CN102035855A - Network security incident association analysis system - Google Patents
Network security incident association analysis system Download PDFInfo
- Publication number
- CN102035855A CN102035855A CN2010106137512A CN201010613751A CN102035855A CN 102035855 A CN102035855 A CN 102035855A CN 2010106137512 A CN2010106137512 A CN 2010106137512A CN 201010613751 A CN201010613751 A CN 201010613751A CN 102035855 A CN102035855 A CN 102035855A
- Authority
- CN
- China
- Prior art keywords
- network
- association analysis
- safety event
- layer
- network safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012098 association analyses Methods 0.000 title claims abstract description 84
- 238000004891 communication Methods 0.000 claims abstract description 19
- 238000004458 analytical method Methods 0.000 claims abstract description 17
- 238000000034 method Methods 0.000 claims abstract description 17
- 230000008569 process Effects 0.000 claims abstract description 15
- 238000012544 monitoring process Methods 0.000 claims abstract description 11
- 230000005540 biological transmission Effects 0.000 claims abstract description 8
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 6
- 238000010219 correlation analysis Methods 0.000 claims description 18
- 230000008878 coupling Effects 0.000 claims description 6
- 238000010168 coupling process Methods 0.000 claims description 6
- 238000005859 coupling reaction Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 claims description 6
- 238000001914 filtration Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 claims description 2
- 238000004321 preservation Methods 0.000 claims description 2
- 230000001419 dependent effect Effects 0.000 claims 1
- 238000007726 management method Methods 0.000 abstract description 23
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000007123 defense Effects 0.000 abstract description 3
- 230000007774 longterm Effects 0.000 abstract 1
- 238000012550 audit Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000002265 prevention Effects 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000011002 quantification Methods 0.000 description 2
- 102000006479 Heterogeneous-Nuclear Ribonucleoproteins Human genes 0.000 description 1
- 108010019372 Heterogeneous-Nuclear Ribonucleoproteins Proteins 0.000 description 1
- 235000002595 Solanum tuberosum Nutrition 0.000 description 1
- 244000061456 Solanum tuberosum Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002079 cooperative effect Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 235000013372 meat Nutrition 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 235000012015 potatoes Nutrition 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a network security incident association analysis system comprising a network security incident collection layer, a communication network layer, an association analysis layer and a management presentation layer. A set of Web structure-based on-line association analyzing and monitoring system capable of distributed network security incident collection, multi-point implementation association analysis, center comprehensive judgment and real-time communication is built by carrying out digital management of whole processes of unified collection, transmission, analysis, distribution and the like to complex IT (Information Technology) resources in a computer network and various security logs and incidents which are continuously generated in the operational process of the security defense facilities of the computer network, utilizing an incident associativity prediction principle and combining incident flow space-time window filter, log string leading match quick dynamic analysis and a polydimensional mass incident strong algorithm to carry out association analysis on situations before, during and after network security incidents to the network security incidents. The network security incident association analysis system is used for effectively managing the security of complex IT resources in the computer network for a long term, can truly and accurately reflect the network information security of the computer network and the security situation of the business system data, and provides a quantitative standard for checking the information security level of the computer network.
Description
Technical field
The present invention relates to a kind of correlation analysis system, specifically be a kind of the relate to real-time monitoring of IT resource operation in the computer network system, the real-time monitoring of safety, real-time monitoring of risk, all kinds of security logs and the incident that constantly produce in complicated IT resource and the Prevention-Security facility operation process thereof in the computer network of realization to enterprise and tissue are unified omnibearing real-time monitoring such as collection, transmission, analysis, issue.
Background technology
Current enterprise and be organized in the IT information security field and face than complicated situation more in the past, this is existing to come from enterprise and the outside invasion that emerges in an endless stream and the attack of tissue, and the violation and the leakage that come from enterprise and organization internal are also arranged.For the constantly new security challenge of reply, enterprise and tissue have successively been disposed Anti-Virus, fire compartment wall, intruding detection system, vulnerability scanning system, UTM or the like.This passive safe process of construction similarly is to build a wall under open zone, in order to resist security threat in a certain respect, constantly wall is increased, and constantly builds the wall that makes new advances.The safety system of Jian Liing generally only can anti-blocking security threat from certain aspect by this method, thereby has formed Prevention-Security isolated island one by one, can't produce cooperative effect.On the other hand, enterprise and the operational sustainability demand of organizing urgent day by day information system audit, internal control and constantly strengthening have also proposed stern challenge to current enterprise information security management.These internal cause external causes altogether, all require enterprise and tissue to set up the general safety management platform that a cover laterally runs through isolated security perimeter, by obtaining Anti-Virus, fire compartment wall, intruding detection system, vulnerability scanning system, UTM, the operation main frame, switch, router, Database Systems, log events such as middleware, state event and network data package informatin, select to gather, overall merit and network safety event association analysis, realization is to from the security audit of external attack with to from the security audit of internaling attack, the software and hardware equipment operation condition of a whole network of monitoring is provided for the network management attendant, analysis mining is invaded information unusually, the audit operations system-critical data, send the means of variety of way network safety event alarm, really allow the manager of enterprise and tissue hold network information general safety situation, realize composite defense effectively.
Summary of the invention
The objective of the invention is to use flow of event space-time window to filter, the leading coupling of daily record string is dynamically resolved fast, the powerful algorithm of various dimensions magnanimity incident, event server, advanced technologies such as modern communication, to surpass the association analysis more than 100,000 network safety event ranks of per second fast, find potential safety hazard and abnormal state and the alarm in time that exists in the network in real time and stop to be main purpose, by all kinds of security logs and the incident that constantly produce in complicated IT resource in the computer network and the Prevention-Security facility operation process thereof are unified to gather, transmission, analyze, cross-region is set up in the digital management of overall processes such as issue, the fail safe of complicated IT resource is implemented effectively in a plurality of computer networks, long-acting management and decision-making provide service, correlation analysis system with advanced level.
In order to realize above-mentioned purpose, the present invention takes following technical scheme to realize:
The network safety event correlation analysis system is that a cover is based on the distributed real-time collection, multipoint cooperative working, flow of event and historical events database mixed interconnection pattern, script drives in the thing of engine and the association analysis in real time and the computer network security supervisory control system of historical events association analysis in advance afterwards, in order to improve network operation maintenance management department to the true degree of understanding of linchpin network real time execution situation, strengthen the quick stress reaction ability of network security fault, for building the security protection of collection operation system, operate behavioural analysis on the user network, the new network security monitoring platform of forming " Alliance Defense " system with the existing network safety means lays the foundation.
Network safety event correlation analysis system of the present invention comprises network safety event acquisition layer, communication network layer, association analysis layer and management presentation layer, and is wherein said:
(1) network safety event acquisition layer:
Comprise the collecting device of data sources such as state, daily record and the network packet collection of Network Security Device, the network equipment, host server equipment, operating system, database, middleware, be responsible for gathering required network safety event information;
Network Security Device comprises that fire compartment wall, IPS (Intrusion Prevention System, i.e. intrusion prevention system), IDS(Intrusion Detection System are intruding detection system) etc., the network equipment comprises switch, router etc.
(2) communication network layer:
Comprise communication part; Be responsible for finishing the dynamically parsing fast of the leading coupling of daily record string is carried out in the daily record of various Network Security Device, the network equipment, host server equipment, operating system, database, middleware, daily record and state, network packet after resolving are encapsulated according to communication protocol, the diverse network security incident is transferred to the association analysis layer by network;
(3) association analysis layer:
This layer is the core of whole system.Mainly comprise association analysis engine server, association analysis script, event server, historical database server, connect by data wire each other; Described association analysis engine server is responsible for internal memory flow of event and database historical events stream are carried out the filtration of space-time window, the powerful algorithm process of various dimensions magnanimity incident with self surpasses per second 100,000 network safety event, realize the analysis and the preservation of the complicated incidence relation of a plurality of network safety events, described association analysis script is responsible for the relation of the alarm association between the network safety event is defined, the description of association analysis flow process, the network safety event that participates in association analysis defines, described event server is responsible for carrying out the internal memory form stream of diverse network security incident and the storage that the database form flows, and described historical database server carries out the association analysis result data, the association analysis process is used the storage memory of related datas such as network safety event.
(4) management presentation layer:
This layer is management, the analysis result exposition of whole system.Mainly comprise historical database server, WEB server, application server, core switch, work station and other various relevant devices and software, connect by data wire each other; Described historical database server provides association analysis result data and association analysis process detailed data, and described application server is finished the realization of various relevant application functions, and the WEB server is responsible for final data and is represented.Each relevant departments can be by Internet with authority acquisition separately the data message of browser mode according to oneself.
Aforesaid network safety event correlation analysis system, data are from the data sources such as state, daily record and network packet of Network Security Device (fire compartment wall, IPS, IDS etc.), the network equipment (switch, router etc.), host server equipment, operating system, database, middleware.
Aforesaid communication network layer is based on the TCP/IP network transmission protocol.
Aforesaid event server, association analysis engine server and application server all adopt trunking mode, guarantee the high-performance and the high availability of system.
Aforesaid association analysis layer is except carrying out occurent network safety event association analysis, occurent network safety event can also be combined with the web-based history that had taken place security incident and carry out association analysis, can also predict alarm to contingent network safety event in future simultaneously.
Aforesaid management presentation layer not only can be showed association analysis result and relevant event information with the textual form tabulation, and can graphically show association analysis result and relevant event information with the form of network equipment topological diagram.
The historical data base that comprises in described association analysis layer and the management presentation layer is public server, because the data acquisition amount is very big, and the required precision of association analysis is directly proportional with the time range that incident takes place, and has taked the form of historical data base in order to take into account efficient and correctness.
The invention has the beneficial effects as follows: because the generation of most of network security problems is not by single network safety event decision, but decide with different time, the interaction of different generations source by a plurality of network safety events, therefore needs that only can't satisfy network security to the record and the simple analysis of single network security incident, the present invention is directed to the difficult point of network security problem analysis, judgement, designed the network safety event correlation analysis system; In the project implementation process according to subject matters such as the real-time that often occurs in the general networking security incident Analytical System Design process, stability, autgmentabilities, adopted technological means to carry out good solution, be used for effective, long-acting management is implemented in the fail safe of the complicated IT resource of computer network, the network information security and the operation system data security situation that can reflect computer network truly, exactly are for the information security rank examination of computer network provides the quantification scale.
(1), system of the present invention uses for reference professional knowledges such as complex network security incident processing, the processing of network safety event stream and log processing algorithm, the network packet that the status data, daily record data, the network information that produce in Network Security Device, the network equipment, host server equipment, operating system, database, the middleware running are mutual is carried out the health characteristics sample analysis, by the contained information of network safety event is carried out association analysis, for network safety prevention provides the quantification scale.
(2), the quick dynamic resolution parser of the leading coupling of daily record string that utilizes collection terminal to dispose can promptly analyze the data of the daily record of devices from different manufacturers, then by network with transfer of data to event server.
(3) but real-time graph displaying association analysis instrument as a result to different association analysis demands, is showed different topological diagram pictures, and can on-the-spotly adjust display layout and information shows details.Graphical demonstration tool uses under the browser mode of operation based on page technology, supports the pattern layout editing machine of visualization function fully, can finish the making of topological diagram layout of the association analysis scene of any complexity.
Description of drawings
Fig. 1 is network safety event acquisition principle figure of the present invention;
Fig. 2 is an association analysis engine fundamental diagram of the present invention.
Embodiment
Below in conjunction with accompanying drawing the present invention is done concrete introduction:
Network safety event correlation analysis system of the present invention comprises network safety event acquisition layer, communication network layer, association analysis layer and manages four layers of presentation layers.
The network safety event acquisition layer is network safety event acquisition principle figure of the present invention as system's meat and potatoes as Fig. 1.Be installed on by the network system core switching device at scene, the crucial monitoring point of each computer network, it comprises state acquisition equipment, log collection equipment, network packet collecting device.Installment state collecting device, log collection equipment, network packet collecting device at the scene can obtain the data of network safety event after the configuration of being correlated with, analyze, reach the buffer queue pond after the arrangement, format.
The communication network layer is finished by the Hessian interface message processor (IMP) bag is organized in each heterogeneous networks security incident in the buffer queue pond in real time, daily record data carries out the leading coupling of daily record string before the group bag dynamically resolves fast, and the network safety event behind the group bag is uploaded to event server.Interface message processor (IMP) and event server adopt the transmission mode of one-to-many, can upload to a plurality of event servers simultaneously with once gathering the network safety event data of obtaining.This service has encapsulated communication protocol based on the TCP/IP network transmission protocol.
The association analysis layer is the core of whole system.Constitute by event handling layer and analysis logic layer, the space-time window that the event handling layer is responsible for internal memory flow of event and database historical events stream filters, analysis logic layer core is the association analysis engine, be association analysis engine fundamental diagram of the present invention as shown in Figure 2, the network safety event after being responsible for filtering requires to carry out association analysis according to the association analysis script.The association analysis result is stored in the historical data base together with several associated network safety events.The association analysis engine possesses following functional characteristics:
1. different with the product of other phase-split network security incident, after association analysis goes out the combination event alarm, increased the source that causes the combination event alarm and reviewed;
2. the network safety event that participates in analyzing can be a network safety event internal memory stream, also can be the web-based history security incident that is stored in database, even can be that network safety event internal memory stream mixes with the web-based history security incident that is stored in database;
3. the method for association analysis and condition are controlled by outside association analysis script, have increased the width and the degree of depth of association analysis;
4. analysis result is preserved for the smallest particles degree by the individual event incident, makes things convenient for the user to observe the detailed information that the network security alarm takes place;
5. analysis result is pressed the storage of graphics data frame mode, can realize that the graphical effect of unusual attack of network fast and user access activity is vividly showed;
6. reasonably the association analysis algorithm guarantees that engine can possess the per second of processing and surpass 100,000 other abilities of network safety event level.
The management presentation layer is management, the analysis result exposition of whole system.Show that by network safety event management, the management of association analysis script, association analysis engine management and association analysis result four are partly formed.Network safety event supervisory packet includes network security incident definition, network safety event change, network safety event issue.The management of association analysis script comprises the definition of association analysis script, the change of association analysis script, association analysis script startup.The association analysis engine management comprises the initialization of association analysis engine, association analysis engine monitoring of working condition.The association analysis result shows and comprises the tabulation displaying and graphically show.Each network of relation operation management department can pass through browser administration association analysis script and association analysis engine working range, inquires about various association analysis result datas.The equipment of management presentation layer guarantees that native system can normally move and leave room for development.Comprise historical database server, WEB server, application server, core switch, work station, monitoring special-purpose computer, communication apparatus, uninterrupted power supply, printer and relevant device etc.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the technology of the present invention principle; can also make some improvement and distortion, these improvement and distortion also should be considered as protection scope of the present invention.
Claims (10)
1. the network safety event correlation analysis system is characterized in that, comprises network safety event acquisition layer, communication network layer, association analysis layer and management presentation layer,
(1) network safety event acquisition layer:
Gather required network safety event information by the collecting device that data source is gathered, it is installed on by the network system core switching device at scene, the crucial monitoring point of each computer network;
(2) communication network layer:
Finish the dynamically parsing fast of the leading coupling of daily record string is carried out in the daily record of various collecting device collection, daily record and state, network packet after resolving are encapsulated according to communication protocol, the diverse network security incident is transferred to the association analysis layer by network;
(3) association analysis layer: the network safety event incidence relation is analyzed, stored;
(4) management presentation layer: the data of association analysis layer analysis are managed and represent;
Each relevant departments is according to the demonstrating data information of the authority acquisition needs of oneself.
2. network safety event correlation analysis system according to claim 1, it is characterized in that the data source of described collecting device collection comprises state, daily record and the network packet of Network Security Device, the network equipment, host server equipment, operating system, database, middleware.
3. network safety event correlation analysis system according to claim 2 is characterized in that described Network Security Device comprises fire compartment wall, IPS, IDS, and the described network equipment comprises switch, router.
4. network safety event correlation analysis system according to claim 1 is characterized in that, described communication network layer comprises communication part.
5. network safety event correlation analysis system according to claim 1, it is characterized in that, described association analysis layer comprises association analysis engine server, association analysis script, event server, historical database server, connects by data wire each other; Described association analysis engine server is responsible for internal memory flow of event and database historical events stream are carried out the filtration of space-time window, the powerful algorithm process network safety event of various dimensions magnanimity incident, realize the analysis and the preservation of the complicated incidence relation of a plurality of network safety events, described association analysis script is responsible for the relation of the alarm association between the network safety event is defined, the description of association analysis flow process, the network safety event that participates in association analysis defines, described event server is responsible for carrying out the internal memory form stream of diverse network security incident and the storage that the database form flows, and described historical database server carries out the association analysis result data, the association analysis process is used the storage memory of network safety event related data.
6. network safety event correlation analysis system according to claim 1, it is characterized in that, described management presentation layer comprises that historical database server, WEB server, application server, core switch, work station reach and these device-dependent softwares, and equipment connects by data wire each other; Described historical database server provides association analysis result data and association analysis process detailed data, and described application server is finished the realization of various relevant application functions, and the WEB server is responsible for final data and is represented.
7. network safety event correlation analysis system according to claim 1, it is characterized in that, described communication network layer, based on the TCP/IP network transmission protocol, the leading coupling of daily record string is carried out in the daily record of various Network Security Device, the network equipment, host server equipment, operating system, database, middleware dynamically resolves fast, daily record and state, network packet after resolving are encapsulated according to communication protocol, finish the network safety event transmission by the Hessian mode.
8. according to claim 5 or 6 described network safety event correlation analysis systems, it is characterized in that described event server, association analysis engine server and application server all adopt trunking mode.
9. network safety event correlation analysis system according to claim 1 or 5, it is characterized in that, described association analysis layer can carry out occurent network safety event association analysis, also occurent network safety event can be combined with the web-based history that had taken place security incident and carry out association analysis, also can predict alarm contingent network safety event in future.
10. according to claim 1 or 6 described network safety event correlation analysis systems, it is characterized in that, association analysis result and relevant event information are showed in described management presentation layer usable text form tabulation, and also the form of available network devices topological diagram is graphically showed association analysis result and relevant event information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010613751.2A CN102035855B (en) | 2010-12-30 | 2010-12-30 | Network security incident association analysis system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010613751.2A CN102035855B (en) | 2010-12-30 | 2010-12-30 | Network security incident association analysis system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102035855A true CN102035855A (en) | 2011-04-27 |
| CN102035855B CN102035855B (en) | 2014-05-07 |
Family
ID=43888178
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010613751.2A Active CN102035855B (en) | 2010-12-30 | 2010-12-30 | Network security incident association analysis system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102035855B (en) |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102833354A (en) * | 2012-09-19 | 2012-12-19 | 公安部第三研究所 | Method for implementing domain boundary security monitoring in Internet |
| CN102970165A (en) * | 2012-11-20 | 2013-03-13 | 北京思特奇信息技术股份有限公司 | Network equipment joint analysis alarm system |
| CN103634264A (en) * | 2012-08-20 | 2014-03-12 | 江苏中科慧创信息安全技术有限公司 | Active trapping method based on behavior analysis |
| CN104079430A (en) * | 2014-06-09 | 2014-10-01 | 汉柏科技有限公司 | Safety management platform, system and method based on information |
| CN104144077A (en) * | 2014-06-30 | 2014-11-12 | 汉柏科技有限公司 | Safety management method with green energy conservation function and safety management platform |
| CN104378367A (en) * | 2014-11-06 | 2015-02-25 | 国网山东蓬莱市供电公司 | Improved network security incident correlation analysis system |
| CN104394124A (en) * | 2014-11-06 | 2015-03-04 | 国网山东蓬莱市供电公司 | Association analysis system of network security incident |
| CN104539468A (en) * | 2015-01-28 | 2015-04-22 | 浪潮电子信息产业股份有限公司 | Automatic alarm method based on load balancer system |
| CN104866436A (en) * | 2014-06-12 | 2015-08-26 | 国家电网公司 | Method for storing massive security incidents |
| CN105404813A (en) * | 2015-10-26 | 2016-03-16 | 浪潮电子信息产业股份有限公司 | Host defensive system based log generation method, apparatus and system |
| CN105446855A (en) * | 2015-11-10 | 2016-03-30 | 广州西麦科技股份有限公司 | APA application tracking and analyzing system |
| CN105959144A (en) * | 2016-06-02 | 2016-09-21 | 中国科学院信息工程研究所 | Safety data acquisition and anomaly detection method and system facing industrial control network |
| CN106022609A (en) * | 2016-05-19 | 2016-10-12 | 中国建设银行股份有限公司河北省分行 | Office computer information security comprehensive analysis and management method for large and medium enterprise staffs |
| CN106446008A (en) * | 2016-08-12 | 2017-02-22 | 中国南方电网有限责任公司 | Management method and analysis system for database security event |
| US9756062B2 (en) | 2014-08-27 | 2017-09-05 | General Electric Company | Collaborative infrastructure supporting cyber-security analytics in industrial networks |
| CN107454103A (en) * | 2017-09-07 | 2017-12-08 | 杭州安恒信息技术有限公司 | Network safety event process analysis method and system based on timeline |
| CN107506408A (en) * | 2017-08-08 | 2017-12-22 | 北京盛华安信息技术有限公司 | To the method and system of magnanimity event distribution formula association matching |
| CN108021809A (en) * | 2017-12-19 | 2018-05-11 | 北京明朝万达科技股份有限公司 | A kind of data processing method and system |
| CN108229175A (en) * | 2017-12-28 | 2018-06-29 | 中国科学院信息工程研究所 | A kind of correlation analysis system and method for multidimensional isomery forensic information |
| CN108712425A (en) * | 2018-05-21 | 2018-10-26 | 南京南瑞集团公司 | A kind of analysis monitoring and managing method towards industrial control system network security threats event |
| CN109034423A (en) * | 2018-08-29 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of method, apparatus, equipment and storage medium that fault pre-alarming determines |
| CN109144023A (en) * | 2017-06-27 | 2019-01-04 | 西门子(中国)有限公司 | A kind of safety detection method and equipment of industrial control system |
| CN109889506A (en) * | 2019-01-24 | 2019-06-14 | 黄洪廉 | Electric power big data network monitoring system |
| CN110460620A (en) * | 2019-09-05 | 2019-11-15 | 武汉极意网络科技有限公司 | Website defence method, device, equipment and storage medium |
| CN110704837A (en) * | 2019-09-25 | 2020-01-17 | 南京源堡科技研究院有限公司 | Network security event statistical analysis method |
| WO2020082853A1 (en) * | 2018-10-24 | 2020-04-30 | 珠海格力电器股份有限公司 | Method and apparatus for monitoring network security, air conditioner and household appliance |
| CN111292523A (en) * | 2018-12-06 | 2020-06-16 | 中国信息通信科技集团有限公司 | Network intelligent system |
| CN111654489A (en) * | 2020-05-27 | 2020-09-11 | 杭州迪普科技股份有限公司 | Network security situation sensing method, device, equipment and storage medium |
| CN112468472A (en) * | 2020-11-18 | 2021-03-09 | 中通服咨询设计研究院有限公司 | Security policy self-feedback method based on security log association analysis |
| CN112487418A (en) * | 2020-11-30 | 2021-03-12 | 扬州大自然网络信息有限公司 | Processing method for dealing with computer network information security event |
| CN113179267A (en) * | 2021-04-27 | 2021-07-27 | 长扬科技(北京)有限公司 | Network security event correlation analysis method and system |
| CN113518054A (en) * | 2020-04-09 | 2021-10-19 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Safety configuration acquisition method for railway industry information system |
| CN113992348A (en) * | 2021-09-22 | 2022-01-28 | 北京东方通软件有限公司 | Monitoring method and system of all-in-one machine |
| CN114172881A (en) * | 2021-11-19 | 2022-03-11 | 上海纽盾科技股份有限公司 | Network security verification method, device and system based on prediction |
| US11444923B2 (en) | 2020-07-29 | 2022-09-13 | International Business Machines Corporation | Runtime detection of database protocol metadata anomalies in database client connections |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104852927A (en) * | 2015-06-01 | 2015-08-19 | 国家电网公司 | Safety comprehensive management system based on multi-source heterogeneous information |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1450757A (en) * | 2002-10-11 | 2003-10-22 | 北京启明星辰信息技术有限公司 | Method and system for monitoring network intrusion |
| CN1808992A (en) * | 2005-01-18 | 2006-07-26 | 英业达股份有限公司 | Security management service system and its implementation method |
| WO2007136508A2 (en) * | 2006-05-16 | 2007-11-29 | Cisco Technology, Inc. | Techniques for providing security protection in wireless networks by switching modes |
-
2010
- 2010-12-30 CN CN201010613751.2A patent/CN102035855B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1450757A (en) * | 2002-10-11 | 2003-10-22 | 北京启明星辰信息技术有限公司 | Method and system for monitoring network intrusion |
| CN1808992A (en) * | 2005-01-18 | 2006-07-26 | 英业达股份有限公司 | Security management service system and its implementation method |
| WO2007136508A2 (en) * | 2006-05-16 | 2007-11-29 | Cisco Technology, Inc. | Techniques for providing security protection in wireless networks by switching modes |
Cited By (53)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634264A (en) * | 2012-08-20 | 2014-03-12 | 江苏中科慧创信息安全技术有限公司 | Active trapping method based on behavior analysis |
| CN102833354B (en) * | 2012-09-19 | 2015-06-17 | 公安部第三研究所 | Method for implementing domain boundary security monitoring in Internet |
| CN102833354A (en) * | 2012-09-19 | 2012-12-19 | 公安部第三研究所 | Method for implementing domain boundary security monitoring in Internet |
| CN102970165A (en) * | 2012-11-20 | 2013-03-13 | 北京思特奇信息技术股份有限公司 | Network equipment joint analysis alarm system |
| CN102970165B (en) * | 2012-11-20 | 2015-07-08 | 北京思特奇信息技术股份有限公司 | Network equipment joint analysis alarm system |
| CN104079430A (en) * | 2014-06-09 | 2014-10-01 | 汉柏科技有限公司 | Safety management platform, system and method based on information |
| CN104866436B (en) * | 2014-06-12 | 2018-02-02 | 国家电网公司 | Magnanimity security incident storage method |
| CN104866436A (en) * | 2014-06-12 | 2015-08-26 | 国家电网公司 | Method for storing massive security incidents |
| CN104144077A (en) * | 2014-06-30 | 2014-11-12 | 汉柏科技有限公司 | Safety management method with green energy conservation function and safety management platform |
| CN104144077B (en) * | 2014-06-30 | 2018-01-12 | 汉柏科技有限公司 | Method for managing security and safety management platform with green energy conservation function |
| US10063580B2 (en) | 2014-08-27 | 2018-08-28 | General Electric Company | Collaborative infrastructure supporting cyber-security analytics in industrial networks |
| US9756062B2 (en) | 2014-08-27 | 2017-09-05 | General Electric Company | Collaborative infrastructure supporting cyber-security analytics in industrial networks |
| CN104378367A (en) * | 2014-11-06 | 2015-02-25 | 国网山东蓬莱市供电公司 | Improved network security incident correlation analysis system |
| CN104394124B (en) * | 2014-11-06 | 2017-10-17 | 国网山东蓬莱市供电公司 | A kind of network safety event association analysis method |
| CN104378367B (en) * | 2014-11-06 | 2017-11-21 | 国网山东蓬莱市供电公司 | A kind of improved network safety event association analysis method |
| CN104394124A (en) * | 2014-11-06 | 2015-03-04 | 国网山东蓬莱市供电公司 | Association analysis system of network security incident |
| CN104539468A (en) * | 2015-01-28 | 2015-04-22 | 浪潮电子信息产业股份有限公司 | Automatic alarm method based on load balancer system |
| CN105404813A (en) * | 2015-10-26 | 2016-03-16 | 浪潮电子信息产业股份有限公司 | Host defensive system based log generation method, apparatus and system |
| CN105404813B (en) * | 2015-10-26 | 2018-06-29 | 浪潮电子信息产业股份有限公司 | A kind of daily record generation method of Intrusion Detection based on host system of defense, apparatus and system |
| CN105446855A (en) * | 2015-11-10 | 2016-03-30 | 广州西麦科技股份有限公司 | APA application tracking and analyzing system |
| CN106022609A (en) * | 2016-05-19 | 2016-10-12 | 中国建设银行股份有限公司河北省分行 | Office computer information security comprehensive analysis and management method for large and medium enterprise staffs |
| CN105959144B (en) * | 2016-06-02 | 2019-08-06 | 中国科学院信息工程研究所 | Secure data acquisition and method for detecting abnormality and system towards industrial control network |
| CN105959144A (en) * | 2016-06-02 | 2016-09-21 | 中国科学院信息工程研究所 | Safety data acquisition and anomaly detection method and system facing industrial control network |
| CN106446008A (en) * | 2016-08-12 | 2017-02-22 | 中国南方电网有限责任公司 | Management method and analysis system for database security event |
| CN109144023A (en) * | 2017-06-27 | 2019-01-04 | 西门子(中国)有限公司 | A kind of safety detection method and equipment of industrial control system |
| CN107506408B (en) * | 2017-08-08 | 2020-10-30 | 北京盛华安信息技术有限公司 | Method and system for distributed association matching of mass events |
| CN107506408A (en) * | 2017-08-08 | 2017-12-22 | 北京盛华安信息技术有限公司 | To the method and system of magnanimity event distribution formula association matching |
| CN107454103A (en) * | 2017-09-07 | 2017-12-08 | 杭州安恒信息技术有限公司 | Network safety event process analysis method and system based on timeline |
| CN108021809A (en) * | 2017-12-19 | 2018-05-11 | 北京明朝万达科技股份有限公司 | A kind of data processing method and system |
| CN108229175A (en) * | 2017-12-28 | 2018-06-29 | 中国科学院信息工程研究所 | A kind of correlation analysis system and method for multidimensional isomery forensic information |
| CN108712425A (en) * | 2018-05-21 | 2018-10-26 | 南京南瑞集团公司 | A kind of analysis monitoring and managing method towards industrial control system network security threats event |
| CN109034423B (en) * | 2018-08-29 | 2023-04-18 | 郑州云海信息技术有限公司 | Fault early warning judgment method, device, equipment and storage medium |
| CN109034423A (en) * | 2018-08-29 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of method, apparatus, equipment and storage medium that fault pre-alarming determines |
| CN111092850A (en) * | 2018-10-24 | 2020-05-01 | 珠海格力电器股份有限公司 | Method and device for monitoring network security, air conditioner and household appliance |
| WO2020082853A1 (en) * | 2018-10-24 | 2020-04-30 | 珠海格力电器股份有限公司 | Method and apparatus for monitoring network security, air conditioner and household appliance |
| CN111092850B (en) * | 2018-10-24 | 2021-06-04 | 珠海格力电器股份有限公司 | Method and device for monitoring network security, air conditioner and household appliance |
| CN111292523A (en) * | 2018-12-06 | 2020-06-16 | 中国信息通信科技集团有限公司 | Network intelligent system |
| CN111292523B (en) * | 2018-12-06 | 2023-04-07 | 中国信息通信科技集团有限公司 | Network intelligent system |
| CN109889506A (en) * | 2019-01-24 | 2019-06-14 | 黄洪廉 | Electric power big data network monitoring system |
| CN110460620B (en) * | 2019-09-05 | 2021-11-19 | 武汉极意网络科技有限公司 | Website defense method, device, equipment and storage medium |
| CN110460620A (en) * | 2019-09-05 | 2019-11-15 | 武汉极意网络科技有限公司 | Website defence method, device, equipment and storage medium |
| CN110704837A (en) * | 2019-09-25 | 2020-01-17 | 南京源堡科技研究院有限公司 | Network security event statistical analysis method |
| CN113518054A (en) * | 2020-04-09 | 2021-10-19 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Safety configuration acquisition method for railway industry information system |
| CN111654489A (en) * | 2020-05-27 | 2020-09-11 | 杭州迪普科技股份有限公司 | Network security situation sensing method, device, equipment and storage medium |
| US11444923B2 (en) | 2020-07-29 | 2022-09-13 | International Business Machines Corporation | Runtime detection of database protocol metadata anomalies in database client connections |
| CN112468472B (en) * | 2020-11-18 | 2022-09-06 | 中通服咨询设计研究院有限公司 | Security policy self-feedback method based on security log association analysis |
| CN112468472A (en) * | 2020-11-18 | 2021-03-09 | 中通服咨询设计研究院有限公司 | Security policy self-feedback method based on security log association analysis |
| CN112487418A (en) * | 2020-11-30 | 2021-03-12 | 扬州大自然网络信息有限公司 | Processing method for dealing with computer network information security event |
| CN113179267A (en) * | 2021-04-27 | 2021-07-27 | 长扬科技(北京)有限公司 | Network security event correlation analysis method and system |
| CN113992348A (en) * | 2021-09-22 | 2022-01-28 | 北京东方通软件有限公司 | Monitoring method and system of all-in-one machine |
| CN113992348B (en) * | 2021-09-22 | 2022-08-30 | 北京东方通软件有限公司 | Monitoring method and system of all-in-one machine |
| CN114172881A (en) * | 2021-11-19 | 2022-03-11 | 上海纽盾科技股份有限公司 | Network security verification method, device and system based on prediction |
| CN114172881B (en) * | 2021-11-19 | 2023-08-04 | 上海纽盾科技股份有限公司 | Network security verification method, device and system based on prediction |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102035855B (en) | 2014-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102035855B (en) | Network security incident association analysis system | |
| CN105119750B (en) | A kind of safe operation management platform system of distributed information based on big data | |
| US7183906B2 (en) | Threat scanning machine management system | |
| CN104506393B (en) | A kind of system monitoring method based on cloud platform | |
| CN102752142B (en) | A kind of method for supervising of the information system based on Conceptual Modeling and supervisory control system | |
| CN107958337A (en) | A kind of information resources visualize mobile management system | |
| Spyridopoulos et al. | Incident analysis & digital forensics in SCADA and industrial control systems | |
| CN108763957A (en) | A kind of safety auditing system of database, method and server | |
| CN105871605A (en) | Operation and maintenance monitoring platform based on big power marketing data | |
| CN108270716A (en) | A kind of audit of information security method based on cloud computing | |
| CN103888287A (en) | Information system integrated operation and maintenance monitoring service early warning platform and realization method thereof | |
| CN105262210A (en) | System and method for analysis and early warning of substation network security | |
| CN103593804A (en) | Electric power information communication scheduling and monitoring platform | |
| Anastasov et al. | SIEM implementation for global and distributed environments | |
| CN104573904A (en) | Data visualizing system for monitoring user and software behaviors during network transaction | |
| Mittelstädt et al. | An integrated in-situ approach to impacts from natural disasters on critical infrastructures | |
| US20050251398A1 (en) | Threat scanning with pooled operators | |
| CN103903077A (en) | Danger source supervision system and method | |
| Puuska et al. | Nationwide critical infrastructure monitoring using a common operating picture framework | |
| CN105978716A (en) | Isomorphic treatment and three-dimensional display method for monitoring information of IT devices and dynamic loop devices | |
| CN116030943B (en) | Big data intelligent operation and maintenance control system and method | |
| CN117220917A (en) | Network real-time monitoring method based on cloud computing | |
| CN111858734A (en) | Formatted storage and visual display method for honeypot threat data | |
| KR20060058186A (en) | Information technology risk management system and method the same | |
| KR20140110566A (en) | Unified platform architecture system for volcanic disaster prevention |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: JIANGSU FANGTIAN POWER TECHNOLOGY CO., LTD. STATE Free format text: FORMER OWNER: JIANGSU FANGTIAN POWER TECHNOLOGY CO., LTD. Effective date: 20121029 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20121029 Address after: 210024 Shanghai Road, Jiangsu, China, No. 215, No. Applicant after: Jiangsu Electric Power Company Applicant after: Jiangsu Fangtian Power Technology Co., Ltd. Applicant after: State Grid Corporation of China Address before: 210024 Shanghai Road, Jiangsu, China, No. 215, No. Applicant before: Jiangsu Electric Power Company Applicant before: Jiangsu Fangtian Power Technology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |