CN102123149B - Service-oriented large-scale network security situational assessment device and method - Google Patents
Service-oriented large-scale network security situational assessment device and method Download PDFInfo
- Publication number
- CN102123149B CN102123149B CN2011100523301A CN201110052330A CN102123149B CN 102123149 B CN102123149 B CN 102123149B CN 2011100523301 A CN2011100523301 A CN 2011100523301A CN 201110052330 A CN201110052330 A CN 201110052330A CN 102123149 B CN102123149 B CN 102123149B
- Authority
- CN
- China
- Prior art keywords
- module
- data
- index
- service
- situation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a service-oriented large-scale network security situational assessment device and method. The device comprises a monitoring platform and an acquisition agent, wherein the monitoring platform comprises a data analysis/index extraction module, a situational assessment module, a database middleware module, a command configuration module, a plug-in module and an XML (Extensible Markup Language) data conversion module; the acquisition agent comprises a server performance state acquisition agent, a network equipment state acquisition agent and a specific service performance state acquisition agent; the monitoring platform sends out an alarm in one or more modes and carries out emergency response by using a predefined event processing program; and the acquisition agent takes charge of receiving a specific monitoring command transmitted by the monitoring platform to finish acquisition of various network security situational indexes. The device and the method contribute to making accurate assessment on global security of a network system, facilitate timely adjustment of a security policy by a network administrator, and provide theoretical basis and technical support for subsequent security situational prediction and situational visualization.
Description
Technical field
The invention belongs to information security field, relate to service-oriented large-scale network security Situation Assessment system.
Background technology
Along with the Internet era arriving, China's network security problem becomes increasingly conspicuous.Networks security situation assessment (Network Security Situational Assessment, NSSA) refer to by may occur in the appraisal procedure evaluating system in design or the fragility that realizes, this process is used for guaranteeing that network system is not subjected to accidental or deliberate infringement.The networks security situation assessment technology is the dynamic reflection security status on the whole, and the development trend of safe condition is predicted and early warning, for strengthening internet security, provides reliable with reference to the property foundation.
Network service is Resource Encapsulation and the elementary cell of sharing under open network environment, is network provides the specific demand that meets different user by various means a series of functions and action.It comprises all functions that all services (such as DNS, FTP, Http etc.) that network application layer is contained and server and the network equipment can provide to the user.
external aspect, U.S. TRUST research team is setting up a computer defense technique net (DETER NETWORK) as distributed denial of service attack and worm attack in the clinical Simulation with I nternet of coming of experiment, the impact that the analytical attack of attempting system causes whole network is also found possible solution, this system utilizes that Byzantine is fault-tolerant guarantees between all correct duplicating process to carry out identical operation with the consistency Negotiation Technology, to guarantee the integrality of service and system mode, fault-tolerant and the consistency Negotiation Technology of Byzantine, but authentication password technology of sharing and majority votinl all can be used for detecting service processes and the data server that had lost efficacy.
The people such as Matthew V.Mahoney and Philip K.Chan have used 33 kinds of attributes that extract from Ethernet, IP, TCP, UDP, icmp header to detect analysis, these models can be good at detecting DoS and the S/P class is attacked, as analyze the TCP heading, the SYN message of a certain port of arrival system in statistics a period of time, computation of characteristic values,, if surpass threshold value, think that SYN Flooding has occurred to be attacked, but for U2R and R2L two classes, attack helpless.
Christopher has described a kind of method for detecting abnormality for the DNS service, message load is aggregated into 6 fields according to 256 ascii characters, calculate the occurrence frequency of each field, and by from high to low sequential storage, the service request messages of same type is set up the load distributed model, use X
2-test method is calculated the exceptional value judgement attack message that new service request messages load distributes.
U.S.'s system of defense website report on July 12nd, 2010, the new commandant Keyes of the Sai Bo headquarter Alexandria of U.S. Department of Defense represents a public occasion, Ministry of National Defence faces weak Situation Awareness problem, and region of war needs more powerful situational awareness, as Iraq and Afghanistan.
The Washington technology web sites everyday reported November 10 in 2010, and team of Ray Thcon will provide service for U.S. national defense Office Of Information Systems, to resist the potential attack that obstructs Ministry of National Defence's network.Be worth the contract of 2,800 ten thousand dollars according to portion, Ray Thcon will develop the solution of integrated network operation situation perception (NetOps SA), and this will make Ministry of National Defence's fast detecting network intrusions, the health status of the whole network of assessment.
Domestic aspect, Xian Electronics Science and Technology University proposes the concept based on Service survivability, the fault of system service is summed up in the point that the configuration of atomic service, because each atomic service only has a kind of configuration, different configurations is made up can survive in going to service and is carried out quantitative analysis to same service configuration.
The Chinese Academy of Sciences proposes to come with the mode of screening and the daily record of mark network service the attack of discovering network service, the user is become the access of main object to the demand for services of network service system, the security attribute of network service system is proposed, carry out the rule of restriction service system action according to the security attribute of network system, thereby according to behavior abnormal, detect the abnormal of service.
Tsing-Hua University according to the service public characteristic formulated unified service model and descriptive language, based on this modelling a flexibly customized service testing engine, can realize to a certain extent general service monitoring framework and Fault Locating Method.
Xi'an Communications University is based on the frequency of service attack and the statistical analysis of Attack Severity, the security postures of evaluation services, thereby the importance factor of service and main frame self is weighted, the security postures of service in the critic network system, main frame and whole network system.
At present, the patent of delivering about the network performance Situation Awareness System has application number to be 200610095391.5, to be the RES(rapid evaluation system) based on the roomage state perception on December 5th, 2007 in open day, a kind of RES(rapid evaluation system) towards space flight measurement and control is provided in this patent document, expert system and distributed interactive simulation means are applied in DSS, but this patent only relates to the assessment of space flight hardware resource, does not relate to network safety filed.Application number is 200710121584.8, was large range battlefield situation intelligent perception system and the cognitive method on May 7th, 2008 in open day, utilize distributed many videos multi-hop wireless sensor network in this patent document, the large range battlefield situation of multi-target detection, classification, location and tracking.The described situation of this patent is identification, classification and the location for target in battlefield.
The individual and the mechanism that carry out at present network security situation awareness research both at home and abroad are a lot, and research angle and the research method of employing are also varied, but adopt the correlative study of the service-oriented large-scale network security Situation Assessment of being open-minded to yet there are no all reports.
Summary of the invention
The object of the present invention is to provide a kind of can be under large-scale network environment, network service situation situation is carried out Real Time Monitoring, and the service-oriented large-scale network security Situation Assessment device that network behavior potential, malice is become before uncontrollable and carries out assessment, defence, response and the early warning of security postures.The present invention also aims to provide a kind of service-oriented large-scale network security method for situation assessment.
The object of the present invention is achieved like this:
Service-oriented large-scale network security Situation Assessment device of the present invention comprises monitor supervision platform and Collection agent; Described monitor supervision platform comprises data analysis/index extraction module, Situation Assessment module, database middleware module, command configuration module, card module, XML data conversion module; Described Collection agent comprises server performance state acquisition agency, network equipment state acquisition agency and specific service performance state Collection agent;
Data analysis/index extraction module, data analysis are that the situation data analysis that the data Collection agent gathers is up processed, needed some the new situation information of generating network safety situation evaluation, and find contingent abnormal behaviour; Index extraction is to extract, arrange the helpful index of safety situation evaluation, with corresponding data structure, these information are stored in the security postures information bank, for next step networks security situation assessment ready;
Whose relatively important decision-making is the Situation Assessment module, make to factor in twos;
The database middleware module, extract the data that collect, and realizes simultaneously the configuration management of automation;
The command configuration module, comprise basic command configuration information maintenance module, command configuration information legitimacy detection module and command configuration file generating module, basic command configuration information maintenance module is responsible for safeguarding basic configuration information, and the keeper creates, inquires about relation between various objects and object thereof with this module; Command configuration information legitimacy detection module checks whether the association between each object is legal, and the prompting keeper checks the problem that some are potential; The command configuration file generating module generates each self-corresponding configuration file and bibliographic structure according to the basic command configuration information for each Collection agent;
Card module, realize the communication with other functional modules;
XML data conversion module, finished surface, to unitized, the format of service safe situation information, convert the data file of XML form to, for the inquiry of monitor supervision platform and calling of access and upper layer application according to the data common model of the XML-based that makes;
Server performance state acquisition agency, be responsible for gathering the running status of Windows server and Linux server, these performances and state comprise: OS Type, server apparatus type, server hard disc number, CPU usage, port open situation, memory usage, port flow, each disk occupancy, leak and patch; , for those servers of opening the SNMP agent functionality, can also utilize the GET order of snmp protocol to obtain corresponding information.
Network equipment state acquisition agency, collect the network performance information on all kinds router, switch and end-to-end data link, these information spinners will comprise: device type, unit type, port number, port flow, port speed, the network bandwidth, transfer rate, end-to-end packet loss, round-trip delay;
The specific service performance collection proxy, gather comparatively common on present network, as the property indices of the indispensable FTP of network infrastructure service, DNS service, WEB service, these indexs mainly comprise service request rate, service clicking rate, Responsibility, service error rate, service response time, service availability, service leak, service message length, service message type and service message load.
Service-oriented large-scale network security method for situation assessment of the present invention is:
Service-oriented large-scale network security Situation Assessment device comprises monitor supervision platform and Collection agent; Described monitor supervision platform comprises data analysis/index extraction module, Situation Assessment module, database middleware module, command configuration module, card module, XML data conversion module; Described Collection agent comprises server performance state acquisition agency, network equipment state acquisition agency and specific service performance state Collection agent;
At first step 1 inputs acquisition in monitor supervision platform;
In step 2 determining step 1, whether input is newer command, if just perform step 3; No person directly performs step 4;
Step 3 enters card module, defines and generate corresponding plug-in unit, then performs step 4;
Step 4 enters the acquisition generation module, generates more detailed acquisition, sends order to Collection agent;
Step 5 Collection agent is received acquisition, gathers the security postures index and index is sent back monitor supervision platform with FTP communication;
After step 6 monitor supervision platform obtains index, enter data analysis/index extraction module, corresponding index is analyzed extraction with index, then perform step simultaneously 7,8,9;
Step 7, with the input of the output of step 6 as the database middleware module, realizes the data access of kernel process to database;
Step 8 enters the XML modular converter, finished surface is to unitized, the format of service safe situation information, convert the data file of XML form according to the data common model of the XML-based that makes to, be used for the inquiry of monitor supervision platform and calling of access and upper layer application;
Step 9 enters the evaluation module of security postures, carries out the networks security situation assessment of large scale network, then performs step 10;
Step 10 is at output module output assessment report and show the running status of all kinds of safety indexs with the form of motion graphics.
Described data analysis/index extraction the module that enters, corresponding index is analyzed with the method for the extraction of index be:
(1) extract all kinds of situation data that send over from Collection agent;
(2) by data on flows and performance data are set up the normal discharge model, then draw normal threshold interval, by the method for protocal analysis, the message characteristic field carried out the attack message judgement, characteristic is carried out characteristic matching;
(3) give and there emerged a situation achievement data status characteristic of correspondence value according to detection model;
(4) judge whether normal condition of data according to characteristic value, if normally enter step (5); Otherwise enter step (7);
(5) extract all kinds of indexs relevant to service-oriented networks security situation assessment;
Also will change into the XML reference format when (6) data after security postures index classified finishing being entered the safety situation evaluation step stores in the situation database;
(7) trigger anomalous event or alert event;
(8) also to carry out the security incident analysis when data flow (5), and then change into the XML reference format, finally to upper strata integrated group submit security incident to or the XML data stored in the situation database as historical data, in order to inquiry from now on.
The networks security situation assessment that the described evaluation module that enters security postures carries out large scale network is to adopt a kind of Fuzzy AHP to process, and concrete steps are as follows:
(1) the situation quantizating index is divided into several different key elements;
(2) weight vectors that calculates each layer index comprises: the weight vectors of the weight vectors of each layer index and each layer internal indicator, the model precedence relation matrix, secondly precedence relation matrix is changed into Fuzzy consistent matrix, utilize finally the row normalization method to obtain weight vectors;
(3) set up the evaluation grade set;
(4) with the weight of the inner quantizating index of each layer and with it corresponding Fuzzy consistent matrix carry out the Fuzzy compose operation, and then calculate the Fuzzy comprehensive evaluation vector;
(5) calculate the comprehensive assessment matrix.
The invention provides a kind of service-oriented large-scale network security situation sensor-based system.This system main purpose is to solve under large-scale network environment, network service situation situation is carried out Real Time Monitoring, and network behavior potential, malice is become before uncontrollable and carries out assessment, defence, response and the early warning of security postures, provide corresponding countermeasure.The present invention helps the global safety of network system is made accurate evaluation, facilitates the timely adjustment of network manager's security strategy, and for the prediction of follow-up security postures and situation is visual that theoretical foundation and technical support be provided.
With respect to existing network safety situation evaluation system, advantage of the present invention has: (1) is for the specific safety sexual demand of network system, angle from service, collection may affect the various types of security data of network system application, finish dealing with by analysis to the quota portray of network system security situation, the Situation Assessment result has novelty, the characteristics such as directly perceived, concrete.And existing system is only assessed network from the angle of network security; (2) be different from the single situation evaluating system of existing network security, the present invention can realize the multistage service safe Situation Assessment of server state level in network system, network equipment level and network service level, be convenient to the safe condition that the safety officer holds each layer of system comprehensively, correct decisions is provided.(3) fully compatible with SNMP, support nearly all operating platform, can carry out Real Time Monitoring and management to remote server and service thereof.And existing system is only for the single operation platform.
Description of drawings
Fig. 1 is the frame diagram of device of the present invention;
Fig. 2 is data analysis/index extraction module workflow diagram;
Fig. 3 is safety situation evaluation module single treatment flow chart.
Embodiment
Below for a more detailed description to the present invention for example:
In conjunction with Fig. 1. for completing target of the present invention, service-oriented large-scale network security Situation Assessment device of the present invention comprises monitor supervision platform and Collection agent, wherein: described monitor supervision platform is responsible for carrying out networks security situation assessment work, monitor supervision platform will send instruction to the remote collection agency, the monitoring program that operation is necessary.According to the data of passing back from described Collection agent, system will, according to its configuration file, be taked to take action flexibly.And according to the specific demand of remote collection, system will by the plug-in unit that moves a customization test more special project (as, check whether the data manipulation of database normal).If the value that test is returned exceeds the scope of normal permission.Described monitor supervision platform will give a warning and take predefined button.onrelease to carry out emergency processing by one or more modes.
Described monitor supervision platform comprises data analysis/index extraction module, data analysis is exactly that a large amount of situation data analysis that the data Collection agent gathers are up processed, with needed some the new situation information of generating network safety situation evaluation, and find contingent abnormal behaviour.Index extraction is to extract, arrange the helpful index of safety situation evaluation, with corresponding data structure, these information are stored in the security postures information bank, for next step networks security situation assessment ready.
Whose relatively important decision-making is the Situation Assessment module, make to factor in twos.
The database middleware module, extract and collect to obtain data efficiently, realizes simultaneously the configuration management of automation.
The command configuration module, comprise basic command configuration information maintenance module, command configuration information legitimacy detection module and command configuration file generating module.Basic command configuration information maintenance module is responsible for safeguarding basic configuration information, and the keeper creates, inquires about relation between various objects and object thereof with this module; The function of command configuration information legitimacy detection module is to check whether the association between each object is legal, and the prompting keeper checks the problem that some are potential; The command configuration file generating module generates each self-corresponding configuration file and bibliographic structure according to the basic command configuration information for each Collection agent.
Card module, its major function are the communications with other functional modules.
XML data conversion module finished surface, to unitized, the format of service safe situation information, converts the data file of XML form to, for the inquiry of monitor supervision platform and calling of access and upper layer application according to the data common model of the XML-based that makes.
Described Collection agent comprises server performance state acquisition agency, network equipment state acquisition agency and specific service performance state Collection agent, Collection agent is responsible for receiving the specific monitor command that monitor supervision platform sends over, and completes the collecting work of diverse network security postures index.
(1) the main at present comparatively popular Windows server of collection and the running status of Linux server be responsible for of server performance state acquisition agency, these performances and state comprise: OS Type, server apparatus type, server hard disc number, CPU usage, port open situation, memory usage, port flow, each disk occupancy, leak and patch etc.,, for those servers of opening the SNMP agent functionality, can also utilize the GET order of snmp protocol to obtain corresponding information.
(2) the main network performance information of being responsible for collecting on all kinds router, switch and end-to-end data link of network equipment state acquisition agency.These information spinners will comprise: device type, unit type, port number, port flow, port speed, the network bandwidth, transfer rate, end-to-end packet loss, round-trip delay etc.
(3) the specific service performance collection proxy mainly be responsible for to gather comparatively common on present network, as the property indices of the indispensable FTP service of network infrastructure, DNS service, WEB service, these indexs mainly comprise service request rate, service clicking rate, Responsibility, service error rate, service response time, service availability, service leak, service message length, service message type and service message load etc.
The present invention adopts monitor supervision platform-Collection agent structure in large scale network.Monitor supervision platform side is responsible for carrying out networks security situation assessment work, data analysis/index extraction module that it is integrated, safety situation evaluation module, plug-in unit definition module, acquisition generation module, XML modular converter, database middleware module and, it provides convenience, friendly user interface, be used for the order that configuration sends to monitoring agent before collection, demonstration real-time in test process moves progress, submits various forms of assessment reports after monitoring finishes to.Collection agent side need to be arranged on the network service key node in advance, such as being deployed in WEB server, router and switch etc., Collection agent mainly is responsible for receiving the specific acquisition that monitor supervision platform sends over, and completes the collecting work of diverse network security postures index.
See also Fig. 1, this system is assessed service-oriented large-scale network security situation by following steps.
1) at first input acquisition in above-mentioned monitor supervision platform;
2) in determining step 1, whether input is newer command, if just perform step 3; No person directly performs step 4;
3) enter card module, define and generate corresponding plug-in unit, then perform step 4;
4) enter the acquisition generation module, generate more detailed acquisition, send order to Collection agent;
5) Collection agent is received acquisition, gathers the security postures index and index is sent back monitor supervision platform with FTP communication;
6) after monitor supervision platform obtains index, enter data analysis/index extraction module, corresponding index is analyzed extraction with index, then perform step simultaneously 7,8,9;
7), with the input of the output of step 6 as the database middleware module, realize the data access of system core process to database;
8) enter the XML modular converter, finished surface is to unitized, the format of service safe situation information, convert the data file of XML form according to the data common model of the XML-based that makes to, facilitate the inquiry of monitor supervision platform and calling of access and upper layer application;
9) enter the evaluation module of security postures, carry out the networks security situation assessment of large scale network, then perform step 10;
10) at output module output assessment report with show the running status of all kinds of safety indexs with the form of motion graphics;
Wherein: card module mainly is responsible for the communication with other functional modules in step 3, and when the present invention need to detect the state of special services or server, system can be moved preassigned plug-in unit, then received the result that plug-in unit returns.
The command configuration module is responsible for unified management and is generated the command configuration file and the command configuration file of each server practicality is sent on corresponding server in step 4.
Work as Collection agent and receive the acquisition that monitor supervision platform sends in step 5, Collection agent starts to gather the situation index of various large scale network key nodes, comprises the situation index of server, the network equipment and specific service.
Data analysis in step 6/index extraction module is by setting up the normal discharge model to data on flows and performance data, then draw normal threshold interval, by methods such as protocal analysises, the message characteristic field carried out the attack message judgement, data are carried out characteristic matching, provide the characteristic value of respective performances index.As shown in Figure 2, data analysis/index extraction module workflow:
(1) extract all kinds of situation data that send over from Collection agent;
(2) by data on flows and performance data are set up the normal discharge model, then draw normal threshold interval, by the method for protocal analysis, the message characteristic field carried out the attack message judgement, characteristic is carried out characteristic matching.
(3) give and there emerged a situation achievement data status characteristic of correspondence value according to detection model;
(4) judge whether normal condition of data according to characteristic value, if normally enter step (5); Otherwise enter step (7);
(5) extract all kinds of indexs relevant to service-oriented networks security situation assessment;
Also will change into the XML reference format when (6) data after security postures index classified finishing being entered the safety situation evaluation step stores in the situation database;
(7) trigger anomalous event or alert event;
(8) also to carry out the security incident analysis when data flow (5), and then change into the XML reference format, finally to upper strata integrated group submit security incident to or the XML data stored in the situation database as historical data, in order to inquiry from now on.
The evaluation module of security postures adopts a kind of Fuzzy AHP to process in step 9.Concrete steps following (as Fig. 3, showing):
(1) the situation quantizating index is divided into several different key elements;
(2) weight vectors that calculates each layer index comprises: the weight vectors of the weight vectors of each layer index and each layer internal indicator.The model precedence relation matrix, secondly change into Fuzzy consistent matrix with precedence relation matrix, utilizes finally the row normalization method to obtain weight vectors;
(3) set up the evaluation grade set;
(4) with the weight of the inner quantizating index of each layer and with it corresponding Fuzzy consistent matrix carry out the Fuzzy compose operation, and then calculate the Fuzzy comprehensive evaluation vector;
(5) calculate the comprehensive assessment matrix.
Claims (1)
1. service-oriented large-scale network security method for situation assessment, service-oriented large-scale network security Situation Assessment device comprises monitor supervision platform and Collection agent; Described monitor supervision platform comprises data analysis/index extraction module, Situation Assessment module, database middleware module, command configuration module, card module, XML data conversion module; Described Collection agent comprises server performance state acquisition agency, network equipment state acquisition agency and specific service performance state Collection agent; It is characterized in that:
At first step 1 inputs acquisition in monitor supervision platform;
In step 2 determining step 1, whether input is newer command, if just perform step 3; No person directly performs step 4;
Step 3 enters card module, defines and generate corresponding plug-in unit, then performs step 4;
Step 4 enters the acquisition generation module, generates more detailed acquisition, sends order to Collection agent;
Step 5 Collection agent is received acquisition, gathers the security postures index and index is sent back monitor supervision platform with FTP communication;
After step 6 monitor supervision platform obtains index, enter data analysis/index extraction module, corresponding index is analyzed extraction with index, then perform step simultaneously 7,8,9;
Step 7, with the input of the output of step 6 as the database middleware module, realizes the data access of kernel process to database;
Step 8 enters the XML modular converter, finished surface is to unitized, the format of service safe situation information, convert the data file of XML form according to the data common model of the XML-based that makes to, be used for the inquiry of monitor supervision platform and calling of access and upper layer application;
Step 9 enters the evaluation module of security postures, carries out the networks security situation assessment of large scale network, then performs step 10;
Step 10 is at output module output assessment report and show the running status of all kinds of safety indexs with the form of motion graphics;
Described data analysis/index extraction the module that enters, corresponding index is analyzed with the method for the extraction of index be:
(1) extract all kinds of situation data that send over from Collection agent;
(2), by data on flows and performance data are set up the normal discharge model, then draw normal threshold interval, by the method for protocal analysis, the message characteristic field is carried out the attack message judgement, characteristic is carried out characteristic matching;
(3) provide each situation achievement data status characteristic of correspondence value according to detection model;
(4) judge whether normal condition of data according to characteristic value, if normally enter step (5); Otherwise enter step (7);
(5) extract all kinds of indexs relevant to service-oriented networks security situation assessment;
Also will change into the XML reference format when (6) data after security postures index classified finishing being entered the safety situation evaluation step stores in the situation database;
(7) trigger anomalous event or alert event;
(8) also to carry out the security incident analysis when data flow (5), and then change into the XML reference format, finally to upper strata integrated group submit security incident to or the XML data stored in the situation database as historical data, in order to inquiry from now on;
The networks security situation assessment that the described evaluation module that enters security postures carries out large scale network is to adopt a kind of Fuzzy AHP to process, and concrete steps are as follows:
(1) the situation quantizating index is divided into several different key elements;
(2) calculate the weight vectors of each layer index, comprise: the weight vectors of the weight vectors of each layer index and each layer internal indicator, the model precedence relation matrix, secondly change into Fuzzy consistent matrix with precedence relation matrix, utilizes finally the row normalization method to obtain weight vectors;
(3) set up the evaluation grade set;
(4) with the weight of the inner quantizating index of each layer and with it corresponding Fuzzy consistent matrix carry out the Fuzzy compose operation, and then calculate the Fuzzy comprehensive evaluation vector;
(5) calculate the comprehensive assessment matrix.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100523301A CN102123149B (en) | 2011-03-04 | 2011-03-04 | Service-oriented large-scale network security situational assessment device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100523301A CN102123149B (en) | 2011-03-04 | 2011-03-04 | Service-oriented large-scale network security situational assessment device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102123149A CN102123149A (en) | 2011-07-13 |
| CN102123149B true CN102123149B (en) | 2013-11-20 |
Family
ID=44251602
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100523301A Active CN102123149B (en) | 2011-03-04 | 2011-03-04 | Service-oriented large-scale network security situational assessment device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102123149B (en) |
Families Citing this family (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102456073A (en) * | 2011-11-03 | 2012-05-16 | 中国人民解放军国防科学技术大学 | Partial extremum inquiry method |
| CN102916940A (en) * | 2012-09-19 | 2013-02-06 | 浪潮(北京)电子信息产业有限公司 | Method and system for realizing network safety of cloud data center |
| CN104243401A (en) * | 2013-06-08 | 2014-12-24 | 中国人民解放军91655部队 | Safety protecting method for large-scale network |
| CN103944775A (en) * | 2014-03-14 | 2014-07-23 | 广州源典科技有限公司 | Network traffic collection analysis and display output method |
| CN103905440B (en) * | 2014-03-28 | 2017-02-22 | 哈尔滨工程大学 | Network security situation awareness analysis method based on log and SNMP information fusion |
| CN104038369B (en) * | 2014-05-15 | 2015-02-25 | 国家电网公司 | Acquisition early-warning system and method for number-7 signaling network messages |
| CN104850625B (en) * | 2015-05-20 | 2018-05-04 | 浪潮电子信息产业股份有限公司 | A kind of database safeguarding method and device |
| CN104901838B (en) * | 2015-06-23 | 2018-04-20 | 中国电建集团成都勘测设计研究院有限公司 | Enterprise network security event management system and its method |
| CN105447085B (en) * | 2015-11-06 | 2019-02-05 | 中国电子科技集团公司第二十八研究所 | A kind of generation of situation product and distribution method based on theme |
| CN105488344B (en) * | 2015-11-26 | 2019-02-05 | 中国电力科学研究院 | A kind of general evaluation method of controller switching equipment health index |
| CN106209856B (en) * | 2016-07-14 | 2017-05-03 | 广西电网有限责任公司 | Method for generating big data security posture map based on trusted computing |
| CN106685839A (en) * | 2016-11-17 | 2017-05-17 | 上海斐讯数据通信技术有限公司 | Method and system for monitoring router long connection service |
| CN108289035B (en) * | 2017-08-04 | 2021-09-17 | 上海北塔软件股份有限公司 | Method and system for visually displaying running states of network and business system |
| CN107343010B (en) * | 2017-08-26 | 2019-07-16 | 海南大学 | Automatic safe Situation Awareness, analysis and alarm system towards typing resource |
| CN108337270A (en) * | 2018-05-18 | 2018-07-27 | 梧州井儿铺贸易有限公司 | A kind of enterprise network security event management system |
| CN108418841B (en) * | 2018-05-18 | 2019-02-19 | 广西电网有限责任公司 | Next-generation key message infrastructure network Security Situation Awareness Systems based on AI |
| CN109886475B (en) * | 2019-01-24 | 2022-12-06 | 广西电网有限责任公司电力科学研究院 | Information security situation perception system of measurement automation system based on AI |
| CN110008085A (en) * | 2019-04-04 | 2019-07-12 | 安徽汇迈信息科技有限公司 | A kind of monitoring system of big data platform |
| CN110225543B (en) * | 2019-05-30 | 2021-11-30 | 上海交通大学 | Mobile terminal software quality situation perception system and method based on network request data |
| CN112242973A (en) * | 2019-07-16 | 2021-01-19 | 中国移动通信集团浙江有限公司 | DDoS attack detection method, device, computing equipment and computer storage medium |
| CN110572280B (en) * | 2019-08-22 | 2022-04-26 | 北京新宇航星科技有限公司 | Network monitoring method and system |
| CN111447202B (en) * | 2020-03-24 | 2021-03-30 | 江苏易安联网络技术有限公司 | Visual arrangement system of security policy |
| CN111614491B (en) * | 2020-05-06 | 2022-10-04 | 国网电力科学研究院有限公司 | Power monitoring system oriented safety situation assessment index selection method and system |
| CN111669375B (en) * | 2020-05-26 | 2021-03-16 | 武汉大学 | Online safety situation assessment method and system for power industrial control terminal |
| CN111882179A (en) * | 2020-07-09 | 2020-11-03 | 福建奇点时空数字科技有限公司 | Network security situation awareness system platform based on data stream processing |
| CN112737821B (en) * | 2020-12-22 | 2022-05-27 | 新华三大数据技术有限公司 | Data acquisition method and device |
| CN113067728B (en) * | 2021-03-17 | 2022-10-14 | 中国人民解放军海军工程大学 | Network security attack and defense test platform |
| CN116389174B (en) * | 2023-06-07 | 2023-09-12 | 北京全路通信信号研究设计院集团有限公司 | Network security control method and device |
| CN117194201A (en) * | 2023-11-07 | 2023-12-08 | 中央军委政治工作部军事人力资源保障中心 | Health degree evaluation and observation method and device for service system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459537A (en) * | 2008-12-20 | 2009-06-17 | 中国科学技术大学 | Network security situation sensing system and method based on multi-layer multi-angle analysis |
| CN101867498A (en) * | 2009-04-17 | 2010-10-20 | 中国科学院软件研究所 | Network security situation evaluating method |
-
2011
- 2011-03-04 CN CN2011100523301A patent/CN102123149B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459537A (en) * | 2008-12-20 | 2009-06-17 | 中国科学技术大学 | Network security situation sensing system and method based on multi-layer multi-angle analysis |
| CN101867498A (en) * | 2009-04-17 | 2010-10-20 | 中国科学院软件研究所 | Network security situation evaluating method |
Non-Patent Citations (2)
| Title |
|---|
| 刘磊,王慧强,梁颖.基于模糊层次分析的网络服务级安全态势评价方法.《计算机应用》.2009,第29卷(第9期),第2329-2330页. * |
| 周仁杰,王慧强,梁颖.面向特定服务的网络安全态势数据采集与分析.《武汉大学学报(理学版)》.2009,第55卷(第1期),第114页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102123149A (en) | 2011-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102123149B (en) | Service-oriented large-scale network security situational assessment device and method | |
| Banitalebi Dehkordi et al. | The DDoS attacks detection through machine learning and statistical methods in SDN | |
| EP3528463B1 (en) | An artificial intelligence cyber security analyst | |
| CN104506393B (en) | A kind of system monitoring method based on cloud platform | |
| EP2080317B1 (en) | Apparatus and a security node for use in determining security attacks | |
| CN102594620B (en) | Linkable distributed network intrusion detection method based on behavior description | |
| Giani et al. | The VIKING project: An initiative on resilient control of power networks | |
| Kholidy | Correlation‐based sequence alignment models for detecting masquerades in cloud computing | |
| CN103338128A (en) | Information security management system with integrated security management and control function | |
| CN105357063A (en) | Cyberspace security situation real-time detection method | |
| Chenine et al. | A framework for wide-area monitoring and control systems interoperability and cybersecurity analysis | |
| CN103905440A (en) | Network security situation awareness analysis method based on log and SNMP information fusion | |
| Yang et al. | FARIMA model‐based communication traffic anomaly detection in intelligent electric power substations | |
| CN107547228A (en) | A kind of safe operation management platform based on big data realizes framework | |
| CN114358106A (en) | System anomaly detection method and device, computer program product and electronic equipment | |
| Medhat et al. | Testing techniques in IoT-based systems | |
| CN116112283A (en) | CNN-LSTM-based power system network security situation prediction method and system | |
| Cong et al. | Network security situation awareness based on the optimized dynamic wavelet neural network | |
| Ageyev et al. | Traffic Monitoring and Abnormality Detection Methods for IoT | |
| CN107454068A (en) | A kind of sweet net security postures cognitive method of combination Danger Immune theory | |
| Oluwabukola et al. | A Packet Sniffer (PSniffer) application for network security in Java | |
| Ali et al. | Probabilistic model checking for AMI intrusion detection | |
| Ali et al. | Detecting anomalies from end-to-end internet performance measurements (PingER) using cluster based local outlier factor | |
| Fessi et al. | Data collection for information security system | |
| Xiang et al. | A method of network security situation assessment based on hidden Markov model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20151231 Address after: 518022, Shenzhen 5308, Guangdong Province, Luohu District Garden Street, Shennan East Road, Xing Xing Plaza, main building, 53 Patentee after: SHENZHEN GENUINE INNOVATIVE TECHNOLOGY Co.,Ltd. Address before: 150001 Heilongjiang, Nangang District, Nantong street,, Harbin Engineering University, Department of Intellectual Property Office Patentee before: HARBIN ENGINEERING University |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20230414 Address after: 518000 201, office building 3, Fulda Industrial Zone, No.30, Fuyuan 1st Road, Heping community, Fuhai street, Bao'an District, Shenzhen City, Guangdong Province Patentee after: Bayi new energy technology (Shenzhen) Co.,Ltd. Address before: Unit 5308, 53rd Floor, Main Building, Xinxing Plaza, Shennan East Road, Guiyuan Street, Luohu District, Shenzhen City, Guangdong Province, 518022 Patentee before: SHENZHEN GENUINE INNOVATIVE TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |