CN108737186B - Intranet security situation sensing method - Google Patents
Intranet security situation sensing method Download PDFInfo
- Publication number
- CN108737186B CN108737186B CN201810503150.2A CN201810503150A CN108737186B CN 108737186 B CN108737186 B CN 108737186B CN 201810503150 A CN201810503150 A CN 201810503150A CN 108737186 B CN108737186 B CN 108737186B
- Authority
- CN
- China
- Prior art keywords
- intranet
- access path
- access
- threshold value
- intranet data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 230000035945 sensitivity Effects 0.000 claims abstract description 12
- 230000008447 perception Effects 0.000 abstract description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
Abstract
The invention provides an intranet security situation perception method, which comprises the following steps of 1, analyzing, counting and summarizing an access path of intranet data; step 2, dividing the access path of the summarized intranet data into sensitivity levels according to the safety degree; step 3, setting a weight for each step of the intranet data access path according to the access sequence of the associated intranet data; step 4, setting an early warning threshold value; and 5, carrying out weighted calculation on the sensitivity level of the access path and the weight value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and alarming when the early warning threshold value is exceeded. The method for sensing the safety situation of the intranet has the advantages of strong practicability, simplicity, rapidness, high efficiency, safety and reliability.
Description
Technical Field
The invention relates to an intranet security situation sensing method.
Background
In recent years, important data are stolen continuously, and according to the latest statistical data, 70% of serious attacks to enterprises come from internal personnel in an organization, internal personnel, including internal staff or maintenance personnel providing third-party IT support, and the like, which use the convenience of work, and security problems caused by illegal operations are more frequent and prominent, and the operations are closely related to the business of a client. For such security problems of operation behaviors and violations related to traffic information, a strong measure is necessary to prevent them.
In order to solve the above problems, people are always seeking an ideal technical solution.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides the intranet safety situation sensing method which is strong in practicability, simple in method, fast, efficient, safe and reliable.
In order to achieve the purpose, the invention adopts the technical scheme that: a method for sensing the security situation of an intranet comprises the following steps of 1, analyzing, counting and summarizing access ways of intranet data; step 2, dividing the access path of the summarized intranet data into sensitivity levels according to the safety degree; step 3, setting a weight for each step of the intranet data access path according to the access sequence of the associated intranet data; step 4, setting an early warning threshold value; and 5, carrying out weighted calculation on the sensitivity level of the access path and the weight value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and alarming when the early warning threshold value is exceeded.
Based on the above, the weight value of the next step of the intranet data access path is greater than the weight value of the previous step.
Based on the above, the access ways of a group of intranet data are processed in a segmented mode, the segment threshold value of each segment is set, the segment weighting result of the access ways in each segment is calculated, and if the segment weighting result exceeds the segment threshold value, an alarm is given.
Compared with the prior art, the method has outstanding substantive characteristics and remarkable progress, and particularly, the method has the advantages of strong practicability, simplicity, rapidness, high efficiency, safety and reliability, and has the advantages that the access ways of the intranet data are counted and graded, the weights are set for the access ways according to the operation sequence, and after the sensitivity grade of the access ways and the step number of the operation sequence are subjected to weighting calculation, an alarm is given if the weighting result exceeds the early warning threshold value.
Detailed Description
The technical solution of the present invention is further described in detail by the following embodiments.
A method for sensing the security situation of an intranet comprises the following steps of 1, analyzing, counting and summarizing access ways of intranet data; step 2, dividing the access path of the summarized intranet data into sensitivity levels according to the safety degree; step 3, setting a weight for each step of the intranet data access path according to the access sequence of the associated intranet data; step 4, setting an early warning threshold value; and 5, carrying out weighted calculation on the sensitivity level of the access path and the weight value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and alarming when the early warning threshold value is exceeded.
Specifically, there are multiple access ways to the intranet data, there are conventional ways and also illegal or illegal access ways, the possible access ways of each intranet data are analyzed and counted, all the possible access ways are summarized after being counted, and all the counted possible access ways are classified into sensitivity levels according to the security degree of the access ways. In practice, the access to the intranet data is usually access to a group of data, and a weight is set for each step of the group of intranet data access routes according to an access sequence of the associated group of intranet data. And carrying out weighted calculation on the sensitivity level of the access path and the weighted value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and if the weighted result exceeds the early warning threshold value, indicating that harm exists to the access of the intranet data, and timely alarming to prevent subsequent illegal and invasive operation.
Preferably, the access ways of a group of intranet data are further processed in a segmented manner, a segment threshold value of each segment is set, a segment weighting result of the access ways in each segment is calculated, and an alarm is given when the segment weighting result exceeds the segment threshold value. If the access way of a group of intranet data is ten steps, dividing each three steps into one section and four sections, setting a section threshold value for each section, comparing the weighting result in each section with the section threshold value, and giving an alarm in time if the weighting result exceeds the section threshold value, so that the security situation perception sensitivity is further improved.
Finally, it should be noted that the above examples are only used to illustrate the technical solutions of the present invention and not to limit the same; although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art will understand that: modifications to the specific embodiments of the invention or equivalent substitutions for parts of the technical features may be made; without departing from the spirit of the present invention, it is intended to cover all aspects of the invention as defined by the appended claims.
Claims (3)
1. An intranet security situation awareness method is characterized by comprising the following steps: comprises that
Step 1, analyzing, counting and summarizing access ways of intranet data;
step 2, dividing the access path of the summarized intranet data into sensitivity levels according to the safety degree;
step 3, setting a weight for each step of the intranet data access path according to the access sequence of the associated intranet data;
step 4, setting an early warning threshold value;
and 5, carrying out weighted calculation on the sensitivity level of the access path and the weight value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and alarming when the early warning threshold value is exceeded.
2. The intranet security situation awareness method according to claim 1, wherein: the weighted value of the next step of the intranet data access path is larger than that of the previous step.
3. The intranet security situation awareness method according to claim 1, wherein: and carrying out sectional processing on the access ways of the intranet data, setting a section threshold value of each section, calculating a section weighting result of the access ways in each section, and giving an alarm if the section weighting result exceeds the section threshold value.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810503150.2A CN108737186B (en) | 2018-05-23 | 2018-05-23 | Intranet security situation sensing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810503150.2A CN108737186B (en) | 2018-05-23 | 2018-05-23 | Intranet security situation sensing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108737186A CN108737186A (en) | 2018-11-02 |
CN108737186B true CN108737186B (en) | 2020-12-29 |
Family
ID=63935025
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810503150.2A Active CN108737186B (en) | 2018-05-23 | 2018-05-23 | Intranet security situation sensing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108737186B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110109998B (en) * | 2019-05-17 | 2023-05-30 | 贵州数据宝网络科技有限公司 | Intelligent data transaction integration system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107070883A (en) * | 2017-02-28 | 2017-08-18 | 青岛海信移动通信技术股份有限公司 | The method and device of safety detection is carried out to wireless network |
CN107124410A (en) * | 2017-04-25 | 2017-09-01 | 厦门卓讯信息技术有限公司 | Network safety situation feature clustering method based on machine deep learning |
CN107809321A (en) * | 2016-09-08 | 2018-03-16 | 南京联成科技发展股份有限公司 | A kind of security risk assessment and the implementation method of alarm generation |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7171467B2 (en) * | 2002-06-13 | 2007-01-30 | Engedi Technologies, Inc. | Out-of-band remote management station |
-
2018
- 2018-05-23 CN CN201810503150.2A patent/CN108737186B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107809321A (en) * | 2016-09-08 | 2018-03-16 | 南京联成科技发展股份有限公司 | A kind of security risk assessment and the implementation method of alarm generation |
CN107070883A (en) * | 2017-02-28 | 2017-08-18 | 青岛海信移动通信技术股份有限公司 | The method and device of safety detection is carried out to wireless network |
CN107124410A (en) * | 2017-04-25 | 2017-09-01 | 厦门卓讯信息技术有限公司 | Network safety situation feature clustering method based on machine deep learning |
Also Published As
Publication number | Publication date |
---|---|
CN108737186A (en) | 2018-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106060043B (en) | A kind of detection method and device of abnormal flow | |
CN105407103B (en) | A kind of Cyberthreat appraisal procedure based on more granularity abnormality detections | |
CN111669375B (en) | Online safety situation assessment method and system for power industrial control terminal | |
EP3267348B1 (en) | Method and apparatus for recognizing risk behavior | |
CN104486141B (en) | A kind of network security situation prediction method that wrong report is adaptive | |
CN105516130B (en) | Data processing method and device | |
CN107239707A (en) | A kind of threat data processing method for information system | |
CN108989150A (en) | A kind of login method for detecting abnormality and device | |
CN106295349A (en) | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen | |
CN105868629B (en) | Security threat situation assessment method suitable for electric power information physical system | |
CN103441982A (en) | Intrusion alarm analyzing method based on relative entropy | |
CN109257393A (en) | XSS attack defence method and device based on machine learning | |
CN107016298B (en) | Webpage tampering monitoring method and device | |
CN105681274B (en) | A kind of method and device of original alarm information processing | |
CN108737186B (en) | Intranet security situation sensing method | |
CN103546319B (en) | The alarming flow method and system of the network equipment | |
Otuoze et al. | Electricity theft detection framework based on universal prediction algorithm | |
CN108259223B (en) | Unmanned aerial vehicle network system security situation perception evaluation method for preventing GPS deception | |
CN115664868B (en) | Security level determination method, device, electronic equipment and storage medium | |
CN107609330B (en) | Access log mining-based internal threat abnormal behavior analysis method | |
CN103078852B (en) | Method and device for judging asset states | |
CN109802966A (en) | A kind of network intrusions behavioural analysis detection method based on letter frame | |
CN108769032A (en) | Intranet security specialist analytical method and system | |
Chaturvedi et al. | Anomaly detection in network using data mining techniques | |
CN106295356A (en) | A kind of Host Security rank statistical method based on SSR product |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CB03 | Change of inventor or designer information | ||
CB03 | Change of inventor or designer information |
Inventor after: Chen Yu Inventor after: Fang Yiran Inventor after: Lei Ya Inventor after: Guo Mengfei Inventor after: Du Gaoyang Inventor after: Wang Weixiao Inventor before: Chen Yu Inventor before: Lei Ya Inventor before: Guo Mengfei Inventor before: Du Gaoyang Inventor before: Wang Weixiao |