CN110460576A - A kind of multifunctional network Security Situation Awareness Systems - Google Patents
A kind of multifunctional network Security Situation Awareness Systems Download PDFInfo
- Publication number
- CN110460576A CN110460576A CN201910614050.1A CN201910614050A CN110460576A CN 110460576 A CN110460576 A CN 110460576A CN 201910614050 A CN201910614050 A CN 201910614050A CN 110460576 A CN110460576 A CN 110460576A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- network security
- security
- situation awareness
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses a kind of multifunctional network Security Situation Awareness Systems, it is related to technical field of network security, it is acquired by big data of the data acquisition module to current web page situation, it realizes to structuring, it is semi-structured, the Weigh sensor of non-structured mass data, positioning, tracking, access, transmission, signal conversion, monitoring, preliminary treatment and management, closely surround data acquisition, data fusion evaluation and prediction, it visualizes, Security Trend is judged and predicted to station end network safe state, pass through figure, analysis report, the forms such as Network Situation figure provide network safety situation, reach surveying to station end net safe condition, known to, it can prevent controllable, so as to farthest resist potential network security threats, and it tracks it and develops and develop, the development of forecasting risk trend, in network security attacks The potential security risk of industry control network is eliminated before being formed.
Description
Technical field
The present invention relates to technical field of network security, specially a kind of multifunctional network Security Situation Awareness Systems.
Background technique
The basic conception of network security situation awareness refers in large-scale network environment, to can cause network security shape
State and the security factor of Long-term change trend extract, convergence analysis, display and prediction development trend.
Network security situation awareness focus on to by network system as a whole, to its safe condition and future
The analysis of trend is held, and accurate sensing network situation on the whole is allowed users to, thus reliable accurately to feel to provide
Foundation will be preferably minimized limit due to networking security problem bring risk and loss.This theory be relative to IDS,
These conventional security isomery defence based on isolated single-point defence of Firewall, VDS.Do not have between them mutual mutual
Association cooperation, and network security is divided into safe isolated island one by one.As network security situation awareness, it has merged biography
The method of all kinds of attack detectings, positioning and tracking in network security theory of uniting etc., the safety that network is concentrated comprehensively
The analysis of management and intelligent comprehensive, the safety component of different field is permeated a seamless security system, to form one
The network security management system of a macroscopic view.
Since global network space safety situation is increasingly severe, China's overall information safe pressure increasingly increases, due to
The rapid development of network and computer technology and industrial control system lead to work using the application of standard agreement and Internet technology
Control the more and more security threats of network faces.Therefore, to industrial control network security risk and system equipment operating status
It is acquired the demand sent to be increasingly urgent to, real-time perception should be carried out to station end network risks using technological means, to being
Equipment running status of uniting carries out data acquisition, to find the potential risk of network security in time, reduces the operation of operation system
Failure rate resists the risk for the end system reliability decrease that causes to stand because of network security, more effectively to ensure industrial control system
Safe and stable operation.
Summary of the invention
(1) the technical issues of solving
In view of the deficiencies of the prior art, it the present invention provides a kind of multifunctional network Security Situation Awareness Systems, solves
The problem of proposed in above-mentioned background technique.
(2) technical solution
To achieve the above objectives, the technical solution adopted by the present invention is that: a kind of multifunctional network Security Situation Awareness Systems,
The big data of current web page situation is acquired by data acquisition module, mainly include data sensor system, network communication system,
Adaptation system and intelligent recognition system access system are sensed, crawls or acquires using the highly reliable data of distributed type high speed, high speed number
According to full image carry out webpage big data acquisition, both by web data carry out concentrate transmitting processing, and by all web datas into
Row adaptation comparison, then for statistical analysis to network essential information, removal repetition, error items are modified nonconformance, will be counted
Data and data dictionary after analysis are associated analysis, obtain the network essential information data of standardization format;
Enter data server after data collecting module collected data, data server is real by WEB server and network
It is now connected to, carries out excavation processing after data are uploaded network;
The main flow of data mining has:
A. data select: determining the operation object i.e. target object of discovery task;
B. pre-process: including eliminating noise, derivation calculates missing value data, elimination repeats record, completion data type conversion
Deng;
C. it converts: abatement data dimension or dimensionality reduction;
D. Data Mining: the task of exploitation is determined, such as Data Summary, classification, cluster, associated rule discovery or sequence pattern
It was found that etc., and determine and use Algorithm of Mining.
E. abnormality processing: capture Network anomalous behaviors analyze potential risk, accurate capture scene virus, worm and
Illegal invasion.
Abnormal conditions information is generated by data generation module after the completion of data processing, and entering data storage module will be different
Normal information is stored.
Preferably, the mould of the double nets of single machine list net, single machine, two-shipper list net, the double nets of two-shipper can be used in the systems connection mode
Formula, in use can be according to service condition and depending on requiring.
Preferably, the system operatio installs software by the end PC and carries out operation control.
Preferably, the data storage module is interconnected with network, in real time upper transmitting/receiving data.
(3) beneficial effect
The beneficial effects of the present invention are: the big data acquisition by data acquisition module to current web page situation is realized
The Weigh sensor of structuring, semi-structured, non-structured mass data, positioning, tracking, access, transmission, signal are turned
It changes, monitor, preliminary treatment and management, crawling or acquire using the highly reliable data of distributed type high speed, the full image of high-speed data carries out
The collection of webpage big data uploads network and carries out excavation processing after data acquisition, and it includes platform software, plant stand peace that system, which provides,
The station end network security solution of full monitoring device closely surrounds data acquisition, data fusion evaluation and prediction, visualization exhibition
Show, judges and predict Security Trend to station end network safe state, pass through the shapes such as figure, analysis report, Network Situation figure
Formula provides network safety situation, reach to station the surveying of end net safe condition, know, can prevent it is controllable, so as to utmostly
Potential network security threats are resisted on ground, and track the development of its differentiation and development, forecasting risk trend, in network security
The potential security risk of industry control network is eliminated in attack before being formed.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of present system process.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the present invention provides a kind of technical solution: a kind of multifunctional network Security Situation Awareness Systems pass through
Data acquisition module acquires the big data of current web page situation, mainly includes data sensor system, network communication system, sensing
Adaptation system and intelligent recognition system access system, crawl or acquire using the highly reliable data of distributed type high speed, high-speed data it is complete
Image carries out the acquisition of webpage big data, both carries out web data to concentrate transmitting processing, and all web datas are fitted
Then for statistical analysis to network essential information with comparison, removal repetition, error items are modified nonconformance, will be statisticallyd analyze
Data and data dictionary afterwards are associated analysis, obtain the network essential information data of standardization format;
Enter data server after data collecting module collected data, data server is real by WEB server and network
It is now connected to, carries out excavation processing after data are uploaded network;
The main flow of data mining has:
A. data select: determining the operation object i.e. target object of discovery task;
B. pre-process: including eliminating noise, derivation calculates missing value data, elimination repeats record, completion data type conversion
Deng;
C. it converts: abatement data dimension or dimensionality reduction;
D. Data Mining: the task of exploitation is determined, such as Data Summary, classification, cluster, associated rule discovery or sequence pattern
It was found that etc., and determine and use Algorithm of Mining.
E. abnormality processing: capture Network anomalous behaviors analyze potential risk, accurate capture scene virus, worm and
Illegal invasion.
Abnormal conditions information is generated by data generation module after the completion of data processing, and entering data storage module will be different
Normal information is stored.
And the mode of the double nets of single machine list net, single machine, two-shipper list net, the double nets of two-shipper can be used in systems connection mode, is using
In can according to service condition and require depending on.
System operatio installs software by the end PC and carries out operation control.
Data storage module is interconnected with network, in real time upper transmitting/receiving data.
The network security monitoring device has the skills such as network security risk perception, log comprehensive collection and audit analysis simultaneously
Art ability supports the real-time perception to station end network insertion, usb host access, supports to interchanger, firewall, host, secondary
Operating status, configuration and the warning information of security device and electric substation automation system etc. are acquired, all-in-service station end assets
Model, and interact using electric system standard traffic specification with main website platform data, so that realization is to end network security risk of standing
And the functions such as the data acquisition of equipment running status, data are analyzed, data interaction is synchronous with comprehensive display, clock.
Above-described specific embodiment has carried out further the purpose of the present invention, technical scheme and beneficial effects
It is described in detail, it should be understood that being not limited to this hair the foregoing is merely a specific embodiment of the invention
Bright, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in the present invention
Protection scope within.
Claims (4)
1. a kind of multifunctional network Security Situation Awareness Systems, it is characterised in that: by data acquisition module to current web page state
The big data of gesture acquires, and mainly includes that data sensor system, network communication system, sensing adaptation system and intelligent recognition system connect
Enter system, crawl or acquire using the highly reliable data of distributed type high speed, the acquisition of the full image progress webpage big data of high-speed data,
Both web data is carried out concentrating transmitting processing, and all web datas is subjected to adaptation comparison, then to network essential information
For statistical analysis, removal repetition, error items modify nonconformance, the data after statistical analysis are closed with data dictionary
Connection analysis, obtains the network essential information data of standardization format;
Enter data server after data collecting module collected data, data server is connected by WEB server and network implementations
It is logical, excavation processing is carried out after data are uploaded network;
The main flow of data mining has:
A. data select: determining the operation object i.e. target object of discovery task;
B. it pre-processes: repeating record, completion data type conversion etc. including eliminating noise, derivation calculating missing value data, eliminating;
C. it converts: abatement data dimension or dimensionality reduction;
D. Data Mining: the task of exploitation is determined, such as Data Summary, classification, cluster, associated rule discovery or sequential pattern discovery
Deng, and determine and use Algorithm of Mining.
E. abnormality processing: capture Network anomalous behaviors analyze potential risk, the virus of accurate capture scene institute, worm and illegally
Invasion.
Abnormal conditions information is generated by data generation module after the completion of data processing, and enters data storage module for abnormal letter
Breath is stored.
2. a kind of multifunctional network Security Situation Awareness Systems according to claim 1, it is characterised in that: the system connection
The modes of the double nets of the double net of single machine list net, single machine, two-shipper list net, two-shipper can be used in net mode, in use can be according to using feelings
Depending on condition and requirement.
3. a kind of multifunctional network Security Situation Awareness Systems according to claim 1, it is characterised in that: the system behaviour
Make to carry out operation control by the end PC installation software.
4. a kind of multifunctional network Security Situation Awareness Systems according to claim 1, it is characterised in that: the data storage
Storing module is interconnected with network, in real time upper transmitting/receiving data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910614050.1A CN110460576A (en) | 2019-07-11 | 2019-07-11 | A kind of multifunctional network Security Situation Awareness Systems |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910614050.1A CN110460576A (en) | 2019-07-11 | 2019-07-11 | A kind of multifunctional network Security Situation Awareness Systems |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110460576A true CN110460576A (en) | 2019-11-15 |
Family
ID=68482410
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910614050.1A Pending CN110460576A (en) | 2019-07-11 | 2019-07-11 | A kind of multifunctional network Security Situation Awareness Systems |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110460576A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110855506A (en) * | 2019-11-27 | 2020-02-28 | 国家电网有限公司信息通信分公司 | Safety situation monitoring method and system |
CN111193728A (en) * | 2019-12-23 | 2020-05-22 | 成都烽创科技有限公司 | Network security evaluation method, device, equipment and storage medium |
CN112866262A (en) * | 2021-01-25 | 2021-05-28 | 东方电气自动控制工程有限公司 | Power plant safety I area situation perception platform based on neural network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020129019A1 (en) * | 2001-02-06 | 2002-09-12 | O'brien Christopher | Data mining system, method and apparatus for industrial applications |
CN105139295A (en) * | 2015-09-29 | 2015-12-09 | 广东电网有限责任公司电力科学研究院 | Data mining method of mass information of on-line monitoring on power equipment |
CN108429766A (en) * | 2018-05-29 | 2018-08-21 | 广西电网有限责任公司 | Network safety situation analyzing and alarming system based on big data and WSN technology |
CN109840415A (en) * | 2018-12-29 | 2019-06-04 | 江苏博智软件科技股份有限公司 | A kind of industry control network Security Situation Awareness Systems |
CN109922038A (en) * | 2018-12-29 | 2019-06-21 | 中国电力科学研究院有限公司 | A kind of detection method and device of the abnormal data for electric power terminal |
-
2019
- 2019-07-11 CN CN201910614050.1A patent/CN110460576A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020129019A1 (en) * | 2001-02-06 | 2002-09-12 | O'brien Christopher | Data mining system, method and apparatus for industrial applications |
CN105139295A (en) * | 2015-09-29 | 2015-12-09 | 广东电网有限责任公司电力科学研究院 | Data mining method of mass information of on-line monitoring on power equipment |
CN108429766A (en) * | 2018-05-29 | 2018-08-21 | 广西电网有限责任公司 | Network safety situation analyzing and alarming system based on big data and WSN technology |
CN109840415A (en) * | 2018-12-29 | 2019-06-04 | 江苏博智软件科技股份有限公司 | A kind of industry control network Security Situation Awareness Systems |
CN109922038A (en) * | 2018-12-29 | 2019-06-21 | 中国电力科学研究院有限公司 | A kind of detection method and device of the abnormal data for electric power terminal |
Non-Patent Citations (1)
Title |
---|
HEII2: ""一篇文章看懂大数据的5大关键技术"", 《HTTP://WWW.360DOC.COM/CONTENT/17/0215/05/3175779_629079264.SHTML》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110855506A (en) * | 2019-11-27 | 2020-02-28 | 国家电网有限公司信息通信分公司 | Safety situation monitoring method and system |
CN111193728A (en) * | 2019-12-23 | 2020-05-22 | 成都烽创科技有限公司 | Network security evaluation method, device, equipment and storage medium |
CN111193728B (en) * | 2019-12-23 | 2022-04-01 | 成都烽创科技有限公司 | Network security evaluation method, device, equipment and storage medium |
CN112866262A (en) * | 2021-01-25 | 2021-05-28 | 东方电气自动控制工程有限公司 | Power plant safety I area situation perception platform based on neural network |
CN112866262B (en) * | 2021-01-25 | 2022-06-14 | 东方电气自动控制工程有限公司 | Power plant safety I area situation perception platform based on neural network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110460576A (en) | A kind of multifunctional network Security Situation Awareness Systems | |
CN106888205A (en) | A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis | |
CN102594620B (en) | Linkable distributed network intrusion detection method based on behavior description | |
CN104753946A (en) | Security analysis framework based on network traffic meta data | |
CN110490146A (en) | Artificial intelligence circumference safety protection method and server-side based on deep learning | |
CN105515180A (en) | Intelligent substation communication network dynamic monitoring system and monitoring method thereof | |
CN106656991A (en) | Network threat detection system and detection method | |
CN102123149A (en) | Service-oriented large-scale network security situational assessment device and method | |
CN105471882A (en) | Behavior characteristics-based network attack detection method and device | |
CN105262210A (en) | System and method for analysis and early warning of substation network security | |
CN112650183A (en) | Industrial Internet platform | |
CN105867347B (en) | Cross-space cascading fault detection method based on machine learning technology | |
CN110324323A (en) | A kind of new energy plant stand relates to net end real-time, interactive process exception detection method and system | |
CN105571638A (en) | Machinery device fault combination prediction system and method | |
CN105978745A (en) | Abnormal state monitoring method for industrial control system | |
CN110460575A (en) | One kind can be realized security audit functional network Security Situation Awareness Systems | |
Bao et al. | Research on information security situation awareness system based on big data and artificial intelligence technology | |
CN110166972B (en) | Intelligent sensing system with block chain module | |
CN102387346B (en) | Intelligent front end of manageable, findable and inspectable monitoring system | |
CN112543123B (en) | Safety protection and early warning system of industrial automatic control system | |
CN106682742A (en) | Real-time data acquisition and analysis method based on Internet of Things | |
CN104238521A (en) | Offshore wind plant remote management system | |
CN102521378A (en) | Real-time intrusion detection method based on data mining | |
CN105158610A (en) | Screening processing method of transformer state early warning data suspected value | |
CN103149918A (en) | Comprehensive information integration system of power station |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191115 |
|
RJ01 | Rejection of invention patent application after publication |