CN107508817B - 一种企事业单位内源威胁网络安全防御设备 - Google Patents

一种企事业单位内源威胁网络安全防御设备 Download PDF

Info

Publication number
CN107508817B
CN107508817B CN201710784489.XA CN201710784489A CN107508817B CN 107508817 B CN107508817 B CN 107508817B CN 201710784489 A CN201710784489 A CN 201710784489A CN 107508817 B CN107508817 B CN 107508817B
Authority
CN
China
Prior art keywords
submodule
endogenous
attack
risk
threat
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710784489.XA
Other languages
English (en)
Other versions
CN107508817A (zh
Inventor
李春强
于磊
丘国伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingwei Xinan Technology Co ltd
Original Assignee
Beijing Jingwei Xinan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingwei Xinan Technology Co ltd filed Critical Beijing Jingwei Xinan Technology Co ltd
Priority to CN201710784489.XA priority Critical patent/CN107508817B/zh
Publication of CN107508817A publication Critical patent/CN107508817A/zh
Application granted granted Critical
Publication of CN107508817B publication Critical patent/CN107508817B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Aiming, Guidance, Guns With A Light Source, Armor, Camouflage, And Targets (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明描述了一种针对企事业单位内源威胁的网络安全防御设备。本发明面向来自于企事业单位内部的网络安全威胁,通过基于内源威胁的风险评估、风险缓解、威胁监测、威胁响应技术,从而实现对企事业单位内源威胁的系统防御效果。

Description

一种企事业单位内源威胁网络安全防御设备
技术领域
本发明涉及一种网络安全防御设备,尤其涉及一种针对来企事业单位内部的网络安全威胁的防御设备。
背景技术
内源威胁区别于外源威胁,攻击者来自于企事业单位内部设备或用户,检测困难危害性大。随着企业信息安全机制的建立建全,单纯想从外部渗透进入目标系统的攻击门槛不断提高;内源威胁逐渐增多,并且开始在各大安全报告中崭露头角,引起了国外研究者的高度重视。遗憾的是,国内此类事件曝光率极低,研究重视不够,因此缺乏行之有效的防范措施。
发明内容
本发明目的在于提供一种企事业单位内源威胁网络安全防御设备。本发明面向来自于企事业单位内部的网络安全威胁,通过基于内源威胁的风险评估、风险缓解、威胁监测、威胁响应技术,从而实现对企事业单位内源威胁的系统防御效果。
本发明的技术方案如下:
一种企事业单位内源威胁网络安全防御设备,其包括:
A、内源威胁预测模块:包括内部设备安全风险评估子模块、内源攻击风险评估子模块、失泄密风险评估子模块和窃密攻击风险评估子模块。
B、内源威胁预防模块:包括基于设备漏洞的风险缓解子模块、基于内源攻击技术的风险缓解子模块、失泄密安全风险缓解子模块和基于安全设备联动的风险缓解子模块。
C、内源威胁监测模块:包括基于内部安全风险实时监测子模块、内源攻击实时监测子模块、失泄密实时监测子模块和窃密攻击实时监测子模块。
D、内源威胁响应模块:包括内源攻击取证子模块、内源攻击溯源子模块、内源攻击反制子模块、响应效能反馈子模块。
所述方法,其中A中,内源攻击风险评估子模块是评估来自于内部的网络攻击方式在当前内部网络环境发生的可能性及危害大小,失泄密风险评估子模块是评估当前内部网络环境中存在的失泄密行为的可能性及危害大小,窃密攻击风险评估子模块是评估在当前内部网络环境中发生窃密攻击行为的可能性及危害大小。
所述方法,其中B中,各风险缓解子模块主要是通过设备配置等操作来消除或减少该风险的依赖条件,进而增大该风险触发难度。
所述方法,其中C中,内源攻击实时监测主要是通过设备监测信息、设备日志、蜜罐等方式对内源攻击行为进行基于行为而非特征的监测。
本发明所提供的一种企事业单位内源威胁网络安全防御设备,直接接入企事业单位内部网络即可应用,对网络改动小,故障风险低,功能完善,能够系统防御已知和未知内源威胁。
附图说明
图1为本发明的结构简图。
具体实施方式
以下结合附图,将对本发明的较佳实施例进行较为详细的说明。
如图1所示,本发明主要包括针对内源威胁的预测、预防、监测、响应等模块。
各模块之间相互联动,预测模块的输出是预防模块的输入,预防模块的输出作用于监测模块,监测模块的输出与响应模块的输入,响应模块的输出作用于预测模块。
本发明实现的具体步骤如下:步骤A对内源威胁进行预测,包括内部设备安全风险评估子模块、内源攻击风险评估子模块、失泄密风险评估子模块和窃密攻击风险评估子模块等;
步骤B对内源威胁进行预防,包括基于设备漏洞的风险缓解子模块、基于内源攻击技术的风险缓解子模块、失泄密安全风险缓解子模块和基于安全设备联动的风险缓解子模块等;
步骤C对内源威胁进行监测,包括基于内部安全风险实时监测子模块、内源攻击实时监测子模块、失泄密实时监测子模块和窃密攻击实时监测子模块等;
步骤D对内源威胁进行响应:包括内源攻击取证子模块、内源攻击溯源子模块、内源攻击反制子模块和响应效能反馈子模块等。
在步骤D中,响应效能反馈子模块是针对特定内源威胁的取证、溯源、反制等结果信息进行反馈,用于改进预测模块;应当理解的是,上述针对具体实施方式的描述较为详细,不能因此而认为是对本发明专利保护范围的限制,本发明的专利保护范围应以所附权利要求为准。

Claims (2)

1.一种企事业单位内源威胁网络安全防御设备,其特征在于:
A、内源威胁预测模块:包括内部设备安全风险评估子模块、内源攻击风险评估子模块、失泄密风险评估子模块和窃密攻击风险评估子模块;
B、内源威胁预防模块:包括基于设备漏洞的风险缓解子模块、基于内源攻击技术的风险缓解子模块、失泄密安全风险缓解子模块和基于安全设备联动的风险缓解子模块;
模块B中,各风险缓解子模块主要是通过设备配置操作来消除或减少该风险的依赖条件,进而增大该风险触发难度;
C、内源威胁监测模块:包括基于内部安全风险实时监测子模块、内源攻击实时监测子模块、失泄密实时监测子模块和窃密攻击实时监测子模块;
模块C中,内源攻击实时监测主要是通过设备监测信息、设备日志、蜜罐对内源攻击行为进行基于行为而非特征的监测;
D、内源威胁响应模块:包括内源攻击取证子模块、内源攻击溯源子模块、内源攻击反制子模块和响应效能反馈子模块;
模块D中,响应效能反馈子模块是针对特定内源威助的取证、溯源、反制结果信息进行反馈,用于改进预测模块。
2.权利要求1所述的一种企事业单位内源威胁网络安全防御设备,其特征在于:其中模块A中,内源攻击风险评估子模块是评估来自于内部的网络攻击方式在当前内部网络环境发生的可能性及危害大小,失泄密风险评估子模块是评估当前内部网络环境中存在的失泄密行为的可能性及危害大小,窃密攻击风险评估子模块是评估在当前内部网络环境中发生窃密攻击行为的可能性及危害大小。
CN201710784489.XA 2017-09-04 2017-09-04 一种企事业单位内源威胁网络安全防御设备 Active CN107508817B (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710784489.XA CN107508817B (zh) 2017-09-04 2017-09-04 一种企事业单位内源威胁网络安全防御设备

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710784489.XA CN107508817B (zh) 2017-09-04 2017-09-04 一种企事业单位内源威胁网络安全防御设备

Publications (2)

Publication Number Publication Date
CN107508817A CN107508817A (zh) 2017-12-22
CN107508817B true CN107508817B (zh) 2020-05-05

Family

ID=60695566

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710784489.XA Active CN107508817B (zh) 2017-09-04 2017-09-04 一种企事业单位内源威胁网络安全防御设备

Country Status (1)

Country Link
CN (1) CN107508817B (zh)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108134797A (zh) * 2017-12-28 2018-06-08 广州锦行网络科技有限公司 基于蜜罐技术的攻击反制实现系统及方法
CN109918935B (zh) * 2019-03-19 2020-10-09 北京理工大学 一种内部泄密威胁防护策略的优化方法
CN110381092A (zh) * 2019-08-29 2019-10-25 南京经纬信安科技有限公司 一种自适应闭环解决网络威胁的防御系统及方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270372A (zh) * 2014-10-11 2015-01-07 国家电网公司 一种参数自适应的网络安全态势量化评估方法
KR20170079528A (ko) * 2015-12-30 2017-07-10 주식회사 시큐아이 공격 탐지 방법 및 장치

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9699205B2 (en) * 2015-08-31 2017-07-04 Splunk Inc. Network security system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270372A (zh) * 2014-10-11 2015-01-07 国家电网公司 一种参数自适应的网络安全态势量化评估方法
KR20170079528A (ko) * 2015-12-30 2017-07-10 주식회사 시큐아이 공격 탐지 방법 및 장치

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于动态自适应的网络安全智能预警系统研究";曲巨宝;《计算机时代》;20071130;全文 *

Also Published As

Publication number Publication date
CN107508817A (zh) 2017-12-22

Similar Documents

Publication Publication Date Title
Yaacoub et al. Cyber-physical systems security: Limitations, issues and future trends
Brief Executive order on improving the nation’s cybersecurity
US10051010B2 (en) Method and system for automated incident response
CN108259449B (zh) 一种防御apt攻击的方法和系统
CN107508817B (zh) 一种企事业单位内源威胁网络安全防御设备
Harrop et al. Cyber resilience: A review of critical national infrastructure and cyber security protection measures applied in the UK and USA
Jadidi et al. A threat hunting framework for industrial control systems
Katipally et al. Attacker behavior analysis in multi-stage attack detection system
CN110602044A (zh) 一种网络威胁分析方法和系统
Hasan et al. Artificial intelligence empowered cyber threat detection and protection for power utilities
Lee et al. Rcryptect: Real-time detection of cryptographic function in the user-space filesystem
Chen et al. Towards realizing self-protecting SCADA systems
CN116032629A (zh) 一种告警流量的分类治理方法、系统电子设备及存储介质
Lyngaas Utah renewables company was hit by rare cyberattack in March
Hu et al. Research on Android ransomware protection technology
Zakaria et al. Feature extraction and selection method of cyber-attack and threat profiling in cybersecurity audit
Zhang et al. Investigating the impact of cyber attacks on power system reliability
Mohamed et al. Understanding the threat posed by Chinese cyber warfare units
Adebayo et al. An intelligence based model for the prevention of advanced cyber-attacks
Al Baalbaki et al. Autonomic critical infrastructure protection (acip) system
Ismail et al. Towards developing scada systems security measures for critical infrastructures against cyber-terrorist attacks
Jekov et al. Intelligent protection of Internet of things systems
Judy et al. Detection and Classification of Malware for Cyber Security using Machine Learning Algorithms
Raja Detection and Prevention of Ransomware Attacks using AES and RSA Algorithms
Maglaras et al. Bridging the Gap between Cybersecurity and Reliability for Critical National Infrastructures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant