CN108200045A - Security Situation Awareness Systems and method - Google Patents

Security Situation Awareness Systems and method Download PDF

Info

Publication number
CN108200045A
CN108200045A CN201711467421.5A CN201711467421A CN108200045A CN 108200045 A CN108200045 A CN 108200045A CN 201711467421 A CN201711467421 A CN 201711467421A CN 108200045 A CN108200045 A CN 108200045A
Authority
CN
China
Prior art keywords
data
module
security
situation
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201711467421.5A
Other languages
Chinese (zh)
Inventor
王天伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Original Assignee
SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd filed Critical SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Priority to CN201711467421.5A priority Critical patent/CN108200045A/en
Publication of CN108200045A publication Critical patent/CN108200045A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention provides a kind of Security Situation Awareness Systems and methods, are related to the technical field of cryptography, including:Access authentication module, for that will have the equipment of password to carry out access identity certification;Data acquisition module, data acquisition module are connected with access authentication module, for acquiring the code data of the equipment with password by access identity certification;Decision-making management module, decision-making management module are connected with data acquisition module, for according to code data, the difference based on system user role to generate different cryptosecurity situation reports;Data display module, data display module are connected with decision-making management module, for showing that cryptosecurity situation is reported.The authenticity of code data can be improved, meanwhile generate different cryptosecurity situation using the difference based on system user role in the big data about password and report, enhance the confidence level of cryptosecurity situation report, and science decision is helped to realize, promote the efficiency of decision-making and specific aim.

Description

Security Situation Awareness Systems and method
Technical field
The present invention relates to computer information safety technique field, more particularly, to a kind of Security Situation Awareness Systems and side Method.
Background technology
With the development of science and technology people’s lives are more and more inseparable with network, people are logging in different web sites or electricity During sub-voice mailbox, all with different username and passwords, moreover, usually recite personal and enterprise in website or E-mail address The information of the information of industry, these people and enterprise should not by public domain, so, if the information quilt of these people and enterprise It steals, it will it is brought a great deal of trouble to personal and enterprise, so, cryptosecurity is either to personal still to enterprise's all right and wrong It is often important.
Moreover, the appearance of network security method, security postures perceive the hot spot for also becoming network security.Cryptosecurity situation sense Know important composition department in information security of doing, in the prior art, cryptosecurity situation report usually only acquire part data into Row summarizes, due to local region and the difference of external environment, so confidence level is not high and lacks comprehensive.And generation password peace The data source of full situation report is not rigorous, and the cryptosecurity situation for leading to generation is untrue, and data are difficult to recall, and are unfavorable for Apparent safety responsibility.
Invention content
In view of this, the purpose of the present invention is to provide Security Situation Awareness Systems and method, will generate cryptosecurity state The acquisition source of the code data of gesture report, carries out access identity certification, and acquisition passes through the close of the equipment of access identity certification Code data, can improve the authenticity of code data in this way, meanwhile, using being based on system user angle in the big data about password The difference of color generates different cryptosecurity situation reports, enhances the confidence level of cryptosecurity situation report, and contribute to reality Existing science decision, promotes the efficiency of decision-making and specific aim.
In a first aspect, an embodiment of the present invention provides a kind of Security Situation Awareness Systems, including:Access authentication module is used Access identity certification is carried out in the equipment that there will be password;Data acquisition module, the data acquisition module are recognized with the access Card module is connected, for acquiring by having the code data of the equipment of password described in access identity certification;Decision-making management mould Block, the decision-making management module are connected with the data acquisition module, for according to the code data, based on system user angle The difference of color generates different cryptosecurity situation reports;Data display module, the data display module and the decision pipe Reason module is connected, for showing the cryptosecurity situation report.
With reference to first aspect, an embodiment of the present invention provides the first possible embodiment of first aspect, wherein, institute Decision-making management module is stated, including:Submodule is monitored, for monitoring the situation of change of code data;Abnormal behaviour analyzes submodule, For code data is analyzed and mined information with assist find security risk event;Submodule is tracked in security incident, is used It is tracked in security incident, determines the attack path of security incident the precautionary measures to be taken to provide foundation for user;Scoring Submodule, for carrying out risk analysis and assessment to the service application safety situation of code data.
With reference to first aspect, an embodiment of the present invention provides second of possible embodiment of first aspect, wherein, institute It states monitoring submodule and is additionally operable to backtracking attack history, to security event prediction.
With reference to first aspect, an embodiment of the present invention provides the third possible embodiment of first aspect, wherein, institute Data display module is stated to be additionally operable to show that password resource information, safe emergency response information, security defensive system, operation system are close Code application message, Security Trend, network topology, safety scoring situation.
With reference to first aspect, an embodiment of the present invention provides the 4th kind of possible embodiment of first aspect, wherein, institute State the instrument board that data display module is additionally operable to show the code data of various dimensions by the way of cockpit.
With reference to first aspect, an embodiment of the present invention provides the 5th kind of possible embodiment of first aspect, wherein, also Including:Gathered data source analysis module, the gathered data source analysis module are connected with the data acquisition module, are used for Analysis summary, statistics, management are carried out to the code data of acquisition.
With reference to first aspect, an embodiment of the present invention provides the 6th kind of possible embodiment of first aspect, wherein, also Including:Data center module, the data center module and the access authentication module, data acquisition module, decision-making management mould Block, data display module are connected, including:Data modeling manages submodule, knowledge base management submodule, password resource management submodule Block, cipher application data management submodule.
With reference to first aspect, an embodiment of the present invention provides the 7th kind of possible embodiment of first aspect, wherein, institute Access authentication module is stated to be specifically used for being authenticated according to safe class.
With reference to first aspect, an embodiment of the present invention provides the 8th kind of possible embodiment of first aspect, wherein, also Including:System management module, for user, role, template, permission, daily record, audit, configuration, remote monitoring, secure communication, Password resource.
Second aspect, the embodiment of the present invention also provide a kind of security postures cognitive method, including:By the equipment with password Carry out access identity certification;The code data for the equipment with password that acquisition passes through access authentication;According to the password Data, the difference based on system user role generate different cryptosecurity situation reports;Show the cryptosecurity situation report It accuses.
The embodiment of the present invention brings following advantageous effect:The acquisition of the code data of cryptosecurity situation report will be generated Source carries out the code data of access identity certification, the only equipment that acquisition passes through access identity certification, can improve password in this way The authenticity of data, meanwhile, different passwords is generated using the difference based on system user role in the big data about password Security postures are reported, enhance the confidence level of cryptosecurity situation report.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that being understood by implementing the present invention.The purpose of the present invention and other advantages are in specification, claims And specifically noted structure is realized and is obtained in attached drawing.
For the above objects, features and advantages of the present invention is enable to be clearer and more comprehensible, preferred embodiment cited below particularly, and coordinate Appended attached drawing, is described in detail below.
Description of the drawings
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution of the prior art Embodiment or attached drawing needed to be used in the description of the prior art are briefly described, it should be apparent that, in being described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, can also be obtained according to these attached drawings other attached drawings.
Fig. 1 is the structure chart of Security Situation Awareness Systems provided by one embodiment of the present invention;
Fig. 2 is the structure chart of Security Situation Awareness Systems that another embodiment of the present invention provides;
Fig. 3 is the component part schematic diagram of Security Situation Awareness Systems provided by one embodiment of the present invention;
Fig. 4 is the flow chart of security postures cognitive method provided by one embodiment of the present invention.
Icon:
100- Security Situation Awareness Systems;110- access authentication modules;120- data acquisition modules;130- decision-making management moulds Block;140- data display modules;131- monitors submodule;132- abnormal behaviours analyze submodule;133- security incidents tracking Module;134- scoring submodules.
Specific embodiment
Purpose, technical scheme and advantage to make the embodiment of the present invention are clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiment be part of the embodiment of the present invention rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Lower all other embodiments obtained, shall fall within the protection scope of the present invention.
At present, the appearance of network security method, security postures perceive the hot spot for also becoming network security.Cryptosecurity situation sense Know important composition department in information security of doing, in the prior art, cryptosecurity situation report usually only acquire part data into Row summarizes, due to the difference of local region and external environment etc., so confidence level is not high.And generation cryptosecurity situation report The data source of announcement is not rigorous, and the cryptosecurity situation for leading to generation is untrue, based on this, one kind provided in an embodiment of the present invention Security Situation Awareness Systems and method will generate the acquisition source of the code data of cryptosecurity situation report, carry out access body Part certification, only acquisition pass through the code data of the equipment of access identity certification, can improve the authenticity of code data in this way, together When, it generates different cryptosecurity situation using the difference based on system user role in the big data about password and reports, increase The strong confidence level of cryptosecurity situation report, and science decision is helped to realize, promote the efficiency of decision-making and specific aim.
For ease of understanding the present embodiment, system is perceived to a kind of security postures disclosed in the embodiment of the present invention first System 100 describes in detail, shown in Figure 1, including:Access authentication module 110, data acquisition module 120, decision-making management mould Block 130, data display module 140.
Wherein, the equipment that access authentication module 110 is used to have password carries out access identity certification.Data acquisition module 120 are connected with access authentication module 110, for acquiring the code data of the equipment with password by access identity certification. Decision-making management module 130 is connected with data acquisition module 120, for according to code data, the difference based on system user role Generate different cryptosecurity situation reports.Data display module 140 is connected with decision-making management module 130, for showing password Security postures are reported.
Wherein, the equipment with password is encryption device, the equipment of applied cryptography technology, system of applied cryptography technology etc. Deng.Such as:The equipment or system of crypto chip, digital certificate, cipher card etc. are installed.
Specifically, data acquisition module 120:Using the communication technology, acquisition has the equipment of password wherein, code data Including:Encryption and decryption operational data, signature sign test data, digital certificate use data, encryption device performance data, cipher application number According to interaction data between password correlation interaction data, safety equipment and cipher type product in, operation system, timestamp application data, Digital envelope application data, electronic signature are using code datas such as data, E-seal application data.Wherein, data acquisition module Block 120 can be all kinds of acquisition sensors, plug-in unit or control.
Wherein, cryptosecurity situation is reported, is the acquisition to entire security context factor in certain time, is understood and to not Carry out short-term prediction address.It is obtained by situation element, obtains necessary data, then carries out situation reason by data analysis Solution, and then realize to the Tendency Prediction in following a period of time.
In some embodiments, access authentication module 110 is specifically used for being authenticated according to safe class.
Specifically, using cryptographic technique to it is all access Security Situation Awareness Systems 100 the equipment with password into Row access identity certification, wherein it is possible to using traditional authentication mode, may be used can be with the safe class side of being authenticated Formula.Traditional authentication mode can have the user input port order seal that either user such as password is possessed or smart card etc., The biological nature of user, such as fingerprint, sound, retina, signature, person's handwriting etc..Safe class is authenticated, it will be different Equipment be divided into different safe classes, i.e.,:Level-one, two level, three-level etc., higher grade, and certification is stringenter.Such as:Second etc. Grade carries out user's login, i.e. username and password, then carries out ID card verification first.
With reference to shown in Fig. 2, decision-making management module 130, including:Monitor submodule 131, abnormal behaviour analysis submodule 132, Security incident tracking submodule 133, scoring submodule 134.
Wherein, monitoring submodule 131 is used to monitor the situation of change of code data.Abnormal behaviour analysis submodule 132 is used In code data is analyzed and mined information with assist find security risk event.Security incident tracking submodule 133 is used It is tracked in security incident, determines the attack path of security incident the precautionary measures to be taken to provide foundation for user.Scoring Submodule 134 is used to carry out risk analysis and assessment to the service application safety situation of code data.
Wherein, the report of cryptosecurity situation can will monitor result, the abnormal behaviour analysis submodule that submodule 131 obtains 132 obtained results, the obtained result of security incident tracking submodule 133, the result that submodule 134 obtains that scores are at least one Content as the report of cryptosecurity situation.
Specifically:It monitors submodule 131 and monitors code data situation of change.Abnormal behaviour analyzes submodule 132, in root According to various safe isomeric datas, daily record, on the basis of secure data search engine is provided, the model of big data analysis is made full use of Algorithm, machine learning, association analysis, baseline etc., automatic mining goes out valuable information from mass data, can help to find Security risk.Citing:One grader is trained according to various safe isomeric datas, daily record, for separating peace according to data trend Total event plays the role of the imminent security incident of prediction, the code data of monitoring is input in this grader, such as Fruit meets, then illustrates that security incident will occur for the code data monitored, it is possible to report this security incident to use Family reminds user to guard against in advance.Meanwhile treatment advice explanation can be provided security incident, and alarm event is analyzed And full-text search.Wherein, abnormal behaviour can include:Communication abnormality, suspicious identity, data are abnormal end to end for system.Safety Track of issues submodule 133 after security incident is found, is tracked any given security incident by intellectual analysis and traces back Source determines the attack path of security incident, for effective precautionary measures is taken to provide science decision foundation.Wherein, intellectual analysis master The degree of association between monitoring parameters and parameter is established based on the accumulation of normal operation data, such as positive correlation, negative correlation, without correlation, Also it is exactly to run baseline, the data fluctuations of normal operating condition.Security incident mainly finds different with normal condition Place.The submodule 134 that scores is used to carry out risk analysis and assessment to service application safety situation using grading marking mode.
In some embodiments, monitoring submodule 131 is additionally operable to backtracking attack history, to security event prediction.It is specific next It says, backtracking attack history finds potential invasion and highly concealed type attack, predicts imminent security incident.
In some embodiments, data display module 140 is additionally operable to displaying password resource information, safe emergency response letter Breath, security defensive system, operation system cipher application information, Security Trend, network topology, safety scoring situation.
In some embodiments, data display module 140 is additionally operable to show the password of various dimensions by the way of cockpit The instrument board of data.
Using " cockpit " mode, the key safety element of cipher application safe space can be focused on, builds various dimensions Secure data instrument board covers the emphasis link of security monitoring, reflects cipher application real time execution and safe condition, and data are true Reality, is intuitively presented to user and understands safe condition in time image.
In some embodiments, it further includes:Gathered data source analysis module, gathered data source analysis module and data Acquisition module 120 is connected, for carrying out analysis summary, statistics, management to the code data of acquisition.
Specifically, gathered data source analysis module carries out Classifying Sum, statistics, management to the equipment with password, Data source mainly has server password machine, time stamp server, signature verification service device, cipher card, digital certificate management CA System, digital certificate registration management breath system, mobile terminal.
In some embodiments, it further includes:Data center module, data center module and access authentication module 110, data Acquisition module 120, decision-making management module 130, data display module 140 are connected, including:Data modeling manages submodule, knowledge Library management submodule, password resource management submodule, cipher application data management submodule.
Specifically, the database of data center module, the as system 100 is adopted for access authentication module 110, data Collect module 120, decision-making management module 130, data display module 140 and support is provided, reach the shared of data resource.Such as:Number The technical support of certification is provided for access authentication module 110 according to center module, data center module can store data acquisition module The code data that block 120 acquires, data center module can be that decision-making management module 130 provides data support, data center's mould Block can store data display module 140 as a result, so that user can check previous displaying result.
With reference to shown in Fig. 3, data center module is carried out data transmission with data acquisition module 120 by transport layer, transmission Method include:Physical transfer network and wireless-transmission network.
Wherein, data modeling management submodule is used to establish the model of the system 100, and knowledge base management submodule is used to manage Cryptography, cryptography related knowledge and historical data are managed, wherein historical data is given a lesson to including at least historical experience, password money Source control submodule is used for 120 collected data of management data collection module, such as:Classified, the pipe of subregion, subangle color Reason, cipher application data management submodule are used for administrator password application data, i.e. 120 collected password number of data acquisition module Module in about the management of cipher application data.
In some embodiments, it further includes:System management module, for user, role, template, permission, daily record, examine Meter, configuration, remote monitoring, secure communication, password resource.
Specifically, system management module is connected with decision-making management module 130, and with reference to shown in Fig. 3, user can be according to certainly The difference of own identity, request decision-making management module 130 obtain different cryptosecurity situation reports, wherein, user includes:Operation Personnel, maintenance personnel, leaders, functional government departments etc..
With reference to shown in Fig. 3, the operation principle of the system 100 of one embodiment of the present of invention is:Data acquisition module 120 Acquisition layer can be distributed in different infrastructure layers, and then, data acquisition module 120 stores data in number by transport layer According in center module, user's request is sent in decision-making management module 130 by user, and decision-making management module 130 is from data center The required relevant historical data of module calls user, according to relevant historical data, according to the specific requirement of user, generate about The cryptosecurity situation report of historical data, is then transmitted to data display module 140 by the report of this cryptosecurity situation, will Cryptosecurity situation report show, so as to user it can clearly be seen that.
Alternatively, user's request is sent in decision-making management module 130 by user, decision-making management module 130 is according to password number According to, according to the specific requirement of user, acquire the code data of corresponding encryption device, the situation report of generation cryptosecurity, then The report of this cryptosecurity situation is transmitted to data display module 140, the report of cryptosecurity situation is shown.Citing: Certain company wants to see the cryptosecurity situation report of oneself company, then, certain company sends to system 100 and asks, and is then arranged in The data of the said firm are acquired in the various kinds of sensors of the said firm, then generate real-time cryptosecurity situation report according to the data It accuses, the report of this cryptosecurity situation is then transmitted to data display module 140, the report of cryptosecurity situation is shown Come.
It is shown in Figure 4, security postures cognitive method, including:
S210:Equipment with password is subjected to access identity certification.
S220:The code data for the equipment with password that acquisition passes through access authentication.
S230:According to code data, the difference based on system user role generates different cryptosecurity situation reports.
S240:Show the report of cryptosecurity situation.
The technique effect of the method that the embodiment of the present invention is provided, realization principle and generation and aforementioned system embodiment phase Together, to briefly describe, embodiment of the method part does not refer to part, can refer to corresponding contents in aforementioned system embodiment.
Unless specifically stated otherwise, component and the opposite step of step, the digital table otherwise illustrated in these embodiments It is not limit the scope of the invention up to formula and numerical value.
In all examples being illustrated and described herein, any occurrence should be construed as merely illustrative, without It is as limitation, therefore, other examples of exemplary embodiment can have different values.
It should be noted that:Similar label and letter represents similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need to that it is further defined and explained in subsequent attached drawing.
Flow chart and block diagram in attached drawing show the system, method and computer journey of multiple embodiments according to the present invention Architectural framework in the cards, function and the operation of sequence product.In this regard, each box in flow chart or block diagram can generation The part of one module of table, program segment or code, a part for the module, program segment or code include one or more use In the executable instruction of logic function as defined in realization.It should also be noted that it in some implementations as replacements, is marked in box The function of note can also be occurred with being different from the sequence marked in attached drawing.For example, two continuous boxes can essentially base Originally it is performed in parallel, they can also be performed in the opposite order sometimes, this is depended on the functions involved.It is also noted that It is the combination of each box in block diagram and/or flow chart and the box in block diagram and/or flow chart, can uses and perform rule The group of specialized hardware and computer instruction is realized or can be used to fixed function or the dedicated hardware based system of action It closes to realize.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " connected " " connects Connect " it should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected or be integrally connected;It can be machine Tool is connected or is electrically connected;It can be directly connected, can also be indirectly connected by intermediary, can be two members Connection inside part.For the ordinary skill in the art, can above-mentioned term be understood in the present invention with concrete condition Concrete meaning.
In the description of the present invention, it should be noted that term " " center ", " on ", " under ", "left", "right", " vertical ", The orientation or position relationship of the instructions such as " level ", " interior ", " outer " be based on orientation shown in the drawings or position relationship, merely to Convenient for the description present invention and simplify description rather than instruction or imply signified device or element must have specific orientation, With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.In addition, term " first ", " second ", " third " is only used for description purpose, and it is not intended that instruction or hint relative importance.
Finally it should be noted that:Embodiment described above, only specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, it will be understood by those of ordinary skill in the art that:Any one skilled in the art In the technical scope disclosed by the present invention, it can still modify to the technical solution recorded in previous embodiment or can be light It is readily conceivable that variation or equivalent replacement is carried out to which part technical characteristic;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover the protection in the present invention Within the scope of.Therefore, protection scope of the present invention described should be subject to the protection scope in claims.

Claims (10)

1. a kind of Security Situation Awareness Systems, which is characterized in that including:
Access authentication module, for that will have the equipment of password to carry out access identity certification;
Data acquisition module, the data acquisition module are connected with the access authentication module, pass through access identity for acquiring The code data of the equipment with password of certification;
Decision-making management module, the decision-making management module are connected with the data acquisition module, for according to the code data, Difference based on system user role generates different cryptosecurity situation reports;
Data display module, the data display module are connected with the decision-making management module, for showing the cryptosecurity Situation is reported.
2. Security Situation Awareness Systems according to claim 1, which is characterized in that the decision-making management module, including:
Submodule is monitored, for monitoring the situation of change of code data;
Abnormal behaviour analyze submodule, for code data is analyzed and mined information with assist find security risk thing Part;
Submodule is tracked in security incident, for being tracked to security incident, determines the attack path of security incident with for user The precautionary measures is taken to provide foundation;
Score submodule, for carrying out risk analysis and assessment to the service application safety situation of code data.
3. Security Situation Awareness Systems according to claim 2, which is characterized in that the monitoring submodule is additionally operable to recall History is attacked, to security event prediction.
4. Security Situation Awareness Systems according to claim 1, which is characterized in that the data display module is additionally operable to open up Show password resource information, safe emergency response information, security defensive system, operation system cipher application information, Security Trend, net Network topology, safety scoring situation.
5. Security Situation Awareness Systems according to claim 4, which is characterized in that the data display module is additionally operable to adopt The instrument board of the code data of various dimensions is shown with the mode of cockpit.
6. Security Situation Awareness Systems according to claim 1, which is characterized in that further include:
Gathered data source analysis module, the gathered data source analysis module are connected with the data acquisition module, are used for Analysis summary, statistics, management are carried out to the code data of acquisition.
7. Security Situation Awareness Systems according to claim 1, which is characterized in that further include:
Data center module, the data center module and the access authentication module, data acquisition module, decision-making management mould Block, data display module are connected, including:Data modeling manages submodule, knowledge base management submodule, password resource management submodule Block, cipher application data management submodule.
8. Security Situation Awareness Systems according to claim 1, which is characterized in that the access authentication module is specifically used for It is authenticated according to safe class.
9. Security Situation Awareness Systems according to claim 1, which is characterized in that further include:System management module is used for To user, role, template, permission, daily record, audit, configuration, remote monitoring, secure communication, password resource.
10. a kind of security postures cognitive method, which is characterized in that including:
Equipment with password is subjected to access identity certification;
The code data for the equipment with password that acquisition passes through access authentication;
According to the code data, the difference based on system user role generates different cryptosecurity situation reports;
Show the cryptosecurity situation report.
CN201711467421.5A 2017-12-28 2017-12-28 Security Situation Awareness Systems and method Withdrawn CN108200045A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711467421.5A CN108200045A (en) 2017-12-28 2017-12-28 Security Situation Awareness Systems and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711467421.5A CN108200045A (en) 2017-12-28 2017-12-28 Security Situation Awareness Systems and method

Publications (1)

Publication Number Publication Date
CN108200045A true CN108200045A (en) 2018-06-22

Family

ID=62586053

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711467421.5A Withdrawn CN108200045A (en) 2017-12-28 2017-12-28 Security Situation Awareness Systems and method

Country Status (1)

Country Link
CN (1) CN108200045A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111092786A (en) * 2019-12-12 2020-05-01 中盈优创资讯科技有限公司 Network equipment safety authentication service reliability enhancing system
CN111931164A (en) * 2020-06-28 2020-11-13 航天信息股份有限公司 Method and system for determining password security level
CN112380514A (en) * 2020-11-13 2021-02-19 支付宝(杭州)信息技术有限公司 Biological identification security situation prediction method and device and electronic equipment
CN112468443A (en) * 2020-10-28 2021-03-09 南京代威科技有限公司 Method and system for realizing optimization decision through big data situation analysis
CN112738121A (en) * 2020-12-30 2021-04-30 中国电子技术标准化研究院 Password security situation awareness method, device, equipment and readable storage medium
CN113411295A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 Role-based access control situation awareness defense method and system
CN114362995A (en) * 2021-11-30 2022-04-15 河南金盾信安检测评估中心有限公司 Provincial domain password application security situation system
CN116708208A (en) * 2023-08-07 2023-09-05 山东慧贝行信息技术有限公司 Network data transmission situation prediction method based on machine learning

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN104348829A (en) * 2014-09-26 2015-02-11 智慧城市信息技术有限公司 Network security situation sensing system and method
CN105553957A (en) * 2015-12-09 2016-05-04 国家电网公司 Network safety situation awareness early-warning method and system based big data
CN106101252A (en) * 2016-07-01 2016-11-09 何钟柱 Information Security Risk guard system based on big data and trust computing
CN106789955A (en) * 2016-11-30 2017-05-31 山东省计算中心(国家超级计算济南中心) A kind of network security situation evaluating method
CN107483438A (en) * 2017-08-15 2017-12-15 山东华诺网络科技有限公司 A kind of network security situation awareness early warning system and method based on big data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN104348829A (en) * 2014-09-26 2015-02-11 智慧城市信息技术有限公司 Network security situation sensing system and method
CN105553957A (en) * 2015-12-09 2016-05-04 国家电网公司 Network safety situation awareness early-warning method and system based big data
CN106101252A (en) * 2016-07-01 2016-11-09 何钟柱 Information Security Risk guard system based on big data and trust computing
CN106789955A (en) * 2016-11-30 2017-05-31 山东省计算中心(国家超级计算济南中心) A kind of network security situation evaluating method
CN107483438A (en) * 2017-08-15 2017-12-15 山东华诺网络科技有限公司 A kind of network security situation awareness early warning system and method based on big data

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111092786A (en) * 2019-12-12 2020-05-01 中盈优创资讯科技有限公司 Network equipment safety authentication service reliability enhancing system
CN111092786B (en) * 2019-12-12 2022-03-08 中盈优创资讯科技有限公司 Network equipment safety authentication service reliability enhancing system
CN111931164A (en) * 2020-06-28 2020-11-13 航天信息股份有限公司 Method and system for determining password security level
CN112468443A (en) * 2020-10-28 2021-03-09 南京代威科技有限公司 Method and system for realizing optimization decision through big data situation analysis
CN112380514A (en) * 2020-11-13 2021-02-19 支付宝(杭州)信息技术有限公司 Biological identification security situation prediction method and device and electronic equipment
CN112738121A (en) * 2020-12-30 2021-04-30 中国电子技术标准化研究院 Password security situation awareness method, device, equipment and readable storage medium
CN113411295A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 Role-based access control situation awareness defense method and system
CN114362995A (en) * 2021-11-30 2022-04-15 河南金盾信安检测评估中心有限公司 Provincial domain password application security situation system
CN116708208A (en) * 2023-08-07 2023-09-05 山东慧贝行信息技术有限公司 Network data transmission situation prediction method based on machine learning
CN116708208B (en) * 2023-08-07 2023-10-13 山东慧贝行信息技术有限公司 Network data transmission situation prediction method based on machine learning

Similar Documents

Publication Publication Date Title
CN108200045A (en) Security Situation Awareness Systems and method
US10791141B2 (en) Anonymized network data collection and network threat assessment and monitoring systems and methods
US11902321B2 (en) Secure communication platform for a cybersecurity system
CN107239707B (en) Threat data processing method for information system
Saxena et al. General study of intrusion detection system and survey of agent based intrusion detection system
CN112398860A (en) Safety control method and device
EP3341881A1 (en) Predictive human behavioral analysis of psychometric features on a computer network
CN116881981B (en) Digital signature system and method based on certificate
CN106779485B (en) SOA architecture-based comprehensive management system and data processing method
CN116662989A (en) Security data analysis method and system
WO2019220363A1 (en) Creation and verification of behavioral baselines for the detection of cybersecurity anomalies using machine learning techniques
CN116030943A (en) Big data intelligent operation and maintenance control system and method
CN116112194A (en) User behavior analysis method and device, electronic equipment and computer storage medium
Skendžić et al. Management and monitoring security events in a business organization-siem system
Henriques et al. A survey on forensics and compliance auditing for critical infrastructure protection
Gupta et al. Cyber security assessment education for E-governance systems
Coppolino et al. Addressing security issues in the eheatlh domain relying on SIEM solutions
CN117220917A (en) Network real-time monitoring method based on cloud computing
CN106790231A (en) The generation method of security domain, device and safe operation and maintenance supervising system
CN113923036B (en) Block chain information management method and device of continuous immune safety system
CN115499840A (en) Security assessment system and method for mobile internet
Azmi Bin Mustafa Sulaiman et al. SIEM Network Behaviour Monitoring Framework using Deep Learning Approach for Campus Network Infrastructure
Masduki et al. Leverage intrusion detection system framework for cyber situational awareness system
Karunamurthy et al. Human-in-the-Loop Intelligence: Advancing AI-Centric Cybersecurity for the Future
Tafazzoli et al. Security operation center implementation on OpenStack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180622

WW01 Invention patent application withdrawn after publication