CN103095477A - Treatment system and method of abnormity alarming information - Google Patents
Treatment system and method of abnormity alarming information Download PDFInfo
- Publication number
- CN103095477A CN103095477A CN2011103425014A CN201110342501A CN103095477A CN 103095477 A CN103095477 A CN 103095477A CN 2011103425014 A CN2011103425014 A CN 2011103425014A CN 201110342501 A CN201110342501 A CN 201110342501A CN 103095477 A CN103095477 A CN 103095477A
- Authority
- CN
- China
- Prior art keywords
- abnormal alarm
- alarm information
- described abnormal
- module
- treatment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Alarm Systems (AREA)
Abstract
The invention discloses treatment system and method of abnormity alarming information. The treatment system of the abnormity alarming information is capable of collecting the abnormity information on the network and conducting identity authentication on registered users need to treat the abnormity alarming information. At the same time of the users conduct relevant treatments on the abnormity alarming information, the treatment system of the abnormity alarming information monitors and analyzes treatment state of the abnormity alarming information and is capable of reporting treatment and auditing result of the abnormity alarming information in real time, and thereby enabling the users to know the treatment process conveniently and quickly. The treatment system of the abnormity alarming information is further capable of monitoring and analyzing access behavior of an abnormity alarming host and analyzing reason causing the alarming. With adoption of the system and method, the abnormity alarming information, personnel, procedure and the like are organically combined, and treatment efficiency of the abnormity alarming information is improved.
Description
Technical field
The present invention relates to internet arena, in particular, relate to a kind for the treatment of system and method for abnormal alarm information.
Background technology
Along with the extension of the development of network technology and network size and complicated, network behavior also becomes increasingly complex and is wayward, in order to ensure the safety problem of network system, the network management personnel usually adds safety analysis equipment in network, when abnormal conditions occurring in network, described safety analysis equipment namely can automatic alarm.
be accompanied by the development of network technology and the expansion of network size, some suspicious or illegal networks are stolen, the network behaviors such as network attack are also more and more frequent, and then cause safety analysis equipment may produce a large amount of security alarm at short notice, generally, from the Network Abnormal situation occurring to the process of alarm information processing be: when abnormal conditions appear in network system, safety analysis equipment automatic alarm, notice is to the network management personnel, the network management personnel is again according to warning message, the Network anomalous behaviors that occurs is processed accordingly, administrative departments at different levels warning quantity to be processed is a lot.
Can find out, the related work of a large amount of abnormal alarm information in prior art, all manually process, this just makes to a certain extent can not accomplish timely processing to a large amount of abnormal alarm information, the generation of abnormal alarm information and follow-up work for the treatment of can't reasonably combine, and make the treatment effeciency of abnormal alarm information very low.
Shortcoming based on above-mentioned prior art existence, how a kind for the treatment of system and method for abnormal alarm information are provided, abnormal alarm information and actual workflow organically can be combined, thereby lifting is those skilled in the art's urgent problems to the treatment effeciency of abnormal alarm information.
Summary of the invention
In view of this, the invention provides a kind for the treatment of system and method for abnormal alarm information, with overcome in prior art due to abnormal alarm information and actual workflow organically can not be combined cause to abnormal alarm information processing efficiency and the low problem of level.
For achieving the above object, the invention provides following technical scheme:
A kind for the treatment of system of abnormal alarm information comprises: information acquisition module, Certificate Authority module, monitoring analysis module and message communicating module;
Information acquisition module is used for gathering the abnormal alarm information that safety analysis equipment produces;
The Certificate Authority module is used for the user of the treatment system of logining described abnormal alarm information is carried out authentication, and according to described the result to described user grants access scope;
The monitoring analysis module is used for Real Time Monitoring and analyzes described user to the treatment state of described abnormal alarm information operating, and described treatment state is for indicating the situation of described abnormal alarm information processing process;
The message communicating module is used for the treatment state of the described abnormal alarm information of circular in real time.
Wherein, described monitoring analysis module specifically comprises:
Receive determination module, be used for determining whether described abnormal alarm information is received;
The distribution determination module is used for determining whether described abnormal alarm information distributes;
Process determination module, be used for determining whether described abnormal alarm information has begun to process;
Examine determination module, be used for determining whether administrative center determines auditing result through examining to reach to the verification result of described abnormal alarm information;
Processing finishes determination module, is used for determining whether described abnormal alarm information is disposed.
Preferably, also comprise:
Statistics management module is used for type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and exports the statistical report form that comprises described type, number of times, time, generation area and/or auditing result.
Preferably, also comprise:
The abnormal monitoring module is used for according to described abnormal alarm information, monitoring analysis being carried out in the access behavior of abnormal alarm main frame, and described abnormal alarm main frame is for producing the equipment with IP address of described abnormal alarm information.
Wherein, described abnormal monitoring module also is used for: go out according to the interpretation of result of described monitoring analysis the reason that described abnormal alarm information produces.
A kind of processing method of abnormal alarm information comprises:
Gather the abnormal alarm information that safety analysis equipment produces;
User to the treatment system of logining described abnormal alarm information carries out authentication, and according to described the result to described user grants access scope;
Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating, and described treatment state is for indicating the situation of described abnormal alarm information processing process;
Be used for the treatment state of the described abnormal alarm information of circular in real time.
Wherein, the described user of described Real Time Monitoring analysis specifically comprises the treatment state of described abnormal alarm information operating:
Determine whether described abnormal alarm information is received;
Determine whether described abnormal alarm information distributes;
Determine whether described abnormal alarm information has begun to process;
Determine whether administrative center reaches definite auditing result through audit to the verification result of described abnormal alarm information;
Determine whether described abnormal alarm information is disposed.
Preferably, also comprise:
Type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and output comprises the statistical report form of described type, number of times, time, generation area and/or auditing result.
Preferably, also comprise:
According to described abnormal alarm information, monitoring analysis is carried out in the access behavior of abnormal alarm main frame, described abnormal alarm main frame is for producing the equipment with IP address of described abnormal alarm information.
Preferably, also comprise:
Go out according to the interpretation of result of described monitoring analysis the reason that described abnormal alarm information produces.
via above-mentioned technical scheme as can be known, compared with prior art, the invention discloses a kind for the treatment of system and method for abnormal alarm information, the abnormal alarm information of this system on can collection network, and the user of the described abnormal alarm information of needs processing is carried out authentication, when described user carries out relevant treatment to described abnormal alarm information, the treatment state of the described abnormal alarm information of monitoring analysis, and can circulate a notice of in real time the processing auditing result of abnormal alarm information, make described user can understand quickly and easily its treatment progress, described system can also monitoring analysis abnormal alarm main frame the access behavior, analyze the reason of alarm generation.By treatment system and the method for described abnormal alarm information, can organically abnormal alarm information, personnel, flow process etc. be combined, improved the treatment effeciency of abnormal alarm information.
Description of drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or description of the Prior Art, apparently, accompanying drawing in the following describes is only embodiments of the invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to the accompanying drawing that provides other accompanying drawing.
Fig. 1 is the structural representation of the disclosed a kind of abnormal alarm information processing system of the embodiment of the present invention;
Fig. 2 is the structural representation of the disclosed monitoring analysis module of the embodiment of the present invention;
Fig. 3 is the structural representation of the disclosed another kind of abnormal alarm information processing system of the embodiment of the present invention;
Fig. 4 is a kind of schematic flow sheet of the disclosed abnormal alarm information processing method of the embodiment of the present invention;
Fig. 5 is the schematic flow sheet that the disclosed Real Time Monitoring of the embodiment of the present invention is analyzed abnormal alarm information processing state;
Fig. 6 is the another kind of schematic flow sheet of the disclosed abnormal alarm information processing method of the embodiment of the present invention;
Fig. 7 is the state flow chart that the disclosed ministerial level of the embodiment of the present invention is processed abnormal alarm information;
Fig. 8 is the state flow chart of the disclosed provincial processing abnormal alarm information of the embodiment of the present invention;
Fig. 9 is the state flow chart of the disclosed prefecture-level processing abnormal alarm information of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Embodiment one
Fig. 1 is the structural representation of the disclosed a kind of abnormal alarm information processing system of the embodiment of the present invention, and as shown in the figure, the treatment system 10 of described abnormal alarm information can comprise:
The safety analysis equipment here can be supported for all the safety analysis equipment of the agreements such as SNMP (simple network management), SYSLOG (system journal), described information acquisition module can be in mode initiatively, also can be with passive mode acquisition abnormity warning message from the network;
the user is carried out authentication can be undertaken by the existing hardware certificate of authentication internal control personnel, when the user logins, the hardware certificate that needs the insertion system acquiescence, determine the level of identity of login user by the identifying code on described certificate or magnetic induction information, authorize described login user corresponding access rights according to described level of identity, level of identity is higher, be that the affiliated administrative center's rank of described login user is higher, its authority to system access and management that has is just more, certainly, Certificate Authority work also can be given cipher authentication, can confirm more accurately the identity of login user like this,
in the treatment system of described abnormal alarm information, when the number of levels of administrative department not simultaneously, corresponding described treatment state number is also different, be divided into ministerial level in administrative department, in the situation of provincial and prefecture-level three grades, described treatment state comprises to be distributed, wait to receive, pending, in processing, treat province's audit, economizing audit does not pass through, economizing audit passes through, treat section's audit, section's audit is not passed through, section's audit is passed through, ten kinds of states such as processed, relevant distribution, receive, the work such as processing and audit are still done by administrative staff, described monitoring analysis module just is used to refer to the treatment progress of abnormal alarm information, so also be convenient to the disposition that all levels of management personnel understand all abnormal alarm information, help to increase work efficiency, function according to described monitoring analysis module 103, with reference to shown in Figure 2, described monitoring analysis module 103 specifically can comprise again:
Receive determination module 1031, be used for determining whether described abnormal alarm information is received;
After 102 checkings of Certificate Authority module are completed, described login user can enter the relevant page, receive the new abnormal alarm information that produces, described login user can confirm that described abnormal alarm information receives by " reception " button that triggers on the page, system also can record the director of each abnormal alarm information simultaneously according to log-on message, be convenient to the carrying out of some follow-up statistical works;
Distribution determination module 1032 is used for determining whether described abnormal alarm information distributes;
After receiving described abnormal alarm information, administrative department begins to distribute described abnormal alarm information, administrative department at the corresponding levels can keep described abnormal alarm information the administrative department of subordinate that administrative department at the corresponding levels processed or be distributed to area under one's jurisdiction, described abnormal alarm information place and process, and first degree administrative department is not to the right of abnormal alarm distribution of information;
Process determination module 1033, be used for determining whether described abnormal alarm information has begun to process;
Described processing determination module 1033 can according to administrative staff whether to described abnormal alarm information begin to verify job analysis go out described abnormal alarm information whether begun process, can determine described abnormal alarm information whether be in pending or process in state;
Examine determination module 1034, be used for determining whether administrative center determines auditing result through examining to reach to the verification result of described abnormal alarm information;
the abnormal alarm information that is disposed, be that the verification result of described abnormal alarm information need to send to the audit of upper management department, described audit determination module 1034 can judge whether the verification result of described abnormal alarm information has begun audit and can determine auditing result by the trigger action on the page according to administrative staff, whether the verification result that can determine described abnormal alarm information is in pending state and judges whether the verification result of described abnormal alarm information has passed through audit, the verification result of abnormal alarm information by audit continues to report, until the audit by highest administrative department, do not pass through the verification result of the abnormal alarm information of audit, automatically be issued to next stage administrative department,
Processing finishes determination module 1035, is used for determining whether described abnormal alarm information is disposed;
The verification of examining complete described abnormal alarm information as described user is as a result the time, and by triggering " finishing " button on the page, described end determination module 1035 determines that described abnormal alarm information is in treatment state;
This message communication module 104 can be realized the communication between administrative departments at different levels easily, as higher level administrative department, information is circulated a notice of or is supervised in the issue of administrative department of subordinate extremely, users at different levels login treatment progress and the auditing result of the current abnormal alarm information of rear roll display and described current abnormal alarm information, can make administrative department respond fast the supervisor of processing and emphasis abnormal alarm information, this module can facilitate the interchange between all levels of management personnel simultaneously;
in the present embodiment, the treatment system of described abnormal alarm information is at first by the abnormal alarm information on the information acquisition module collection network, then by the Certificate Authority module, the user of the treatment system of logining described abnormal alarm information is carried out authentication, be the user grants access by authentication, analyze described user to the treatment state of described abnormal alarm information operating by monitoring analysis module Real Time Monitoring again, make described user can understand quickly and easily the treatment progress of described abnormal alarm information, described system can also circulate a notice of the processing auditing result of abnormal alarm information in real time, communication between convenient administrative departments at different levels.Described system organically combines abnormal alarm information, personnel, flow process etc., has improved the treatment effeciency of abnormal alarm information.
Embodiment two
Fig. 3 is the structural representation of the disclosed another kind of abnormal alarm information processing system of the embodiment of the present invention, and with reference to Fig. 3, the treatment system 10 of described abnormal alarm information can comprise:
In the present embodiment, described analysis monitoring module 103 specifically can comprise:
Receive determination module 1031, be used for determining whether described abnormal alarm information is received;
Distribution determination module 1032 is used for determining whether described abnormal alarm information distributes;
Process determination module 1033, be used for determining whether described abnormal alarm information has begun to process;
Examine determination module 1034, be used for determining whether administrative center determines auditing result through examining to reach to the verification result of described abnormal alarm information;
Processing finishes determination module 1035, is used for determining whether described abnormal alarm information is disposed;
Statistics management module 301 is used for type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and exports the statistical report form that comprises described type, number of times, time, generation area and/or auditing result;
Described statistics management module 301 can the described abnormal alarm information of statistic record relevant information, and can export statistical report form, the statistical report form here can be exported in a variety of forms, such as cake chart, block diagram, curve chart etc., described statistical report form can be used as the purposes such as the daily O﹠M of administrative departments at different levels, supervisor, abnormal alarm information analysis;
Abnormal monitoring module 302 is used for according to described abnormal alarm information, monitoring analysis being carried out in the access behavior of abnormal alarm main frame, and goes out according to described monitoring analysis interpretation of result the reason that described abnormal alarm information produces;
Wherein, described abnormal alarm main frame is for producing the equipment with IP address of described abnormal alarm information, close supervision is carried out in 302 pairs of access behaviors that produce the main frame of abnormal alarm information of described abnormal monitoring module, analyze its warning reason, be convenient to administrative department to the work for the treatment of of abnormal alarm information.
in the present embodiment, the treatment system of described abnormal alarm information is at first by the abnormal alarm information on the information acquisition module collection network, then by the Certificate Authority module, the user of the treatment system of logining described abnormal alarm information is carried out authentication, be the user grants access by authentication, analyze described user to the treatment state of described abnormal alarm information operating by monitoring analysis module Real Time Monitoring again, can circulate a notice of in real time by the message communicating module processing auditing result of abnormal alarm information, communication between convenient administrative departments at different levels, make described user can understand quickly and easily the treatment progress of described abnormal alarm information, described system can also monitoring analysis abnormal alarm main frame the access behavior, analyze the reason of alarm generation.This system organically combines abnormal alarm information, personnel, flow process etc., has improved the treatment effeciency of abnormal alarm information.
Embodiment three
Fig. 4 is a kind of schematic flow sheet of the disclosed abnormal alarm information processing method of the embodiment of the present invention, and with reference to shown in Figure 4, the processing method of abnormal alarm information can comprise:
Step 401: gather the abnormal alarm information that safety analysis equipment produces;
Step 402: the user to the treatment system of logining described abnormal alarm information carries out authentication, and according to described the result to described user grants access scope;
Step 403: Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating;
Wherein, described treatment state is for indicating the situation of described abnormal alarm information processing process; With reference to figure 5, in actual applications, described step 403 specifically can comprise the following steps:
Step 501: determine whether described abnormal alarm information is received;
Step 502: determine whether described abnormal alarm information distributes;
Step 503: determine whether described abnormal alarm information has begun to process;
Step 504: determine whether administrative center reaches definite auditing result through audit to the verification result of described abnormal alarm information;
Step 505: determine whether described abnormal alarm information is disposed.
Step 404: treatment state and the auditing result of circulating a notice of in real time described abnormal alarm information.
In the present embodiment, the processing method of described abnormal alarm information is the abnormal alarm information on collection network at first, then the user of the treatment system of logining described abnormal alarm information carried out authentication, be the user grants access by authentication, Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating again, make described user can understand quickly and easily the treatment progress of described abnormal alarm information, described method can be circulated a notice of the processing auditing result of abnormal alarm information simultaneously in real time, the communication between convenient administrative departments at different levels.Described method organically combines abnormal alarm information, personnel, flow process etc., has improved the treatment effeciency of abnormal alarm information.
Embodiment four
Fig. 6 is the another kind of schematic flow sheet of the disclosed abnormal alarm information processing method of the embodiment of the present invention, and with reference to shown in Figure 6, the processing method of abnormal alarm information can comprise:
Step 601: gather the abnormal alarm information that safety analysis equipment produces;
Step 602: the user to the treatment system of logining described abnormal alarm information carries out authentication, and according to described the result to described user grants access scope;
Step 603: Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating;
Step 604: treatment state and the auditing result of circulating a notice of in real time described abnormal alarm information;
Step 605: type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and output comprises the statistical report form of described type, number of times, time, generation area and/or auditing result;
Step 606: according to described abnormal alarm information, monitoring analysis is carried out in the access behavior of abnormal alarm main frame, and go out according to described monitoring analysis interpretation of result the reason that described abnormal alarm information produces.
In the present embodiment, at first the abnormal alarm information on collection network, then the user of the treatment system of logining described abnormal alarm information carried out authentication, be the user grants access by authentication, Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating again, can circulate a notice of in real time the processing auditing result of abnormal alarm information, communication between convenient administrative departments at different levels makes described user can understand quickly and easily the treatment progress of described abnormal alarm information; Further, access behavior that can also monitoring analysis abnormal alarm main frame analyzes the reason of alarm generation.The present embodiment organically combines abnormal alarm information, personnel, flow process etc., has improved the treatment effeciency of abnormal alarm information.
Embodiment five
The present embodiment is in the situation that administrative department is divided into ministerial level, provincial, prefecture-level triode is managed department, the specific embodiment that abnormal alarm information, personnel and flow process are combined, wherein, ministerial level administrative department is highest administrative department, prefecture-level administrative department is lowermost level administrative department, that the treatment state of abnormal alarm information comprises is to be distributed, wait to receive, pending, process in, treat province's audit, economize audit not by, economize audit by, the section's for the treatment of audit, section's audit not by, section's audit by, ten kinds of states such as process.Fig. 7 is the state flow chart that the disclosed ministerial level of the embodiment of the present invention is processed abnormal alarm information, and is shown in Figure 7, and the state flow process that ministerial level administrative department processes abnormal alarm information can be:
Treatment system in described abnormal alarm information has received all abnormal alarm information, and the ministerial level administrative staff have been when having signed in on the treatment system of described abnormal alarm event, and described abnormal alarm information is in the reception state for the treatment of;
The ministerial level administrative staff enter state to be distributed after receiving described abnormal alarm information by operation;
The ministerial level administrative staff are with described abnormal alarm information or keep at the corresponding levels the processing, or are distributed to provincial newly-increased abnormal alarm information downwards, keep the abnormal alarm information of processing at the corresponding levels and transfer armed state to;
The ministerial level administrative staff trigger display page " processing " button, begin to process to keep the abnormal alarm information of processing at the corresponding levels, and described abnormal alarm information transfers state in processing to;
Ministerial level administrative center is highest administrative center, and the abnormal alarm information of processing does not need process audit again, and the abnormal alarm information that is disposed changes treatment state over to;
Verification result by the provincial pending abnormal alarm information of offering in provincial administrative department is in the section's for the treatment of audit state;
If described provincial pending abnormal alarm information exchange is crossed the ministerial level audit, then the section's of changing over to audit continues to change over to treatment state by state; If described provincial pending abnormal alarm information is not examined by ministerial level, state is not passed through in the section's of changing over to audit, and automatically is issued in provincial newly-increased abnormal alarm information, enters provincial corresponding flow process.
Fig. 8 is the state flow chart of the disclosed provincial processing abnormal alarm information of the embodiment of the present invention, and is shown in Figure 8, and the state flow process that provincial administrative department processes abnormal alarm information can be:
When provincial administrative department had received on the treatment system that the abnormal alarm information that ministerial level administrative department issues and the abnormal alarm information of not examining by ministerial level and provincial administrative staff signed in to described abnormal alarm event, described abnormal alarm information was in the reception state for the treatment of;
Provincial administrative staff enter state to be distributed after receiving described abnormal alarm information by operation;
Provincial administrative staff are with described abnormal alarm information or keep at the corresponding levels the processing, or are distributed to prefecture-level newly-increased abnormal alarm information downwards, keep the abnormal alarm information of processing at the corresponding levels and transfer armed state to;
Provincial administrative staff trigger display page " processing " button, begin to process to keep the abnormal alarm information of processing at the corresponding levels, and described abnormal alarm information transfers state in processing to;
Provincial administrative staff will keep the verification result of the abnormal alarm information of processing at the corresponding levels and examine to ministerial level as provincial pending information reporting, change the section's for the treatment of audit state over to;
Be in by the prefecture-level pending information of offering in prefecture-level administrative department the province's audit state for the treatment of;
If described prefecture-level pending information exchange is crossed provincial audit, change province's audit over to by state, then the verification result of described abnormal alarm information is examined to ministerial level as provincial pending information reporting, change the section's for the treatment of audit state over to; If described prefecture-level pending abnormal alarm information not by provincial audit, changes province's audit over to not by state, and automatically is issued in prefecture-level newly-increased abnormal alarm information, enter prefecture-level corresponding flow process;
If described provincial pending abnormal alarm information exchange is crossed the ministerial level audit, then the section's of changing over to audit continues to change over to treatment state by state; If described provincial pending abnormal alarm information is not examined by ministerial level, state is not passed through in the section's of changing over to audit, and automatically is issued in provincial newly-increased abnormal alarm information, enters provincial corresponding flow process.
Fig. 9 is the state flow chart of the disclosed prefecture-level processing abnormal alarm information of the embodiment of the present invention, and is shown in Figure 9, and the state flow process that prefecture-level administrative department processes abnormal alarm information can be:
Prefecture-level administrative department received abnormal alarm information that provincial administrative department issues and not abnormal alarm information and the prefecture-level administrative staff by provincial audit signed in to described abnormal alarm event treatment system on the time, described abnormal alarm information is in the reception state for the treatment of;
Prefecture-level administrative staff enter armed state after receiving described abnormal alarm information by operation;
Prefecture-level administrative staff trigger display page " processing " button, begin to process abnormal alarm information, and described abnormal alarm information transfers state in processing to;
With the verification result of described abnormal alarm information as prefecture-level pending information reporting to provincial audit, change the province's audit state for the treatment of over to;
If described prefecture-level pending information exchange is crossed provincial audit, change province's audit over to by state, then the verification result of described abnormal alarm information is examined to ministerial level as provincial pending information reporting, change the section's for the treatment of audit state over to; If described prefecture-level pending information not by provincial audit, changes province's audit over to not by state, and automatically is issued in prefecture-level newly-increased abnormal alarm information, enter prefecture-level corresponding flow process;
If described provincial pending information exchange is crossed the ministerial level audit, then the section's of changing over to audit continues to change over to treatment state by state; If described provincial pending abnormal alarm information is not examined by ministerial level, state is not passed through in the section's of changing over to audit, and automatically is issued in provincial newly-increased abnormal alarm information, enters provincial corresponding flow process.
In the process of processing abnormal alarm information, can give relevant administrative staff with the treatment state of abnormal alarm event and emphasis supervisor's the timely circular of abnormal alarm information by communication equipment, make the response of each abnormal alarm information process more accurately rapid.
In the present embodiment, the handling process of described administrative departments at different levels to the abnormal alarm event, reasonable not only, and implement convenient and swiftly, and organically abnormal alarm information, personnel, flow process etc. are combined, improved the treatment effeciency of abnormal alarm information.
The system and method for describing in conjunction with embodiment disclosed herein can directly use the software module of hardware, processor execution, and perhaps both combination is implemented.Software module can be placed in the storage medium of any other form known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field.
To the above-mentioned explanation of the disclosed embodiments, make this area professional and technical personnel can realize or use the present invention.Multiple modification to these embodiment will be apparent concerning those skilled in the art, and General Principle as defined herein can be in the situation that do not break away from the spirit or scope of the present invention, realization in other embodiments.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (10)
1. the treatment system of an abnormal alarm information, is characterized in that, comprising: information acquisition module, Certificate Authority module, monitoring analysis module and message communicating module;
Information acquisition module is used for gathering the abnormal alarm information that safety analysis equipment produces;
The Certificate Authority module is used for the user of the treatment system of logining described abnormal alarm information is carried out authentication, and according to described the result to described user grants access scope;
The monitoring analysis module is used for Real Time Monitoring and analyzes described user to the treatment state of described abnormal alarm information operating, and described treatment state is for indicating the situation of described abnormal alarm information processing process;
The message communicating module is used for the treatment state of the described abnormal alarm information of circular in real time.
2. system according to claim 1, is characterized in that, described monitoring analysis module specifically comprises:
Receive determination module, be used for determining whether described abnormal alarm information is received;
The distribution determination module is used for determining whether described abnormal alarm information distributes;
Process determination module, be used for determining whether described abnormal alarm information has begun to process;
Examine determination module, be used for determining whether administrative center determines auditing result through examining to reach to the verification result of described abnormal alarm information;
Processing finishes determination module, is used for determining whether described abnormal alarm information is disposed.
3. system according to claim 1, is characterized in that, also comprises:
Statistics management module is used for type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and exports the statistical report form that comprises described type, number of times, time, generation area and/or auditing result.
4. system according to claim 1, is characterized in that, also comprises:
The abnormal monitoring module is used for according to described abnormal alarm information, monitoring analysis being carried out in the access behavior of abnormal alarm main frame, and described abnormal alarm main frame is for producing the equipment with IP address of described abnormal alarm information.
5. system according to claim 4, is characterized in that, described abnormal monitoring module also is used for:
Go out according to the interpretation of result of described monitoring analysis the reason that described abnormal alarm information produces.
6. the processing method of an abnormal alarm information, is characterized in that, comprising:
Gather the abnormal alarm information that safety analysis equipment produces;
User to the treatment system of logining described abnormal alarm information carries out authentication, and according to described the result to described user grants access scope;
Real Time Monitoring is analyzed described user to the treatment state of described abnormal alarm information operating, and described treatment state is for indicating the situation of described abnormal alarm information processing process;
Be used for the treatment state of the described abnormal alarm information of circular in real time.
7. method according to claim 6, is characterized in that, the described user of described Real Time Monitoring analysis specifically comprises the treatment state of described abnormal alarm information operating:
Determine whether described abnormal alarm information is received;
Determine whether described abnormal alarm information distributes;
Determine whether described abnormal alarm information has begun to process;
Determine whether administrative center reaches definite auditing result through audit to the verification result of described abnormal alarm information;
Determine whether described abnormal alarm information is disposed.
8. method according to claim 6, is characterized in that, also comprises:
Type, number of times, time, generation area and/or the auditing result of statistics abnormal alarm information, and output comprises the statistical report form of described type, number of times, time, generation area and/or auditing result.
9. method according to claim 6, is characterized in that, also comprises:
According to described abnormal alarm information, monitoring analysis is carried out in the access behavior of abnormal alarm main frame, described abnormal alarm main frame is for producing the equipment with IP address of described abnormal alarm information.
10. method according to claim 9, is characterized in that, also comprises:
Go out according to the interpretation of result of described monitoring analysis the reason that described abnormal alarm information produces.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110342501.4A CN103095477B (en) | 2011-11-02 | 2011-11-02 | The processing system of a kind of abnormal alarm information and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110342501.4A CN103095477B (en) | 2011-11-02 | 2011-11-02 | The processing system of a kind of abnormal alarm information and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103095477A true CN103095477A (en) | 2013-05-08 |
| CN103095477B CN103095477B (en) | 2016-08-31 |
Family
ID=48207640
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110342501.4A Active CN103095477B (en) | 2011-11-02 | 2011-11-02 | The processing system of a kind of abnormal alarm information and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103095477B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109724663A (en) * | 2018-11-15 | 2019-05-07 | 华电电力科学研究院有限公司 | A method of improving automatic monitoring smoke discharge amount accuracy |
| CN111918233A (en) * | 2020-07-03 | 2020-11-10 | 西北工业大学 | Anomaly detection method suitable for wireless aviation network |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101409888A (en) * | 2008-11-20 | 2009-04-15 | 浪潮通信信息系统有限公司 | Method for monitoring fault ticket in mobile communication network management system |
| CN101588360A (en) * | 2009-07-03 | 2009-11-25 | 深圳市安络大成科技有限公司 | Associated equipment and method for internal network security management |
| CN101631040A (en) * | 2009-08-24 | 2010-01-20 | 国家计算机网络与信息安全管理中心 | Real-time monitoring warning system and method of unified management multi-business system |
| CN101707528A (en) * | 2008-06-12 | 2010-05-12 | 广东高新兴通信股份有限公司 | Method for transmitting alarm data of centralized monitoring system |
| CN102143017A (en) * | 2010-11-25 | 2011-08-03 | 中国移动(深圳)有限公司 | Service real-time monitoring method and system |
-
2011
- 2011-11-02 CN CN201110342501.4A patent/CN103095477B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101707528A (en) * | 2008-06-12 | 2010-05-12 | 广东高新兴通信股份有限公司 | Method for transmitting alarm data of centralized monitoring system |
| CN101409888A (en) * | 2008-11-20 | 2009-04-15 | 浪潮通信信息系统有限公司 | Method for monitoring fault ticket in mobile communication network management system |
| CN101588360A (en) * | 2009-07-03 | 2009-11-25 | 深圳市安络大成科技有限公司 | Associated equipment and method for internal network security management |
| CN101631040A (en) * | 2009-08-24 | 2010-01-20 | 国家计算机网络与信息安全管理中心 | Real-time monitoring warning system and method of unified management multi-business system |
| CN102143017A (en) * | 2010-11-25 | 2011-08-03 | 中国移动(深圳)有限公司 | Service real-time monitoring method and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109724663A (en) * | 2018-11-15 | 2019-05-07 | 华电电力科学研究院有限公司 | A method of improving automatic monitoring smoke discharge amount accuracy |
| CN111918233A (en) * | 2020-07-03 | 2020-11-10 | 西北工业大学 | Anomaly detection method suitable for wireless aviation network |
| CN111918233B (en) * | 2020-07-03 | 2022-09-27 | 西北工业大学 | Anomaly detection method suitable for wireless aviation network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103095477B (en) | 2016-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114584405B (en) | Electric power terminal safety protection method and system | |
| CN108521408A (en) | Resist method of network attack, device, computer equipment and storage medium | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN105791255A (en) | Method and system for identifying computer risks based on account clustering | |
| RU2622883C2 (en) | System and method for managing access to personal data | |
| Rout et al. | A hybrid approach for network intrusion detection | |
| CN103544438B (en) | A kind of user awareness virus report analytical approach for cloud security system | |
| CN111181978A (en) | Abnormal network traffic detection method and device, electronic equipment and storage medium | |
| Songma et al. | Classification via k-means clustering and distance-based outlier detection | |
| CN103095477A (en) | Treatment system and method of abnormity alarming information | |
| CN112688971B (en) | Function-damaged network security threat identification device and information system | |
| CN116346433A (en) | Method and system for detecting network security situation of power system | |
| CN116707927A (en) | Situation awareness method, system, computer equipment and storage medium | |
| Limsaiprom et al. | Social network anomaly and attack patterns analysis | |
| CN111212077A (en) | Host access system and method | |
| Tiwari et al. | User-profile-based analytics for detecting cloud security breaches | |
| Zou et al. | Research and implementation of intelligent substation information security risk assessment tool | |
| Chamiekara et al. | Autosoc: A low budget flexible security operations platform for enterprises and organizations | |
| CN113922977A (en) | Anti-cheating method and system based on mobile terminal | |
| Ahmed et al. | Smart grid wireless network security requirements analysis | |
| CN106254163A (en) | The method and device of the USB port of monitoring LAN Computer | |
| Zhou et al. | Research on information security system of waste terminal disposal process | |
| US20220060485A1 (en) | Threat forecasting | |
| CN206181100U (en) | Safe fortune dimension access device based on smart power grids scheduling control system | |
| Ahmed et al. | A comparative study on the currently existing intrusion detection systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information |
Inventor after: Li Zhipeng Inventor after: Wang Hongbo Inventor after: LingHu Yongxing Inventor before: Li Zhipeng Inventor before: Wang Hongbo |
|
| CB03 | Change of inventor or designer information | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd. Address before: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing Patentee before: BEIJING TOPWALK INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 100096 101, 1st to 7th floors, Building 3, Yard 6, Jianfeng Road (South Extension), Haidian District, Beijing Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd. Address before: 100084 2a201, 202, building 2, yard 1, Nongda South Road, Haidian District, Beijing Patentee before: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CP02 | Change in the address of a patent holder |