CN106330532A - Network information processing method and system, network management device and network monitoring device - Google Patents
Network information processing method and system, network management device and network monitoring device Download PDFInfo
- Publication number
- CN106330532A CN106330532A CN201610682287.XA CN201610682287A CN106330532A CN 106330532 A CN106330532 A CN 106330532A CN 201610682287 A CN201610682287 A CN 201610682287A CN 106330532 A CN106330532 A CN 106330532A
- Authority
- CN
- China
- Prior art keywords
- network
- monitoring device
- information
- network monitoring
- currently
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0686—Additional information in the notification, e.g. enhancement of specific meta-data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0695—Management of faults, events, alarms or notifications the faulty arrangement being the maintenance, administration or management system
Abstract
The invention provides a network information processing method and system, a network management device and a network monitoring device. The method comprises the following steps: the network management device generates alarm information when judging that the network monitoring device is in an unsafe state at present, obtains corresponding solutions and sends the alarm information and the solutions to the network monitoring device, so that the network monitoring device can master that itself is in the unsafe state at present and can take corresponding solutions to intelligently process unsafe network events, therefore the manpower investment of maintenance can be reduced, and strong support is provided for the stability and the reliability of network maintenance.
Description
Technical field
The invention belongs to communication technical field, set particularly to a kind of web information processing method and system, network management
Standby, network monitoring device.
Background technology
Along with computer technology and the fast development of network technology, network composition also becomes increasingly complex, and complicated network is made
Become management and many hidden danger for security, therefore expedited the emergence of out special network security management platform and be also referred to as unified security management
Platform.Safety management platform can be as management node, it is possible to well sensing network change in topology, each in collection network
The event of monitor node, and simply analyze and pretreatment.Network manager is helped to know current network peace timely
Total state.
Existing safety management platform, after perceiving the threat that network is subject to, the most quickly provides alarm and carries
Show, and inform manager by sending out the forms such as mail.If manager knows Cyberthreat situation the most in time, just cannot be timely
Solution is taked in threat so that network exists potential safety hazard.
Summary of the invention
The invention provides web information processing method and system, network management device, network monitoring device, be used for solving
Existing safety management platform is merely able to send threat warning, in the case of manager knows warning the most in time to manager
Easily cause the defect of Network Security Vulnerabilities.
First aspect, the invention provides a kind of web information processing method, including:
If network management device judges to know that the network monitoring device in network is currently at non-secure states, then generate phase
The warning information answered;
Network management device obtains solution information corresponding to described non-secure states, and by described warning information and
Described solution information sends to described network monitoring device so that described network monitoring device know be currently at non-security
State, and perform corresponding solution according to described solution information.
Alternatively, described method also includes:
If network management device judge to know current time distance last to network monitoring device send a warning message with
And the duration of solution information is more than or equal to the time-out time preset, then sends to described network monitoring device and delete letter
Breath, so that described network monitoring device is after receiving described deletion information, it is believed that currently reverted to safe condition, and stop
Perform described solution.
Alternatively, if described network management device judges to know that the network monitoring device in network is currently at non-security shape
State, then generate corresponding warning information, including:
Network management device, when receiving the network safety event that network monitoring device reports, currently tires out if judging to know
The network safety event that the described network monitoring device of meter reports has met the condition triggering alarm, then confirm described network monitoring
Equipment is currently at non-secure states, and generates corresponding warning information.
Alternatively, if described judgement knows that the network safety event that current accumulative described network monitoring device reports is the fullest
Foot triggers the condition of alarm, including:
If judging to know current accumulative described the network monitoring device network safety event reported and the safe thing preset
Part rule matches, then reliable according to the priority of the security incident comprised in described security incident rule and security incident
Property, it is judged that whether described current accumulative network safety event meets the condition triggering alarm.
Alternatively, described method also includes:
If judging to know current accumulative described the network monitoring device network safety event reported and the safe thing preset
Part rule matches, then back up matching result.
Second aspect, the invention provides a kind of web information processing method, including:
Network monitoring device is when detecting that current network state is doubtful non-secure states, on network management device
The network safety event of report, described network safety event includes the information of current network state, so that described network management sets
Judge to know that the network monitoring device in network is currently at non-secure states if standby, then generate corresponding warning information, and obtain
Take the solution information that described non-secure states is corresponding, and described warning information and described solution information are sent extremely
Described network monitoring device;
Network monitoring device after receiving described warning information and described solution information, know be currently at non-
Safe condition, and perform corresponding solution according to described solution information.
Alternatively, including:
Network monitoring device is after receiving deletion information, it is believed that has currently reverted to safe condition, and has stopped performing institute
State solution;
Wherein, described deletion information, know in current time distance once to net in judgement for described network management device
Network monitoring device send a warning message and solution information duration more than or equal to preset time-out time time, to described
The information that network monitoring device sends.
The third aspect, the invention provides a kind of network management device, including:
Judging unit, for when judging to know that the network monitoring device in network is currently at non-secure states, generating
Corresponding warning information;
Acquiring unit, for obtaining the solution information that described non-secure states is corresponding;
Transmitting element, sets for described warning information and described solution information are sent extremely described network monitoring
Standby, so that described network monitoring device is known is currently at non-secure states, and perform correspondence according to described solution information
Solution.
Fourth aspect, the invention provides a kind of network monitoring device, including:
Report unit, for when detecting that current network state is doubtful non-secure states, to network management device
The network safety event reported, described network safety event includes the information of current network state, so that described network management
If equipment judges to know that the network monitoring device in network is currently at non-secure states, then generate corresponding warning information, and
Obtain the solution information that described non-secure states is corresponding, described warning information and described solution information are sent extremely
Described network monitoring device;
Performance element, for after receiving described warning information and described solution information, knows and is currently at
Non-secure states, and perform corresponding solution according to described solution information.
5th aspect, the invention provides a kind of network information processing system, including network management device and several
Network monitoring device;
Described network management device is the network management device described in claim 8, and described network monitoring device is right
Require the network monitoring device described in 9.
The present invention provides a kind of web information processing method and system, network management device, network monitoring device, the method
In, network management device generates warning information when judging that network monitoring device is currently at non-secure states, and obtains corresponding
Solution, warning information and solution are sent to network monitoring device, in the lump so that network monitoring device can obtain
Know self unsafe conditions current, can take corresponding solution simultaneously in time, Intelligent treatment network unsafe incidents,
It is thus possible to reduce the input safeguarding manpower, stability and reliability for safeguarding network provide and provide powerful support for.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, embodiment will be described below
The accompanying drawing used required in is briefly described, it should be apparent that, the accompanying drawing in describing below is only some of the present invention
Example, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to according to these accompanying drawings
Obtain other accompanying drawing.
Fig. 1 is a kind of web information processing method embodiment flow chart that the present invention provides;
Fig. 2 is the another kind of web information processing method embodiment flow chart that the present invention provides;
Fig. 3 is a kind of network management device example structure schematic diagram that the present invention provides;
Fig. 4 is a kind of network monitoring device example structure schematic diagram that the present invention provides;
Fig. 5 is a kind of network information processing system example structure schematic diagram that the present invention provides;
Fig. 6 is that in the network information processing system that the present invention provides, network management device performs method flow diagram;
Fig. 7 is that in the network information processing system that the present invention provides, network monitoring device performs method flow diagram.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Describe, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments wholely.Based on
Embodiment in the present invention, the every other reality that ordinary skill people is obtained under not making creative work premise
Execute example, broadly fall into the scope of protection of the invention.
First aspect, embodiments provides a kind of web information processing method, as it is shown in figure 1, include:
If S101, network management device judge to know that the network monitoring device in network is currently at non-secure states, then
Generate corresponding warning information;
S102, network management device obtain the solution information that non-secure states is corresponding, and by warning information and solution
Certainly Action Message sends to network monitoring device, so that network monitoring device is known is currently at non-secure states, and according to solution
Certainly Action Message performs corresponding solution.
In the web information processing method that the embodiment of the present invention provides, network management device is judging that network monitoring device is worked as
Before generate warning information when being in non-secure states, and obtain corresponding solution, by warning information with solution in the lump
Send to network monitoring device, so that network monitoring device can know self unsafe conditions current, simultaneously can be timely
Take corresponding solution, Intelligent treatment network unsafe incidents such that it is able to reduce the input safeguarding manpower, for safeguarding net
The stability of network and reliability provide and provide powerful support for.
In actual applications, network management device here and network monitoring device can be all kinds of main frame, server,
Router, switch, it is also possible to for all kinds of firewall products such as IDS, IPS, anti-DDOS equipment etc., this is not made specifically by the present invention
Limit.Network management device in each network can have one, and network monitoring device can have several.
Here non-secure states can be understood as the threat that the network that this network monitoring device is presently in is subject to, such as
It is subjected to disparate networks attack, abnormal login, abnormal access, Brute Force, maliciously infringement etc., certainly can also include other
Being not easy to the threat that network security is stable, this is not especially limited by the present invention.
Here warning information can comprise this network monitoring device and be presently in abnormal conditions and this exception of network
The consequence that situation will cause, certainly can also comprise other and contribute to network monitoring device and judge the information of current state, this
This is not especially limited by invention.
Here solution can be the special solution taked for a certain unsafe condition.Such as, for certain
Class anti-DDOS event, can take to carry out certain source IP address the measure of flow blocking-up.For another example, for P2P download event,
Can take this agreement is carried out the measure of speed limit.Understandable, these solutions can be that manager is according to network
The measure that deployment scenario sets in advance, it is also possible to for the solution of the regular default setting according to current network, the present invention
This is not especially limited.
In the specific implementation, step S101 in said method embodiment can be accomplished in several ways, below to it
The optional embodiment of middle one is described in detail.
S1011, network management device are when receiving the network safety event that network monitoring device reports, based on described net
Network safety event that network monitoring device currently reports and the network safety event that history reports, if judging to know current net
Network security incident has met the condition triggering alarm, then confirm that network monitoring device is currently at non-secure states, and generate phase
The warning information answered.
Specifically, network management device, can basis after receiving the network safety event that network monitoring device reports
It is all that this network monitoring device of the identification information-enquiry of the network monitoring device comprised in network safety event has reported the most
Network safety event.It is understood that network safety event here can be the network safety event of multiple type.If
In current accumulative network safety event, some has met the condition of alarm triggered with the network safety event of type, now
Network management device judges that the network state that this network monitoring device is presently in is unsafe network state, therefore generates phase
The warning information answered.
Further, in step S11, it is judged that the network safety event that current accumulative network monitoring device reports is the fullest
Foot triggers the condition of alarm can be implemented in several ways, and the optional embodiment of one of which includes:
Network safety event and history that S1011a, network management device currently report based on network monitoring device report
Network safety event, if judging to know that the network safety event currently reported matches, then with default security incident rule
Priority according to the security incident comprised in security incident rule and the reliability of security incident, it is judged that current accumulative net
Whether network security incident meets the condition triggering alarm.
Correspondingly, step S1011 can also include:
If S1011b judges to know that the network safety event currently reported matches, then with the security incident rule preset
Backup matching result.
Specifically, network management device, after receiving the network safety event that network monitoring device reports, can will be somebody's turn to do
The network monitoring device currently accumulative network safety event reported and several security incident rule phases of storage in rule base
Coupling.Here each rule in rule base can have identical xml form.For each field of this xml form,
Namely the different facilities of each rule, can be configured by network manager is self-defined according to current network demand.
For ease of the above rule matching process understood, below in conjunction with the xml form of a kind of rule shown in code,
Rule match is illustrated.
Wherein, priority here represents the priority of this rule, and reliability represents the reliability of this rule,
The two factor is to determine the deciding factor of security incident grade in this rule;Here occurrence represents that event produces
Number of times;Here time_out represents the time-out time of event;Here plugin_id represents the unique of monitoring node in network
Numbering, plugin_sid represents the numbering of certain monitoring node event, typically has multiple;Here from, to, port_from,
Port_to, protocol are that the five-tuple information of coupling (typically refers to source IP address, source port, purpose IP address, destination
Mouth and transport layer protocol).
If current accumulative network safety event matches with above-mentioned rule, then this rule is backed up.Such as, net
Network management equipment third time receives the network safety event of the type, in the rule that this network safety event is corresponding
Occurrence field is 3, and the most current network safety event matches with this rule.Network management device is by this simultaneously
Rule backs up.
After network management device has carried out backup, it is further continued for according to this network safety event arranged in this rule
Priority and reliability calculate the value-at-risk of current network state alarm.Concrete value-at-risk calculates and may refer to formula (1).
