CN109327432A - A kind of method for handling computer network information security events - Google Patents
A kind of method for handling computer network information security events Download PDFInfo
- Publication number
- CN109327432A CN109327432A CN201810919260.7A CN201810919260A CN109327432A CN 109327432 A CN109327432 A CN 109327432A CN 201810919260 A CN201810919260 A CN 201810919260A CN 109327432 A CN109327432 A CN 109327432A
- Authority
- CN
- China
- Prior art keywords
- event
- information security
- computer network
- security
- network information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3006—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
It is disclosed by the invention to belong to information security of computer network technical field, specially a kind of method for handling computer network information security events, the method for handling computer network information security events includes the following steps: S1: data acquisition: being monitored by the realization of computer security network monitor equipment to computer network and system, and obtains the initial data for being able to reflect its safe condition from computer network and system;S2: data analysis;S3: event identifier;S4: event handling, using business reasons and event result as the judgment basis of network information security event type, accurate classification can be made to network information security event, and by carrying out severity mark to network information security event, network information security affair alarm is realized at the first time, then it by establishing feature knowledge library and plan knowledge library, realizes the quick processing to network information security event, substantially increases the safety of computer network information.
Description
Technical field
The present invention relates to information security of computer network technical field, specially a kind of information security of computer network event
Processing method.
Background technique
As information-based degree is continuously improved, Networks and information security has become each tissue and organization network development
Important component, information security answer by the great attention increasingly by governments at all levels and every profession and trade, information security events
Therefore anxious response also becomes more and more important as the last resort of information security packing work, in the primary of Information Security Construction
Stage, network security product start to be widely applied.Traditional information security events processing method is when information security events occur
It can not accurately judge the type of security incident, can not know at the first time the generation of security incident, to be not easy to peace
Total event is effectively handled.For this purpose, it is proposed that a kind of method for handling computer network information security events.
Summary of the invention
The purpose of the present invention is to provide a kind of method for handling computer network information security events, to solve above-mentioned background
The traditional information security events processing method proposed in technology can not accurately be judged to pacify when information security events occur
The type of total event can not know at the first time the generation of security incident, to be not easy to effectively locate security incident
The problem of reason.
To achieve the above object, the invention provides the following technical scheme: a kind of information security of computer network event handling
Method, the method for handling computer network information security events include the following steps:
S1: data acquisition: being monitored computer network and system by the realization of computer security network monitor equipment,
And the initial data for being able to reflect its safe condition is obtained from computer network and system;
S2: data analysis: the initial data of acquisition being analyzed, network information security event is judged whether there is, if
There are information security of computer network events, then carry out type judgement to information security of computer network event;
S3: event identifier: establishing security incident feature knowledge library, according to the type of information security of computer network event,
It realizes and information security of computer network event severities is identified;
S4: event handling: being filtered security incident, and constantly updates variable, then issues with complete and can
The warning information of letter, establishment strategy knowledge base are further analyzed according to the knowledge in plan knowledge library, then to safety into
Row processing.
Preferably, the computer security network monitor equipment in the step S1 includes IDS, router and firewall.
Preferably, the type judgement method of security incident is in the step S2, from event body, event result, event
Reason and implementation path carry out the type judgement of event.
Preferably, the event body be manufacture Networks and information security event external factor, including natural calamity and
Attacker;The event result be the adverse effect caused by network or information system, including server interrupt, webpage tamper and
Information leakage;The business reasons are the immanent cause for causing Networks and information security event, including safety management problem, configuration
Problem, software defect and material resources problem;The implementation path is the channel or method of Networks and information security event implementation, including
Password cracking, distributed denial of service supply and SQL injection.
Preferably, the instant risk of equipment is indicated in the step S3 by severity mark security incident, and to control
Panel issues warning information.
Compared with prior art, the beneficial effects of the present invention are: a kind of information security of computer network that the invention proposes
Event-handling method can be to net using business reasons and event result as the judgment basis of network information security event type
Network information security events make accurate classification, and by carrying out severity mark to network information security event, at the first time
It realizes network information security affair alarm, then by establishing feature knowledge library and plan knowledge library, realizes and the network information is pacified
The quick processing of total event, substantially increases the safety of computer network information.
Detailed description of the invention
Fig. 1 is processing method flow chart of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Referring to Fig. 1, the present invention provides a kind of technical solution: a kind of method for handling computer network information security events,
The method for handling computer network information security events includes the following steps:
S1: data acquisition: being monitored computer network and system by the realization of computer security network monitor equipment,
And the initial data for being able to reflect its safe condition is obtained from computer network and system;
S2: data analysis: the initial data of acquisition being analyzed, network information security event is judged whether there is, if
There are information security of computer network events, then carry out type judgement to information security of computer network event;
S3: event identifier: establishing security incident feature knowledge library, according to the type of information security of computer network event,
It realizes and information security of computer network event severities is identified;
S4: event handling: being filtered security incident, and constantly updates variable, then issues with complete and can
The warning information of letter, establishment strategy knowledge base are further analyzed according to the knowledge in plan knowledge library, then to safety into
Row processing.
Wherein, the computer security network monitor equipment in the step S1 includes IDS, router and firewall, described
The type judgement method of security incident is in step S2, carries out thing from event body, event result, business reasons and implementation path
The type of part judges, the event body be the external factor for manufacturing Networks and information security event, including natural calamity with attack
The person of hitting;The event result is the adverse effect caused by network or information system, including server interruption, webpage tamper and letter
Breath leakage;The business reasons are the immanent cause for causing Networks and information security event, including safety management problem, configuration are asked
Topic, software defect and material resources problem;The implementation path is the channel or method of Networks and information security event implementation, including mouth
Order cracks, distributed denial of service supplies and SQL injection, indicates equipment by severity mark security incident in the step S3
Instant risk, and to control panel issue warning information.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with
A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding
And modification, the scope of the present invention is defined by the appended.
Claims (5)
1. a kind of method for handling computer network information security events, it is characterised in that: the information security of computer network event
Processing method includes the following steps:
S1: data acquisition: being monitored computer network and system by the realization of computer security network monitor equipment, and from
The initial data for being able to reflect its safe condition is obtained in computer network and system;
S2: data analysis: the initial data of acquisition is analyzed, judges whether there is network information security event, if it exists
Information security of computer network event then carries out type judgement to information security of computer network event;
S3: event identifier: establishing security incident feature knowledge library, according to the type of information security of computer network event, realizes
Information security of computer network event severities are identified;
S4: event handling: being filtered security incident, and constantly updates variable, then issues with complete and believable
Warning information, establishment strategy knowledge base are further analyzed according to the knowledge in plan knowledge library, then to safety at
Reason.
2. a kind of method for handling computer network information security events according to claim 1, it is characterised in that: the step
Computer security network monitor equipment in rapid S1 includes IDS, router and firewall.
3. a kind of method for handling computer network information security events according to claim 1, it is characterised in that: the step
The type judgement method of security incident is in rapid S2, carries out event from event body, event result, business reasons and implementation path
Type judgement.
4. a kind of method for handling computer network information security events according to claim 3, it is characterised in that: the thing
Part main body is to manufacture the external factor of Networks and information security event, including natural calamity and attacker;The event result is
The adverse effect caused by network or information system, including server interruption, webpage tamper and information leakage;The business reasons
It is asked for the immanent cause for causing Networks and information security event, including safety management problem, allocation problem, software defect and material resources
Topic;The implementation path is the channel or method of Networks and information security event implementation, including password cracking, distributed refusal clothes
Business supply and SQL injection.
5. a kind of method for handling computer network information security events according to claim 1, it is characterised in that: the step
The instant risk of equipment is indicated in rapid S3 by severity mark security incident, and warning information is issued to control panel.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810919260.7A CN109327432A (en) | 2018-08-14 | 2018-08-14 | A kind of method for handling computer network information security events |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810919260.7A CN109327432A (en) | 2018-08-14 | 2018-08-14 | A kind of method for handling computer network information security events |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109327432A true CN109327432A (en) | 2019-02-12 |
Family
ID=65264120
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810919260.7A Pending CN109327432A (en) | 2018-08-14 | 2018-08-14 | A kind of method for handling computer network information security events |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109327432A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110163470A (en) * | 2019-04-04 | 2019-08-23 | 阿里巴巴集团控股有限公司 | Case evaluating method and device |
CN112351004A (en) * | 2020-10-23 | 2021-02-09 | 烟台南山学院 | Computer network based information security event processing system and method |
CN112487419A (en) * | 2020-11-30 | 2021-03-12 | 扬州大自然网络信息有限公司 | Computer network information security event processing method |
CN112487418A (en) * | 2020-11-30 | 2021-03-12 | 扬州大自然网络信息有限公司 | Processing method for dealing with computer network information security event |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1447263A (en) * | 2003-03-17 | 2003-10-08 | 上海金诺网络安全技术发展股份有限公司 | Method for handling computer network information security events |
US20130317862A1 (en) * | 2012-05-22 | 2013-11-28 | Steven J. Fernandes | System and method to predict an insurance policy benefit associated with telematics data |
CN105389675A (en) * | 2015-12-23 | 2016-03-09 | 北京安托软件技术有限公司 | Business process management system |
CN107590386A (en) * | 2017-08-16 | 2018-01-16 | 腾讯科技(深圳)有限公司 | Processing method, device, storage medium and the computer equipment of security event information |
-
2018
- 2018-08-14 CN CN201810919260.7A patent/CN109327432A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1447263A (en) * | 2003-03-17 | 2003-10-08 | 上海金诺网络安全技术发展股份有限公司 | Method for handling computer network information security events |
US20130317862A1 (en) * | 2012-05-22 | 2013-11-28 | Steven J. Fernandes | System and method to predict an insurance policy benefit associated with telematics data |
CN105389675A (en) * | 2015-12-23 | 2016-03-09 | 北京安托软件技术有限公司 | Business process management system |
CN107590386A (en) * | 2017-08-16 | 2018-01-16 | 腾讯科技(深圳)有限公司 | Processing method, device, storage medium and the computer equipment of security event information |
Non-Patent Citations (1)
Title |
---|
张玉兰等: "基于信息安全事件的应急处理机制研究与实践", 《信息安全与技术》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110163470A (en) * | 2019-04-04 | 2019-08-23 | 阿里巴巴集团控股有限公司 | Case evaluating method and device |
CN110163470B (en) * | 2019-04-04 | 2023-05-30 | 创新先进技术有限公司 | Event evaluation method and device |
CN112351004A (en) * | 2020-10-23 | 2021-02-09 | 烟台南山学院 | Computer network based information security event processing system and method |
CN112487419A (en) * | 2020-11-30 | 2021-03-12 | 扬州大自然网络信息有限公司 | Computer network information security event processing method |
CN112487418A (en) * | 2020-11-30 | 2021-03-12 | 扬州大自然网络信息有限公司 | Processing method for dealing with computer network information security event |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109327432A (en) | A kind of method for handling computer network information security events | |
US10594714B2 (en) | User and entity behavioral analysis using an advanced cyber decision platform | |
CN104506507A (en) | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) | |
WO2018095098A1 (en) | Network security protection method and device | |
CN108551449B (en) | Anti-virus management system and method | |
CN103905459A (en) | Cloud-based intelligent security defense system and defense method | |
CN112787992A (en) | Method, device, equipment and medium for detecting and protecting sensitive data | |
KR100639997B1 (en) | Method for evaluation of network security level of customer network and apparatus thereof | |
CN112926048B (en) | Abnormal information detection method and device | |
CN106789982B (en) | Safety protection method and system applied to industrial control system | |
CN109995794A (en) | A kind of security protection system, method, equipment and storage medium | |
CN112217803A (en) | Real-time network security threat early warning analysis method and device | |
CN110708340A (en) | Enterprise private network security supervision system | |
CN107294971A (en) | The Threat sort method in server attack source | |
CN106953874B (en) | Website falsification-proof method and device | |
CN110149300A (en) | Network flow analysis method and its related system | |
CN110460558B (en) | Method and system for discovering attack model based on visualization | |
CN110378120A (en) | Application programming interfaces attack detection method, device and readable storage medium storing program for executing | |
CN108667812A (en) | The white ring border Analysis on confidence method that multi objective for private host scores | |
CN104883345B (en) | A kind of network security character automatically dispose method and system | |
CN111107035B (en) | Security situation sensing and protecting method and device based on behavior identification | |
CN107451468A (en) | A kind of safety on line detection implementation method of control device | |
Miloslavskaya et al. | Taxonomy for unsecure digital information processing | |
CN106302387A (en) | A kind of management system of computer network security | |
KR20210141198A (en) | Network security system that provides security optimization function of internal network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190212 |