CN108737186A - A kind of intranet security Situation Awareness method - Google Patents
A kind of intranet security Situation Awareness method Download PDFInfo
- Publication number
- CN108737186A CN108737186A CN201810503150.2A CN201810503150A CN108737186A CN 108737186 A CN108737186 A CN 108737186A CN 201810503150 A CN201810503150 A CN 201810503150A CN 108737186 A CN108737186 A CN 108737186A
- Authority
- CN
- China
- Prior art keywords
- approach
- intranet
- access
- threshold value
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 230000007812 deficiency Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000036544 posture Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
Abstract
The present invention provides a kind of intranet security Situation Awareness methods, including step 1, and the access approach of intranet data is analyzed, counted and concluded;Step 2, the access approach of the intranet data after conclusion is divided into sensitive grade according to safe coefficient;Step 3, according to the access order to associated one group of intranet data, weight is arranged in each step that approach is accessed for this group of intranet data;Step 4, threshold value of warning is set;Step 5, by the sensitive grade for the approach that accesses and access approach currently belonging to the weighted value of step number be weighted, and the weighted results of the access approach of one group of intranet data will be compared with the threshold value of warning, are alarmed when beyond the threshold value of warning.The intranet security Situation Awareness method has the advantages that simple highly practical, method, quickness and high efficiency, safe and reliable.
Description
Technical field
The present invention relates to a kind of intranet security Situation Awareness methods.
Background technology
Enterprise continuously emerges the event that significant data is stolen and is caused to enterprise according to newest statistics in recent years
Serious attack in 70% come from inside in tissue, internal staff including interior employee or third party's IT branch be provided
The maintenance personnel etc. held, they take advantage of one's position, and safety problem caused by violation operation is increasingly frequently and prominent, these operations
It is all closely bound up with the business of client.It, must for this kind of and the closely bound up operation behavior of business, the safety problem of unlawful practice
There need be the means of strength to take precautions against.
In order to solve the above problems, people are seeking always a kind of ideal technical solution.
Invention content
The purpose of the present invention is in view of the deficiencies of the prior art, to provide, one kind is highly practical, method is simple, quick high
Effect, safe and reliable intranet security Situation Awareness method.
To achieve the goals above, the technical solution adopted in the present invention is:A kind of intranet security Situation Awareness method, packet
Step 1 is included, the access approach of intranet data is analyzed, counted and concluded;Step 2, by the visit of the intranet data after conclusion
Ask that approach divides sensitive grade according to safe coefficient;Step 3, according to the access order to associated one group of intranet data, it is
Weight is arranged in each step that this group of intranet data accesses approach;Step 4, threshold value of warning is set;Step 5, by the quick of the approach that accesses
The weighted value of the current affiliated step number of sense grade and access approach is weighted, and will be to the access approach of one group of intranet data
Weighted results be compared with the threshold value of warning, alarm when beyond the threshold value of warning.
Based on above-mentioned, the weighted value that one group of intranet data accesses the latter step of approach is more than the weighted value of back.
Based on above-mentioned, the access approach of one group of intranet data is subjected to segment processing, the section threshold value of each section of setting, and count
The section weighted results that approach is accessed in each section are calculated, if section weighted results are alarmed when exceeding section threshold value.
The present invention has substantive distinguishing features outstanding and significant progress compared with the prior art, and specifically, the present invention is logical
It crosses the access approach to intranet data to be counted and be classified, and weight is arranged to accessing approach according to operation order, work as access
After the sensitive grade of approach and the step number of operation order are weighted, reported if weighted results are beyond threshold value of warning
It is alert, have the advantages that highly practical, method is simple, quickness and high efficiency, safe and reliable.
Specific implementation mode
Below by specific implementation mode, technical scheme of the present invention will be described in further detail.
A kind of intranet security Situation Awareness method, including step 1 are analyzed the access approach of intranet data, are counted
And conclusion;Step 2, the access approach of the intranet data after conclusion is divided into sensitive grade according to safe coefficient;Step 3, according to
To the access order of associated one group of intranet data, weight is arranged in each step that approach is accessed for this group of intranet data;Step
4, threshold value of warning is set;Step 5, by the sensitive grade for the approach that accesses and access approach currently belonging to the weighted value of step number added
Power calculates, and will be compared with the threshold value of warning to the weighted results of the access approach of one group of intranet data, beyond described
It alarms when threshold value of warning.
Specifically, having to there are many access approach of intranet data, having conventional approach also in violation of rules and regulations or illegal access way
Diameter is analyzed and is counted the possible access approach of each intranet data, and concluded after all possible access approach is counted,
The all possible access approach counted is divided into sensitive grade by the safe coefficient of the approach of access.In practice, internal netting index
According to access be typically access to one group of data, according to the access order to associated one group of intranet data, in the group
Weight is arranged in each step that network data accesses approach, and in the present embodiment, one group of intranet data accesses the weight of the latter step of approach
Weighted value of the value more than back.By the sensitive grade for the approach that accesses and access approach currently belonging to the weighted value of step number added
Power calculates, and will be compared with the threshold value of warning to the weighted results of the access approach of one group of intranet data, beyond described
Illustrate that the access to intranet data has harm when threshold value of warning, alarm in time, prevents subsequent violation infringement operation.
Preferably, the access approach of one group of intranet data is also subjected to segment processing, the section threshold value of each section of setting, and counted
The section weighted results that approach is accessed in each section are calculated, if section weighted results are alarmed when exceeding section threshold value.Such as to one group of Intranet
The access approach of data totally ten step, then every three step be divided into one section, be divided into four sections, each section of setting section threshold value, in each section
Weighted results compared with section threshold value, if beyond alarming in time if section threshold value, further increase security postures perception
Sensitivity.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof;To the greatest extent
The present invention is described in detail with reference to preferred embodiments for pipe, those of ordinary skills in the art should understand that:Still
It can modify to the specific implementation mode of the present invention or equivalent replacement is carried out to some technical characteristics;Without departing from this hair
The spirit of bright technical solution should all cover within the scope of the technical scheme claimed by the invention.
Claims (3)
1. a kind of intranet security Situation Awareness method, it is characterised in that:Including
Step 1, the access approach of intranet data is analyzed, counted and is concluded;
Step 2, the access approach of the intranet data after conclusion is divided into sensitive grade according to safe coefficient;
Step 3, according to the access order to associated one group of intranet data, each step of approach is accessed for this group of intranet data
Weight is set;
Step 4, threshold value of warning is set;
Step 5, by the sensitive grade for the approach that accesses and access approach currently belonging to the weighted value of step number be weighted, and will
The weighted results of the access approach of one group of intranet data are compared with the threshold value of warning, exceed the threshold value of warning when into
Row alarm.
2. intranet security Situation Awareness method according to claim 1, it is characterised in that:One group of intranet data accesses approach
Latter step weighted value be more than back weighted value.
3. intranet security Situation Awareness method according to claim 1, it is characterised in that:By the access of one group of intranet data
Approach carries out segment processing, the section threshold value of each section of setting, and calculates the section weighted results that approach is accessed in each section, if section adds
Power result is alarmed when exceeding section threshold value.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810503150.2A CN108737186B (en) | 2018-05-23 | 2018-05-23 | Intranet security situation sensing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810503150.2A CN108737186B (en) | 2018-05-23 | 2018-05-23 | Intranet security situation sensing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108737186A true CN108737186A (en) | 2018-11-02 |
CN108737186B CN108737186B (en) | 2020-12-29 |
Family
ID=63935025
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810503150.2A Active CN108737186B (en) | 2018-05-23 | 2018-05-23 | Intranet security situation sensing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108737186B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110109998A (en) * | 2019-05-17 | 2019-08-09 | 贵州数据宝网络科技有限公司 | Data trade intelligence integration system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030233583A1 (en) * | 2002-06-13 | 2003-12-18 | Carley Jeffrey Alan | Secure remote management appliance |
CN107070883A (en) * | 2017-02-28 | 2017-08-18 | 青岛海信移动通信技术股份有限公司 | The method and device of safety detection is carried out to wireless network |
CN107124410A (en) * | 2017-04-25 | 2017-09-01 | 厦门卓讯信息技术有限公司 | Network safety situation feature clustering method based on machine deep learning |
CN107809321A (en) * | 2016-09-08 | 2018-03-16 | 南京联成科技发展股份有限公司 | A kind of security risk assessment and the implementation method of alarm generation |
-
2018
- 2018-05-23 CN CN201810503150.2A patent/CN108737186B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030233583A1 (en) * | 2002-06-13 | 2003-12-18 | Carley Jeffrey Alan | Secure remote management appliance |
CN107809321A (en) * | 2016-09-08 | 2018-03-16 | 南京联成科技发展股份有限公司 | A kind of security risk assessment and the implementation method of alarm generation |
CN107070883A (en) * | 2017-02-28 | 2017-08-18 | 青岛海信移动通信技术股份有限公司 | The method and device of safety detection is carried out to wireless network |
CN107124410A (en) * | 2017-04-25 | 2017-09-01 | 厦门卓讯信息技术有限公司 | Network safety situation feature clustering method based on machine deep learning |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110109998A (en) * | 2019-05-17 | 2019-08-09 | 贵州数据宝网络科技有限公司 | Data trade intelligence integration system |
CN110109998B (en) * | 2019-05-17 | 2023-05-30 | 贵州数据宝网络科技有限公司 | Intelligent data transaction integration system |
Also Published As
Publication number | Publication date |
---|---|
CN108737186B (en) | 2020-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Chevigny | The Right to Resist an Unlawful Arrest | |
Foote | Tort remedies for police violations of individual rights | |
CN106790186A (en) | Multi-step attack detection method based on multi-source anomalous event association analysis | |
CN103236127A (en) | Fiber fence intrusion monitoring system and pattern recognition method thereof | |
CN104158677B (en) | A kind of safety state analysis alarm method | |
CN110099060A (en) | A kind of network information security guard method and system | |
Morgan | The utilitarian justification of torture: Denial, desert and disinformation | |
CN103365963B (en) | Database audit system compliance method for quickly detecting | |
CN108737186A (en) | A kind of intranet security Situation Awareness method | |
Paton et al. | Domicide, eviction and repossession | |
CN106408690A (en) | Nuclear power plant personnel entrance and exit control apparatus and nuclear power plant personnel entrance and exit control method | |
CN109558480A (en) | For the counter method of crime of laundering behavior | |
Kenwick et al. | International Influences on the Survival of Territorial Non-state Actors | |
Watts | On fictions and wicked problems in juvenile justice: Towards a critical youth studies | |
Miles Jr | The Ailing Fourth Amendment: A Suggested Cure | |
Mikow-Porto et al. | The IHSSF 2011 prisoner escape study | |
CN108768997A (en) | A kind of application operating safe early warning processing method | |
CN209299296U (en) | A kind of Intranet threat detection apparatus | |
Kolesnik | The development of the right to self-defence | |
Fajar | Treatment of High Risk Prisoners in Batu Nusakambangan Class I Correctional Institutions for Human Rights | |
Ahmed et al. | Use of Principal Component Analysis for Evaluation of Causes of Insecurity and Crime Rate Investigation in Niger State, Nigeria | |
Shu et al. | Research on situation awareness technology in industrial control system | |
Oharisi et al. | Legal And Socio-Political Constraints In Combating Terrorism In Nigeria | |
Bean | Drugs and crime in Britain: an overview | |
Hommel | Domino Effect: How Scalia Lives on Through the Controversial Texas Immigration Law and Which States are Itching to Pull the Trigger |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CB03 | Change of inventor or designer information |
Inventor after: Chen Yu Inventor after: Fang Yiran Inventor after: Lei Ya Inventor after: Guo Mengfei Inventor after: Du Gaoyang Inventor after: Wang Weixiao Inventor before: Chen Yu Inventor before: Lei Ya Inventor before: Guo Mengfei Inventor before: Du Gaoyang Inventor before: Wang Weixiao |
|
CB03 | Change of inventor or designer information |