CN107547539A - A kind of hawkeye early warning system - Google Patents
A kind of hawkeye early warning system Download PDFInfo
- Publication number
- CN107547539A CN107547539A CN201710759488.XA CN201710759488A CN107547539A CN 107547539 A CN107547539 A CN 107547539A CN 201710759488 A CN201710759488 A CN 201710759488A CN 107547539 A CN107547539 A CN 107547539A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- probe
- hawkeye
- early warning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a kind of hawkeye early warning system, include study module, analog module, monitoring modular, processing module, alarm module and memory module;The analog module carries out simulation camouflage according to the learning data of the study module, and generates multiple virtual probes with virtual data;The monitoring modular is monitored to each virtual probe respectively;The processing module receives the Monitoring Data of the monitoring modular, and judges threat level according to the Monitoring Data, carries out suspension according to the threat level or continues to monitor and send alarm signal to the alarm module;The alarm module receives the alarm signal, and alert;The memory module is used for the processing data for storing the Monitoring Data and the processing module, so as to be monitored in real time to network, timely and effective discovery Cyberthreat, and actively take a just and effective measure to avoid the loss thus brought, so as to ensure the network security of user.
Description
Technical field
The present invention relates to technical field of network security, and in particular to a kind of hawkeye early warning system.
Background technology
A kind of APT (Advanced Persistent Threat) new network attack, it is to national national defense safety, state
People's economic security, important trade information safety, company trade information security constitute a serious threat.APT utilizes advanced attacker
Section carries out the attack form of long duration network attack to specific objective, and the principle of attack attacks forms more relative to other
Advanced and advanced, its advanced property is mainly reflected in APT needs operation flow and target to object of attack before offensive attack
System is accurately collected.During collecting herein, this attack can be excavated actively by object of attack trusted system and application
The leak of program, the network accessed needed for main frame is set up using these leaks.
At present, network security warning system is mainly installed in the measure taken APT crises.However, network security is pre-
Alert system is a kind of hardware based network security technology, and the security incident that can be directed in LAN carries out concluding always automatically
Knot, and early warning is carried out to network-wide security according to these data.But the threat for being hidden in being analyzed from mass data,
There is leak in above-mentioned defensive measure, and be difficult that all mass datas are analyzed, it is thus possible to can miss latent APT and attack
Hit, the precision of APT attack defendings is low.
Therefore it provides a kind of hawkeye early warning system, to be monitored in real time to network, timely and effective discovery network prestige
The side of body, and actively take a just and effective measure to avoid the loss thus brought, so as to ensure the network security of user, just turn into ability
Field technique personnel's urgent problem to be solved.
The content of the invention
It is an object of the invention to provide a kind of hawkeye early warning system, to be monitored in real time to network, timely and effective hair
Existing Cyberthreat, and actively take a just and effective measure to avoid the loss thus brought, so as to ensure the network security of user.
To achieve these goals, the present invention provides a kind of hawkeye early warning system, include study module, analog module,
Monitoring modular, processing module, alarm module and memory module;
The study module learns to the work station and the business datum of server that are accessed;
The analog module carries out simulation camouflage according to the learning data of the study module, and generates multiple with virtual
The virtual probe of data;
The monitoring modular is monitored to each virtual probe respectively;
The processing module receives the Monitoring Data of the monitoring modular, and judges threat etc. according to the Monitoring Data
Level, suspension is carried out according to the threat level or continues to monitor and sends alarm signal to the alarm module;
The alarm module receives the alarm signal, and alert;
The memory module is used for the processing data for storing the Monitoring Data and the processing module.
Preferably, the business datum includes the one or more in operating system, operation system and network node.
Preferably, the virtual data has one in the operating system, the operation system and the network node
Kind or a variety of local features.
Preferably, the virtual probe includes work station probe and probe server;The work station probe is multiple, institute
Work station topology is stated in each work station probe;The probe server is multiple, and the topology server is in each described
In probe server.
Preferably, the Monitoring Data includes the abnormal information of the virtual data and accesses host information, described different
One or more during often information is destroyed including the data sizing in the virtual probe, distorts and steal secret information;The access main frame
Information, which comprises at least to have, accesses host IP address and access time.
Preferably, the threat level is according to access-program is implanted into-distorts the grade of authority-qualitative destruction-replicate data
Set, in access level and program implantation grade, the processing module, which performs, continues monitoring order, is distorting authority, qualitative
When destruction, replicate data grade, processing module performs suspension order.
Preferably, the processing module is tracked according to the access host information, and recording, tracking information, described to chase after
Track information is stored to the memory module.
Preferably, the alarm is buzzer.
Preferably, in addition to event analysis module, the event analysis module transfer the processing data and carry out analysis remittance
Always, and generate summary and report.
Preferably, in addition to display module, the display module are used to show the summary and the report.
Beneficial effects of the present invention:
1st, by the way that the latent operation for a long time of substantial amounts of work station probe and probe server is simulated and hidden in user network, make
Above-mentioned probe is triggered when obtaining invader's invasion, probe is once triggered, and keeper 3 can receive warning information, then according to need
Ask and do follow-up disposal.
2nd, grasp the intention for accessing main frame in time according to the specifying information accessed in main frame triggering probe, and can chase after in time
Track and evidence obtaining.
3rd, by setting threat level effectively can confuse and trap invader, so as to hide the hiding true mesh of user
Mark, protect user kernel business core asset.
4th, attack information is carried out collecting association analysis, attack source and attack is formed into summary and report, for management
Person checks and disposed.
Brief description of the drawings
Fig. 1 is that hawkeye early warning system provided by the present invention disposes schematic diagram;
Fig. 2 is the structural representation of defence installation shown in Fig. 1.
Description of reference numerals:
1 is work station probe
2 be work station
3 be keeper
4 be probe server
5 be access main frame
6 be that defence installation 61 is that alarm module 62 is that display module 63 is that event analysis module 64 is memory module
65 be that processing module 66 is that study module 67 is that analog module 68 is monitoring modular
7 be server
Embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
The embodiment of figure description is exemplary, it is intended to for explaining the present invention, and is not considered as limiting the invention.
Refer to accompanying drawing 1 and Fig. 2, Fig. 1 is that hawkeye early warning system provided by the present invention disposes schematic diagram;Fig. 2 is Fig. 1 institutes
Show the structural representation of defence installation.
In a kind of embodiment, hawkeye early warning system provided by the invention, include study module 66, simulation mould
Block 67, monitoring modular 68, processing module 65, alarm module 61 and memory module 64;The study module 66 is to the work that is accessed
The business datum for making station 2 and server 7 is learnt;The analog module 67 enters according to the learning data of the study module 66
Row simulation camouflage, and generate multiple virtual probes with virtual data;The monitoring modular 68 is respectively to each virtual spy
Pin is monitored;The processing module 65 receives the Monitoring Data of the monitoring modular 68, and is judged according to the Monitoring Data
Threat level, suspension is carried out according to the threat level or continues to monitor and sends alarm signal to the alarm module 61;Institute
State alarm module 61 and receive the alarm signal, and alert;The memory module 64 is used to store the monitoring number
According to the processing data with the processing module 65.
The accessing user's interchanger of defence installation 6 that said system is formed, now business number of the study module 66 to user
According to being learnt, analog module 67 is simulated business datum, the business datum carry out portion in simulation process to being learnt
Divide and hide, convert so as to reach the purpose of camouflage, analog module 67 generates multiple virtual probes, each virtual probe after the completion of simulation
Topological structure is formed with work station 2 and server 7, each virtual probe is run simultaneously with work station 2 and server 7, is formed intensive
Network structure, each virtual probe is monitored to network condition in real time, each virtual probe feedback of monitoring module real-time reception
As a result, normal business personnel can only access the server 7 relevant with its work, and access main frame 5 to reach the mesh of invasion
, each node of network can be explored as possible, can touch virtual probe during exploration unavoidably, after virtual probe is triggered,
Monitoring modular 68 sends monitoring data to processing module 65, and processing module 65 is judged monitoring data according to threat level,
When judging that grade is in general grade, monitoring module continues to be monitored the virtual probe being triggered, and to alarm mould
Block 61 sends alarm signal, and it (can be acoustic information or to monitoring that alarm module 61, which receives alarm signal and alert,
Main frame sends attack prompting message), while be tracked and monitor to accessing main frame 5, obtain and grasp in time accessing main frame 5
Relevant information forms processing information, and processing information is stored to memory module 64, when judging grade menace level, handles mould
The work station 2 of monitoring or server 7 are carried out suspension operation by block 65, and the relevant information formation of the access main frame 5 of acquisition is handled
Information is stored to memory module 64, so as to avoid, by the network attack for accessing main frame 5, effectively avoiding the damage thus brought
Lose.
Run by being simulated in user network and hiding substantial amounts of virtual probe and hide for a long time, form the clothes that actual situation combines
The groups of Wu Qi 7 and the group of work station 2, and really server 7 and work station 2 are hidden in wherein, access main frame 5 in order to up to
To the purpose of invasion, each node of network can be explored as possible, and the virtual probe of arrangement will certainly be touched during exploration, is visited
Pin is once triggered, you can and warning information is sent, counter-measure is taken so as to timely and effective, and in above-mentioned virtual probe
Data be data by camouflage, obtain even if accessed main frame 5 and core information will not also be revealed, so as to ensure user's
It is safe to use.
Meanwhile system finally according to system come come judge access main frame 5 intention, so as to from the initial probe stage perceive prestige
It the presence of the side of body, can select to prevent at once, can continue to observation evidence obtaining.Using this initiative type safeguard technology, can effectively be confused
Puzzled and trapping invader, so as to hide the hiding real goal of user, protects user kernel business core asset.
Other the system can support virtual multiple network node and common system service, and based on active user's
Business intelligence learns and disposes probe, effectively meets the use demand of different user.
Be further understood that, the business datum include operating system, operation system and network node in one kind or
It is a variety of.Above-mentioned data enable to study module 66 effectively to be grasped to the overall condition of user, select one or more energy
Enough effectively carry out simulation camouflage for follow-up analog module 67 and effective data support is provided so that analog module 67 generates virtual
The disguise of probe is more preferably, fascinating stronger for accessing main frame 5, so as to effectively improve system to accessing being captured as main frame 5
Power, ensure the network security of user.
It is to be appreciated that above-mentioned business datum not only includes above-mentioned operating system, operation system and network node,
The relevant parameter of work station 2 and server 7 can also be included under the premise that security is guaranteed, so as to further improve virtual probe
Sensitivity, timely and effectively find access main frame 5 attack, adopt an effective measure by threaten eliminate in bud
In.
Further, the virtual data has in the operating system, the operation system and the network node
One or more local features.Above-mentioned virtual data has in operating system, operation system and the network node that user uses
One or more, can effectively ensure that analog module 67 generate virtual probe camouflage degree it is higher so that really work
Stand 2 and server 7 hide it is more hidden, while enable to generation virtual probe it is fascinating stronger, can by access master
Machine 5 is confused, and is further ensured that the network security of user, ensures that business core asset will not be lost.
Enter a ground, the virtual probe includes work station probe 1 and probe server 4;The work station probe 1 is more
Individual, the topology of work station 2 is in each work station probe 1;The probe server 4 is multiple, the topology of server 7
In each probe server 4.Virtual probe is divided into work station probe 1 and the two parts of probe server 4 can be realized pair
Monitored while work station 2 and server 7, avoid access main frame 5 from being attacked around a portion another part, realize
Multiple-protection, the security of user is effectively increased, while work station 2 and server 7 be respectively at multiple work station probes 1
In probe server 4, so as to form the fenestral fabric of solid, work station 2 and server 7, which are in, can wherein hide more
It is deep, and the virtual probe of surrounding can work station 2 and server 7 form heavy protection so that access main frame 5 be not easy to find it is real
Work station 2 and server 7, when especially accessing main frame 5 and being explored in so huge structure, easily trigger probe,
So as to the timely and effective threat for finding to access main frame 5, timely and effectively measure is taken to be tackled, so as to be further ensured that
The network of user is complete, ensures the core asset of user and will not incur loss.
It is pointed out that probe server 4, being directed to the syn of all of the port, (SYN is synchronous, is TCP/
IP establishes the handshake used during connection) detection record, and early warning;Work station probe, do not allow ping, also will not be to syn
Detecting early-warning.
Specifically, the Monitoring Data includes the abnormal information of the virtual data and accesses the information of main frame 5, described different
One or more during often information is destroyed including the data sizing in the virtual probe, distorts and steal secret information;The access main frame 5
Information, which comprises at least to have, accesses main frame 5IP addresses and access time.The abnormal information of above-mentioned monitoring data including virtual data and
The information of main frame 5 is accessed, when access main frame 5 carries out sizing destruction to the data in virtual probe, distorts and steal secret information, can be produced different
Normal information, the intention of attack main frame can be grasped in time by the abnormal information so that control system can be more targeted
Taken measures to accessing main frame 5, will threaten and eliminate in bud, the prison of visit capacity is also included in certain above-mentioned virtual data
Control, when visit capacity is frequent or increases severely in the short time, system can be tracked to accessing main frame 5, and close supervision accesses main frame 5
It is further contemplated that so as to timely and effectively carry out security monitoring to network, network security is effectively ensured;Access main frame simultaneously
5 information are the information by being obtained in time during monitoring, so that system can grasp the shape for accessing main frame 5 in time
Condition, the information such as the access main frame 5IP addresses for accessing main frame 5 and access time can be grasped in time in time when threatening,
Subsequently take measures to provide foundation for system, so that system subsequently takes counter-measure more to have specific aim.
Specifically, the threat level is according to access-program is implanted into-distorts the grade of authority-qualitative destruction-replicate data
Setting, in access level and program implantation grade, the processing module 65, which performs, continues monitoring order, is distorting authority, is determining
Property destroy, replicate data grade when, processing module 65 perform suspension order.Processing module 65 judges to attack against each other during above-mentioned threat level
The foundation whether behavior takes measures is hit, threat level is risen progressively from low to high, and danger classes gradually increases, and access level is set
For general grade, typically monitored, program implantation grade is set as alert level, close supervision is carried out, authority will be distorted
Grade, qualitative destruction grade and replicate data grade are set as danger classes, carry out emergent management and carry out close supervision;It is above-mentioned
Dangerous grade classification is enabled the system to carry out effectively analysis judgement according to specific grade so that system is adopted according to respective level
Corresponding treatment measures are taken, on the one hand can ensure network security, avoids user kernel assets from receiving loss, on the other hand can
Access main frame 5 is lost vigilance, timely and effectively traped, additionally is able to grasp the evidence of attack for accessing main frame 5,
Subsequently to take measures to provide strong evidence.
Specifically understand, the processing module 65 is tracked according to the access information of main frame 5, and recording, tracking is believed
Breath, the tracked information are stored to the memory module 64.Above-mentioned processing module 65 carries out net to the main frame of menace network safety
Network is followed the trail of, and the foundation of tracking is carried out to access the information, i.e., IP address, access time by accessing main frame 5 etc. of main frame 5, together
When in tracing process recording, tracking information, and tracked information is transmitted to memory module 64 in time and stored, by that will chase after
Track information is recorded and stored can provide data support for subsequent treatment, while data can be analyzed, for depositing
It is marked in the IP address of threat and blacklist is set, forbids the address main frame in blacklist to access, so as to further improve
The security of user network.
Further, the alarm is buzzer.Alarm is buzzer, is sent out after alarm receives alarm signal
Go out sound prompting user by Cyberthreat so that user can timely and effectively grasp system feedback situation, so as to adopt
Timely and effectively measure is taken, avoids, because the high threat of some danger classes is missed in user's carelessness, further ensuring user's
The safety of network.
Specifically, in addition to event analysis module 63, the event analysis module 63 are transferred the processing data and divided
Analysis collects, and generates summary and report.Above-mentioned time series analysis module transfers processing data from memory module 64 and carries out analysis remittance
Always, generation summary and report after collecting, user can be grasped by the related of Cyberthreat in time by browsing summary to report
Situation, such as danger classes, the IP address for accessing main frame 5, so as to be taken for the high access main frame 5 of some danger classes
Timely and effectively counter-measure, and by the intervention of keeper 3 and aid in the system to can effectively ensure that network is complete, while on
The positive evidence that access main frame 5 is attacked user can be turned into by stating summary and report, and user can lead according to the evidence to accessing
Machine 5 takes necessary measure, avoids user from receiving the loss of core asset.
Specifically, in addition to display module 62, the display module 62 are used to show the summary and the report.It is above-mentioned
Display module 62 will make a summary and report that carrying out display enables keeper 3 intuitively to see related information, so as to have in time
Grasp situation is imitated, and then takes necessary counter-measure, the network security of user is effectively ensured.
Beneficial effects of the present invention:
1st, by the way that the latent operation for a long time of substantial amounts of work station probe 1 and probe server 4 is simulated and hidden in user network,
So that invader triggers above-mentioned probe when invading, probe is once triggered, and keeper 3 can receive warning information, then basis
Demand does follow-up disposal.
2nd, the intention for accessing main frame 5 is grasped in time according to the specifying information accessed in the triggering probe of main frame 5, and can be timely
Tracking and evidence obtaining.
3rd, by setting threat level effectively can confuse and trap invader, so as to hide the hiding true mesh of user
Mark, protect user kernel business core asset.
4th, attack information is carried out collecting association analysis, attack source and attack is formed into summary and report, for management
Person checks and disposed.
The various embodiments described above are only the preferred embodiment of the present invention, in the art, every to be based on skill of the present invention
Changes and improvements in art scheme, it should not exclude outside protection scope of the present invention.
Claims (10)
1. a kind of hawkeye early warning system, it is characterised in that include study module (66), analog module (67), monitoring modular
(68), processing module (65), alarm module (61) and memory module (64);
The study module (66) learns to the work station (2) and the business datum of server (7) that are accessed;
The analog module (67) carries out simulation camouflage according to the learning data of the study module (66), and generates and multiple have
The virtual probe of virtual data;
The monitoring modular (68) is monitored to each virtual probe respectively;
The processing module (65) receives the Monitoring Data of the monitoring modular (68), and judges to threaten according to the Monitoring Data
Grade, suspension is carried out according to the threat level or continues to monitor and sends alarm signal to the alarm module (61);
The alarm module (61) receives the alarm signal, and alert;
The memory module (64) is used for the processing data for storing the Monitoring Data and the processing module (65).
2. hawkeye early warning system according to claim 1, it is characterised in that the business datum includes operating system, industry
One or more in business system and network node.
3. hawkeye early warning system according to claim 2, it is characterised in that the virtual data has the operation system
One or more local features in system, the operation system and the network node.
4. hawkeye early warning system according to claim 3, it is characterised in that the virtual probe includes work station probe
And probe server (4) (1);The work station probe (1) is multiple, and work station (2) topology is visited in each work station
In pin (1);The probe server (4) is multiple, and server (7) topology is in each probe server (4).
5. hawkeye early warning system according to claim 4, it is characterised in that the Monitoring Data includes the virtual number
According to abnormal information and access main frame (5) information, the abnormal information include the virtual probe in data sizing destroy, usurp
One or more in changing and stealing secret information;Described access main frame (5) information is comprised at least when having access main frame (5) IP address and accessing
Between.
6. hawkeye early warning system according to claim 5, it is characterised in that the threat level is planted according to access-program
The grade for entering-distorting authority-qualitative destruction-replicate data is set, in access level and program implantation grade, the processing mould
Block (65), which performs, continues monitoring order, and when distorting authority, qualitative destruction, replicate data grade, processing module (65) performs disconnected
Net order.
7. hawkeye early warning system according to claim 6, it is characterised in that the processing module (65) is according to the access
Main frame (5) information is tracked, and recording, tracking information, and the tracked information is stored to the memory module (64).
8. hawkeye early warning system according to claim 7, it is characterised in that the alarm is buzzer.
9. hawkeye early warning system according to claim 8, it is characterised in that described also including event analysis module (63)
Event analysis module (63) transfers the processing data and carries out analysis summary, and generates summary and report.
10. hawkeye early warning system according to claim 9, it is characterised in that also including display module (62), the display
Module (62) is used to show the summary and the report.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710759488.XA CN107547539A (en) | 2017-08-30 | 2017-08-30 | A kind of hawkeye early warning system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710759488.XA CN107547539A (en) | 2017-08-30 | 2017-08-30 | A kind of hawkeye early warning system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107547539A true CN107547539A (en) | 2018-01-05 |
Family
ID=60958976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710759488.XA Pending CN107547539A (en) | 2017-08-30 | 2017-08-30 | A kind of hawkeye early warning system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107547539A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115243246A (en) * | 2022-07-28 | 2022-10-25 | 国网安徽省电力有限公司淮北供电公司 | Safety alarm system based on big data informatization |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605074A (en) * | 2009-07-06 | 2009-12-16 | 中国人民解放军信息技术安全研究中心 | The method and system of communication behavioural characteristic monitoring wooden horse Network Based |
| JP2016181265A (en) * | 2012-05-01 | 2016-10-13 | ターセーラ, インコーポレイテッド | Systems and methods for provision of mobile security based on dynamic attestation |
| CN106992955A (en) * | 2016-01-20 | 2017-07-28 | 深圳市中电智慧信息安全技术有限公司 | APT fire walls |
| CN109067596A (en) * | 2018-09-21 | 2018-12-21 | 南京南瑞继保电气有限公司 | A kind of substation network security postures cognitive method and system |
-
2017
- 2017-08-30 CN CN201710759488.XA patent/CN107547539A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605074A (en) * | 2009-07-06 | 2009-12-16 | 中国人民解放军信息技术安全研究中心 | The method and system of communication behavioural characteristic monitoring wooden horse Network Based |
| JP2016181265A (en) * | 2012-05-01 | 2016-10-13 | ターセーラ, インコーポレイテッド | Systems and methods for provision of mobile security based on dynamic attestation |
| CN106992955A (en) * | 2016-01-20 | 2017-07-28 | 深圳市中电智慧信息安全技术有限公司 | APT fire walls |
| CN109067596A (en) * | 2018-09-21 | 2018-12-21 | 南京南瑞继保电气有限公司 | A kind of substation network security postures cognitive method and system |
Non-Patent Citations (2)
| Title |
|---|
| 董: "《基于虚拟化平台的主动防御技术研究》", 《中国优秀硕士论文辑》 * |
| 马锡坤等: "《基于探针的网络安全预警系统》", 《中国医疗设备》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115243246A (en) * | 2022-07-28 | 2022-10-25 | 国网安徽省电力有限公司淮北供电公司 | Safety alarm system based on big data informatization |
| CN115243246B (en) * | 2022-07-28 | 2024-02-06 | 国网安徽省电力有限公司淮北供电公司 | Safety alarm system based on big data informatization |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108234419A (en) | A kind of network attack monitoring method and device based on big data | |
| CN109889476A (en) | A kind of network safety protection method and network security protection system | |
| EP2922268B1 (en) | Autonomous detection of incongruous behaviors | |
| CN108259462A (en) | Big data Safety Analysis System based on mass network monitoring data | |
| Chimphlee et al. | Anomaly-based intrusion detection using fuzzy rough clustering | |
| CN106790292A (en) | The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis | |
| CN107888607A (en) | A kind of Cyberthreat detection method, device and network management device | |
| Cunningham et al. | Evaluating intrusion detection systems without attacking your friends: The 1998 DARPA intrusion detection evaluation | |
| CN109347814A (en) | A kind of container cloud security means of defence and system based on Kubernetes building | |
| CN110430190A (en) | Duplicity system of defense, construction method and full link based on ATT&CK defend implementation method | |
| CN112788008B (en) | Network security dynamic defense system and method based on big data | |
| CN108462714A (en) | A kind of APT systems of defense and its defence method based on system resilience | |
| CN107888887A (en) | A kind of video monitoring method for early warning and system for monitoring gas pipeline damage from third-party | |
| CN108600275B (en) | Threat context aware information security Active Defending System Against based on artificial intelligence | |
| CN110213226A (en) | Associated cyber attack scenarios method for reconstructing and system are recognized based on risk total factor | |
| CN106470188B (en) | Detection method, device and the security gateway of security threat | |
| CN107800685A (en) | Based on the intelligent security defense platform for threatening information | |
| CN103401838A (en) | Method for preventing botnet based on botnet program propagation behaviors | |
| CN107547539A (en) | A kind of hawkeye early warning system | |
| Yasinsac et al. | Honeytraps, a network forensic tool | |
| LaBar et al. | Honeypots: Security by deceiving threats | |
| CN108933754A (en) | Method for managing security based on the analysis of IT asset risk | |
| Agrawal et al. | A SURVEY ON ATTACKS AND APPROACHES OF INTRUSION DETECTION SYSTEMS. | |
| Karekar et al. | Perspective of decoy technique using mobile fog computing with effect to wireless environment | |
| TianYu et al. | Research on security threat assessment for power iot terminal based on knowledge graph |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180105 |