CN104901960A - Device and method for network security management based on alarm strategy - Google Patents
Device and method for network security management based on alarm strategy Download PDFInfo
- Publication number
- CN104901960A CN104901960A CN201510281976.5A CN201510281976A CN104901960A CN 104901960 A CN104901960 A CN 104901960A CN 201510281976 A CN201510281976 A CN 201510281976A CN 104901960 A CN104901960 A CN 104901960A
- Authority
- CN
- China
- Prior art keywords
- security incident
- alarm
- risk
- value
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a device and a method for network security management based on an alarm strategy. The device for network security management comprises a receiving unit, an alarm generation unit, a matching unit and an execution unit, wherein the receiving unit is used for receiving a security incident generated by the device for network security management; the alarm generation unit is used for generating an alarm based on the security incident with a greater risk value than a preset threshold; the matching unit is used for matching the alarm and an alarm strategy table to obtain an alarm strategy corresponding to the alarm; and the execution unit is used for executing the alarm according to the alarm strategy. According to the device and the method, the alarm information can be corrected and managed, controllability, real-time performance and flexibility of network security are improved, meanwhile, reliability for outputting the alarm information is guaranteed, and the security threat in the network is effectively blocked.
Description
Technical field
The present invention relates to a kind of network security management technical field, particularly a kind of network security management Apparatus and method for based on warning strategies.
Background technology
Along with Internet era development, network security comes into one's own day by day.Although network security product constantly moves to maturity, the security threat simultaneously in automatic network also gets more and more, and in order to give full play to the effect of various safety product, increase network and respond actively ability to security incident, network security management platform arises at the historic moment.Safety management platform has concentrated fire compartment wall, anti-virus equipment, intrusion detection device, vulnerability scanning equipment etc., the security incident that various safety product produces is associated, utilize association analysis algorithm and evaluation of risk means, find the risk in network, timely generation warning information, form a concentrated monitoring, supervising the network platform, effectively resist network security threats.
Existing safety management platform is integrated with all kinds of safety product and facility, construct huge database, support the correction to security incident priority level simultaneously, for the association analysis of event and risk assessment provide good Data Source, but the correction lacked warning information self and management.Not there is in existing safety management platform the flexibility to system real-time change, cause the alarm produced may be out-of-date, unessential information.
Therefore, be necessary to propose a kind of warning strategies can revising alarm output mode, improve real-time and the reliability of alarm.
Summary of the invention
The object of this invention is to provide a kind of network security management Apparatus and method for based on warning strategies.In the present invention, network security management equipment comprises receiving element, alarm generation unit, matching unit and performance element.The present invention can realize correction to warning information self and management, improves the controllability of network security, real-time and flexibility, ensure that the reliability of outputting alarm information simultaneously, effectively blocks the security threat in network.
According to an aspect of the present invention, provide a kind of network security management equipment based on warning strategies, comprising: receiving element, for receiving the security incident that safety in network equipment produces; Alarm generation unit, is connected with described receiving element, for being greater than the security incident of predetermined threshold value based on value-at-risk, generates alarm; Matching unit, generates with described alarm and is connected, and for described alarm being mated with warning strategies table, obtains the warning strategies that described alarm is corresponding; Performance element, is connected with described matching unit, for according to described warning strategies, performs alarm.
Preferably, described security incident is normalized rear generation by described safety means to security log.
Preferably, the attribute of described security incident comprise five-tuple information that security incident produces, generate the facility information of security incident, the significance level of the significance level of the source device that source IP is corresponding and object equipment corresponding to object IP in the degree of reliability of security incident, the priority of security incident, described five-tuple information;
Preferably, described network security management equipment also comprises: risk assessment unit, for the significance level of the priority of the degree of reliability according to security incident, security incident, source device and object equipment, and the value-at-risk of assessment security incident.
Preferably, the value-at-risk of described assessment security incident, comprising: the value-at-risk A of assessment source device, significance level/25 of A=security incident degree of reliability * security incident priority * source device;
Significance level/25 of the value-at-risk B of purpose of appraisals equipment, B=security incident degree of reliability * security incident priority * object equipment;
The value-at-risk C of assessment security incident, C=max (A, B).
Preferably, the condition that described matching unit carries out mating comprises: the value-at-risk scope of the object equipment of the value-at-risk scope of the source device of the security incident that the value-at-risk scope of the security incident that the five-tuple scope of the security incident that alarm is corresponding, alarm are corresponding, alarm are corresponding and/or security incident corresponding to alarm.
According to another aspect of the present invention, provide a kind of network safety managing method based on warning strategies, described method comprises the steps: step S1, receives the security incident that safety in network equipment produces; Step S2: the security incident being greater than predetermined threshold value based on value-at-risk generates alarm; Step S3: the alarm generated in step S2 mated with warning strategies table, obtains the warning strategies that described alarm is corresponding; Step S4: according to the warning strategies in step S3, performs alarm.
Preferably, the safety means in described step S1 comprise: one or more in firewall box, anti-virus equipment, intrusion detection device, vulnerability scanning equipment.
Preferably, the attribute of described security incident comprises: the significance level of the object equipment that the five-tuple information that security incident produces, the significance level generating the source device that source IP is corresponding in the facility information of security incident, the degree of reliability of security incident, the priority of security incident, described five-tuple information and object IP are corresponding;
Preferably, in described step S4, perform alarm, comprise one or more following combination:
Send mail, send note, generate alarm work order, issue blocking strategy, attack source is set to blacklist.
Optionally, comprise between described step S1 and step S2: step S5, according to the value-at-risk of the significance level assessment security incident of the priority of the degree of reliability of security incident, security incident, source device and object equipment.
Preferably, the value-at-risk of described assessment security incident, comprising:
The value-at-risk A of assessment source device, significance level/25 of A=security incident degree of reliability * security incident priority * source device;
Significance level/25 of the value-at-risk B of purpose of appraisals equipment, B=security incident degree of reliability * security incident priority * object equipment;
The value-at-risk C of assessment security incident, C=max (A, B).
The present invention can realize correction to warning information self and management, improves the controllability of network security, real-time and flexibility, ensure that the reliability of outputting alarm information simultaneously, effectively blocks the security threat in network.
Accompanying drawing explanation
Fig. 1 shows the network security management device systems block diagram of the preferred embodiment of the present invention;
Fig. 2 shows the estimation flow figure of the risk value of security incident of the specific embodiment of the invention;
Fig. 3 shows the warning strategies coupling implementation flow chart of the specific embodiment of the invention;
Fig. 4 shows the network safety managing method flow chart of the preferred embodiment of the present invention;
Embodiment
For making the object, technical solutions and advantages of the present invention clearly understand, below in conjunction with embodiment also with reference to accompanying drawing, the present invention is described in more detail.Should be appreciated that, these describe just exemplary, and do not really want to limit the scope of the invention.In addition, in the following description, the description to known features and technology is eliminated, to avoid unnecessarily obscuring concept of the present invention.
The object of this invention is to provide a kind of network security management Apparatus and method for based on warning strategies.Network security management equipment comprises receiving element, alarm generation unit, matching unit and performance element.The present invention supports that keeper is according to network condition flexible configuration warning strategies, interlock issues the threat blocked in alarm, improve the controllability of network security, real-time and flexibility, ensure that the reliability of outputting alarm information simultaneously, effectively block the security threat in network.
Fig. 1 shows the network security management device systems block diagram of the preferred embodiment of the present invention.
As shown in Figure 1, network security management equipment comprises receiving element, alarm generation unit, matching unit and performance element.
The security incident that receiving element produces for receiving safety in network equipment.
Particularly, security incident is normalized rear generation by described safety means to security log; The attribute of security incident comprises the significance level of the source device that source IP is corresponding in the five-tuple information that security incident produces, the facility information generating security incident, the degree of reliability of security incident, the priority of security incident, described five-tuple information and object equipment corresponding to object IP.
The security incident that alarm generation unit is used for being greater than based on value-at-risk predetermined threshold value generates alarm.
Particularly, the value-at-risk of security incident, assesses by following optimal way, comprising: the value-at-risk A of assessment source device, significance level/25 of A=security incident degree of reliability * security incident priority * source device; Significance level/25 of the value-at-risk B of purpose of appraisals equipment, B=security incident degree of reliability * security incident priority * object equipment; The value-at-risk C of assessment security incident, C=max (A, B).
Matching unit is used for alarm to mate with warning strategies table, obtains the warning strategies that alarm is corresponding.
Particularly, the condition that matching unit carries out mating comprises the value-at-risk scope of the object equipment of the value-at-risk scope of the source device of security incident corresponding to the value-at-risk scope of security incident corresponding to the five-tuple scope of security incident corresponding to alarm, alarm, alarm and/or security incident corresponding to alarm.
Performance element is used for performing alarm according to described warning strategies.
Particularly, perform warning strategies and comprise one or more following combination: send mail, send note, generate alarm work order, issue blocking strategy, attack source is set to blacklist.
Can be come by assessment unit corresponding in network security management equipment the assessment of risk value of security incident above.Assessment unit can be connected with alarm generation unit with receiving element respectively, also can with alarm generation unit integrating.
Fig. 2 shows the estimation flow figure of the risk value of security incident of the specific embodiment of the invention.
As shown in Figure 2, the equipment such as the fire compartment wall in network security management platform, anti-virus, intrusion detection, vulnerability scanning is normalized the security log produced, and generates the security incident of consolidation form.The network security management equipment based on warning strategies that the present invention proposes is mainly to the security incident produced in system, and the alarm produced after risk assessment is carried out filtering and reforming.
In the present invention, the process of risk value of security incident comprises the steps:
Step S1, receives the network safety event produced from Network Security Device;
Step S2, obtains the five-tuple information of security incident; I.e. source IP, object IP, source port, destination interface and protocol number;
Step S3, obtains the device type of security incident, device id, event id;
Step S4, obtains reliability, priority, the assets importance (that is, the significance level of source device) of source IP corresponding device, the assets importance (that is, the significance level of object equipment) of object IP corresponding device of security incident;
Step S5, calculates the value-at-risk of this security incident.
In the specific embodiment of the invention, the attribute of security incident comprises the five-tuple information of event generation: source IP (src_ip), object IP (dst_ip), source port (src_port), destination interface (dst_port) and protocol number (protocol).
Generate the facility information of this security incident, comprising: device type (plugin_type), device id (plugin_id), event id (event_id)
The reliability (reliability) of this security incident, priority (priority), the assets importance (asset_src) of source IP corresponding device, the assets importance (asset_dst) of object IP corresponding device.
In the specific embodiment of the invention, the device id of hypotheses creation security incident is plugin_id=1001, device type is plugin_type=detector, event id is event_id=3, protocol number is protocol=TCP, source IP is src_ip=172.16.202.54, source port is src_port=80, object IP is dst_ip=172.16.202.86, destination interface is dst_port=20, the reliability of this security incident is reliability=5, priority is the assets importance asset_src=3 of priority=4 source IP corresponding device, the assets importance asset_dst=4 of object IP corresponding device.
1) wherein the reliability of event is the possibility that this event can occur, and span is 0-10, is worth higher, and the possibility that this event occurs is higher.
2) Event Priority is the degree of danger of event, and span is 0-5, and be worth higher, the harm of this event is larger.
3) importance is then the significance level of these assets (as main frame, router, fire compartment wall etc.), and span is 0-5.
The device id of specific embodiment of the invention security incident is plugin_id=1001, and device type is plugin_type=detector, and event id is event_id=3, and wherein the value-at-risk computational process of security incident is as follows:
Based on assets importance/25, value-at-risk A=Event Priority * event reliability * source of source assets;
Wherein in this equipment, Event Priority is priority=4, event reliability is reliability=5, the assets importance asset_src=3 of source IP corresponding device, the value-at-risk A=priority*reliability*asset_src/25=4*5*3/25=2.4 of source assets
Based on value-at-risk B=Event Priority * event reliability * object assets importance/25 of object assets;
Wherein in this equipment, Event Priority is priority=4, and event reliability is reliability=5, the assets importance of order ground IP corresponding device and order ground assets importance asset_dst=4, therefore based on the value-at-risk of object assets is
B=priority*reliability*asset_dst/25=4*5*4/25=3.2
Value-at-risk C=max (based on the value-at-risk A of source assets, the value-at-risk B based on object the assets)=max (2.4,3.2)=3.2 of security incident; The scope of the value-at-risk of security incident is 0-10.
Fig. 3 shows the warning strategies coupling implementation flow chart of the specific embodiment of the invention.
As shown in Figure 3, in the specific embodiment of the invention, warning strategies coupling implementation flow chart is divided into following steps:
Step S1, receives the security incident produced from safety in network equipment, generates alarm event through alarm generation unit.
Step S2, whether alarm first judges whether the five-tuple of alarm mates the five-tuple of the warning strategies in warning strategies table after producing, and namely judges the source IP of alarm, source port number, object IP, destination slogan, protocol number, in strategy in corresponding scope.
Wherein, the warning strategies in warning strategies table can be configured according to network environment in real time by system manager.
Step S3, five-tuple matches rear continuation and mates the value-at-risk attribute in alarm and asset risk attribute.
Until all matching conditions are all satisfied, enter and perform alarm action process, matching condition any one of step S2-S3 does not meet the coupling all entering next warning strategies.
Step S4, the processing stage that current alarm entering after having mated the matching condition of certain warning strategies and performs alarm action, strategically, performing an action of configuration enters the execution that corresponding action processing module carries out action.
Step S5, sends mail and carries out alarming processing; On the mail account sending to keeper to set in advance in the mode of mail this warning information.
Step S6, sends note and carries out alarming processing; In the contact person's account sending to keeper to set in advance in the mode of note this alarm.
Step S7, carries out work order generating process; This alarm is presented in the mode of work order, facilitates keeper to check.
Step S8, performs blocking strategy process; This process needs to link with the firewall box in network or other safety means, and needs the support blocking maneuver library.According to the security device information producing alarm, search blocking-up maneuver library, configuration security strategy, prevents the threat stated in this alarm.
Step S9, carries out blacklist setting to attack source; After blacklist is set, can be processed attack source by other modules, as blocked its flow entering network until threaten elimination.
Step S5-step S9 does not have inevitable sequencing, and it is all the concrete restrictions to step S4.
Fig. 4 shows the network safety managing method flow chart of the preferred embodiment of the present invention.
As shown in Figure 4, the network safety managing method of the preferred embodiment of the present invention is divided into following steps:
Step S1, receives the security incident that safety in network equipment produces.
Wherein, safety means comprise firewall box, anti-virus equipment, intrusion detection device, vulnerability scanning equipment.
Step S2, the security incident being greater than predetermined threshold value based on value-at-risk generates alarm.
Wherein, the value-at-risk of security incident obtains according to the importance property calculation of the priority of described security incident, reliability and assets;
Step S3, mates the alarm generated in step S2 with warning strategies table, obtains the warning strategies that described alarm is corresponding;
Step S4, according to the warning strategies in step S3, performs alarm, wherein performs alarm and comprises one or more following combination: send mail, send note, generate alarm work order, issue blocking strategy, attack source is set to blacklist.
Should be understood that, above-mentioned embodiment of the present invention only for exemplary illustration or explain principle of the present invention, and is not construed as limiting the invention.Therefore, any amendment made when without departing from the spirit and scope of the present invention, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.In addition, claims of the present invention be intended to contain fall into claims scope and border or this scope and border equivalents in whole change and modification.
Claims (10)
1. based on a network security management equipment for warning strategies, comprising: receiving element, alarm generation unit, matching unit and performance element, is characterized in that:
Described receiving element, for receiving the security incident that safety in network equipment produces;
Described alarm generation unit, is connected with described receiving element, for being greater than the security incident of predetermined threshold value based on value-at-risk, generates alarm;
Described matching unit, is connected with described alarm generation unit, for described alarm being mated with warning strategies table, obtains the warning strategies that described alarm is corresponding;
Described performance element, is connected with described matching unit, for according to described warning strategies, performs alarm.
2. the network security management equipment based on warning strategies according to claim 1, it is characterized in that, described security incident is normalized rear generation by described safety means to security log.
3. the network security management equipment based on warning strategies according to claim 1, it is characterized in that, the condition that described matching unit carries out mating comprises: the value-at-risk scope of the object equipment of the value-at-risk scope of the source device of the security incident that the value-at-risk scope of the security incident that the five-tuple scope of the security incident that alarm is corresponding, alarm are corresponding, alarm are corresponding and/or security incident corresponding to alarm.
4. the network security management equipment based on warning strategies according to claim 1, it is characterized in that, the attribute of described security incident comprises: the significance level of the object equipment that the five-tuple information that security incident produces, the significance level generating the source device that source IP is corresponding in the facility information of security incident, the degree of reliability of security incident, the priority of security incident, described five-tuple information and object IP are corresponding;
Described network security management equipment also comprises: risk assessment unit, for the significance level of the priority of the degree of reliability according to security incident, security incident, source device and object equipment, and the value-at-risk of assessment security incident.
5. the network security management equipment based on warning strategies according to claim 4, is characterized in that, the value-at-risk of described assessment security incident, comprising:
The value-at-risk A of assessment source device, significance level/25 of A=security incident degree of reliability * security incident priority * source device;
Significance level/25 of the value-at-risk B of purpose of appraisals equipment, B=security incident degree of reliability * security incident priority * object equipment;
The value-at-risk C of assessment security incident, C=max (A, B).
6. based on a network safety managing method for warning strategies, it is characterized in that, described method comprises the steps:
Step S1: receive the security incident that safety in network equipment produces;
Step S2: the security incident being greater than predetermined threshold value based on value-at-risk generates alarm;
Step S3: the alarm generated in step S2 mated with warning strategies table, obtains the warning strategies that described alarm is corresponding;
Step S4: according to the warning strategies in step S3, performs alarm.
7. the network safety managing method based on warning strategies according to claim 6, is characterized in that, the safety means in described step S1 comprise: one or more in firewall box, anti-virus equipment, intrusion detection device, vulnerability scanning equipment.
8. the network safety managing method based on warning strategies according to claim 6, is characterized in that, performs alarm in described step S4, comprises one or more following combination:
Send mail, send note, generate alarm work order, issue blocking strategy, attack source is set to blacklist.
9. the network safety managing method based on warning strategies according to claim 6, it is characterized in that, the attribute of described security incident comprises: the significance level of the object equipment that the five-tuple information that security incident produces, the significance level generating the source device that source IP is corresponding in the facility information of security incident, the degree of reliability of security incident, the priority of security incident, described five-tuple information and object IP are corresponding;
Comprise between described step S1 and step S2: step S5, according to the significance level of the priority of the degree of reliability of security incident, security incident, source device and object equipment, the value-at-risk of assessment security incident.
10. the network safety managing method based on warning strategies according to claim 9, is characterized in that, the value-at-risk of described assessment security incident, comprising:
The value-at-risk A of assessment source device, significance level/25 of A=security incident degree of reliability * security incident priority * source device;
Significance level/25 of the value-at-risk B of purpose of appraisals equipment, B=security incident degree of reliability * security incident priority * object equipment;
The value-at-risk C of assessment security incident, C=max (A, B).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510281976.5A CN104901960A (en) | 2015-05-26 | 2015-05-26 | Device and method for network security management based on alarm strategy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510281976.5A CN104901960A (en) | 2015-05-26 | 2015-05-26 | Device and method for network security management based on alarm strategy |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104901960A true CN104901960A (en) | 2015-09-09 |
Family
ID=54034357
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510281976.5A Pending CN104901960A (en) | 2015-05-26 | 2015-05-26 | Device and method for network security management based on alarm strategy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104901960A (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105335829A (en) * | 2015-11-27 | 2016-02-17 | 国网北京市电力公司 | Electric power information safety monitoring method and system |
CN107294776A (en) * | 2017-06-15 | 2017-10-24 | 郑州云海信息技术有限公司 | It is a kind of to generate the method and system that network security alerts distribution map |
CN107483472A (en) * | 2017-09-05 | 2017-12-15 | 中国科学院计算机网络信息中心 | A kind of method, apparatus of network security monitoring, storage medium and server |
CN107682351A (en) * | 2017-10-20 | 2018-02-09 | 携程旅游网络技术(上海)有限公司 | Method, system, equipment and the storage medium of network security monitoring |
CN109361690A (en) * | 2018-11-19 | 2019-02-19 | 中国科学院信息工程研究所 | Threat Disposal Strategies generation method and system in a kind of network |
CN109413088A (en) * | 2018-11-19 | 2019-03-01 | 中国科学院信息工程研究所 | Threat Disposal Strategies decomposition method and system in a kind of network |
CN109639631A (en) * | 2018-10-30 | 2019-04-16 | 国网陕西省电力公司信息通信公司 | A kind of network security cruising inspection system and method for inspecting |
CN109698819A (en) * | 2018-11-19 | 2019-04-30 | 中国科学院信息工程研究所 | Threat disposition management method and system in a kind of network |
CN109861865A (en) * | 2019-02-14 | 2019-06-07 | 上海鹏越惊虹信息技术发展有限公司 | A kind of alarm interlock method, device, system, computer equipment and storage medium |
CN110620790A (en) * | 2019-10-10 | 2019-12-27 | 国网山东省电力公司信息通信公司 | Network security device linkage processing method and device |
CN111539644A (en) * | 2020-04-30 | 2020-08-14 | 绿盟科技集团股份有限公司 | Network asset risk control method and device |
CN112738114A (en) * | 2020-12-31 | 2021-04-30 | 四川新网银行股份有限公司 | Configuration method of network security policy |
WO2021135382A1 (en) * | 2019-12-31 | 2021-07-08 | 华为技术有限公司 | Network security protection method and protection device |
CN114844667A (en) * | 2022-03-16 | 2022-08-02 | 济南法诺商贸有限公司 | Intelligent security analysis management decision system and method based on network equipment |
CN116318969A (en) * | 2023-03-15 | 2023-06-23 | 中国华能集团有限公司北京招标分公司 | Multi-element equipment log access method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101252487A (en) * | 2008-04-11 | 2008-08-27 | 杭州华三通信技术有限公司 | Method for processing safety warning and safety policy equipment |
CN101651577A (en) * | 2009-08-28 | 2010-02-17 | 曙光信息产业(北京)有限公司 | Alarm notification system and method for cluster monitoring |
CN102833099A (en) * | 2012-08-15 | 2012-12-19 | 曙光信息产业(北京)有限公司 | Extensible alarm emergency processing system and control method thereof |
CN104052739A (en) * | 2014-05-22 | 2014-09-17 | 汉柏科技有限公司 | Method and system for improving cross correlation on basis of security management platform |
CN104601361A (en) * | 2014-09-30 | 2015-05-06 | 北京科东电力控制系统有限责任公司 | Electric power secondary system safety incident analysis method for non-conformity strategy access |
-
2015
- 2015-05-26 CN CN201510281976.5A patent/CN104901960A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101252487A (en) * | 2008-04-11 | 2008-08-27 | 杭州华三通信技术有限公司 | Method for processing safety warning and safety policy equipment |
CN101651577A (en) * | 2009-08-28 | 2010-02-17 | 曙光信息产业(北京)有限公司 | Alarm notification system and method for cluster monitoring |
CN102833099A (en) * | 2012-08-15 | 2012-12-19 | 曙光信息产业(北京)有限公司 | Extensible alarm emergency processing system and control method thereof |
CN104052739A (en) * | 2014-05-22 | 2014-09-17 | 汉柏科技有限公司 | Method and system for improving cross correlation on basis of security management platform |
CN104601361A (en) * | 2014-09-30 | 2015-05-06 | 北京科东电力控制系统有限责任公司 | Electric power secondary system safety incident analysis method for non-conformity strategy access |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105335829A (en) * | 2015-11-27 | 2016-02-17 | 国网北京市电力公司 | Electric power information safety monitoring method and system |
CN107294776A (en) * | 2017-06-15 | 2017-10-24 | 郑州云海信息技术有限公司 | It is a kind of to generate the method and system that network security alerts distribution map |
CN107294776B (en) * | 2017-06-15 | 2020-07-24 | 苏州浪潮智能科技有限公司 | Method and system for generating network security alarm distribution map |
CN107483472A (en) * | 2017-09-05 | 2017-12-15 | 中国科学院计算机网络信息中心 | A kind of method, apparatus of network security monitoring, storage medium and server |
CN107483472B (en) * | 2017-09-05 | 2020-12-08 | 中国科学院计算机网络信息中心 | Network security monitoring method and device, storage medium and server |
CN107682351B (en) * | 2017-10-20 | 2020-03-31 | 携程旅游网络技术(上海)有限公司 | Method, system, equipment and storage medium for network security monitoring |
CN107682351A (en) * | 2017-10-20 | 2018-02-09 | 携程旅游网络技术(上海)有限公司 | Method, system, equipment and the storage medium of network security monitoring |
CN109639631A (en) * | 2018-10-30 | 2019-04-16 | 国网陕西省电力公司信息通信公司 | A kind of network security cruising inspection system and method for inspecting |
CN109361690A (en) * | 2018-11-19 | 2019-02-19 | 中国科学院信息工程研究所 | Threat Disposal Strategies generation method and system in a kind of network |
CN109698819A (en) * | 2018-11-19 | 2019-04-30 | 中国科学院信息工程研究所 | Threat disposition management method and system in a kind of network |
CN109361690B (en) * | 2018-11-19 | 2020-07-07 | 中国科学院信息工程研究所 | Method and system for generating threat handling strategy in network |
CN109413088B (en) * | 2018-11-19 | 2020-08-04 | 中国科学院信息工程研究所 | Method and system for decomposing threat handling strategy in network |
CN109413088A (en) * | 2018-11-19 | 2019-03-01 | 中国科学院信息工程研究所 | Threat Disposal Strategies decomposition method and system in a kind of network |
CN109698819B (en) * | 2018-11-19 | 2020-07-24 | 中国科学院信息工程研究所 | Threat disposal management method and system in network |
CN109861865A (en) * | 2019-02-14 | 2019-06-07 | 上海鹏越惊虹信息技术发展有限公司 | A kind of alarm interlock method, device, system, computer equipment and storage medium |
CN110620790A (en) * | 2019-10-10 | 2019-12-27 | 国网山东省电力公司信息通信公司 | Network security device linkage processing method and device |
CN110620790B (en) * | 2019-10-10 | 2021-11-02 | 国网山东省电力公司信息通信公司 | Network security device linkage processing method and device |
WO2021135382A1 (en) * | 2019-12-31 | 2021-07-08 | 华为技术有限公司 | Network security protection method and protection device |
CN111539644A (en) * | 2020-04-30 | 2020-08-14 | 绿盟科技集团股份有限公司 | Network asset risk control method and device |
CN111539644B (en) * | 2020-04-30 | 2023-11-24 | 绿盟科技集团股份有限公司 | Network asset risk control method and device |
CN112738114A (en) * | 2020-12-31 | 2021-04-30 | 四川新网银行股份有限公司 | Configuration method of network security policy |
CN112738114B (en) * | 2020-12-31 | 2023-04-07 | 四川新网银行股份有限公司 | Configuration method of network security policy |
CN114844667A (en) * | 2022-03-16 | 2022-08-02 | 济南法诺商贸有限公司 | Intelligent security analysis management decision system and method based on network equipment |
CN114844667B (en) * | 2022-03-16 | 2023-04-07 | 法诺信息产业有限公司 | Intelligent security analysis management decision system and method based on network equipment |
CN116318969B (en) * | 2023-03-15 | 2024-01-26 | 中国华能集团有限公司北京招标分公司 | Multi-element equipment log access method |
CN116318969A (en) * | 2023-03-15 | 2023-06-23 | 中国华能集团有限公司北京招标分公司 | Multi-element equipment log access method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104901960A (en) | Device and method for network security management based on alarm strategy | |
CN102624696B (en) | Network security situation evaluation method | |
CN109698819B (en) | Threat disposal management method and system in network | |
EP3179696B1 (en) | Connected security system | |
CN109361690B (en) | Method and system for generating threat handling strategy in network | |
CN105204487A (en) | Intrusion detection method and intrusion detection system for industrial control system based on communication model | |
CN104539626A (en) | Network attack scene generating method based on multi-source alarm logs | |
CN103563302A (en) | Network asset information management | |
CN104967588A (en) | Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack | |
CN109543301A (en) | A kind of network security attacks prototype modeling method based on Industry Control | |
CN107196895A (en) | Network attack is traced to the source implementation method and device | |
CN103634296A (en) | Intelligent electricity network attack detection method based on physical system and information network abnormal data merging | |
CN105227559A (en) | The information security management framework that a kind of automatic detection HTTP actively attacks | |
EP3182669A1 (en) | Integrated industrial system and control method thereof | |
CN104079430A (en) | Safety management platform, system and method based on information | |
CN100589425C (en) | Public secure protection system and public secure protection method | |
Coppolino et al. | Enhancing SIEM technology to protect critical infrastructures | |
Qu et al. | A network security situation evaluation method based on DS evidence theory | |
CN112995236A (en) | Internet of things equipment safety management and control method, device and system | |
CN114143064A (en) | Multi-source network security alarm event tracing and automatic processing method and device | |
CN111447167A (en) | Safety protection method and device for vehicle-mounted system | |
Angermeier et al. | Security risk assessments: Modeling and risk level propagation | |
US20170272457A1 (en) | Importance-level calculation device, output device, and recording medium in which computer program is stored | |
Sen et al. | Towards an approach to contextual detection of multi-stage cyber attacks in smart grids | |
CN110493200B (en) | Industrial control system risk quantitative analysis method based on threat map |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination |