CN108737186B - Intranet security situation sensing method - Google Patents

Intranet security situation sensing method Download PDF

Info

Publication number
CN108737186B
CN108737186B CN201810503150.2A CN201810503150A CN108737186B CN 108737186 B CN108737186 B CN 108737186B CN 201810503150 A CN201810503150 A CN 201810503150A CN 108737186 B CN108737186 B CN 108737186B
Authority
CN
China
Prior art keywords
intranet
access path
access
threshold value
intranet data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810503150.2A
Other languages
Chinese (zh)
Other versions
CN108737186A (en
Inventor
陈宇
雷亚
郭梦非
杜高杨
王伟晓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Tianrui Information Technology Co ltd
Original Assignee
Zhengzhou Xinda Tianrui Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Tianrui Information Technology Co ltd filed Critical Zhengzhou Xinda Tianrui Information Technology Co ltd
Priority to CN201810503150.2A priority Critical patent/CN108737186B/en
Publication of CN108737186A publication Critical patent/CN108737186A/en
Application granted granted Critical
Publication of CN108737186B publication Critical patent/CN108737186B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Abstract

The invention provides an intranet security situation perception method, which comprises the following steps of 1, analyzing, counting and summarizing an access path of intranet data; step 2, dividing the access path of the summarized intranet data into sensitivity levels according to the safety degree; step 3, setting a weight for each step of the intranet data access path according to the access sequence of the associated intranet data; step 4, setting an early warning threshold value; and 5, carrying out weighted calculation on the sensitivity level of the access path and the weight value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and alarming when the early warning threshold value is exceeded. The method for sensing the safety situation of the intranet has the advantages of strong practicability, simplicity, rapidness, high efficiency, safety and reliability.

Description

Intranet security situation sensing method
Technical Field
The invention relates to an intranet security situation sensing method.
Background
In recent years, important data are stolen continuously, and according to the latest statistical data, 70% of serious attacks to enterprises come from internal personnel in an organization, internal personnel, including internal staff or maintenance personnel providing third-party IT support, and the like, which use the convenience of work, and security problems caused by illegal operations are more frequent and prominent, and the operations are closely related to the business of a client. For such security problems of operation behaviors and violations related to traffic information, a strong measure is necessary to prevent them.
In order to solve the above problems, people are always seeking an ideal technical solution.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides the intranet safety situation sensing method which is strong in practicability, simple in method, fast, efficient, safe and reliable.
In order to achieve the purpose, the invention adopts the technical scheme that: a method for sensing the security situation of an intranet comprises the following steps of 1, analyzing, counting and summarizing access ways of intranet data; step 2, dividing the access path of the summarized intranet data into sensitivity levels according to the safety degree; step 3, setting a weight for each step of the intranet data access path according to the access sequence of the associated intranet data; step 4, setting an early warning threshold value; and 5, carrying out weighted calculation on the sensitivity level of the access path and the weight value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and alarming when the early warning threshold value is exceeded.
Based on the above, the weight value of the next step of the intranet data access path is greater than the weight value of the previous step.
Based on the above, the access ways of a group of intranet data are processed in a segmented mode, the segment threshold value of each segment is set, the segment weighting result of the access ways in each segment is calculated, and if the segment weighting result exceeds the segment threshold value, an alarm is given.
Compared with the prior art, the method has outstanding substantive characteristics and remarkable progress, and particularly, the method has the advantages of strong practicability, simplicity, rapidness, high efficiency, safety and reliability, and has the advantages that the access ways of the intranet data are counted and graded, the weights are set for the access ways according to the operation sequence, and after the sensitivity grade of the access ways and the step number of the operation sequence are subjected to weighting calculation, an alarm is given if the weighting result exceeds the early warning threshold value.
Detailed Description
The technical solution of the present invention is further described in detail by the following embodiments.
A method for sensing the security situation of an intranet comprises the following steps of 1, analyzing, counting and summarizing access ways of intranet data; step 2, dividing the access path of the summarized intranet data into sensitivity levels according to the safety degree; step 3, setting a weight for each step of the intranet data access path according to the access sequence of the associated intranet data; step 4, setting an early warning threshold value; and 5, carrying out weighted calculation on the sensitivity level of the access path and the weight value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and alarming when the early warning threshold value is exceeded.
Specifically, there are multiple access ways to the intranet data, there are conventional ways and also illegal or illegal access ways, the possible access ways of each intranet data are analyzed and counted, all the possible access ways are summarized after being counted, and all the counted possible access ways are classified into sensitivity levels according to the security degree of the access ways. In practice, the access to the intranet data is usually access to a group of data, and a weight is set for each step of the group of intranet data access routes according to an access sequence of the associated group of intranet data. And carrying out weighted calculation on the sensitivity level of the access path and the weighted value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and if the weighted result exceeds the early warning threshold value, indicating that harm exists to the access of the intranet data, and timely alarming to prevent subsequent illegal and invasive operation.
Preferably, the access ways of a group of intranet data are further processed in a segmented manner, a segment threshold value of each segment is set, a segment weighting result of the access ways in each segment is calculated, and an alarm is given when the segment weighting result exceeds the segment threshold value. If the access way of a group of intranet data is ten steps, dividing each three steps into one section and four sections, setting a section threshold value for each section, comparing the weighting result in each section with the section threshold value, and giving an alarm in time if the weighting result exceeds the section threshold value, so that the security situation perception sensitivity is further improved.
Finally, it should be noted that the above examples are only used to illustrate the technical solutions of the present invention and not to limit the same; although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art will understand that: modifications to the specific embodiments of the invention or equivalent substitutions for parts of the technical features may be made; without departing from the spirit of the present invention, it is intended to cover all aspects of the invention as defined by the appended claims.

Claims (3)

1. An intranet security situation awareness method is characterized by comprising the following steps: comprises that
Step 1, analyzing, counting and summarizing access ways of intranet data;
step 2, dividing the access path of the summarized intranet data into sensitivity levels according to the safety degree;
step 3, setting a weight for each step of the intranet data access path according to the access sequence of the associated intranet data;
step 4, setting an early warning threshold value;
and 5, carrying out weighted calculation on the sensitivity level of the access path and the weight value of the current step number of the access path, comparing the weighted result of the access path of the intranet data with the early warning threshold value, and alarming when the early warning threshold value is exceeded.
2. The intranet security situation awareness method according to claim 1, wherein: the weighted value of the next step of the intranet data access path is larger than that of the previous step.
3. The intranet security situation awareness method according to claim 1, wherein: and carrying out sectional processing on the access ways of the intranet data, setting a section threshold value of each section, calculating a section weighting result of the access ways in each section, and giving an alarm if the section weighting result exceeds the section threshold value.
CN201810503150.2A 2018-05-23 2018-05-23 Intranet security situation sensing method Active CN108737186B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810503150.2A CN108737186B (en) 2018-05-23 2018-05-23 Intranet security situation sensing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810503150.2A CN108737186B (en) 2018-05-23 2018-05-23 Intranet security situation sensing method

Publications (2)

Publication Number Publication Date
CN108737186A CN108737186A (en) 2018-11-02
CN108737186B true CN108737186B (en) 2020-12-29

Family

ID=63935025

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810503150.2A Active CN108737186B (en) 2018-05-23 2018-05-23 Intranet security situation sensing method

Country Status (1)

Country Link
CN (1) CN108737186B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110109998B (en) * 2019-05-17 2023-05-30 贵州数据宝网络科技有限公司 Intelligent data transaction integration system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070883A (en) * 2017-02-28 2017-08-18 青岛海信移动通信技术股份有限公司 The method and device of safety detection is carried out to wireless network
CN107124410A (en) * 2017-04-25 2017-09-01 厦门卓讯信息技术有限公司 Network safety situation feature clustering method based on machine deep learning
CN107809321A (en) * 2016-09-08 2018-03-16 南京联成科技发展股份有限公司 A kind of security risk assessment and the implementation method of alarm generation

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7171467B2 (en) * 2002-06-13 2007-01-30 Engedi Technologies, Inc. Out-of-band remote management station

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107809321A (en) * 2016-09-08 2018-03-16 南京联成科技发展股份有限公司 A kind of security risk assessment and the implementation method of alarm generation
CN107070883A (en) * 2017-02-28 2017-08-18 青岛海信移动通信技术股份有限公司 The method and device of safety detection is carried out to wireless network
CN107124410A (en) * 2017-04-25 2017-09-01 厦门卓讯信息技术有限公司 Network safety situation feature clustering method based on machine deep learning

Also Published As

Publication number Publication date
CN108737186A (en) 2018-11-02

Similar Documents

Publication Publication Date Title
CN106060043B (en) A kind of detection method and device of abnormal flow
CN105407103B (en) A kind of Cyberthreat appraisal procedure based on more granularity abnormality detections
CN111669375B (en) Online safety situation assessment method and system for power industrial control terminal
EP3267348B1 (en) Method and apparatus for recognizing risk behavior
CN104486141B (en) A kind of network security situation prediction method that wrong report is adaptive
CN105516130B (en) Data processing method and device
CN107239707A (en) A kind of threat data processing method for information system
CN108989150A (en) A kind of login method for detecting abnormality and device
CN106295349A (en) Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen
CN105868629B (en) Security threat situation assessment method suitable for electric power information physical system
CN103441982A (en) Intrusion alarm analyzing method based on relative entropy
CN109257393A (en) XSS attack defence method and device based on machine learning
CN107016298B (en) Webpage tampering monitoring method and device
CN105681274B (en) A kind of method and device of original alarm information processing
CN108737186B (en) Intranet security situation sensing method
CN103546319B (en) The alarming flow method and system of the network equipment
Otuoze et al. Electricity theft detection framework based on universal prediction algorithm
CN108259223B (en) Unmanned aerial vehicle network system security situation perception evaluation method for preventing GPS deception
CN115664868B (en) Security level determination method, device, electronic equipment and storage medium
CN107609330B (en) Access log mining-based internal threat abnormal behavior analysis method
CN103078852B (en) Method and device for judging asset states
CN109802966A (en) A kind of network intrusions behavioural analysis detection method based on letter frame
CN108769032A (en) Intranet security specialist analytical method and system
Chaturvedi et al. Anomaly detection in network using data mining techniques
CN106295356A (en) A kind of Host Security rank statistical method based on SSR product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Chen Yu

Inventor after: Fang Yiran

Inventor after: Lei Ya

Inventor after: Guo Mengfei

Inventor after: Du Gaoyang

Inventor after: Wang Weixiao

Inventor before: Chen Yu

Inventor before: Lei Ya

Inventor before: Guo Mengfei

Inventor before: Du Gaoyang

Inventor before: Wang Weixiao