CN112925805A - Big data intelligent analysis application method based on network security - Google Patents
Big data intelligent analysis application method based on network security Download PDFInfo
- Publication number
- CN112925805A CN112925805A CN202110401931.2A CN202110401931A CN112925805A CN 112925805 A CN112925805 A CN 112925805A CN 202110401931 A CN202110401931 A CN 202110401931A CN 112925805 A CN112925805 A CN 112925805A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- establishing
- security
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/215—Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
- G06F16/285—Clustering or classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/067—Enterprise or organisation modelling
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Databases & Information Systems (AREA)
- Human Resources & Organizations (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Engineering & Computer Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Data Mining & Analysis (AREA)
- Economics (AREA)
- Quality & Reliability (AREA)
- Development Economics (AREA)
- Game Theory and Decision Science (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Educational Administration (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Computational Linguistics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a big data intelligent analysis application method based on network security, which comprises the following steps: acquiring and preprocessing network data, storing the network data and forming a distributed storage management system; establishing a mathematical model base according to the network data to complete data structure definition; and providing an entry for data mining analysis, establishing a corresponding model according to the algorithm parameters, and generating an analysis result. The invention can sense the network security situation in all weather and all directions based on the security big data; the existing real-time monitoring technology is utilized, and abnormal behaviors are found through long-time data analysis; through data modeling, visual analysis capability is established, the influence range, attack path, purpose and means of the threat are quickly researched and judged, and effective safety decision and response are made; and a risk report and threat early warning mechanism is established, information such as attackers' purposes, skills and tactics, attack tools and the like is comprehensively mastered, and a defense system is perfected.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a big data intelligent analysis application method based on network security.
Background
At present, the network security technology generally detects the continuous threat of all suspicious network activities through big data analysis and detection of known network threats and attack behaviors, that is, through technologies such as analyzing network traffic, threat data and behaviors, and the like, so as to protect.
However, although the technology can perform network detection and file detection synchronously, the technology lacks capabilities of data acquisition, analysis and prediction, judgment and early warning, solution and the like for unknown threats.
Disclosure of Invention
The invention aims to provide a big data intelligent analysis application method based on network security, which can effectively monitor various network threats.
In order to achieve the above object, the present invention provides a big data intelligent analysis application method based on network security, which is characterized in that the application method comprises: acquiring and preprocessing network data, storing the network data and forming a distributed storage management system; establishing a mathematical model base according to the network data to complete data structure definition; and providing an entry for data mining analysis, establishing a corresponding model according to the algorithm parameters, and generating an analysis result.
Preferably, the step of "acquiring and preprocessing network data, storing the network data and forming a distributed storage management system" includes: and capturing network data through a threat information characteristic library, converging the data, and performing uniform preprocessing on the network data according to big data distributed computation characteristics and algorithm characteristics to form a uniform distributed storage management system.
Preferably, the "uniformly preprocessing the network data according to big data distributed computing characteristics and algorithm characteristics" includes: and carrying out preprocessing operations such as hierarchical aggregation, recombination, cleaning, extraction, conversion, management, segmentation and the like on the network data by utilizing data slicing, data classification, data aggregation and data index marking technologies.
Preferably, the step of establishing a mathematical model library according to the network data and completing the data structure definition includes: and intelligently analyzing, mining and exploring the network data, establishing a mathematical model base, realizing the data structure definition of a big data format, and uniformly managing the algorithm parameters, the mathematical model base, a model evaluation system and the mining analysis result.
Preferably, the step of establishing a mathematical model library according to the network data and completing the data structure definition includes: establishing an event understanding engine, carrying out association analysis on the merged security logs based on event understanding rules, and understanding the security logs as security events so as to improve the alarm accuracy; and abstracting an analysis model, and carrying out code implementation on the analysis model in Spark-streaming.
Preferably, the step of establishing a mathematical model library according to the network data and completing the data structure definition includes: establishing an attack chain analysis model, generating a network security event by analyzing the security logs and the flow security logs collected by each network security device, carrying out forward and backward two-way reasoning, carrying out forward reasoning to early warn potential threats, and carrying out backward reasoning to restore an attack scenario.
Preferably, the method further comprises the following steps: and the attack chain mining program aggregates all the security events according to the dimensionality of the target asset on the basis of the network security events and corresponds to all the stages of the attack chain, so that the vulnerable host in the current network is discovered.
Preferably, the step of establishing a mathematical model library according to the network data and completing the data structure definition includes: establishing an information correlation model, and realizing potential threat alarm through correlation analysis of cloud information and local events; wherein the potential threats comprise malicious IP and malicious URL.
Preferably, the step of establishing a mathematical model library according to the network data and completing the data structure definition includes: when the safety log passes through the analysis engine, the safety log is matched with the knowledge base, the safety log is labeled to generate a safety event, the event is uploaded to cloud information to verify the information, and the analysis accuracy is improved.
Preferably, the step of establishing a mathematical model library according to the network data and completing the data structure definition includes: establishing a risk assessment model, performing risk assessment on external threats and asset vulnerabilities by combining asset values, obtaining a risk score through the risk assessment, generating a decision of a disposal mode based on the risk score, performing vulnerability repair and threat blocking.
Compared with the prior art, the big data intelligent analysis application method based on network security can sense the network security situation in all weather and all around on the basis of the security big data; the existing real-time monitoring technology is utilized, and abnormal behaviors are found through long-time data analysis; through data modeling, visual analysis capability is established, the influence range, attack path, purpose and means of the threat are quickly researched and judged, and effective safety decision and response are made; and a risk report and threat early warning mechanism is established, information such as attackers' purposes, skills and tactics, attack tools and the like is comprehensively mastered, and a defense system is perfected.
Drawings
Fig. 1 is a schematic flow chart of a big data intelligent analysis application method based on network security according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
In order to further understand the objects, structures, features and functions of the present invention, the following embodiments are described in detail.
Certain terms are used throughout the description and following claims to refer to particular components. As one of ordinary skill in the art will appreciate, manufacturers may refer to a component by different names. The present specification and claims do not intend to distinguish between components that differ in name but not function. In the following description and in the claims, the terms "include" and "comprise" are used in an open-ended fashion, and thus should be interpreted to mean "include, but not limited to.
Referring to fig. 1, fig. 1 is a schematic flow chart of a big data intelligent analysis application method based on network security according to an embodiment of the present invention.
As shown in fig. 1, the big data intelligent analysis application method provided by the present application includes the steps of:
step S100, acquiring and preprocessing network data, storing the network data and forming a distributed storage management system;
step S200, establishing a mathematical model base according to the network data to complete data structure definition;
and step S300, providing an entry for data mining analysis, establishing a corresponding model according to the algorithm parameters, and generating an analysis result.
In specific implementation, the application is based on comprehensive application of data analysis, information research and judgment, monitoring and early warning of network security situation, takes a security comparison module as a core, and comprises a data capturing and gathering unit, an active analysis module, a storage unit module, a display unit module, a real-time monitoring module and a behavior auxiliary module;
in step S100, a threat intelligence feature library is used to perform data capture and data aggregation, and the data is uniformly preprocessed according to the big data distributed computation characteristic and the algorithm characteristic, so as to form a uniform distributed storage management system. And carrying out rapid calculation and mining analysis on the data by using a distributed computing architecture, and constructing a corresponding business model and visual analysis on the basis of the acquired big data so as to discover and disclose implicit elements and associations. The data acquisition mode is mainly acquired through syslog and flow technologies, for a large number of multi-source heterogeneous data sources, a front probe is adopted, data are collected in a centralized mode, normalized and the like, the data are integrated and then sent to a big data application system in a unified mode, the application system carries out correlation analysis according to the correlation between safety events, more accurate monitoring information is obtained, and attack sources are found.
The big data preprocessing utilizes data slicing, data classification, data aggregation, a data index marking technology to carry out preprocessing operations such as hierarchical aggregation, recombination, cleaning, extraction, conversion, management and segmentation on original data, unifies standard interfaces and data standards, and realizes safe, reliable, rapid and effective unified storage management on data of multiple types and formats on the basis of meeting the requirement of consistency through a distributed storage management technology.
In step S200, the active analysis module performs intelligent analysis, mining, and exploration on the big data. Establishing a mathematical model base to realize the data structure definition of a big data format, uniformly managing algorithm parameters, the mathematical model base, a model evaluation system and mining analysis results, providing an entry for data mining analysis, and automatically calling an algorithm used by the mining analysis and a corresponding model thereof according to input algorithm parameters.
In step S300, an event understanding engine is established, and the merged log is subjected to correlation analysis based on a certain event understanding rule, and the log is understood as a security event, so that the alarm accuracy is improved; and abstracting an analysis model, and carrying out code implementation on the analysis model in Spark-streaming, thereby completing the analysis of the security service in the past and the intelligent analysis scheme of the current big data.
Further, an attack chain analysis model is established, a network security event is generated by analyzing security logs and flow logs collected by each network security device, positive and negative two-way reasoning is carried out, potential threats are early-warned by the positive reasoning, and attack situations are restored by the negative reasoning. And the attack chain mining program aggregates all the security events according to the dimensionality of the target asset on the basis of the network security events and corresponds to all the stages of the attack chain, so that the vulnerable host in the current network is discovered. The current security situation of the whole network is convenient to know, and the fragile assets are reinforced.
Further, an information correlation model is established, and potential threat alarming is achieved through correlation analysis of cloud information and local events. The safety log is matched with the knowledge base when passing through the analysis engine, a safety event is generated by tagging the log, the event is uploaded to cloud information for information verification, the analysis accuracy is improved, in addition, malicious IP information in the cloud information is inquired, other malicious IP attacks are analyzed and fed back, and the early warning function is realized.
Further, a risk assessment model is established, risk assessment is carried out on external threats and asset vulnerability by combining asset value, a risk score is obtained through the risk assessment, a decision of a disposal mode is generated based on the risk score, vulnerability repair is carried out, and threat blocking is carried out.
The system evaluates the risk of the whole system, and scores some security events initiated outside the system, such as intrusion events, abnormal flow events, stiff wood creep events and the like, as threats aiming at each asset; and scoring some internal vulnerabilities such as system vulnerabilities, website security and the like. And finally, carrying out comprehensive analysis by combining the asset value to obtain a security score based on the asset group, the service domain and even the whole system.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a terminal device according to a preferred embodiment of the present invention. The terminal device comprises a processor 301, a memory 302 and a computer program stored in the memory 302 and configured to be executed by the processor 301, wherein the processor 301 implements the big data intelligent analysis application method based on network security according to any one of the above embodiments when executing the computer program.
Preferably, the computer program may be divided into one or more modules/units (e.g., computer program 1, computer program 2, … …) that are stored in the memory 302 and executed by the processor 301 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used for describing the execution process of the computer program in the terminal device.
The Processor 301 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, etc., the general purpose Processor may be a microprocessor, or the Processor 301 may be any conventional Processor, the Processor 301 is a control center of the terminal device, and various interfaces and lines are used to connect various parts of the terminal device.
The memory 302 mainly includes a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, and the like, and the data storage area may store related data and the like. In addition, the memory 302 may be a high speed random access memory, a non-volatile memory such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card), and the like, or the memory 302 may be other volatile solid state memory devices.
It should be noted that the terminal device may include, but is not limited to, a processor and a memory, and those skilled in the art will understand that the structural diagram of fig. 2 is only an example of the terminal device and does not constitute a limitation of the terminal device, and may include more or less components than those shown, or combine some components, or different components.
The embodiment of the invention also provides a computer-readable storage medium, which includes a stored computer program, wherein when the computer program runs, a device where the computer-readable storage medium is located is controlled to execute the big data intelligent analysis application method based on network security according to any one of the above embodiments.
The embodiment of the invention provides a big data intelligent analysis application method based on network security, which can perform clue mining according to resources of various open platforms, perform resource integration through technologies such as data packet capturing and reverse analysis, and search deep data through manual deep analysis.
It should be noted that the above-described system embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the system provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines.
In conclusion, the network security situation can be sensed all weather and in all directions on the basis of the security big data; the existing real-time monitoring technology is utilized, and abnormal behaviors are found through long-time data analysis; through data modeling, visual analysis capability is established, the influence range, attack path, purpose and means of the threat are quickly researched and judged, and effective safety decision and response are made; and a risk report and threat early warning mechanism is established, information such as attackers' purposes, skills and tactics, attack tools and the like is comprehensively mastered, and a defense system is perfected.
The present invention has been described in relation to the above embodiments, which are only exemplary of the implementation of the present invention. It should be noted that the disclosed embodiments do not limit the scope of the invention. Rather, it is intended that all such modifications and variations be included within the spirit and scope of this invention.
Claims (10)
1. A big data intelligent analysis application method based on network security is characterized by comprising the following steps:
acquiring and preprocessing network data, storing the network data and forming a distributed storage management system;
establishing a mathematical model base according to the network data to complete data structure definition;
and providing an entry for data mining analysis, establishing a corresponding model according to the algorithm parameters, and generating an analysis result.
2. The big data intelligent analysis application method based on network security as claimed in claim 1, wherein the step of "acquiring and preprocessing network data, storing the network data and forming a distributed storage management system" comprises:
and capturing network data through a threat information characteristic library, converging the data, and performing uniform preprocessing on the network data according to big data distributed computation characteristics and algorithm characteristics to form a uniform distributed storage management system.
3. The big data intelligent analysis application method based on network security as claimed in claim 2, wherein said "uniform preprocessing of the network data according to big data distributed computation characteristics and algorithm characteristics" comprises:
and carrying out preprocessing operations such as hierarchical aggregation, recombination, cleaning, extraction, conversion, management, segmentation and the like on the network data by utilizing data slicing, data classification, data aggregation and data index marking technologies.
4. The big data intelligent analysis application method based on network security as claimed in claim 1, wherein the step of establishing a mathematical model base according to the network data and completing data structure definition comprises:
and intelligently analyzing, mining and exploring the network data, establishing a mathematical model base, realizing the data structure definition of a big data format, and uniformly managing the algorithm parameters, the mathematical model base, a model evaluation system and the mining analysis result.
5. The big data intelligent analysis application method based on network security as claimed in claim 1, wherein the step of establishing a mathematical model base according to the network data and completing data structure definition comprises:
establishing an event understanding engine, carrying out association analysis on the merged security logs based on event understanding rules, and understanding the security logs as security events so as to improve the alarm accuracy; and abstracting an analysis model, and carrying out code implementation on the analysis model in Spark-streaming.
6. The big data intelligent analysis application method based on network security as claimed in claim 5, wherein the step of establishing a mathematical model base according to the network data and completing data structure definition comprises:
establishing an attack chain analysis model, generating a network security event by analyzing the security logs and the flow security logs collected by each network security device, carrying out forward and backward two-way reasoning, carrying out forward reasoning to early warn potential threats, and carrying out backward reasoning to restore an attack scenario.
7. The big data intelligent analysis application method based on network security as claimed in claim 6, further comprising:
and the attack chain mining program aggregates all the security events according to the dimensionality of the target asset on the basis of the network security events and corresponds to all the stages of the attack chain, so that the vulnerable host in the current network is discovered.
8. The big data intelligent analysis application method based on network security as claimed in claim 5, wherein the step of establishing a mathematical model base according to the network data and completing data structure definition comprises:
establishing an information correlation model, and realizing potential threat alarm through correlation analysis of cloud information and local events;
wherein the potential threats comprise malicious IP and malicious URL.
9. The big data intelligent analysis application method based on network security as claimed in claim 8, wherein the step of establishing a mathematical model base according to the network data and completing data structure definition comprises:
when the safety log passes through the analysis engine, the safety log is matched with the knowledge base, the safety log is labeled to generate a safety event, the event is uploaded to cloud information to verify the information, and the analysis accuracy is improved.
10. The big data intelligent analysis application method based on network security as claimed in claim 5, wherein the step of establishing a mathematical model base according to the network data and completing data structure definition comprises:
establishing a risk assessment model, performing risk assessment on external threats and asset vulnerabilities by combining asset values, obtaining a risk score through the risk assessment, generating a decision of a disposal mode based on the risk score, performing vulnerability repair and threat blocking.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110401931.2A CN112925805A (en) | 2021-04-14 | 2021-04-14 | Big data intelligent analysis application method based on network security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110401931.2A CN112925805A (en) | 2021-04-14 | 2021-04-14 | Big data intelligent analysis application method based on network security |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112925805A true CN112925805A (en) | 2021-06-08 |
Family
ID=76174376
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110401931.2A Pending CN112925805A (en) | 2021-04-14 | 2021-04-14 | Big data intelligent analysis application method based on network security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112925805A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115086026A (en) * | 2022-06-14 | 2022-09-20 | 盐城工业职业技术学院 | Network security analysis system |
CN115643108A (en) * | 2022-12-14 | 2023-01-24 | 国家工业信息安全发展研究中心 | Safety assessment method, system and product for industrial Internet edge computing platform |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150213358A1 (en) * | 2009-11-17 | 2015-07-30 | Hawk Network Defense Inc. | Methods and apparatus for analyzing system events |
CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
CN110334155A (en) * | 2019-07-09 | 2019-10-15 | 佛山市伏宸区块链科技有限公司 | A kind of block chain threat intelligence analysis method and system based on big data integration |
CN110717049A (en) * | 2019-08-29 | 2020-01-21 | 四川大学 | Text data-oriented threat information knowledge graph construction method |
CN111914126A (en) * | 2020-07-22 | 2020-11-10 | 浙江乾冠信息安全研究院有限公司 | Processing method, equipment and storage medium for indexed network security big data |
-
2021
- 2021-04-14 CN CN202110401931.2A patent/CN112925805A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150213358A1 (en) * | 2009-11-17 | 2015-07-30 | Hawk Network Defense Inc. | Methods and apparatus for analyzing system events |
CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
CN110334155A (en) * | 2019-07-09 | 2019-10-15 | 佛山市伏宸区块链科技有限公司 | A kind of block chain threat intelligence analysis method and system based on big data integration |
CN110717049A (en) * | 2019-08-29 | 2020-01-21 | 四川大学 | Text data-oriented threat information knowledge graph construction method |
CN111914126A (en) * | 2020-07-22 | 2020-11-10 | 浙江乾冠信息安全研究院有限公司 | Processing method, equipment and storage medium for indexed network security big data |
Non-Patent Citations (4)
Title |
---|
ALVARO 等: "big data analytics for security", IEEE SECURITY & PRIVACY, vol. 11, no. 6, pages 74 - 76, XP011533948, DOI: 10.1109/MSP.2013.138 * |
乌日娜;: "基于大数据的情报态势感知技术", 网络空间安全, vol. 11, no. 06, pages 10 - 13 * |
周利均;: "人工智能在网络安全运维服务中的应用", 通信技术, vol. 53, no. 02, pages 521 - 524 * |
毛华阳;: "基于大数据的工业互联网安全初探", 电信技术, no. 11, pages 49 - 53 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115086026A (en) * | 2022-06-14 | 2022-09-20 | 盐城工业职业技术学院 | Network security analysis system |
CN115643108A (en) * | 2022-12-14 | 2023-01-24 | 国家工业信息安全发展研究中心 | Safety assessment method, system and product for industrial Internet edge computing platform |
CN115643108B (en) * | 2022-12-14 | 2023-03-10 | 国家工业信息安全发展研究中心 | Safety assessment method, system and product for industrial Internet edge computing platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11336669B2 (en) | Artificial intelligence cyber security analyst | |
CN110213226B (en) | Network attack scene reconstruction method and system based on risk full-factor identification association | |
US10885185B2 (en) | Graph model for alert interpretation in enterprise security system | |
US10505986B1 (en) | Sensor based rules for responding to malicious activity | |
Lakhno et al. | Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features | |
CN112925805A (en) | Big data intelligent analysis application method based on network security | |
CN114531283B (en) | Method, system, storage medium and terminal for measuring robustness of intrusion detection model | |
Chethana et al. | Improved Domain Generation Algorithm To Detect Cyber-Attack With Deep Learning Techniques | |
CN114357447A (en) | Attacker threat scoring method and related device | |
CN112001423B (en) | Open set identification method, device, equipment and medium for APT malicious software organization | |
US20230087309A1 (en) | Cyberattack identification in a network environment | |
CN112287340B (en) | Evidence obtaining and tracing method and device for terminal attack and computer equipment | |
Barrionuevo et al. | An anomaly detection model in a lan using k-nn and high performance computing techniques | |
CN116668054A (en) | Security event collaborative monitoring and early warning method, system, equipment and medium | |
CN115987544A (en) | Network security threat prediction method and system based on threat intelligence | |
Shukla et al. | A detection approach for IoT traffic-based DDoS attacks | |
CN114398887A (en) | Text classification method and device and electronic equipment | |
Song | Public cloud network intrusion and internet legal supervision based on abnormal feature detection | |
Shaik et al. | Enhanced SVM Model with Orthogonal Learning Chaotic Grey Wolf Optimization for Cybersecurity Intrusion Detection in Agriculture 4.0. | |
Badde et al. | Cyber attack detection framework for cloud computing | |
CN117609990B (en) | Self-adaptive safety protection method and device based on scene association analysis engine | |
Anand et al. | Mitigating Cyber-Security Risks using Cyber-Analytics | |
CN115085965B (en) | Power system information network attack risk assessment method, device and equipment | |
CN117220961B (en) | Intrusion detection method, device and storage medium based on association rule patterns | |
KR102556463B1 (en) | Social advanced persistent threat prediction system and method based on attacker group similarity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |