CN110572364A - Method for realizing threat alarm in virtual environment - Google Patents
Method for realizing threat alarm in virtual environment Download PDFInfo
- Publication number
- CN110572364A CN110572364A CN201910722481.XA CN201910722481A CN110572364A CN 110572364 A CN110572364 A CN 110572364A CN 201910722481 A CN201910722481 A CN 201910722481A CN 110572364 A CN110572364 A CN 110572364A
- Authority
- CN
- China
- Prior art keywords
- threat
- information
- alarm
- log
- matching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000001514 detection method Methods 0.000 claims abstract description 44
- 238000003745 diagnosis Methods 0.000 claims description 7
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 4
- 230000006978 adaptation Effects 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 abstract description 16
- 230000006870 function Effects 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000003892 spreading Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000015654 memory Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for realizing threat alarm in a virtualization environment, which comprises the steps of regularly detecting a detection folder designated in a threat information platform through a task scheduling framework; collecting the logs of the network virtual resources and the file virtual resources in the specified detection folder and reporting the logs according to a uniform format; and matching the types of the threat information in the log, and generating threat alarm information for alarming. The invention realizes automatic threat detection, threat analysis, warning prompt and threat notification in the whole network, and improves the threat detection efficiency.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method for realizing threat warning in a virtualized environment.
Background
in a computer, Virtualization (english: Virtualization) is a resource management technology, and various physical resources of the computer, such as servers, networks, memories, storages, and the like, are abstracted and converted to present the resources, so that the barrier that the physical structures cannot be cut is broken, and a user can apply the resources in a better way than the original configuration. The new virtual portion of these resources is not limited by the installation, region or physical configuration of the existing resources. The term virtualized resources generally refers to computing power and data storage. In an actual production environment, the virtualization technology is mainly used for solving the problems of surplus capacity of high-performance physical hardware and low capacity of old hardware for recombination and reuse, and transparentizing bottom-layer physical hardware, so that the physical hardware is utilized to the maximum extent.
With the rapid development of virtualization technologies, virtualization applications are also very popular. There are also increasing threat attacks faced by virtualized environments. In general, many virtualized resources are available in a data center-scale environment, and it takes time to detect threats for all virtualized resources and perform corresponding alarm protection.
In addition, although the existing technologies for detecting and analyzing threat information are more related, the characteristic values are analyzed and then database data is analyzed. The system does not have a timing automatic detection function, the adopted threat information platform cannot be automatically adapted to the threat types rapidly, the whole network notification function cannot be provided, and the whole network linkage notification protection cannot be carried out on the threats.
disclosure of Invention
In view of the above problems, an object of the present invention is to provide a method for implementing threat alarm in a virtualized environment, which implements automatic threat detection, threat analysis, threat alarm prompt, threat notification over the whole network, and improves threat detection efficiency.
in order to achieve the purpose, the invention is realized by the following technical scheme: a method for implementing threat warning in a virtualized environment comprises the following steps:
Collecting logs in a network and an appointed folder regularly through a task scheduling framework, and reporting the logs to a threat information platform according to a uniform format;
acquiring a characteristic value in a reported log, and matching the characteristic value in the log with threat information of a threat information platform;
And if the matching is successful, generating alarm information for alarming.
further, the periodically detecting the designated folder through the task scheduling framework includes:
Presetting detection time according to user requirements;
Sending the detection command to a non-proxy acquisition program at regular time;
And after receiving the detection command, the agent-free acquisition program acquires the logs in the specified network and the specified folder and reports the logs to the threat information platform according to the unified format.
further, the periodically detecting the designated folder through the task scheduling framework includes:
And the user respectively sets a detection time interval, a detection type and an appointed detection folder through the virtualized resource list.
further, acquiring a characteristic value in a reported log, and matching the characteristic value in the log with threat information of a threat information platform, the method includes:
Obtaining a characteristic value in a reported log, and calculating the threat type of the keyword through a regular expression automatic adaptation algorithm;
After the threat type is determined, the driver of the ES is accessed to carry out quick matching.
Further, the collecting the log in the specified folder is collecting the log of all subfiles of the specified folder, and the characteristic value of the file is the SHA1 value of the file.
Further, the threat types include: a file Hash class, an IP class, and a port class.
Further, if the matching is successful, generating alarm information for alarming includes:
And if the threat information is matched by accessing the drive program of the ES, pushing the alarm through an RESTFul interface in a JSON format.
Further, if the matching is successful, generating alarm information for alarming includes:
The threat alarm information generation is used for alarming and adopts a threat report alarm notification service, the threat information alarm notification service adopts a Spring Cloud architecture, unprocessed threat alarms are displayed to users, and the display content is virtual resources of the threat alarms, virtual resource IP of the threat alarms, threat alarm types, threat detailed information and threat occurrence time; and provides single notification and whole network notification for users.
Further, the log format is a JSON string, and the JSON string includes a unique virtualized resource identifier UUID, a name of the virtualized resource, information of diagnosis, and time when the diagnosis is requested.
compared with the prior art, the invention has the following beneficial effects: the invention provides a method for realizing threat alarm in a virtualization environment, which is based on a threat information platform, can finish threat detection analysis of virtualization resources and inform a user in an alarm mode by configuring a timing detection strategy, has a timing automatic detection function and reduces the complexity of user operation. Threats can be efficiently identified by using an efficiently searchable database to enable fast automatic matching of threat types. The system has an alarm notification function, can warn users of timely protection threats, has a full-network virtualized resource notification function, and can realize full-network linkage control of threat spreading.
therefore, compared with the prior art, the invention has prominent substantive features and remarkable progress, and the beneficial effects of the implementation are also obvious.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a method according to a first embodiment of the present invention.
Fig. 2 is a data flow diagram of a threat detection analysis alarm platform according to a second embodiment of the present invention.
fig. 3 is a schematic page design diagram of the threat timing detection service according to the second embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made with reference to the accompanying drawings.
The first embodiment is as follows:
fig. 1 shows a method for implementing a threat alert in a virtualized environment, which includes the following steps:
Step 101: and regularly acquiring logs in a network and an appointed folder through a task scheduling framework, and reporting the logs to a threat information platform according to a uniform format.
Firstly, a threat intelligence platform for threat inquiry is established, and whether a detection object provides a basis for threat intelligence is micro-screened. The threat intelligence platform adopts the ElasticSearch function of the NoSQL database and is used for inquiring and analyzing malicious IP, malicious ports and malicious files. The threat intelligence platform is characterized by huge data volume and requirement on quick matching during query. The platform receives and records some threat information shared by the current large network stations, and simultaneously receives and records some threat information acquired through threat exchange.
And then, regularly acquiring logs in a network and an appointed folder through a task scheduling framework, and reporting the logs to a threat information platform according to a uniform format.
The method specifically comprises the following steps: and (3) presetting detection time according to user requirements, regularly sending a detection command to the agent-free acquisition program, and acquiring after the agent-free acquisition program receives the detection command. A Spring Boot framework is adopted, and the timed task adopts a Spring task scheduling framework; a user sets the detection time interval and the detection type of each virtualized resource through the virtualized resource list, and a detection folder can be designated when a file is detected.
Aiming at the safety of a virtualization environment, logs of virtual resources are collected mainly from two aspects of networks (IP, ports) and files and reported according to a uniform format, wherein the files are all subfiles of a designated folder, and the characteristic values are SHA1 values of the files. The log format is a JSON character string which comprises a unique identifier UUID of a virtualized resource, the name of the virtualized resource, information of diagnosis and the time of the request for diagnosis.
Step 102: and acquiring a characteristic value in the reported log, and matching the characteristic value in the log with threat information of a threat information platform.
Matching the type of threat information in the log by using threat information analysis service, acquiring keywords from the received collection log by using the threat information analysis service, and calculating the threat type of the keywords by using a regular expression automatic adaptation algorithm; and after the threat type is determined, the driver of the ES is accessed to carry out quick matching. The threat types include: a file Hash class, an IP class, and a port class.
step 103: and if the matching is successful, generating alarm information for alarming.
specifically, if threat information is matched by accessing a driver of the ES, an alarm is pushed through a RESTFul style interface in a JSON format.
And generating threat alarm information for alarming, wherein the threat report alarm notification service is adopted, and the threat alarm information generated by matching is displayed to a user in an alarm form. The threat information alarm notification service adopts a Spring Cloud architecture, displays unprocessed threat alarms to users, and displays the contents of virtual resources of the threat alarms, virtual resource IP of the threat alarms, the type of the threat alarms, the detailed information of the threats and the occurrence time of the threats; and provides single notification and whole network notification for users.
The embodiment provides a method for realizing threat alarm in a virtualization environment, which comprises the steps of starting and detecting files in a designated folder in a threat information platform at regular time, uploading a log to a threat information analysis service after detection is finished, and matching a file hash value in the log with threat information of the threat information platform by the threat information analysis service. If the matching is successful, the file in the log is proved to be threat information, the threat information analysis service pushes the warning information to a threat information warning notification service, and the service prompts the user in a warning form.
The embodiment is based on a threat information platform, can finish threat detection analysis of virtualized resources and inform a user in an alarm mode by configuring a strategy of timing detection, has a function of timing automatic detection, and reduces the complexity of user operation. Threats can be efficiently identified by using an efficiently searchable database to enable fast automatic matching of threat types. The system has an alarm notification function, can warn users of timely protection threats, has a full-network virtualized resource notification function, and can realize full-network linkage control of threat spreading.
Example two:
The embodiment provides a method for implementing threat warning in a virtualized environment, which specifically includes:
1. A front platform: establishment of threat information platform
The threat intelligence platform is characterized by huge data volume and requirement on quick matching during query. And adopting a NoSQL database ElasticSearch with a rapid query analysis function. The design data structure is as follows:
Malicious IP
Index:vicious_object;Type:ip
Key words: only the key is set in the ES to support the exact query.
index: may be stored in multiple slices, each slice being a separate Lucene Index. Abstractly, it can be understood as the DataBase in a relational DataBase, but Index is very different from DataBase because ES itself belongs to a distributed DataBase.
Type: using type allows us to store multiple types of data in one index, which reduces the number of indices.
Malicious port
Index:vicious_object;Type:port
malicious file
Index:vicious_object;Type:file
2. Setting a format of a collection log
The log format is JSON character string, the log is uploaded according to the specified format when being uploaded, and the network or the network does not need to be distinguished
A file. The threat analysis service may detail the diagnosis of the threat.
{
"vmUUID": virtualized resource unique identifier UUID
Virtualized resource name
"matchInfo" diagnostic information, which may be IP, Port, File hash value
"time": time at which the requested diagnosis occurred
}
3. Establishing threat detection analysis alarm platform
The platform has the main functions of timing detection, threat analysis and alarm notification. The platform adopts a Spring Cloud micro-service architecture and can deal with threat analysis alarm processing of large-scale virtualized resources at a data center level. A specific dataflow diagram is shown in fig. 2.
4. Setting up a timed threat detection service
the function is independent micro-service, a Spring Boot framework is adopted, and a Spring task scheduling framework is used for the timing task. The user can set the detection time interval (10 minutes, 20 minutes, 30 minutes, 1-24 hours), the detection type (network, port, file) and the detection folder when detecting the file of each virtualized resource through the virtualized resource list. The page design is shown in FIG. 3.
And the command of the timing detection is issued to the light proxy through the JSON format. The format is as follows
{
"vmUUID": virtual resource unique identifier
detecting type network IP, port, file
Check period
}
5. Set threat capture analysis service
the part is independent micro-service and adopts a Spring Cloud architecture, and the specific framework is Spring Boot.
Threat analytics access threat intelligence platform Using Oracle Access driver to ES
org.elasticsearch.client.transport.TransportClient。
When the collection log uploads the diagnostic information, the service first matches the threat information to a type. The matching type algorithm is a regular expression matching method.
a. when the threat information matches the regular expression as
When the threat information belongs to a file Hash class, inquiring Index through a TransportClient if {8} | [0-9a-fA-F ] {16} | [0-9a-fA-F ] {32} | [0-9a-fA-F ] {64} | [0-9a-fA-F ] {40} | [0-9a-fA-F ] {128} | [0-9a-fA-F ] {256} $ ]: vicious _ object; type: the file database, the matching fields MD5, SHA1, SHA256, and CRC32 may use ES to query a multi-column matchable method, querybuilders.
b. when the threat information matches the regular expression as
When (\\ \ d {1,2} |1\ d |2[0-4] \\ \ d {1,2} |1\ d |25[0-5]) \\ \ d |2[0-4] \ \ d |25[0-5]) \ \ is \ \ d {1,2} |1\ d |2[0-4] \ \ d |25[0-5]) \\ \ the \ \ d {1,2} |1\ d |2[0-4] \ \ d |25[0-5]), the threat information belongs to the IP class by the TranddClient query: vicious _ object; type: IP database, matching field IP, and using ES exact matching method query constructs match query 1 to realize exact query.
c. When the threat information matches the regular expression as
When the threat information belongs to the port class ([0-9] | [1-9] \ \ d {1,3} | [1-5] \ \ d {4} |6[0-4] \ \ d {4} |65[0-4] \ \ d {2} |655[0-2] \ \ d |6553[0-5]), inquiring Index through Transportclient: vicious _ object; type: the database of the PORT, the matching field PORT, can utilize ES accurate matching method QueryBuilders. matchQuery (matching source, matching column 1) to realize accurate query.
And after threat information is matched, pushing the threat information to a threat alarm notification service through an RESTFul-style interface in a JSON format.
6. Setting threat alert notification services
The part is independent micro-service and adopts a Spring Cloud architecture, and the specific framework is Spring Boot.
And displaying the unprocessed threat alarm to a user, wherein the display content is the virtual resource of the threat alarm, the virtual resource IP of the threat alarm, the type of the threat alarm, the detailed information of the threat and the occurrence time of the threat. The user can select a single notification mode and a whole network notification mode.
And when the user selects a single notification, only the threat notification is sent to the virtual resource.
And when the user selects the whole network notification, the threat is issued to the virtual resources of the whole network.
The information issued by the issued notification in the JSON format comprises
{
"ThreatType": type of threat
"ThreatContent": threat content
}
in addition, the notified threat alerts may no longer be presented to the user, and the notified alerts may be filtered out by building a notified threat alert table.
The data structure is:
The embodiment provides a method for realizing threat alarm in a virtualized environment, which can automatically detect threats, analyze the threats, perform alarm prompt and notify the threats in the whole network, and improve the efficiency of threat detection. The embodiment provides a whole set of solutions for detecting and analyzing the alarm notification for the threat of the virtualized environment. Compare present threat detection, this embodiment possesses regularly automated inspection function, and no agent device only needs upload the log according to appointed format, and the threat type can be adapted to fast automatic to the platform, provides the whole network notification function in addition, but to threat whole network linkage notice protection.
The invention is further described with reference to the accompanying drawings and specific embodiments. It should be understood that these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Further, it should be understood that various changes or modifications of the present invention may be made by those skilled in the art after reading the teaching of the present invention, and these equivalents also fall within the scope of the present application.
Claims (9)
1. A method for implementing threat warning in a virtualized environment is characterized by comprising the following steps:
collecting logs in a network and an appointed folder regularly through a task scheduling framework, and reporting the logs to a threat information platform according to a uniform format;
Acquiring a characteristic value in a reported log, and matching the characteristic value in the log with threat information of a threat information platform;
And if the matching is successful, generating alarm information for alarming.
2. The method for implementing threat alert in a virtualized environment according to claim 1, wherein the periodically detecting designated folders through a task scheduling framework comprises:
Presetting detection time according to user requirements;
Sending the detection command to a non-proxy acquisition program at regular time;
And after receiving the detection command, the agent-free acquisition program acquires the logs in the specified network and the specified folder and reports the logs to the threat information platform according to the unified format.
3. The method for implementing threat alert in a virtualized environment according to claim 1 or 4, wherein the periodically detecting the designated folder through the task scheduling framework comprises:
and the user respectively sets a detection time interval, a detection type and an appointed detection folder through the virtualized resource list.
4. The method of claim 1, wherein the obtaining of the eigenvalue in the reported log and the matching of the eigenvalue in the log with the threat information of the threat information platform comprise:
Obtaining a characteristic value in a reported log, and calculating the threat type of the keyword through a regular expression automatic adaptation algorithm;
After the threat type is determined, the driver of the ES is accessed to carry out quick matching.
5. The method for implementing threat alert in a virtualized environment according to claim 1, wherein the collecting the log in the designated folder is collecting a log of all subfiles of the designated folder, and the characteristic value of the file is the SHA1 value of the file.
6. the method of claim 1, wherein the threat types include: a file Hash class, an IP class, and a port class.
7. the method of claim 1, wherein generating an alarm message for alarming if the matching is successful comprises:
And if the threat information is matched by accessing the drive program of the ES, pushing the alarm through an RESTFul interface in a JSON format.
8. The method of claim 1, wherein generating an alarm message for alarming if the matching is successful comprises:
The threat alarm information generation is used for alarming and adopts a threat report alarm notification service, the threat information alarm notification service adopts a Spring Cloud architecture, unprocessed threat alarms are displayed to users, and the display content is virtual resources of the threat alarms, virtual resource IP of the threat alarms, threat alarm types, threat detailed information and threat occurrence time; and provides single notification and whole network notification for users.
9. The method of claim 1,
the log format is a JSON character string, and the JSON character string comprises a unique identifier UUID of a virtualized resource, a name of the virtualized resource, diagnostic information and time of occurrence of a request diagnosis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910722481.XA CN110572364A (en) | 2019-08-06 | 2019-08-06 | Method for realizing threat alarm in virtual environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910722481.XA CN110572364A (en) | 2019-08-06 | 2019-08-06 | Method for realizing threat alarm in virtual environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110572364A true CN110572364A (en) | 2019-12-13 |
Family
ID=68774665
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910722481.XA Pending CN110572364A (en) | 2019-08-06 | 2019-08-06 | Method for realizing threat alarm in virtual environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110572364A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111935074A (en) * | 2020-06-22 | 2020-11-13 | 国网电力科学研究院有限公司 | Integrated network security detection method and device |
| CN113259176A (en) * | 2021-06-11 | 2021-08-13 | 长扬科技(北京)有限公司 | Alarm event analysis method and device |
| CN113691524A (en) * | 2021-08-23 | 2021-11-23 | 杭州安恒信息技术股份有限公司 | Alarm information processing method, system, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104038466A (en) * | 2013-03-05 | 2014-09-10 | 中国银联股份有限公司 | Intrusion detection system, method and device for cloud calculating environment |
| CN104330109A (en) * | 2014-10-20 | 2015-02-04 | 天津大学 | Method of automatically detecting multiple parameters of architectural physical environment |
| CN105656886A (en) * | 2015-12-29 | 2016-06-08 | 北京邮电大学 | Method and device for detecting website attack behaviors based on machine learning |
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN107516039A (en) * | 2016-06-17 | 2017-12-26 | 咪咕音乐有限公司 | The safety protecting method and device of virtualization system |
| CN107872454A (en) * | 2017-11-04 | 2018-04-03 | 公安部第三研究所 | A kind of monitoring of ultra-large type internet platform protection based on security rank threat information and analysis system and method based on big data technology |
| CN108446111A (en) * | 2018-03-26 | 2018-08-24 | 国家电网公司客户服务中心 | A kind of micro services construction method based on Spring cloud |
| CN109218286A (en) * | 2018-07-27 | 2019-01-15 | 亚信科技(成都)有限公司 | It realizes under virtualized environment without the method and device for acting on behalf of EDR |
-
2019
- 2019-08-06 CN CN201910722481.XA patent/CN110572364A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104038466A (en) * | 2013-03-05 | 2014-09-10 | 中国银联股份有限公司 | Intrusion detection system, method and device for cloud calculating environment |
| CN104330109A (en) * | 2014-10-20 | 2015-02-04 | 天津大学 | Method of automatically detecting multiple parameters of architectural physical environment |
| CN105656886A (en) * | 2015-12-29 | 2016-06-08 | 北京邮电大学 | Method and device for detecting website attack behaviors based on machine learning |
| CN107516039A (en) * | 2016-06-17 | 2017-12-26 | 咪咕音乐有限公司 | The safety protecting method and device of virtualization system |
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN107872454A (en) * | 2017-11-04 | 2018-04-03 | 公安部第三研究所 | A kind of monitoring of ultra-large type internet platform protection based on security rank threat information and analysis system and method based on big data technology |
| CN108446111A (en) * | 2018-03-26 | 2018-08-24 | 国家电网公司客户服务中心 | A kind of micro services construction method based on Spring cloud |
| CN109218286A (en) * | 2018-07-27 | 2019-01-15 | 亚信科技(成都)有限公司 | It realizes under virtualized environment without the method and device for acting on behalf of EDR |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111935074A (en) * | 2020-06-22 | 2020-11-13 | 国网电力科学研究院有限公司 | Integrated network security detection method and device |
| CN111935074B (en) * | 2020-06-22 | 2023-09-05 | 国网电力科学研究院有限公司 | Integrated network security detection method and device |
| CN113259176A (en) * | 2021-06-11 | 2021-08-13 | 长扬科技(北京)有限公司 | Alarm event analysis method and device |
| CN113259176B (en) * | 2021-06-11 | 2021-10-08 | 长扬科技(北京)有限公司 | Alarm event analysis method and device |
| CN113691524A (en) * | 2021-08-23 | 2021-11-23 | 杭州安恒信息技术股份有限公司 | Alarm information processing method, system, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11941017B2 (en) | Event driven extract, transform, load (ETL) processing | |
| US12013856B2 (en) | Burst performance of database queries according to query size | |
| US10079842B1 (en) | Transparent volume based intrusion detection | |
| US11409756B1 (en) | Creating and communicating data analyses using data visualization pipelines | |
| US10509696B1 (en) | Error detection and mitigation during data migrations | |
| US11308106B1 (en) | Caching results for sub-queries to different data store locations | |
| US9489426B2 (en) | Distributed feature collection and correlation engine | |
| US9471610B1 (en) | Scale-out of data that supports roll back | |
| US11676066B2 (en) | Parallel model deployment for artificial intelligence using a primary storage system | |
| CA2834864A1 (en) | Database system and method | |
| US11082494B2 (en) | Cross storage protocol access response for object data stores | |
| US9960975B1 (en) | Analyzing distributed datasets | |
| CN110572364A (en) | Method for realizing threat alarm in virtual environment | |
| US20140195502A1 (en) | Multidimension column-based partitioning and storage | |
| US9058330B2 (en) | Verification of complex multi-application and multi-node deployments | |
| US11431801B2 (en) | Storage offload engine for distributed network device data | |
| US11450419B1 (en) | Medication security and healthcare privacy systems | |
| CA3119167A1 (en) | Approach for a controllable trade-off between cost and availability of indexed data in a cloud log aggregation solution such as splunk or sumo | |
| US20220188340A1 (en) | Tracking granularity levels for accessing a spatial index | |
| US20140289268A1 (en) | Systems and methods of rationing data assembly resources | |
| US10951465B1 (en) | Distributed file system analytics | |
| US20080270483A1 (en) | Storage Management System | |
| Murugesan et al. | Audit log management in MongoDB | |
| CN113721856A (en) | Digital community management data storage system | |
| US11922222B1 (en) | Generating a modified component for a data intake and query system using an isolated execution environment image |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191213 |
|
| RJ01 | Rejection of invention patent application after publication |