CN109327432A - A kind of method for handling computer network information security events - Google Patents

A kind of method for handling computer network information security events Download PDF

Info

Publication number
CN109327432A
CN109327432A CN201810919260.7A CN201810919260A CN109327432A CN 109327432 A CN109327432 A CN 109327432A CN 201810919260 A CN201810919260 A CN 201810919260A CN 109327432 A CN109327432 A CN 109327432A
Authority
CN
China
Prior art keywords
event
information security
computer network
security
network information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810919260.7A
Other languages
Chinese (zh)
Inventor
王国栋
亓蓓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qilu University of Technology
Original Assignee
Qilu University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qilu University of Technology filed Critical Qilu University of Technology
Priority to CN201810919260.7A priority Critical patent/CN109327432A/en
Publication of CN109327432A publication Critical patent/CN109327432A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

It is disclosed by the invention to belong to information security of computer network technical field, specially a kind of method for handling computer network information security events, the method for handling computer network information security events includes the following steps: S1: data acquisition: being monitored by the realization of computer security network monitor equipment to computer network and system, and obtains the initial data for being able to reflect its safe condition from computer network and system;S2: data analysis;S3: event identifier;S4: event handling, using business reasons and event result as the judgment basis of network information security event type, accurate classification can be made to network information security event, and by carrying out severity mark to network information security event, network information security affair alarm is realized at the first time, then it by establishing feature knowledge library and plan knowledge library, realizes the quick processing to network information security event, substantially increases the safety of computer network information.

Description

A kind of method for handling computer network information security events
Technical field
The present invention relates to information security of computer network technical field, specially a kind of information security of computer network event Processing method.
Background technique
As information-based degree is continuously improved, Networks and information security has become each tissue and organization network development Important component, information security answer by the great attention increasingly by governments at all levels and every profession and trade, information security events Therefore anxious response also becomes more and more important as the last resort of information security packing work, in the primary of Information Security Construction Stage, network security product start to be widely applied.Traditional information security events processing method is when information security events occur It can not accurately judge the type of security incident, can not know at the first time the generation of security incident, to be not easy to peace Total event is effectively handled.For this purpose, it is proposed that a kind of method for handling computer network information security events.
Summary of the invention
The purpose of the present invention is to provide a kind of method for handling computer network information security events, to solve above-mentioned background The traditional information security events processing method proposed in technology can not accurately be judged to pacify when information security events occur The type of total event can not know at the first time the generation of security incident, to be not easy to effectively locate security incident The problem of reason.
To achieve the above object, the invention provides the following technical scheme: a kind of information security of computer network event handling Method, the method for handling computer network information security events include the following steps:
S1: data acquisition: being monitored computer network and system by the realization of computer security network monitor equipment, And the initial data for being able to reflect its safe condition is obtained from computer network and system;
S2: data analysis: the initial data of acquisition being analyzed, network information security event is judged whether there is, if There are information security of computer network events, then carry out type judgement to information security of computer network event;
S3: event identifier: establishing security incident feature knowledge library, according to the type of information security of computer network event, It realizes and information security of computer network event severities is identified;
S4: event handling: being filtered security incident, and constantly updates variable, then issues with complete and can The warning information of letter, establishment strategy knowledge base are further analyzed according to the knowledge in plan knowledge library, then to safety into Row processing.
Preferably, the computer security network monitor equipment in the step S1 includes IDS, router and firewall.
Preferably, the type judgement method of security incident is in the step S2, from event body, event result, event Reason and implementation path carry out the type judgement of event.
Preferably, the event body be manufacture Networks and information security event external factor, including natural calamity and Attacker;The event result be the adverse effect caused by network or information system, including server interrupt, webpage tamper and Information leakage;The business reasons are the immanent cause for causing Networks and information security event, including safety management problem, configuration Problem, software defect and material resources problem;The implementation path is the channel or method of Networks and information security event implementation, including Password cracking, distributed denial of service supply and SQL injection.
Preferably, the instant risk of equipment is indicated in the step S3 by severity mark security incident, and to control Panel issues warning information.
Compared with prior art, the beneficial effects of the present invention are: a kind of information security of computer network that the invention proposes Event-handling method can be to net using business reasons and event result as the judgment basis of network information security event type Network information security events make accurate classification, and by carrying out severity mark to network information security event, at the first time It realizes network information security affair alarm, then by establishing feature knowledge library and plan knowledge library, realizes and the network information is pacified The quick processing of total event, substantially increases the safety of computer network information.
Detailed description of the invention
Fig. 1 is processing method flow chart of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Referring to Fig. 1, the present invention provides a kind of technical solution: a kind of method for handling computer network information security events, The method for handling computer network information security events includes the following steps:
S1: data acquisition: being monitored computer network and system by the realization of computer security network monitor equipment, And the initial data for being able to reflect its safe condition is obtained from computer network and system;
S2: data analysis: the initial data of acquisition being analyzed, network information security event is judged whether there is, if There are information security of computer network events, then carry out type judgement to information security of computer network event;
S3: event identifier: establishing security incident feature knowledge library, according to the type of information security of computer network event, It realizes and information security of computer network event severities is identified;
S4: event handling: being filtered security incident, and constantly updates variable, then issues with complete and can The warning information of letter, establishment strategy knowledge base are further analyzed according to the knowledge in plan knowledge library, then to safety into Row processing.
Wherein, the computer security network monitor equipment in the step S1 includes IDS, router and firewall, described The type judgement method of security incident is in step S2, carries out thing from event body, event result, business reasons and implementation path The type of part judges, the event body be the external factor for manufacturing Networks and information security event, including natural calamity with attack The person of hitting;The event result is the adverse effect caused by network or information system, including server interruption, webpage tamper and letter Breath leakage;The business reasons are the immanent cause for causing Networks and information security event, including safety management problem, configuration are asked Topic, software defect and material resources problem;The implementation path is the channel or method of Networks and information security event implementation, including mouth Order cracks, distributed denial of service supplies and SQL injection, indicates equipment by severity mark security incident in the step S3 Instant risk, and to control panel issue warning information.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding And modification, the scope of the present invention is defined by the appended.

Claims (5)

1. a kind of method for handling computer network information security events, it is characterised in that: the information security of computer network event Processing method includes the following steps:
S1: data acquisition: being monitored computer network and system by the realization of computer security network monitor equipment, and from The initial data for being able to reflect its safe condition is obtained in computer network and system;
S2: data analysis: the initial data of acquisition is analyzed, judges whether there is network information security event, if it exists Information security of computer network event then carries out type judgement to information security of computer network event;
S3: event identifier: establishing security incident feature knowledge library, according to the type of information security of computer network event, realizes Information security of computer network event severities are identified;
S4: event handling: being filtered security incident, and constantly updates variable, then issues with complete and believable Warning information, establishment strategy knowledge base are further analyzed according to the knowledge in plan knowledge library, then to safety at Reason.
2. a kind of method for handling computer network information security events according to claim 1, it is characterised in that: the step Computer security network monitor equipment in rapid S1 includes IDS, router and firewall.
3. a kind of method for handling computer network information security events according to claim 1, it is characterised in that: the step The type judgement method of security incident is in rapid S2, carries out event from event body, event result, business reasons and implementation path Type judgement.
4. a kind of method for handling computer network information security events according to claim 3, it is characterised in that: the thing Part main body is to manufacture the external factor of Networks and information security event, including natural calamity and attacker;The event result is The adverse effect caused by network or information system, including server interruption, webpage tamper and information leakage;The business reasons It is asked for the immanent cause for causing Networks and information security event, including safety management problem, allocation problem, software defect and material resources Topic;The implementation path is the channel or method of Networks and information security event implementation, including password cracking, distributed refusal clothes Business supply and SQL injection.
5. a kind of method for handling computer network information security events according to claim 1, it is characterised in that: the step The instant risk of equipment is indicated in rapid S3 by severity mark security incident, and warning information is issued to control panel.
CN201810919260.7A 2018-08-14 2018-08-14 A kind of method for handling computer network information security events Pending CN109327432A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810919260.7A CN109327432A (en) 2018-08-14 2018-08-14 A kind of method for handling computer network information security events

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810919260.7A CN109327432A (en) 2018-08-14 2018-08-14 A kind of method for handling computer network information security events

Publications (1)

Publication Number Publication Date
CN109327432A true CN109327432A (en) 2019-02-12

Family

ID=65264120

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810919260.7A Pending CN109327432A (en) 2018-08-14 2018-08-14 A kind of method for handling computer network information security events

Country Status (1)

Country Link
CN (1) CN109327432A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110163470A (en) * 2019-04-04 2019-08-23 阿里巴巴集团控股有限公司 Case evaluating method and device
CN112351004A (en) * 2020-10-23 2021-02-09 烟台南山学院 Computer network based information security event processing system and method
CN112487419A (en) * 2020-11-30 2021-03-12 扬州大自然网络信息有限公司 Computer network information security event processing method
CN112487418A (en) * 2020-11-30 2021-03-12 扬州大自然网络信息有限公司 Processing method for dealing with computer network information security event

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1447263A (en) * 2003-03-17 2003-10-08 上海金诺网络安全技术发展股份有限公司 Method for handling computer network information security events
US20130317862A1 (en) * 2012-05-22 2013-11-28 Steven J. Fernandes System and method to predict an insurance policy benefit associated with telematics data
CN105389675A (en) * 2015-12-23 2016-03-09 北京安托软件技术有限公司 Business process management system
CN107590386A (en) * 2017-08-16 2018-01-16 腾讯科技(深圳)有限公司 Processing method, device, storage medium and the computer equipment of security event information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1447263A (en) * 2003-03-17 2003-10-08 上海金诺网络安全技术发展股份有限公司 Method for handling computer network information security events
US20130317862A1 (en) * 2012-05-22 2013-11-28 Steven J. Fernandes System and method to predict an insurance policy benefit associated with telematics data
CN105389675A (en) * 2015-12-23 2016-03-09 北京安托软件技术有限公司 Business process management system
CN107590386A (en) * 2017-08-16 2018-01-16 腾讯科技(深圳)有限公司 Processing method, device, storage medium and the computer equipment of security event information

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张玉兰等: "基于信息安全事件的应急处理机制研究与实践", 《信息安全与技术》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110163470A (en) * 2019-04-04 2019-08-23 阿里巴巴集团控股有限公司 Case evaluating method and device
CN110163470B (en) * 2019-04-04 2023-05-30 创新先进技术有限公司 Event evaluation method and device
CN112351004A (en) * 2020-10-23 2021-02-09 烟台南山学院 Computer network based information security event processing system and method
CN112487419A (en) * 2020-11-30 2021-03-12 扬州大自然网络信息有限公司 Computer network information security event processing method
CN112487418A (en) * 2020-11-30 2021-03-12 扬州大自然网络信息有限公司 Processing method for dealing with computer network information security event

Similar Documents

Publication Publication Date Title
CN109327432A (en) A kind of method for handling computer network information security events
US10594714B2 (en) User and entity behavioral analysis using an advanced cyber decision platform
CN104506507A (en) Honey net safeguard system and honey net safeguard method for SDN (self-defending network)
WO2018095098A1 (en) Network security protection method and device
CN108551449B (en) Anti-virus management system and method
CN103905459A (en) Cloud-based intelligent security defense system and defense method
CN112787992A (en) Method, device, equipment and medium for detecting and protecting sensitive data
KR100639997B1 (en) Method for evaluation of network security level of customer network and apparatus thereof
CN112926048B (en) Abnormal information detection method and device
CN106789982B (en) Safety protection method and system applied to industrial control system
CN109995794A (en) A kind of security protection system, method, equipment and storage medium
CN112217803A (en) Real-time network security threat early warning analysis method and device
CN110708340A (en) Enterprise private network security supervision system
CN107294971A (en) The Threat sort method in server attack source
CN106953874B (en) Website falsification-proof method and device
CN110149300A (en) Network flow analysis method and its related system
CN110460558B (en) Method and system for discovering attack model based on visualization
CN110378120A (en) Application programming interfaces attack detection method, device and readable storage medium storing program for executing
CN108667812A (en) The white ring border Analysis on confidence method that multi objective for private host scores
CN104883345B (en) A kind of network security character automatically dispose method and system
CN111107035B (en) Security situation sensing and protecting method and device based on behavior identification
CN107451468A (en) A kind of safety on line detection implementation method of control device
Miloslavskaya et al. Taxonomy for unsecure digital information processing
CN106302387A (en) A kind of management system of computer network security
KR20210141198A (en) Network security system that provides security optimization function of internal network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190212