CN104852927A - Safety comprehensive management system based on multi-source heterogeneous information - Google Patents
Safety comprehensive management system based on multi-source heterogeneous information Download PDFInfo
- Publication number
- CN104852927A CN104852927A CN201510292157.0A CN201510292157A CN104852927A CN 104852927 A CN104852927 A CN 104852927A CN 201510292157 A CN201510292157 A CN 201510292157A CN 104852927 A CN104852927 A CN 104852927A
- Authority
- CN
- China
- Prior art keywords
- event
- information
- data
- security
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
- H04L41/0273—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/046—Network management architectures or arrangements comprising network management agents or mobile agents therefor
Abstract
The invention discloses a safety comprehensive management system based on multi-source heterogeneous information, which comprises a management center terminal, a management agent, a collection agent and related network security equipment, and safety management of statistical information of each subordinate safety management agent, such as topological structure information, asset information and virus patch information. Through monitoring the safety situation of all kinds of asset equipment in a user network environment, collecting and collating the information and carrying out fusion and storage, correlation analysis, location of an event source, coordination and response, and warning are carried out.
Description
Technical field:
The present invention relates to network technology, data analysis and network safety filed, particularly a kind of based on multi-source heterogeneous information security total management system.
Background technology:
Research based on multi-source heterogeneous information is applied to the various aspects of social development, as in the construction of smart city, in the face of different information sources and the information terminal being difficult to statistics, communication between the process of various information field and information terminal is huge studying a question, along with Covering domain more and more comprehensively deeply, various isomeric data integrated in the urgent need to address with fusion.In addition, in network public-opinion monitoring, rail friendship condition monitoring field, to the comprehensive study of multi-source heterogeneous data, also more and more by industrial circle and academic attention.Meanwhile, along with the expansion based on multi-source heterogeneous information research scope, the security consideration of information and integrated management, become a problem demanding prompt solution.
At present, the domestic theoretical frame still lacking architectonical in multi-source heterogeneous monitoring system, domestic research institution or security firm have achieved monitoring and the analysis ability of multiple data plane, but rare breakthrough in association analysis, the safe early warning information therefore also presenting every aspect relatively isolates and cannot form the situation of interlock early warning.Existing network system security analysis is mainly attacked for the leak existed and is carried out analyzing and monitoring.There is comparatively serious deficiency in this Prevention-Security, especially for power system network, if the threat of network attack is suffered in electric power system, its consequence singly just at message area, by directly have influence on life and produce each use electrical domain.
Existing safety system lacks network attack depth analysis and monitoring, thus causes Prevention-Security ability still not enough, shows following two aspects.The first, lack gathering based on multi-source heterogeneous information security Monitoring Data in electrical network, merge and the effective technology of association analysis and product.The safety members such as fire compartment wall, intrusion detection, vulnerability scanning are distributed in the different links of network, also there is isomerism in its secure data, when these secure datas are carried out integrating and analyzing time, there is the problems such as compatibility, isomerism, these safety monitoring data thus can not be made to become upper layer security decision-making efficient resource.Therefore effectively must solve collection, the fusion problem of these multi-source heterogeneous safety monitoring data, and then effective association analysis is carried out to it, for further Prevention-Security behavior provides effective foundation; The second, lack information security that is Network Based and host-feature and attack depth analysis technology, particularly lack the proprietary attack depth analysis technology towards electrical network business.It is relatively ripe technology that Network Based and feature that is main frame realizes intrusion detection, but prior art is mainly analyzed the parameter of some routines of network and main frame, lacks the depth analysis of the cross-layer parameter to resources such as network traffics, physical layer parameters.Meanwhile, current existing method is use the intruding detection system (IDS), intrusion prevention system (IPS), anti-virus software etc. that detect based on misuse substantially.This kind of safety measure adopts passive defense measures, can only detect known attack true, and this kind of safety measure extremely depends on the quality and quantity of condition code in feature database to the detection of attacking.When there being the Real-Time Monitoring of the novel unknown attack such as 0day, APT means to produce with the novel attack of defence, affecting by condition code in feature database is circumscribed, can not warning be produced.
Therefore, perception and understanding must be carried out to the security factor that system safety situation can be caused to change in network system environment, information for information terminal collection various under power grid environment carries out security management and analysis, on this basis, interlock early warning is carried out to security postures, reach the effect of avoiding network attack in possible trouble, thus the loss of electric power system that the reduction of maximum possible causes due to network attack.
Summary of the invention:
In order to solve above-mentioned the deficiencies in the prior art, the invention provides a kind of based on multi-source heterogeneous information security total management system, by the security situation of all kinds asset equipment in supervisory user network environment, gather organize your messages and carry out merging and store, thus carry out association analysis and locating events source, carry out coordination and response and alarm prompt.
Technical scheme of the present invention is as follows:
Based on a multi-source heterogeneous information security total management system, its feature is, comprises end of administrative center, administration agent end, Collection agent end and relevant Network Security Device;
Described end of administrative center, carries out data processing to the data collected, and stores mass data;
Described administration agent end, the data that each Collection agent end reports up are managed concentratedly and statistical analysis, and the result of analysis is reported to end of administrative center, for provide system open up complement WEB, state shows WEB, statistics and form and event analysis and process;
Described Collection agent end, gathers multi-source heterogeneous data message, and the transmission of its event and statistics has separately independently passage;
Shown Network Security Device, comprises fire compartment wall and IPS safety means, in order to realize the security management and control to network.
Described end of administrative center comprises event statistics analysis module and data statistic analysis module;
Described event statistics analysis module, comprises security incident preliminary treatment, event normalization and event merger:
Described security incident preliminary treatment is screened the security information collected, and filters out security incident relevant information, rejects garbage.
Described event normalization is that the event of various for the source of collecting equipment different-format is normalized to unified standard event format;
Described event merger is by merger, reduces event number, improves the disposal ability of system.
Described data statistic analysis module comprises data relation analysis and data normalization:
Described data relation analysis is that the dissimilar event realized producing from different safety means/system carries out real time correlation, accurate positioning security problem in magnanimity event;
Described data normalization is should be able to Timeliness coverage alarm for known security incident, and warning message can carry out event class process according to different management domain, different classes of and different threat level.
Described administration agent end, comprises opening up and reissues existing administrative center, condition monitoring center and event and reported data processing center:
Existing administrative center is reissued in described opening up, for editing whole network configuration and the network equipment, the state of checking the network equipment and flow, checking network equipment real-time dynamic information, automatically finding the network equipment.
Described condition monitoring center, by watch-dog equipment running state information, reissues existing administrative center in conjunction with opening up, and opening up running state information and the performance index of mending management end and showing a node in real time, for safety management, agency provides initial data.
Described event and reported data processing center, manage concentratedly and statistical analysis the security event information data that each Collection agent end reports, and the result of analysis be reported to end of administrative center.
Described Collection agent end, comprises device discovery module, monitoring module and event and log acquisition module:
Described device discovery module, the hardware parameter information of collecting device;
Described monitoring module, is responsible for catching and analytical work propagated data;
Described event and log acquisition module, judge that the information captured identifies whether containing label, and judge it is security event information or log information according to recognition result and information, information is sent into follow-up administration agent end event and reported data processing center is made a concrete analysis of.
Compared with prior art, the invention has the beneficial effects as follows and achieve the standardization of management data, the standardization of management interface, thus ensure that platform has good availability, opening and ease for maintenance; By powerful data acquisition module, distribution collection is carried out to service data miscellaneous in network, leave concentratedly, substantially increase the real-time monitoring capacity of network manager to network condition; To safety in network equipment, secure resources, and the equipment such as router, application server realizes historical data analysis management and informix audit, graphically analysis result can be shown to user, interactive experience is better.
Accompanying drawing illustrates:
Fig. 1 system basic framework and workflow diagram.
The multi-source heterogeneous collecting safe monitoring data frame diagram of Fig. 2
Fig. 3 data acquisition system frame diagram
Fig. 4 association analysis frame diagram
Embodiment:
Here elaborates to embodiments of the invention, and the embodiment of the present invention is implemented lower premised on technical solution of the present invention, give detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to the following examples.
With reference to Fig. 1, a kind ofly to comprise based on multi-source heterogeneous information security total management system: end of administrative center, administration agent end, Collection agent end and relevant Network Security Device.Wherein, Collection agent end comprises three data acquisition modules, is device discovery module respectively, in order to collecting device information; Monitoring module, in order to collection network state information; Event and log acquisition module, in order to gather security event information and log information.The data grabber system of described monitoring module and event log acquisition module is a kind of network data acquisition system based on multi-Agent, comprise the active data acquisition method based on SNMP, CDP, the active data acquisition method based on sFlow technology, based on the network data active collection method of multi-protocols with based on the passive flux acquisition method of intercepting network packet.
Network data acquisition system based on multi-Agent mainly designs a kind of data collecting model based on Agent, the work between each collection Agent is coordinated by the communication between Agent, realize the collection polytype data used in network forensics being realized to data by diverse ways, and normalized stored in database after the data collected are carried out preliminary preliminary treatment, for next step evidence obtaining work is prepared.
Workflow as shown in Figure 3, intrusion detection data are obtained by Agent, stored in data warehouse, by association mining and sequential mining, after classified excavation and cluster result, the data of screening and knowledge base are carried out rule feature mate, after the safe encrypting operation such as digital certificates checking, by data stored in database.
For administration agent end, its Core Feature major embodiment, in state server, comprises opening up and reissues existing/administrative center, and condition monitoring center and event and reported data processing center, have high-performance embedded database BerkeleyDB simultaneously.Wherein, open up and reissue existing/administrative center and mainly have employed CDP topology search method and realize.Utilize CDP (cisco discovery protocol) is easy, effectively find Cisco compatibility the various network equipment and physical couplings thereof, general algorithm adopt breadth First order (BFS) from initial plant from the close-by examples to those far off layering carry out topology search.Condition monitoring center major function is receive status monitoring module information and via event and the process of reported data processing center, also forwards an end of administrative center stored in database.
End of administrative center mainly comprises event statistics analysis module, data statistic analysis module and peace pipe belt reason administration module.Wherein peace pipe belt reason administration module mainly realizes the Comprehensive Control to administration agent end, comprises the data of the event of acceptance and reported data processing center, and the running status of state of a control server.And event statistics analysis comprises security incident preliminary treatment, event normalization and event merger.Data statistic analysis is data relation analysis and data normalization mainly.The event of various for the source of collecting equipment different-format is mainly normalized to unified standard event format by event normalization, and normalized security incident comprises two kinds, the security event data that monitoring of tools finds and the security incident that safety means report.The security incident found and report is carried out gathering, analyzing, and the sequence of operations such as preliminary treatment, association analysis, the security incident of redundancy can be eliminated.The event level of normalization event comprises 5 grades, and event normalization defines the attribute of event: the relevant information, event generation person information etc. of event time, event title and type, event information content, transport layer and application layer protocol type, event fragility.Event merger mainly by merger, can reduce event number, improves the disposal ability of system.Support that the mode of merger comprises: support to carry out event merger in certain time period, unit calculated by second; Support to carry out merger when its event number exceedes certain threshold value in certain event section; Support the merger based on device address information in topology.The dissimilar event that association analysis mainly realizes producing from different safety means/systems etc. carries out real time correlation, accurate positioning security problem in magnanimity event.The means that association analysis is carried out in the security incident reported for safety means have: the security incident found with monitoring of tools associates, and related information is as the address, time etc. of equipment; Associate with assets information; Associate with host log information.
As shown in Figure 4, system gathers laggard style of writing this analysis by unified to protecting wall, intrusion detection, vulnerability scanning information and other Monitoring Data, clustering processing is carried out according to clustering rule, after being verified by early warning, pretreated data are mated with correlation rule storehouse, carry out association analysis, and generate report the test after analysis result is carried out data normalization.Data normalization module should be able to Timeliness coverage alarm for known security incident, and warning message can carry out event class process according to different management domain, different classes of and different threat level.The functions such as event inquiry and statistical analysis are provided.
Mainly performing flow process based on multi-source heterogeneous information security total management system comprises facility information in network and running status network state information, and the monitoring sampling and processing of the multi-source heterogeneous information such as security incident and daily record is analyzed.
Collection agent end is first by the hardware parameter information of device discovery module acquires equipment; By monitoring module, protocal analysis and information capture module in charge is utilized to catch and analytical work the data that http protocol etc. is propagated; By event and log acquisition module, identify whether containing label to the information captured, and judge it is security event information or log information according to recognition result and information, information is sent into follow-up administration agent end event and reported data processing center is made a concrete analysis of.
Administration agent end obtains the multi-source heterogeneous information of Collection agent end transmission by http protocol via state server, by open up reissue existing/administrative center carry out network open up reissue existing, match well with condition monitoring center, the multi-source heterogeneous information matches obtained is opened up in complement to current network, matched rule information is stored in database, and after coupling, information imports end of administrative center into.
The topological diagram equipment that end of administrative center receive status server sends and the event that state information and reporting events data processing centre import into and log information, these polynary Heterogeneous Informations are carried out event statistics analysis and data statistic analysis, and data are carried out merging and standardization, generate safe condition integrated information according to management strategy.
The index of safe condition (security threat intensity, self fragility, viral epidemic situation index, attack threat index, main frame abnormal index, threaten maximum attack and Virus Type etc.) is carried out safety index map and situation data genaration, and by multiple visual visual angle, as time domain, codomain visual angle etc., represent safe condition and the development trend of network in general, backtrack mechanism is provided, there is provided concrete event type and title, the number of times of event generation, the target of threat and target importance etc., the reason that induction system is in the hole.
Claims (4)
1. based on a multi-source heterogeneous information security total management system, it is characterized in that, comprise end of administrative center, administration agent end, Collection agent end and relevant Network Security Device;
Described end of administrative center, carries out data processing to the data collected, and stores mass data;
Described administration agent end, the data that each Collection agent end reports up are managed concentratedly and statistical analysis, and the result of analysis is reported to end of administrative center, for provide system open up complement WEB, state shows WEB, statistics and form and event analysis and process;
Described Collection agent end, gathers multi-source heterogeneous data message, and the transmission of its event and statistics has separately independently passage;
Shown Network Security Device, comprises fire compartment wall and IPS safety means, in order to realize the security management and control to network.
2. according to claim 1ly it is characterized in that based on multi-source heterogeneous information security total management system, described end of administrative center comprises event statistics analysis module and data statistic analysis module;
Described event statistics analysis module, comprises security incident preliminary treatment, event normalization and event merger:
Described security incident preliminary treatment is screened the security information collected, and filters out security incident relevant information, rejects garbage.
Described event normalization is that the event of various for the source of collecting equipment different-format is normalized to unified standard event format;
Described event merger is by merger, reduces event number, improves the disposal ability of system.
Described data statistic analysis module comprises data relation analysis and data normalization:
Described data relation analysis is that the dissimilar event realized producing from different safety means/system carries out real time correlation, accurate positioning security problem in magnanimity event;
Described data normalization is should be able to Timeliness coverage alarm for known security incident, and warning message can carry out event class process according to different management domain, different classes of and different threat level.
3. according to claim 1ly it is characterized in that based on multi-source heterogeneous information security total management system described administration agent end comprises opening up and reissues existing administrative center, condition monitoring center and event and reported data processing center:
Existing administrative center is reissued in described opening up, for editing whole network configuration and the network equipment, the state of checking the network equipment and flow, checking network equipment real-time dynamic information, automatically finding the network equipment.
Described condition monitoring center, by watch-dog equipment running state information, reissues existing administrative center in conjunction with opening up, and opening up running state information and the performance index of mending management end and showing a node in real time, for safety management, agency provides initial data.
Described event and reported data processing center, manage concentratedly and statistical analysis the security event information data that each Collection agent end reports, and the result of analysis be reported to end of administrative center.
4. according to claim 1ly it is characterized in that based on multi-source heterogeneous information security total management system, described Collection agent end, comprises device discovery module, monitoring module and event and log acquisition module:
Described device discovery module, the hardware parameter information of collecting device;
Described monitoring module, is responsible for catching and analytical work propagated data;
Described event and log acquisition module, judge that the information captured identifies whether containing label, and judge it is security event information or log information according to recognition result and information, information is sent into follow-up administration agent end event and reported data processing center is made a concrete analysis of.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510292157.0A CN104852927A (en) | 2015-06-01 | 2015-06-01 | Safety comprehensive management system based on multi-source heterogeneous information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510292157.0A CN104852927A (en) | 2015-06-01 | 2015-06-01 | Safety comprehensive management system based on multi-source heterogeneous information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104852927A true CN104852927A (en) | 2015-08-19 |
Family
ID=53852283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510292157.0A Pending CN104852927A (en) | 2015-06-01 | 2015-06-01 | Safety comprehensive management system based on multi-source heterogeneous information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104852927A (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681286A (en) * | 2015-12-31 | 2016-06-15 | 中电长城网际系统应用有限公司 | Association analysis method and association analysis system |
| CN105959144A (en) * | 2016-06-02 | 2016-09-21 | 中国科学院信息工程研究所 | Safety data acquisition and anomaly detection method and system facing industrial control network |
| CN106453401A (en) * | 2016-10-21 | 2017-02-22 | 国家计算机网络与信息安全管理中心山东分中心 | Network monitoring, analyzing and managing platform based on multi-source massive heterogeneous data |
| CN106777141A (en) * | 2016-12-19 | 2017-05-31 | 国网山东省电力公司电力科学研究院 | A kind of acquisition for merging multi-source heterogeneous electric network data and distributed storage method |
| CN106982229A (en) * | 2017-05-10 | 2017-07-25 | 南京南瑞继保电气有限公司 | The network security supervisory systems and collaboration monitoring and managing method of a kind of layered distribution type collaboration |
| CN107426159A (en) * | 2017-05-03 | 2017-12-01 | 成都国腾实业集团有限公司 | APT based on big data analysis monitors defence method |
| CN107645542A (en) * | 2017-09-03 | 2018-01-30 | 中国南方电网有限责任公司 | A kind of data acquisition device applied to cloud auditing system |
| CN107656973A (en) * | 2017-09-03 | 2018-02-02 | 中国南方电网有限责任公司 | A kind of log audit subsystem applied to cloud auditing system |
| CN107967313A (en) * | 2017-11-21 | 2018-04-27 | 中科宇图科技股份有限公司 | A kind of method for merging different industries data based on field data and coordinate general character |
| CN108833389A (en) * | 2018-06-05 | 2018-11-16 | 北京奇安信科技有限公司 | A kind of shared processing method and processing device of information data |
| CN108875397A (en) * | 2018-07-12 | 2018-11-23 | 江苏慧学堂系统工程有限公司 | A kind of WEB collecting method and system |
| CN109033431A (en) * | 2018-08-13 | 2018-12-18 | 北京天地和兴科技有限公司 | A kind of efficient electric power networks data acquisition and intelligent analysis system and processing method |
| CN109379374A (en) * | 2018-11-23 | 2019-02-22 | 四川长虹电器股份有限公司 | Threat identification method for early warning and system based on event analysis |
| CN109615266A (en) * | 2018-12-26 | 2019-04-12 | 贵州电网有限责任公司 | The text analyzing decision-making technique of power grid exception information based on data mining |
| CN109905391A (en) * | 2019-02-27 | 2019-06-18 | 南京众智维信息科技有限公司 | A kind of business network secure data acquisition management system |
| CN110926433A (en) * | 2019-11-28 | 2020-03-27 | 中国船舶重工集团公司第七一九研究所 | Marine disaster early warning system for coastal nuclear power station |
| CN111049685A (en) * | 2019-12-16 | 2020-04-21 | 中国南方电网有限责任公司 | Network security sensing system, network security sensing method and device of power system |
| CN111858243A (en) * | 2020-07-15 | 2020-10-30 | 上海交通大学 | Multi-hardware event monitoring count value estimation method based on exponential increase |
| CN111953660A (en) * | 2020-07-22 | 2020-11-17 | 江苏方天电力技术有限公司 | Multi-source heterogeneous security data hierarchical aggregation management system |
| CN112132538A (en) * | 2020-09-07 | 2020-12-25 | 哈尔滨工业大学(威海) | Photovoltaic power generation management system based on NB-IoT |
| CN113328878A (en) * | 2021-05-13 | 2021-08-31 | 上海励能信息技术有限公司 | Intelligent operation and maintenance monitoring system |
| CN114844953A (en) * | 2022-05-12 | 2022-08-02 | 机械工业仪器仪表综合技术经济研究所 | Petrochemical device instrument automatic control equipment safety monitoring system based on industrial internet |
| CN115269704A (en) * | 2022-08-02 | 2022-11-01 | 贵州财经大学 | Multi-element heterogeneous agricultural data management system |
| CN115442122A (en) * | 2022-09-01 | 2022-12-06 | 北京赛博易安科技有限公司 | Fusion analysis method and system for network security data |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101257399A (en) * | 2007-12-29 | 2008-09-03 | 中国移动通信集团四川有限公司 | Service system united safe platform |
| CN102685180A (en) * | 2011-10-18 | 2012-09-19 | 国网电力科学研究院 | Cloud computing-oriented network security early warning method |
| CN102035855B (en) * | 2010-12-30 | 2014-05-07 | 江苏省电力公司 | Network security incident association analysis system |
| CN104079430A (en) * | 2014-06-09 | 2014-10-01 | 汉柏科技有限公司 | Safety management platform, system and method based on information |
-
2015
- 2015-06-01 CN CN201510292157.0A patent/CN104852927A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101257399A (en) * | 2007-12-29 | 2008-09-03 | 中国移动通信集团四川有限公司 | Service system united safe platform |
| CN102035855B (en) * | 2010-12-30 | 2014-05-07 | 江苏省电力公司 | Network security incident association analysis system |
| CN102685180A (en) * | 2011-10-18 | 2012-09-19 | 国网电力科学研究院 | Cloud computing-oriented network security early warning method |
| CN104079430A (en) * | 2014-06-09 | 2014-10-01 | 汉柏科技有限公司 | Safety management platform, system and method based on information |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681286A (en) * | 2015-12-31 | 2016-06-15 | 中电长城网际系统应用有限公司 | Association analysis method and association analysis system |
| CN105959144A (en) * | 2016-06-02 | 2016-09-21 | 中国科学院信息工程研究所 | Safety data acquisition and anomaly detection method and system facing industrial control network |
| CN105959144B (en) * | 2016-06-02 | 2019-08-06 | 中国科学院信息工程研究所 | Secure data acquisition and method for detecting abnormality and system towards industrial control network |
| CN106453401A (en) * | 2016-10-21 | 2017-02-22 | 国家计算机网络与信息安全管理中心山东分中心 | Network monitoring, analyzing and managing platform based on multi-source massive heterogeneous data |
| CN106777141A (en) * | 2016-12-19 | 2017-05-31 | 国网山东省电力公司电力科学研究院 | A kind of acquisition for merging multi-source heterogeneous electric network data and distributed storage method |
| CN106777141B (en) * | 2016-12-19 | 2019-07-12 | 国网山东省电力公司电力科学研究院 | A kind of acquisition that merging multi-source heterogeneous electric network data and distributed storage method |
| CN107426159A (en) * | 2017-05-03 | 2017-12-01 | 成都国腾实业集团有限公司 | APT based on big data analysis monitors defence method |
| CN106982229A (en) * | 2017-05-10 | 2017-07-25 | 南京南瑞继保电气有限公司 | The network security supervisory systems and collaboration monitoring and managing method of a kind of layered distribution type collaboration |
| CN106982229B (en) * | 2017-05-10 | 2020-04-21 | 南京南瑞继保电气有限公司 | Layered distributed collaborative network security supervision system and collaborative supervision method |
| CN107645542A (en) * | 2017-09-03 | 2018-01-30 | 中国南方电网有限责任公司 | A kind of data acquisition device applied to cloud auditing system |
| CN107656973A (en) * | 2017-09-03 | 2018-02-02 | 中国南方电网有限责任公司 | A kind of log audit subsystem applied to cloud auditing system |
| CN107967313A (en) * | 2017-11-21 | 2018-04-27 | 中科宇图科技股份有限公司 | A kind of method for merging different industries data based on field data and coordinate general character |
| CN107967313B (en) * | 2017-11-21 | 2022-02-01 | 中科宇图科技股份有限公司 | Method for combining data of different industries based on field data and coordinate commonality |
| CN108833389A (en) * | 2018-06-05 | 2018-11-16 | 北京奇安信科技有限公司 | A kind of shared processing method and processing device of information data |
| CN108875397A (en) * | 2018-07-12 | 2018-11-23 | 江苏慧学堂系统工程有限公司 | A kind of WEB collecting method and system |
| CN109033431A (en) * | 2018-08-13 | 2018-12-18 | 北京天地和兴科技有限公司 | A kind of efficient electric power networks data acquisition and intelligent analysis system and processing method |
| CN109379374A (en) * | 2018-11-23 | 2019-02-22 | 四川长虹电器股份有限公司 | Threat identification method for early warning and system based on event analysis |
| CN109615266A (en) * | 2018-12-26 | 2019-04-12 | 贵州电网有限责任公司 | The text analyzing decision-making technique of power grid exception information based on data mining |
| CN109905391A (en) * | 2019-02-27 | 2019-06-18 | 南京众智维信息科技有限公司 | A kind of business network secure data acquisition management system |
| CN110926433A (en) * | 2019-11-28 | 2020-03-27 | 中国船舶重工集团公司第七一九研究所 | Marine disaster early warning system for coastal nuclear power station |
| CN111049685A (en) * | 2019-12-16 | 2020-04-21 | 中国南方电网有限责任公司 | Network security sensing system, network security sensing method and device of power system |
| CN111858243A (en) * | 2020-07-15 | 2020-10-30 | 上海交通大学 | Multi-hardware event monitoring count value estimation method based on exponential increase |
| CN111858243B (en) * | 2020-07-15 | 2024-03-19 | 上海交通大学 | Multi-hardware event monitoring count value estimation method based on exponential growth |
| CN111953660A (en) * | 2020-07-22 | 2020-11-17 | 江苏方天电力技术有限公司 | Multi-source heterogeneous security data hierarchical aggregation management system |
| CN112132538A (en) * | 2020-09-07 | 2020-12-25 | 哈尔滨工业大学(威海) | Photovoltaic power generation management system based on NB-IoT |
| CN113328878A (en) * | 2021-05-13 | 2021-08-31 | 上海励能信息技术有限公司 | Intelligent operation and maintenance monitoring system |
| CN114844953A (en) * | 2022-05-12 | 2022-08-02 | 机械工业仪器仪表综合技术经济研究所 | Petrochemical device instrument automatic control equipment safety monitoring system based on industrial internet |
| CN115269704A (en) * | 2022-08-02 | 2022-11-01 | 贵州财经大学 | Multi-element heterogeneous agricultural data management system |
| CN115269704B (en) * | 2022-08-02 | 2023-08-18 | 贵州财经大学 | Multi-element heterogeneous agricultural data management system |
| CN115442122A (en) * | 2022-09-01 | 2022-12-06 | 北京赛博易安科技有限公司 | Fusion analysis method and system for network security data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104852927A (en) | Safety comprehensive management system based on multi-source heterogeneous information | |
| CN112651006B (en) | Power grid security situation sensing system | |
| CN107196910B (en) | Threat early warning monitoring system, method and deployment framework based on big data analysis | |
| CN103563302B (en) | Networked asset information management | |
| CN109660526A (en) | A kind of big data analysis method applied to information security field | |
| CN103166794A (en) | Information security management method with integration security control function | |
| CN103338128A (en) | Information security management system with integrated security management and control function | |
| CN108259462A (en) | Big data Safety Analysis System based on mass network monitoring data | |
| CN106371986A (en) | Log treatment operation and maintenance monitoring system | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN107295010A (en) | A kind of enterprise network security management cloud service platform system and its implementation | |
| CN101005510A (en) | Network real time risk evaluating method for comprehensive loop hole | |
| CN103166788B (en) | A kind of collection control Control management system | |
| CN113157994A (en) | Multi-source heterogeneous platform data processing method | |
| CN114553537A (en) | Abnormal flow monitoring method and system for industrial Internet | |
| CN107547228A (en) | A kind of safe operation management platform based on big data realizes framework | |
| CN112416872A (en) | Cloud platform log management system based on big data | |
| Wang et al. | A centralized HIDS framework for private cloud | |
| CN116257021A (en) | Intelligent network security situation monitoring and early warning platform for industrial control system | |
| CN113783880A (en) | Network security detection system and network security detection method thereof | |
| CN115664703A (en) | Attack tracing method based on multi-dimensional information | |
| CN112383573B (en) | Security intrusion playback equipment based on multiple attack stages | |
| CN114125083A (en) | Industrial network distributed data acquisition method and device, electronic equipment and medium | |
| CN113132370A (en) | Universal integrated safety pipe center system | |
| Le Blanc et al. | Characterizing cyber tools for monitoring power grid systems: What information is available and who needs it? |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| CB03 | Change of inventor or designer information |
Inventor after: Wang Hongkai Inventor after: Zhang Xudong Inventor after: Zheng Shengjun Inventor after: Li Jianhua Inventor after: Xia Zhengmin Inventor after: Nan Shujun Inventor after: Wu Jun Inventor after: Wu Keqing Inventor before: Zheng Shengjun Inventor before: Li Jianhua Inventor before: Xia Zhengmin Inventor before: Wang Hongkai Inventor before: Nan Shujun Inventor before: Wu Jun |
|
| COR | Change of bibliographic data | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160323 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: Information communication branch office of Guo Wang Zhejiang Electric Power Company Applicant after: Shanghai Jiao Tong University Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: Shanghai Jiao Tong University |
|
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150819 |
|
| WD01 | Invention patent application deemed withdrawn after publication |