CN111740976A - Network security discrimination and study system and method - Google Patents
Network security discrimination and study system and method Download PDFInfo
- Publication number
- CN111740976A CN111740976A CN202010549377.8A CN202010549377A CN111740976A CN 111740976 A CN111740976 A CN 111740976A CN 202010549377 A CN202010549377 A CN 202010549377A CN 111740976 A CN111740976 A CN 111740976A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- database
- network security
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a network security screening and studying and judging system and a method thereof, comprising the following steps: step 1, collecting data, and widely collecting network safety data, wherein the network safety data comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data; step 2, carrying out situation evaluation on the acquired data; step 3, comparing large databases, wherein the acquired data are subjected to situation analysis and then are subjected to data comparison through the large databases, and the compared problem data are classified; and 4, obtaining a network security information analysis report according to the situation evaluation and the data comparison. The invention has stronger pertinence to the screening and studying of the network security, can quickly examine the existence of problem data, can compare to obtain an effective aiming method, and can deal with the occurrence of new network security problems to avoid the repeated occurrence of the new network security problems.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security screening and judging system and a network security screening and judging method.
Background
Network Security (Network Security) includes Network device Security, Network information Security, and Network software Security, and means that hardware, software, and data in the system of the Network system are protected from being damaged, changed, and leaked due to accidental or malicious reasons, the system continuously, reliably, and normally operates, and the Network service is not interrupted. The system has the characteristics of confidentiality, integrity, availability, controllability and censorability, and from the perspective of network operation and managers, the system hopes that the operations of accessing, reading and writing and the like of local network information are protected and controlled, threats such as trap door, virus, illegal access, denial of service, illegal occupation and illegal control of network resources are avoided, and attacks of network hackers are prevented and defended. For security and secrecy departments, the departments hope to filter and prevent blocking of illegal and harmful or national confidential information, avoid confidential information leakage, avoid harm to the society and cause huge loss to the country, but at present, the network security problem identification capability is not enough, problem data cannot be found in time, and once the problem data bursts, the problem data causes great loss.
Disclosure of Invention
The invention aims to provide a system and a method for discriminating and judging network security, which are used for solving the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: a network security posture awareness system, comprising:
the data acquisition module is used for widely acquiring network security data, and comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
the data evaluation module is used for carrying out situation evaluation on the acquired data, building a plurality of layers and angles for carrying out evaluation when carrying out the situation evaluation, evaluating the service safety, the data safety, the infrastructure safety and the overall safety condition of the network, and selecting different evaluation methods according to different application backgrounds and different network scales;
the data comparison module is used for comparing the acquired data with the big database after the situation analysis, and classifying the compared problem data;
and the analysis report module is used for obtaining a network security information analysis report according to the situation evaluation and the data comparison.
Preferably, the large database in the data comparison module is divided into a hard disk database unit and a networking database unit, and the hard disk database unit is used for storing a database which is established by each single user according to known viruses and data of crisis system safety; the networking database unit is a database established by known viruses stored in the cloud and data of the security of the crisis system, and updates the latest data-rich database and stores an emergency solution corresponding to problem data at regular time.
Preferably, the data comparison module comprises a no-threat data unit, a light threat data unit, a toxic threat data unit and a threat data unit.
A network security discrimination and judgment method comprises
Step 1, collecting data, and widely collecting network safety data, wherein the network safety data comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
step 2, carrying out situation evaluation on the acquired data, establishing multiple levels and angles for evaluation when carrying out the situation evaluation, evaluating the service safety, data safety, infrastructure safety and overall safety conditions of the network, and selecting different evaluation methods according to different application backgrounds and different network scales;
step 3, comparing large databases, wherein the acquired data are subjected to situation analysis and then are subjected to data comparison through the large databases, and the compared problem data are classified;
and 4, obtaining a network security information analysis report according to the situation evaluation and the data comparison.
Preferably, in the step 1, the data acquisition is to acquire data through various detection tools and to detect, acquire and acquire various elements affecting the system security.
Preferably, in the step 2, the various network security element data are processed and merged by means of classification, merging, association analysis and the like, and the merged information is comprehensively analyzed to obtain the overall security condition affecting the network.
Preferably, the large database in step 3 is divided into a hard disk database and a networking database, wherein the hard disk database is used for storing databases established by each individual user according to known viruses and data of crisis system safety; the networking database is a database established by known viruses stored in the cloud and data of the security of the crisis system, and the networking database is used for updating the latest data-rich database at regular time and storing a solution emergency scheme corresponding to problem data.
Preferably, the situation assessment method in step 2 comprises an Endsley model for situation awareness starting from perception, an OODA model for loop confrontation, a JDL model for data fusion and an RPD model for hypothesis and reasoning.
Preferably, the problem data compared in step 3 is divided into four categories, namely no threat data, slight threat data, toxic threat data and threat data.
Compared with the prior art, the invention has the following beneficial effects:
1. the network security screening and judging method has strong pertinence and wide data acquisition range, and can comprehensively acquire and subsequently sense network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data.
2. In the network security screening and judging method, the Endsley model for sensing situation, the OODA model for loop confrontation, the JDL model for data fusion and the RPD model for hypothesis and reasoning are used for sensing and analyzing the network data, so that the network data can be comprehensively analyzed and processed.
3. The invention has stronger pertinence to the screening and studying of the network security, can quickly examine the existence of problem data, can compare to obtain an effective aiming method, and can deal with the occurrence of new network security problems to avoid the repeated occurrence of the new network security problems.
Description of the drawings:
FIG. 1 is a schematic structural diagram of a network security screening and judging system according to the present invention;
FIG. 2 is a step diagram of a network security screening and judging method according to the present invention;
FIG. 3 is a chart of problem data categories compared in the big database comparison step of the present invention;
FIG. 4 is a schematic structural diagram of a data comparison module according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a technical scheme that: referring to fig. 1 and 4, a network security screening and judging system includes:
the data acquisition module is used for widely acquiring network security data, and comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
the data evaluation module is used for carrying out situation evaluation on the acquired data, building a plurality of layers and angles for carrying out evaluation when carrying out the situation evaluation, evaluating the service safety, the data safety, the infrastructure safety and the overall safety condition of the network, and selecting different evaluation methods according to different application backgrounds and different network scales;
the data comparison module is used for comparing the acquired data with the big database after the situation analysis, and classifying the compared problem data;
and the analysis report module is used for obtaining a network security information analysis report according to the situation evaluation and the data comparison.
The large database in the data comparison module is divided into a hard disk database unit and a networking database unit, and the hard disk database unit is used for storing a database which is established by each single user according to known viruses and data of crisis system safety; the networking database unit is a database established by known viruses stored in the cloud and data of the security of the crisis system, and updates the latest data-rich database and stores an emergency solution corresponding to problem data at regular time.
The data comparison module comprises a no-threat data unit, a slight-threat data unit, a poisoning threat data unit and a threat data unit.
Referring to fig. 2 and 3, a network security screening and judging method includes
Step 1, collecting data, and widely collecting network safety data, wherein the network safety data comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
step 2, carrying out situation evaluation on the acquired data, establishing multiple levels and angles for evaluation when carrying out the situation evaluation, evaluating the service safety, data safety, infrastructure safety and overall safety conditions of the network, and selecting different evaluation methods according to different application backgrounds and different network scales;
step 3, comparing large databases, wherein the acquired data are subjected to situation analysis and then are subjected to data comparison through the large databases, and the compared problem data are classified;
and 4, obtaining a network security information analysis report according to the situation evaluation and the data comparison.
In step 1, data acquisition is to acquire data through various detection tools and to detect, acquire and acquire various elements affecting system security.
And 2, processing and fusing various network security element data by means of classification, merging, association analysis and the like, and comprehensively analyzing fused information to obtain the overall security condition affecting the network.
The large database in the step 3 is divided into a hard disk database and a networking database, wherein the hard disk database is used for storing a database which is established by each single user according to known viruses and data of crisis system safety; the networking database is a database established by known viruses stored in the cloud and data of the security of the crisis system, and the networking database is used for updating the latest data-rich database at regular time and storing a solution emergency scheme corresponding to problem data.
The situation assessment method in the step 2 comprises an Endsley model for situation perception starting from perception, an OODA model for loop confrontation, a JDL model for data fusion and an RPD model for hypothesis and reasoning.
The problem data compared in the step 3 is divided into four types, namely no threat data, slight threat data, toxic threat data and threat data.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that various changes in the embodiments and/or modifications of the invention can be made, and equivalents and modifications of some features of the invention can be made without departing from the spirit and scope of the invention.
Claims (9)
1. A network security screening and studying system is characterized by comprising:
the data acquisition module is used for widely acquiring network security data, and comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
the data evaluation module is used for carrying out situation evaluation on the acquired data, building a plurality of layers and angles for carrying out evaluation when carrying out the situation evaluation, evaluating the service safety, the data safety, the infrastructure safety and the overall safety condition of the network, and selecting different evaluation methods according to different application backgrounds and different network scales;
the data comparison module is used for comparing the acquired data with the big database after the situation analysis, and classifying the compared problem data;
and the analysis report module is used for obtaining a network security information analysis report according to the situation evaluation and the data comparison.
2. The network security screening and judging system according to claim 1, wherein: the large database in the data comparison module is divided into a hard disk database unit and a networking database unit, and the hard disk database unit is used for storing a database which is established by each single user according to known viruses and data of crisis system safety; the networking database unit is a database established by known viruses stored in the cloud and data of the security of the crisis system, and updates the latest data-rich database and stores an emergency solution corresponding to problem data at regular time.
3. The network security screening and judging system according to claim 1, wherein: what is needed is
The data comparison module comprises a no-threat data unit, a slight-threat data unit, a poisoning threat data unit and a threat data unit.
4. A network security discrimination and study method is characterized in that: the specific method comprises the following steps:
step 1, collecting data, and widely collecting network safety data, wherein the network safety data comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
step 2, carrying out situation evaluation on the acquired data, establishing multiple levels and angles for evaluation when carrying out the situation evaluation, evaluating the service safety, data safety, infrastructure safety and overall safety conditions of the network, and selecting different evaluation methods according to different application backgrounds and different network scales;
step 3, comparing large databases, wherein the acquired data are subjected to situation analysis and then are subjected to data comparison through the large databases, and the compared problem data are classified;
and 4, obtaining a network security information analysis report according to the situation evaluation and the data comparison.
5. The network security screening and judging method according to claim 1, characterized in that: in the step 1, data acquisition is to acquire data through various detection tools and to detect, acquire and acquire various elements affecting the security of the system.
6. The network security screening and judging method according to claim 1, characterized in that: in the step 2, various network security element data are processed and fused by means of classification, merging, association analysis and the like, and the fused information is comprehensively analyzed to obtain the overall security condition affecting the network.
7. The network security screening and judging method according to claim 1, characterized in that: the large database in the step 3 is divided into a hard disk database and a networking database, wherein the hard disk database is used for storing a database which is established by each single user according to known viruses and data of crisis system safety; the networking database is a database established by known viruses stored in the cloud and data of the security of the crisis system, and the networking database is used for updating the latest data-rich database at regular time and storing a solution emergency scheme corresponding to problem data.
8. The network security screening and judging method according to claim 1, characterized in that: the situation assessment method in the step 2 comprises an Endsley model for situation perception starting from perception, an OODA model for cyclic confrontation, a JDL model for data fusion and an RPD model for assumption and reasoning.
9. The network security screening and judging method according to claim 1, characterized in that: the problem data compared in the step 3 is divided into four types, namely no threat data, slight threat data, toxic threat data and threat data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010549377.8A CN111740976A (en) | 2020-06-16 | 2020-06-16 | Network security discrimination and study system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010549377.8A CN111740976A (en) | 2020-06-16 | 2020-06-16 | Network security discrimination and study system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111740976A true CN111740976A (en) | 2020-10-02 |
Family
ID=72649452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010549377.8A Pending CN111740976A (en) | 2020-06-16 | 2020-06-16 | Network security discrimination and study system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111740976A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115361185A (en) * | 2022-08-10 | 2022-11-18 | 重庆电子工程职业学院 | Network security discrimination and study system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| CN101459537A (en) * | 2008-12-20 | 2009-06-17 | 中国科学技术大学 | Network security situation sensing system and method based on multi-layer multi-angle analysis |
| US20170214711A1 (en) * | 2014-07-31 | 2017-07-27 | Hewlett Packard Enterprise Development Lp | Creating a security report for a customer network |
| CN109753410A (en) * | 2019-01-16 | 2019-05-14 | 河南飙风信息科技有限公司 | O&M service system based on big data |
-
2020
- 2020-06-16 CN CN202010549377.8A patent/CN111740976A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459537A (en) * | 2008-12-20 | 2009-06-17 | 中国科学技术大学 | Network security situation sensing system and method based on multi-layer multi-angle analysis |
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| US20170214711A1 (en) * | 2014-07-31 | 2017-07-27 | Hewlett Packard Enterprise Development Lp | Creating a security report for a customer network |
| CN109753410A (en) * | 2019-01-16 | 2019-05-14 | 河南飙风信息科技有限公司 | O&M service system based on big data |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115361185A (en) * | 2022-08-10 | 2022-11-18 | 重庆电子工程职业学院 | Network security discrimination and study system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3640833B1 (en) | Generation and maintenance of identity profiles for implementation of security response | |
| KR102225460B1 (en) | Method of detecting threat based on threat hunting using multi sensor data and apparatus using the same | |
| US8805995B1 (en) | Capturing data relating to a threat | |
| Sandhu et al. | A survey of intrusion detection & prevention techniques | |
| Pradhan et al. | Intrusion detection system (IDS) and their types | |
| CN111327601B (en) | Abnormal data response method, system, device, computer equipment and storage medium | |
| CA2996966A1 (en) | Process launch, monitoring and execution control | |
| KR102222377B1 (en) | Method for Automatically Responding to Threat | |
| KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
| CN113992386A (en) | Method and device for evaluating defense ability, storage medium and electronic equipment | |
| CN114268452A (en) | Network security protection method and system | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN116094817A (en) | Network security detection system and method | |
| Sumanth et al. | Raspberry Pi based intrusion detection system using k-means clustering algorithm | |
| Perera et al. | The next gen security operation center | |
| Caesarano et al. | Network forensics for detecting SQL injection attacks using NIST method | |
| CN111740976A (en) | Network security discrimination and study system and method | |
| Vasudeo et al. | IMMIX-intrusion detection and prevention system | |
| Coulibaly | An overview of intrusion detection and prevention systems | |
| Hakkoymaz | Classifying database users for intrusion prediction and detection in data security | |
| Phutane et al. | A survey of intrusion detection system using different data mining techniques | |
| CN115766051A (en) | Host safety emergency disposal method and system, storage medium and electronic equipment | |
| Yang | Application of data mining technology in network security | |
| KR20210141198A (en) | Network security system that provides security optimization function of internal network | |
| CN114205146A (en) | Processing method and device for multi-source heterogeneous security log |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201002 |
|
| RJ01 | Rejection of invention patent application after publication |