CN102685180A - Cloud computing-oriented network security early warning method - Google Patents
Cloud computing-oriented network security early warning method Download PDFInfo
- Publication number
- CN102685180A CN102685180A CN2011103166664A CN201110316666A CN102685180A CN 102685180 A CN102685180 A CN 102685180A CN 2011103166664 A CN2011103166664 A CN 2011103166664A CN 201110316666 A CN201110316666 A CN 201110316666A CN 102685180 A CN102685180 A CN 102685180A
- Authority
- CN
- China
- Prior art keywords
- network
- host
- cloud computing
- security
- gent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a cloud computing-oriented network security early warning method, and aims to ensure the security and reliability of network communication in a cloud computing environment, dynamically identify and monitor various attack attempts and behaviors in the cloud computing environment in real time and provide real-time early warning and security protection for various network attacks in the cloud computing environment. According to the method, a security event acquirer, a security event processor, a security state analyzer, a network security early warning operation core and the like are mainly involved. By an Agent technology and an Apriori association rule algorithm, the problems about the network security early warning in the cloud computing environment are well solved, the problems about the distributed acquisition of the security event data of each host in the cloud computing environment are solved, and network security early warning and protection capability in the cloud computing environment is improved.
Description
Technical field
The present invention is a kind of method towards cloud computing environment building network safe early warning, is mainly used in the dynamic monitoring early warning problem of various security threats under the system for cloud computing environment, belongs to the information security software field.
Background technology
Cloud computing is the extension of Distributed Calculation, parallel computation and grid computing development; Resource-sharing and on-demand service are one of principal characters of cloud computing, and the various service applications system can obtain required calculating, storage and software resource according to the actual requirements from the shared resource pond.Continuous development along with cloud computing; Various cloud computing patterns comprise coexistences such as publicly-owned cloud, privately owned cloud, mixed cloud; Various cloud computing platforms are formed among the Internet a big resource-sharing and processing platform jointly; No matter any one cloud computing platform receives from inner or outside network attack, all can bring the loss that can't estimate to enterprise.
Cloud computing is when offering convenience to people, because the absolute opening of its resource and the shared diverse network that also causes are attacked day by day frequently with serious.How open, realize under the dynamic and changeable system for cloud computing environment network security initiatively early warning become one of security challenge that the service application based on cloud computing faces.In order to guarantee the safe and reliable of cloud computing environment lower network communication, traditional is deployed in the network such as safety components such as fire compartment wall, intruding detection systems.But, these safe practices and measure can only post analysis process with remedy.Should need the application safety early warning technology to come various attack attempt and behavior under identification of dynamic real-time ground and the monitoring cloud computing environment, when attacking generation or before taking place, take corresponding safety prevention measure to stop corresponding attack in advance.Therefore; Make up a kind of network safety pre-warning method towards cloud computing for the real-time early warning and the protection that solve under the cloud computing environment from inside and outside network attack; Set up cloud computing environment lower network safety active defense system and have great importance, the stable operation for miscellaneous service system under the cloud computing environment simultaneously provides safety supports.
Network safety pre-warning is mainly considered from following two aspects: (1) to the security event data that is taken place on each main frame under the cloud computing, in order to provide support for early warning in time and strick precaution, at first need gather these security event datas; (2) after the security event data that collects to each main frame under the cloud computing environment obtains the correspondent transaction database through preliminary treatment; Realize the excavation of network safety pre-warning rule in conjunction with association rule algorithm; Form the network safety pre-warning expert knowledge library; And be issued on each main frame under the system for cloud computing environment, for the safe early warning and the protection of each main frame under the cloud computing environment provides foundation.
Summary of the invention
The object of the invention just provides a kind of new network safety pre-warning method; Solve the early warning problem of system for cloud computing environment lower network safety; This mechanism is a kind of tactic method; Through use this method can so that when the occurring network safety protecting network safety to greatest extent, thereby ensure the safety of various service applications in the whole network.
Method of the present invention is a kind of method of tactic; At first gather the security incident that is deployed in various network device under the cloud computing environment through Agent; And carry out corresponding preliminary treatment; Attack mode through containing in the security incident of Aprior association rule algorithm mining analysis then, thus foundation is provided for network safety pre-warning.
