CN102035855B - Network security incident association analysis system - Google Patents
Network security incident association analysis system Download PDFInfo
- Publication number
- CN102035855B CN102035855B CN201010613751.2A CN201010613751A CN102035855B CN 102035855 B CN102035855 B CN 102035855B CN 201010613751 A CN201010613751 A CN 201010613751A CN 102035855 B CN102035855 B CN 102035855B
- Authority
- CN
- China
- Prior art keywords
- network
- association analysis
- layer
- event
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012098 association analyses Methods 0.000 title claims abstract description 97
- 238000004458 analytical method Methods 0.000 claims abstract description 22
- 238000004891 communication Methods 0.000 claims abstract description 19
- 238000000034 method Methods 0.000 claims abstract description 17
- 230000008569 process Effects 0.000 claims abstract description 15
- 238000012544 monitoring process Methods 0.000 claims abstract description 10
- 230000005540 biological transmission Effects 0.000 claims abstract description 8
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 6
- 230000008878 coupling Effects 0.000 claims description 6
- 238000010168 coupling process Methods 0.000 claims description 6
- 238000005859 coupling reaction Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 4
- 238000001914 filtration Methods 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 claims description 2
- 230000001747 exhibiting effect Effects 0.000 claims description 2
- 238000004321 preservation Methods 0.000 claims description 2
- 230000001419 dependent effect Effects 0.000 claims 1
- 238000007726 management method Methods 0.000 abstract description 23
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000007123 defense Effects 0.000 abstract description 3
- 230000007774 longterm Effects 0.000 abstract 1
- 238000001514 detection method Methods 0.000 description 4
- 230000002265 prevention Effects 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000010219 correlation analysis Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000011002 quantification Methods 0.000 description 2
- 238000005728 strengthening Methods 0.000 description 2
- 102000006479 Heterogeneous-Nuclear Ribonucleoproteins Human genes 0.000 description 1
- 108010019372 Heterogeneous-Nuclear Ribonucleoproteins Proteins 0.000 description 1
- 235000002595 Solanum tuberosum Nutrition 0.000 description 1
- 244000061456 Solanum tuberosum Species 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002079 cooperative effect Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 235000013372 meat Nutrition 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 235000012015 potatoes Nutrition 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a network security incident association analysis system comprising a network security incident collection layer, a communication network layer, an association analysis layer and a management presentation layer. A set of Web structure-based on-line association analyzing and monitoring system capable of distributed network security incident collection, multi-point implementation association analysis, center comprehensive judgment and real-time communication is built by carrying out digital management of whole processes of unified collection, transmission, analysis, distribution and the like to complex IT (Information Technology) resources in a computer network and various security logs and incidents which are continuously generated in the operational process of the security defense facilities of the computer network, utilizing an incident associativity prediction principle and combining incident flow space-time window filter, log string leading match quick dynamic analysis and a polydimensional mass incident strong algorithm to carry out association analysis on situations before, during and after network security incidents to the network security incidents. The network security incident association analysis system is used for effectively managing the security of complex IT resources in the computer network for a long term, can truly and accurately reflect the network information security of the computer network and the security situation of the business system data, and provides a quantitative standard for checking the information security level of the computer network.
Description
Technical field
The present invention relates to a kind of correlation analysis system, be specifically a kind of the relate to real-time monitoring of IT resource operation in computer network system, the real-time monitoring of safety, real-time monitoring of risk, all kinds of security logs and the event that realize constantly producing in complicated IT resource in the computer network of enterprise and tissue and Prevention-Security facility operation process thereof are unified the omnibearing real-time monitoring such as collection, transmission, analysis, issue.
Background technology
Current enterprise and be organized in IT information security field and face than complicated situation more in the past, this is existing comes from enterprise and the outside invasion emerging in an endless stream and the attack of tissue, also has the violation and the leakage that come from enterprise and organization internal.For the constantly new security challenge of reply, enterprise and tissue have successively been disposed Anti-Virus, fire compartment wall, intruding detection system, vulnerability scanning system, UTM etc.This passive Security Construction process similarly is to build a wall under open region, in order to resist security threat in a certain respect, constantly wall is increased, and constantly builds the wall that makes new advances.The safety system of setting up by this method generally only can the anti-blocking security threat from certain aspect, thereby has formed Prevention-Security isolated island one by one, cannot produce cooperative effect.On the other hand, enterprise and the operational sustainability demand of organizing day by day urgent Auditing Information System, internal control and constantly strengthening, also proposed stern challenge to current enterprise information security management.These internal cause external causes altogether, all require enterprise and tissue to set up a set of general safety management platform that laterally runs through isolated security perimeter, by obtaining Anti-Virus, fire compartment wall, intruding detection system, vulnerability scanning system, UTM, operation main frame, switch, router, Database Systems, the log events such as middleware, state event and network data package informatin, select to gather, overall merit and network safety event association analysis, realization is to the security audit from external attack with to the security audit from internaling attack, for network management attendant provides a software and hardware equipment operation condition of monitoring whole network, analysis mining is invaded information extremely, audit operations system-critical data, send the means of variety of way network safety event alarm, really allow the manager of enterprise and tissue hold network information general safety situation, realize composite defense effectively.
Summary of the invention
The object of the invention is to use flow of event space-time window to filter, the quick dynamic analysis of the leading coupling of daily record string, the powerful algorithm of various dimensions magnanimity event, event server, the advanced technologies such as modern communication, to exceed fast association analysiss more than 100,000 network safety event ranks per second, the potential safety hazard existing in discovering network in real time and abnormal state alarm in time and prevention are main purpose, by all kinds of security logs that constantly produce in complicated IT resource in computer network and Prevention-Security facility operation process thereof and event are unified to gather, transmission, analyze, the digital management of the overall processes such as issue, set up cross-region, in multiple computer networks, the fail safe of complicated IT resource is implemented effectively, long-acting management and decision-making provide service, there is the correlation analysis system of advanced level.
In order to realize above-mentioned object, the present invention takes following technical scheme to realize:
Network security incident association analysis system is a set of based on distributed Real-time Collection, multipoint cooperative working, flow of event and historical events database mixed interconnection pattern, script drives in the thing of engine and Real-time Association Analyzing and afterwards the computer network security supervisory control system of historical events association analysis in advance, in order to improve network operation maintenance management department to the true degree of understanding of jurisdiction network real time execution situation, the quick stress reaction ability of strengthening network security fault, for building the security protection of collection operation system, on user network, operate behavioural analysis, lay the foundation with the new network security monitor platform of " Alliance Defense " system of existing network safety means composition.
Network security incident association analysis system of the present invention, comprises network safety event acquisition layer, communication network layer, association analysis layer and management presentation layer, wherein said:
(1) network safety event acquisition layer:
The collecting device that the data sources such as state, daily record and the network packet that comprises Network Security Device, the network equipment, host server equipment, operating system, database, middleware gather, is responsible for gathering required network safety event information;
Network Security Device comprises fire compartment wall, IPS (Intrusion Prevention System, be intrusion prevention system), IDS(Intrusion Detection System is intruding detection system) etc., the network equipment comprises switch, router etc.
(2) communication network layer:
Comprise communication part; Be responsible for the daily record of various Network Security Device, the network equipment, host server equipment, operating system, database, middleware to carry out the quick dynamic analysis of the leading coupling of daily record string, daily record and state, network packet after resolving are encapsulated according to communication protocol, by network, diverse network security incident is transferred to association analysis layer;
(3) association analysis layer:
This layer is the core of whole system.Mainly comprise association analysis engine server, association analysis script, event server, historical database server, by data wire, connect each other, described association analysis engine server is responsible for internal memory flow of event and database historical events stream to carry out the filtration of space-time window, the powerful algorithm process of various dimensions magnanimity event with self exceedes per second 100, 000 network safety event, realize analysis and the preservation of the complicated incidence relation of multiple network safety events, described association analysis script is responsible for the alarm association relation between network safety event to define, the description of association analysis flow process, the network safety event that participates in association analysis defines, described event server is responsible for the storage of the internal memory form stream and the database form stream that carry out diverse network security incident, described historical database server carries out association analysis result data, association analysis process is used the store-memory of the related datas such as network safety event.
(4) management presentation layer:
This layer is management, the analysis result exposition of whole system.Mainly comprise historical database server, WEB server, application server, core switch, work station and other various relevant devices and software, by data wire, connect each other; Described historical database server provides association analysis result data and association analysis process detailed data, and described application server completes the realization of various relevant application functions, and WEB server is responsible for final data exhibiting.Each relevant departments can obtain data message separately in browser mode according to the authority of oneself by Internet.
Aforesaid network security incident association analysis system, data are from data sources such as state, daily record and the network packet of Network Security Device (fire compartment wall, IPS, IDS etc.), the network equipment (switch, router etc.), host server equipment, operating system, database, middleware.
Aforesaid communication network layer, based on the TCP/IP network transmission protocol.
Aforesaid event server, association analysis engine server and application server all adopt trunking mode, guarantee high-performance and the high availability of system.
Aforesaid association analysis layer is except carrying out occurent network safety event association analysis, occurent network safety event can also be combined and be carried out association analysis with the web-based history security incident occurring, can also predict alarm to contingent network safety event in future simultaneously.
Aforesaid management presentation layer not only can be shown association analysis result and relevant event information with textual form list, and can graphically show association analysis result and relevant event information by the form of network equipment topological diagram.
The historical data base comprising in described association analysis layer and management presentation layer is public server, because data acquisition amount is very large, and the required precision of association analysis is directly proportional to the time range that event occurs, in order to take into account efficiency and correctness, taked the form of historical data base.
The invention has the beneficial effects as follows: because the generation of most of network security problems is not to be determined by single network safety event, but decided with different time, the interaction of different generations source by multiple network safety events, therefore only the record to single network security incident and simple analysis cannot meet the needs of network security, the difficult point that the present invention is directed to network security problem analysis, judgement, has designed network security incident association analysis system; In the project implementation process according to subject matters such as the real-time often occurring in general networking security incident Analytical System Design process, stability, autgmentabilities, adopted technological means to carry out good solution, for the fail safe of the complicated IT resource of computer network is implemented to effective, long-acting management, the network information security and the operation system data security situation of computer network can have been reflected truly, exactly, for the information security rank examination of computer network provides quantification scale.
(1), system of the present invention is used for reference the professional knowledges such as complex network Security incident handling, the processing of network safety event stream and log processing algorithm, the network packet that the status data, daily record data, the network information that produce in Network Security Device, the network equipment, host server equipment, operating system, database, middleware running are mutual is carried out to health characteristics sample analysis, by the contained information of network safety event is carried out to association analysis, for network safety prevention provides quantification scale.
(2), the quick dynamic resolution parser of the leading coupling of daily record string that utilizes collection terminal to dispose can promptly analyze the data of the daily record of devices from different manufacturers, then by network, sends data to event server.
(3), can real-time graphization show association analysis result instrument, to different association analysis demands, show different topological diagram pictures, and can on-the-spotly adjust display layout and information shows details.Graphical demonstration tool, based on page technology, is used under browser mode of operation, supports the pattern layout editing machine of visualization function completely, can complete the making of the topological diagram layout of the association analysis scene of any complexity.
Accompanying drawing explanation
Fig. 1 is network safety event acquisition principle figure of the present invention;
Fig. 2 is association analysis engine fundamental diagram of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the present invention is done to concrete introduction:
Network security incident association analysis system of the present invention, comprises network safety event acquisition layer, communication network layer, association analysis layer and manages four layers of presentation layers.
Network safety event acquisition layer is as system meat and potatoes, if Fig. 1 is network safety event acquisition principle figure of the present invention.Be installed on by the network system core switching device at scene, the crucial monitoring point of each computer network, it comprises state acquisition equipment, log collection equipment, network packet collecting device.Installment state collecting device, log collection equipment, network packet collecting device at the scene, can obtain the data of network safety event after the configuration of being correlated with, analyze, arrange, reach buffer queue pond after format.
Communication network layer is completed each heterogeneous networks security incident in buffer queue pond is carried out to group bag in real time by Hessian interface message processor (IMP), daily record data carries out the quick dynamic analysis of the leading coupling of daily record string before group bag, and the network safety event after group bag is uploaded to event server.Interface message processor (IMP) and event server adopt the transmission mode of one-to-many, can upload to multiple event servers by once gathering the network safety event data of obtaining simultaneously.This service, based on the TCP/IP network transmission protocol, has encapsulated communication protocol.
Association analysis layer is the core of whole system.By event handling layer and analysis logic layer, formed, the space-time window that event handling layer is responsible for internal memory flow of event and database historical events stream filters, analysis logic layer core is association analysis engine, be association analysis engine fundamental diagram of the present invention as shown in Figure 2, the network safety event of being responsible for after filtering requires to carry out association analysis according to association analysis script.Association analysis result is stored in historical data base together with associated several network safety events.Association analysis engine possesses following functions feature:
1. to analyze product of network safety event different from other, in association analysis, go out after combination event alarm, increased and caused that the source of combination event alarm reviews;
2. the network safety event that participates in analyzing can be network safety event internal memory stream, can be also the web-based history security incident that is stored in database, can be even that network safety event internal memory stream mixes with the web-based history security incident that is stored in database;
3. the method for association analysis and condition, by the control of outside association analysis script, have increased width and the degree of depth of association analysis;
4. analysis result is that smallest particles degree is preserved by individual event event, facilitates user to observe the detailed information that network security alarm occurs;
5. analysis result is pressed the storage of graphics data frame mode, can realize the graphical effect of Network Abnormal attack fast and user access activity and vividly show;
6. reasonably association analysis algorithm guarantees that engine can possess the ability of processing ten thousand network safety event ranks of more than ten per second.
Management presentation layer is management, the analysis result exposition of whole system.By network safety event management, the management of association analysis script, association analysis engine management and association analysis result, show that four parts form.Network safety event supervisory packet includes network security incident definition, network safety event change, network safety event issue.The management of association analysis script comprises the definition of association analysis script, the change of association analysis script, association analysis script startup.Association analysis engine management comprises the initialization of association analysis engine, association analysis engine monitoring of working condition.Association analysis result is shown and is comprised list displaying and graphically show.Each network of relation operation management department can pass through browser administration association analysis script and association analysis engine working range, inquires about various association analysis result datas.The equipment of management presentation layer guarantees that native system can normally move and leave room for development.Comprise historical database server, WEB server, application server, core switch, work station, monitoring special-purpose computer, communication apparatus, uninterrupted power supply, printer and relevant device etc.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, do not departing under the prerequisite of the technology of the present invention principle; can also make some improvement and distortion, these improvement and distortion also should be considered as protection scope of the present invention.
Claims (8)
1. network security incident association analysis system, is characterized in that, comprises network safety event acquisition layer, communication network layer, association analysis layer and management presentation layer,
(1) network safety event acquisition layer:
By the collecting device of being responsible for data source collection, gather required network safety event information, it is installed on by the network system core switching device at scene, the crucial monitoring point of each computer network;
(2) communication network layer:
Complete the daily record of various collecting device collection is carried out to the quick dynamic analysis of the leading coupling of daily record string, daily record and state, network packet after resolving are encapsulated according to communication protocol, by network, diverse network security incident is transferred to association analysis layer;
(3) association analysis layer: network safety event incidence relation is analyzed, stored;
(4) management presentation layer: the data of association analysis layer analysis are managed and represented;
Each relevant departments obtain the demonstrating data information needing according to the authority of oneself;
Described association analysis layer comprises association analysis engine server, association analysis script, event server, historical database server, and wherein each equipment connects by data wire each other, described association analysis engine server is responsible for internal memory flow of event and database historical events stream to carry out the filtration of space-time window, the powerful algorithm process network safety event of various dimensions magnanimity event, realize analysis and the preservation of the complicated incidence relation of multiple network safety events, described association analysis script is responsible for the alarm association relation between network safety event to define, the description of association analysis flow process, the network safety event that participates in association analysis defines, described event server is responsible for the storage of the internal memory form stream and the database form stream that carry out diverse network security incident, described historical database server carries out association analysis result data, association analysis process is used the store-memory of network safety event related data,
Described management presentation layer comprise historical database server, WEB server, application server, core switch, work station and with these device-dependent software, equipment connects by data wire each other; Described historical database server provides association analysis result data and association analysis process detailed data, and described application server completes the realization of various relevant application functions, and WEB server is responsible for final data exhibiting.
2. network security incident association analysis system according to claim 1, it is characterized in that, the data source of described collecting device collection comprises state, daily record and the network packet of Network Security Device, switch, router, host server equipment, operating system, database, middleware.
3. network security incident association analysis system according to claim 2, is characterized in that, described Network Security Device comprises fire compartment wall, IPS, IDS.
4. network security incident association analysis system according to claim 1, is characterized in that, described communication network layer comprises communication part.
5. network security incident association analysis system according to claim 1, it is characterized in that, described communication network layer, based on the TCP/IP network transmission protocol, the daily record of the various network equipment, host server equipment, operating system, database, middleware is carried out to the quick dynamic analysis of the leading coupling of daily record string, daily record and state, network packet after resolving are encapsulated according to communication protocol, by Hessian mode, complete network safety event transmission.
6. network security incident association analysis system according to claim 1, is characterized in that, described event server, association analysis engine server and application server all adopt trunking mode.
7. network security incident association analysis system according to claim 1 or 5, it is characterized in that, described association analysis layer can carry out occurent network safety event association analysis, also occurent network safety event can be combined and be carried out association analysis with the web-based history security incident occurring, also can predict alarm to contingent network safety event in future.
8. network security incident association analysis system according to claim 1, it is characterized in that, association analysis result and relevant event information are shown in described management presentation layer usable text form list, and also the form of available network devices topological diagram is graphically shown association analysis result and relevant event information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010613751.2A CN102035855B (en) | 2010-12-30 | 2010-12-30 | Network security incident association analysis system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010613751.2A CN102035855B (en) | 2010-12-30 | 2010-12-30 | Network security incident association analysis system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102035855A CN102035855A (en) | 2011-04-27 |
| CN102035855B true CN102035855B (en) | 2014-05-07 |
Family
ID=43888178
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010613751.2A Active CN102035855B (en) | 2010-12-30 | 2010-12-30 | Network security incident association analysis system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102035855B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104852927A (en) * | 2015-06-01 | 2015-08-19 | 国家电网公司 | Safety comprehensive management system based on multi-source heterogeneous information |
Families Citing this family (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634264A (en) * | 2012-08-20 | 2014-03-12 | 江苏中科慧创信息安全技术有限公司 | Active trapping method based on behavior analysis |
| CN102833354B (en) * | 2012-09-19 | 2015-06-17 | 公安部第三研究所 | Method for implementing domain boundary security monitoring in Internet |
| CN102970165B (en) * | 2012-11-20 | 2015-07-08 | 北京思特奇信息技术股份有限公司 | Network equipment joint analysis alarm system |
| CN104079430A (en) * | 2014-06-09 | 2014-10-01 | 汉柏科技有限公司 | Safety management platform, system and method based on information |
| CN104866436B (en) * | 2014-06-12 | 2018-02-02 | 国家电网公司 | Magnanimity security incident storage method |
| CN104144077B (en) * | 2014-06-30 | 2018-01-12 | 汉柏科技有限公司 | Method for managing security and safety management platform with green energy conservation function |
| US9756062B2 (en) | 2014-08-27 | 2017-09-05 | General Electric Company | Collaborative infrastructure supporting cyber-security analytics in industrial networks |
| CN104394124B (en) * | 2014-11-06 | 2017-10-17 | 国网山东蓬莱市供电公司 | A kind of network safety event association analysis method |
| CN104378367B (en) * | 2014-11-06 | 2017-11-21 | 国网山东蓬莱市供电公司 | A kind of improved network safety event association analysis method |
| CN104539468A (en) * | 2015-01-28 | 2015-04-22 | 浪潮电子信息产业股份有限公司 | Automatic alarm method based on load balancer system |
| CN105404813B (en) * | 2015-10-26 | 2018-06-29 | 浪潮电子信息产业股份有限公司 | A kind of daily record generation method of Intrusion Detection based on host system of defense, apparatus and system |
| CN105446855A (en) * | 2015-11-10 | 2016-03-30 | 广州西麦科技股份有限公司 | APA application tracking and analyzing system |
| CN106022609A (en) * | 2016-05-19 | 2016-10-12 | 中国建设银行股份有限公司河北省分行 | Office computer information security comprehensive analysis and management method for large and medium enterprise staffs |
| CN105959144B (en) * | 2016-06-02 | 2019-08-06 | 中国科学院信息工程研究所 | Secure data acquisition and method for detecting abnormality and system towards industrial control network |
| CN106446008A (en) * | 2016-08-12 | 2017-02-22 | 中国南方电网有限责任公司 | Management method and analysis system for database security event |
| CN109144023A (en) * | 2017-06-27 | 2019-01-04 | 西门子(中国)有限公司 | A kind of safety detection method and equipment of industrial control system |
| CN107506408B (en) * | 2017-08-08 | 2020-10-30 | 北京盛华安信息技术有限公司 | Method and system for distributed association matching of mass events |
| CN107454103B (en) * | 2017-09-07 | 2021-02-26 | 杭州安恒信息技术股份有限公司 | Network security event process analysis method and system based on time line |
| CN108021809A (en) * | 2017-12-19 | 2018-05-11 | 北京明朝万达科技股份有限公司 | A kind of data processing method and system |
| CN108229175B (en) * | 2017-12-28 | 2020-04-10 | 中国科学院信息工程研究所 | Correlation analysis system and method for multidimensional heterogeneous evidence obtaining information |
| CN108712425A (en) * | 2018-05-21 | 2018-10-26 | 南京南瑞集团公司 | A kind of analysis monitoring and managing method towards industrial control system network security threats event |
| CN109034423B (en) * | 2018-08-29 | 2023-04-18 | 郑州云海信息技术有限公司 | Fault early warning judgment method, device, equipment and storage medium |
| CN111092850B (en) * | 2018-10-24 | 2021-06-04 | 珠海格力电器股份有限公司 | Method and device for monitoring network security, air conditioner and household appliance |
| CN111292523B (en) * | 2018-12-06 | 2023-04-07 | 中国信息通信科技集团有限公司 | Network intelligent system |
| CN109889506A (en) * | 2019-01-24 | 2019-06-14 | 黄洪廉 | Electric power big data network monitoring system |
| CN110460620B (en) * | 2019-09-05 | 2021-11-19 | 武汉极意网络科技有限公司 | Website defense method, device, equipment and storage medium |
| CN110704837A (en) * | 2019-09-25 | 2020-01-17 | 南京源堡科技研究院有限公司 | Network security event statistical analysis method |
| CN113518054A (en) * | 2020-04-09 | 2021-10-19 | 中国铁道科学研究院集团有限公司电子计算技术研究所 | Safety configuration acquisition method for railway industry information system |
| CN111654489B (en) * | 2020-05-27 | 2022-07-29 | 杭州迪普科技股份有限公司 | Network security situation sensing method, device, equipment and storage medium |
| US11444923B2 (en) | 2020-07-29 | 2022-09-13 | International Business Machines Corporation | Runtime detection of database protocol metadata anomalies in database client connections |
| CN112468472B (en) * | 2020-11-18 | 2022-09-06 | 中通服咨询设计研究院有限公司 | Security policy self-feedback method based on security log association analysis |
| CN112487418A (en) * | 2020-11-30 | 2021-03-12 | 扬州大自然网络信息有限公司 | Processing method for dealing with computer network information security event |
| CN113179267B (en) * | 2021-04-27 | 2022-12-06 | 长扬科技(北京)股份有限公司 | Network security event correlation analysis method and system |
| CN113992348B (en) * | 2021-09-22 | 2022-08-30 | 北京东方通软件有限公司 | Monitoring method and system of all-in-one machine |
| CN114172881B (en) * | 2021-11-19 | 2023-08-04 | 上海纽盾科技股份有限公司 | Network security verification method, device and system based on prediction |
| CN118487869A (en) * | 2024-07-11 | 2024-08-13 | 长春光华学院 | Network security management system and method applied to multi-platform interaction |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1450757A (en) * | 2002-10-11 | 2003-10-22 | 北京启明星辰信息技术有限公司 | Method and system for monitoring network intrusion |
| CN1808992A (en) * | 2005-01-18 | 2006-07-26 | 英业达股份有限公司 | Security management service system and its implementation method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7788720B2 (en) * | 2006-05-16 | 2010-08-31 | Cisco Technology, Inc. | Techniques for providing security protection in wireless networks by switching modes |
-
2010
- 2010-12-30 CN CN201010613751.2A patent/CN102035855B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1450757A (en) * | 2002-10-11 | 2003-10-22 | 北京启明星辰信息技术有限公司 | Method and system for monitoring network intrusion |
| CN1808992A (en) * | 2005-01-18 | 2006-07-26 | 英业达股份有限公司 | Security management service system and its implementation method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104852927A (en) * | 2015-06-01 | 2015-08-19 | 国家电网公司 | Safety comprehensive management system based on multi-source heterogeneous information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102035855A (en) | 2011-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102035855B (en) | Network security incident association analysis system | |
| CN105119750B (en) | A kind of safe operation management platform system of distributed information based on big data | |
| CN103888287B (en) | Information systemintegration O&M monitor service early warning platform | |
| Nan et al. | Adopting HLA standard for interdependency study | |
| US20050206514A1 (en) | Threat scanning machine management system | |
| CN108763957A (en) | A kind of safety auditing system of database, method and server | |
| CN105262210A (en) | System and method for analysis and early warning of substation network security | |
| CN107958337A (en) | A kind of information resources visualize mobile management system | |
| CN102752142B (en) | A kind of method for supervising of the information system based on Conceptual Modeling and supervisory control system | |
| CN105871605A (en) | Operation and maintenance monitoring platform based on big power marketing data | |
| CN108200123A (en) | A kind of Internet of Things industry cloud monitoring system based on Security Inspection Equipments | |
| CN103593804A (en) | Electric power information communication scheduling and monitoring platform | |
| CN112632135A (en) | Big data platform | |
| CN110398927A (en) | A kind of integrated data information monitoring platform and monitoring system | |
| CN114787875A (en) | System and method for using virtual or augmented reality with data center operations or cloud infrastructure | |
| CN102801805A (en) | Field data acquisition system and method based on mobile internet technology | |
| Mittelstädt et al. | An integrated in-situ approach to impacts from natural disasters on critical infrastructures | |
| Puuska et al. | Nationwide critical infrastructure monitoring using a common operating picture framework | |
| CN116030943B (en) | Big data intelligent operation and maintenance control system and method | |
| CN105978716A (en) | Isomorphic treatment and three-dimensional display method for monitoring information of IT devices and dynamic loop devices | |
| Corradi et al. | SIRDAM4. 0: A support infrastructure for reliable data acquisition and management in industry 4.0 | |
| CN116015903A (en) | Network security situation awareness comprehensive analysis system and method thereof | |
| CN111858734A (en) | Formatted storage and visual display method for honeypot threat data | |
| CN117220917A (en) | Network real-time monitoring method based on cloud computing | |
| KR20060058186A (en) | Information technology risk management system and method the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: JIANGSU FANGTIAN POWER TECHNOLOGY CO., LTD. STATE Free format text: FORMER OWNER: JIANGSU FANGTIAN POWER TECHNOLOGY CO., LTD. Effective date: 20121029 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20121029 Address after: 210024 Shanghai Road, Jiangsu, China, No. 215, No. Applicant after: Jiangsu Electric Power Company Applicant after: Jiangsu Fangtian Power Technology Co., Ltd. Applicant after: State Grid Corporation of China Address before: 210024 Shanghai Road, Jiangsu, China, No. 215, No. Applicant before: Jiangsu Electric Power Company Applicant before: Jiangsu Fangtian Power Technology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |