CN110378115A - A kind of data layer system of information security attack-defence platform - Google Patents
A kind of data layer system of information security attack-defence platform Download PDFInfo
- Publication number
- CN110378115A CN110378115A CN201910683803.4A CN201910683803A CN110378115A CN 110378115 A CN110378115 A CN 110378115A CN 201910683803 A CN201910683803 A CN 201910683803A CN 110378115 A CN110378115 A CN 110378115A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- attack
- log
- attacking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention discloses a kind of data layer systems of information security attack-defence platform, including client data interface, user space module, data transmission module, wooden horse analysis data module, production log module, attack module, close net management module, alarm module, security protection database module, security protection data cloud space module, data layer module, database module and console module.A kind of data Layer apparatus and system of information security attack-defence platform of the present invention, there are new data intervention and output to cloud platform, it can be realized information to automatically analyze and resource rapid configuration, and support the quick variation of hardware environment and attacking and defending means, and there are wooden horse analysis data module, close net management module, alarm module and security protection database module, effective Data Analysis Services are carried out, daily more difficult attack can be effectively fought, achieve the effect that cloud platform automatic defensive.
Description
Technical field
The present invention relates to a kind of information security attack-defence platform systems, more particularly to a kind of number of information security attack-defence platform
According to layer apparatus and system, belong to information security art of attack and defense field.
Background technique
Network safety situation both domestic and external is increasingly serious, and China attaches great importance to network security, and information security is boosted
National security level, the biggest threat that computer network is faced are exactly the attack and computer crime of opponent, and one is actively
Attack, it selectively destroys the validity and integrality of information in various ways;Another kind of is passive attack, it is not
It in the case where influencing network normal work, intercepted and captured, stolen, decoding the important confidential information of acquisition, leading to letting out for confidential data
Leakage, but grasped and controlled by foreign countries since core chips, operating system, database, the network equipment and its core technology are most of
System causes grave danger to safety of China, and is even more to stand in the breach as the power industry on the important people's livelihood basis of country, in order to subtract
The safety problem and hidden danger of few Network and information system, improve the protective capacities of information security, reinforce to Network and information system
Safety inspection and evaluation ability, information security threats and make up the deficiency in core technology to cope with.
Broad development and application with information technology, Situation on Information Security is increasingly serious, " prism door event ", " Si Nuo
Step on event ", " heart bleeding loophole " reflect international information-security situation and increasingly heat up, in the situation of the information security network warfare
Under, power grid security protection is faced with deeper security threat.
The progress of the increasing and technology of network security product, safety problem are but got worse.Virus, wooden horse, hacker
The security threats such as attack, phishing, DDOS emerge one after another.In addition, for loophole existing for power information system, in society
Hacker utilizes various methods, is such as implanted into viral wooden horse file there are weak passwurd, on the server using server system, to steal
Take the sensitive information in electric system or distort web site contents etc..Many units do not establish the information peace of analog hacker attack
Full attack and defense training platform, protecting information safety aspect is weaker, and malicious attacker is obtained possibly also with system vulnerability login system
Sensitive information leads to power supply plan, the guarantee plan, substation's architecture structure drawing, electric main wiring diagram, letter of unit of power system
Cease computer room topological diagram and the leakage such as relevant sensitive data and information.
Data layer system is a pith of information security attack-defence platform, is the resource of information security attack-defence platform
Library provides various data, information and tool resources by the linkage with the other systems of platform.The Results validity of data layer system
Can an information security attack-defence platform be influenced effectively realize internet security assessment, Attack Defence, new product inspection survey
Examination, and a series of assessment is carried out to the network architecture, design process, Host Security, data safety etc. and is evaluated and tested.
Applicant retrieved a large amount of patent document, such as Chinese Patent Application No. in patent network during design
CN201510183914.0, which is disclosed, " the invention discloses a kind of data layer system of information security attack-defence platform, is equipped with tool
Library module, scene configuration library module, courseware library module, message library module, log library module, attack library module peace
Platform library module passes through the connection of linkage and module and external data between the independent operating of seven resource library modules, each module
It is dynamic, a complete, efficient, unified standard is provided as information security attack-defence platform in such a way that virtual unit and entity device combine
Data layer system, the safe attack-defence platform of help information effectively realize internet security assessment, Attack Defence, new product examine
Test, and a series of assessment is carried out to the network architecture, design process, Host Security, data safety etc. and is evaluated and tested " due to
A kind of data layer system of information security attack-defence platform of Chinese Patent Application No. CN201510183914.0 is using data access
With output when by permission control, then by preset management process progress automatic processing, then with message library module into
Water Data Matching updates, and is all to need information security personnel's real-time online to operate, and daily attacking and defending data are formed log,
Effective safeguard procedures can not be carried out according to different attack patterns, cannot obtain what primary data was intervened or modified in first time
Problem can not fight the problem of daily wooden horse is intervened and administrator is notified to handle automatically.
Summary of the invention
The main object of the present invention is to provide for a kind of data Layer apparatus and system of information security attack-defence platform, to cloud
Platform has new data intervention and output, can be realized information automatically analyze with resource rapid configuration, and support hardware environment
And the quick variation of attacking and defending means, and have wooden horse analysis data module, close net management module, alarm module and security protection
Database module carries out effective Data Analysis Services, can effectively fight daily more difficult attack, reaches cloud platform certainly
The effect of dynamic defence, can be effectively prevented the leakage of data, guarantee the information data safety of cloud platform, can monitor and attack respectively
The attacking and defending behavior of the side's of hitting machine and security protection platform forms attacking and defending user behaviors log, obtains from attacker's machine and security protection platform
Take attacking and defending user behaviors log, extract attacking and defending behavior key message, but also the result of can attack against each other anti-result or reinforcing make it is fixed
The analysis of quantization carries out quantitative analysis from operating habit of the data plane to information security personnel, to pointedly be trained
Instruction and leakage detection are filled a vacancy and loophole distribution, and loophole feature in a period of time is made analysis and even prejudged, to maximize
Ground utilizes collected data, and security protection database module is stored by security protection data cloud space module real-time update
Newest attacking and defending information data, then newest incremental data is quickly analyzed by alarm module and administrator, administrator is notified to need again
The secondary Data Analysis Services that data are carried out with effective and safe will can greatly promote the effect of cloud platform information data protection.
The purpose of the present invention can reach by using following technical solution:
A kind of data layer system of information security attack-defence platform includes client data interface, user space module, data
Transmission module, wooden horse analysis data module, production log module, attack module, close net management module, alarm module, peace
Full protection database module, security protection data cloud space module, data layer module, database module and console module;
User space module: user enters operating space environmental data reading platform and data production and data storage system
System operation interface, the user space module are mainly made of access modules, IP address configuration identification module and tool model, institute
Tool model to be stated mainly to be made of toolkit module and tool storage room interface module, toolkit module is stored for tools sort,
Tools interfaces module is used for the deployment of tool data, uses interface for tool data to user space module, access modules pass through
The mode of browser accesses cloud platform, and IP address configuration identification module is set for automatic identification current accessed IP address and use
Standby, tool model is used for user space module browser interface tool, wherein the toolkit module includes that collection tool is used
In target network detection and partial scan, scans loophole and it is analyzed;Password tool is used for password dictionary Auto-Generation Tool
And remote password dismantling;
Wooden horse analyzes data module: sample essential information, dangerous permission comment, viral diagnosis, dynamic behaviour four being taken to want
Element and operation screenshot, capture systems are newly-generated or the executable file modified, form sample file output, built-in a variety of diseases
Malicious scanning engine is scanned analysis to sample file, distinguishes known viruse and unknown attack, the capture of wooden horse sample and point
Analysis;
Produce log module: the data activity for modules changes and the storing data in the form of log, and is used for day
Normal daily record data storage and daily record data are sent;
Attack module: for storing all attack data, the key element of quick analytical attack behavior;
Close net management module: attack of the capture for cloud platform, which should can identify have attack, and lead to
The unknown attack of feature, Activity recognition and unknown malicious code are crossed, timely provides safety supports for cloud platform;
Alarm module: for daily collection incremental data cloud platform and message information warning is provided, the alarm module
It is mainly made of notice alarm module and Senior Administrator's data processing module, notice alarm module is connected with data layer interface
It connects, latest data modification information is searched for and analyzed to alarm module, will notify Senior Administrator's data processing module, middle-and-high-ranking pipe
Reason person's data processing module includes access privilege module, user right submodule and user management submodule, advanced pipe
Reason person's data processing module controls the state of access authority module, and user right submodule is since every permission is configured and is managed
Reason, the items permission includes login, access and data Layer independent access permission, and user management submodule is for managing platform
Function system, function system include that data are added, update, delete, check and closed;
Security protection database module: for storing high-end security protection data, the key element of attack is fought;
Security protection data cloud space module: it is available that newest comprehensive percussion system is extended for security protection database
Resource Sharing Technology;
Data layer module: the interface for being respectively used to modules is attached, and is imported and is exported using data, forms one
Resource pool, selection uses resource in resource pool as needed, and operation result can be unified to record and save;
Database module: for the attacking and defending user behaviors log after normalized to be stored in user behaviors log database,
The database module includes read module, matching module, attack log acquisition module and normalized module, is read
Module is for reading attacking and defending behavior key message in behavior production log module, and matching module is for presetting attacking and defending behavior pass
Key element is matched, and attack log acquisition module executes object for the executing subject of attack, behavior, behavior is held
Row time, behavior execute address, behavior execution movement and behavior executive mode and form log storage, and normalized module is used
It is produced in log module in attacking and defending user behaviors log normalized and with storage;
Console module: for concentrating the information data for showing the safe attack-defence platform of most information.
The production log module includes Attack monitoring module, attack logs acquisition module, default extracting attack key mould
Block and log normalizing memory module;
Attack monitoring module: the attack of multiple attack clients is monitored respectively, forms attack log;
Attack logs obtain module: obtaining attacking and defending user behaviors log from attack client and protection data Layer;
Default extracting attack key modules: attacking and defending user behaviors log is normalized, according to pre-set attacking and defending row
The corresponding attacking and defending behavior key message of every attacking and defending behavior key element is extracted from the attacking and defending user behaviors log for key element;
Log normalizing memory module: the attacking and defending user behaviors log after normalized is stored in user behaviors log database
In.
The data layer module is mainly by authentication interface module, report interface module and log query interface module group
At;
Authentication interface module is sent to Senior Administrator's data processing module for user accesses data inquiry application request
It is authenticated;
Report interface module is sent to the progress of Senior Administrator's data processing module for the request of user query data sheet
Certification;
Log query interface module is sent to Senior Administrator's data processing module for the request of user query data authentication
It is authenticated.
Advantageous effects of the invention:
1, the data Layer apparatus and system of a kind of information security attack-defence platform provided by the invention, there is new number to cloud platform
According to intervention and output, can be realized information automatically analyze with resource rapid configuration, and support hardware environment and attacking and defending means
Quick variation, and by wooden horse analysis data module, close net management module, alarm module and security protection database module,
Effective Data Analysis Services are carried out, daily more difficult attack can be effectively fought, reach the effect of cloud platform automatic defensive
Fruit can be effectively prevented the leakage of data, guarantee the information data safety of cloud platform, can monitor attacker's machine and peace respectively
The attacking and defending behavior of full protection platform forms attacking and defending user behaviors log, and attacking and defending behavior is obtained from attacker's machine and security protection platform
Log, extracts attacking and defending behavior key message, 2, can also the attack against each other result of anti-result or reinforcing of the present invention make quantification
Analysis carries out quantitative analysis from operating habit of the data plane to information security personnel, to pointedly give training and look into
Leakage is filled a vacancy and loophole distribution, and loophole feature in a period of time is made analysis and even prejudged, to maximumlly utilize
Collected data, and security protection database module stores newest attack by security protection data cloud space module real-time update
Anti- information data, then newest incremental data is quickly analyzed by alarm module and administrator, administrator is notified to need logarithm again
According to the Data Analysis Services for carrying out effective and safe, the effect of cloud platform information data protection will can be greatly promoted.
Detailed description of the invention
Fig. 1 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention
System diagram;
Fig. 2 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention
User's space system diagram;
Fig. 3 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention
Log library system diagram;
Fig. 4 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention
Safety information system figure;
Fig. 5 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention
Data Layer system diagram;
Fig. 6 is an a kind of preferred embodiment of the data Layer apparatus and system of information security attack-defence platform according to the invention
Repository system diagram.
Specific embodiment
To make the more clear and clear technical solution of the present invention of those skilled in the art, below with reference to examples and drawings
The present invention is described in further detail, and embodiments of the present invention are not limited thereto.
In the present embodiment, as shown in Figure 1, a kind of data Layer device of information security attack-defence platform provided in this embodiment
And system, including client data interface, user space module, data transmission module, wooden horse analysis data module, production log
Module, attack module, close net management module, alarm module, security protection database module, security protection data cloud space
Module, data layer module, database module and console module;User space module: user enters the reading of operating space environmental data
Make even platform and data production and data storage system operation interface;Wooden horse analyzes data module: taking sample essential information, danger
Danger power comment, viral diagnosis, four element of dynamic behaviour and screenshot is run, capture systems are newly-generated or the executable text modified
Part, forms sample file output, and built-in a variety of virus scanning engines are scanned analysis to sample file, distinguish known viruse
And unknown attack, the capture and analysis of wooden horse sample;Produce log module: for modules data activity change and and with
Log form storing data, and sent for the storage of daily daily record data and daily record data;Attack module: for storing
Some attack data, the key element of quick analytical attack behavior;Close net management module: attack of the capture for cloud platform
Behavior, which, which should can identify, has attack, and passes through feature, the unknown attack of Activity recognition and unknown malice
Code timely provides safety supports for cloud platform;Alarm module: for daily collection incremental data cloud platform and safety is provided
Information information warning;Security protection database module: for storing high-end security protection data, being critical to for attack is fought
Element;Security protection data cloud space module: newest comprehensive percussion system available resources is extended for security protection database
Technology of sharing;Data layer module: the interface for being respectively used to modules is attached, and is imported and is exported using data, forms one
A resource pool, selection uses resource in resource pool as needed, and operation result can be unified to record and save;Database module:
For the attacking and defending user behaviors log after normalized to be stored in user behaviors log database;Console module: for concentrating exhibition
Show the information data of the safe attack-defence platform of most information.
In the present embodiment, as shown in Fig. 2, the user space module is mainly by access modules, IP address configuration identification
Module and tool model composition, access modules access cloud platform by way of browser, and IP address configures identification module and uses
In automatic identification current accessed IP address and equipment is used, tool model is used for user space module browser interface tool.
In the present embodiment, as shown in Fig. 2, the tool model is mainly by toolkit module and tool storage room interface module
Composition, toolkit module are stored for tools sort, and tools interfaces module is used for the deployment of tool data, give user space module
Interface is used for tool data.
In the present embodiment, as shown in Fig. 2, the toolkit module includes collection tool for target network detection and portion
Divide scanning, scanning loophole and it is analyzed;Password tool is disassembled for password dictionary Auto-Generation Tool and remote password.
In the present embodiment, as shown in figure 3, the production log module includes Attack monitoring module, attack logs acquisition
Attack monitoring module: module, default extracting attack key modules and log normalizing memory module monitor multiple attack visitors respectively
The attack at family end forms attack log;Attack logs obtain module: obtaining from attack client and protection data Layer
Attacking and defending user behaviors log;Default extracting attack key modules: attacking and defending user behaviors log is normalized, and is attacked according to pre-set
It is crucial that anti-behavior key element extracts the corresponding attacking and defending behavior of every attacking and defending behavior key element from the attacking and defending user behaviors log
Information;Log normalizing memory module: the attacking and defending user behaviors log after normalized is stored in user behaviors log database.
In the present embodiment, as shown in figure 4, the alarm module is mainly by notice alarm module and Senior Administrator's number
It is formed according to processing module, knows that alarm module is connected with data layer interface, alarm module is searched for and analyzes latest data change letter
Breath, will notify Senior Administrator's data processing module.
In the present embodiment, as shown in figure 4, Senior Administrator's data processing module includes access privilege mould
Block, user right submodule and user management submodule, Senior Administrator's data processing module control access authority module
State, for user right submodule since every permission is configured and is managed, the items permission includes logging in, access and counting
According to layer independent access permission, user management submodule includes that data are added, more for managing platform feature system, function system
Newly, it deletes, check and closes.
In the present embodiment, as shown in figure 5, the data layer module is mainly by authentication interface module, report interface module
And log query interface module composition;Authentication interface module is sent to advanced pipe for user accesses data inquiry application request
Reason person's data processing module is authenticated;Report interface module is sent to Senior Administrator for the request of user query data sheet
Data processing module is authenticated;Log query interface module is sent to Senior Administrator for the request of user query data authentication
Data processing module is authenticated.
In the present embodiment, as shown in fig. 6, the database module includes read module, matching module, attack day
Will obtains module and normalized module, and read module is for reading attacking and defending behavior key letter in behavior production log module
Breath, matching module are matched for presetting attacking and defending behavior key element, and attack log acquisition module is for attacking
The executing subject of behavior, behavior execute object, behavior executes the time, behavior executes address, behavior execution movement and behavior and holds
Line mode forms log storage, and normalized module produces log mould for attacking and defending user behaviors log normalized and with storage
In block.
In conclusion in the present embodiment, having new data intervention and output to cloud platform, can be realized information and divide automatically
Analysis and resource rapid configuration, and support the quick variation of hardware environment and attacking and defending means, and have wooden horse analysis data module,
Close net management module, alarm module and security protection database module, carry out effective Data Analysis Services, can be effective right
Anti-Japanese often more difficult attack, achievees the effect that cloud platform automatic defensive, can be effectively prevented the leakage of data, guarantees cloud
The information data safety of platform, can monitor the attacking and defending behavior of attacker's machine and security protection platform respectively, form attacking and defending behavior
Log obtains attacking and defending user behaviors log from attacker's machine and security protection platform, extracts attacking and defending behavior key message, but also can
The analysis that quantification is made with the result of attack against each other anti-result or reinforcing, from data plane to the operating habit of information security personnel
Carry out quantitative analysis, thus pointedly give training fill a vacancy with leakage detection and loophole distribution, loophole in a period of time
Feature is made analysis and is even prejudged, so that collected data are maximumlly utilized, and security protection database module passes through peace
Full protection data cloud space module real-time update stores newest attacking and defending information data, then newest variation is quickly analyzed by alarm module
Data simultaneously notify administrator, and administrator needs again to carry out data the Data Analysis Services of effective and safe, can be significantly
Promote the effect of cloud platform information data protection.
The above, further embodiment only of the present invention, but scope of protection of the present invention is not limited thereto, and it is any
Within the scope of the present disclosure, according to the technique and scheme of the present invention and its design adds those familiar with the art
With equivalent substitution or change, protection scope of the present invention is belonged to.
Claims (3)
1. a kind of data layer system of information security attack-defence platform, it is characterised in that: including client data interface, user's space
Module, data transmission module, wooden horse analysis data module, production log module, attack module, close net management module, police
Show module, security protection database module, security protection data cloud space module, data layer module, database module and platform
Module;
User space module: user enters operating space environmental data reading platform and data production and data-storage system behaviour
Make interface, which is mainly made of access modules, IP address configuration identification module and tool model, the work
Tool module is mainly made of toolkit module and tool storage room interface module, and toolkit module is stored for tools sort, tool
Interface module is used for the deployment of tool data, uses interface for tool data to user space module, access modules pass through browsing
The mode of device accesses cloud platform, and IP address configures identification module for automatic identification current accessed IP address and uses equipment, work
Have module to use for user space module browser interface tool, wherein the toolkit module includes collection tool for target
Network detection and partial scan scan loophole and analyze it;Password tool is for password dictionary Auto-Generation Tool and far
The dismantling of journey password;
Wooden horse analyzes data module: take sample essential information, dangerous permission comment, viral diagnosis, four element of dynamic behaviour and
Run screenshot, capture systems are newly-generated or the executable file modified, form sample file output, built-in a variety of viruses are swept
Engine is retouched, analysis is scanned to sample file, distinguishes known viruse and unknown attack, the capture and analysis of wooden horse sample;
Produce log module: the data activity for modules changes and the storing data in the form of log, and is used for daily day
The storage of will data and daily record data are sent;
Attack module: for storing all attack data, the key element of quick analytical attack behavior;
Close net management module: attack of the capture for cloud platform, which should can identify have attack, and pass through spy
Sign, the unknown attack of Activity recognition and unknown malicious code, timely provide safety supports for cloud platform;
Alarm module: for daily collection incremental data cloud platform and message information warning is provided, the alarm module is main
It being made of notice alarm module and Senior Administrator's data processing module, notice alarm module is connected with data layer interface,
Latest data modification information is searched for and analyzed to alarm module, will notify Senior Administrator's data processing module, wherein higher management
Member's data processing module includes access privilege module, user right submodule and user management submodule, higher management
The state of member's data processing module control access authority module, user right submodule is since every permission is configured and is managed
Reason, the items permission includes login, access and data Layer independent access permission, and user management submodule is for managing platform
Function system, function system include that data are added, update, delete, check and closed;
Security protection database module: for storing high-end security protection data, the key element of attack is fought;
Security protection data cloud space module: newest comprehensive percussion system available resources is extended for security protection database
Technology of sharing;
Data layer module: the interface for being respectively used to modules is attached, and is imported and is exported using data, forms a resource
Pond, selection uses resource in resource pool as needed, and operation result can be unified to record and save;
Database module: for the attacking and defending user behaviors log after normalized to be stored in user behaviors log database, the number
It include read module, matching module, attack log acquisition module and normalized module, read module according to library module
For reading attacking and defending behavior key message in behavior production log module, matching module is critical to for presetting attacking and defending behavior
Element is matched, when attack log acquisition module executes object for the executing subject of attack, behavior, behavior executes
Between, behavior executes address, behavior execution movement and behavior executive mode form log storage, normalized module is for attacking
Anti- user behaviors log normalized simultaneously produces in log module with storage;
Console module: for concentrating the information data for showing the safe attack-defence platform of most information.
2. a kind of data layer system of information security attack-defence platform according to claim 1, it is characterised in that: the production
Log module includes that Attack monitoring module, attack logs acquisition module, default extracting attack key modules and log normalizing are deposited
Store up module;
Attack monitoring module: the attack of multiple attack clients is monitored respectively, forms attack log;
Attack logs obtain module: obtaining attacking and defending user behaviors log from attack client and protection data Layer;
Default extracting attack key modules: attacking and defending user behaviors log is normalized, and is closed according to pre-set attacking and defending behavior
Key element extracts the corresponding attacking and defending behavior key message of every attacking and defending behavior key element from the attacking and defending user behaviors log;
Log normalizing memory module: the attacking and defending user behaviors log after normalized is stored in user behaviors log database.
3. a kind of data layer system of information security attack-defence platform according to claim 1, it is characterised in that: the data
Layer module is mainly made of authentication interface module, report interface module and log query interface module;
Authentication interface module is sent to the progress of Senior Administrator's data processing module for user accesses data inquiry application request
Certification;
Report interface module is sent to Senior Administrator's data processing module for the request of user query data sheet and authenticates;
Log query interface module is sent to the progress of Senior Administrator's data processing module for the request of user query data authentication
Certification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910683803.4A CN110378115B (en) | 2019-07-26 | 2019-07-26 | Data layer system of information security attack and defense platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910683803.4A CN110378115B (en) | 2019-07-26 | 2019-07-26 | Data layer system of information security attack and defense platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110378115A true CN110378115A (en) | 2019-10-25 |
CN110378115B CN110378115B (en) | 2022-08-30 |
Family
ID=68256499
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910683803.4A Active CN110378115B (en) | 2019-07-26 | 2019-07-26 | Data layer system of information security attack and defense platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110378115B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111107090A (en) * | 2019-12-20 | 2020-05-05 | 深圳职业技术学院 | Data layer system of information security attack and defense platform |
CN114257522A (en) * | 2021-12-21 | 2022-03-29 | 浙江国利网安科技有限公司 | Network security attack and defense demonstration system, method, device and storage medium |
CN114338143A (en) * | 2021-12-27 | 2022-04-12 | 国网浙江省电力有限公司温州供电公司 | Data layer system of information security attack and defense platform |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103401886A (en) * | 2013-08-20 | 2013-11-20 | 江苏君立华域信息安全技术有限公司 | Implementation method of information security attack-defense confrontation |
CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
CN104778073A (en) * | 2015-04-17 | 2015-07-15 | 广东电网有限责任公司信息中心 | Novel information security attack and defense experiment platform and implementation method thereof |
CN104809404A (en) * | 2015-04-17 | 2015-07-29 | 广东电网有限责任公司信息中心 | Data layer system of information security attack-defense platform |
-
2019
- 2019-07-26 CN CN201910683803.4A patent/CN110378115B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103401886A (en) * | 2013-08-20 | 2013-11-20 | 江苏君立华域信息安全技术有限公司 | Implementation method of information security attack-defense confrontation |
CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
CN104778073A (en) * | 2015-04-17 | 2015-07-15 | 广东电网有限责任公司信息中心 | Novel information security attack and defense experiment platform and implementation method thereof |
CN104809404A (en) * | 2015-04-17 | 2015-07-29 | 广东电网有限责任公司信息中心 | Data layer system of information security attack-defense platform |
Non-Patent Citations (2)
Title |
---|
康荣保等: "工业控制系统信息安全防护技术研究", 《通信技术》 * |
邵艾青等: "蜜罐系统与安管平台联动结合的研究与实践", 《电信科学》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111107090A (en) * | 2019-12-20 | 2020-05-05 | 深圳职业技术学院 | Data layer system of information security attack and defense platform |
CN114257522A (en) * | 2021-12-21 | 2022-03-29 | 浙江国利网安科技有限公司 | Network security attack and defense demonstration system, method, device and storage medium |
CN114257522B (en) * | 2021-12-21 | 2024-01-12 | 浙江国利网安科技有限公司 | Network security attack and defense demonstration system, method, device and storage medium |
CN114338143A (en) * | 2021-12-27 | 2022-04-12 | 国网浙江省电力有限公司温州供电公司 | Data layer system of information security attack and defense platform |
Also Published As
Publication number | Publication date |
---|---|
CN110378115B (en) | 2022-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
CN111600856B (en) | Safety system of operation and maintenance of data center | |
CN102594825B (en) | The detection method of a kind of intranet Trojans and device | |
CN103026345B (en) | For the dynamic multidimensional pattern of event monitoring priority | |
US7200867B2 (en) | Webcrawl internet security analysis and process | |
Killourhy et al. | A defense-centric taxonomy based on attack manifestations | |
CN103916406B (en) | A kind of APT attack detection methods based on DNS log analysis | |
CN108449319A (en) | A kind of method and device of identification swindle website and the evidence obtaining of long-range wooden horse | |
CN105187367B (en) | The detection of corpse trojan horse and management-control method based on big data discovery | |
CN108768989A (en) | It is a kind of using the APT attack defense methods of mimicry technology, system | |
CN1328638C (en) | Intrusion detection method for host under Windows environment | |
CN103150511B (en) | Safety protection system | |
CN110378115A (en) | A kind of data layer system of information security attack-defence platform | |
CN107612924A (en) | Attacker's localization method and device based on wireless network invasion | |
CN103561012A (en) | WEB backdoor detection method and system based on relevance tree | |
CN107579997A (en) | Wireless network intrusion detection system | |
CN108234419A (en) | A kind of network attack monitoring method and device based on big data | |
CN113037713B (en) | Network attack resisting method, device, equipment and storage medium | |
CN104486320B (en) | Intranet sensitive information leakage evidence-obtaining system and method based on sweet network technology | |
CN111510463B (en) | Abnormal behavior recognition system | |
Vargas et al. | Knowing your enemies: Leveraging data analysis to expose phishing patterns against a major US financial institution | |
CN116996286A (en) | Network attack and security vulnerability management framework platform based on big data analysis | |
Eom et al. | A framework of defense system for prevention of insider's malicious behaviors | |
Bharati et al. | Intrusion detection systems (IDS) & future challenges in cloud based environment | |
AlZoubi et al. | The effect of using honeypot network on system security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20220812 Address after: 518001 2318 Anhui building, 6007 Shennan Avenue, Tian'an community, Shatou street, Futian District, Shenzhen City, Guangdong Province Applicant after: Shenzhen Sanxi Software Technology Co.,Ltd. Address before: Longxi Garden, South Huijing Road, Tianhe District, Guangzhou City, Guangdong Province, 510000 Applicant before: Ding Juxian |
|
GR01 | Patent grant | ||
GR01 | Patent grant |