Value-at-risk=reliability * priority * network monitoring device important level/25 (1)
Wherein, the span of network monitoring device importance rate is 1~5;The span of reliability is 1~5;Excellent
The span of first level is 1~10;The span of value-at-risk is 1~10.Value-at-risk the highest explanation risk is the biggest.
If the value-at-risk after Ji Suaning can be 1 more than or equal to preset value, such as preset value, then it is assumed that the most accumulative
Network safety event has met the condition triggering alarm, then generate corresponding warning information;If value-at-risk is less than preset value, then
The network safety event thinking current accumulative does not also constitute a threat to event, is unsatisfactory for triggering the condition of alarm, then network management sets
Next network safety event to be received such as standby also repeats the step of above-mentioned judgement.
Advantage of this is that, it is possible to the matched rule of security incident, network management are set according to actual network condition
Equipment just can carry out alarm detection dissimilar or in various degree for different network condition, improves network security inspection
The motility surveyed and the suitability.
In the specific implementation, it is to be understood that at network monitoring device, current Cyberthreat is performed accordingly
After solution a period of time, general Cyberthreat all can be released from, therefore, in order to make network after threatening releasing
Monitoring device stops performing corresponding solution, and the method that the present invention provides also includes:
If S103, network management device judge that knowing that current time distance is last sends alarm letter to network monitoring device
The duration of breath and solution information more than or equal to the time-out time preset, then sends to network monitoring device and deletes letter
Breath, so that network monitoring device is after receiving deletion information, it is believed that currently reverted to safe condition, and stop performing solution
Measure.
Specifically, network management device can periodically be sentenced after having issued warning information and solution information
Whether the duration that disconnected current time and last time are handed down to the above-mentioned information of network monitoring device is the most overtime, namely exceed default
Duration.If having timed, out, then it is assumed that the measure that network monitoring device is taked has been able to release current Cyberthreat, then to net
Network monitoring device sends deletion information, comprises the instruction stopping performing solution in deletion information, so that network monitoring device
After receiving deletion information, it is believed that currently reverted to safe condition, and stopped performing solution.
Advantage of this is that, network management device can control network monitoring device in time and stop holding when threatening and releasing
Row solution, it is to avoid network monitoring device performs useless operation, wastes Internet resources.
Second aspect, the embodiment of the present invention additionally provides a kind of web information processing method, as in figure 2 it is shown, include:
S201, network monitoring device are when detecting that current network state is doubtful non-secure states, to network management
The network safety event that equipment reports, network safety event includes the information of current network state, so that network management device
If judging to know that the network monitoring device in network is currently at non-secure states, then generate corresponding warning information, and obtain
The solution information that non-secure states is corresponding, and warning information and solution information are sent to network monitoring device;
S202, network monitoring device, after receiving warning information and solution information, are known and are currently at non-peace
Total state, and perform corresponding solution according to solution information.
In the web information processing method that the embodiment of the present invention provides, network monitoring device detect current network-like
When state is doubtful non-secure states, the network safety event reported to network management device, so that network management device is judging
Currently for generating warning information during non-secure states, and warning information is sent to network monitoring in the lump with corresponding solution
Equipment, thus network monitoring device can know self unsafe conditions current, can take in time to solve accordingly simultaneously
Measure, Intelligent treatment network unsafe incidents such that it is able to reduce and safeguard the input of manpower, for safeguard network stability and can
There is provided by property and provide powerful support for.
In the specific implementation, said method embodiment can also include:
S203, network monitoring device are after receiving deletion information, it is believed that currently reverted to safe condition, and stopped holding
Row solution;
Specifically, network management device is known and is once issued warning information and solution on current time judging
When the duration of information is more than or equal to the time-out time preset, then it is assumed that current threat releases, it is not necessary to performs solution again and arranges
Execute, therefore send deletion information to network monitoring device, deletion information comprises the instruction stopping executive measure.Network monitoring sets
Standby after receiving deletion information, it is believed that currently to have reverted to safe condition, and stopped performing solution.
Advantage of this is that, network monitoring device is when receiving deletion information and judging threat, it is possible to and
Time stop performing corresponding solution, it is to avoid perform useless operation, waste Internet resources.
The third aspect, the embodiment of the present invention additionally provides a kind of network management device, as it is shown on figure 3, include: judging unit
301, acquiring unit 302 and transmitting element 303.
Wherein, it is judged that in judgement, unit 301 is for knowing that the network monitoring device in network is currently at non-secure states
Time, generate corresponding warning information;Acquiring unit 302 is for obtaining the solution information that non-secure states is corresponding;Send single
Unit 303, for sending warning information and solution information to network monitoring device, works as so that network monitoring device is known
Before be in non-secure states, and perform corresponding solution according to solution information.
In the specific implementation, it is judged that if unit 301 judges that knowing that current time distance is last sends out to network monitoring device
Send the duration of warning information and solution information more than or equal to the time-out time preset, then send to network monitoring device
Deletion information, so that network monitoring device is after receiving deletion information, it is believed that has currently reverted to safe condition, and has stopped holding
Row solution.
In the specific implementation, it is judged that unit 301 is when receiving the network safety event that network monitoring device reports, if sentencing
The disconnected network safety event knowing that current accumulative network monitoring device reports has met the condition triggering alarm, then confirm network
Monitoring device is currently at non-secure states, and generates corresponding warning information.
In the specific implementation, it is judged that if unit 301 judges to know the network peace that current accumulative network monitoring device reports
Total event matches with the security incident rule preset, then according to the priority of the security incident comprised in security incident rule with
And the reliability of security incident, it is judged that whether current accumulative network safety event meets the condition triggering alarm.
In the specific implementation, it is judged that if unit 301 judges to know the network peace that current accumulative network monitoring device reports
Total event matches with the security incident rule preset, then back up matching result.
Fourth aspect, the embodiment of the present invention additionally provides a kind of network monitoring device, as shown in Figure 4, and including: report unit
401 and performance element 402.
Wherein, report unit 401 for when detecting that current network state is doubtful non-secure states, to network pipe
The network safety event that reason equipment reports, network safety event includes the information of current network state, so that network management sets
Judge to know that the network monitoring device in network is currently at non-secure states if standby, then generate corresponding warning information, and obtain
The solution information that negated safe condition is corresponding, sends warning information and solution information to network monitoring device;
Performance element 402, for after receiving warning information and solution information, is known and is currently at non-secure states, and root
Corresponding solution is performed according to solution information.
Understandable, the network management device introduced due to the above-mentioned third aspect and fourth aspect and network prison
Control equipment is the device that can perform the web information processing method in the embodiment of the present invention, so based in the embodiment of the present invention
The web information processing method introduced, those skilled in the art will appreciate that the present embodiment network management device and
The detailed description of the invention of network monitoring device and its various versions, so at this for this network management device and net
The web information processing method how network monitoring device realizes in the embodiment of the present invention is no longer discussed in detail.As long as belonging to this area
Technical staff implements the device that web information processing method in the embodiment of the present invention is used, and broadly falls into what the application to be protected
Scope.
5th aspect, the embodiment of the present invention additionally provides a kind of network information processing system, as it is shown in figure 5, include network
Management equipment 501 and several network monitoring devices 502.Wherein, network management device 501 here is for described in the third aspect
Network management device, network monitoring device 502 here is the network monitoring device described in fourth aspect.For ease of understanding this
The operation principle of the network information processing system that invention provides, carries out complete explanation below in conjunction with the accompanying drawings.
Fig. 6 shows the workflow of network management device 501, and Fig. 7 shows the work of each network monitoring device 502
Make flow process.When network monitoring device 502 detects that current network state is doubtful unsecured network state, by current feelings
Condition reports network management device 501.Network management device 501 is when receiving this network safety event, first by information
Form be packaged, be structured as same form.Then by the rule in the event loop matching rule base after structuring,
If matching certain rule, then can binding rule and event information one backup rules of generation.If do not matched, direct
Walk other business.If generating backup rules, then initialize warning information also according to each field information in backup rules
The value-at-risk of this event is calculated according to the field such as priority, reliability.Warning information can be as follows,
Alarmid=1 eventid=2 risk=2 directiveid=3 detectorip=1.1.1.1
Activeid=4 setflag=1 description=" this is an alarm test "
Alarmid: the id of this alarm
Eventid: produce event id of this alarm, for correlating event
Risk: the value-at-risk of this alarm, is used for judging whether alarm
Directiveid: produce the regular id of this alarm, for correlation rule
Detectorip: produce the detection node i p address of event, for package arrangements
Activeid: mate the action id of this alarm, for package arrangements
Setflag: issue configuration or cancel configuration flag, for package arrangements
Description: the description information of this alarm, typically shows to produce the threat of this alarm
Wherein, warning information generally comprises alarm type, event five-tuple, value-at-risk, alarm description, issue configuration or
Cancel configuration flag etc..Understandable, alarm field here can increase and decrease according to real needs, is not limited to
State field.
When network management device 501 judges the value-at-risk of alarm less than preset value 1, then wait time-out.And obtain in judgement
Know when having timed, out, read the matching result of backup, see and issued warning information, if it is not, think this prestige
The side of body did not constituted a threat within this time period, therefore deleted the matching result of backup.
When network management device 501 judges the value-at-risk of alarm more than or equal to preset value 1, trigger alarm
Condition, now network management device 501 can inquire about the solution information of correspondence, and by warning information and solution information
Encapsulate sent along to network monitoring device 502.Network monitoring device 502 is when receiving this information, it can be determined that current
The network state of self receives threat, therefore performs corresponding solution according to the solution information in information.
After network monitoring device 502 performs the measure of a period of time, the most whether network management device 501 can judge
Time-out, if time-out, reads the match information of backup, if having issued warning information, then it is assumed that this threat is solved
Certainly, deletion information is issued.Network monitoring device 502, after receiving deletion information, stops performing corresponding solution, and continues
Continue and detect whether doubtful non-secure event.
Through the above description of the embodiments, those skilled in the art it can be understood that to each embodiment can
The mode adding required general hardware platform by software realizes, naturally it is also possible to pass through hardware.Based on such understanding, on
State the part that prior art contributes by technical scheme the most in other words to embody with the form of software product, should
Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD etc., including some fingers
Make with so that a computer equipment (can be personal computer, server, or the network equipment etc.) performs each and implements
The method described in some part of example or embodiment.
In description mentioned herein, illustrate a large amount of detail.It is to be appreciated, however, that the enforcement of the present invention
Example can be put into practice in the case of not having these details.In some instances, it is not shown specifically known method, structure
And technology, in order to do not obscure the understanding of this description.
Similarly, it will be appreciated that one or more in order to simplify that the disclosure helping understands in each inventive aspect, exist
Above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes
In example, figure or descriptions thereof.But, the method for the disclosure should not be construed to reflect an intention that i.e. required guarantor
The application claims feature more more than the feature being expressly recited in each claim protected.More precisely, as following
Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
The claims following detailed description of the invention are thus expressly incorporated in this detailed description of the invention, the most each claim itself
All as the independent embodiment of the present invention.
Those skilled in the art are appreciated that and can carry out the module in the equipment in embodiment adaptively
Change and they are arranged in one or more equipment different from this embodiment.Can be the module in embodiment or list
Unit or assembly are combined into a module or unit or assembly, and can put them in addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit excludes each other, can use any
Combine all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed appoint
Where method or all processes of equipment or unit are combined.Unless expressly stated otherwise, this specification (includes adjoint power
Profit requires, summary and accompanying drawing) disclosed in each feature can be carried out generation by providing identical, equivalent or the alternative features of similar purpose
Replace.
Although additionally, it will be appreciated by those of skill in the art that embodiments more in this include institute in other embodiments
Including some feature rather than further feature, but the combination of the feature of different embodiment means to be in the scope of the present invention
Within and form different embodiments.Such as, in the following claims, embodiment required for protection any it
One can mode use in any combination.
The present invention will be described rather than limits the invention to it should be noted above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference marks that should not will be located between bracket is configured to limitations on claims.Word " comprises " and does not excludes the presence of not
Arrange element in the claims or step.Word "a" or "an" before being positioned at element does not excludes the presence of multiple such
Element.The present invention and can come real by means of including the hardware of some different elements by means of properly programmed computer
Existing.If in the unit claim listing equipment for drying, several in these devices can be by same hardware branch
Specifically embody.Word first, second and third use do not indicate that any order.These word explanations can be run after fame
Claim.
Last it is noted that above example is only in order to illustrate technical scheme, it is not intended to limit;Although
With reference to previous embodiment, the present invention is described in detail, it will be understood by those within the art that: it still may be used
So that the technical scheme described in foregoing embodiments to be modified, or wherein portion of techniques feature is carried out equivalent;
And these amendment or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and
Scope.
Claims (10)
1. a web information processing method, it is characterised in that including:
If network management device judges to know that the network monitoring device in network is currently at non-secure states, then generate corresponding
Warning information;
Network management device obtains solution information corresponding to described non-secure states, and by described warning information and described
Solution information sends to described network monitoring device, so that described network monitoring device is known is currently at non-security shape
State, and perform corresponding solution according to described solution information.
Method the most according to claim 1, it is characterised in that described method also includes:
If network management device judges that knowing that current time distance is last sends a warning message to network monitoring device and solve
Certainly the duration of Action Message is more than or equal to the time-out time preset, then send deletion information to described network monitoring device, with
Make described network monitoring device after receiving described deletion information, it is believed that currently to revert to safe condition, and stopped performing
Described solution.
Method the most according to claim 1, it is characterised in that if described network management device judges to know the net in network
Network monitoring device is currently at non-secure states, then generate corresponding warning information, including:
Network management device is when receiving the network safety event that network monitoring device reports, based on described network monitoring device
The network safety event that the network safety event currently reported and history report, if judging to know the network security currently reported
Event has met the condition triggering alarm, then confirm that described network monitoring device is currently at non-secure states, and generate corresponding
Warning information.
Method the most according to claim 3, it is characterised in that judge to know current accumulative described network monitoring if described
The network safety event that equipment reports has met the condition triggering alarm, including:
Network safety event that network management device currently reports based on described network monitoring device and the network that history reports
Security incident, if judging to know that the network safety event currently reported matches, then according to institute with the security incident rule preset
State the priority of the security incident comprised in security incident rule and the reliability of security incident, it is judged that described current accumulative
Whether network safety event meets the condition triggering alarm.
Method the most according to claim 4, it is characterised in that described method also includes:
If judging to know that the network safety event currently reported matches with the security incident rule preset, then backup coupling knot
Really.
6. a web information processing method, it is characterised in that including:
Network monitoring device, when detecting that current network state is doubtful non-secure states, reports to network management device
Network safety event, described network safety event includes the information of current network state, if so that described network management device
Judge to know that the network monitoring device in network is currently at non-secure states, then generate corresponding warning information, and obtain institute
State the solution information that non-secure states is corresponding, and described warning information and described solution information are sent to described
Network monitoring device;
Network monitoring device after receiving described warning information and described solution information, know be currently at non-security
State, and perform corresponding solution according to described solution information.
Method the most according to claim 6, it is characterised in that including:
Network monitoring device is after receiving deletion information, it is believed that currently reverted to safe condition, and stop performing described solution
Certainly measure;
Wherein, described deletion information, judging to know in current time distance once to network prison for described network management device
Control equipment send a warning message and solution information duration more than or equal to preset time-out time time, to described network
The information that monitoring device sends.
8. a network management device, it is characterised in that including:
Judging unit, for when judging to know that the network monitoring device in network is currently at non-secure states, generates corresponding
Warning information;
Acquiring unit, for obtaining the solution information that described non-secure states is corresponding;
Transmitting element, for described warning information and described solution information are sent extremely described network monitoring device, with
Make described network monitoring device know and be currently at non-secure states, and perform corresponding solution according to described solution information
Measure.
9. a network monitoring device, it is characterised in that including:
Report unit, for when detecting that current network state is doubtful non-secure states, report to network management device
Network safety event, described network safety event includes the information of current network state, so that described network management device
If judging to know that the network monitoring device in network is currently at non-secure states, then generate corresponding warning information, and obtain
The solution information that described non-secure states is corresponding, sends described warning information and described solution information to described
Network monitoring device;
Performance element, for after receiving described warning information and described solution information, knows and is currently at non-peace
Total state, and perform corresponding solution according to described solution information.
10. a network information processing system, it is characterised in that include that network management device and several network monitorings set
Standby;
Described network management device is the network management device described in claim 8, and described network monitoring device is claim 9
Described network monitoring device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610682287.XA CN106330532A (en) | 2016-08-16 | 2016-08-16 | Network information processing method and system, network management device and network monitoring device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610682287.XA CN106330532A (en) | 2016-08-16 | 2016-08-16 | Network information processing method and system, network management device and network monitoring device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106330532A true CN106330532A (en) | 2017-01-11 |
Family
ID=57743800
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610682287.XA Pending CN106330532A (en) | 2016-08-16 | 2016-08-16 | Network information processing method and system, network management device and network monitoring device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106330532A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111597084A (en) * | 2019-02-20 | 2020-08-28 | 长鑫存储技术有限公司 | Safety early warning method and device, electronic equipment and storage medium |
| CN114338372A (en) * | 2020-09-25 | 2022-04-12 | 中国移动通信集团山东有限公司 | Network information security monitoring method and system |
| CN114401126A (en) * | 2021-12-30 | 2022-04-26 | 中国电信股份有限公司 | Interface safety monitoring method and device |
| CN114401126B (en) * | 2021-12-30 | 2024-04-30 | 中国电信股份有限公司 | Interface security monitoring method and device |
-
2016
- 2016-08-16 CN CN201610682287.XA patent/CN106330532A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111597084A (en) * | 2019-02-20 | 2020-08-28 | 长鑫存储技术有限公司 | Safety early warning method and device, electronic equipment and storage medium |
| CN111597084B (en) * | 2019-02-20 | 2023-06-16 | 长鑫存储技术有限公司 | Security early warning method and device, electronic equipment and storage medium |
| CN114338372A (en) * | 2020-09-25 | 2022-04-12 | 中国移动通信集团山东有限公司 | Network information security monitoring method and system |
| CN114338372B (en) * | 2020-09-25 | 2024-03-12 | 中国移动通信集团山东有限公司 | Network information security monitoring method and system |
| CN114401126A (en) * | 2021-12-30 | 2022-04-26 | 中国电信股份有限公司 | Interface safety monitoring method and device |
| CN114401126B (en) * | 2021-12-30 | 2024-04-30 | 中国电信股份有限公司 | Interface security monitoring method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102684944B (en) | Method and device for detecting intrusion | |
| US20130150985A1 (en) | Abnormality Detection for Isolating a Control System | |
| CN103794033B (en) | Monitoring alarm method and device | |
| CN106034054B (en) | Redundant access controls list acl rule file test method and device | |
| CN106656604A (en) | Microservice request management method, microservice controller and high-concurrence microservice architecture | |
| Uemura et al. | Availability analysis of an intrusion tolerant distributed server system with preventive maintenance | |
| CN103888282A (en) | Network intrusion alarm method and system based on nuclear power plant | |
| CN105227559A (en) | The information security management framework that a kind of automatic detection HTTP actively attacks | |
| CN104378228A (en) | Network data security management system and method | |
| CN106254125A (en) | The method and system of security incident correlation analysiss based on big data | |
| CN106330532A (en) | Network information processing method and system, network management device and network monitoring device | |
| FR3010202A1 (en) | MEANS OF PROTECTION FOR INDUSTRIAL COMPUTING SYSTEMS | |
| Tichy et al. | Application of Cybersecurity Approaches within Smart Cities and ITS | |
| CN104734896B (en) | The acquisition methods and system of service sub-system operating condition | |
| CN111031050B (en) | Monitoring method and device for electricity consumption information acquisition system | |
| Tanaka et al. | IoT system security issues and solution approaches | |
| CN109495424A (en) | A kind of method and apparatus detecting intrusion rate | |
| CN103905271A (en) | Alarm storm suppression method | |
| Petcu | SLA-based cloud security monitoring: Challenges, barriers, models and methods | |
| CN105978908A (en) | Non-real-time information website security protection method and apparatus | |
| Rodriguez-Baca et al. | Experimental Study based on the Implementation of a Regulatory Framework for the Improvement of Cyber Resilience in SMEs | |
| CN115396151A (en) | Artificial intelligence network-based security event quick response system | |
| JP2019062272A (en) | Cyber security framework box | |
| EP2911362B1 (en) | Method and system for detecting intrusion in networks and systems based on business-process specification | |
| Kohli | Developing cyber security asset management framework for UK rail |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |