CN110460576A - A kind of multifunctional network Security Situation Awareness Systems - Google Patents

A kind of multifunctional network Security Situation Awareness Systems Download PDF

Info

Publication number
CN110460576A
CN110460576A CN201910614050.1A CN201910614050A CN110460576A CN 110460576 A CN110460576 A CN 110460576A CN 201910614050 A CN201910614050 A CN 201910614050A CN 110460576 A CN110460576 A CN 110460576A
Authority
CN
China
Prior art keywords
data
network
network security
security
situation awareness
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910614050.1A
Other languages
Chinese (zh)
Inventor
刘智勇
陈良汉
陈敏超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Hongrui Information Technology Co Ltd
Original Assignee
Zhuhai Hongrui Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Hongrui Information Technology Co Ltd filed Critical Zhuhai Hongrui Information Technology Co Ltd
Priority to CN201910614050.1A priority Critical patent/CN110460576A/en
Publication of CN110460576A publication Critical patent/CN110460576A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses a kind of multifunctional network Security Situation Awareness Systems, it is related to technical field of network security, it is acquired by big data of the data acquisition module to current web page situation, it realizes to structuring, it is semi-structured, the Weigh sensor of non-structured mass data, positioning, tracking, access, transmission, signal conversion, monitoring, preliminary treatment and management, closely surround data acquisition, data fusion evaluation and prediction, it visualizes, Security Trend is judged and predicted to station end network safe state, pass through figure, analysis report, the forms such as Network Situation figure provide network safety situation, reach surveying to station end net safe condition, known to, it can prevent controllable, so as to farthest resist potential network security threats, and it tracks it and develops and develop, the development of forecasting risk trend, in network security attacks The potential security risk of industry control network is eliminated before being formed.

Description

A kind of multifunctional network Security Situation Awareness Systems
Technical field
The present invention relates to technical field of network security, specially a kind of multifunctional network Security Situation Awareness Systems.
Background technique
The basic conception of network security situation awareness refers in large-scale network environment, to can cause network security shape State and the security factor of Long-term change trend extract, convergence analysis, display and prediction development trend.
Network security situation awareness focus on to by network system as a whole, to its safe condition and future The analysis of trend is held, and accurate sensing network situation on the whole is allowed users to, thus reliable accurately to feel to provide Foundation will be preferably minimized limit due to networking security problem bring risk and loss.This theory be relative to IDS, These conventional security isomery defence based on isolated single-point defence of Firewall, VDS.Do not have between them mutual mutual Association cooperation, and network security is divided into safe isolated island one by one.As network security situation awareness, it has merged biography The method of all kinds of attack detectings, positioning and tracking in network security theory of uniting etc., the safety that network is concentrated comprehensively The analysis of management and intelligent comprehensive, the safety component of different field is permeated a seamless security system, to form one The network security management system of a macroscopic view.
Since global network space safety situation is increasingly severe, China's overall information safe pressure increasingly increases, due to The rapid development of network and computer technology and industrial control system lead to work using the application of standard agreement and Internet technology Control the more and more security threats of network faces.Therefore, to industrial control network security risk and system equipment operating status It is acquired the demand sent to be increasingly urgent to, real-time perception should be carried out to station end network risks using technological means, to being Equipment running status of uniting carries out data acquisition, to find the potential risk of network security in time, reduces the operation of operation system Failure rate resists the risk for the end system reliability decrease that causes to stand because of network security, more effectively to ensure industrial control system Safe and stable operation.
Summary of the invention
(1) the technical issues of solving
In view of the deficiencies of the prior art, it the present invention provides a kind of multifunctional network Security Situation Awareness Systems, solves The problem of proposed in above-mentioned background technique.
(2) technical solution
To achieve the above objectives, the technical solution adopted by the present invention is that: a kind of multifunctional network Security Situation Awareness Systems, The big data of current web page situation is acquired by data acquisition module, mainly include data sensor system, network communication system, Adaptation system and intelligent recognition system access system are sensed, crawls or acquires using the highly reliable data of distributed type high speed, high speed number According to full image carry out webpage big data acquisition, both by web data carry out concentrate transmitting processing, and by all web datas into Row adaptation comparison, then for statistical analysis to network essential information, removal repetition, error items are modified nonconformance, will be counted Data and data dictionary after analysis are associated analysis, obtain the network essential information data of standardization format;
Enter data server after data collecting module collected data, data server is real by WEB server and network It is now connected to, carries out excavation processing after data are uploaded network;
The main flow of data mining has:
A. data select: determining the operation object i.e. target object of discovery task;
B. pre-process: including eliminating noise, derivation calculates missing value data, elimination repeats record, completion data type conversion Deng;
C. it converts: abatement data dimension or dimensionality reduction;
D. Data Mining: the task of exploitation is determined, such as Data Summary, classification, cluster, associated rule discovery or sequence pattern It was found that etc., and determine and use Algorithm of Mining.
E. abnormality processing: capture Network anomalous behaviors analyze potential risk, accurate capture scene virus, worm and Illegal invasion.
Abnormal conditions information is generated by data generation module after the completion of data processing, and entering data storage module will be different Normal information is stored.
Preferably, the mould of the double nets of single machine list net, single machine, two-shipper list net, the double nets of two-shipper can be used in the systems connection mode Formula, in use can be according to service condition and depending on requiring.
Preferably, the system operatio installs software by the end PC and carries out operation control.
Preferably, the data storage module is interconnected with network, in real time upper transmitting/receiving data.
(3) beneficial effect
The beneficial effects of the present invention are: the big data acquisition by data acquisition module to current web page situation is realized The Weigh sensor of structuring, semi-structured, non-structured mass data, positioning, tracking, access, transmission, signal are turned It changes, monitor, preliminary treatment and management, crawling or acquire using the highly reliable data of distributed type high speed, the full image of high-speed data carries out The collection of webpage big data uploads network and carries out excavation processing after data acquisition, and it includes platform software, plant stand peace that system, which provides, The station end network security solution of full monitoring device closely surrounds data acquisition, data fusion evaluation and prediction, visualization exhibition Show, judges and predict Security Trend to station end network safe state, pass through the shapes such as figure, analysis report, Network Situation figure Formula provides network safety situation, reach to station the surveying of end net safe condition, know, can prevent it is controllable, so as to utmostly Potential network security threats are resisted on ground, and track the development of its differentiation and development, forecasting risk trend, in network security The potential security risk of industry control network is eliminated in attack before being formed.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of present system process.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the present invention provides a kind of technical solution: a kind of multifunctional network Security Situation Awareness Systems pass through Data acquisition module acquires the big data of current web page situation, mainly includes data sensor system, network communication system, sensing Adaptation system and intelligent recognition system access system, crawl or acquire using the highly reliable data of distributed type high speed, high-speed data it is complete Image carries out the acquisition of webpage big data, both carries out web data to concentrate transmitting processing, and all web datas are fitted Then for statistical analysis to network essential information with comparison, removal repetition, error items are modified nonconformance, will be statisticallyd analyze Data and data dictionary afterwards are associated analysis, obtain the network essential information data of standardization format;
Enter data server after data collecting module collected data, data server is real by WEB server and network It is now connected to, carries out excavation processing after data are uploaded network;
The main flow of data mining has:
A. data select: determining the operation object i.e. target object of discovery task;
B. pre-process: including eliminating noise, derivation calculates missing value data, elimination repeats record, completion data type conversion Deng;
C. it converts: abatement data dimension or dimensionality reduction;
D. Data Mining: the task of exploitation is determined, such as Data Summary, classification, cluster, associated rule discovery or sequence pattern It was found that etc., and determine and use Algorithm of Mining.
E. abnormality processing: capture Network anomalous behaviors analyze potential risk, accurate capture scene virus, worm and Illegal invasion.
Abnormal conditions information is generated by data generation module after the completion of data processing, and entering data storage module will be different Normal information is stored.
And the mode of the double nets of single machine list net, single machine, two-shipper list net, the double nets of two-shipper can be used in systems connection mode, is using In can according to service condition and require depending on.
System operatio installs software by the end PC and carries out operation control.
Data storage module is interconnected with network, in real time upper transmitting/receiving data.
The network security monitoring device has the skills such as network security risk perception, log comprehensive collection and audit analysis simultaneously Art ability supports the real-time perception to station end network insertion, usb host access, supports to interchanger, firewall, host, secondary Operating status, configuration and the warning information of security device and electric substation automation system etc. are acquired, all-in-service station end assets Model, and interact using electric system standard traffic specification with main website platform data, so that realization is to end network security risk of standing And the functions such as the data acquisition of equipment running status, data are analyzed, data interaction is synchronous with comprehensive display, clock.
Above-described specific embodiment has carried out further the purpose of the present invention, technical scheme and beneficial effects It is described in detail, it should be understood that being not limited to this hair the foregoing is merely a specific embodiment of the invention Bright, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in the present invention Protection scope within.

Claims (4)

1. a kind of multifunctional network Security Situation Awareness Systems, it is characterised in that: by data acquisition module to current web page state The big data of gesture acquires, and mainly includes that data sensor system, network communication system, sensing adaptation system and intelligent recognition system connect Enter system, crawl or acquire using the highly reliable data of distributed type high speed, the acquisition of the full image progress webpage big data of high-speed data, Both web data is carried out concentrating transmitting processing, and all web datas is subjected to adaptation comparison, then to network essential information For statistical analysis, removal repetition, error items modify nonconformance, the data after statistical analysis are closed with data dictionary Connection analysis, obtains the network essential information data of standardization format;
Enter data server after data collecting module collected data, data server is connected by WEB server and network implementations It is logical, excavation processing is carried out after data are uploaded network;
The main flow of data mining has:
A. data select: determining the operation object i.e. target object of discovery task;
B. it pre-processes: repeating record, completion data type conversion etc. including eliminating noise, derivation calculating missing value data, eliminating;
C. it converts: abatement data dimension or dimensionality reduction;
D. Data Mining: the task of exploitation is determined, such as Data Summary, classification, cluster, associated rule discovery or sequential pattern discovery Deng, and determine and use Algorithm of Mining.
E. abnormality processing: capture Network anomalous behaviors analyze potential risk, the virus of accurate capture scene institute, worm and illegally Invasion.
Abnormal conditions information is generated by data generation module after the completion of data processing, and enters data storage module for abnormal letter Breath is stored.
2. a kind of multifunctional network Security Situation Awareness Systems according to claim 1, it is characterised in that: the system connection The modes of the double nets of the double net of single machine list net, single machine, two-shipper list net, two-shipper can be used in net mode, in use can be according to using feelings Depending on condition and requirement.
3. a kind of multifunctional network Security Situation Awareness Systems according to claim 1, it is characterised in that: the system behaviour Make to carry out operation control by the end PC installation software.
4. a kind of multifunctional network Security Situation Awareness Systems according to claim 1, it is characterised in that: the data storage Storing module is interconnected with network, in real time upper transmitting/receiving data.
CN201910614050.1A 2019-07-11 2019-07-11 A kind of multifunctional network Security Situation Awareness Systems Pending CN110460576A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910614050.1A CN110460576A (en) 2019-07-11 2019-07-11 A kind of multifunctional network Security Situation Awareness Systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910614050.1A CN110460576A (en) 2019-07-11 2019-07-11 A kind of multifunctional network Security Situation Awareness Systems

Publications (1)

Publication Number Publication Date
CN110460576A true CN110460576A (en) 2019-11-15

Family

ID=68482410

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910614050.1A Pending CN110460576A (en) 2019-07-11 2019-07-11 A kind of multifunctional network Security Situation Awareness Systems

Country Status (1)

Country Link
CN (1) CN110460576A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110855506A (en) * 2019-11-27 2020-02-28 国家电网有限公司信息通信分公司 Safety situation monitoring method and system
CN111193728A (en) * 2019-12-23 2020-05-22 成都烽创科技有限公司 Network security evaluation method, device, equipment and storage medium
CN112866262A (en) * 2021-01-25 2021-05-28 东方电气自动控制工程有限公司 Power plant safety I area situation perception platform based on neural network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129019A1 (en) * 2001-02-06 2002-09-12 O'brien Christopher Data mining system, method and apparatus for industrial applications
CN105139295A (en) * 2015-09-29 2015-12-09 广东电网有限责任公司电力科学研究院 Data mining method of mass information of on-line monitoring on power equipment
CN108429766A (en) * 2018-05-29 2018-08-21 广西电网有限责任公司 Network safety situation analyzing and alarming system based on big data and WSN technology
CN109840415A (en) * 2018-12-29 2019-06-04 江苏博智软件科技股份有限公司 A kind of industry control network Security Situation Awareness Systems
CN109922038A (en) * 2018-12-29 2019-06-21 中国电力科学研究院有限公司 A kind of detection method and device of the abnormal data for electric power terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129019A1 (en) * 2001-02-06 2002-09-12 O'brien Christopher Data mining system, method and apparatus for industrial applications
CN105139295A (en) * 2015-09-29 2015-12-09 广东电网有限责任公司电力科学研究院 Data mining method of mass information of on-line monitoring on power equipment
CN108429766A (en) * 2018-05-29 2018-08-21 广西电网有限责任公司 Network safety situation analyzing and alarming system based on big data and WSN technology
CN109840415A (en) * 2018-12-29 2019-06-04 江苏博智软件科技股份有限公司 A kind of industry control network Security Situation Awareness Systems
CN109922038A (en) * 2018-12-29 2019-06-21 中国电力科学研究院有限公司 A kind of detection method and device of the abnormal data for electric power terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HEII2: ""一篇文章看懂大数据的5大关键技术"", 《HTTP://WWW.360DOC.COM/CONTENT/17/0215/05/3175779_629079264.SHTML》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110855506A (en) * 2019-11-27 2020-02-28 国家电网有限公司信息通信分公司 Safety situation monitoring method and system
CN111193728A (en) * 2019-12-23 2020-05-22 成都烽创科技有限公司 Network security evaluation method, device, equipment and storage medium
CN111193728B (en) * 2019-12-23 2022-04-01 成都烽创科技有限公司 Network security evaluation method, device, equipment and storage medium
CN112866262A (en) * 2021-01-25 2021-05-28 东方电气自动控制工程有限公司 Power plant safety I area situation perception platform based on neural network
CN112866262B (en) * 2021-01-25 2022-06-14 东方电气自动控制工程有限公司 Power plant safety I area situation perception platform based on neural network

Similar Documents

Publication Publication Date Title
CN110460576A (en) A kind of multifunctional network Security Situation Awareness Systems
CN106888205A (en) A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis
CN102594620B (en) Linkable distributed network intrusion detection method based on behavior description
CN104753946A (en) Security analysis framework based on network traffic meta data
CN110490146A (en) Artificial intelligence circumference safety protection method and server-side based on deep learning
CN105515180A (en) Intelligent substation communication network dynamic monitoring system and monitoring method thereof
CN106656991A (en) Network threat detection system and detection method
CN102123149A (en) Service-oriented large-scale network security situational assessment device and method
CN105471882A (en) Behavior characteristics-based network attack detection method and device
CN105262210A (en) System and method for analysis and early warning of substation network security
CN112650183A (en) Industrial Internet platform
CN105867347B (en) Cross-space cascading fault detection method based on machine learning technology
CN110324323A (en) A kind of new energy plant stand relates to net end real-time, interactive process exception detection method and system
CN105571638A (en) Machinery device fault combination prediction system and method
CN105978745A (en) Abnormal state monitoring method for industrial control system
CN110460575A (en) One kind can be realized security audit functional network Security Situation Awareness Systems
Bao et al. Research on information security situation awareness system based on big data and artificial intelligence technology
CN110166972B (en) Intelligent sensing system with block chain module
CN102387346B (en) Intelligent front end of manageable, findable and inspectable monitoring system
CN112543123B (en) Safety protection and early warning system of industrial automatic control system
CN106682742A (en) Real-time data acquisition and analysis method based on Internet of Things
CN104238521A (en) Offshore wind plant remote management system
CN102521378A (en) Real-time intrusion detection method based on data mining
CN105158610A (en) Screening processing method of transformer state early warning data suspected value
CN103149918A (en) Comprehensive information integration system of power station

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191115

RJ01 Rejection of invention patent application after publication