CN111726355A - Network security situation perception system based on big data - Google Patents
Network security situation perception system based on big data Download PDFInfo
- Publication number
- CN111726355A CN111726355A CN202010555617.5A CN202010555617A CN111726355A CN 111726355 A CN111726355 A CN 111726355A CN 202010555617 A CN202010555617 A CN 202010555617A CN 111726355 A CN111726355 A CN 111726355A
- Authority
- CN
- China
- Prior art keywords
- data
- security
- network
- unit
- analysis module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/29—Graphical models, e.g. Bayesian networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a big data-based network security situation perception system which comprises a data acquisition unit, a data preprocessing unit, a data storage unit and an index system construction unit, wherein the data acquisition unit is used for acquiring original security data, network operation data and external threat data, the original security data are data generated by security equipment and a service system, the data preprocessing unit is used for preprocessing and fusing the original security data, the network operation data and the external threat data, the data storage unit is used for storing the data processed by the data preprocessing unit and forming a security database, and the index system construction unit is used for constructing a situation perception index system and comprises a network operation vulnerability analysis module and a network attack situation analysis module.
Description
Technical Field
The invention relates to the technical field of big data analysis, in particular to a big data-based network security situation perception system.
Background
Network security refers to the protection of the hardware, software of a network system and the information in the system. The method comprises the steps that the system continuously, reliably and normally operates, network service is not interrupted, and information in the system is not damaged, changed or leaked due to accidental or malicious behaviors.
Aiming at the network security threat, enterprises, public institutions and organizations gradually deploy corresponding security equipment and business systems. Although the existing safety equipment and service system can analyze and record the network safety condition to a certain extent, the corresponding and related data are not deeply analyzed and insights, and the comprehensive assessment and prediction of the network safety risk are difficult to realize.
Disclosure of Invention
In order to solve the problems, the invention provides a network security situation awareness system based on big data.
The invention adopts the following technical scheme:
a big data-based network security situation perception system comprises a data acquisition unit, a data preprocessing unit, a data storage unit and an index system construction unit, wherein the data acquisition unit is used for acquiring original security data, network operation data and external threat data, the original security data are generated by security equipment and a service system, the data preprocessing unit is used for preprocessing and fusing the original security data, the network operation data and the external threat data, the data storage unit is used for storing the data processed by the data preprocessing unit and forming a security database, the index system construction unit is used for constructing a situation awareness index system and comprises a network operation vulnerability analysis module and a network attack situation analysis module, the network operation vulnerability analysis module is used for analyzing and evaluating bugs and security situations existing in a host in a network, the network attack situation analysis module is used for analyzing and evaluating the attack situations suffered by the host in the network, wherein the attack situations comprise SQL injection attack times, unauthorized scanning times and the damage degree caused by security events.
Preferably, the index system building unit further includes an abnormal behavior analysis module, and the abnormal behavior analysis module is configured to analyze and summarize abnormal behaviors generated in the login behavior and the access process of different users in each host in the network.
Preferably, the system further comprises a service application unit, and the service application unit performs presentation and alarm based on the analysis result of the index system construction unit.
Preferably, the original security data includes firewall data, security audit data, internet access behavior logs and access logs of the security device and the service system.
Preferably, the network operation data includes a security risk assessment result, an accident handling record and a security system operation record.
Preferably, the external threat data includes an initiating IP of the attack, a domain name and vulnerability information.
Preferably, the data preprocessing comprises data identification, data completion, repeated item elimination and false alarm item elimination.
Preferably, the situation awareness index system is constructed based on a Bayesian network and a D-S evidence theory to analyze and evaluate various situation awareness indexes and generate evaluation results.
After adopting the technical scheme, compared with the background technology, the invention has the following advantages:
according to the invention, by constructing the situation awareness index system, various safety data related to situation awareness are fused, and the systematicness and comprehensiveness of situation awareness are enhanced.
Drawings
FIG. 1 is a system framework diagram of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Examples
The invention discloses a big data-based network security situation perception system, which comprises a data acquisition unit, a data preprocessing unit, a data storage unit, an index system construction unit and a service application unit, wherein the index system construction unit comprises:
the data acquisition unit is used for acquiring original safety data, network operation data and external threat data. The original safety data is data generated by safety equipment and a service system, and comprises firewall data, safety audit data, an internet behavior log and an access log; the network operation data comprises a safety risk evaluation result, an accident handling record and a safety system operation record; the external threat data includes the originating IP of the attack, the domain name and the vulnerability information.
The data preprocessing unit is used for preprocessing and fusing the original safety data, the network operation data and the external threat data. The data preprocessing comprises data identification, data completion, repeated item elimination and false alarm item elimination.
The data storage unit is used for storing the data processed by the data preprocessing unit and forming a safety database.
The index system construction unit is used for constructing a situation awareness index system and comprises a network operation vulnerability analysis module and a network attack situation analysis module, wherein the network operation vulnerability analysis module is used for analyzing and evaluating the vulnerability and the security situation of a host in a network and summarizing a scanning result report and an external threat report aiming at the security vulnerability of the host hardware configuration and a software system, the network attack situation analysis module is used for analyzing and evaluating the attack situation suffered by the host in the network, and the attack situation comprises SQL injection attack times, unauthorized scanning times and the damage degree caused by a security event. The index system building unit also comprises an abnormal behavior analysis module, and the abnormal behavior analysis module is used for analyzing and summarizing different user login behaviors in each host in the network and abnormal behaviors generated in the access process. The situation awareness index system is constructed based on Bayesian network and D-S evidence theory to analyze and evaluate various situation awareness indexes and generate evaluation results.
And the service application unit performs presentation and alarm based on the analysis result of the index system construction unit.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A big data-based network security situation awareness system is characterized by comprising a data acquisition unit, a data preprocessing unit, a data storage unit and an index system construction unit, wherein the data acquisition unit is used for acquiring original security data, network operation data and external threat data, the original security data are generated by security equipment and a service system, the data preprocessing unit is used for preprocessing and fusing the original security data, the network operation data and the external threat data, the data storage unit is used for storing the data processed by the data preprocessing unit and forming a security database, the index system construction unit is used for constructing a situation awareness index system and comprises a network operation vulnerability analysis module and a network attack situation analysis module, and the network operation vulnerability analysis module is used for analyzing and evaluating bugs and security situations existing in a host in a network, the network attack situation analysis module is used for analyzing and evaluating the attack situations suffered by the host in the network, wherein the attack situations comprise SQL injection attack times, unauthorized scanning times and the damage degree caused by security events.
2. The big data-based network security situation awareness system according to claim 1, wherein: the index system construction unit further comprises an abnormal behavior analysis module, and the abnormal behavior analysis module is used for analyzing and summarizing different user login behaviors in each host in the network and abnormal behaviors generated in the access process.
3. The big data based network security situation awareness system according to claim 1 or 2, wherein: the system also comprises a service application unit which is used for presenting and alarming based on the analysis result of the index system construction unit.
4. The big data-based network security situation awareness system according to claim 2, wherein: the original security data comprises firewall data, security audit data, internet access behavior logs and access logs of the security equipment and the service system.
5. The big data-based network security situation awareness system according to claim 4, wherein: the network operation data comprises a safety risk evaluation result, an accident handling record and a safety system operation record.
6. The big data-based network security situation awareness system according to claim 4, wherein: the external threat data comprises an initiating IP of the attack behavior, a domain name and vulnerability information.
7. The big data-based network security situation awareness system according to claim 1, wherein: the data preprocessing comprises data identification, data completion, repeated item elimination and false alarm item elimination.
8. The big data-based network security situation awareness system according to claim 1, wherein: the situation perception index system is constructed based on Bayesian network and D-S evidence theory to analyze and evaluate various situation perception indexes and generate evaluation results.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010555617.5A CN111726355A (en) | 2020-06-17 | 2020-06-17 | Network security situation perception system based on big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010555617.5A CN111726355A (en) | 2020-06-17 | 2020-06-17 | Network security situation perception system based on big data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111726355A true CN111726355A (en) | 2020-09-29 |
Family
ID=72567295
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010555617.5A Pending CN111726355A (en) | 2020-06-17 | 2020-06-17 | Network security situation perception system based on big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111726355A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112561239A (en) * | 2020-11-24 | 2021-03-26 | 国家电网有限公司 | Evaluation system and method based on enterprise informatization operation state |
| CN114745188A (en) * | 2022-04-20 | 2022-07-12 | 医诺智能科技(广州)有限公司 | Intelligent security situation sensing method and terminal for medical Internet of things platform |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
-
2020
- 2020-06-17 CN CN202010555617.5A patent/CN111726355A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
Non-Patent Citations (2)
| Title |
|---|
| 戴祥华等: ""大数据网络安全态势感知中数据融合技术的研究"", 《中国信息化》 * |
| 牛霞红: ""大数据网络安全态势感知中数据融合技术研究"", 《信息技术与信息化》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112561239A (en) * | 2020-11-24 | 2021-03-26 | 国家电网有限公司 | Evaluation system and method based on enterprise informatization operation state |
| CN114745188A (en) * | 2022-04-20 | 2022-07-12 | 医诺智能科技(广州)有限公司 | Intelligent security situation sensing method and terminal for medical Internet of things platform |
| CN114745188B (en) * | 2022-04-20 | 2024-05-28 | 医诺智能科技(广州)有限公司 | Intelligent sensing method and terminal for security situation of medical internet of things platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11212299B2 (en) | System and method for monitoring security attack chains | |
| CN103026345B (en) | For the dynamic multidimensional pattern of event monitoring priority | |
| Claycomb et al. | Chronological examination of insider threat sabotage: Preliminary observations. | |
| CN114372286A (en) | Data security management method and device, computer equipment and storage medium | |
| KR20040035572A (en) | Integrated Emergency Response System in Information Infrastructure and Operating Method therefor | |
| CN112134877A (en) | Network threat detection method, device, equipment and storage medium | |
| CN111865982B (en) | Threat assessment system and method based on situation awareness alarm | |
| CN113542279A (en) | Network security risk assessment method, system and device | |
| CN107483438A (en) | A kind of network security situation awareness early warning system and method based on big data | |
| CN110881043A (en) | Method and device for detecting web server vulnerability | |
| CN111865981A (en) | Network security vulnerability assessment system and method | |
| CN111726355A (en) | Network security situation perception system based on big data | |
| CN116094817A (en) | Network security detection system and method | |
| CN114024734B (en) | Intelligent network security detection and analysis system based on UEBA | |
| Lee et al. | A study on efficient log visualization using d3 component against apt: How to visualize security logs efficiently? | |
| CN114050937A (en) | Processing method and device for mailbox service unavailability, electronic equipment and storage medium | |
| CN111126729A (en) | Intelligent safety event closed-loop disposal system and method thereof | |
| CN117375985A (en) | Method and device for determining security risk index, storage medium and electronic device | |
| Torres | Incident response: How to fight back | |
| Thangavelu et al. | Comprehensive Information Security Awareness (CISA) in Security Incident Management (SIM): A Conceptualization. | |
| Hu et al. | Profiling file repository access patterns for identifying data exfiltration activities | |
| US20130291106A1 (en) | Enterprise level information alert system | |
| Wang et al. | A method of evaluation for insider threat | |
| US11863577B1 (en) | Data collection and analytics pipeline for cybersecurity | |
| Miani et al. | A practical experience on evaluating intrusion prevention system event data as indicators of security issues |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200929 |