CN110430212A - The Internet of Things of multivariate data fusion threatens cognitive method and system - Google Patents

The Internet of Things of multivariate data fusion threatens cognitive method and system Download PDF

Info

Publication number
CN110430212A
CN110430212A CN201910751372.0A CN201910751372A CN110430212A CN 110430212 A CN110430212 A CN 110430212A CN 201910751372 A CN201910751372 A CN 201910751372A CN 110430212 A CN110430212 A CN 110430212A
Authority
CN
China
Prior art keywords
warning information
data
internet
confidence level
flows
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910751372.0A
Other languages
Chinese (zh)
Inventor
王世晋
范渊
黄进
王辉
周忠锦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201910751372.0A priority Critical patent/CN110430212A/en
Publication of CN110430212A publication Critical patent/CN110430212A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Alarm Systems (AREA)

Abstract

The present invention provides a kind of Internet of Things of multivariate data fusion to threaten cognitive method and system, is applied to Internet of Things Situation Awareness platform, and wherein method includes: the warning information for obtaining Internet of Things Situation Awareness platform;Multiple datas on flows of internet of things equipment are obtained, while obtaining the confidence level and weighted value of each data on flows;Warning information is matched with multiple datas on flows, and calculates the threat confidence level of warning information according to the confidence level of the data on flows to match with warning information and weighted value.The present invention alleviates the technical issues of generating erroneous judgement to warning information when alarm quantity is more existing in the prior art.

Description

The Internet of Things of multivariate data fusion threatens cognitive method and system
Technical field
The present invention relates to technical field of network security, threaten perception more particularly, to a kind of Internet of Things of multivariate data fusion Method and system.
Background technique
With the diversification of network safety prevention means, the alarm that different preventive means generates has different strategy rule It is then used as foundation, we term it original alarm records for alarm record caused by these safeguards or preventive means.Phase For the same event, the original alarm record that different preventive means generates is all different.When client's Internet of Things network environment Under when not only having a kind of preventive means, such as flow probe captured it is abnormal it is outer connect, that agent client has captured process is different CPU alarm is often occupied, or when alarm quantity is more, the prior art can not timely and effectively divide a plurality of warning information It analyses and is associated with, lead to the erroneous judgement to warning information.
Summary of the invention
In view of this, threatening cognitive method the purpose of the present invention is to provide a kind of Internet of Things of multivariate data fusion and being System, to alleviate the technical issues of generating erroneous judgement to warning information when alarm quantity is more existing in the prior art.
In a first aspect, the embodiment of the invention provides a kind of Internet of Things of multivariate data fusion, and cognitive method to be threatened to be applied to Internet of Things Situation Awareness platform, comprising: obtain the warning information of the Internet of Things Situation Awareness platform;Obtain internet of things equipment Multiple datas on flows, while obtaining the confidence level and weighted value of each data on flows;By the warning information and the multiple stream Amount data are matched, and according to the confidence level of the data on flows to match with the warning information and the weighted value meter Calculate the threat confidence level of the warning information.
Further, the warning information includes at least one of: attack source IP information, attacks source port information, quilt IP study is attacked, by attacked port information, attacks protocol information, attack means information and attack load information.
Further, multiple datas on flows of internet of things equipment are obtained, comprising: the agent data of internet of things equipment are obtained, Flow probe data and threat information data, wherein the flow probe data include at least one of: being interconnected between network Agreement, domain name, uniform resource locator, file cryptographic Hash, process name, feature string.
Further, the warning information is matched with the multiple data on flows, and believed according to the alarm The confidence level of the matched data on flows of manner of breathing and the weighted value calculate the threat confidence level of the warning information, comprising: The multiple target flow data to match with the warning information are searched in the multiple data on flows;Calculate the multiple mesh The confidence level of data on flows is marked based on the weighted average of the weighted value;Using the weighted average as the warning information Threat confidence level.
Further, after the threat confidence level for calculating the warning information, the method also includes: according to the prestige Side of body confidence level determines the threat confidence levels of the warning information;The warning information and the threat confidence levels are sent to User.
Second aspect, the embodiment of the invention also provides a kind of Internet of Things of multivariate data fusion to threaten sensory perceptual system, answers For Internet of Things Situation Awareness platform, comprising: first obtains module, and second obtains module and matching and computing module, wherein institute The first acquisition module is stated, for obtaining the warning information of the Internet of Things Situation Awareness platform;Described second obtains module, is used for Multiple datas on flows of internet of things equipment are obtained, while obtaining the confidence level and weighted value of each data on flows;It is described matching and Computing module, for the warning information to be matched with the multiple data on flows, and according to the warning information phase The confidence level of matched data on flows and the weighted value calculate the threat confidence level of the warning information.
Further, the matching and computing module include: matching unit and computing unit, wherein the matching unit, For searching the multiple target flow data to match with the warning information in the multiple data on flows;The calculating is single Member, for calculating the confidence level of the multiple target flow data based on the weighted average of the weighted value;By the weighting Threat confidence level of the average value as the warning information.
Further, the system also includes: display module is used for: determining the alarm according to the threat confidence level The threat confidence levels of information;The warning information and the threat confidence levels are sent to user.
The third aspect the embodiment of the invention also provides a kind of electronic equipment, including memory, processor and is stored in institute The computer program that can be run on memory and on the processor is stated, the processor executes real when the computer program The step of method described in existing above-mentioned first aspect.
Fourth aspect, the embodiment of the invention also provides a kind of non-volatile program codes that can be performed with processor Computer-readable medium, said program code make the processor execute above-mentioned first aspect the method.
The present invention provides a kind of Internet of Things of multivariate data fusion to threaten cognitive method and system, is applied to Internet of Things state Gesture aware platform.The present invention passes through the warning information for getting Internet of Things Situation Awareness platform and the progress of multiple datas on flows With analysis, and the mode of the confidence level of warning information is obtained by calculation, foundation can be provided for the judgement of warning information, alleviates The technical issues of erroneous judgement is generated to warning information when alarm quantity is more existing in the prior art.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is that a kind of Internet of Things of multivariate data fusion provided in an embodiment of the present invention threatens the flow chart of cognitive method;
Fig. 2 is that the Internet of Things of another multivariate data fusion provided in an embodiment of the present invention threatens the process of cognitive method Figure;
Fig. 3 is that a kind of Internet of Things of multivariate data fusion provided in an embodiment of the present invention threatens the schematic diagram of sensory perceptual system;
Fig. 4 is that the Internet of Things of another multivariate data fusion provided in an embodiment of the present invention threatens the signal of sensory perceptual system Figure.
Specific embodiment
Technical solution of the present invention is clearly and completely described below in conjunction with attached drawing, it is clear that described implementation Example is a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill Personnel's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Embodiment one:
With the diversification of network safety prevention means, the alarm that different preventive means generates has different strategy rule It is then used as foundation, we term it original alarm records for alarm record caused by these safeguards or preventive means.Phase For the same event, the original alarm record that different preventive means generates is all different, when these data access networks are pacified When full Situation Awareness platform, for significantly more efficient progress multivariate data association analysis, the present invention is obtained by merging multivariate data Synthesis confidence level out can confirm network security threats on higher analysis face.
Fig. 1 is that a kind of Internet of Things of multivariate data fusion provided according to embodiments of the present invention threatens the process of cognitive method Figure, this method can be implemented by Internet of Things Situation Awareness platform.As shown in Figure 1, this method specifically comprises the following steps:
Step S102 obtains the warning information of Internet of Things Situation Awareness platform.
Optionally, warning information includes at least one of: attack source IP information, attacks source port information, by attack IP Study attacks protocol information, attack means information and attack load information by attacked port information.
Step S104, obtains multiple datas on flows of internet of things equipment, at the same obtain each data on flows confidence level and Weighted value.
Specifically, the agent data including acquisition internet of things equipment, flow probe data and threat information data.
Wherein, flow probe data include at least one of: the agreement (IP) interconnected between network, domain name, unified to provide Source finger URL (URL), file cryptographic Hash, process name, feature string.The agent system of internet of things equipment is run and Internet of Things The security module of equipment itself, the agent data got include process data, network flow data, hardware resource data etc..
Optionally, flow probe data further include local network (such as video private network) flow probe data, and can be from cloud Hold the strange land flow probe data inquired.
Optionally, confidence level can be indicated with default value, wherein default value is bigger, and expression confidence level is higher.It is optional Ground, default value are the numerical value more than or equal to 0 and less than or equal to 1.
Optionally, weighted value is default positive real number.
Step S106 matches warning information with multiple datas on flows, and according to the stream to match with warning information The confidence level and weighted value of measuring data calculate the threat confidence level of warning information.
The embodiment of the invention provides a kind of Internet of Things of multivariate data fusion to threaten cognitive method, is applied to Internet of Things state Gesture aware platform, comprising: obtain the warning information of Internet of Things Situation Awareness platform;Obtain multiple flow numbers of internet of things equipment According to, while obtaining the confidence level and weighted value of each data on flows;Warning information is matched with multiple datas on flows, and root The threat confidence level of warning information is calculated according to the confidence level and weighted value of the data on flows to match with warning information.The present embodiment The matching analysis is carried out by the warning information for getting Internet of Things Situation Awareness platform and multiple datas on flows, and passes through calculating The mode of the confidence level of warning information is obtained, foundation can be provided for the judgement of warning information, alleviate and exist in the prior art When alarm quantity is more to warning information generate erroneous judgement the technical issues of.
Optionally, step S106 specifically comprises the following steps:
Step S1061 searches the multiple target flow data to match with warning information in multiple datas on flows;
For example, searching the multiple target streams to match at least one of in warning information in multiple datas on flows Amount: attack source IP attacks load, feature string, file cryptographic Hash etc. by attack IP.
Step S1062 calculates the confidence level of multiple target flow data based on the weighted average of weighted value;
Step S1063, using weighted average as the threat confidence level of warning information.
Optionally, Fig. 2 is that the Internet of Things of another multivariate data fusion provided in an embodiment of the present invention at all threatens perception The flow chart of method, as shown in Fig. 2, this method further includes following steps after step s 106:
Step S108, according to the threat confidence levels for threatening confidence level to determine warning information.
For example, being compared according to the value range of the numerical value and pre-set multi-level confidence that threaten confidence level, really Surely confidence levels are threatened, wherein threatening confidence levels may include: rudimentary threat confidence level, and middle rank threatens confidence level, advanced prestige Coerce confidence level and high threat confidence level.After determining threat confidence levels, confidence levels label is stamped for warning information.
Step S110 by warning information and threatens confidence levels to be sent to user.
The Internet of Things that multivariate data fusion provided in an embodiment of the present invention is exemplified below threatens the implementation of cognitive method Process.
1) warning information that the security centre that Internet of Things Situation Awareness platform gets internet of things equipment reports, assets 192.168.1.2 the concurrent connection number for holding upper same attack source IP 1.1.1.1 is more than 200, doubtful DDOS or scanning, and according to The case where it is attacked assignment confidence level c1 and weighted value w1.
2) attack signature that SYN_FLOOD is caught in network flow equipment, generates a data on flows, attack source is 1.1.1.1 target of attack is 192.168.1.2, and according to assignment confidence level c2 and weighted value w2 the case where its attack.
3) on WAF, a data on flows, specially one malicious IP addresses (the Botnet master being labeled are detected Machine) 1.1.1.1 communicates our assets 192.168.1.2, and according to assignment confidence level c3 the case where its attack and Weighted value w3.
4) according to relevant matches, obtain data on flows in step 2) and step 3) with the warning information in step 1) It is related.
5) Internet of Things Situation Awareness platform combines these situations, calculates the threat confidence level x1 of warning information.Optionally, X1=(c1*w1+c2*w2+c3*w3)/3.
6) according to the threat confidence levels for threatening confidence level x1 to determine warning information.
7) warning information and threat confidence levels are sent to user.
As can be seen from the above description, a kind of Internet of Things of multivariate data fusion provided in an embodiment of the present invention threatens perception side Method carries out the matching analysis by the warning information for getting Internet of Things Situation Awareness platform and multiple datas on flows, and passes through The mode of the confidence level of warning information is calculated, foundation can be provided for the judgement of warning information, alleviated in the prior art Existing the technical issues of erroneous judgement is generated to warning information when alarm quantity is more.Improve Internet of Things Situation Awareness platform pair The ability of multivariate data fusion treatment and association analysis.
Embodiment two:
Fig. 3 is that a kind of Internet of Things of multivariate data fusion provided according to embodiments of the present invention threatens the signal of sensory perceptual system Figure is applied to Internet of Things Situation Awareness platform.As shown in figure 3, the system includes: the first acquisition module 10, second obtains module 20 and matching and computing module 30.
Specifically, first module 10 is obtained, for obtaining the warning information of Internet of Things Situation Awareness platform.
Optionally, warning information includes at least one of: attack source IP information, attacks source port information, by attack IP Study attacks protocol information, attack means information and attack load information by attacked port information.
Second obtains module 20, for obtaining multiple datas on flows of internet of things equipment, while obtaining each data on flows Confidence level and weighted value.
Specifically, the second acquisition module 20 is also used to obtain the agent data of internet of things equipment, flow probe data and prestige Coerce information data.
Wherein, flow probe data include at least one of: the agreement interconnected between network, domain name, unified resource are fixed Position symbol, file cryptographic Hash, process name, feature string.The operation of agent system and the internet of things equipment itself of internet of things equipment Security module, the agent data got include process data, network flow data, hardware resource data etc..
Optionally, flow probe data further include local network (such as video private network) flow probe data, and can be from cloud Hold the strange land flow probe data inquired.
Optionally, confidence level can be indicated with default value, wherein default value is bigger, and expression confidence level is higher.It is optional Ground, default value are the numerical value more than or equal to 0 and less than or equal to 1.
Optionally, weighted value is default positive real number.
Matching and computing module 30 are believed for matching warning information with multiple datas on flows, and according to alarm The confidence level and weighted value of the matched data on flows of manner of breathing calculate the threat confidence level of warning information.
The present invention provides a kind of Internet of Things of multivariate data fusion to threaten sensory perceptual system, is applied to Internet of Things Situation Awareness Platform, comprising: first obtains module, for obtaining the warning information of Internet of Things Situation Awareness platform;Second obtains module, is used for Multiple datas on flows of internet of things equipment are obtained, while obtaining the confidence level and weighted value of each data on flows;Matching and calculating Module, for matching warning information with multiple datas on flows, and according to the data on flows to match with warning information Confidence level and weighted value calculate the threat confidence level of warning information.The present embodiment is by getting Internet of Things Situation Awareness platform Warning information and multiple datas on flows carry out the matching analysis, and the mode of the confidence level of warning information is obtained by calculation, can To provide foundation for the judgement of warning information, alleviate it is existing in the prior art when alarm quantity is more to warning information produce The technical issues of raw erroneous judgement.
Optionally, Fig. 4 is that the Internet of Things of another multivariate data fusion provided in an embodiment of the present invention threatens sensory perceptual system Schematic diagram, as shown in figure 4, matching and computing module 30 further include: matching unit 31 and computing unit 32.
Specifically, matching unit 31, for searching the multiple targets to match with warning information in multiple datas on flows Data on flows;
Computing unit 32, for calculating the confidence level of multiple target flow data based on the weighted average of weighted value;It will Threat confidence level of the weighted average as warning information.
As shown in figure 4, system provided in an embodiment of the present invention further include: display module 40 is used for: according to threat confidence level Determine the threat confidence levels of warning information;By warning information and confidence levels is threatened to be sent to user.
Optionally, the embodiment of the invention also provides a kind of electronic equipment, including memory, processor and it is stored in storage On device and the computer program that can run on a processor, processor realize that above-described embodiment one provides when executing computer program Method the step of.
Optionally, the embodiment of the invention also provides a kind of meters of non-volatile program code that can be performed with processor Calculation machine readable medium, the Internet of Things that program code makes processor execute the multivariate data fusion provided in above-described embodiment one threaten Cognitive method.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (10)

1. a kind of Internet of Things of multivariate data fusion threatens cognitive method, which is characterized in that it is flat to be applied to Internet of Things Situation Awareness Platform, comprising:
Obtain the warning information of the Internet of Things Situation Awareness platform;
Multiple datas on flows of internet of things equipment are obtained, while obtaining the confidence level and weighted value of each data on flows;
The warning information is matched with the multiple data on flows, and according to the flow to match with the warning information The confidence level of data and the weighted value calculate the threat confidence level of the warning information.
2. the method according to claim 1, wherein the warning information includes at least one of: attack source IP information attacks source port information, by attack IP study, by attacked port information, attacks protocol information, attack means information or Attack load information.
3. the method according to claim 1, wherein obtaining multiple datas on flows of internet of things equipment, comprising:
Obtain the agent data of internet of things equipment, flow probe data and threat information data, wherein the flow probe number According to including at least one of: the agreement interconnected between network, domain name, uniform resource locator, file cryptographic Hash, process name, Feature string.
4. the method according to claim 1, wherein the warning information and the multiple data on flows are carried out Matching, and the alarm is calculated according to the confidence level of the data on flows to match with the warning information and the weighted value The threat confidence level of information, comprising:
The multiple target flow data to match with the warning information are searched in the multiple data on flows;
The confidence level of the multiple target flow data is calculated based on the weighted average of the weighted value;
Using the weighted average as the threat confidence level of the warning information.
5. the method according to claim 1, wherein after the threat confidence level for calculating the warning information, The method also includes:
The threat confidence levels of the warning information are determined according to the threat confidence level;
The warning information and the threat confidence levels are sent to user.
6. a kind of Internet of Things of multivariate data fusion threatens sensory perceptual system, which is characterized in that it is flat to be applied to Internet of Things Situation Awareness Platform, comprising: first obtains module, and second obtains module and matching and computing module, wherein
Described first obtains module, for obtaining the warning information of the Internet of Things Situation Awareness platform;
Described second obtains module, for obtaining multiple datas on flows of internet of things equipment, while obtaining each data on flows Confidence level and weighted value;
The matching and computing module, for the warning information to be matched with the multiple data on flows, and according to The threat that the confidence level for the data on flows that the warning information matches and the weighted value calculate the warning information is set Reliability.
7. system according to claim 6, which is characterized in that described match with computing module includes: matching unit and meter Calculate unit, wherein
The matching unit, for searching the multiple target streams to match with the warning information in the multiple data on flows Measure data;
The computing unit, for calculating the confidence level of the multiple target flow data based on the weighted average of the weighted value Value;Using the weighted average as the threat confidence level of the warning information.
8. system according to claim 6, which is characterized in that the system also includes: display module is used for:
The threat confidence levels of the warning information are determined according to the threat confidence level;
The warning information and the threat confidence levels are sent to user.
9. a kind of electronic equipment, including memory, processor and it is stored on the memory and can transports on the processor Capable computer program, which is characterized in that the processor realizes the claims 1 to 5 when executing the computer program The step of described in any item methods.
10. a kind of computer-readable medium for the non-volatile program code that can be performed with processor, which is characterized in that described Program code makes the processor execute described any the method for claim 1-5.
CN201910751372.0A 2019-08-14 2019-08-14 The Internet of Things of multivariate data fusion threatens cognitive method and system Pending CN110430212A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910751372.0A CN110430212A (en) 2019-08-14 2019-08-14 The Internet of Things of multivariate data fusion threatens cognitive method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910751372.0A CN110430212A (en) 2019-08-14 2019-08-14 The Internet of Things of multivariate data fusion threatens cognitive method and system

Publications (1)

Publication Number Publication Date
CN110430212A true CN110430212A (en) 2019-11-08

Family

ID=68414820

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910751372.0A Pending CN110430212A (en) 2019-08-14 2019-08-14 The Internet of Things of multivariate data fusion threatens cognitive method and system

Country Status (1)

Country Link
CN (1) CN110430212A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110912737A (en) * 2019-11-14 2020-03-24 国网浙江省电力有限公司信息通信分公司 Dynamic perception performance early warning method based on hybrid model
CN111143844A (en) * 2019-12-25 2020-05-12 浙江军盾信息科技有限公司 Safety detection method and system for Internet of things equipment and related device
CN112583842A (en) * 2020-12-23 2021-03-30 黑龙江省网络空间研究中心 Network security situation awareness system platform based on data stream processing
CN112769847A (en) * 2021-01-18 2021-05-07 恒安嘉新(北京)科技股份公司 Safety protection method, device, equipment and storage medium for Internet of things equipment

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101562537A (en) * 2009-05-19 2009-10-21 华中科技大学 Distributed self-optimized intrusion detection alarm associated system
WO2013055807A1 (en) * 2011-10-10 2013-04-18 Global Dataguard, Inc Detecting emergent behavior in communications networks
CN103648096A (en) * 2013-12-11 2014-03-19 北京联合大学 Method for rapidly detecting and positioning illegal base station intrusion
CN104539626A (en) * 2015-01-14 2015-04-22 中国人民解放军信息工程大学 Network attack scene generating method based on multi-source alarm logs
US9282114B1 (en) * 2011-06-30 2016-03-08 Emc Corporation Generation of alerts in an event management system based upon risk
CN106771853A (en) * 2016-11-29 2017-05-31 华中科技大学 A kind of intelligent power network method for diagnosing faults based on event origin
CN108074381A (en) * 2016-11-10 2018-05-25 杭州海康威视系统技术有限公司 Alarm method, apparatus and system
CN108306894A (en) * 2018-03-19 2018-07-20 西安电子科技大学 A kind of network security situation evaluating method and system that confidence level occurring based on attack
US20180330597A1 (en) * 2017-05-10 2018-11-15 Katerra, Inc. Method and apparatus for real property alarm system
CN109698819A (en) * 2018-11-19 2019-04-30 中国科学院信息工程研究所 Threat disposition management method and system in a kind of network
CN110086779A (en) * 2019-03-26 2019-08-02 中国人民武装警察部队工程大学 A kind of communication security method of discrimination of multi-area optical network crosstalk attack

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101562537A (en) * 2009-05-19 2009-10-21 华中科技大学 Distributed self-optimized intrusion detection alarm associated system
US9282114B1 (en) * 2011-06-30 2016-03-08 Emc Corporation Generation of alerts in an event management system based upon risk
WO2013055807A1 (en) * 2011-10-10 2013-04-18 Global Dataguard, Inc Detecting emergent behavior in communications networks
CN103648096A (en) * 2013-12-11 2014-03-19 北京联合大学 Method for rapidly detecting and positioning illegal base station intrusion
CN104539626A (en) * 2015-01-14 2015-04-22 中国人民解放军信息工程大学 Network attack scene generating method based on multi-source alarm logs
CN108074381A (en) * 2016-11-10 2018-05-25 杭州海康威视系统技术有限公司 Alarm method, apparatus and system
CN106771853A (en) * 2016-11-29 2017-05-31 华中科技大学 A kind of intelligent power network method for diagnosing faults based on event origin
US20180330597A1 (en) * 2017-05-10 2018-11-15 Katerra, Inc. Method and apparatus for real property alarm system
CN108306894A (en) * 2018-03-19 2018-07-20 西安电子科技大学 A kind of network security situation evaluating method and system that confidence level occurring based on attack
CN109698819A (en) * 2018-11-19 2019-04-30 中国科学院信息工程研究所 Threat disposition management method and system in a kind of network
CN110086779A (en) * 2019-03-26 2019-08-02 中国人民武装警察部队工程大学 A kind of communication security method of discrimination of multi-area optical network crosstalk attack

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
王春雷: "基于知识发现的网络安全态势感知系统", 《计算机科学》 *
程建钧: "异构网络多传感器信号冲突处理架构的研究", 《河北师范大学学报》 *
程建钧等: "异构网络多传感器信号冲突处理架构的研究", 《河北师范大学学报(自然科学版)》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110912737A (en) * 2019-11-14 2020-03-24 国网浙江省电力有限公司信息通信分公司 Dynamic perception performance early warning method based on hybrid model
CN111143844A (en) * 2019-12-25 2020-05-12 浙江军盾信息科技有限公司 Safety detection method and system for Internet of things equipment and related device
CN112583842A (en) * 2020-12-23 2021-03-30 黑龙江省网络空间研究中心 Network security situation awareness system platform based on data stream processing
CN112769847A (en) * 2021-01-18 2021-05-07 恒安嘉新(北京)科技股份公司 Safety protection method, device, equipment and storage medium for Internet of things equipment
CN112769847B (en) * 2021-01-18 2022-10-14 恒安嘉新(北京)科技股份公司 Safety protection method, device, equipment and storage medium for Internet of things equipment

Similar Documents

Publication Publication Date Title
CN110430212A (en) The Internet of Things of multivariate data fusion threatens cognitive method and system
Hoque et al. An implementation of intrusion detection system using genetic algorithm
EP3958155A1 (en) Knowledge graph enhancement by prioritizing cardinal nodes
US10904286B1 (en) Detection of phishing attacks using similarity analysis
CN111786950B (en) Network security monitoring method, device, equipment and medium based on situation awareness
Baldwin et al. Contagion in cyber security attacks
EP2691848B1 (en) Determining machine behavior
CN110149327B (en) Network security threat warning method and device, computer equipment and storage medium
CN103428189B (en) A kind of methods, devices and systems identifying malicious network device
CA3041875A1 (en) System and method for reducing false positive security events
CN110140125A (en) Threat information management in safety and compliance environment
CN110113314A (en) Network safety filed knowledge mapping construction method and device for dynamic threats analysis
US9692779B2 (en) Device for quantifying vulnerability of system and method therefor
CN110445801B (en) Situation sensing method and system of Internet of things
CN106779278A (en) The evaluation system of assets information and its treating method and apparatus of information
CN104954188B (en) Web log file safety analytical method based on cloud, device and system
Huynh et al. Uncovering periodic network signals of cyber attacks
CN109167794A (en) A kind of attack detection method of network-oriented system security measure
CN111786974A (en) Network security assessment method and device, computer equipment and storage medium
CN109313541A (en) For showing and the user interface of comparison attacks telemetering resource
Goethals et al. A review of scientific research in defensive cyberspace operation tools and technologies
US10681059B2 (en) Relating to the monitoring of network security
CN114679327A (en) Network attack level determination method and device, computer equipment and storage medium
Sajith et al. Network intrusion detection system using ANFIS classifier
Lee et al. ATMSim: An anomaly teletraffic detection measurement analysis simulator

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191108