One, architecture
Fig. 1 has provided a kind of structure chart of the network safety pre-warning towards cloud computing, and it mainly comprises four parts: security incident collector, security incident processor, safe condition analyzer and network safety pre-warning operation core.Network safety pre-warning among figure operation core comprised under the good situation of collection and the Intelligent treatment analysis of various secure datas in network, and various security threats are detected the concrete operations with early warning.The present invention has increased other three parts and has guaranteed that security threat protection carries out more smoothly effectively, guarantees the dynamic monitoring and the early warning of various security threat incidents to greatest extent.
Provide concrete introduction below:
The security incident collector:In carrying out the Cyberthreat protection; Most basic is exactly the collection of diverse network security incident; Adopt the mode of Agent that the diverse network secure data that is distributed in the network is carried out distributed capture in the present invention; Utilize the distributed collaborative between the various Agent, various security incidents and data on real-time collection network and the main frame, each Agent carries out corresponding preliminary treatment to the diverse network security incident and the data that collect in real time simultaneously.
The security incident processor:Network security possibly comprise noise data, vacancy data and inconsistent data data from switch, router, anti-virus software and disparate networks management software, and this will produce adverse consequences to data analysis.In the present invention; The removal and the normalization of integrality, redundant data and the attribute thereof of the diverse network security event data that guarantees to collect through data scrubbing, data transaction and three steps of aggregation of data respectively are so that accomplish the form of diverse network security event data and the requirement that content meets following association analysis.Any restriction is not done in concrete realization to the security incident processor in this patent.
The safe condition analyzer:After the network security data process security incident processor preliminary treatment through the security incident collector; At first with its distributed storage in cloud computing data center; Through the safe condition analyzer diverse network security incident that is stored in the cloud computing data center is carried out the intelligent association analysis based on the Apriori association rule algorithm then; Draw the correlation rule between the diverse network security incident; The result that will analyze simultaneously returns to all clients that are connected in the cloud computing, so that client is in time carried out timely early warning to the diverse network security threat.
Two, method flow
1, security incident collector
The selection of data source is a most important parts in the network safety pre-warning system.In system's running, no matter be internal act or external behavior, all can in system, leave a trace, and, exist certain necessary relation between the various network secure data for a specific incident.Therefore, in order to ensure analyzing better, system must accomplish at many levels, the data acquisition of multi-angle.
Use the distributed capture of multi-data source under the Agent technology realization cloud computing environment in the patent of the present invention, as shown in Figure 2.Data acquisition A gent is distributed on various main frames, server or other network nodes under the cloud computing environment; Data collecting rule according to prior formulation is gathered, and simultaneously the diverse network secure data that collects is delivered to the Cloud Server end through safe lane and carries out analysis-by-synthesis.In patent of the present invention, the configuration feature of data acquisition A gent also is provided simultaneously, guarantee the serviceability of Agent, also realize the collaborative association analysis of multidata under the cloud computing environment simultaneously.
As can be seen from Figure 2, selected data source mainly is divided into Host Security data and network security data two parts in the patent of the present invention.The Host Security data are primarily aimed at Windows and linux system among the present invention; Other operating systems are not in limit of consideration; The Host Security data of two kinds of operating systems all are based on log collection and obtain; Wherein the Host Security data of Windows operating system use Win 32 EventLog API to obtain, and the Host Security data of (SuSE) Linux OS are obtained through the SWATCH program of using Todd Atkins exploitation.The network security data owner will wrap based on the Libpcap that increases income and collect among the present invention.
Whole flow process of gathering based on the distributed security incident of Agent is following:
(1) starts Cloud Server and host A gent respectively;
(2) main frame to be collected and attribute, the formal definition of network safety event data;
(3) Cloud Server Agent and each host A gent connect, and Cloud Server Agent waits for that host A gent sends the main frame and the network log data of gathering;
(4) to the Host Security data of Windows and (SuSE) Linux OS, each host A gent initialization is obtained corresponding daily record data through Win 32 EventLog API and SWATCH program respectively;
(5) to the collection of network security data, each host A gent initialization Libpcap, it is promiscuous mode that network interface card is set, and monitors and the collection network packet;
(6) each host A gent sends data transfer request to Cloud Server Agent; Cloud Server Agent returns to confirmation of each host A gent after receiving this request; Each host A gent then carries out distributed storage with main frame that collects and network security transfer of data in Cloud Server; And submit to the security incident processor and carry out preliminary treatment, formation meets the required data format of safe condition analyzer.
2, safe condition analyzer
Rapid expansion along with the complicated day by day and network data of cloud computing environment; Increase with surprising rapidity based on secure datas such as main frame and networks, cloud computing environment lower network safe early warning is needed badly and from a large amount of secure datas, is found User Violations or contingent threat behavior.This patent uses the Apriori association rule algorithm to carry out the intelligent association analysis between various users or the threat behavior; Excavate the correlation rule between these secure datas; And the various correlation rules that excavation obtains are stored in the expert knowledge library of Cloud Server end; Simultaneously various correlation rules are issued in each main frame automatically and store, each main frame in time protects and early warning the diverse network security threat according to this rule.
If current main frame and the network safety event database that is obtained by the security incident processor is transaction database D, minimum support is minSup.Wherein each project respective hosts among the D and the attribute in the network security data, the corresponding property value of item value.
The groundwork flow process is following:
(1) scanning transaction database D calculates the number of times of each project appearance that is comprised among the D, generates candidates collection C1;
(2) if support of each project among the calculating C1 more than or equal to minSup, is then confirmed frequent item set L, otherwise was gone to for (5) step from C1;
(3) produce candidates collection C by frequent item set L, scanning transaction database D adds up the item among the candidates collection C, if more than or equal to minSup, from C, confirms frequent item set L again;
(4) if the support of each project is less than minSup among the L, went to for (5) step, otherwise went to for (3) step;
(5) process finishes, and exports regular R;
From main frame and network safety event data, excavate corresponding behavior correlation rule through the Apriori association rule algorithm, for the network safety pre-warning under the cloud computing environment provides support.
The step of a kind of network safety pre-warning method towards cloud computing of the present invention is:
Step 1: the user starts Cloud Server and host A gent respectively;
Step 2: to the Host Security data of Windows and (SuSE) Linux OS, each host A gent initialization is obtained corresponding daily record data through Win 32 EventLog API and SWATCH program respectively;
Step 3: to the collection of network security data, each host A gent initialization Libpcap, it is promiscuous mode that network interface card is set, and monitors and the collection network packet;
Step 4: Cloud Server Agent is according to the number N of host A gent, and an initialization N thread is monitored the data transfer request from each host A gent respectively;
Step 5: if Cloud Server Agent listens to host A gent data transfer request is arranged; Then Cloud Server Agent returns a confirmation for host A gent; Set up being connected between Cloud Server Agent and the host A gent, and go to step 6, otherwise go to step 4;
Step 6: each host A gent then stores main frame that collects and network security transfer of data in Cloud Server; And submit to the security incident processor and carry out preliminary treatment, formation meets required main frame of safe condition analyzer and network safety event transaction database D;
Step 7: scanning transaction database D, calculate the number of times of each project appearance that is comprised among the D, generate candidates collection C1;
Step 8: calculate the support of each project among the C1,, then from C1, confirm frequent item set L, otherwise go to step 11 if more than or equal to minimum support;
Step 9: produce candidates collection C by frequent item set L, scanning transaction database D adds up the item among the candidates collection C, if more than or equal to minimum support, from C, confirms frequent item set L again;
Step 10: if the support of each project goes to step 11, otherwise goes to step 9 less than minimum support among the frequent item set L that confirms again;
Step 11: output network safe early warning rule R, set up the network safety pre-warning expert knowledge library, and the rule of the network safety pre-warning in network safety pre-warning expert knowledge library R be issued to each main frame;
Step 12: process finishes.
The inventive method has proposed a kind of network safety pre-warning method towards cloud computing; Be mainly used in the network safety pre-warning problem that solves under the cloud computing environment; The method that proposes in the application of the invention both can have been monitored the safe condition of each main frame and network under the current cloud computing environment, can improve the network safety pre-warning ability under the cloud computing environment again.
The security incident collectorAt first through Agent being deployed on each main frame and Cloud Server in the cloud computing; The network of setting up then between host A gent and the Cloud Server Agent connects, and then host A gent is through the Host Security daily record data under Win 32 EventLog API and SWATCH programmed acquisition Windows and the Linux; Through calling Libpcap kit collection network secure data.Last host A gent sends a data transfer request to Cloud Server Agent; After Cloud Server Agent returned a confirmation, each host A gent distributed parallel sent the main frame that collects separately and network safety event data to Cloud Server and stores.
The safe condition analyzerThe transaction database D that is formed through the main frame that uses the Apriori association rule algorithm each main frame collection is come and network safety event data carries out rule digging; Minimum support minSup at first is set; Scan the number of times that each project occurs among the transaction database D then; Generate corresponding candidates collection C1, according to the support of each project among the minimum support calculating C1 of prior setting, and definite frequent item set L; Till the support of each project in frequent item set L all satisfies minimum support; Export corresponding network safety pre-warning rule R simultaneously, and set up expert knowledge library and be issued on each main frame in the system for cloud computing, each main frame carries out timely early warning and protection according to the network safety pre-warning rule in the expert knowledge library.
Description of drawings
Fig. 1 is that a kind of network safety pre-warning towards cloud computing is formed structure chart.Mainly comprise: security incident collector, security incident processor, safe condition analyzer and network safety pre-warning operation core;
Fig. 2 is the distributed capture sketch map of multi-data source under the cloud computing environment;
Fig. 3 is the reference architecture sketch map.The assembly that expression the inventive method comprises;
Fig. 4 is the schematic flow sheet of the inventive method.
Embodiment
Describe for ease, we have following application example at hypothesis:
Certain enterprise sets up publicly-owned cloud computing platform based on Internet, and the Cloud Server cluster that wherein comprises N main frame and be made up of multiple servers is simultaneously respectively in N main frame and the corresponding Agent program of Cloud Server deploy.In order to make up network safety pre-warning platform towards this cloud computing; Need that each main frame of N gathers separately that corresponding main frame and network safety event transfer of data are stored in the Cloud Server, preliminary treatment and analysis; And set up the network safety pre-warning rule base; So that when the occurring network security incident, in time carry out network safety pre-warning, thereby security protection timely is provided for company's cloud computing platform.
Its concrete embodiment is:
(1) starts main frame and Cloud Server Agent respectively; Cloud Server Agent is in the network monitoring state simultaneously; Whether have data transfer request, if host A gent has data transfer request, the network of then setting up host A gent and Cloud Server Agent is connected if constantly monitoring host A gent;
(2) the security incident collector is to the Host Security data of Windows and (SuSE) Linux OS, and each host A gent initialization is obtained corresponding daily record data through Win 32 EventLog API and SWATCH program respectively; To the collection of network security data, each host A gent initialization Libpcap, it is promiscuous mode that network interface card is set, and monitors and the collection network packet;
(3) each host A gent stores main frame that collects and network security transfer of data in Cloud Server; And submit to the security incident processor and carry out preliminary treatment such as denoising, merging and normalization, formation meets required main frame of safe condition analyzer and network safety event transaction database D;
(4) the safe condition analyzer calls the transaction database D that main frame that the Apriori association rule algorithm comes each main frame collection and network safety event data are formed and carries out association rule mining;
(5) the network safety pre-warning correlation rule that the safe condition analyzer is obtained is stored, and forms the network safety pre-warning expert knowledge library;
(6) Cloud Server Agent is issued to the network safety pre-warning expert knowledge library in each main frame and backs up;
(7) whole network safety pre-warning rule towards cloud computing forms, and has simultaneously carried out the Policy Updates backup on each main frame in system for cloud computing, and being convenient to provides timely early warning and security protection when the occurring network security incident for each main frame.Whole network safety pre-warning process towards cloud computing finishes.
Claims (1)
1. network safety pre-warning method towards cloud computing, its characteristic just is, may further comprise the steps:
Step 1: the user starts Cloud Server and host A gent respectively;
Step 2: to the Host Security data of Windows and (SuSE) Linux OS, each host A gent initialization is obtained corresponding daily record data through Win 32 EventLog API and SWATCH program respectively;
Step 3: to the collection of network security data, each host A gent initialization Libpcap, it is promiscuous mode that network interface card is set, and monitors and the collection network packet;
Step 4: Cloud Server Agent is according to the number N of host A gent, and an initialization N thread is monitored the data transfer request from each host A gent respectively;
Step 5: if Cloud Server Agent listens to host A gent data transfer request is arranged; Then Cloud Server Agent returns a confirmation for host A gent; Set up being connected between Cloud Server Agent and the host A gent, and go to step 6, otherwise go to step 4;
Step 6: each host A gent then stores main frame that collects and network security transfer of data in Cloud Server; And submit to the security incident processor and carry out preliminary treatment, formation meets required main frame of safe condition analyzer and network safety event transaction database D;
Step 7: scanning transaction database D, calculate the number of times of each project appearance that is comprised among the D, generate candidates collection C1;
Step 8: calculate the support of each project among the C1,, then from C1, confirm frequent item set L, otherwise go to step 11 if more than or equal to minimum support;
Step 9: produce candidates collection C by frequent item set L, scanning transaction database D adds up the item among the candidates collection C, if more than or equal to minimum support, from C, confirms frequent item set L again;
Step 10: if the support of each project goes to step 11, otherwise goes to step 9 less than minimum support among the frequent item set L that confirms again;
Step 11: output network safe early warning rule R, set up the network safety pre-warning expert knowledge library, and the rule of the network safety pre-warning in network safety pre-warning expert knowledge library R be issued to each main frame;
Step 12: process finishes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110316666.4A CN102685180B (en) | 2011-10-18 | 2011-10-18 | Cloud computing-oriented network security early warning method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110316666.4A CN102685180B (en) | 2011-10-18 | 2011-10-18 | Cloud computing-oriented network security early warning method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102685180A true CN102685180A (en) | 2012-09-19 |
| CN102685180B CN102685180B (en) | 2015-07-08 |
Family
ID=46816540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110316666.4A Active CN102685180B (en) | 2011-10-18 | 2011-10-18 | Cloud computing-oriented network security early warning method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102685180B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051707A (en) * | 2012-12-20 | 2013-04-17 | 浪潮集团有限公司 | Dynamic user behavior-based cloud forensics method and dynamic user behavior-based cloud forensics system |
| CN103281341A (en) * | 2013-06-27 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Network event processing method and device |
| CN104852927A (en) * | 2015-06-01 | 2015-08-19 | 国家电网公司 | Safety comprehensive management system based on multi-source heterogeneous information |
| CN105760279A (en) * | 2016-03-09 | 2016-07-13 | 北京国电通网络技术有限公司 | Method and system for generating fault early warning relevance tree of distributed database cluster |
| CN103914528B (en) * | 2014-03-28 | 2017-02-15 | 南京邮电大学 | Parallelizing method of association analytical algorithm |
| CN106534111A (en) * | 2016-11-09 | 2017-03-22 | 国云科技股份有限公司 | Method for defending network attack for cloud platform based on flow rule |
| CN106599264A (en) * | 2016-12-22 | 2017-04-26 | 国家行政学院 | Big data-based emergency event evolution reasoning method and system |
| CN107070809A (en) * | 2017-04-11 | 2017-08-18 | 南通大学 | A kind of real-time retransmission method of large-scale sensor data |
| CN107171818A (en) * | 2016-03-07 | 2017-09-15 | 阿里巴巴集团控股有限公司 | Control method, system and device for mixed cloud |
| CN107295001A (en) * | 2017-07-12 | 2017-10-24 | 中国石油大学(华东) | A kind of cloud computing environment intruding detection system framework and its method |
| CN107454089A (en) * | 2017-08-16 | 2017-12-08 | 北京科技大学 | A kind of network safety situation diagnostic method based on multinode relevance |
| WO2018045545A1 (en) * | 2016-09-09 | 2018-03-15 | Microsoft Technology Licensing, Llc | Automated performance debugging of production applications |
| CN108429766A (en) * | 2018-05-29 | 2018-08-21 | 广西电网有限责任公司 | Network safety situation analyzing and alarming system based on big data and WSN technology |
| CN108449351A (en) * | 2018-03-27 | 2018-08-24 | 许昌学院 | A kind of information security Initiative Defense and monitoring system |
| CN109302407A (en) * | 2018-10-31 | 2019-02-01 | 广东电网有限责任公司 | A kind of network security situation prediction method, device, equipment and storage medium |
| CN110290120A (en) * | 2019-06-12 | 2019-09-27 | 西安邮电大学 | A kind of timing evolved network safe early warning method of cloud platform |
| CN110377478A (en) * | 2018-04-20 | 2019-10-25 | 北京升鑫网络科技有限公司 | A kind of host asset management system based on Agent |
| US10567422B2 (en) | 2014-11-26 | 2020-02-18 | Huawei Technologies Co., Ltd. | Method, apparatus and system for processing attack behavior of cloud application in cloud computing system |
| CN112671587A (en) * | 2020-12-28 | 2021-04-16 | 紫光云技术有限公司 | Alarm method for failure of equipment issuing configuration |
| CN113014603A (en) * | 2021-04-01 | 2021-06-22 | 刘宏达 | Protection linkage configuration method based on network security big data and big data cloud system |
| CN114546519A (en) * | 2022-01-26 | 2022-05-27 | 华北电力大学 | Industrial control safety data acquisition system and method |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11882155B1 (en) | 2021-06-09 | 2024-01-23 | State Farm Mutual Automobile Insurance Company | Systems and methods for cybersecurity analysis and control of cloud-based systems |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1349328A (en) * | 2001-12-04 | 2002-05-15 | 上海复旦光华信息科技股份有限公司 | Easy-to-expand network invasion detecting and safety auditing system |
-
2011
- 2011-10-18 CN CN201110316666.4A patent/CN102685180B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1349328A (en) * | 2001-12-04 | 2002-05-15 | 上海复旦光华信息科技股份有限公司 | Easy-to-expand network invasion detecting and safety auditing system |
Non-Patent Citations (1)
| Title |
|---|
| 谢振国: "网络安全预警系统的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑(月刊)》 * |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051707A (en) * | 2012-12-20 | 2013-04-17 | 浪潮集团有限公司 | Dynamic user behavior-based cloud forensics method and dynamic user behavior-based cloud forensics system |
| CN103281341A (en) * | 2013-06-27 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Network event processing method and device |
| CN103914528B (en) * | 2014-03-28 | 2017-02-15 | 南京邮电大学 | Parallelizing method of association analytical algorithm |
| US10567422B2 (en) | 2014-11-26 | 2020-02-18 | Huawei Technologies Co., Ltd. | Method, apparatus and system for processing attack behavior of cloud application in cloud computing system |
| CN104852927A (en) * | 2015-06-01 | 2015-08-19 | 国家电网公司 | Safety comprehensive management system based on multi-source heterogeneous information |
| CN107171818A (en) * | 2016-03-07 | 2017-09-15 | 阿里巴巴集团控股有限公司 | Control method, system and device for mixed cloud |
| CN105760279A (en) * | 2016-03-09 | 2016-07-13 | 北京国电通网络技术有限公司 | Method and system for generating fault early warning relevance tree of distributed database cluster |
| CN105760279B (en) * | 2016-03-09 | 2018-09-07 | 北京国电通网络技术有限公司 | Distributed experiment & measurement system fault pre-alarming relevance tree generation method and system |
| US10915425B2 (en) | 2016-09-09 | 2021-02-09 | Microsoft Technology Licensing, Llc | Automated performance debugging of production applications |
| WO2018045545A1 (en) * | 2016-09-09 | 2018-03-15 | Microsoft Technology Licensing, Llc | Automated performance debugging of production applications |
| CN106534111A (en) * | 2016-11-09 | 2017-03-22 | 国云科技股份有限公司 | Method for defending network attack for cloud platform based on flow rule |
| CN106599264A (en) * | 2016-12-22 | 2017-04-26 | 国家行政学院 | Big data-based emergency event evolution reasoning method and system |
| CN106599264B (en) * | 2016-12-22 | 2019-07-19 | 国家行政学院 | A kind of emergency event evolution inference method and system based on big data |
| CN107070809A (en) * | 2017-04-11 | 2017-08-18 | 南通大学 | A kind of real-time retransmission method of large-scale sensor data |
| CN107070809B (en) * | 2017-04-11 | 2020-05-12 | 南通大学 | Real-time forwarding method for large-scale sensor data |
| CN107295001B (en) * | 2017-07-12 | 2018-10-02 | 中国石油大学(华东) | A kind of cloud computing environment intruding detection system framework and its method |
| CN107295001A (en) * | 2017-07-12 | 2017-10-24 | 中国石油大学(华东) | A kind of cloud computing environment intruding detection system framework and its method |
| CN107454089A (en) * | 2017-08-16 | 2017-12-08 | 北京科技大学 | A kind of network safety situation diagnostic method based on multinode relevance |
| CN108449351A (en) * | 2018-03-27 | 2018-08-24 | 许昌学院 | A kind of information security Initiative Defense and monitoring system |
| CN110377478B (en) * | 2018-04-20 | 2021-05-18 | 北京升鑫网络科技有限公司 | Agent-based host asset management system |
| CN110377478A (en) * | 2018-04-20 | 2019-10-25 | 北京升鑫网络科技有限公司 | A kind of host asset management system based on Agent |
| CN108429766A (en) * | 2018-05-29 | 2018-08-21 | 广西电网有限责任公司 | Network safety situation analyzing and alarming system based on big data and WSN technology |
| CN109302407A (en) * | 2018-10-31 | 2019-02-01 | 广东电网有限责任公司 | A kind of network security situation prediction method, device, equipment and storage medium |
| CN110290120A (en) * | 2019-06-12 | 2019-09-27 | 西安邮电大学 | A kind of timing evolved network safe early warning method of cloud platform |
| CN112671587A (en) * | 2020-12-28 | 2021-04-16 | 紫光云技术有限公司 | Alarm method for failure of equipment issuing configuration |
| CN113014603A (en) * | 2021-04-01 | 2021-06-22 | 刘宏达 | Protection linkage configuration method based on network security big data and big data cloud system |
| CN114546519A (en) * | 2022-01-26 | 2022-05-27 | 华北电力大学 | Industrial control safety data acquisition system and method |
| CN114546519B (en) * | 2022-01-26 | 2023-10-03 | 华北电力大学 | Industrial control safety data acquisition system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102685180B (en) | 2015-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102685180A (en) | Cloud computing-oriented network security early warning method | |
| CN106790186B (en) | Multi-step attack detection method based on multi-source abnormal event correlation analysis | |
| Ashoor et al. | Importance of intrusion detection system (IDS) | |
| CN105491055B (en) | A kind of network host accident detection method based on mobile agent | |
| Wuu et al. | Building intrusion pattern miner for Snort network intrusion detection system | |
| Wattanapongsakorn et al. | A practical network-based intrusion detection and prevention system | |
| CN103227798A (en) | Immunological network system | |
| CN115883213B (en) | APT detection method and system based on continuous time dynamic heterogeneous graph neural network | |
| CN103561012A (en) | WEB backdoor detection method and system based on relevance tree | |
| CN102790706A (en) | Safety analyzing method and device of mass events | |
| CN107302534A (en) | A kind of DDoS network attack detecting methods and device based on big data platform | |
| CN108712365B (en) | DDoS attack event detection method and system based on flow log | |
| Letou et al. | Host-based intrusion detection and prevention system (HIDPS) | |
| CN107454068B (en) | Honey net safety situation perception method combining immune hazard theory | |
| CN104683378A (en) | Computing and debugging system for novel cloud computing service platform adopting new technology | |
| Anastasiadis et al. | A novel high-interaction honeypot network for internet of vehicles | |
| CN113489703A (en) | Safety protection system | |
| CN110912753B (en) | Cloud security event real-time detection system and method based on machine learning | |
| CN106878338B (en) | Telecontrol equipment gateway firewall integrated machine system | |
| Soh et al. | Setting optimal intrusion-detection thresholds | |
| Jia et al. | Bidirectional RNN-Based Few-Shot Training for Detecting Multi-stage Attack | |
| Jakhale | Design of anomaly packet detection framework by data mining algorithm for network flow | |
| CN104683379A (en) | A new system for computing and debugging facing enterprise service platform with new technique of novel cloud computing | |
| Chen et al. | Active event correlation in Bro IDS to detect multi-stage attacks | |
| CN207612279U (en) | A kind of food processing factory's network security management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |