CN110032869A - A kind of cloud computing protection early warning system based on big data - Google Patents
A kind of cloud computing protection early warning system based on big data Download PDFInfo
- Publication number
- CN110032869A CN110032869A CN201910315337.4A CN201910315337A CN110032869A CN 110032869 A CN110032869 A CN 110032869A CN 201910315337 A CN201910315337 A CN 201910315337A CN 110032869 A CN110032869 A CN 110032869A
- Authority
- CN
- China
- Prior art keywords
- viroid
- module
- grade
- analysis
- enlivens
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Early warning system, including defence acquisition module, data analysis module, analysis and processing module, database, scheme recording module, information sharing module, assessment of risks module and display module are protected in the cloud computing based on big data that the invention discloses a kind of;The present invention is to analyze according to the formulation to each viroid to obtain the different Virus Types for enlivening grade, and each viroid and its solution corresponding to grade are enlivened by first and is transferred to staff together, and it updates, the solution increased is directed into again in defence acquisition module, and second enlivens each viroid corresponding to grade after risk assessment operates, the first hazard class and the second hazard class that will acquire again are respectively processed, and third enlivens each viroid corresponding to grade directly by analysis and processing module, assessment of risks module transfer is to display module, the active division of all kinds of intrusive viruses is combined with danger division, to obtain detailed-oriented processing scheme, greatly improve protection early warning effect.
Description
Technical field
The present invention relates to cloud computings to protect early warning technology field, and early warning is protected in specially a kind of cloud computing based on big data
System.
Background technique
Cloud computing is increase, use and interactive mode based on internet related service, is often related to mentioning according to internet
For the resource of dynamic easily extension and often virtualization.It or distributed computing, parallel computation, effectiveness calculating, network storage,
The product of the traditional computers such as virtualization, load balancing and hot-standby redundancy and network technical development fusion.
And now cloud computing mode be but faced with the attack of virus, and with the development of extensive system for cloud computing, disease
The variation and propagation of poison also become abnormal rapid.And in existing cloud computing protection early warning system, it is difficult to for the work of virus
Jump situation easily causes to defend link quilt to take preparatory control measure because the Different Variation form of similar virus occurs
It breaks through, leverages the safe operation of system for cloud computing;The degree of danger sufficiently according to virus is difficult to simultaneously to be directed to make
Change scheme causes to defend link collapse, leverages cloud computing to avoid the emergent explosion type invasion phenomenon of virus
The protection pre-alerting ability of network.
In order to solve drawbacks described above, a kind of technical solution is now provided.
Summary of the invention
The purpose of the present invention is to provide a kind of, and early warning system is protected in the cloud computing based on big data.
The technical problems to be solved by the invention are as follows:
(1) how according to formulation analysis situation is enlivened obtain each virus, and update accordingly gradually, increases defence number
According to, targetedly to be resisted scheme, avoid because the Different Variation form of similar virus occur due to cause defend link dashed forward
It is broken, leverage the safe operation of system for cloud computing;
(2) how by a kind of effective mode, to analyze the potential danger source in each virus, and to the disease of different hazard class
Poison carries out adaptive processes, causes to defend link collapse, significantly shadow to avoid the emergent explosion type invasion phenomenon of virus
The protection pre-alerting ability of system for cloud computing is rung.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of cloud computing protection early warning system based on big data, including defence acquisition module, data analysis module, analysis processing
Module, database, scheme recording module, information sharing module, assessment of risks module and display module;
The defence acquisition module is used to prevent the invasion of each viroid, and acquires the exclusive letter of all kinds of intrusive viruses in real time
Breath, and proprietary information includes survival duration, survival number and number of times of attack, and Virus Type can be distinguished according to prefix, such as:
The prefix of system virus is Win32, PE, Win95, W32 or W95 etc.;The prefix of worm-type virus is Worm;The prefix of script virus
For Script, VBS or JS etc.;And duration of surviving, survival number and number of times of attack can be come in fact according to firewall or gateway etc.
When obtain, and proprietary information is transmitted to data analysis module;The data analysis module is after receiving proprietary information, to it
In survival duration carry out formulation analysis operation together with number of times of attack, and will acquire first enlivens grade, second active
Grade and third enliven grade and are transmitted to analysis and processing module;
The analysis and processing module enlivens each viroid corresponding to grade for first and is transmitted to database, and extracts in database
Defense schemes corresponding with the viroid are transmitted to defence acquisition module, and then can enliven according to first all kinds of corresponding to grade
Virus makes the update of adaptability, increases automatically, sufficiently to cater to actual defence demand, also by the viroid and its relatively
The defense schemes answered are transmitted to information sharing module together, and defense schemes are laggard via search, the confirmation of scheme recording module
Row typing, and can be according to the mode of information butt joint between scheme recording module and each website, and pass through the search viroid keyword
Or the mode of prefix, to get defense schemes corresponding with the viroid in each website, then after confirming via staff
Carry out typing;To be electrically connected between the information sharing module and the mobile phone of staff, and by the Virus Type received and
Its corresponding defense schemes is shown, staff is enabled timely to recognize more active Virus Type, with
And whether applicable defense schemes are reasonable, play positive effect to protection early warning effect is improved;
The analysis and processing module also enlivens each viroid corresponding to grade for second and is transmitted to assessment of risks module;The danger
Dangerous evaluation module receive second enliven each viroid corresponding to grade after, from defence acquisition module in transfer and the viroid
Corresponding survival number and number of times of attack, and corresponding to the first hazard class that carries out risk assessment operation, while will acquire
Each viroid be transmitted to information sharing module, and each viroid corresponding to the second hazard class is transmitted to display mould
Block;Third is also enlivened each viroid corresponding to grade through assessment of risks module transfer to showing mould by the analysis and processing module
Block adequately to recognize potentially dangerous virus, and may be used also so that staff is in medium active Virus Type
In addition the viral and less active virus without potential danger is sent to display module together, so as to staff's progress
Record viewing, analysis verification etc., help to improve protection early warning effect.
Further, the concrete operation step of the formulation analysis are as follows:
S1: getting all kinds of viral survival durations in the every time in a period, and be demarcated as Xij, i=1...n, j
=1...m, and as j=1, Xi1 is expressed as the first kind viral survival duration in the every time in a period;
S2: first according to formula, j=1...m, each viroid in every time to acquire a period is average
Survival duration, and as j=1, T1 is expressed as the first viroid Average Survival duration in the every time in a period, then
According to formula, j=1...m, all kinds of viral survivals in every time to acquire a period
Duration discrete value, and as j=1, it is discrete that R1 is expressed as the first kind viral survival duration in the every time in a period
Value;
S3: the merging of Q, W collection is first set separately according to Tj, Rj and marks survival duration coefficient Dj accordingly, and Q, W are gathered
Lap be demarcated as b and the Q unitary part gathered be demarcated as a and the W unitary part gathered is demarcated as c, then by
Tj, Rj are right by Tj or Rj institute when meeting Tj and being less than or equal to r more than or equal to t, Rj respectively compared with respective preset value t, r
Each viroid answered is placed in b and Dj is assigned a value of B, big less than t, Rj greater than r and Tj more than or equal to t, Rj when meeting Tj
When r, each viroid corresponding to Tj or Rj is placed in c and Dj is assigned a value of C, is less than or equal to when meeting Tj less than t, Rj
When r, each viroid corresponding to Tj or Rj is placed in a and by Dj assignment A, and B is greater than C and is greater than A;
S4: getting each virus-like attacks number in the every time in a period, and be demarcated as Yij, i=1...n, j
=1...m, and as j=1, Yi1 is expressed as the first virus-like attacks number in the every time in a period;
S5: first according to formula, j=1...m, each virus-like attacks in every time to acquire a period are total
Number, and as j=1, E1 is expressed as the sum of the first virus-like attacks in the every time in a period, and is demarcated as
Coefficient Fj is attacked, then Ej is compared with preset range e, it, will be equal with the Fj of each viroid corresponding to Ej when Ej is located in e
It is assigned a value of q, when Ej is more than or equal to e, will be assigned a value of w with the Fj of each viroid corresponding to Ej, when Ej is less than or equal to e,
It will be assigned a value of s with the Fj of each viroid corresponding to Ej, and w is greater than q and is greater than s, Ej and Tj, Rj are corresponded;
Wherein, a period can be defined as one month, and every time can be defined as every 84 hours;
The data analysis module is when getting Xij and Tj, Rj and Yij and Ej, by the survival duration coefficient corresponding to it
Dj, attack coefficient Fj carry out weight distribution compared to the influence accounting of viral activity, and successively will be corresponding to Dj, Fj distribution
Weighted value k, h, and k is greater than h, k+h=1, while according to formula, j=1...m, to acquire period
Each viroid active degree in every time, and Gj is compared with preset range g, it, will be right with Gj institute when Gj is located in g
Each viroid answered generates second and enlivens grade, when Gj is more than or equal to g, enlivens generating second with each viroid corresponding to Gj
Grade enlivens grade for third is generated with each viroid corresponding to Gj when Gj is less than or equal to g.
Further, the concrete operation step of the risk assessment operation are as follows:
U1: getting all kinds of viral survival numbers and number of times of attack in every section time in a stage, and demarcates one accordingly
Each virus-like attacks success rate Pij, i=1...n, j=1...m in every section time in a stage, and as j=1, Pi1 is indicated
For the first virus-like attacks success rate in every section time in a stage;
U2: first according to formula, i=1...n, come acquire each virus-like attacks in a stage at
Power coefficient, and as i=1, L1 is expressed as the first virus-like attacks success rate coefficient in a stage, then by Li and presets
Value f, andCompared with preset value d, when Li be less than or equal to f,It, will be right with Li institute when more than or equal to d
Each viroid answered generates the first hazard class, and each viroid corresponding to other and Li generates the second hazard class;
Wherein, a period can be defined as one month, and every time can be defined as every 84 hours.
Beneficial effects of the present invention:
The present invention is to enliven the Virus Type of grade according to the formulation analysis to each viroid to obtain difference, and first is enlivened
Each viroid corresponding to grade and its solution are transferred to staff together, and update, the solution that increases imports again
Into defence acquisition module, and second enlivens each viroid corresponding to grade after risk assessment operates, will acquire first
Each viroid corresponding to hazard class is transmitted to information sharing module, and each viroid corresponding to the second hazard class is equal
It is transmitted to display module, and third is enlivened each viroid corresponding to grade and is directly passed by analysis and processing module, assessment of risks module
Display module is transported to, i.e., is combined the active division of all kinds of intrusive viruses with danger division, to obtain detailed-oriented processing side
Case greatly improves protection early warning effect;
1. the present invention is first to acquire the proprietary information of all kinds of intrusive viruses in real time by defence acquisition module, and transmit it to number
According to analysis module, and data analysis module is after receiving proprietary information, to survival duration therein together with number of times of attack into
Row formulation analysis operates, and in formulating analysis operation, by the regional ensembleization analysis of all kinds of viral survival durations and respectively
The normalized analysis of virus-like attacks number combines, and assigns to the survival duration coefficient Dj and attack coefficient Fj that respectively mark
Value, then each viroid active degree and its corresponding each first that enlivens grade, and will acquire are obtained according to weight distribution
It enlivens grade, second enliven grade and third enlivens grade and is transmitted to analysis and processing module, and analysis and processing module enlivens grade for first
Corresponding each viroid is transmitted to database, and extracts defense schemes corresponding with the viroid in database and be transmitted to
Defend acquisition module, so can according to first enliven each viroid corresponding to grade from the dynamic update for making adaptability, increase,
Sufficiently to cater to actual defence demand, the viroid and its corresponding defense schemes are also transmitted to information sharing mould together
Block, and by information sharing module by the Virus Type received and its corresponding defense schemes in the mobile phone of staff
It shows, staff is enabled timely to recognize that more active Virus Type, and applicable defense schemes are
It is no reasonable, positive effect is played to protection early warning effect is improved, effectively avoids the Different Variation form because of similar virus
Occur and cause that link is defendd to be broken, leverages the safe operation of system for cloud computing;
2. the analysis and processing module in the present invention also enlivens each viroid corresponding to grade for second and is transmitted to assessment of risks mould
Block, and assessment of risks module will transfer survival number corresponding with the viroid and number of times of attack from defence acquisition module,
And carry out risk assessment operation, and in risk assessment operation, by the success attack rate coefficient of each viroid and maximum attack at
Power combines, and to obtain each hazard class, and each viroid corresponding to the first hazard class that will acquire is transmitted to information
Sharing module, and each viroid corresponding to the second hazard class is transmitted to display module, while analysis and processing module is also
Third is enlivened into each viroid corresponding to grade through assessment of risks module transfer to display module, so that staff is medium
In active Virus Type, adequately to recognize potentially dangerous virus, and will also can not in addition have potential danger
It is viral be sent to display module together with less active virus, so that staff carries out record viewing, analysis is verified etc.,
Protection early warning effect is helped to improve, causes to defend link collapse to avoid the emergent explosion type invasion phenomenon of virus,
Leverage the protection pre-alerting ability of system for cloud computing.
Detailed description of the invention
In order to facilitate the understanding of those skilled in the art, the present invention will be further described below with reference to the drawings.
Fig. 1 is system block diagram of the invention.
Specific embodiment
As shown in Figure 1, early warning system, including defence acquisition module, data point are protected in a kind of cloud computing based on big data
Analyse module, analysis and processing module, database, scheme recording module, information sharing module, assessment of risks module and display module;
Defence acquisition module is used to prevent the invasion of each viroid, and acquires the proprietary information of all kinds of intrusive viruses in real time, and
Proprietary information includes survival duration, survival number and number of times of attack, and Virus Type can be distinguished according to prefix, such as: system
The prefix of virus is Win32, PE, Win95, W32 or W95 etc.;The prefix of worm-type virus is Worm;The prefix of script virus is
Script, VBS or JS etc.;And duration of surviving, survival number and number of times of attack can be come in real time according to firewall or gateway etc.
It obtains, and proprietary information is transmitted to data analysis module;Data analysis module is deposited after receiving proprietary information to therein
Duration living carries out formulation analysis with number of times of attack together with and operates, and will acquire first enlivens grade, second enlivens grade and the
Three, which enliven grade, is transmitted to analysis and processing module;
Analysis and processing module enlivens each viroid corresponding to grade for first and is transmitted to database, and extracts in database and be somebody's turn to do
The corresponding defense schemes of viroid are transmitted to defence acquisition module, and then can enliven each viroid corresponding to grade according to first
Automatically it makes the update of adaptability, increase, sufficiently to cater to actual defence demand, also by the viroid and its corresponding
Defense schemes are transmitted to information sharing module together, and defense schemes after the search of scheme recording module, confirmation via being recorded
Enter, and can be according to the mode of information butt joint between scheme recording module and each website, and passes through the search viroid keyword or preceding
The mode sewed carries out to get defense schemes corresponding with the viroid in each website, then after confirming via staff
Typing;To be electrically connected between information sharing module and the mobile phone of staff, and by the Virus Type received and its corresponding
Defense schemes show, enable staff timely to recognize more active Virus Type, and be applicable in
Whether defense schemes are reasonable, play positive effect to protection early warning effect is improved;
Analysis and processing module also enlivens each viroid corresponding to grade for second and is transmitted to assessment of risks module;Assessment of risks mould
Block receive second enliven each viroid corresponding to grade after, from defence acquisition module in transfer it is corresponding with the viroid
Survival number and number of times of attack, and all kinds of diseases corresponding to the first hazard class that carries out risk assessment operation, while will acquire
Poison is transmitted to information sharing module, and each viroid corresponding to the second hazard class is transmitted to display module;Analysis
Third is also enlivened each viroid corresponding to grade through assessment of risks module transfer to display module, to work by processing module
Personnel are in medium active Virus Type, adequately to recognize potentially dangerous virus, and will in addition can not also have
The viral and less active virus being potentially dangerous is sent to display module together, so as to staff carry out record viewing,
Analysis verification etc. helps to improve protection early warning effect.
Further, the concrete operation step of analysis is formulated are as follows:
S1: getting all kinds of viral survival durations in the every time in a period, and be demarcated as Xij, i=1...n, j
=1...m, and as j=1, Xi1 is expressed as the first kind viral survival duration in the every time in a period;
S2: first according to formula, j=1...m, each viroid in every time to acquire a period is average
Survival duration, and as j=1, T1 is expressed as the first viroid Average Survival duration in the every time in a period, then
According to formula, j=1...m, all kinds of viral survivals in every time to acquire a period
Duration discrete value, and as j=1, it is discrete that R1 is expressed as the first kind viral survival duration in the every time in a period
Value;
S3: the merging of Q, W collection is first set separately according to Tj, Rj and marks survival duration coefficient Dj accordingly, and Q, W are gathered
Lap be demarcated as b and the Q unitary part gathered be demarcated as a and the W unitary part gathered is demarcated as c, then by
Tj, Rj are right by Tj or Rj institute when meeting Tj and being less than or equal to r more than or equal to t, Rj respectively compared with respective preset value t, r
Each viroid answered is placed in b and Dj is assigned a value of B, big less than t, Rj greater than r and Tj more than or equal to t, Rj when meeting Tj
When r, each viroid corresponding to Tj or Rj is placed in c and Dj is assigned a value of C, is less than or equal to when meeting Tj less than t, Rj
When r, each viroid corresponding to Tj or Rj is placed in a and by Dj assignment A, and B is greater than C and is greater than A;
S4: getting each virus-like attacks number in the every time in a period, and be demarcated as Yij, i=1...n, j
=1...m, and as j=1, Yi1 is expressed as the first virus-like attacks number in the every time in a period;
S5: first according to formula, j=1...m, each virus-like attacks in every time to acquire a period are total
Number, and as j=1, E1 is expressed as the sum of the first virus-like attacks in the every time in a period, and is demarcated as
Coefficient Fj is attacked, then Ej is compared with preset range e, it, will be equal with the Fj of each viroid corresponding to Ej when Ej is located in e
It is assigned a value of q, when Ej is more than or equal to e, will be assigned a value of w with the Fj of each viroid corresponding to Ej, when Ej is less than or equal to e,
It will be assigned a value of s with the Fj of each viroid corresponding to Ej, and w is greater than q and is greater than s, Ej and Tj, Rj are corresponded;
Wherein, a period can be defined as one month, and every time can be defined as every 84 hours;
Data analysis module when getting Xij and Tj, Rj and Yij and Ej, by corresponding to it survival duration coefficient Dj,
The influence accounting that coefficient Fj is attacked compared to viral activity carries out weight distribution, and power successively that Dj, Fj distribution is corresponding
Weight values k, h, and k is greater than h, k+h=1, while according to formula, j=1...m, to acquire the every of period
Each viroid active degree in the section time, and Gj is compared with preset range g, when Gj is located in g, will with corresponding to Gj
Each viroid generate and second enliven grade, when Gj is more than or equal to g, second will be generated with each viroid corresponding to Gj and enlivened
Grade enlivens grade for third is generated with each viroid corresponding to Gj when Gj is less than or equal to g.
Further, the concrete operation step of risk assessment operation are as follows:
U1: getting all kinds of viral survival numbers and number of times of attack in every section time in a stage, and demarcates one accordingly
Each virus-like attacks success rate Pij, i=1...n, j=1...m in every section time in a stage, and as j=1, Pi1 is indicated
For the first virus-like attacks success rate in every section time in a stage;
U2: first according to formula, i=1...n, come acquire each virus-like attacks in a stage at
Power coefficient, and as i=1, L1 is expressed as the first virus-like attacks success rate coefficient in a stage, then by Li and presets
Value f, andCompared with preset value d, when Li be less than or equal to f,It, will be right with Li institute when more than or equal to d
Each viroid answered generates the first hazard class, and each viroid corresponding to other and Li generates the second hazard class;
Wherein, a period can be defined as one month, and every time can be defined as every 84 hours.
A kind of cloud computing protection early warning system based on big data, during the work time, first by defence acquisition module real
When acquire the proprietary information of all kinds of intrusive viruses, and transmit it to data analysis module, and data analysis module is receiving
After proprietary information, formulation analysis operation is carried out together with number of times of attack to survival duration therein, and in formulation analysis behaviour
In work, the regional ensembleization of all kinds of viral survival durations is analyzed and is combined with the normalized analysis of each virus-like attacks number,
And each viroid is active to be shown with coefficient Fj assignment, then foundation weight distribution is attacked to the survival duration coefficient Dj respectively marked
Degree and its corresponding each first that enlivens grade, and will acquire enliven grade, second enliven grade and third is enlivened grade and transmitted
To analysis and processing module, and analysis and processing module enlivens each viroid corresponding to grade for first and is transmitted to database, and mentions
Defense schemes corresponding with the viroid in database are taken to be transmitted to defence acquisition module, and then can be according to the first active grade institute
Corresponding each viroid makes the update of adaptability from moving, increases, sufficiently to cater to actual defence demand, also by such disease
Malicious and its corresponding defense schemes are transmitted to information sharing module, and the virus that will be received by information sharing module together
Type and its corresponding defense schemes are shown in the mobile phone of staff, and staff is timely understood
To more active Virus Type, and whether applicable defense schemes are reasonable, play actively to protection early warning effect is improved
Effect, effectively avoiding because the Different Variation form of similar virus occurs causes that link is defendd to be broken, and leverages
The safe operation of system for cloud computing;
And analysis and processing module also enlivens each viroid corresponding to grade for second and is transmitted to assessment of risks module, and danger is commented
Survival number corresponding with the viroid and number of times of attack will be transferred from defence acquisition module by estimating module, and be carried out risk and commented
Estimate operation, and in risk assessment operation, the success attack rate coefficient of each viroid is combined with maximum success attack rate, with
Each viroid corresponding to the first hazard class that obtains each hazard class, and will acquire is transmitted to information sharing module, and
Each viroid corresponding to second hazard class is transmitted to display module, while third is also enlivened a grade institute by analysis and processing module
Corresponding each viroid is through assessment of risks module transfer to display module, so that staff is in medium active Virus Type
In, adequately to recognize potentially dangerous virus, and will also can not in addition have the viral of potential danger and less live
The virus of jump is sent to display module together, so that staff carries out record viewing, analysis verification etc., helps to improve protection
Early warning effect causes to defend link collapse, leverages cloud meter to avoid the emergent explosion type invasion phenomenon of virus
Calculate the protection pre-alerting ability of network.
Above content is only to structure of the invention example and explanation, affiliated those skilled in the art couple
Described specific embodiment does various modifications or additions or is substituted in a similar manner, without departing from invention
Structure or beyond the scope defined by this claim, is within the scope of protection of the invention.
Claims (3)
1. early warning system is protected in a kind of cloud computing based on big data, which is characterized in that including defence acquisition module, data analysis
Module, analysis and processing module, database, scheme recording module, information sharing module, assessment of risks module and display module;
The defence acquisition module is used to prevent the invasion of each viroid, and acquires the exclusive letter of all kinds of intrusive viruses in real time
Breath, and proprietary information includes survival duration, survival number and number of times of attack, and proprietary information is transmitted to data analysis module;
The data analysis module carries out formulation point after receiving proprietary information, to survival duration therein together with number of times of attack
Analysis operation, and will acquire first enlivens grade, second enlivens grade and third enlivens grade and is transmitted to analysis and processing module;
The analysis and processing module enlivens each viroid corresponding to grade for first and is transmitted to database, and extracts in database
Defense schemes corresponding with the viroid are transmitted to defence acquisition module, also by the viroid and its corresponding defense schemes
It is transmitted to information sharing module together, and defense schemes are via carrying out typing after the search of scheme recording module, confirmation;The letter
It ceases to be electrically connected between sharing module and the mobile phone of staff, and by the Virus Type received and its corresponding defender
Case is shown;
The analysis and processing module also enlivens each viroid corresponding to grade for second and is transmitted to assessment of risks module;The danger
Dangerous evaluation module receive second enliven each viroid corresponding to grade after, from defence acquisition module in transfer and the viroid
Corresponding survival number and number of times of attack, and corresponding to the first hazard class that carries out risk assessment operation, while will acquire
Each viroid be transmitted to information sharing module, and each viroid corresponding to the second hazard class is transmitted to display mould
Block;Third is also enlivened each viroid corresponding to grade through assessment of risks module transfer to showing mould by the analysis and processing module
Block.
2. early warning system is protected in a kind of cloud computing based on big data according to claim 1, which is characterized in that the public affairs
The concrete operation step of formulaization analysis are as follows:
S1: getting all kinds of viral survival durations in the every time in a period, and be demarcated as Xij, i=1...n, j
=1...m;
S2: first according to formula, j=1...m, each viroid in every time to acquire a period averagely deposits
Duration living, then according to formula, j=1...m is all kinds of in the every time to acquire a period
Viral survival duration discrete value;
S3: the merging of Q, W collection is first set separately according to Tj, Rj and marks survival duration coefficient Dj accordingly, and Q, W are gathered
Lap be demarcated as b and the Q unitary part gathered be demarcated as a and the W unitary part gathered is demarcated as c, then by
Tj, Rj are right by Tj or Rj institute when meeting Tj and being less than or equal to r more than or equal to t, Rj respectively compared with respective preset value t, r
Each viroid answered is placed in b and Dj is assigned a value of B, big less than t, Rj greater than r and Tj more than or equal to t, Rj when meeting Tj
When r, each viroid corresponding to Tj or Rj is placed in c and Dj is assigned a value of C, is less than or equal to when meeting Tj less than t, Rj
When r, each viroid corresponding to Tj or Rj is placed in a and by Dj assignment A, and B is greater than C and is greater than A;
S4: getting each virus-like attacks number in the every time in a period, and be demarcated as Yij, i=1...n, j
=1...m;
S5: first according to formula, j=1...m, each virus-like attacks in every time to acquire a period are total
Number, and be demarcated as attacking coefficient Fj, then Ej is compared with preset range e, when Ej is located in e, will with corresponding to Ej
The Fj of each viroid be assigned a value of q, when Ej is more than or equal to e, will be assigned a value of w with the Fj of each viroid corresponding to Ej,
When Ej is less than or equal to e, it will be assigned a value of s with the Fj of each viroid corresponding to Ej, and w is greater than q and is greater than s, Ej and Tj, Rj mono-
One is corresponding;
Wherein, a period can be defined as one month, and every time can be defined as every 84 hours;
The data analysis module is when getting Xij and Tj, Rj and Yij and Ej, by the survival duration coefficient corresponding to it
Dj, attack coefficient Fj carry out weight distribution compared to the influence accounting of viral activity, and successively will be corresponding to Dj, Fj distribution
Weighted value k, h, and k is greater than h, k+h=1, while according to formula, j=1...m, to acquire period
Each viroid active degree in every time, and Gj is compared with preset range g, it, will be right with Gj institute when Gj is located in g
Each viroid answered generates second and enlivens grade, when Gj is more than or equal to g, enlivens generating second with each viroid corresponding to Gj
Grade enlivens grade for third is generated with each viroid corresponding to Gj when Gj is less than or equal to g.
3. early warning system is protected in a kind of cloud computing based on big data according to claim 1, which is characterized in that the wind
The concrete operation step of dangerous evaluation operation are as follows:
U1: getting all kinds of viral survival numbers and number of times of attack in every section time in a stage, and demarcates one accordingly
Each virus-like attacks success rate Pij, i=1...n, j=1...m in every section time in a stage;
U2: first according to formula, i=1...n, come acquire each virus-like attacks in a stage at
Power coefficient, then by Li and preset value f, andCompared with preset value d, when Li be less than or equal to f,Greatly
When being equal to d, the first hazard class will be generated with each viroid corresponding to Li, and each viroid corresponding to other and Li generates
Second hazard class;
Wherein, a period can be defined as one month, and every time can be defined as every 84 hours.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910315337.4A CN110032869B (en) | 2019-04-19 | 2019-04-19 | Cloud computing protection early warning system based on big data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910315337.4A CN110032869B (en) | 2019-04-19 | 2019-04-19 | Cloud computing protection early warning system based on big data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110032869A true CN110032869A (en) | 2019-07-19 |
CN110032869B CN110032869B (en) | 2022-08-09 |
Family
ID=67239017
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910315337.4A Active CN110032869B (en) | 2019-04-19 | 2019-04-19 | Cloud computing protection early warning system based on big data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110032869B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110798484A (en) * | 2019-11-13 | 2020-02-14 | 珠海市鸿瑞信息技术股份有限公司 | Industrial control protocol characteristic attack filtering and analyzing system |
CN113722573A (en) * | 2020-05-26 | 2021-11-30 | 中国电信股份有限公司 | Method, system and storage medium for generating network security threat data set |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103092739A (en) * | 2013-01-18 | 2013-05-08 | 浪潮电子信息产业股份有限公司 | Memory error checking and correcting (ECC) error reporting and alarm mechanism |
CN103118036A (en) * | 2013-03-07 | 2013-05-22 | 上海电机学院 | Cloud end based intelligent security protection system and method |
CN104065622A (en) * | 2013-03-20 | 2014-09-24 | 腾讯科技(深圳)有限公司 | Security early warning method and apparatus of network equipment |
CN105376222A (en) * | 2015-10-30 | 2016-03-02 | 四川九洲电器集团有限责任公司 | Intelligent defense system based on cloud computing platform |
US20160359899A1 (en) * | 2012-02-29 | 2016-12-08 | Cytegic Ltd. | System and method for cyber attacks analysis and decision support |
CN107360188A (en) * | 2017-08-23 | 2017-11-17 | 杭州安恒信息技术有限公司 | Website value-at-risk appraisal procedure and device based on cloud protection and cloud monitoring system |
CN109005168A (en) * | 2018-07-25 | 2018-12-14 | 安徽三实信息技术服务有限公司 | A kind of network security warning system and method for early warning |
CN109543025A (en) * | 2018-12-04 | 2019-03-29 | 雄商网络科技(上海)有限公司 | A kind of enterprise web site construction information displaying delivery system |
-
2019
- 2019-04-19 CN CN201910315337.4A patent/CN110032869B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160359899A1 (en) * | 2012-02-29 | 2016-12-08 | Cytegic Ltd. | System and method for cyber attacks analysis and decision support |
CN103092739A (en) * | 2013-01-18 | 2013-05-08 | 浪潮电子信息产业股份有限公司 | Memory error checking and correcting (ECC) error reporting and alarm mechanism |
CN103118036A (en) * | 2013-03-07 | 2013-05-22 | 上海电机学院 | Cloud end based intelligent security protection system and method |
CN104065622A (en) * | 2013-03-20 | 2014-09-24 | 腾讯科技(深圳)有限公司 | Security early warning method and apparatus of network equipment |
CN105376222A (en) * | 2015-10-30 | 2016-03-02 | 四川九洲电器集团有限责任公司 | Intelligent defense system based on cloud computing platform |
CN107360188A (en) * | 2017-08-23 | 2017-11-17 | 杭州安恒信息技术有限公司 | Website value-at-risk appraisal procedure and device based on cloud protection and cloud monitoring system |
CN109005168A (en) * | 2018-07-25 | 2018-12-14 | 安徽三实信息技术服务有限公司 | A kind of network security warning system and method for early warning |
CN109543025A (en) * | 2018-12-04 | 2019-03-29 | 雄商网络科技(上海)有限公司 | A kind of enterprise web site construction information displaying delivery system |
Non-Patent Citations (3)
Title |
---|
A.S.SENDI 等: ""Cloud Computing: A Risk Assessment Model,"", 《2014 IEEE INTERNATIONAL CONFERENCE ON CLOUD ENGINEERING》 * |
张华杰: ""基于大数据的网络安全防护系统设计与应用"", 《信息通信》 * |
晏裕生: ""基于等级保护的云计算IaaS安全评估研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110798484A (en) * | 2019-11-13 | 2020-02-14 | 珠海市鸿瑞信息技术股份有限公司 | Industrial control protocol characteristic attack filtering and analyzing system |
CN110798484B (en) * | 2019-11-13 | 2021-10-01 | 珠海市鸿瑞信息技术股份有限公司 | Industrial control protocol characteristic attack filtering and analyzing system |
CN113722573A (en) * | 2020-05-26 | 2021-11-30 | 中国电信股份有限公司 | Method, system and storage medium for generating network security threat data set |
CN113722573B (en) * | 2020-05-26 | 2024-02-09 | 中国电信股份有限公司 | Method, system and storage medium for generating network security threat data set |
Also Published As
Publication number | Publication date |
---|---|
CN110032869B (en) | 2022-08-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Chen et al. | Phishing Scam Detection on Ethereum: Towards Financial Security for Blockchain Ecosystem. | |
CN103227798B (en) | A kind of immunological network system | |
CN103561004B (en) | Cooperating type Active Defending System Against based on honey net | |
CN107046543A (en) | A kind of threat intelligence analysis system traced to the source towards attack | |
US20120167161A1 (en) | Apparatus and method for controlling security condition of global network | |
Lippmann et al. | The 1999 DARPA off-line intrusion detection evaluation | |
Pearce et al. | Characterizing large-scale click fraud in zeroaccess | |
CN104509034B (en) | Pattern merges to identify malicious act | |
CN108494746A (en) | A kind of network port Traffic anomaly detection method and system | |
CN101262351B (en) | A network tracking system | |
CN103858381B (en) | Distributed system and method for tracking and stopping malicious Internet main frame | |
CN106657025A (en) | Network attack behavior detection method and device | |
CN110032869A (en) | A kind of cloud computing protection early warning system based on big data | |
CN106534195A (en) | Network attacker behavior analyzing method based on attack graph | |
CN106899601A (en) | Network attack defence installation and method based on cloud and local platform | |
CN109561051A (en) | Content distributing network safety detection method and system | |
CN105024977A (en) | Network tracking system based on digital watermarking and honeypot technology | |
CN108965210A (en) | Safety test platform based on scene-type attacking and defending simulation | |
CN106850613A (en) | A kind of user behavior method for evaluating trust and system based on advanced AHP | |
Chawla et al. | Discrimination of DDoS attacks and flash events using Pearson’s product moment correlation method | |
Signorini et al. | Advise: anomaly detection tool for blockchain systems | |
Guo et al. | A distributed collaborative entrance Defense framework against DDoS attacks on satellite internet | |
CN106789322A (en) | The determination method and apparatus of key node in Information Network | |
US20200366703A1 (en) | System for managing information security attack and defense planning | |
TW201141155A (en) | Alliance type distributed network intrusion prevention system and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |