CN107689958B - Network audit subsystem applied to cloud audit system - Google Patents
Network audit subsystem applied to cloud audit system Download PDFInfo
- Publication number
- CN107689958B CN107689958B CN201710782913.7A CN201710782913A CN107689958B CN 107689958 B CN107689958 B CN 107689958B CN 201710782913 A CN201710782913 A CN 201710782913A CN 107689958 B CN107689958 B CN 107689958B
- Authority
- CN
- China
- Prior art keywords
- network
- data
- flow
- module
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012550 audit Methods 0.000 title claims abstract description 35
- 238000004458 analytical method Methods 0.000 claims abstract description 31
- 238000012545 processing Methods 0.000 claims abstract description 30
- 238000001514 detection method Methods 0.000 claims abstract description 4
- 239000013598 vector Substances 0.000 claims description 55
- 239000003795 chemical substances by application Substances 0.000 claims description 15
- 238000005516 engineering process Methods 0.000 claims description 15
- 238000001914 filtration Methods 0.000 claims description 15
- 230000002159 abnormal effect Effects 0.000 claims description 9
- 101150030531 POP3 gene Proteins 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 3
- 238000007781 pre-processing Methods 0.000 claims description 3
- 238000007689 inspection Methods 0.000 abstract description 4
- 238000012038 vulnerability analysis Methods 0.000 abstract description 2
- 238000011161 development Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000004927 fusion Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000000034 method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000013481 data capture Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000007634 remodeling Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network auditing subsystem applied to a cloud auditing system, which comprises a network auditing processing engine, a network auditing processing engine and a network auditing server, wherein the network auditing processing engine is used for auditing the flow of a virtual machine and the flow of a physical machine in a network, which are acquired from cloud data; the host flow collection agent is used for collecting the flow of the virtual machine and distributing the flow to the network audit processing engine; and the network flow acquisition agent is used for acquiring the flow of the physical machine and distributing the flow to the network audit processing engine. The overall goal is to obtain network data packets from network devices, hosts, etc. for analysis and recording through certain rules and policy settings. By writing all the obtained network access records into the database, the system can perform network security vulnerability analysis, intrusion detection and other work, can provide data for an audit data center for analysis, display and the like, and the data can be stored in the database for later inspection.
Description
Technical Field
The invention relates to a subsystem of cloud application, in particular to a network auditing subsystem applied to a cloud auditing system.
Background
Cloud computing is a brand-new leading information technology, and combines IT technology and the Internet to realize super computing and high storage capacity. The driving force for promoting the rise of cloud computing is the development of technologies such as high-speed internet, virtualization technology, cheaper and powerful chips and hard disks, data centers and the like. Cloud computing can be regarded as a product of development and fusion of traditional computer and network technologies, such as distributed computing, parallel computing, utility computing, network storage, virtualization, load balancing and the like. There are many key technologies involved in cloud computing, including: communication, large-scale distributed storage technology, mass data processing technology, resource management and virtualization technology and the like. Big data (big data), or huge data, refers to the data which is too large to be captured, managed, processed and organized in a reasonable time by the current mainstream software tools to help the enterprise to make business decisions more positive. Big data has 4V characteristics: volume (bulk), Velocity (high speed), Variety (multiple), Value (Value). Large data requires special techniques to efficiently process large amounts of data that are tolerant of elapsed time. The coming of the mobile internet plus means the coming of the era of cross-border fusion, innovation drive, structure remodeling, humanity honoring and open ecology. The mobile internet plus is the internet plus all traditional industries, and the internet and the traditional industries are deeply integrated by utilizing a computer technology, an information communication technology, a cloud computing technology and an internet platform, so that a new development state is created. The era of big data and cloud computing has penetrated into the fields of various industries and business functions and becomes an important component. According to the definition of an authoritative NIST, the existing cloud computing is mainly divided into three service modes, namely an infrastructure as service (iaas), which mainly provides infrastructure services for users, including computers, servers, firewalls, storage devices, network devices and the like; a platform, namely a Platform As A Service (PAAS), which mainly provides an application development, test and deployment platform for a user, namely, a complete system platform, including application design, application development, application test, application deployment and application hosting, is provided for the user as a service; software is a service saas (software as a service), and is mainly used for providing software such as application programs for users. It can be said that the three service modes of cloud computing are all from the perspective of hardware devices.
The auditing workload of the power grid big data system is huge, and the audited data is not comprehensive enough, so that the current auditing system cannot complete the auditing requirement of the power grid big data system at all.
Disclosure of Invention
In order to solve the technical problem, the invention aims to provide a network auditing subsystem applied to a cloud auditing system.
The invention relates to a network audit subsystem applied to a cloud audit system, which is characterized by comprising the following steps:
the network auditing processing engine is used for auditing the virtual machine flow and the physical machine flow in the network, which are acquired from the cloud data; the host flow collection agent is used for collecting the flow of the virtual machine and distributing the flow to the network audit processing engine; the network flow collection agent is used for collecting the flow of the physical machine and distributing the flow to the network audit processing engine;
the network audit processing engine further comprises:
and the network data processing module is used for performing distributed processing on the network data by adopting a distributed real-time online analysis system. The module firstly subscribes a feature vector theme, reads data from kafka, performs preprocessing, and serializes the data into an avro form; then, carrying out feature vector processing; finally writing kafka and HDFS;
the network data rule matching module is used for judging whether the network data is a non-authenticity network protocol or not through the deep packet detection technology identification of the characteristic vector, judging whether the network data is abnormal or not through matching the characteristic vector and the network access baseline, judging whether the network data is illegal external connection of the server or not through matching the characteristic vector and the external connection baseline of the server, and judging whether the network data is abnormal service or not through matching the characteristic vector and the open port baseline; when any judgment is abnormal, alarm information is generated;
the network data index module is used for generating a distributed index for the data stored in a distributed mode;
the strategy database is used for storing an auditing strategy, a packet capturing and filtering strategy and a directional packet capturing strategy;
the host traffic collection agent further comprises:
the packet capturing module is used for capturing the network traffic of the external virtual machine traffic source and filtering the network traffic according to a filtering strategy;
the protocol identification module is used for identifying a source ip, a destination ip, a source port, a destination port, a network layer protocol and an application layer protocol of network flow;
the general characteristic vector analysis module is used for extracting information of a network layer and a transmission layer according to packets and extracting flow information; analyzing and reporting the characteristic vector of a syn packet for the session of the tcp protocol; analyzing and reporting a first packet for the session of the udp protocol; parsing the stream-based feature vectors;
the distribution module is used for distributing the data packet to the buffer queue; the number of the cache queues is established according to the configuration file and is matched with the established depth eigenvector analysis threads, and each depth eigenvector analysis thread corresponds to one cache queue; data packets on the same data flow are placed in the same cache queue, and data packets on the newly-built data flow are selected in each cache queue in turn;
the depth feature vector analysis module is used for starting more than one depth feature vector analysis thread and dynamically selecting a corresponding depth feature vector analysis plug-in for analysis according to the application type of the data packet;
the strategy receiving module is used for reading the packet capturing filtering strategy from the strategy database and reading the directional packet capturing strategy from the strategy database; updating a packet capturing filtering strategy and a directional packet capturing strategy at a set time interval;
the directional packet capturing module is used for executing a directional packet capturing command sent by the upper system and feeding back a captured data packet to the upper system through the data reporting module;
the data reporting module is used for feeding back the captured data packet to the upper system through a data channel; reporting the general characteristic vector to an upper system through a data channel; reporting the depth feature vector to an upper computer through a data channel; reporting the directional packet to an upper system in a pcap file form through a data channel, or locally storing the directional packet in a file form;
the network flow collection agent has the same structure as the host flow collection agent, and the collection object of the packet capturing is an external physical machine flow source.
The depth feature vector analysis plug-ins comprise http plug-ins, smtp/pop3 plug-ins, ftp plug-ins, dns plug-ins, ssh plug-ins and telnet plug-ins.
The network data index module comprises two input sources, wherein the first input source is that a network data processing module extracts a characteristic vector from network data and writes the characteristic vector into the HDFS, then an index building program is informed through a Zookeeper to build an index, and the characteristic vector in the HDFS is written into the index; the second input source is that the network data rule matching module writes the alarm data into kafka, and then the index establishing program reads the kafka to establish an index.
The network auditing subsystem applied to the cloud auditing system provided by the invention has the overall aim of acquiring network data packets from network equipment, a host and the like for analysis and recording through certain rule and strategy setting. By writing all the obtained network access records into the database, the system can perform network security vulnerability analysis, intrusion detection and other work, can provide data for an audit data center for analysis, display and the like, and the data can be stored in the database for later inspection. According to the characteristics of cloud computing, the devices are divided into two categories, namely physical devices and virtual devices, for example, switches are divided into two categories, namely physical switches and virtual switches, and hosts are divided into two categories, namely physical hosts and virtual hosts. Therefore, in the cloud auditing system, auditing needs to be performed on both types of equipment. In the design target of the network auditing system, network communication data of physical equipment and virtual equipment need to be acquired simultaneously, different rules are filtered according to the characteristics of the network communication data, and the generated structure can be stored in different base tables. When the audit center reads data, the data of different types of equipment can be distinguished. The network audit should realize high-performance data capture and database write-in operations, the condition of performance bottleneck or packet loss should not occur in the network audit, and all data which are matched according to the rules must be correctly written in the database for the audit center to refer.
Drawings
FIG. 1 is a schematic diagram of an application environment of a network audit center subsystem according to the present invention;
fig. 2 is a schematic structural diagram of a network audit center subsystem according to the present invention.
Detailed Description
As shown in fig. 1 and 2, the network audit subsystem, the comprehensive display management center subsystem, the audit data center subsystem and the log audit subsystem, which are applied to the cloud audit system, form a cloud audit system. The comprehensive display management center subsystem is externally connected with a cloud resource management platform, is connected with the audit data center subsystem in a downlink manner and is used for managing the safety of the system and the cooperative operation of each functional subsystem; the system comprises an audit data center subsystem, a log audit subsystem and a network audit subsystem, wherein the audit data center subsystem is connected with the log audit subsystem and the network audit subsystem in a downlink manner; the log auditing subsystem is connected with an external log source; and the network auditing subsystem is independently connected with an external virtual machine flow source and an external physical machine flow source. The log auditing subsystem comprises an association rule base, and the network auditing subsystem comprises an auditing rule base.
The network auditing subsystem of the invention comprises: the network auditing processing engine is used for auditing the virtual machine flow and the physical machine flow in the network, which are acquired from the cloud data; the host flow collection agent is used for collecting the flow of the virtual machine and distributing the flow to the network audit processing engine; and the network flow acquisition agent is used for acquiring the flow of the physical machine and distributing the flow to the network audit processing engine.
The network audit processing engine further comprises: the network data processing module is used for performing distributed processing on network data by adopting a distributed real-time online analysis system Storm, firstly subscribing a feature vector theme, reading the data from kafka, performing preprocessing, and serializing the data into an avro form; then, carrying out feature vector processing; finally writing kafka and HDFS. The network data rule matching module is used for judging whether the network data is a non-authenticity network protocol or not through a DPI (Deep Packet Inspection) identifier of the characteristic vector, namely a Deep Packet Inspection technology identifier, judging whether the network data is abnormal or not through matching the characteristic vector and a network access baseline, judging whether the network data is illegal external connection of the server or not through matching the characteristic vector and the external connection baseline of the server, and judging whether the network data is abnormal service or not through matching the characteristic vector and the open port baseline; and when any judgment is abnormal, alarm information is generated. And the network data index module is used for generating a distributed index for the data stored in a distributed mode. And the strategy database is used for storing an auditing strategy, a packet capturing and filtering strategy and a directional packet capturing strategy.
The host traffic collection agent further comprises: and the packet capturing module is used for capturing the network traffic of the external virtual machine traffic source and filtering according to the filtering strategy. And the protocol identification module is used for identifying a source ip, a destination ip, a source port, a destination port, a network layer protocol and an application layer protocol of the network flow. The general characteristic vector analysis module is used for extracting information of a network layer and a transmission layer according to packets and extracting flow information; analyzing and reporting the characteristic vector of a syn packet for the session of the tcp protocol; analyzing and reporting a first packet for the session of the udp protocol; the flow-based feature vector is parsed. The distribution module is used for distributing the data packet to the buffer queue; the number of the cache queues is established according to the configuration file and is matched with the established depth eigenvector analysis threads, and each depth eigenvector analysis thread corresponds to one cache queue; and the data packets on the same data flow are placed in the same buffer queue, and the data packets on the newly-built data flow are selected in each buffer queue in turn. And the depth feature vector analysis module is used for starting more than one depth feature vector analysis thread and dynamically selecting the corresponding depth feature vector analysis plug-in for analysis according to the application type of the data packet. The strategy receiving module is used for reading the packet capturing filtering strategy from the strategy database and reading the directional packet capturing strategy from the strategy database; and updating the packet capturing filtering strategy and the directional packet capturing strategy at a set time interval. And the directional packet capturing module is used for executing a directional packet capturing command sent by the upper system and feeding back the captured data packet to the upper system through the data reporting module. The data reporting module is used for feeding back the captured data packet to the upper system through a data channel; reporting the general characteristic vector to an upper system through a data channel; reporting the depth feature vector to an upper computer through a data channel; and reporting the oriented packet to an upper system in a pcap file form through a data channel, or locally storing the oriented packet in a file form.
The network flow collection agent has the same structure as the host flow collection agent, and the collection object of the packet capturing is an external physical machine flow source.
The depth feature vector analysis plug-ins comprise http plug-ins, smtp/pop3 plug-ins, ftp plug-ins, dns plug-ins, ssh plug-ins and telnet plug-ins.
The network data index module comprises two input sources, wherein the first input source is that a network data processing module extracts a characteristic vector from network data and writes the characteristic vector into the HDFS, then an index building program is informed through a Zookeeper to build an index, and the characteristic vector in the HDFS is written into the index; the second input source is that the network data rule matching module writes the alarm data into kafka, and then the index establishing program reads the kafka to establish an index.
It will be apparent to those skilled in the art that various other changes and modifications may be made in the above-described embodiments and concepts and all such changes and modifications are intended to be within the scope of the appended claims.
Claims (1)
1. A network audit subsystem applied to a cloud audit system is characterized by comprising:
the network auditing processing engine is used for auditing the virtual machine flow and the physical machine flow in the network, which are acquired from the cloud data; the host flow collection agent is used for collecting the flow of the virtual machine and distributing the flow to the network audit processing engine; the network flow collection agent is used for collecting the flow of the physical machine and distributing the flow to the network audit processing engine;
the network audit processing engine further comprises:
the network data processing module is used for performing distributed processing on network data by adopting a distributed real-time online analysis system, firstly subscribing a feature vector theme, reading the data from the kafka, performing preprocessing, serializing the data into an avro form, then performing feature vector processing, and finally writing the characteristic vector into the kafka and the HDFS;
the network data rule matching module is used for judging whether the network data is a non-authenticity network protocol or not through the deep packet detection technology identification of the characteristic vector, judging whether the network data is abnormal or not through matching the characteristic vector and the network access baseline, judging whether the network data is illegal external connection of the server or not through matching the characteristic vector and the external connection baseline of the server, and judging whether the network data is abnormal service or not through matching the characteristic vector and the open port baseline; when any judgment is abnormal, alarm information is generated;
the network data index module is used for generating a distributed index for the data stored in a distributed mode;
the strategy database is used for storing an auditing strategy, a packet capturing and filtering strategy and a directional packet capturing strategy;
the host traffic collection agent further comprises:
the packet capturing module is used for capturing the network traffic of the external virtual machine traffic source and filtering the network traffic according to a filtering strategy;
the protocol identification module is used for identifying a source ip, a destination ip, a source port, a destination port, a network layer protocol and an application layer protocol of network flow;
the general characteristic vector analysis module is used for extracting information of a network layer and a transmission layer according to packets and extracting flow information; analyzing and reporting the characteristic vector of a syn packet for the session of the tcp protocol; analyzing and reporting a first packet for the session of the udp protocol; parsing the stream-based feature vectors;
the distribution module is used for distributing the data packet to the buffer queue; the number of the cache queues is established according to the configuration file and is matched with the established depth eigenvector analysis threads, and each depth eigenvector analysis thread corresponds to one cache queue; data packets on the same data flow are placed in the same cache queue, and data packets on the newly-built data flow are selected in each cache queue in turn;
the depth feature vector analysis module is used for starting more than one depth feature vector analysis thread and dynamically selecting a corresponding depth feature vector analysis plug-in for analysis according to the application type of the data packet;
the strategy receiving module is used for reading the packet capturing filtering strategy from the strategy database and reading the directional packet capturing strategy from the strategy database; updating a packet capturing filtering strategy and a directional packet capturing strategy at a set time interval;
the directional packet capturing module is used for executing a directional packet capturing command sent by the upper system and feeding back a captured data packet to the upper system through the data reporting module;
the data reporting module is used for feeding back the captured data packet to the upper system through a data channel; reporting the general characteristic vector to an upper system through a data channel; reporting the depth feature vector to an upper computer through a data channel; reporting the directional packet to an upper system in a pcap file form through a data channel, or locally storing the directional packet in a file form;
the network flow collection agent has the same structure as the host flow collection agent, and the collection object of the packet capturing is an external physical machine flow source;
the network data index module comprises two input sources, wherein the first input source is that a network data processing module extracts a characteristic vector from network data and writes the characteristic vector into the HDFS, then an index building program is informed through a Zookeeper to build an index, and the characteristic vector in the HDFS is written into the index; the second input source is that the network data rule matching module writes the alarm data into kafka, and then an index establishing program reads the kafka to establish an index;
the depth feature vector analysis plug-ins comprise http plug-ins, smtp/pop3 plug-ins, ftp plug-ins, dns plug-ins, ssh plug-ins and telnet plug-ins.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710782913.7A CN107689958B (en) | 2017-09-03 | 2017-09-03 | Network audit subsystem applied to cloud audit system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710782913.7A CN107689958B (en) | 2017-09-03 | 2017-09-03 | Network audit subsystem applied to cloud audit system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107689958A CN107689958A (en) | 2018-02-13 |
CN107689958B true CN107689958B (en) | 2021-07-13 |
Family
ID=61155847
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710782913.7A Active CN107689958B (en) | 2017-09-03 | 2017-09-03 | Network audit subsystem applied to cloud audit system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107689958B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108809748A (en) * | 2018-03-26 | 2018-11-13 | 北京天融信网络安全技术有限公司 | Network audit collecting method and related device, equipment and storage medium |
CN109639592B (en) * | 2018-12-11 | 2023-01-06 | 武汉奥浦信息技术有限公司 | Rapid data analysis method and device based on ten-gigabit traffic |
CN110598423B (en) * | 2019-08-05 | 2021-06-01 | 杭州安恒信息技术股份有限公司 | Database account management method |
CN112235309B (en) * | 2020-10-19 | 2022-05-06 | 四川师范大学 | Multi-scale detection system for hidden channel of cloud platform network |
CN113626198B (en) * | 2021-08-19 | 2024-03-26 | 上海观安信息技术股份有限公司 | Database flow load balancing system and method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013149371A1 (en) * | 2012-04-01 | 2013-10-10 | Empire Technology Development Llc | Machine learning for database migration source |
CN106533838A (en) * | 2016-11-30 | 2017-03-22 | 国云科技股份有限公司 | Service characteristic time-sequence data packet collecting method facing cloud platform |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101262491A (en) * | 2008-04-02 | 2008-09-10 | 王京 | Application layer network analysis method and system |
CN103188112B (en) * | 2011-12-28 | 2016-09-07 | 阿里巴巴集团控股有限公司 | Network flow detection method and device |
US10057546B2 (en) * | 2014-04-10 | 2018-08-21 | Sensormatic Electronics, LLC | Systems and methods for automated cloud-based analytics for security and/or surveillance |
CN106294357B (en) * | 2015-05-14 | 2019-07-09 | 阿里巴巴集团控股有限公司 | Data processing method and stream calculation system |
CN105631026B (en) * | 2015-12-30 | 2020-01-21 | 北京奇艺世纪科技有限公司 | Safety data analysis system |
CN106095547A (en) * | 2016-06-03 | 2016-11-09 | 北京小米移动软件有限公司 | Application program networking control method and device |
CN106656863A (en) * | 2016-12-31 | 2017-05-10 | 广东欧珀移动通信有限公司 | Business monitoring method and apparatus, and computer device |
-
2017
- 2017-09-03 CN CN201710782913.7A patent/CN107689958B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013149371A1 (en) * | 2012-04-01 | 2013-10-10 | Empire Technology Development Llc | Machine learning for database migration source |
CN106533838A (en) * | 2016-11-30 | 2017-03-22 | 国云科技股份有限公司 | Service characteristic time-sequence data packet collecting method facing cloud platform |
Also Published As
Publication number | Publication date |
---|---|
CN107689958A (en) | 2018-02-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107689958B (en) | Network audit subsystem applied to cloud audit system | |
Montasari et al. | Next-generation digital forensics: Challenges and future paradigms | |
US10021033B2 (en) | Context driven policy based packet capture | |
US10397277B2 (en) | Dynamic data socket descriptor mirroring mechanism and use for security analytics | |
CN104904160B (en) | For the system and method for the application stream of data flow | |
CN109951359B (en) | Asynchronous scanning method and device for distributed network assets | |
US11539663B2 (en) | System and method for midserver facilitation of long-haul transport of telemetry for cloud-based services | |
Madani et al. | Log management comprehensive architecture in Security Operation Center (SOC) | |
CN104954189A (en) | Automatic server cluster detecting method and system | |
Kyaw et al. | Pi-IDS: evaluation of open-source intrusion detection systems on Raspberry Pi 2 | |
US11855869B2 (en) | Secure configuration of a network sensor on a network sensor host | |
US10951637B2 (en) | Distributed detection of malicious cloud actors | |
Baumgärtner et al. | Complex event processing for reactive security monitoring in virtualized computer systems | |
Khan et al. | Towards an applicability of current network forensics for cloud networks: A SWOT analysis | |
Rajesh et al. | Network forensics investigation in virtual data centers using elk | |
Pape et al. | Restful correlation and consolidation of distributed logging data in cloud environments | |
Veetil et al. | Real-time network intrusion detection using Hadoop-based Bayesian classifier | |
Li et al. | SuperEye: A distributed port scanning system | |
Ras et al. | Proactive digital forensics in the cloud using virtual machines | |
US11748149B2 (en) | Systems and methods for adversary detection and threat hunting | |
Boonyopakorn | Applying Data Analytics to Findings of User Behaviour Usage in Network Systems | |
US20230275887A1 (en) | System and method for midserver facilitation of cross - boundary single sign on | |
Bikbulatov et al. | Simulation of DDoS attack on software defined networks | |
Paul et al. | Detection of Unknown Insider Attack on Components of Big Data System: A Smart System Application for Big Data Cluster | |
Panda | Network Monitoring With SmartNICs in Data Centers and 5G Cellular Networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |