CN110460575A - One kind can be realized security audit functional network Security Situation Awareness Systems - Google Patents
One kind can be realized security audit functional network Security Situation Awareness Systems Download PDFInfo
- Publication number
- CN110460575A CN110460575A CN201910614049.9A CN201910614049A CN110460575A CN 110460575 A CN110460575 A CN 110460575A CN 201910614049 A CN201910614049 A CN 201910614049A CN 110460575 A CN110460575 A CN 110460575A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- module
- processing
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/215—Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/906—Clustering; Classification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Quality & Reliability (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses one kind can be realized security audit functional network Security Situation Awareness Systems, it is related to technical field of network security, by the way that network data is acquired, identification and duplication, two parts of data are subjected to processing operation simultaneously, on the one hand security postures perception is carried out to web data, reach surveying to station end net safe condition, known to, it can prevent controllable, farthest resist potential network security threats, on the other hand security audit function can be realized to network data simultaneously, security audit is realized to network operation log, operating system log, database important log, business application system running log, safety devices running log etc. carries out centralized collection, it automatically analyzes, the attack of various unlawful practices and virus and hacker is found in time, the two is in the synchronous progress of operational process, save operation time, mutually It does not interfere.
Description
Technical field
The present invention relates to technical field of network security, specially one kind can be realized security audit functional network security postures
Sensory perceptual system.
Background technique
The basic conception of network security situation awareness refers in large-scale network environment, to can cause network security shape
State and the security factor of Long-term change trend extract, convergence analysis, display and prediction development trend.
Network security situation awareness focus on to by network system as a whole, to its safe condition and future
The analysis of trend is held, and accurate sensing network situation on the whole is allowed users to, thus reliable accurately to feel to provide
Foundation will be preferably minimized limit due to networking security problem bring risk and loss.This theory be relative to IDS,
These conventional security isomery defence based on isolated single-point defence of Firewall, VDS.Do not have between them mutual mutual
Association cooperation, and network security is divided into safe isolated island one by one.As network security situation awareness, it has merged biography
The method of all kinds of attack detectings, positioning and tracking in network security theory of uniting etc., the safety that network is concentrated comprehensively
The analysis of management and intelligent comprehensive, the safety component of different field is permeated a seamless security system, to form one
The network security management system of a macroscopic view.
With the rapid development of information technology, security issues become increasingly urgent for internet.The tradition such as firewall, intrusion detection
Management and monitoring to Network anomalous behaviors may be implemented in network security means, but cannot monitor Web content and authorized
Normal internal network access behavior, therefore to information-leakage caused by proper network access behavior, Internet resources monitor behavior
It is helpless.
Summary of the invention
(1) the technical issues of solving
In view of the deficiencies of the prior art, the present invention provides one kind can be realized security audit functional network security postures sense
Know system, solves the problems, such as proposed in above-mentioned background technique.
(2) technical solution
To achieve the above objectives, the technical solution adopted by the present invention is that: one kind can be realized security audit functional network peace
Full Situation Awareness System is acquired by data of the data acquisition module to current network, is known after data acquisition by data
Other module carries out identifying processing, obtains the network essential information data of standardization format, the data after identifying processing is passed through multiple
Molding block is made two parts, makes that two identical data pass through real-time processing server respectively and audit server is handled;
The main flow of real-time processing server processing data has:
A. data select: determining operation object, that is, target object of discovery data task;
B. it pre-processes: elimination noise being carried out to data, derivation calculates missing value data, eliminates repetition record, completion data class
Type conversion;
C. it Data Mining: is summarized using Algorithm of Mining to data, classifies, clusters, associated rule discovery;
D. abnormality processing: capturing data Intranet network abnormal behaviour, analyze the potential risk of network, accurate capture disease
Poison, worm and illegal invasion;
The main flow of audit server processing data has:
A. extraction module: the static nature of application data corresponding with processing task in data is extracted;
B. static scanning module: by by the static nature of described program data and pre-stored loophole static nature into
Row matching, obtains static detection result;
C. transfer module: the application data is passed into terminal device, so that described in the installing terminal equipment
The corresponding application program of application data;
D. dynamic scan module, by by behavioral characteristics caused by application program described in the terminal device actual motion
It is matched with pre-stored loophole behavioral characteristics, obtains dynamic detection result;
E. analysis module carries out data-flow analysis to the decompiling code and obtains the information attacked for realizing loophole;
F. loophole attacks module, carries out loophole attack to the terminal device by the construction attack parameter of intelligence, receives
The log for loophole attack of the terminal device feedback exports result;
It, will after network data is carried out data processing by real-time processing server and audit server simultaneously and respectively
Two kinds of result datas are introduced directly into database, and database passes through WEB server and the network interconnection, and simultaneously by data in database
It is recorded after being generated by logging modle.
Preferably, the extraction module further comprises decompiling processing unit and extraction unit, decompiling processing unit,
Suitable for carrying out decompiling processing to network data file, decompiling code is obtained, extraction unit is suitable for from the decompiling code
The middle static nature for extracting network data file.
Preferably, the information of the loophole attack includes needed for the potential point of attack of application program and attack application program
Parameter.
Preferably, the data recordin module is interconnected by WEB server and network, in real time upper transmitting/receiving data.
Preferably, the system operatio installs software by the end PC and carries out operation control.
(3) beneficial effect
The beneficial effects of the present invention are: by being acquired, identifying and replicating by network data, simultaneously by two parts of data
Carry out processing operation, security postures perception on the one hand carried out to web data, reach to station the surveying of end net safe condition, can
Know, can prevent controllably, farthest resisting potential network security threats, on the other hand network data can be realized simultaneously and pacified
Network operation log, operating system log, database important log, business are answered in full audit function, security audit realization
Carry out centralized collection with system running log, safety devices running log etc., automatically analyze, find in time various unlawful practices with
And the attack of virus and hacker, the two are saved operation time, are not interfere with each other in the synchronous progress of operational process.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of present system process.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the present invention provides a kind of technical solution: one kind can be realized security audit functional network security postures
Sensory perceptual system, it is characterised in that: be acquired by data of the data acquisition module to current network, pass through number after data acquisition
Identifying processing is carried out according to identification module, the network essential information data of standardization format is obtained, the data after identifying processing is led to
It crosses replication module and is made two parts, pass through two identical data respectively at real-time processing server and audit server
Reason;
The main flow of real-time processing server processing data has:
A. data select: determining operation object, that is, target object of discovery data task;
B. it pre-processes: elimination noise being carried out to data, derivation calculates missing value data, eliminates repetition record, completion data class
Type conversion;
C. it Data Mining: is summarized using Algorithm of Mining to data, classifies, clusters, associated rule discovery;
D. abnormality processing: capturing data Intranet network abnormal behaviour, analyze the potential risk of network, accurate capture disease
Poison, worm and illegal invasion;
The main flow of audit server processing data has:
A. the static nature of application data corresponding with processing task in data, the extraction extraction module: are extracted
Module further comprises decompiling processing unit and extraction unit, and decompiling processing unit is suitable for carrying out network data file
Decompiling processing obtains decompiling code, extraction unit, suitable for extracting the quiet of network data file from the decompiling code
State feature;
B. static scanning module: by by the static nature of described program data and pre-stored loophole static nature into
Row matching, obtains static detection result;
C. transfer module: the application data is passed into terminal device, so that described in the installing terminal equipment
The corresponding application program of application data;
D. dynamic scan module, by by behavioral characteristics caused by application program described in the terminal device actual motion
It is matched with pre-stored loophole behavioral characteristics, obtains dynamic detection result;
E. analysis module carries out data-flow analysis to the decompiling code and obtains the information attacked for realizing loophole;
F. loophole attacks module, carries out loophole attack to the terminal device by the construction attack parameter of intelligence, receives
The log output for loophole attack of the terminal device feedback is as a result, the information of loophole attack includes applying journey
Parameter needed for the potential point of attack of sequence and attack application program;
It, will after network data is carried out data processing by real-time processing server and audit server simultaneously and respectively
Two kinds of result datas are introduced directly into database, and database passes through WEB server and the network interconnection, and simultaneously by data in database
Recorded after being generated by logging modle, the data recordin module interconnected by WEB server and network, it is real-time on
Transmitting/receiving data.
The system operatio installs software by the end PC and carries out operation control.
Above-described specific embodiment has carried out further the purpose of the present invention, technical scheme and beneficial effects
It is described in detail, it should be understood that being not limited to this hair the foregoing is merely a specific embodiment of the invention
Bright, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in the present invention
Protection scope within.
Claims (5)
1. one kind can be realized security audit functional network Security Situation Awareness Systems, it is characterised in that: pass through data acquisition module
Block is acquired the data of current network, carries out identifying processing by data identification module after data acquisition, is standardized
Data after identifying processing are made two parts by replication module, make two identical numbers by the network essential information data of format
According to being handled respectively by real-time processing server and audit server;
The main flow of real-time processing server processing data has:
A. data select: determining operation object, that is, target object of discovery data task;
B. it pre-processes: elimination noise being carried out to data, derivation calculates missing value data, eliminate repetition record, completion data type turns
It changes;
C. it Data Mining: is summarized using Algorithm of Mining to data, classifies, clusters, associated rule discovery;
D. abnormality processing: capturing data Intranet network abnormal behaviour, analyze the potential risk of network, accurate capture virus,
Worm and illegal invasion;
The main flow of audit server processing data has:
A. extraction module: the static nature of application data corresponding with processing task in data is extracted;
B. a static scanning module: by carrying out the static nature of described program data and pre-stored loophole static nature
Match, obtains static detection result;
C. transfer module: the application data is passed into terminal device, so as to apply described in the installing terminal equipment
The corresponding application program of program data;
D. dynamic scan module, by by behavioral characteristics caused by application program described in the terminal device actual motion and in advance
The loophole behavioral characteristics first stored are matched, and dynamic detection result is obtained;
E. analysis module carries out data-flow analysis to the decompiling code and obtains the information attacked for realizing loophole;
F. loophole attacks module, loophole attack is carried out to the terminal device by the construction attack parameter of intelligence, described in reception
The log for loophole attack of terminal device feedback exports result;
After network data is carried out data processing by real-time processing server and audit server simultaneously and respectively, by two kinds
Result data is introduced directly into database, and database is simultaneously carried out data in database by WEB server and the network interconnection
It is recorded after generation by logging modle.
2. one kind according to claim 1 can be realized security audit functional network Security Situation Awareness Systems, feature
Be: the extraction module further comprises decompiling processing unit and extraction unit, and decompiling processing unit is suitable for network
Data file carries out decompiling processing, obtains decompiling code, extraction unit, suitable for extracting network from the decompiling code
The static nature of data file.
3. one kind according to claim 1 can be realized security audit functional network Security Situation Awareness Systems, feature
Be: the information of the loophole attack includes parameter needed for the potential point of attack of application program and attack application program.
4. one kind according to claim 1 can be realized security audit functional network Security Situation Awareness Systems, feature
Be: the data recordin module is interconnected by WEB server and network, in real time upper transmitting/receiving data.
5. one kind according to claim 1 can be realized security audit functional network Security Situation Awareness Systems, feature
Be: the system operatio installs software by the end PC and carries out operation control.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910614049.9A CN110460575A (en) | 2019-07-11 | 2019-07-11 | One kind can be realized security audit functional network Security Situation Awareness Systems |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910614049.9A CN110460575A (en) | 2019-07-11 | 2019-07-11 | One kind can be realized security audit functional network Security Situation Awareness Systems |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110460575A true CN110460575A (en) | 2019-11-15 |
Family
ID=68482409
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910614049.9A Pending CN110460575A (en) | 2019-07-11 | 2019-07-11 | One kind can be realized security audit functional network Security Situation Awareness Systems |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110460575A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111711604A (en) * | 2020-05-15 | 2020-09-25 | 中国人民解放军国防科技大学 | Wireless network interference attack scene identification method based on distance measurement |
CN113114675A (en) * | 2021-04-13 | 2021-07-13 | 珠海市鸿瑞信息技术股份有限公司 | Safety audit system and method based on industrial control |
CN114500015A (en) * | 2022-01-14 | 2022-05-13 | 北京网藤科技有限公司 | Situation awareness system based on industrial network and control method thereof |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020123985A1 (en) * | 2001-02-06 | 2002-09-05 | O'brien Christopher | Data mining system, method and apparatus for industrial applications |
CN104537308A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | System and method for providing application security auditing function |
CN105139295A (en) * | 2015-09-29 | 2015-12-09 | 广东电网有限责任公司电力科学研究院 | Data mining method of mass information of on-line monitoring on power equipment |
CN109840415A (en) * | 2018-12-29 | 2019-06-04 | 江苏博智软件科技股份有限公司 | A kind of industry control network Security Situation Awareness Systems |
-
2019
- 2019-07-11 CN CN201910614049.9A patent/CN110460575A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020123985A1 (en) * | 2001-02-06 | 2002-09-05 | O'brien Christopher | Data mining system, method and apparatus for industrial applications |
CN104537308A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | System and method for providing application security auditing function |
CN105139295A (en) * | 2015-09-29 | 2015-12-09 | 广东电网有限责任公司电力科学研究院 | Data mining method of mass information of on-line monitoring on power equipment |
CN109840415A (en) * | 2018-12-29 | 2019-06-04 | 江苏博智软件科技股份有限公司 | A kind of industry control network Security Situation Awareness Systems |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111711604A (en) * | 2020-05-15 | 2020-09-25 | 中国人民解放军国防科技大学 | Wireless network interference attack scene identification method based on distance measurement |
CN111711604B (en) * | 2020-05-15 | 2022-02-18 | 中国人民解放军国防科技大学 | Wireless network interference attack scene identification method based on distance measurement |
CN113114675A (en) * | 2021-04-13 | 2021-07-13 | 珠海市鸿瑞信息技术股份有限公司 | Safety audit system and method based on industrial control |
CN114500015A (en) * | 2022-01-14 | 2022-05-13 | 北京网藤科技有限公司 | Situation awareness system based on industrial network and control method thereof |
CN114500015B (en) * | 2022-01-14 | 2024-02-27 | 北京网藤科技有限公司 | Situation awareness system based on industrial network and control method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101350745B (en) | Intrude detection method and device | |
CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
CN109861995A (en) | A kind of safe big data intelligent analysis method of cyberspace, computer-readable medium | |
CN110460575A (en) | One kind can be realized security audit functional network Security Situation Awareness Systems | |
US10645100B1 (en) | Systems and methods for attacker temporal behavior fingerprinting and grouping with spectrum interpretation and deep learning | |
CN105933268A (en) | Webshell detection method and apparatus based on total access log analysis | |
CN103957203B (en) | A kind of network security protection system | |
CN101605074A (en) | The method and system of communication behavioural characteristic monitoring wooden horse Network Based | |
CN105391729A (en) | Web loophole automatic mining method based on fuzzy test | |
CN107785073A (en) | Medical examination result-sharing methods, devices and systems based on block chain | |
CN103428196A (en) | URL white list-based WEB application intrusion detecting method and apparatus | |
CN110474906A (en) | Master based on closed loop feedback passively combines cyberspace target depth digging technology | |
CN116668192B (en) | Network user behavior anomaly detection method and system | |
CN112560029A (en) | Website content monitoring and automatic response protection method based on intelligent analysis technology | |
CN110460576A (en) | A kind of multifunctional network Security Situation Awareness Systems | |
US10805326B1 (en) | Systems and methods for threat visualization with signature composure, spatial scale and temporal expansion | |
CN112039858A (en) | Block chain service security reinforcement system and method | |
He et al. | Anomaly detection sensors for a modbus-based oil and gas well-monitoring system | |
CN107644165A (en) | Security protection platform and safety protecting method and device | |
CN117675274A (en) | Data center system based on SOAR | |
Sheikhi et al. | Cyber threat hunting using unsupervised federated learning and adversary emulation | |
CN116405255A (en) | Network protection and defense system | |
CN105007278A (en) | Automatic real-time acquisition system and acquisition method for network safety log | |
CN108830640A (en) | Outdoor advertising publication and monitoring system and method | |
CN110516449A (en) | A kind of lightweight vulnerability detection method and readable storage medium storing program for executing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191115 |
|
RJ01 | Rejection of invention patent application after publication |