CN110032869B - Cloud computing protection early warning system based on big data - Google Patents
Cloud computing protection early warning system based on big data Download PDFInfo
- Publication number
- CN110032869B CN110032869B CN201910315337.4A CN201910315337A CN110032869B CN 110032869 B CN110032869 B CN 110032869B CN 201910315337 A CN201910315337 A CN 201910315337A CN 110032869 B CN110032869 B CN 110032869B
- Authority
- CN
- China
- Prior art keywords
- module
- viruses
- various viruses
- defense
- period
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a cloud computing protection early warning system based on big data, which comprises a defense acquisition module, a data analysis module, an analysis processing module, a database, a scheme input module, an information sharing module, a danger assessment module and a display module, wherein the defense acquisition module is used for acquiring the defense data; the invention obtains the virus types of different active levels according to the formulated analysis of various viruses, and transmits various viruses corresponding to the first active level and solutions thereof to workers together, and the updated and added solutions are introduced into the defense acquisition module, and various viruses corresponding to the second active level are subjected to risk assessment operation, then the obtained first risk level and the second risk level are respectively processed, and various viruses corresponding to the third active level are directly transmitted to the display module through the analysis processing module and the risk assessment module, namely, the active division and the risk division of various invasive viruses are combined to obtain a detailed processing scheme, thereby greatly improving the protection early warning effect.
Description
Technical Field
The invention relates to the technical field of cloud computing protection early warning, in particular to a cloud computing protection early warning system based on big data.
Background
Cloud computing is based on the proliferation, usage, and interaction patterns of internet-related services, often involving the provision of dynamically scalable and often virtualized resources in accordance with the internet. The method is also a product of the development and fusion of traditional computer and network technologies, such as distributed computing, parallel computing, utility computing, network storage, virtualization, load balancing, hot backup redundancy and the like.
However, the current cloud computing mode faces virus attacks, and with the development of a large-scale cloud computing network, the mutation and the spread of the virus become extremely rapid. In the existing cloud computing protection early warning system, it is difficult to take a pre-prevention measure aiming at the active condition of the virus, so that the defense link is easily broken through due to the appearance of different variation forms of the same kind of virus, and the safe operation of the cloud computing network is greatly influenced; meanwhile, a targeted scheme is difficult to be made according to the risk degree of the virus, so that the defense link is prevented from being broken down due to the explosive invasion phenomenon of the virus, and the protection early warning capability of the cloud computing network is greatly influenced.
In order to solve the above-mentioned drawbacks, a technical solution is now provided.
Disclosure of Invention
The invention aims to provide a cloud computing protection early warning system based on big data.
The technical problems to be solved by the invention are as follows:
(1) how to obtain the active condition of each virus according to the formulaic analysis, and gradually updating and adding defense data according to the active condition to obtain a targeted defense scheme, so that the situation that the defense link is broken through due to different variation forms of the same type of viruses is avoided, and the safe operation of a cloud computing network is greatly influenced;
(2) how to analyze the potential hazard sources in the viruses through an effective mode and perform adaptive processing on the viruses with different hazard levels so as to avoid the defense link breakdown caused by the sudden burst invasion phenomenon of the viruses and greatly influence the protection early warning capability of the cloud computing network.
The purpose of the invention can be realized by the following technical scheme:
a cloud computing protection early warning system based on big data comprises a defense acquisition module, a data analysis module, an analysis processing module, a database, a scheme input module, an information sharing module, a danger assessment module and a display module;
the defense acquisition module is used for preventing the invasion of various viruses and acquiring the exclusive information of various invading viruses in real time, the exclusive information comprises survival time, survival times and attack times, and virus types can be distinguished according to prefixes, for example: prefixes of the systematic viruses are Win32, PE, Win95, W32, W95 and the like; the prefix of the Worm virus is Worm; the prefix of the Script virus is Script, VBS or JS and the like; the survival time, survival times and attack times can be obtained in real time according to a firewall or gateway equipment and the like, and the exclusive information is transmitted to the data analysis module; after receiving the exclusive information, the data analysis module performs formulated analysis operation on the survival time and the attack times together, and transmits the acquired first active level, second active level and third active level to the analysis processing module;
the analysis processing module transmits various viruses corresponding to the first active level to the database, extracts defense schemes corresponding to the viruses in the database and transmits the defense schemes to the defense acquisition module, so that adaptive updating and addition can be automatically performed according to the viruses corresponding to the first active level, actual defense requirements can be met sufficiently, the viruses and the corresponding defense schemes are transmitted to the information sharing module together, the defense schemes are input after being searched and confirmed by the scheme input module, the scheme input module and each website can be in butt joint according to information, the defense schemes corresponding to the viruses in each website are obtained by searching keywords or prefixes of the viruses and then are input after being confirmed by workers; the information sharing module is electrically connected with the mobile phone of the worker, and displays the received virus type and the corresponding defense scheme, so that the worker can timely know the more active virus type and whether the applicable defense scheme is reasonable or not, and the information sharing module plays a positive role in improving the protection early warning effect;
the analysis processing module also transmits various viruses corresponding to the second active level to the risk assessment module; after receiving various viruses corresponding to the second active level, the risk assessment module calls survival times and attack times corresponding to the viruses from the defense acquisition module, carries out risk assessment operation, simultaneously transmits the various viruses corresponding to the acquired first risk level to the information sharing module, and transmits the various viruses corresponding to the second risk level to the display module; the analysis processing module also transmits various viruses corresponding to the third active level to the display module through the risk assessment module, so that workers can fully know the viruses with potential risks in the medium active virus types, and can also transmit the viruses without potential risks and the viruses which are not very active to the display module together, so that the workers can record, view, analyze, verify and the like, and the protection early warning effect is improved.
Further, the concrete operation steps of the formulated analysis are as follows:
s1: acquiring the survival time length of each type of virus in each time of one period, and calibrating the survival time length as Xij, i is 1.. n, j is 1.. m, and when j is 1, Xi1 is expressed as the survival time length of the first type of virus in each time of one period;
s2: first according to the formulaM, and when j is 1, T1 is expressed as the average survival time of the first type of virus in each period of one period, and then the formula is followedM, and when j is 1, R1 is expressed as the discrete value of the survival time of the first type of virus in each time of one period;
s3: firstly, respectively setting Q, W sets according to Tj and Rj, marking a survival time length coefficient Dj according to the Q, W sets, marking an overlapping part of Q, W sets as B, marking an individual part of a Q set as a, marking an individual part of a W set as C, comparing the Tj and the Rj with respective preset values t and r, respectively, when the Tj is more than or equal to t and the Rj is less than or equal to r, placing various viruses corresponding to the Tj or the Rj in the B and assigning the Dj as B, when the Tj is more than or equal to t and the Rj is more than r, and the Tj is less than t and the Rj is more than r, placing various viruses corresponding to the Tj or the Rj in the C and assigning the Dj as C, when the Tj is less than t and the Rj is less than or equal to r, placing the viruses corresponding to the Tj or the Rj in the a and assigning the Dj to A, and the B is more than C and is more than A;
s4: acquiring the number of various virus attacks in each time of one period, and calibrating the number as Yij, i is 1.. n, j is 1.. m, and when j is 1, Yi1 represents the first number of virus attacks in each time of one period;
s5: first according to the formulaj is 1.. m, the total attack number of various viruses in each period of time in one period is obtained, when j is 1, E1 represents the total attack number of the first type of viruses in each period of time in one period, the total attack number is marked as an attack coefficient Fj, Ej is compared with a preset range E, when Ej is positioned in E, Fj of various viruses corresponding to Ej is assigned as q, when Ej is larger than or equal to E, Fj of various viruses corresponding to Ej is assigned as w, when Ej is smaller than or equal to E, Fj of various viruses corresponding to Ej is assigned as s, and w is larger than s, Ej corresponds to Tj and Rj one to one;
wherein one time period is defined as a monthly time, and each time period is defined as every 84 hours;
the data analysis module performs weight distribution on a survival time length coefficient Dj and an attack coefficient Fj corresponding to the data analysis module compared with the influence ratio of virus activity when obtaining Xij, Tj, Rj and Yij and Ej, sequentially distributes the Dj and the Fj with corresponding weight values k and h, wherein k is larger than h and k + h is 1, meanwhile, the data analysis module obtains the activity degree of various viruses in each period of time according to a formula Gj, namely Dj + k + Fj, j is 1.
Further, the risk assessment operation comprises the following specific operation steps:
u1: obtaining survival times and attack times of various viruses in each section of time of one stage, calibrating attack success rates Pij of various viruses in each section of time of one stage, wherein i is 1.. n, j is 1.. m, and when j is 1, Pi1 is expressed as a first class of virus attack success rate in each section of time of one stage;
u2: firstly, obtaining a success rate coefficient of various virus attacks in one stage according to a formula Li ═ Pij (max) -Pij (min), i ═ 1.. n, wherein when i ═ 1, L1 is expressed as a first success rate coefficient of the virus attacks in one stage, then Li is compared with a preset value f, and Pij (max) is compared with a preset value d, when Li is less than or equal to f, and Pij (max) is greater than or equal to d, various viruses corresponding to Li generate a first risk level, and various other viruses corresponding to Li generate a second risk level;
wherein one time period is defined as a monthly time and each time period is defined as every 84 hours.
The invention has the beneficial effects that:
the invention obtains virus types of different active levels according to the formulated analysis of various viruses, transmits various viruses corresponding to a first active level and solutions thereof to workers, and guides the updated and added solutions into a defense acquisition module, after various viruses corresponding to a second active level are subjected to risk assessment operation, the obtained various viruses corresponding to a first dangerous level are transmitted to an information sharing module, and various viruses corresponding to a second dangerous level are transmitted to a display module, and various viruses corresponding to a third active level are directly transmitted to the display module through an analysis processing module and a danger assessment module, namely, the active meticulous division and the danger division of various invading viruses are combined, so that the quantized processing scheme is obtained, and the protection early warning effect is greatly improved;
1. the invention firstly uses a defense acquisition module to acquire the exclusive information of various invading viruses in real time and transmits the exclusive information to a data analysis module, the data analysis module carries out formulated analysis operation on the survival time and the attack times after receiving the exclusive information, in the formulated analysis operation, the regional collective analysis of the survival time of various viruses is combined with the standardized analysis of the attack times of various viruses, the survival time coefficient Dj and the attack coefficient Fj which are respectively marked are assigned, then the activity degrees of various viruses and the corresponding activity levels are obtained according to weight distribution, the obtained first activity level, second activity level and third activity level are all transmitted to an analysis processing module, the analysis processing module transmits various viruses corresponding to the first activity level to a database, extracts the defense scheme corresponding to the viruses in the database and transmits the defense acquisition module, furthermore, adaptive updating and adding can be automatically performed according to various viruses corresponding to the first active level so as to fully meet the actual defense requirements, the viruses and the corresponding defense schemes thereof are transmitted to the information sharing module together, and the information sharing module displays the received virus types and the corresponding defense schemes thereof in mobile phones of workers, so that the workers can timely know the more active virus types and whether the applicable defense schemes are reasonable or not, the active effect on improving the protection early warning effect is achieved, the situation that the defense links are broken through due to the occurrence of different variation forms of the same viruses is effectively avoided, and the safe operation of the cloud computing network is greatly influenced;
2. the analysis processing module of the invention also transmits various viruses corresponding to the second active level to the risk evaluation module, the risk evaluation module retrieves survival times and attack times corresponding to the viruses from the defense acquisition module and carries out risk evaluation operation, in the risk evaluation operation, the attack success rate coefficient of various viruses is combined with the maximum attack success rate to obtain various risk levels, the obtained various viruses corresponding to the first risk level are transmitted to the information sharing module, the various viruses corresponding to the second risk level are transmitted to the display module, and simultaneously the analysis processing module also transmits various viruses corresponding to the third active level to the display module through the risk evaluation module, so that a worker can fully know the viruses with potential risks in the medium active virus types, and viruses without potential danger and less active viruses can be sent to the display module together, so that the workers can record, watch, analyze and verify the viruses and the like, the protection and early warning effect is improved, the defense link is prevented from being broken down due to the sudden invasion phenomenon of the viruses, and the protection and early warning capability of the cloud computing network is greatly influenced.
Drawings
In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.
FIG. 1 is a block diagram of the system of the present invention.
Detailed Description
As shown in fig. 1, a cloud computing protection early warning system based on big data comprises a defense acquisition module, a data analysis module, an analysis processing module, a database, a scheme entry module, an information sharing module, a danger assessment module and a display module;
the defense acquisition module is used for preventing the invasion of various viruses and acquiring the exclusive information of various invading viruses in real time, the exclusive information comprises survival time, survival times and attack times, and virus types can be distinguished according to prefixes, for example: prefixes of the systematic viruses are Win32, PE, Win95, W32, W95 and the like; the prefix of the Worm virus is Worm; the prefix of the Script virus is Script, VBS or JS and the like; the survival time, survival times and attack times can be obtained in real time according to a firewall or gateway equipment and the like, and the exclusive information is transmitted to the data analysis module; after receiving the exclusive information, the data analysis module performs formulated analysis operation on the survival time and the attack times together, and transmits the acquired first active level, second active level and third active level to the analysis processing module;
the analysis processing module transmits various viruses corresponding to the first active level to the database, extracts defense schemes corresponding to the viruses in the database and transmits the defense schemes to the defense acquisition module, so that adaptive updating and addition can be automatically performed according to the various viruses corresponding to the first active level, actual defense requirements can be met sufficiently, the viruses and the corresponding defense schemes are transmitted to the information sharing module together, the defense schemes are input after being searched and confirmed by the scheme input module, the scheme input module and each website can be connected in an information butt joint mode according to the keyword or prefix mode of the viruses by searching, and then the defense schemes corresponding to the viruses in each website are input after being confirmed by workers; the information sharing module is electrically connected with the mobile phone of the worker, and displays the received virus type and the corresponding defense scheme, so that the worker can timely know the more active virus type and whether the applicable defense scheme is reasonable or not, and the information sharing module plays a positive role in improving the protection early warning effect;
the analysis processing module also transmits various viruses corresponding to the second active level to the risk assessment module; after receiving various viruses corresponding to the second active level, the risk assessment module calls survival times and attack times corresponding to the viruses from the defense acquisition module, carries out risk assessment operation, simultaneously transmits the various viruses corresponding to the acquired first risk level to the information sharing module, and transmits the various viruses corresponding to the second risk level to the display module; the analysis processing module also transmits various viruses corresponding to the third active level to the display module through the risk assessment module, so that workers can fully know the viruses with potential risks in the medium active virus types, and can also send the viruses without potential risks and the viruses which are not very active to the display module together, so that the workers can record, view, analyze, verify and the like, and the protection early warning effect is improved.
Further, the concrete operation steps of the formulated analysis are as follows:
s1: acquiring the survival time length of each type of virus in each time of one period, and calibrating the survival time length as Xij, i is 1.. n, j is 1.. m, and when j is 1, Xi1 is expressed as the survival time length of the first type of virus in each time of one period;
s2: first according to the formulaj 1.. m, and when j 1, T1 represents the average survival time of the first type of virus in each period of a period, and then according to the formulaM, and when j is 1, R1 is expressed as the discrete value of the survival time of the first type of virus in each time of one period;
s3: firstly, respectively setting Q, W sets according to Tj and Rj, marking a survival time length coefficient Dj according to the Q, W sets, marking an overlapping part of Q, W sets as B, marking an individual part of a Q set as a, marking an individual part of a W set as C, comparing the Tj and the Rj with respective preset values t and r, respectively, when the Tj is more than or equal to t and the Rj is less than or equal to r, placing various viruses corresponding to the Tj or the Rj in the B and assigning the Dj as B, when the Tj is more than or equal to t and the Rj is more than r, and the Tj is less than t and the Rj is more than r, placing various viruses corresponding to the Tj or the Rj in the C and assigning the Dj as C, when the Tj is less than t and the Rj is less than or equal to r, placing the viruses corresponding to the Tj or the Rj in the a and assigning the Dj to A, and the B is more than C and is more than A;
s4: acquiring the number of various virus attacks in each time of one period, and calibrating the number as Yij, i is 1.. n, j is 1.. m, and when j is 1, Yi1 represents the first number of virus attacks in each time of one period;
s5: first according to the formulaM, and when j is 1, E1 represents the total attack number of the first type of virus in each period of one period, the total attack number is marked as an attack coefficient Fj, Ej is compared with a preset range E, when Ej is located in E, the Fj of the type of virus corresponding to Ej is assigned as q, and when Ej is larger than or equal to EWhen the Ej is smaller than or equal to e, the Fj of each virus corresponding to the Ej is assigned as s, and w is larger than q and larger than s, and the Ej corresponds to Tj and Rj one by one;
wherein one time period is defined as a monthly time, and each time period is defined as every 84 hours;
when obtaining Xij, Tj, Rj, YIj and Ej, the data analysis module performs weight distribution on a survival time length coefficient Dj and an attack coefficient Fj corresponding to the Xij and the Ej in comparison with the influence of virus activity, sequentially distributes the Dj and the Fj with corresponding weight values k and h, wherein k is larger than h and k + h is 1, and simultaneously obtains the activity degree of various viruses in each period of time according to a formula Gj k + Fj, j is 1.
Further, the risk assessment operation comprises the following specific operation steps:
u1: obtaining survival times and attack times of various viruses in each section of time of one stage, calibrating attack success rates Pij of various viruses in each section of time of one stage, wherein i is 1.. n, j is 1.. m, and when j is 1, Pi1 is expressed as a first class of virus attack success rate in each section of time of one stage;
u2: firstly, obtaining a success rate coefficient of various virus attacks in one stage according to a formula Li ═ Pij (max) -Pij (min), i ═ 1.. n, wherein when i ═ 1, L1 is expressed as a first success rate coefficient of the virus attacks in one stage, then Li is compared with a preset value f, and Pij (max) is compared with a preset value d, when Li is less than or equal to f, and Pij (max) is greater than or equal to d, various viruses corresponding to Li generate a first risk level, and various other viruses corresponding to Li generate a second risk level;
wherein one time period is defined as a monthly time and each time period is defined as every 84 hours.
A cloud computing protection early warning system based on big data, in the working process, firstly a defense acquisition module acquires exclusive information of various invading viruses in real time and transmits the exclusive information to a data analysis module, the data analysis module carries out formula analysis operation on the survival time and the attack times after receiving the exclusive information, in the formula analysis operation, the regional collective analysis of the survival time of various viruses is combined with the standardized analysis of the attack times of various viruses, the marked survival time coefficient Dj and the attack coefficient Fj are assigned, then the activity degrees of various viruses and the corresponding activity levels are obtained according to weight distribution, the obtained first activity level, second activity level and third activity level are all transmitted to an analysis processing module, and the analysis processing module transmits various viruses corresponding to the first activity level to a database, the defense schemes corresponding to the viruses in the database are extracted and transmitted to the defense acquisition module, so that adaptive updating and addition can be automatically performed according to the viruses corresponding to the first active level, the viruses and the corresponding defense schemes are transmitted to the information sharing module together, and the received virus types and the corresponding defense schemes are displayed in mobile phones of workers by the information sharing module, so that the workers can timely know the more active virus types and whether the applicable defense schemes are reasonable or not, a positive effect on improving the protection early warning effect is achieved, the situation that defense links are broken through due to different variation forms of the same viruses is effectively avoided, and the safe operation of a cloud computing network is greatly influenced;
the analysis processing module also transmits various viruses corresponding to the second active level to the risk evaluation module, the risk evaluation module retrieves survival times and attack times corresponding to the viruses from the defense acquisition module and carries out risk evaluation operation, in the risk evaluation operation, the attack success rate coefficients of the viruses are combined with the maximum attack success rate to obtain the risk levels, the acquired viruses corresponding to the first risk level are transmitted to the information sharing module, the viruses corresponding to the second risk level are transmitted to the display module, meanwhile, the analysis processing module also transmits the viruses corresponding to the third active level to the display module through the risk evaluation module, so that a worker can fully know the viruses with potential risks in the medium active virus types, and can also transmit the viruses without potential risks and the viruses which are not very active to the display module together, the method is convenient for workers to record, watch, analyze, verify and the like, and is beneficial to improving the protection early warning effect, so that the defense link is prevented from collapsing due to the sudden invasion phenomenon of the virus, and the protection early warning capability of the cloud computing network is greatly influenced.
The foregoing is merely exemplary and illustrative of the present invention and various modifications, additions and substitutions may be made by those skilled in the art to the specific embodiments described without departing from the scope of the invention as defined in the following claims.
Claims (1)
1. A cloud computing protection early warning system based on big data is characterized by comprising a defense acquisition module, a data analysis module, an analysis processing module, a database, a scheme input module, an information sharing module, a danger assessment module and a display module;
the defense acquisition module is used for preventing invasion of various viruses and acquiring exclusive information of the various invading viruses in real time, wherein the exclusive information comprises survival time, survival times and attack times, and the exclusive information is transmitted to the data analysis module; after receiving the exclusive information, the data analysis module performs a formulated analysis operation on the survival time and the attack times together, wherein the formulated analysis operation comprises the following specific operation steps:
s1: acquiring the survival time of various viruses in each period of a period, and calibrating the survival time as Xij, i is 1.. n, j is 1.. m;
s2: first according to the formulaThe average survival time of each virus in each period of a period is obtained, and then the average survival time is calculated according to a formulaObtaining the discrete value of the survival time of each virus in each period of a period;
s3: firstly, respectively setting Q, W sets according to Tj and Rj, marking a survival time length coefficient Dj according to the Q, W sets, marking an overlapping part of Q, W sets as B, marking an individual part of a Q set as a, marking an individual part of a W set as C, comparing the Tj and the Rj with respective preset values t and r, respectively, when the Tj is more than or equal to t and the Rj is less than or equal to r, placing various viruses corresponding to the Tj or the Rj in the B and assigning the Dj as B, when the Tj is more than or equal to t and the Rj is more than r, and the Tj is less than t and the Rj is more than r, placing various viruses corresponding to the Tj or the Rj in the C and assigning the Dj as C, when the Tj is less than t and the Rj is less than or equal to r, placing the viruses corresponding to the Tj or the Rj in the a and assigning the Dj to A, and the B is more than C and is more than A;
s4: acquiring the attack times of various viruses in each period of time in one period, and calibrating the attack times as Yij, i is 1.. n, j is 1.. m;
s5: first according to the formulaCalculating the total attack number of various viruses in each period of time in a period, calibrating the total attack number as an attack coefficient Fj, comparing Ej with a preset range e, assigning Fj of various viruses corresponding to Ej as q when Ej is positioned in e, assigning Fj of various viruses corresponding to Ej as w when Ej is larger than or equal to e, assigning Fj of various viruses corresponding to Ej as s when Ej is smaller than or equal to e, and assigning Fj of various viruses corresponding to Ej as s when w is larger than or equal to s and the Ej is in one-to-one correspondence with Tj and Rj;
when obtaining Xij, Tj, Rj, YIj and Ej, the data analysis module performs weight distribution on a survival time length coefficient Dj and an attack coefficient Fj corresponding to the data analysis module compared with the influence ratio of virus activity, sequentially distributes the Dj and the Fj with corresponding weight values k and h, wherein k is larger than h and k + h is 1, and simultaneously obtains the activity degree of various viruses in each period of time according to a formula Gj k + Fj, j is 1.m, compares Gj with a preset range g, generates a first active level for various viruses corresponding to Gj when the Gj is positioned in g, generates a second active level for various viruses corresponding to Gj when the Gj is larger than or equal to g, and generates a third active level for various viruses corresponding to Gj when the Gj is smaller than or equal to g;
the data analysis module transmits the acquired first active level, second active level and third active level to an analysis processing module;
the analysis processing module transmits various viruses corresponding to the first active level to the database, extracts defense schemes corresponding to the viruses in the database and transmits the defense schemes to the defense acquisition module, and also transmits the viruses and the corresponding defense schemes to the information sharing module together, and the defense schemes are input after being searched and confirmed by the scheme input module; the information sharing module is electrically connected with a mobile phone of a worker, and displays the received virus type and a corresponding defense scheme;
the analysis processing module also transmits various viruses corresponding to the second active level to the risk assessment module; after receiving various viruses corresponding to the second active level, the risk assessment module calls survival times and attack times corresponding to the viruses from the defense acquisition module and performs risk assessment operation, wherein the specific operation steps of the risk assessment operation are as follows:
u1: acquiring survival times and attack times of various viruses in each section of time of one stage, and calibrating attack success rates Pij of various viruses in each section of time of one stage, wherein i is 1.. n, and j is 1.. m;
u2: firstly, according to a formula Li ═ Pij (max) -Pij (min), i ═ 1.. n, obtaining the attack success rate coefficient of various viruses in one stage, then comparing Li with a preset value f, and Pij (max) with a preset value d, when Li is less than or equal to f, Pij (max) is greater than or equal to d, various viruses corresponding to Li generate a first risk level, and other various viruses corresponding to Li generate a second risk level;
wherein one time period is defined as a monthly time, and each time period is defined as every 84 hours;
meanwhile, the risk assessment module transmits all the acquired viruses corresponding to the first risk level to the information sharing module, and transmits all the viruses corresponding to the second risk level to the display module; and the analysis processing module also transmits various viruses corresponding to the third active level to the display module through the risk assessment module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910315337.4A CN110032869B (en) | 2019-04-19 | 2019-04-19 | Cloud computing protection early warning system based on big data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910315337.4A CN110032869B (en) | 2019-04-19 | 2019-04-19 | Cloud computing protection early warning system based on big data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110032869A CN110032869A (en) | 2019-07-19 |
CN110032869B true CN110032869B (en) | 2022-08-09 |
Family
ID=67239017
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910315337.4A Active CN110032869B (en) | 2019-04-19 | 2019-04-19 | Cloud computing protection early warning system based on big data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110032869B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110798484B (en) * | 2019-11-13 | 2021-10-01 | 珠海市鸿瑞信息技术股份有限公司 | Industrial control protocol characteristic attack filtering and analyzing system |
CN113722573B (en) * | 2020-05-26 | 2024-02-09 | 中国电信股份有限公司 | Method, system and storage medium for generating network security threat data set |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103092739A (en) * | 2013-01-18 | 2013-05-08 | 浪潮电子信息产业股份有限公司 | Memory error checking and correcting (ECC) error reporting and alarm mechanism |
CN103118036A (en) * | 2013-03-07 | 2013-05-22 | 上海电机学院 | Cloud end based intelligent security protection system and method |
CN104065622A (en) * | 2013-03-20 | 2014-09-24 | 腾讯科技(深圳)有限公司 | Security early warning method and apparatus of network equipment |
CN105376222A (en) * | 2015-10-30 | 2016-03-02 | 四川九洲电器集团有限责任公司 | Intelligent defense system based on cloud computing platform |
CN107360188A (en) * | 2017-08-23 | 2017-11-17 | 杭州安恒信息技术有限公司 | Website value-at-risk appraisal procedure and device based on cloud protection and cloud monitoring system |
CN109005168A (en) * | 2018-07-25 | 2018-12-14 | 安徽三实信息技术服务有限公司 | A kind of network security warning system and method for early warning |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9426169B2 (en) * | 2012-02-29 | 2016-08-23 | Cytegic Ltd. | System and method for cyber attacks analysis and decision support |
CN109543025B (en) * | 2018-12-04 | 2023-12-15 | 雄商网络科技(上海)有限公司 | Enterprise website construction information display and release system |
-
2019
- 2019-04-19 CN CN201910315337.4A patent/CN110032869B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103092739A (en) * | 2013-01-18 | 2013-05-08 | 浪潮电子信息产业股份有限公司 | Memory error checking and correcting (ECC) error reporting and alarm mechanism |
CN103118036A (en) * | 2013-03-07 | 2013-05-22 | 上海电机学院 | Cloud end based intelligent security protection system and method |
CN104065622A (en) * | 2013-03-20 | 2014-09-24 | 腾讯科技(深圳)有限公司 | Security early warning method and apparatus of network equipment |
CN105376222A (en) * | 2015-10-30 | 2016-03-02 | 四川九洲电器集团有限责任公司 | Intelligent defense system based on cloud computing platform |
CN107360188A (en) * | 2017-08-23 | 2017-11-17 | 杭州安恒信息技术有限公司 | Website value-at-risk appraisal procedure and device based on cloud protection and cloud monitoring system |
CN109005168A (en) * | 2018-07-25 | 2018-12-14 | 安徽三实信息技术服务有限公司 | A kind of network security warning system and method for early warning |
Non-Patent Citations (3)
Title |
---|
"Cloud Computing: A Risk Assessment Model,";A.S.Sendi 等;《2014 IEEE International Conference on Cloud Engineering》;20141114;第147-152页 * |
"基于大数据的网络安全防护系统设计与应用";张华杰;《信息通信》;20181015(第10期);第61-62页 * |
"基于等级保护的云计算IaaS安全评估研究";晏裕生;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160715(第2016-07期);第I138-26页,正文第3-4章 * |
Also Published As
Publication number | Publication date |
---|---|
CN110032869A (en) | 2019-07-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110032869B (en) | Cloud computing protection early warning system based on big data | |
Wang et al. | An improved CVSS-based vulnerability scoring mechanism | |
CN101150432A (en) | An information system risk evaluation method and system | |
CN102801732A (en) | Power communication backbone network safety risk assessment method based on network topology | |
CN112631157A (en) | Explosion-proof electrical apparatus monitoring system based on computer cloud platform | |
CN110365698A (en) | Methods of risk assessment and device | |
CN105447388A (en) | Android malicious code detection system and method based on weight | |
CN116248389A (en) | Data supervision platform based on enterprise data analysis | |
CN106254318A (en) | A kind of Analysis of Network Attack method | |
Wang et al. | A vulnerability risk assessment method based on heterogeneous information network | |
CN116389130A (en) | Large-scale network security defense system based on knowledge graph | |
Zheng et al. | Cyber security risk assessment for industrial automation platform | |
CN117176249B (en) | Intelligent monitoring system for optical fiber network | |
CN108566392B (en) | Machine learning-based system and method for preventing CC attack | |
CN112702366B (en) | Network system security evaluation method, device, electronic equipment and medium | |
CN113778806A (en) | Method, device, equipment and storage medium for processing safety alarm event | |
Mohajerani et al. | Cyber-related risk assessment and critical asset identification within the power grid | |
CN111191230B (en) | Rapid network attack backtracking mining method and application based on convolutional neural network | |
CN110839000B (en) | Method and device for determining security level of network information system | |
CN116032669A (en) | Shared data privacy processing method and server combined with artificial intelligence | |
Iturbe et al. | Information security risk assessment methodology for industrial systems supporting ISA/IEC 62443 compliance | |
EP4254868A3 (en) | Method, product, and system for analyzing a computer network to identify attack paths using a software representation that embodies network configuration and policy data for security management | |
CN115065547A (en) | Method and device for risk assessment of terminal of Internet of things | |
CN114372078A (en) | Data security protection method and device | |
CN111832958A (en) | Comprehensive energy information security risk analysis system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |