CN111526147A - Real-time control method and system applied to real network attack and defense, electronic equipment and storage medium - Google Patents
Real-time control method and system applied to real network attack and defense, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111526147A CN111526147A CN202010332973.0A CN202010332973A CN111526147A CN 111526147 A CN111526147 A CN 111526147A CN 202010332973 A CN202010332973 A CN 202010332973A CN 111526147 A CN111526147 A CN 111526147A
- Authority
- CN
- China
- Prior art keywords
- data
- attack
- real
- authorized
- defense
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of real-time control of real network attack and defense, in particular to a real-time control method, a real-time control system, electronic equipment and a storage medium applied to real network attack and defense; the control method comprises the following steps: data flow real-time capture is carried out; performing captured data analysis, and judging whether the data is attack data; and analyzing the attack data, judging whether the attack data is authorized, and if the attack data is not authorized, performing blocking management through a firewall. The real-time control method, the real-time control system, the electronic equipment and the storage medium applied to real network attack and defense disclosed by the invention can effectively carry out network attack and defense exercise activities and control behaviors in real time; the real target is ensured not to be interfered, and the movement is stably carried out.
Description
Technical Field
The invention relates to the technical field of real-time management and control of real network attack and defense, in particular to a real-time management and control method and system applied to real network attack and defense, electronic equipment and a storage medium.
Background
The network space security exercise of various countries in the world reflects new characteristics and new trends of emphasizing network security and emphasizing network security.
At present, attack and defense drilling activities with a real network as a target are developed, so that weak links existing in real network security protection are found; however, the security situation management and control technology for the intranet ensures that the intranet security is not attacked, only controls the intranet security, and is not suitable for the drilling scene and activities, so that a real network attack and defense management and control method is not effectively established, and the drilling effect cannot be well managed and demonstrated.
Therefore, in order to solve the above problems, it is urgently needed to invent a real-time management and control method, system, electronic device and storage medium applied to real network defense and attack.
Disclosure of Invention
The invention aims to: the real-time management and control method, the real-time management and control system, the electronic equipment and the storage medium are applied to real network attack and defense, and the whole drilling activity is managed and controlled in real time through data acquisition, data analysis, large-screen display, risk notification, risk processing and risk blocking.
The invention provides the following scheme:
a real-time control method applied to real network attack and defense comprises the following steps:
data flow real-time capture is carried out;
performing captured data analysis, and judging whether the data is attack data;
and analyzing the attack data, judging whether the attack data is authorized, and if the attack data is not authorized, performing blocking management through a firewall.
The step of performing captured data analysis and judging whether the data is attack data specifically comprises the following steps:
and analyzing the captured data, judging whether the data is attack data, if so, analyzing whether the data is authorized, and if not, auditing the normal data flow.
Analyzing the attack data, judging whether the attack data is authorized, and if the attack data is not authorized, performing blocking management through a firewall, wherein the steps are as follows:
and if the attack data is not authorized, blocking management is carried out through a firewall, and if the attack data is authorized, the authorized attack data is stored.
Further comprising:
and carrying out data flow audit on the authorized attack data, and displaying the attack data.
A real-time control system applied to real network attack and defense for realizing the real-time control method applied to real network attack and defense comprises the following steps:
the data capturing module is used for capturing data flow in real time;
the data judgment module is used for carrying out captured data analysis and judging whether the data is attack data or not;
and the data analysis module is used for analyzing the attack data, judging whether the attack data is authorized or not, and performing blocking management through a firewall if the attack data is not authorized.
Further comprising: and the data auditing module is used for auditing the data.
The data storage and display module is used for storing and displaying the data.
The data capturing module, the data judging module and the data analyzing module are electrically connected in sequence; the data auditing module is electrically connected with the data analyzing module, and the data analyzing module is electrically connected with the data storage and display module.
An electronic device comprising a memory and a processor; the memory is used for storing a computer program; the processor executes the computer program in the memory to realize the real-time management and control method applied to real network defense and attack.
A computer-readable storage medium stores a computer program, which when executed by a processor, is used to implement the real-time management and control method applied to real-network defense and attack.
The invention has the following beneficial effects:
the invention discloses a real-time control method, a real-time control system, electronic equipment and a storage medium applied to real network attack and defense, wherein the control method comprises the following steps: data flow real-time capture is carried out; performing captured data analysis, and judging whether the data is attack data; analyzing the attack data, judging whether the attack data is authorized, and if the attack data is not authorized, performing blocking management through a firewall; network attack and defense exercise activities can be effectively developed, and behaviors are controlled in real time; the real target is ensured not to be interfered, and the movement is stably carried out.
Drawings
Fig. 1 is a flow chart of a real-time control method applied to real network defense and attack according to the present invention.
Fig. 2 is a block diagram of a real-time management and control system applied to real network defense and attack according to the present invention.
Fig. 3 is a schematic structural diagram of an electronic device according to the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Referring to fig. 1, a real-time management and control method applied to real network attack and defense includes the following steps:
data flow real-time capture is carried out;
performing captured data analysis, and judging whether the data is attack data;
and analyzing the attack data, judging whether the attack data is authorized, and if the attack data is not authorized, performing blocking management through a firewall.
The step of performing captured data analysis and judging whether the data is attack data specifically comprises the following steps:
and analyzing the captured data, judging whether the data is attack data, if so, analyzing whether the data is authorized, and if not, auditing the normal data flow.
Analyzing the attack data, judging whether the attack data is authorized, and if the attack data is not authorized, performing blocking management through a firewall, wherein the steps are as follows:
and if the attack data is not authorized, blocking management is carried out through a firewall, and if the attack data is authorized, the authorized attack data is stored.
Further comprising:
and carrying out data flow audit on the authorized attack data, and displaying the attack data.
Referring to fig. 2, a real-time management and control system applied to real network defense and attack for implementing the real-time management and control method applied to real network defense and attack includes:
the data capturing module is used for capturing data flow in real time;
the data judgment module is used for carrying out captured data analysis and judging whether the data is attack data or not;
and the data analysis module is used for analyzing the attack data, judging whether the attack data is authorized or not, and performing blocking management through a firewall if the attack data is not authorized.
Further comprising: and the data auditing module is used for auditing the data.
The data storage and display module is used for storing and displaying the data.
The data capturing module, the data judging module and the data analyzing module are electrically connected in sequence; the data auditing module is electrically connected with the data analyzing module, and the data analyzing module is electrically connected with the data storage and display module.
Referring to fig. 3, an electronic device includes a memory 501 and a processor 502; the memory is used for storing a computer program; the processor executes the computer program in the memory to realize the real-time management and control method applied to real network defense and attack. Further, a computer-readable storage medium is provided, which stores a computer program, and when the computer program is executed by a processor, the computer program is used to implement the real-time management and control method applied to real network defense and attack.
The real-time management and control method, system, electronic device and storage medium for real network attack and defense described in this embodiment, the management and control method includes the following steps: data flow real-time capture is carried out; performing captured data analysis, and judging whether the data is attack data; analyzing the attack data, judging whether the attack data is authorized, and if the attack data is not authorized, performing blocking management through a firewall; network attack and defense exercise activities can be effectively developed, and behaviors are controlled in real time; the real target is ensured not to be interfered, and the movement is stably carried out.
The real-time control method applied to real network defense and attack described in this embodiment specifically includes the following steps: the probe captures data flow and analyzes the data to obtain whether the data is attack data or not; and if the attack data is analyzed to be authorized, blocking management is carried out through a firewall if the attack data is not authorized. And storing and displaying the data. And the safety of the whole system of the target range is monitored in all directions. The system carries out comprehensive monitoring through personnel, network, system and application, and provides comprehensive control data for the safety of the shooting range. A one-stop safety monitoring system for prevention, detection, response and reinforcement is created by combining technologies such as threat intelligence, behavior analysis modeling, collapse host detection, graph association analysis, machine learning, big data association analysis and a visual platform, so that personnel can be dynamically tracked, network abnormity can be found, system safety can be monitored, and application safety can be analyzed. The safety monitoring system provides important judgment basis for safety management personnel of the shooting range.
For simplicity of explanation, the method embodiments are described as a series of acts or combinations, but those skilled in the art will appreciate that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently with other steps in accordance with the embodiments of the invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A real-time control method applied to real network attack and defense is characterized by comprising the following steps: the method comprises the following steps:
data flow real-time capture is carried out;
performing captured data analysis, and judging whether the data is attack data;
and analyzing the attack data, judging whether the attack data is authorized, and if the attack data is not authorized, performing blocking management through a firewall.
2. The real-time management and control method applied to real network defense and attack according to claim 1, characterized in that: the step of performing captured data analysis and judging whether the data is attack data specifically comprises the following steps:
and analyzing the captured data, judging whether the data is attack data, if so, analyzing whether the data is authorized, and if not, auditing the normal data flow.
3. The real-time management and control method applied to real network defense and attack according to claim 2, characterized in that: analyzing the attack data, judging whether the attack data is authorized, and if the attack data is not authorized, performing blocking management through a firewall, wherein the steps are as follows:
and if the attack data is not authorized, blocking management is carried out through a firewall, and if the attack data is authorized, the authorized attack data is stored.
4. The real-time management and control method applied to real network defense and attack according to claim 3, characterized in that: further comprising:
and carrying out data flow audit on the authorized attack data, and displaying the attack data.
5. A real-time management and control system applied to real network attack and defense, which implements the real-time management and control method applied to real network attack and defense of claim 1, characterized in that: the method comprises the following steps:
the data capturing module is used for capturing data flow in real time;
the data judgment module is used for carrying out captured data analysis and judging whether the data is attack data or not;
and the data analysis module is used for analyzing the attack data, judging whether the attack data is authorized or not, and performing blocking management through a firewall if the attack data is not authorized.
6. The real-time management and control system applied to real network defense and attack according to claim 5, characterized in that: further comprising: and the data auditing module is used for auditing the data.
7. The real-time management and control system applied to real network defense and attack according to claim 6, characterized in that: the data storage and display module is used for storing and displaying the data.
8. The real-time management and control system applied to real network defense and attack according to claim 7, characterized in that: the data capturing module, the data judging module and the data analyzing module are electrically connected in sequence; the data auditing module is electrically connected with the data analyzing module, and the data analyzing module is electrically connected with the data storage and display module.
9. An electronic device, characterized in that: comprising a memory and a processor; the memory is used for storing a computer program; the processor executes the computer program in the memory to realize the real-time management and control method applied to real network defense and attack according to any one of claims 1 to 4.
10. A computer-readable storage medium characterized by: a computer program is stored, which when being executed by a processor, is used for implementing the real-time management and control method applied to real network defense and attack as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010332973.0A CN111526147A (en) | 2020-04-24 | 2020-04-24 | Real-time control method and system applied to real network attack and defense, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010332973.0A CN111526147A (en) | 2020-04-24 | 2020-04-24 | Real-time control method and system applied to real network attack and defense, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111526147A true CN111526147A (en) | 2020-08-11 |
Family
ID=71910906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010332973.0A Pending CN111526147A (en) | 2020-04-24 | 2020-04-24 | Real-time control method and system applied to real network attack and defense, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111526147A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050268333A1 (en) * | 2004-05-21 | 2005-12-01 | Christopher Betts | Method and apparatus for providing security to web services |
| CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
| CN105262771A (en) * | 2015-11-04 | 2016-01-20 | 国家电网公司 | Attack and defense test method for network safety of power industry |
| CN107317824A (en) * | 2017-08-01 | 2017-11-03 | 北京观数科技有限公司 | A kind of controllable real net attack and defense training system of risk |
| CN108040070A (en) * | 2017-12-29 | 2018-05-15 | 北京奇虎科技有限公司 | A kind of network security test platform and method |
-
2020
- 2020-04-24 CN CN202010332973.0A patent/CN111526147A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050268333A1 (en) * | 2004-05-21 | 2005-12-01 | Christopher Betts | Method and apparatus for providing security to web services |
| CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
| CN105262771A (en) * | 2015-11-04 | 2016-01-20 | 国家电网公司 | Attack and defense test method for network safety of power industry |
| CN107317824A (en) * | 2017-08-01 | 2017-11-03 | 北京观数科技有限公司 | A kind of controllable real net attack and defense training system of risk |
| CN108040070A (en) * | 2017-12-29 | 2018-05-15 | 北京奇虎科技有限公司 | A kind of network security test platform and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11316891B2 (en) | Automated real-time multi-dimensional cybersecurity threat modeling | |
| US20070300300A1 (en) | Statistical instrusion detection using log files | |
| CN110602041A (en) | White list-based Internet of things equipment identification method and device and network architecture | |
| CN110351277A (en) | Electric power monitoring system security protection alarm method | |
| EP3151152A1 (en) | Non-intrusive software agent for monitoring and detection of cyber security events and cyber-attacks in an industrial control system | |
| CN110224970B (en) | Safety monitoring method and device for industrial control system | |
| CN113240116B (en) | Wisdom fire prevention cloud system based on class brain platform | |
| CN111049827A (en) | Network system safety protection method, device and related equipment | |
| WO2018071356A1 (en) | Graph-based attack chain discovery in enterprise security systems | |
| Hasan et al. | Artificial intelligence empowered cyber threat detection and protection for power utilities | |
| CN113489703A (en) | Safety protection system | |
| CN111526147A (en) | Real-time control method and system applied to real network attack and defense, electronic equipment and storage medium | |
| CN111104670B (en) | APT attack identification and protection method | |
| CN112800947A (en) | Video monitoring method, system, electronic equipment and storage medium | |
| CN116760572A (en) | Cloud security simulation detection method and system | |
| CN114448718B (en) | Network security guarantee method for parallel detection and repair | |
| CN110247888A (en) | A kind of computer network security Situation Awareness platform architecture | |
| EP3024192A1 (en) | Analysing security risks of an industrial automation and control system | |
| Erbacher et al. | Visual behavior characterization for intrusion and misuse detection | |
| CN112565246A (en) | Network anti-attack system and method based on artificial intelligence | |
| Bilusich et al. | There is no single solution to the ‘insider’problem but there is a valuable way forward | |
| CN107341396A (en) | Intrusion detection method, device and server | |
| CN110572379A (en) | Network security oriented visualization big data situation awareness analysis system key technology | |
| CN116436701B (en) | Method, device, equipment and storage medium for predicting network attack | |
| Hurst et al. | Behavioural observation for critical infrastructure support |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200811 |