CN107562929A - The arrangement method and device of threat assets based on big data analysis - Google Patents
The arrangement method and device of threat assets based on big data analysis Download PDFInfo
- Publication number
- CN107562929A CN107562929A CN201710832026.6A CN201710832026A CN107562929A CN 107562929 A CN107562929 A CN 107562929A CN 201710832026 A CN201710832026 A CN 201710832026A CN 107562929 A CN107562929 A CN 107562929A
- Authority
- CN
- China
- Prior art keywords
- assets
- threat
- ranking
- asset
- network data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of arrangement method of the threat assets based on big data analysis, comprise the following steps:Industrial network data are received, and industrial network data are handled;The threat assets generated after processing are calculated and ranking, and the result after ranking is fed back and shown.This method can solve the problem that real time mass data are analyzed after the threat data that obtains and incidence relation be input, using improved PageRank algorithms, the assets ranking of asset threats weight can be reflected by providing, current asset threat condition can quickly further be reacted using the method, improvement to PageRank algorithms also reduces the expense of calculating, improves speed.The invention also discloses a kind of ranking device of the threat assets based on big data analysis.
Description
Technical field
The present invention relates to big data analysis technical field, more particularly to a kind of threat assets based on big data analysis
Arrangement method and device.
Background technology
With industrialization and the continuous mixing together of IT application process, industrial neck has been arrived in increasing information technology application
Domain.Data exchange is realized between management information network and production control network, it is no longer one only to cause industrial control system
The system of vertical operation, and with management system even internet interconnection.Industry has largely been used in industrial control system
Ethernet and private communication protocol carry out the integrated of industrial control system.It is the pc servers of large-scale use, pc end products, logical
With operating system and database so that common safety problem occurs in industrial control network on legacy network.
For the compromised situation of assets in reaction industry network, the mass data in a quick analytical industry network,
Can truly reflect that industrial assets receive threatens the good threat assets arrangement method of light and heavy degree and range of scatter particularly important.
The content of the invention
Based on this, it is necessary to the problem of existing for conventional art, there is provided a kind of threat assets based on big data analysis
Arrangement method and device, can solve the problem that the threat data obtained after analyzing real time mass data and incidence relation are
Input, using improved PageRank algorithms, provides the assets ranking that can reflect asset threats weight, further using this
Method can quickly react current asset threat condition, and the improvement to PageRank algorithms also reduces the expense of calculating, carries
High speed.
In a first aspect, the embodiments of the invention provide a kind of arrangement method of the threat assets based on big data analysis, institute
The method of stating includes:Industrial network data are received, and the industrial network data are handled, wherein, the industrial network number
According to for interconnect, web form gathers and what is transmitted includes a variety of industrial asset datas;To based on raw after asset data processing
Into threat assets calculated and ranking, and the result after ranking is fed back and shown.
In one of the embodiments, the reception industrial network data include:In predetermined period, set by fixed collection
Standby or mobile collection equipment completes the collection to the industrial network data.
In one of the embodiments, carrying out processing to the industrial network data includes:According to the default assets
More attribute of data impend judgement to the asset data, and generate the incidence relation of impacted assets and threaten class
Type scores, wherein, more attribute include:Assets white list, behavior white list and threat characteristics storehouse;According to described by shadow
The incidence relation and threat types scoring for ringing assets judge that the asset data threatens assets also for non-dispersive
It is that diffusivity threatens assets.
In one of the embodiments, it is the threat assets for desired asset that the non-dispersive, which threatens assets,.
In one of the embodiments, the diffusivity threatens assets to also continue to attack other after target of attack assets
The threat assets of assets or the threat assets based on current goal assets attack other assets.
In one of the embodiments, the threat assets generated after described pair of processing calculate to be included with ranking:To expanding
Dissipate property and threaten assets, using assets as node, using the threat value from source assets to purpose assets as side, by using
PageRank algorithms carry out asset threats integral and calculating;According to the PageRank integrations obtained in preset time period, threaten path
And threat types, incremental computations are carried out, generate Rank scores.
In one of the embodiments, the PageRank algorithms also include:It is newly-increased node to judge the assets, then root
The PageRank that newly-increased node is calculated according to all nodes relevant with newly-increased node is integrated;Or judge described with from source assets to mesh
Assets threat value if newly-increased side, then update the correspondence of all nodes after the threatening on path of the node
PageRank is integrated;Or using the threat value from source assets to purpose assets as side described in judging, if the side is already present
Side but threaten integration exist change, then more on new threat path after all nodes integration.
Second aspect, the embodiments of the invention provide a kind of computer-readable recording medium, the computer-readable storage
Computer program is stored with medium, the computer program realizes being counted based on big for above-mentioned first aspect when being executed by processor
According to the arrangement method of the threat assets of analysis.
The third aspect, the embodiments of the invention provide a kind of computer program product for including instruction, when the computer journey
When sequence product is run on computers so that computer performs the method described in above-mentioned first aspect.
Fourth aspect, the embodiments of the invention provide a kind of ranking device of the threat assets based on big data analysis, institute
Stating device includes:Receiving module, for receiving industrial network data, wherein, the industrial network data are adopted with interconnecting web form
What is collected and transmit includes a variety of industrial asset datas;Processing module, for handling the industrial network data;Calculate
Ranking module, for being calculated based on the threat assets that generate after asset data processing and ranking;Feedback and display
Module, for being fed back and being shown the result after ranking.
The arrangement method and device of threat assets provided by the invention based on big data analysis, receive industrial network number
According to, wherein, industrial network data are that web form gathers and what is transmitted includes a variety of industrial asset datas to interconnect, and to industry
Network data is handled;The threat assets generated after being handled based on asset data are calculated and ranking, and by after ranking
Result fed back and shown.This method and device can solve the problem that real time mass data are analyzed after the threat that obtains
Data and incidence relation are input, using improved PageRank algorithms, provide the assets that can reflect asset threats weight
Ranking, current asset threat condition can quickly further be reacted using the method, the improvement to PageRank algorithms also subtracts
The small expense calculated, improves speed.
Brief description of the drawings
Fig. 1 is a kind of flow of the arrangement method of threat assets based on big data analysis in one embodiment of the invention
Schematic diagram;And
Fig. 2 is the knot of the ranking device for the threat assets that a kind of reality in one embodiment of the invention is analyzed based on big data
Structure schematic diagram.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with drawings and Examples pair
The arrangement method and device of threat assets of the present invention based on big data analysis are further elaborated.It should be appreciated that this
The specific embodiment of place description is not intended to limit the present invention only to explain the present invention.
As shown in figure 1, the stream of the arrangement method for a kind of threat assets based on big data analysis in one embodiment
Journey schematic diagram, specifically includes following steps:
Step 102, industrial network data are received, and industrial network data are handled.Industrial network data are to interconnect
What web form was gathered and transmitted includes a variety of industrial asset datas.
In the present embodiment, receiving industrial network data includes:In predetermined period, by fixed collecting device or mobile collection
Equipment completes the collection to industrial network data.
Further, carrying out processing to industrial network data includes:According to more attribute of default asset data to money
Production data impend judgements, and generate the incidence relation of impacted assets and threat types score, wherein, more attribute bags
Include:Assets white list, behavior white list and threat characteristics storehouse;Commented according to the incidence relation of impacted assets and threat types
Divide and judge that asset data threatens assets or diffusivity to threaten assets for non-dispersive.
It should be noted that it is the threat assets for desired asset that non-dispersive, which threatens assets,;Diffusivity threatens assets
To also continue to attack the threat assets of other assets after target of attack assets or attacking other moneys based on current goal assets
The threat assets of production.
Step 104, the threat assets generated after being handled based on asset data are calculated and ranking, and by after ranking
As a result fed back and shown.
In the present embodiment, the threat assets generated after processing calculate to be included with ranking:Assets are threatened to diffusivity,
Using assets as node, using the threat value from source assets to purpose assets as side, provided by using PageRank algorithms
Production threatens integral and calculating;According to the PageRank integrations obtained in preset time period, path is threatened (to threaten path to be obtained to be new herein
The threat path arrived) and threat types, incremental computations are carried out, generate Rank scores.
Further, PageRank algorithms also include:It is newly-increased node to judge assets, then according to relevant with newly-increased node
All nodes calculate the PageRank integrations of newly-increased node;Or judge with the threat value from source assets to purpose assets if new
Increase side, then update all corresponding PageRank integrations for threatening all nodes afterwards on path in the node;Or judge with from
Source assets to purpose assets threat value as side, if this while for it is already present while but threaten integration exist change, update
The integration of all nodes after threatening on path.
The arrangement method of threat assets provided by the invention based on big data analysis, receives industrial network data, and right
Industrial network data are handled, wherein, industrial network data gather and transmit to interconnect web form comprising a variety of industrial
Asset data;The threat assets generated after being handled based on asset data are calculated and ranking, and the result after ranking is entered
Row feedback and display.This method can solve the problem that real time mass data are analyzed after the threat data and incidence relation that obtain
For input, using improved PageRank algorithms, the assets ranking that can reflect asset threats weight is provided, is further used
The method can quickly react current asset threat condition, and the improvement to PageRank algorithms also reduces the expense of calculating,
Improve speed.
Based on same inventive concept, a kind of ranking device of the threat assets based on big data analysis is additionally provided.Due to
The principle that this device solves problem is similar to a kind of foregoing arrangement method of the threat assets based on big data analysis, therefore, should
Device is implemented to repeat part according to the specific steps time limit of preceding method and repeat no more.
As shown in Fig. 2 the knot of the ranking device for a kind of threat assets based on big data analysis in one embodiment
Structure schematic diagram.The ranking device 10 of the threat assets based on big data analysis includes:Receiving module 200, processing module 400,
Calculated for rank module 600 and feedback and display module 800.
Wherein, receiving module 200 is used to receive industrial network data, wherein, industrial network data are adopted with interconnecting web form
What is collected and transmit includes a variety of industrial asset datas;Processing module 400 is used to handle industrial network data;The row of calculating
Name module 600 is used to calculate the threat assets generated after handling based on asset data and ranking;Feedback and display module
800 are used to the result after ranking is fed back and shown.
The ranking device of threat assets provided by the invention based on big data analysis, work is received by receiving module 200
Industry network data, then industrial network data are handled by processing module 400, wherein, industrial network data are with internet
What form was gathered and transmitted includes a variety of industrial asset datas;Again by calculated for rank module 600 at based on asset data
The threat assets generated after reason are calculated and ranking, carry out the result after ranking with display module 800 eventually through feedback
Feedback and display.The device can solve the problem that real time mass data are analyzed after the threat data that obtains and incidence relation be
Input, using improved PageRank algorithms, provides the assets ranking that can reflect asset threats weight, further using this
Method can quickly react current asset threat condition, and the improvement to PageRank algorithms also reduces the expense of calculating, carries
High speed.
The embodiment of the present invention additionally provides a kind of computer-readable recording medium.Stored on the computer-readable recording medium
There is computer program, the program is by computing device in Fig. 1.
The embodiment of the present invention additionally provides a kind of computer program product for including instruction.When the computer program product exists
When being run on computer so that the method that computer performs above-mentioned Fig. 1.
One of ordinary skill in the art will appreciate that realize all or part of flow in above-described embodiment method, being can be with
The hardware of correlation is instructed to complete by computer program, described program can be stored in a computer read/write memory medium
In, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic
Dish, CD, read-only memory (Read-OnlyMemory, ROM) or random access memory
(RandomAccessMemory, RAM) etc..
Each technical characteristic of embodiment described above can be combined arbitrarily, to make description succinct, not to above-mentioned reality
Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, the scope that this specification is recorded all is considered to be.
Embodiment described above only expresses the several embodiments of the present invention, and its description is more specific and detailed, but simultaneously
Therefore the limitation to the scope of the claims of the present invention can not be interpreted as.It should be pointed out that for one of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the guarantor of the present invention
Protect scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (9)
1. a kind of arrangement method of the threat assets based on big data analysis, methods described include:
Industrial network data are received, and the industrial network data are handled, wherein, the industrial network data are with mutual
What networked forms were gathered and transmitted includes a variety of industrial asset datas;
To being calculated based on the threat assets that generate after asset data processing and ranking, and the result after ranking is carried out
Feedback and display.
2. according to the method for claim 1, wherein, the reception industrial network data include:In predetermined period, by solid
Determine the collection of collecting device or the completion of mobile collection equipment to the industrial network data.
3. according to the method for claim 1, wherein, carrying out processing to the industrial network data includes:According to default
More attribute of the asset data impend judgement to the asset data, and generate the incidence relations of impacted assets with
And threat types scoring, wherein, more attribute include:Assets white list, behavior white list and threat characteristics storehouse;
Judge the asset data to be non-according to the incidence relation of the impacted assets and threat types scoring
Diffusivity threatens assets or diffusivity to threaten assets.
4. according to the method for claim 3, wherein, it is the threat money for desired asset that the non-dispersive, which threatens assets,
Production.
5. according to the method for claim 3, wherein, the diffusivity threatens assets to be also continued to after target of attack assets
Attack the threat assets of other assets or the threat assets based on current goal assets attack other assets.
6. according to the method for claim 1, wherein, described pair based on the threat assets generated after asset data processing
Calculate includes with ranking:Assets are threatened to diffusivity, using assets as node, with from source assets to the threat of purpose assets
Value is used as side, and asset threats integral and calculating is carried out by using PageRank algorithms;
According to the PageRank integrations obtained in preset time period, path and threat types are threatened, carry out incremental computations, generation
Rank scores.
7. according to the method for claim 6, wherein, the PageRank algorithms also include:It is newly-increased to judge the assets
Node, then the PageRank integrations of newly-increased node are calculated according to all nodes relevant with newly-increased node;Or judge it is described with from
Source assets to purpose assets threat value if newly-increased side, then update it is all on the threat path of the node after all sections
The corresponding PageRank integrations of point;Or using the threat value from source assets to purpose assets as side described in judging, if the side is
Already present side but threaten integration exist change, then more on new threat path after all nodes integration.
8. a kind of computer-readable recording medium, wherein, computer program, institute are stored with the computer-readable recording medium
State the method realized when computer program is executed by processor as described in claim any one of 1-7.
9. a kind of ranking device of the threat assets based on big data analysis, described device include:
Receiving module, for receiving industrial network data, wherein, the industrial network data are gathered and transmitted to interconnect web form
Include a variety of industrial asset datas;
Processing module, for handling the industrial network data;
Calculated for rank module, for being calculated based on the threat assets that generate after asset data processing and ranking;
Feedback and display module, for being fed back and being shown the result after ranking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710832026.6A CN107562929A (en) | 2017-09-15 | 2017-09-15 | The arrangement method and device of threat assets based on big data analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710832026.6A CN107562929A (en) | 2017-09-15 | 2017-09-15 | The arrangement method and device of threat assets based on big data analysis |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107562929A true CN107562929A (en) | 2018-01-09 |
Family
ID=60981086
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710832026.6A Pending CN107562929A (en) | 2017-09-15 | 2017-09-15 | The arrangement method and device of threat assets based on big data analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107562929A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160014078A1 (en) * | 2014-07-10 | 2016-01-14 | Sven Schrecker | Communications gateway security management |
| CN105844169A (en) * | 2015-01-15 | 2016-08-10 | 中国移动通信集团安徽有限公司 | Method and device for information safety metrics |
| CN105871882A (en) * | 2016-05-10 | 2016-08-17 | 国家电网公司 | Network-security-risk analysis method based on network node vulnerability and attack information |
| CN106537874A (en) * | 2014-07-28 | 2017-03-22 | 通用电气智能平台有限公司 | Apparatus and method for security of industrial control networks |
-
2017
- 2017-09-15 CN CN201710832026.6A patent/CN107562929A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160014078A1 (en) * | 2014-07-10 | 2016-01-14 | Sven Schrecker | Communications gateway security management |
| CN106537874A (en) * | 2014-07-28 | 2017-03-22 | 通用电气智能平台有限公司 | Apparatus and method for security of industrial control networks |
| CN105844169A (en) * | 2015-01-15 | 2016-08-10 | 中国移动通信集团安徽有限公司 | Method and device for information safety metrics |
| CN105871882A (en) * | 2016-05-10 | 2016-08-17 | 国家电网公司 | Network-security-risk analysis method based on network node vulnerability and attack information |
Non-Patent Citations (1)
| Title |
|---|
| 李国玉 等: "基于分布式PageRank 算法的可疑目标挖掘", 《高技术通讯》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210019674A1 (en) | Risk profiling and rating of extended relationships using ontological databases | |
| Aghdam et al. | Feature selection for intrusion detection system using ant colony optimization. | |
| Alkasassbeh et al. | Detecting distributed denial of service attacks using data mining techniques | |
| Husain et al. | Development of an efficient network intrusion detection model using extreme gradient boosting (XGBoost) on the UNSW-NB15 dataset | |
| Yang et al. | Distributed agents model for intrusion detection based on AIS | |
| CN107196930A (en) | Method, system and the mobile terminal of computer network abnormality detection | |
| Liu et al. | Riemannian manifold on stream data: Fourier transform and entropy-based DDoS attacks detection method | |
| Sharma et al. | Detection of Mirai Botnet Attacks on IoT devices Using Deep Learning | |
| Lynnyk et al. | DDOS Attacks Analysis Based on Machine Learning in Challenges of Global Changes. | |
| CN110457558A (en) | The recognition methods and device of network navy, storage medium and processor | |
| Silva et al. | A statistical analysis of intrinsic bias of network security datasets for training machine learning mechanisms | |
| Adiban et al. | A step-by-step training method for multi generator GANs with application to anomaly detection and cybersecurity | |
| CN108055166A (en) | A kind of the state machine extraction system and its extracting method of the application layer protocol of nesting | |
| CN107231383A (en) | The detection method and device of CC attacks | |
| Petersen | Data mining for network intrusion detection: A comparison of data mining algorithms and an analysis of relevant features for detecting cyber-attacks | |
| Bharathula et al. | Equitable machine learning algorithms to probe over p2p botnets | |
| CN115643108B (en) | Safety assessment method, system and product for industrial Internet edge computing platform | |
| CN102611714B (en) | Based on the network intrusions Forecasting Methodology of contact discovery technique | |
| CN107562929A (en) | The arrangement method and device of threat assets based on big data analysis | |
| Li et al. | Web application-layer DDOS attack detection based on generalized Jaccard similarity and information entropy | |
| Prashanthi et al. | A Feed-Forward and Back Propagation Neural Network Approach for Identifying Network Anomalies | |
| Akintade et al. | Explaining Machine Learning-Based Feature Selection of IDS for IoT and CPS Devices | |
| Ivanushchak et al. | Information technologies for analysis and modeling of computer network’s development | |
| Sneh et al. | Empirical investigation of IoT traffic in smart environments: characteristics, research gaps and recommendations | |
| Vieira et al. | A Comparative Analysis of Machine Learning Algorithms for Distributed Intrusion Detection in IoT Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180109 |
|
| RJ01 | Rejection of invention patent application after publication |