CN110378115A - A kind of data layer system of information security attack-defence platform - Google Patents

A kind of data layer system of information security attack-defence platform Download PDF

Info

Publication number
CN110378115A
CN110378115A CN201910683803.4A CN201910683803A CN110378115A CN 110378115 A CN110378115 A CN 110378115A CN 201910683803 A CN201910683803 A CN 201910683803A CN 110378115 A CN110378115 A CN 110378115A
Authority
CN
China
Prior art keywords
module
data
attack
log
attacking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910683803.4A
Other languages
Chinese (zh)
Other versions
CN110378115B (en
Inventor
丁菊仙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Sanxi Software Technology Co ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201910683803.4A priority Critical patent/CN110378115B/en
Publication of CN110378115A publication Critical patent/CN110378115A/en
Application granted granted Critical
Publication of CN110378115B publication Critical patent/CN110378115B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention discloses a kind of data layer systems of information security attack-defence platform, including client data interface, user space module, data transmission module, wooden horse analysis data module, production log module, attack module, close net management module, alarm module, security protection database module, security protection data cloud space module, data layer module, database module and console module.A kind of data Layer apparatus and system of information security attack-defence platform of the present invention, there are new data intervention and output to cloud platform, it can be realized information to automatically analyze and resource rapid configuration, and support the quick variation of hardware environment and attacking and defending means, and there are wooden horse analysis data module, close net management module, alarm module and security protection database module, effective Data Analysis Services are carried out, daily more difficult attack can be effectively fought, achieve the effect that cloud platform automatic defensive.

Description

A kind of data layer system of information security attack-defence platform
Technical field
The present invention relates to a kind of information security attack-defence platform systems, more particularly to a kind of number of information security attack-defence platform According to layer apparatus and system, belong to information security art of attack and defense field.
Background technique
Network safety situation both domestic and external is increasingly serious, and China attaches great importance to network security, and information security is boosted National security level, the biggest threat that computer network is faced are exactly the attack and computer crime of opponent, and one is actively Attack, it selectively destroys the validity and integrality of information in various ways;Another kind of is passive attack, it is not It in the case where influencing network normal work, intercepted and captured, stolen, decoding the important confidential information of acquisition, leading to letting out for confidential data Leakage, but grasped and controlled by foreign countries since core chips, operating system, database, the network equipment and its core technology are most of System causes grave danger to safety of China, and is even more to stand in the breach as the power industry on the important people's livelihood basis of country, in order to subtract The safety problem and hidden danger of few Network and information system, improve the protective capacities of information security, reinforce to Network and information system Safety inspection and evaluation ability, information security threats and make up the deficiency in core technology to cope with.
Broad development and application with information technology, Situation on Information Security is increasingly serious, " prism door event ", " Si Nuo Step on event ", " heart bleeding loophole " reflect international information-security situation and increasingly heat up, in the situation of the information security network warfare Under, power grid security protection is faced with deeper security threat.
The progress of the increasing and technology of network security product, safety problem are but got worse.Virus, wooden horse, hacker The security threats such as attack, phishing, DDOS emerge one after another.In addition, for loophole existing for power information system, in society Hacker utilizes various methods, is such as implanted into viral wooden horse file there are weak passwurd, on the server using server system, to steal Take the sensitive information in electric system or distort web site contents etc..Many units do not establish the information peace of analog hacker attack Full attack and defense training platform, protecting information safety aspect is weaker, and malicious attacker is obtained possibly also with system vulnerability login system Sensitive information leads to power supply plan, the guarantee plan, substation's architecture structure drawing, electric main wiring diagram, letter of unit of power system Cease computer room topological diagram and the leakage such as relevant sensitive data and information.
Data layer system is a pith of information security attack-defence platform, is the resource of information security attack-defence platform Library provides various data, information and tool resources by the linkage with the other systems of platform.The Results validity of data layer system Can an information security attack-defence platform be influenced effectively realize internet security assessment, Attack Defence, new product inspection survey Examination, and a series of assessment is carried out to the network architecture, design process, Host Security, data safety etc. and is evaluated and tested.
Applicant retrieved a large amount of patent document, such as Chinese Patent Application No. in patent network during design CN201510183914.0, which is disclosed, " the invention discloses a kind of data layer system of information security attack-defence platform, is equipped with tool Library module, scene configuration library module, courseware library module, message library module, log library module, attack library module peace Platform library module passes through the connection of linkage and module and external data between the independent operating of seven resource library modules, each module It is dynamic, a complete, efficient, unified standard is provided as information security attack-defence platform in such a way that virtual unit and entity device combine Data layer system, the safe attack-defence platform of help information effectively realize internet security assessment, Attack Defence, new product examine Test, and a series of assessment is carried out to the network architecture, design process, Host Security, data safety etc. and is evaluated and tested " due to A kind of data layer system of information security attack-defence platform of Chinese Patent Application No. CN201510183914.0 is using data access With output when by permission control, then by preset management process progress automatic processing, then with message library module into Water Data Matching updates, and is all to need information security personnel's real-time online to operate, and daily attacking and defending data are formed log, Effective safeguard procedures can not be carried out according to different attack patterns, cannot obtain what primary data was intervened or modified in first time Problem can not fight the problem of daily wooden horse is intervened and administrator is notified to handle automatically.
Summary of the invention
The main object of the present invention is to provide for a kind of data Layer apparatus and system of information security attack-defence platform, to cloud Platform has new data intervention and output, can be realized information automatically analyze with resource rapid configuration, and support hardware environment And the quick variation of attacking and defending means, and have wooden horse analysis data module, close net management module, alarm module and security protection Database module carries out effective Data Analysis Services, can effectively fight daily more difficult attack, reaches cloud platform certainly The effect of dynamic defence, can be effectively prevented the leakage of data, guarantee the information data safety of cloud platform, can monitor and attack respectively The attacking and defending behavior of the side's of hitting machine and security protection platform forms attacking and defending user behaviors log, obtains from attacker's machine and security protection platform Take attacking and defending user behaviors log, extract attacking and defending behavior key message, but also the result of can attack against each other anti-result or reinforcing make it is fixed The analysis of quantization carries out quantitative analysis from operating habit of the data plane to information security personnel, to pointedly be trained Instruction and leakage detection are filled a vacancy and loophole distribution, and loophole feature in a period of time is made analysis and even prejudged, to maximize Ground utilizes collected data, and security protection database module is stored by security protection data cloud space module real-time update Newest attacking and defending information data, then newest incremental data is quickly analyzed by alarm module and administrator, administrator is notified to need again The secondary Data Analysis Services that data are carried out with effective and safe will can greatly promote the effect of cloud platform information data protection.
The purpose of the present invention can reach by using following technical solution:
A kind of data layer system of information security attack-defence platform includes client data interface, user space module, data Transmission module, wooden horse analysis data module, production log module, attack module, close net management module, alarm module, peace Full protection database module, security protection data cloud space module, data layer module, database module and console module;
User space module: user enters operating space environmental data reading platform and data production and data storage system System operation interface, the user space module are mainly made of access modules, IP address configuration identification module and tool model, institute Tool model to be stated mainly to be made of toolkit module and tool storage room interface module, toolkit module is stored for tools sort, Tools interfaces module is used for the deployment of tool data, uses interface for tool data to user space module, access modules pass through The mode of browser accesses cloud platform, and IP address configuration identification module is set for automatic identification current accessed IP address and use Standby, tool model is used for user space module browser interface tool, wherein the toolkit module includes that collection tool is used In target network detection and partial scan, scans loophole and it is analyzed;Password tool is used for password dictionary Auto-Generation Tool And remote password dismantling;
Wooden horse analyzes data module: sample essential information, dangerous permission comment, viral diagnosis, dynamic behaviour four being taken to want Element and operation screenshot, capture systems are newly-generated or the executable file modified, form sample file output, built-in a variety of diseases Malicious scanning engine is scanned analysis to sample file, distinguishes known viruse and unknown attack, the capture of wooden horse sample and point Analysis;
Produce log module: the data activity for modules changes and the storing data in the form of log, and is used for day Normal daily record data storage and daily record data are sent;
Attack module: for storing all attack data, the key element of quick analytical attack behavior;
Close net management module: attack of the capture for cloud platform, which should can identify have attack, and lead to The unknown attack of feature, Activity recognition and unknown malicious code are crossed, timely provides safety supports for cloud platform;
Alarm module: for daily collection incremental data cloud platform and message information warning is provided, the alarm module It is mainly made of notice alarm module and Senior Administrator's data processing module, notice alarm module is connected with data layer interface It connects, latest data modification information is searched for and analyzed to alarm module, will notify Senior Administrator's data processing module, middle-and-high-ranking pipe Reason person's data processing module includes access privilege module, user right submodule and user management submodule, advanced pipe Reason person's data processing module controls the state of access authority module, and user right submodule is since every permission is configured and is managed Reason, the items permission includes login, access and data Layer independent access permission, and user management submodule is for managing platform Function system, function system include that data are added, update, delete, check and closed;
Security protection database module: for storing high-end security protection data, the key element of attack is fought;
Security protection data cloud space module: it is available that newest comprehensive percussion system is extended for security protection database Resource Sharing Technology;
Data layer module: the interface for being respectively used to modules is attached, and is imported and is exported using data, forms one Resource pool, selection uses resource in resource pool as needed, and operation result can be unified to record and save;
Database module: for the attacking and defending user behaviors log after normalized to be stored in user behaviors log database, The database module includes read module, matching module, attack log acquisition module and normalized module, is read Module is for reading attacking and defending behavior key message in behavior production log module, and matching module is for presetting attacking and defending behavior pass Key element is matched, and attack log acquisition module executes object for the executing subject of attack, behavior, behavior is held Row time, behavior execute address, behavior execution movement and behavior executive mode and form log storage, and normalized module is used It is produced in log module in attacking and defending user behaviors log normalized and with storage;
Console module: for concentrating the information data for showing the safe attack-defence platform of most information.
The production log module includes Attack monitoring module, attack logs acquisition module, default extracting attack key mould Block and log normalizing memory module;
Attack monitoring module: the attack of multiple attack clients is monitored respectively, forms attack log;
Attack logs obtain module: obtaining attacking and defending user behaviors log from attack client and protection data Layer;
Default extracting attack key modules: attacking and defending user behaviors log is normalized, according to pre-set attacking and defending row The corresponding attacking and defending behavior key message of every attacking and defending behavior key element is extracted from the attacking and defending user behaviors log for key element;
Log normalizing memory module: the attacking and defending user behaviors log after normalized is stored in user behaviors log database In.
The data layer module is mainly by authentication interface module, report interface module and log query interface module group At;
Authentication interface module is sent to Senior Administrator's data processing module for user accesses data inquiry application request It is authenticated;
Report interface module is sent to the progress of Senior Administrator's data processing module for the request of user query data sheet Certification;
Log query interface module is sent to Senior Administrator's data processing module for the request of user query data authentication It is authenticated.
Advantageous effects of the invention:
1, the data Layer apparatus and system of a kind of information security attack-defence platform provided by the invention, there is new number to cloud platform According to intervention and output, can be realized information automatically analyze with resource rapid configuration, and support hardware environment and attacking and defending means Quick variation, and by wooden horse analysis data module, close net management module, alarm module and security protection database module, Effective Data Analysis Services are carried out, daily more difficult attack can be effectively fought, reach the effect of cloud platform automatic defensive Fruit can be effectively prevented the leakage of data, guarantee the information data safety of cloud platform, can monitor attacker's machine and peace respectively The attacking and defending behavior of full protection platform forms attacking and defending user behaviors log, and attacking and defending behavior is obtained from attacker's machine and security protection platform Log, extracts attacking and defending behavior key message, 2, can also the attack against each other result of anti-result or reinforcing of the present invention make quantification Analysis carries out quantitative analysis from operating habit of the data plane to information security personnel, to pointedly give training and look into Leakage is filled a vacancy and loophole distribution, and loophole feature in a period of time is made analysis and even prejudged, to maximumlly utilize Collected data, and security protection database module stores newest attack by security protection data cloud space module real-time update Anti- information data, then newest incremental data is quickly analyzed by alarm module and administrator, administrator is notified to need logarithm again According to the Data Analysis Services for carrying out effective and safe, the effect of cloud platform information data protection will can be greatly promoted.
Detailed description of the invention
Fig. 1 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention System diagram;
Fig. 2 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention User's space system diagram;
Fig. 3 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention Log library system diagram;
Fig. 4 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention Safety information system figure;
Fig. 5 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention Data Layer system diagram;
Fig. 6 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention Repository system diagram.
Specific embodiment
To make the more clear and clear technical solution of the present invention of those skilled in the art, below with reference to examples and drawings The present invention is described in further detail, and embodiments of the present invention are not limited thereto.
In the present embodiment, as shown in Figure 1, a kind of data Layer device of information security attack-defence platform provided in this embodiment And system, including client data interface, user space module, data transmission module, wooden horse analysis data module, production log Module, attack module, close net management module, alarm module, security protection database module, security protection data cloud space Module, data layer module, database module and console module;User space module: user enters the reading of operating space environmental data Make even platform and data production and data storage system operation interface;Wooden horse analyzes data module: taking sample essential information, danger Danger power comment, viral diagnosis, four element of dynamic behaviour and screenshot is run, capture systems are newly-generated or the executable text modified Part, forms sample file output, and built-in a variety of virus scanning engines are scanned analysis to sample file, distinguish known viruse And unknown attack, the capture and analysis of wooden horse sample;Produce log module: for modules data activity change and and with Log form storing data, and sent for the storage of daily daily record data and daily record data;Attack module: for storing Some attack data, the key element of quick analytical attack behavior;Close net management module: attack of the capture for cloud platform Behavior, which, which should can identify, has attack, and passes through feature, the unknown attack of Activity recognition and unknown malice Code timely provides safety supports for cloud platform;Alarm module: for daily collection incremental data cloud platform and safety is provided Information information warning;Security protection database module: for storing high-end security protection data, being critical to for attack is fought Element;Security protection data cloud space module: newest comprehensive percussion system available resources is extended for security protection database Technology of sharing;Data layer module: the interface for being respectively used to modules is attached, and is imported and is exported using data, forms one A resource pool, selection uses resource in resource pool as needed, and operation result can be unified to record and save;Database module: For the attacking and defending user behaviors log after normalized to be stored in user behaviors log database;Console module: for concentrating exhibition Show the information data of the safe attack-defence platform of most information.
In the present embodiment, as shown in Fig. 2, the user space module is mainly by access modules, IP address configuration identification Module and tool model composition, access modules access cloud platform by way of browser, and IP address configures identification module and uses In automatic identification current accessed IP address and equipment is used, tool model is used for user space module browser interface tool.
In the present embodiment, as shown in Fig. 2, the tool model is mainly by toolkit module and tool storage room interface module Composition, toolkit module are stored for tools sort, and tools interfaces module is used for the deployment of tool data, give user space module Interface is used for tool data.
In the present embodiment, as shown in Fig. 2, the toolkit module includes collection tool for target network detection and portion Divide scanning, scanning loophole and it is analyzed;Password tool is disassembled for password dictionary Auto-Generation Tool and remote password.
In the present embodiment, as shown in figure 3, the production log module includes Attack monitoring module, attack logs acquisition Attack monitoring module: module, default extracting attack key modules and log normalizing memory module monitor multiple attack visitors respectively The attack at family end forms attack log;Attack logs obtain module: obtaining from attack client and protection data Layer Attacking and defending user behaviors log;Default extracting attack key modules: attacking and defending user behaviors log is normalized, and is attacked according to pre-set It is crucial that anti-behavior key element extracts the corresponding attacking and defending behavior of every attacking and defending behavior key element from the attacking and defending user behaviors log Information;Log normalizing memory module: the attacking and defending user behaviors log after normalized is stored in user behaviors log database.
In the present embodiment, as shown in figure 4, the alarm module is mainly by notice alarm module and Senior Administrator's number It is formed according to processing module, knows that alarm module is connected with data layer interface, alarm module is searched for and analyzes latest data change letter Breath, will notify Senior Administrator's data processing module.
In the present embodiment, as shown in figure 4, Senior Administrator's data processing module includes access privilege mould Block, user right submodule and user management submodule, Senior Administrator's data processing module control access authority module State, for user right submodule since every permission is configured and is managed, the items permission includes logging in, access and counting According to layer independent access permission, user management submodule includes that data are added, more for managing platform feature system, function system Newly, it deletes, check and closes.
In the present embodiment, as shown in figure 5, the data layer module is mainly by authentication interface module, report interface module And log query interface module composition;Authentication interface module is sent to advanced pipe for user accesses data inquiry application request Reason person's data processing module is authenticated;Report interface module is sent to Senior Administrator for the request of user query data sheet Data processing module is authenticated;Log query interface module is sent to Senior Administrator for the request of user query data authentication Data processing module is authenticated.
In the present embodiment, as shown in fig. 6, the database module includes read module, matching module, attack day Will obtains module and normalized module, and read module is for reading attacking and defending behavior key letter in behavior production log module Breath, matching module are matched for presetting attacking and defending behavior key element, and attack log acquisition module is for attacking The executing subject of behavior, behavior execute object, behavior executes the time, behavior executes address, behavior execution movement and behavior and holds Line mode forms log storage, and normalized module produces log mould for attacking and defending user behaviors log normalized and with storage In block.
In conclusion in the present embodiment, having new data intervention and output to cloud platform, can be realized information and divide automatically Analysis and resource rapid configuration, and support the quick variation of hardware environment and attacking and defending means, and have wooden horse analysis data module, Close net management module, alarm module and security protection database module, carry out effective Data Analysis Services, can be effective right Anti-Japanese often more difficult attack, achievees the effect that cloud platform automatic defensive, can be effectively prevented the leakage of data, guarantees cloud The information data safety of platform, can monitor the attacking and defending behavior of attacker's machine and security protection platform respectively, form attacking and defending behavior Log obtains attacking and defending user behaviors log from attacker's machine and security protection platform, extracts attacking and defending behavior key message, but also can The analysis that quantification is made with the result of attack against each other anti-result or reinforcing, from data plane to the operating habit of information security personnel Carry out quantitative analysis, thus pointedly give training fill a vacancy with leakage detection and loophole distribution, loophole in a period of time Feature is made analysis and is even prejudged, so that collected data are maximumlly utilized, and security protection database module passes through peace Full protection data cloud space module real-time update stores newest attacking and defending information data, then newest variation is quickly analyzed by alarm module Data simultaneously notify administrator, and administrator needs again to carry out data the Data Analysis Services of effective and safe, can be significantly Promote the effect of cloud platform information data protection.
The above, further embodiment only of the present invention, but scope of protection of the present invention is not limited thereto, and it is any Within the scope of the present disclosure, according to the technique and scheme of the present invention and its design adds those familiar with the art With equivalent substitution or change, protection scope of the present invention is belonged to.

Claims (3)

1. a kind of data layer system of information security attack-defence platform, it is characterised in that: including client data interface, user's space Module, data transmission module, wooden horse analysis data module, production log module, attack module, close net management module, police Show module, security protection database module, security protection data cloud space module, data layer module, database module and platform Module;
User space module: user enters operating space environmental data reading platform and data production and data-storage system behaviour Make interface, which is mainly made of access modules, IP address configuration identification module and tool model, the work Tool module is mainly made of toolkit module and tool storage room interface module, and toolkit module is stored for tools sort, tool Interface module is used for the deployment of tool data, uses interface for tool data to user space module, access modules pass through browsing The mode of device accesses cloud platform, and IP address configures identification module for automatic identification current accessed IP address and uses equipment, work Have module to use for user space module browser interface tool, wherein the toolkit module includes collection tool for target Network detection and partial scan scan loophole and analyze it;Password tool is for password dictionary Auto-Generation Tool and far The dismantling of journey password;
Wooden horse analyzes data module: take sample essential information, dangerous permission comment, viral diagnosis, four element of dynamic behaviour and Run screenshot, capture systems are newly-generated or the executable file modified, form sample file output, built-in a variety of viruses are swept Engine is retouched, analysis is scanned to sample file, distinguishes known viruse and unknown attack, the capture and analysis of wooden horse sample;
Produce log module: the data activity for modules changes and the storing data in the form of log, and is used for daily day The storage of will data and daily record data are sent;
Attack module: for storing all attack data, the key element of quick analytical attack behavior;
Close net management module: attack of the capture for cloud platform, which should can identify have attack, and pass through spy Sign, the unknown attack of Activity recognition and unknown malicious code, timely provide safety supports for cloud platform;
Alarm module: for daily collection incremental data cloud platform and message information warning is provided, the alarm module is main It being made of notice alarm module and Senior Administrator's data processing module, notice alarm module is connected with data layer interface, Latest data modification information is searched for and analyzed to alarm module, will notify Senior Administrator's data processing module, wherein higher management Member's data processing module includes access privilege module, user right submodule and user management submodule, higher management The state of member's data processing module control access authority module, user right submodule is since every permission is configured and is managed Reason, the items permission includes login, access and data Layer independent access permission, and user management submodule is for managing platform Function system, function system include that data are added, update, delete, check and closed;
Security protection database module: for storing high-end security protection data, the key element of attack is fought;
Security protection data cloud space module: newest comprehensive percussion system available resources is extended for security protection database Technology of sharing;
Data layer module: the interface for being respectively used to modules is attached, and is imported and is exported using data, forms a resource Pond, selection uses resource in resource pool as needed, and operation result can be unified to record and save;
Database module: for the attacking and defending user behaviors log after normalized to be stored in user behaviors log database, the number It include read module, matching module, attack log acquisition module and normalized module, read module according to library module For reading attacking and defending behavior key message in behavior production log module, matching module is critical to for presetting attacking and defending behavior Element is matched, when attack log acquisition module executes object for the executing subject of attack, behavior, behavior executes Between, behavior executes address, behavior execution movement and behavior executive mode form log storage, normalized module is for attacking Anti- user behaviors log normalized simultaneously produces in log module with storage;
Console module: for concentrating the information data for showing the safe attack-defence platform of most information.
2. a kind of data layer system of information security attack-defence platform according to claim 1, it is characterised in that: the production Log module includes that Attack monitoring module, attack logs acquisition module, default extracting attack key modules and log normalizing are deposited Store up module;
Attack monitoring module: the attack of multiple attack clients is monitored respectively, forms attack log;
Attack logs obtain module: obtaining attacking and defending user behaviors log from attack client and protection data Layer;
Default extracting attack key modules: attacking and defending user behaviors log is normalized, and is closed according to pre-set attacking and defending behavior Key element extracts the corresponding attacking and defending behavior key message of every attacking and defending behavior key element from the attacking and defending user behaviors log;
Log normalizing memory module: the attacking and defending user behaviors log after normalized is stored in user behaviors log database.
3. a kind of data layer system of information security attack-defence platform according to claim 1, it is characterised in that: the data Layer module is mainly made of authentication interface module, report interface module and log query interface module;
Authentication interface module is sent to the progress of Senior Administrator's data processing module for user accesses data inquiry application request Certification;
Report interface module is sent to Senior Administrator's data processing module for the request of user query data sheet and authenticates;
Log query interface module is sent to the progress of Senior Administrator's data processing module for the request of user query data authentication Certification.
CN201910683803.4A 2019-07-26 2019-07-26 Data layer system of information security attack and defense platform Active CN110378115B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910683803.4A CN110378115B (en) 2019-07-26 2019-07-26 Data layer system of information security attack and defense platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910683803.4A CN110378115B (en) 2019-07-26 2019-07-26 Data layer system of information security attack and defense platform

Publications (2)

Publication Number Publication Date
CN110378115A true CN110378115A (en) 2019-10-25
CN110378115B CN110378115B (en) 2022-08-30

Family

ID=68256499

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910683803.4A Active CN110378115B (en) 2019-07-26 2019-07-26 Data layer system of information security attack and defense platform

Country Status (1)

Country Link
CN (1) CN110378115B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111107090A (en) * 2019-12-20 2020-05-05 深圳职业技术学院 Data layer system of information security attack and defense platform
CN114257522A (en) * 2021-12-21 2022-03-29 浙江国利网安科技有限公司 Network security attack and defense demonstration system, method, device and storage medium
CN114338143A (en) * 2021-12-27 2022-04-12 国网浙江省电力有限公司温州供电公司 Data layer system of information security attack and defense platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401886A (en) * 2013-08-20 2013-11-20 江苏君立华域信息安全技术有限公司 Implementation method of information security attack-defense confrontation
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
CN104778073A (en) * 2015-04-17 2015-07-15 广东电网有限责任公司信息中心 Novel information security attack and defense experiment platform and implementation method thereof
CN104809404A (en) * 2015-04-17 2015-07-29 广东电网有限责任公司信息中心 Data layer system of information security attack-defense platform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401886A (en) * 2013-08-20 2013-11-20 江苏君立华域信息安全技术有限公司 Implementation method of information security attack-defense confrontation
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
CN104778073A (en) * 2015-04-17 2015-07-15 广东电网有限责任公司信息中心 Novel information security attack and defense experiment platform and implementation method thereof
CN104809404A (en) * 2015-04-17 2015-07-29 广东电网有限责任公司信息中心 Data layer system of information security attack-defense platform

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
康荣保等: "工业控制系统信息安全防护技术研究", 《通信技术》 *
邵艾青等: "蜜罐系统与安管平台联动结合的研究与实践", 《电信科学》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111107090A (en) * 2019-12-20 2020-05-05 深圳职业技术学院 Data layer system of information security attack and defense platform
CN114257522A (en) * 2021-12-21 2022-03-29 浙江国利网安科技有限公司 Network security attack and defense demonstration system, method, device and storage medium
CN114257522B (en) * 2021-12-21 2024-01-12 浙江国利网安科技有限公司 Network security attack and defense demonstration system, method, device and storage medium
CN114338143A (en) * 2021-12-27 2022-04-12 国网浙江省电力有限公司温州供电公司 Data layer system of information security attack and defense platform

Also Published As

Publication number Publication date
CN110378115B (en) 2022-08-30

Similar Documents

Publication Publication Date Title
CN104283889B (en) APT attack detectings and early warning system inside electric system based on the network architecture
CN111600856B (en) Safety system of operation and maintenance of data center
CN102594825B (en) The detection method of a kind of intranet Trojans and device
CN103026345B (en) For the dynamic multidimensional pattern of event monitoring priority
US7200867B2 (en) Webcrawl internet security analysis and process
Killourhy et al. A defense-centric taxonomy based on attack manifestations
CN103916406B (en) A kind of APT attack detection methods based on DNS log analysis
CN108449319A (en) A kind of method and device of identification swindle website and the evidence obtaining of long-range wooden horse
CN105187367B (en) The detection of corpse trojan horse and management-control method based on big data discovery
CN108768989A (en) It is a kind of using the APT attack defense methods of mimicry technology, system
CN1328638C (en) Intrusion detection method for host under Windows environment
CN103150511B (en) Safety protection system
CN110378115A (en) A kind of data layer system of information security attack-defence platform
CN107612924A (en) Attacker's localization method and device based on wireless network invasion
CN103561012A (en) WEB backdoor detection method and system based on relevance tree
CN107579997A (en) Wireless network intrusion detection system
CN108234419A (en) A kind of network attack monitoring method and device based on big data
CN113037713B (en) Network attack resisting method, device, equipment and storage medium
CN104486320B (en) Intranet sensitive information leakage evidence-obtaining system and method based on sweet network technology
CN111510463B (en) Abnormal behavior recognition system
Vargas et al. Knowing your enemies: Leveraging data analysis to expose phishing patterns against a major US financial institution
CN116996286A (en) Network attack and security vulnerability management framework platform based on big data analysis
Eom et al. A framework of defense system for prevention of insider's malicious behaviors
Bharati et al. Intrusion detection systems (IDS) & future challenges in cloud based environment
AlZoubi et al. The effect of using honeypot network on system security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220812

Address after: 518001 2318 Anhui building, 6007 Shennan Avenue, Tian'an community, Shatou street, Futian District, Shenzhen City, Guangdong Province

Applicant after: Shenzhen Sanxi Software Technology Co.,Ltd.

Address before: Longxi Garden, South Huijing Road, Tianhe District, Guangzhou City, Guangdong Province, 510000

Applicant before: Ding Juxian

GR01 Patent grant
GR01 Patent grant