowchart of the risk assessment steps of the preferred embodiment of the network security and security method based on comprehensive assessment of the present invention.
As shown in fig. 2, in step S31, the security management and control platform performs comprehensive analysis on the service information reported by each security component to fully detect the security event covering OSI seven layers. In the preferred embodiment of the invention, the safety management and control platform comprehensively analyzes the service information reported by different safety parts, and can comprehensively detect the safety event covering the OSI seven layers because the reported service information covers the content of the OSI seven layers. Here, the security event refers to an event that an abnormal behavior exists in the network but needs to be further evaluated to determine whether the abnormal behavior constitutes a substantial risk, and includes information from different sources such as vulnerability information, attack information, asset information, and the like in the business system. The vulnerability information refers to information obtained by modes of identification, vulnerability scanning and the like of various network hosts, operating systems, network devices (such as switches, routers, firewalls and the like), virtualization platforms such as VMWARE and the like, application systems and the like. The attack information refers to some attack events, threat intelligence, risk access and the like which occur in network communication, and can be acquired from log information of intrusion detection equipment, a firewall, a switch and the like. The asset information refers to identification information of a security component existing in the network.
In step S32, the security management and control platform builds a security baseline and determines whether the security event belongs to a threat event based on the security baseline. In the invention, the security management and control platform forms a security baseline according to the state machine of the normal service workflow and the life curve of the RAMS, further judges the detected security event by combining with the CIA state machine, and determines the security event as an event which threatens the network security according to the current state machine of the security event as an unsafe state, namely a threat event.
In the preferred embodiment of the present invention, the security management and control platform constructs a service state machine based on each service and associated service of an application system; the security management and control platform records the state machine of the normal service workflow and the conversion composition of the state machine, and forms the security baseline based on the full life cycle of the RAMS; and the security management and control platform judges whether the security event belongs to a threat event or not based on the security baseline and a CAI state machine.
Fig. 3 is a model diagram of the operation mechanism of the CIA state machine according to the preferred embodiment of the network security and assurance method based on comprehensive evaluation. As shown in fig. 3, a service state machine is constructed according to each service and association relationship of the application system. Each service forms a sub-service state machine due to the service step state and the state relation, and the sub-service states and the conversion relation of the plurality of mutual relations form the service state machine. Recording a state machine and a conversion process of a normal business workflow, forming a full life cycle curve based on the normal business workflow based on a full life cycle cost theory of LCC of RAMS, judging the current differential behavior of the detected security event, and primarily evaluating whether the detected security event is an event threatening network security, namely a threatening event.
In step S33, the security management and control platform builds a risk identification library, and performs differential identification on the threat event based on the risk identification library to obtain a dangerous event that substantially jeopardizes network security. In the invention, the safety management and control platform constructs the risk identification library based on the general evaluation criterion of international information technology safety, the mature model process domain of system safety engineering capability, the RAMS life curve, the time division module and the space division model; the security management and control platform differentially identifies the threat events based on the risk identification library to determine from multiple dimensions whether the threat events are dangerous events that cause substantial harm to network security.
FIG. 4 is a schematic block diagram of a risk identification library of the preferred embodiment of the network security and insurance method based on comprehensive evaluation of the present invention. For example, models such as CC, SSE-CMM, RAMS life curve, time division and space division can be integrated into a whole to construct a risk identification library, namely, the safety management and control platform constructs the risk identification library based on the international information technology safety general evaluation criterion, the system safety engineering capability maturity model process domain, the RAMS life curve, the time division module and the space division model. The security assurance requirements of the CC include: protection profile Assessment (APE), security objective Assessment (ASE), configuration management (ACM), delivery and operation (ADO), development (ADV), instructional documentation (AGD), life cycle support (ALC), testing (ATE), vulnerability assessment (AVA), and Assurance Maintenance (AMA). The safety engineering process domain of the SSE-CMM includes: risk process domain, engineering process domain and guaranty process domain. Risk factors contained in the safety evaluation and system development processes are identified in the risk process and are ranked according to the risk level; in the engineering process, measures are taken to solve the problems caused by the danger; the vouching process is to ensure that the security solution is effective and to communicate this assurance to the user. The three domains cooperate simultaneously, and the target of the safety engineering process is achieved. The RAMS is an RAMS demonstration process which needs to establish reliability, availability, maintainability and safety in the whole life cycle process from the feasibility analysis research of safety evaluation to the scrapping of safety evaluation, establishes RAMS requirements through RAMS demonstration and integrates RAMS parameters into the requirement forming process. The time division model adopts an asynchronous task regulation control mode based on time slot allocation to construct a safety calculation system under the condition of multi-time constraint, and the method is characterized in that the time provided for the whole safety calculation is flexibly divided into a plurality of time slots and is dynamically allocated to calculation tasks such as CC, SSE-CMM, RAMS and the like in a self-adaptive manner, and each calculation task completes the calculation in the own time slot. The mode can allocate time slots according to the requirement of the time consumption condition of safe calculation instead of allocating and loading fixed time slots, obtains an optimized time slot planning scheme by solving a constraint satisfaction method on the basis of the established time target constraint process control function, and then realizes the allocation of the calculation tasks to the time slice multiplexing based on the optimized time slot planning scheme. The space division model adopts a definable software scheduling control mode based on resource reuse to construct a safety calculation system under the condition of multi-resource constraint, which is characterized by sensing the physical running condition of safety equipment and bearing the safety calculation tasks thereon in real time, and performing fine-granularity dynamic segmentation on the calculation tasks such as CC, SSE-CMM, RAMS and the like according to different calculation modes and task load characteristics to realize the elastic planning and reconstruction of corresponding virtual resources. The mode can enhance the capability of minimizing the computational power of physical resources in the process of load consumption and fatigue approximation, obtains an optimized virtual resource planning scheme by solving the constraint satisfaction method on the basis of the established virtual resource constraint satisfaction method, and then realizes the distribution from the physical resources to the virtual resources based on the optimized virtual resource planning scheme. In order to ensure that the computing tasks based on the safety evaluation standards such as CC, SSE-CMM, RAMS and the like normally run, the time-space division model is utilized to perform time-space adaptive coordination and constraint on the whole computing task, so that no time conflict and certain space occupation can be ensured in the use process of a plurality of computing tasks, and the whole risk identification model can run reasonably.
The risk identification library is used for comprehensively judging the risk level, the attack strength, the threat strength, whether the risk level, the attack strength, the threat strength, the safety standard and the like of the event which is determined by the safety baseline and forms the threat to the network safety, further refining the risk judgment standard and the screening granularity, accurately identifying the differential behavior of the safety event screened by the safety baseline, and judging whether the differential behavior causes substantial harm to the network safety, wherein the substantial harm comprises whether the external illegal user accesses, the unauthorized operation of the internal user, the attack of a hacker to a single device or a server and the like.
In step S34, the safety management and control platform performs risk situation assessment on the dangerous event based on an integrated assessment algorithm. In a preferred embodiment of the present invention, after the differential behaviors are processed by the risk identification library, the risk of the security event is evaluated by using an integrated risk evaluation algorithm, so as to form an overall risk situation. Namely, a security event with substantial harm to the network is determined according to the security baseline and the risk identification library, and the risk of the security event is evaluated by adopting an integrated risk evaluation algorithm according to the differential behavior of the security event, so that a risk situation is formed.
Specifically, the integrated risk assessment algorithm includes a risk factor analysis method, a fuzzy comprehensive evaluation method, an internal control evaluation method, an analytical review method, a qualitative risk evaluation method, a risk rate risk evaluation method and the like. Fig. 6 is a schematic structural diagram of a network security and assurance system based on comprehensive evaluation according to a preferred embodiment of the present invention. In the risk situation calculation model constructed by the scheme, each risk assessment algorithm is required to be used for respectively assessing and calculating the behaviors with differences to respectively obtain different risk assessment values, then all the obtained risk assessment values are weighted and averaged, and the average value is used as a comprehensive risk assessment value, so that the size of the risk can be accurately and comprehensively analyzed, and the overall risk situation is formed.
The network security guarantee method based on comprehensive evaluation has the following beneficial effects: (1) and the safety control part is used for comprehensively evaluating the risks. A safety management and control platform constructs a corresponding safety service model for each layer of OSI, carries out comprehensive risk detection on service information reported by a distributed safety component, and carries out comprehensive evaluation on detected safety events through a constructed risk evaluation system, thereby obtaining a comprehensive and reliable evaluation result; (2) and integrating the multi-dimensional evaluation means together based on various safety evaluation standards to construct an integrated risk evaluation system. Based on various safety evaluation standards, a risk evaluation framework and an algorithm model are integrated, and the safety events are subjected to detailed evaluation from multiple dimensions, so that the evaluation content is more comprehensive, and the accuracy of the overall risk situation evaluation is improved; (3) and forming a safety baseline according to the state machine of the normal service workflow and the RAMS life curve, wherein the evaluation strength covers the whole service process. Based on the LCC full life cycle cost theory of the RAMS, a full life cycle curve based on the normal business workflow is formed, the full life cycle process of the normal business is recorded and analyzed, and the whole process of the occurrence, development and evolution of network threat behaviors can be depicted in a fine-grained manner; (4) the safety control part controls the safety part in a unified mode and controls the safety part in a linkage mode to evaluate risks comprehensively, and an evaluation system is complete. The safety management and control platform performs centralized management on the distributed deployed safety components, unifies the evaluation standards to form an integral safety risk situation, and sends the evaluation result to each safety component, so that each safety component takes the received evaluation result as a basis for confirming the safety event risk evaluation, the effect of comprehensively and real-timely evaluating the risk by controlling the safety components in a linkage manner through the safety management and control platform is achieved, information among all devices is interconnected and communicated, and the safety protection requirement of complex services is met.
Fig. 6 is a schematic block diagram of a first preferred embodiment of the network security and security system based on comprehensive evaluation of the present invention. As shown in fig. 6, the network security and assurance system based on comprehensive evaluation includes a plurality of security components 100 and a security management and control platform 200 that manages each of the security components 100. As shown in fig. 5, the security component 100 includes a network manager 110, a core manager 120, a host manager 130, a host security agent module 140, and a firewall 150. The security management and control platform comprises a security management module 210, a security monitoring and auditing module 220, a configuration management module 230, a situation awareness module 240, a persistent security evolution module 250, a dedicated security management control communication component 260 and a brain-like computing module 270. Preferably, the safety component 100 and the safety management and control platform 200 may communicate via a safety communication module. The security management and control platform 200 stores a computer program, and the computer program is executed by a processor on the security management and control platform 200 to implement the network security assurance method based on comprehensive evaluation.
The network security guarantee system based on comprehensive evaluation adopts a centralized and distributed management idea and a private security management control protocol, is based on a PKI system and a brain-like computing system, is centrally managed by a security management and control platform, receives reported information of security components such as a network management controller, a host management controller, a core management controller, a host security agent, a firewall, a security communication module and the like which are deployed in a distributed manner, generates a security management and control strategy through security analysis and processing, issues the security management and control strategy to the security components for automatic execution, handles and blocks security events, and reduces the risk of the security events to an acceptable degree. The purposes of distributed deployment, centralized management and control, automation and intelligent safety management and control are achieved, and the requirement of high-reliability high-efficiency continuous safe operation of a complex business system is met.
Those skilled in the art will appreciate that the network security and security system based on comprehensive evaluation may be constructed based on the teaching of the network security and security method based on comprehensive evaluation shown in fig. 1-5. Based on the teaching of the present invention, those skilled in the art can implement the network security and security system based on comprehensive evaluation, and will not be described again here.
The network security guarantee system based on comprehensive evaluation has the following beneficial effects: (1) and the safety control part is used for comprehensively evaluating the risks. A safety management and control platform constructs a corresponding safety service model for each layer of OSI, carries out comprehensive risk detection on service information reported by a distributed safety component, and carries out comprehensive evaluation on detected safety events through a constructed risk evaluation system, thereby obtaining a comprehensive and reliable evaluation result; (2) and integrating the multi-dimensional evaluation means together based on various safety evaluation standards to construct an integrated risk evaluation system. Based on various safety evaluation standards, a risk evaluation framework and an algorithm model are integrated, and the safety events are subjected to detailed evaluation from multiple dimensions, so that the evaluation content is more comprehensive, and the accuracy of the overall risk situation evaluation is improved; (3) and forming a safety baseline according to the state machine of the normal service workflow and the RAMS life curve, wherein the evaluation strength covers the whole service process. Based on the LCC full life cycle cost theory of the RAMS, a full life cycle curve based on the normal business workflow is formed, the full life cycle process of the normal business is recorded and analyzed, and the whole process of the occurrence, development and evolution of network threat behaviors can be depicted in a fine-grained manner; (4) the safety control part controls the safety part in a unified mode and controls the safety part in a linkage mode to evaluate risks comprehensively, and an evaluation system is complete. The safety management and control platform performs centralized management on the distributed deployed safety components, unifies the evaluation standards to form an integral safety risk situation, and sends the evaluation result to each safety component, so that each safety component takes the received evaluation result as a basis for confirming the safety event risk evaluation, the effect of comprehensively and real-timely evaluating the risk by controlling the safety components in a linkage manner through the safety management and control platform is achieved, information among all devices is interconnected and communicated, and the safety protection requirement of complex services is met.
Accordingly, the present invention can be realized in hardware, software, or a combination of hardware and software. The present invention can be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods of the present invention is suited. A typical combination of hardware and software could be a general purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
The present invention may also be implemented by a computer program product, comprising all the features enabling the implementation of the methods of the invention, when loaded in a computer system. The computer program in this document refers to: any expression, in any programming language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to other languages, codes or symbols; b) reproduced in a different format.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A network security guarantee method based on comprehensive evaluation is characterized by comprising the following steps:
s1, deploying each safety component and managing a safety management and control platform of each safety component;
s2, each safety component actively collects the service information of the service object and reports the operation log of the safety component and the collected service information to the safety management and control platform;
and S3, the safety management and control platform carries out unified risk assessment on the service information reported by the safety component based on a constructed risk assessment system.
2. The method for network security assurance based on comprehensive evaluation according to claim 1, wherein the step S3 further comprises:
s31, the safety management and control platform comprehensively analyzes the service information reported by each safety component to comprehensively detect the safety event covering OSI seven layers;
s32, the security management and control platform builds a security baseline and judges whether the security event belongs to a threat event or not based on the security baseline;
s33, the security management and control platform constructs a risk identification library, and differentiates and identifies the threat events based on the risk identification library to obtain the dangerous events which cause substantial harm to network security;
and S34, the safety management and control platform carries out risk situation assessment on the dangerous event based on an integrated assessment algorithm.
3. The network security assurance method based on comprehensive evaluation according to claim 2, wherein the step S32 further comprises:
s321, the safety management and control platform builds a service state machine based on each service and associated service of the application system;
s322, the security management and control platform records the state machine of the normal business workflow and the conversion composition of the state machine, and forms the security baseline based on the full life cycle of the RAMS;
s323, the security management and control platform judges whether the security event belongs to a threat event or not based on the security baseline and the CAI state machine.
4. The method for network security assurance based on comprehensive evaluation according to claim 3, wherein in the step S321, the service step status and status relationship of each service itself constitute a sub-service state machine, and the plurality of inter-related sub-service statuses and transition relationships constitute the service state machine.
5. The method for network security assurance based on comprehensive evaluation according to claim 3, wherein the step S33 further comprises:
s331, the safety management and control platform builds the risk identification library based on an international information technology safety general evaluation criterion, a system safety engineering capability maturity model process domain, an RAMS life curve, a time division module and an air separation model;
s332, the security management and control platform carries out differential identification on the threat events based on the risk identification library so as to judge whether the threat events are dangerous events causing substantial harm to network security from multiple dimensions.
6. The network security assurance method based on comprehensive evaluation according to claim 5, wherein the system security engineering capability maturity model process domain comprises: a risk process domain, an engineering process domain and a guarantee process domain; the risk process domain comprises the steps of identifying risk factors contained in the safety assessment and system development process and arranging the risk factors according to the risk level; the engineering process domain comprises taking a solution to a problem caused by the risk factor, and the guaranty process domain comprises ensuring that the solution is effective and ensuring that the solution is delivered to a user side.
7. The network security and assurance method based on comprehensive evaluation according to claim 5, wherein the time division model adopts an asynchronous task adjustment control mode based on time slot allocation to construct a security computing system under a multi-time constraint condition, flexibly divides time provided for the whole security computation into a plurality of time slots, and adaptively and dynamically allocates the time slots to each computation task for use, and each computation task completes computation in its own time slot.
8. The network security assurance method based on comprehensive evaluation according to claim 5, wherein the space division model adopts a definable software scheduling control mode based on resource reuse to construct a security computing system under a multi-resource constraint condition so as to immediately sense the physical operating condition of the security device and bear security computing tasks thereon, and performs fine-grained dynamic segmentation on each computing task according to different computing modes and task load characteristics to realize elastic planning and reconstruction of corresponding virtual resources.
9. The method for network security assurance based on comprehensive evaluation according to claim 5, wherein the security components comprise a network manager, a core manager, a host security agent module and a firewall; the security management and control platform comprises a security management module, a security monitoring and auditing module, a configuration management module, a situation perception module, a continuous security evolution module and a special security management control communication assembly; the safety component and the safety management and control platform communicate through a safety communication module.
10. A network security guarantee system based on comprehensive evaluation is characterized by comprising a plurality of security components, a security management and control platform for managing each security component and a security communication module, wherein the security components and the security management and control platform are communicated through the security communication module; the security management and control platform stores a computer program thereon, and the computer program, when executed by a processor on the security management and control platform, implements the network security assurance method based on comprehensive evaluation according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110020829.8A CN112766672A (en) | 2021-01-07 | 2021-01-07 | Network security guarantee method and system based on comprehensive evaluation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110020829.8A CN112766672A (en) | 2021-01-07 | 2021-01-07 | Network security guarantee method and system based on comprehensive evaluation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112766672A true CN112766672A (en) | 2021-05-07 |
Family
ID=75700862
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110020829.8A Pending CN112766672A (en) | 2021-01-07 | 2021-01-07 | Network security guarantee method and system based on comprehensive evaluation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112766672A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113225359A (en) * | 2021-07-12 | 2021-08-06 | 深圳市永达电子信息股份有限公司 | Safety flow analysis system based on brain-like calculation |
| CN113225358A (en) * | 2021-07-09 | 2021-08-06 | 四川大学 | Network security risk assessment system |
| CN113347209A (en) * | 2021-07-30 | 2021-09-03 | 深圳市永达电子信息股份有限公司 | Service behavior analysis method, system, equipment and storage medium based on state machine |
| CN113612793A (en) * | 2021-08-13 | 2021-11-05 | 中能电力科技开发有限公司 | Electric power enterprise network security risk management platform based on PDCA |
| CN114666170A (en) * | 2022-05-25 | 2022-06-24 | 深圳市永达电子信息股份有限公司 | Hierarchical security distributed management and control method and system |
| CN115664851A (en) * | 2022-12-14 | 2023-01-31 | 深圳市永达电子信息股份有限公司 | Safety management and control method and device based on business behaviors |
| CN116089965A (en) * | 2023-04-10 | 2023-05-09 | 南京信息工程大学 | Information security emergency management system and method based on SOD risk model |
| CN116633664A (en) * | 2023-06-20 | 2023-08-22 | 广东网安科技有限公司 | Evaluation system for network security monitoring |
| CN117195183A (en) * | 2023-09-28 | 2023-12-08 | 四川赛闯检测股份有限公司 | Data security compliance risk assessment system |
| CN117579388A (en) * | 2024-01-16 | 2024-02-20 | 北京源堡科技有限公司 | Risk assessment method, system, equipment and medium for intelligent network interconnection industrial control system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938460A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
| US20170346846A1 (en) * | 2016-05-31 | 2017-11-30 | Valarie Ann Findlay | Security threat information gathering and incident reporting systems and methods |
| CN212259006U (en) * | 2020-07-15 | 2020-12-29 | 中创为(成都)量子通信技术有限公司 | Network security management equipment |
-
2021
- 2021-01-07 CN CN202110020829.8A patent/CN112766672A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938460A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
| US20170346846A1 (en) * | 2016-05-31 | 2017-11-30 | Valarie Ann Findlay | Security threat information gathering and incident reporting systems and methods |
| CN212259006U (en) * | 2020-07-15 | 2020-12-29 | 中创为(成都)量子通信技术有限公司 | Network security management equipment |
Non-Patent Citations (1)
| Title |
|---|
| 吴丹;王志英;: "CC与SSE-CMM结合的信息安全评估方法", 计算机科学, no. 11, pages 152 - 154 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113225358A (en) * | 2021-07-09 | 2021-08-06 | 四川大学 | Network security risk assessment system |
| CN113225358B (en) * | 2021-07-09 | 2021-09-03 | 四川大学 | Network security risk assessment system |
| CN113225359A (en) * | 2021-07-12 | 2021-08-06 | 深圳市永达电子信息股份有限公司 | Safety flow analysis system based on brain-like calculation |
| CN113347209A (en) * | 2021-07-30 | 2021-09-03 | 深圳市永达电子信息股份有限公司 | Service behavior analysis method, system, equipment and storage medium based on state machine |
| CN113347209B (en) * | 2021-07-30 | 2021-11-26 | 深圳市永达电子信息股份有限公司 | Service behavior analysis method, system, equipment and storage medium based on state machine |
| CN113612793A (en) * | 2021-08-13 | 2021-11-05 | 中能电力科技开发有限公司 | Electric power enterprise network security risk management platform based on PDCA |
| CN114666170A (en) * | 2022-05-25 | 2022-06-24 | 深圳市永达电子信息股份有限公司 | Hierarchical security distributed management and control method and system |
| CN114666170B (en) * | 2022-05-25 | 2022-10-28 | 深圳市永达电子信息股份有限公司 | Hierarchical security distributed management and control method and system |
| CN115664851A (en) * | 2022-12-14 | 2023-01-31 | 深圳市永达电子信息股份有限公司 | Safety management and control method and device based on business behaviors |
| CN116089965A (en) * | 2023-04-10 | 2023-05-09 | 南京信息工程大学 | Information security emergency management system and method based on SOD risk model |
| CN116633664A (en) * | 2023-06-20 | 2023-08-22 | 广东网安科技有限公司 | Evaluation system for network security monitoring |
| CN116633664B (en) * | 2023-06-20 | 2023-11-03 | 广东网安科技有限公司 | Evaluation system for network security monitoring |
| CN117195183A (en) * | 2023-09-28 | 2023-12-08 | 四川赛闯检测股份有限公司 | Data security compliance risk assessment system |
| CN117195183B (en) * | 2023-09-28 | 2024-04-16 | 四川赛闯检测股份有限公司 | Data security compliance risk assessment system |
| CN117579388A (en) * | 2024-01-16 | 2024-02-20 | 北京源堡科技有限公司 | Risk assessment method, system, equipment and medium for intelligent network interconnection industrial control system |
| CN117579388B (en) * | 2024-01-16 | 2024-04-05 | 北京源堡科技有限公司 | Risk assessment method, system, equipment and medium for intelligent network interconnection industrial control system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112766672A (en) | Network security guarantee method and system based on comprehensive evaluation | |
| CN112769825B (en) | Network security guarantee method, system and computer storage medium | |
| US11522887B2 (en) | Artificial intelligence controller orchestrating network components for a cyber threat defense | |
| CN112866219B (en) | Safety management and control method and system | |
| Ficco | Security event correlation approach for cloud computing | |
| CN112887268B (en) | Network security guarantee method and system based on comprehensive detection and identification | |
| CN112436957B (en) | PDRR network security guarantee model parallel implementation system based on cloud computing | |
| US20070266433A1 (en) | System and Method for Securing Information in a Virtual Computing Environment | |
| US9967169B2 (en) | Detecting network conditions based on correlation between trend lines | |
| CN114372286A (en) | Data security management method and device, computer equipment and storage medium | |
| CN107295010A (en) | A kind of enterprise network security management cloud service platform system and its implementation | |
| Stavridou et al. | Intrusion tolerant software architectures | |
| CN111327601A (en) | Abnormal data response method, system, device, computer equipment and storage medium | |
| Wang et al. | A centralized HIDS framework for private cloud | |
| CN110033174A (en) | A kind of industrial information efficient public security system building method | |
| Sharma et al. | Survey of intrusion detection techniques and architectures in cloud computing | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| CN112433808A (en) | Network security event detection system and method based on grid computing | |
| CN112039858A (en) | Block chain service security reinforcement system and method | |
| Toumi et al. | Cooperative trust framework for cloud computing based on mobile agents | |
| CN113132318A (en) | Active defense method and system for information safety of power distribution automation system master station | |
| US20110010590A1 (en) | Enterprise black box system and method for data centers | |
| CN112291266B (en) | Data processing method, device, server and storage medium | |
| US10110440B2 (en) | Detecting network conditions based on derivatives of event trending | |
| KR20130033161A (en) | Intrusion detection system for cloud computing service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |