CN111865973A - Network security operation and maintenance correlation analysis method - Google Patents

Network security operation and maintenance correlation analysis method Download PDF

Info

Publication number
CN111865973A
CN111865973A CN202010694496.2A CN202010694496A CN111865973A CN 111865973 A CN111865973 A CN 111865973A CN 202010694496 A CN202010694496 A CN 202010694496A CN 111865973 A CN111865973 A CN 111865973A
Authority
CN
China
Prior art keywords
module
network security
processing module
analysis
security processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010694496.2A
Other languages
Chinese (zh)
Inventor
李珂
丁德永
张娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Hebei Electric Power Co Ltd
Handan Power Supply Co of State Grid Hebei Electric Power Co Ltd
Original Assignee
Handan Power Supply Co of State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Handan Power Supply Co of State Grid Hebei Electric Power Co Ltd filed Critical Handan Power Supply Co of State Grid Hebei Electric Power Co Ltd
Priority to CN202010694496.2A priority Critical patent/CN111865973A/en
Publication of CN111865973A publication Critical patent/CN111865973A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of network security analysis and discloses a network security operation and maintenance correlation analysis method which comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module. The invention has the advantages that: through various typical indexes of access network safety operation to fuse the analysis mutually with system operation and maintenance incident database module, can carry out accurate analysis and processing to the network safety problem that the customer produced in the use, make whole analysis processing process become high-efficient, produce simultaneously to the customer and in order to do the security problem of handling or not doing the processing store system operation and maintenance incident database module, in order to conveniently carry out rapid processing to this problem, improved whole analysis processing process efficiency.

Description

Network security operation and maintenance correlation analysis method
Technical Field
The invention relates to the technical field of network security analysis, in particular to a network security operation and maintenance correlation analysis method.
Background
The operation and maintenance, referred to herein as internet operation and maintenance, generally belongs to the technical sector, and is also four major sectors for technical support of internet products, such as research, development, testing, and system management, and the division is somewhat different between domestic and foreign companies and between large and small companies.
The generation of an internet product generally goes through the process of: the system comprises a product manager, a demand analysis, development of a research and development department, testing of a testing department, deployment and release of an operation and maintenance department and long-term operation and maintenance; the operation and maintenance, which is essentially the operation and maintenance of each stage of the life cycle of the network, the server and the service, achieve an acceptable state in terms of cost, stability and efficiency, however, the currently used network operation and maintenance processing method has the following disadvantages in the actual use process:
with the continuous promotion of company information construction, the network security problem is increasingly prominent, and system abnormal events occurring in the operation and maintenance process lack analysis related to the security problem at present, and the use requirements of customers are increasingly not met in the use process.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a network security operation and maintenance correlation analysis method, which has the advantages of clear and quick analysis process, capability of quickly processing the generated security problem by combining with a system operation and maintenance event database, capability of generating a corresponding business analysis report and the like, and solves the problems of low analysis and processing efficiency and inconvenience for customers of the currently used security operation and maintenance analysis method.
(II) technical scheme
In order to realize the purpose that the analysis process is clear and quick, the generated safety problem can be quickly processed by combining the system operation and maintenance event database, and a corresponding business analysis report can be generated, the invention provides the following technical scheme: the system comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a monitoring module, a discrimination module and an analysis and evaluation module, and the discrimination module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) The host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
Preferably, the analysis and evaluation module generates a corresponding business analysis report from the received processing result, and an output end of the analysis and evaluation module is electrically connected to a display screen and a printer.
Preferably, the system operation and maintenance event database module backs up problems, processing procedures and results, and the system operation and maintenance event database module communicates with the attack network security processing module, the application network security processing module and the host network security processing module in an internet manner.
Preferably, the supervision module, the identification module and the analysis and evaluation module are all managed and restricted by the typical network security index module, and the typical network security index module can store and backup problems with high occurrence frequency.
Preferably, the host network security processing module and the processing personnel communicate in an internet mode, and the operating personnel, the analysis and evaluation module and the system operation and maintenance event database module communicate in an internet mode.
Preferably, the attack network security processing module, the application network security processing module and the host network security processing module are independent entities and have no information interaction with each other, and the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems.
(III) advantageous effects
Compared with the prior art, the invention provides a network security operation and maintenance correlation analysis method, which has the following beneficial effects:
1. the network security operation and maintenance correlation analysis method has the advantages that various typical indexes of network security operation are accessed, and the network security operation and maintenance correlation analysis method is fused and analyzed with the system operation and maintenance event database module, so that network security problems generated by customers in the using process can be accurately analyzed and processed, the whole analysis and processing process becomes high-efficiency, meanwhile, safety problems generated by the customers and processed or unprocessed are stored in the system operation and maintenance event database module, when corresponding problems are encountered next time, the problems can be rapidly processed, and the efficiency of the whole analysis and processing process is improved.
2. According to the network security operation and maintenance association analysis method, the processing results of the attack network security processing module and the application network security processing module are respectively transmitted to the analysis evaluation module, corresponding business analysis reports can be generated from the analysis evaluation module, corresponding processing personnel can process the network security generated by a host and the like used by a client, and the processing results can be respectively uploaded to the analysis evaluation module and the system operation and maintenance event database module by operating personnel, so that the corresponding business analysis reports can be conveniently generated and backup processing can be conveniently performed, and the problems that the analysis and processing efficiency of the currently used security operation and maintenance analysis method is low and the client is inconvenient to use are solved.
Drawings
FIG. 1 is a schematic flow chart of the present invention;
fig. 2 is a schematic diagram of information feedback according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
a network security operation and maintenance correlation analysis method comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) The attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) the host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
The user accesses the typical network security index module, wherein the monitoring module can monitor the network security of the user all the time, when the monitoring module finds a problem, the detailed information of the security problem can be transmitted to the distinguishing module, the distinguishing module analyzes and judges the generated information so as to accurately process different types of problems, the distinguishing module transmits corresponding security problem information to the attack type network security processing module, the application type network security processing module or the host computer network security processing module, and the attack type network security processing module and the application type network security processing module can process the received security problem by combining corresponding data in the system operation and maintenance event database module; the host network security processing module sends the received security problems to handheld equipment of an operator to inform the operator of processing the security problems, the operator feeds back the completion information to the host network security processing module after the problem processing is completed, meanwhile, the operator also uploads the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, the attack network security processing module and the application network security processing module also feed back and upload the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, and the analysis and evaluation module generates a corresponding business analysis report so as to facilitate the manager to analyze and summarize the problem information; the system operation and maintenance event database module respectively carries out classified storage and backup on the problems processed by the attack network security processing module, the application network security processing module and the host network security processing module so as to form a large database, so that the same kind of problems can be rapidly processed next time, and the processing speed of the whole system is improved.
The analysis evaluation module can generate corresponding business analysis report with the processing result of receiving, the output electric connection of analysis evaluation module has display screen and printer, the business analysis report that the analysis evaluation module generated can show on the display screen, the printer that sets up simultaneously can print the report, in order to make things convenient for the user to carry out the analysis, calculate and discuss, simultaneously can also be at the multiple electrical apparatus of the output of analysis evaluation module electric connection still, in order to make things convenient for the user to use, promote user's work efficiency.
The system operation and maintenance event database module can back up problems, processing processes and results, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module by adopting an internet mode, the system operation and maintenance event database module can realize the faster information interaction between the system operation and maintenance event database module and the attack network security processing module, the application network security processing module and the host network security processing module by establishing communication through the internet, moreover, the information combination between the system operation and maintenance event database module and the typical network security index module is realized, the use and the operation of a user are convenient, meanwhile, the system operation and maintenance event database module can store the stored problem information in a classified manner and can integrate and expand the later problem information of the same type, the space occupied by the information and the integrity of the information are reduced, and the user can call the information conveniently.
The monitoring module, the distinguishing module and the analysis and evaluation module are all managed and restricted by the typical network security index module, the typical network security index module can store and backup problems with high occurrence frequency, the problems generated in the using process of a client can be accurately analyzed and processed by accessing various typical indexes of network security operation and fusing and analyzing with the system operation and maintenance event database module, the whole analysis and processing process becomes efficient, the stored problem information with high frequency is convenient for a user to call, and the attack network security processing module and the application network security processing module can directly call a processing method from the typical network security index module when solving similar problems.
Host computer network security processing module and processing personnel adopt the mode of internet to communicate, all communicate through the mode of internet between operating personnel and analysis evaluation module and the system operation and maintenance incident database module, information interaction between operating personnel and the processing system has been realized, make operating personnel can upload and backup the problem information that its was handled, and simultaneously, the mode that uses the internet communicates, can not receive the region restriction, operating personnel can upload information anytime and anywhere, and communication mode is stable and quick, to a great extent, avoided appearing the condition emergence that the information lost, make entire system's practicality higher, and convenience of customers uses.
The attack network security processing module, the application network security processing module and the host network security processing module are all independent individuals and have no information interaction with each other, the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems, the attack network security processing module, the application network security processing module and the host network security processing module without information interaction avoid the condition of information disorder among the modules, so that the attack network security processing module, the application network security processing module and the host network security processing module can work independently without mutual influence, and meanwhile, for recent problem information stored by the attack network security processing module, the application network security processing module and the host network security processing module, regular cleaning can be carried out to reduce the occupied space of problem information, the attack type network security processing module, the application type network security processing module and the host computer network security processing module can conveniently store the problem information in the future, and the similar problems can be encountered again in the time, the three processing modules can quickly obtain a processing method from the interior of the processing modules, so that the whole system is more efficient.
Example two:
a network security operation and maintenance correlation analysis method comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) the host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
The user accesses the typical network security index module, wherein the monitoring module can monitor the network security of the user all the time, when the monitoring module finds a problem, the detailed information of the security problem can be transmitted to the distinguishing module, the distinguishing module analyzes and judges the generated information so as to accurately process different types of problems, the distinguishing module transmits corresponding security problem information to the attack type network security processing module, the application type network security processing module or the host computer network security processing module, and the attack type network security processing module and the application type network security processing module can process the received security problem by combining corresponding data in the system operation and maintenance event database module; the host network security processing module sends the received security problems to handheld equipment of an operator to inform the operator of processing the security problems, the operator feeds back the completion information to the host network security processing module after the problem processing is completed, meanwhile, the operator also uploads the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, the attack network security processing module and the application network security processing module also feed back and upload the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, and the analysis and evaluation module generates a corresponding business analysis report so as to facilitate the manager to analyze and summarize the problem information; the system operation and maintenance event database module respectively carries out classified storage and backup on the problems processed by the attack network security processing module, the application network security processing module and the host network security processing module so as to form a large database, so that the same kind of problems can be rapidly processed next time, and the processing speed of the whole system is improved.
The analysis evaluation module can generate corresponding business analysis report with the processing result of receiving, the output electric connection of analysis evaluation module has display screen and printer, the business analysis report that the analysis evaluation module generated can show on the display screen, the printer that sets up simultaneously can print the report, in order to make things convenient for the user to carry out the analysis, calculate and discuss, simultaneously can also be at the multiple electrical apparatus of the output of analysis evaluation module electric connection still, in order to make things convenient for the user to use, promote user's work efficiency.
The system operation and maintenance event database module can back up problems, processing processes and results, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module in an optical fiber mode, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module by using the optical fiber, stable information transmission can be guaranteed, information and file loss rarely occurs, the system operation and maintenance event database module has region limitation, the number of consumed optical fibers is large, the manufacturing cost of the system operation and maintenance event database module is increased, and the practicability of the whole system is reduced to a certain extent.
The monitoring module, the distinguishing module and the analysis and evaluation module are all managed and restricted by the typical network security index module, the typical network security index module can store and backup problems with high occurrence frequency, the problems generated in the using process of a client can be accurately analyzed and processed by accessing various typical indexes of network security operation and fusing and analyzing with the system operation and maintenance event database module, the whole analysis and processing process becomes efficient, the stored problem information with high frequency is convenient for a user to call, and the attack network security processing module and the application network security processing module can directly call a processing method from the typical network security index module when solving similar problems.
Host computer network security processing module and processing personnel adopt the mode of internet to communicate, all communicate through the mode of LAN and net twine between operating personnel and analysis evaluation module and the system operation and maintenance incident database module, operating personnel can store the course of treatment and the result of problem information in hand-held device in advance, then in the LAN scope of analysis evaluation module and system operation and maintenance incident database module, use LAN or net twine to upload data, the privacy nature of information has been increased to this kind of mode, but the practicality has been reduced, influence operating personnel's work efficiency.
The attack network security processing module, the application network security processing module and the host network security processing module are all independent individuals and have no information interaction with each other, the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems, the attack network security processing module, the application network security processing module and the host network security processing module without information interaction avoid the condition of information disorder among the modules, so that the attack network security processing module, the application network security processing module and the host network security processing module can work independently without mutual influence, and meanwhile, for recent problem information stored by the attack network security processing module, the application network security processing module and the host network security processing module, regular cleaning can be carried out to reduce the occupied space of problem information, the attack type network security processing module, the application type network security processing module and the host computer network security processing module can conveniently store the problem information in the future, and the similar problems can be encountered again in the time, the three processing modules can quickly obtain a processing method from the interior of the processing modules, so that the whole system is more efficient.
The invention has the beneficial effects that: by accessing various typical indexes of network safe operation and fusing and analyzing with the system operation and maintenance event database module, the network safety problems generated in the using process of a client can be accurately analyzed and processed, the whole analysis and processing process becomes high-efficiency, and simultaneously, the safety problems generated by the client and processed or not processed are stored in the system operation and maintenance event database module, so that the problems can be rapidly processed when the corresponding problems are encountered next time, the efficiency of the whole analysis and processing process is improved, by respectively transmitting the processing results of the attack network safety processing module and the application network safety processing module to the analysis and evaluation module, the corresponding service analysis report can be generated from the analysis and evaluation module, and the network safety generated by a host computer used by the client and the like can be processed by corresponding processing personnel, and the operator can respectively upload the processing results to the analysis evaluation module and the system operation and maintenance event database module so as to conveniently generate a corresponding service analysis report and perform backup processing, thereby solving the problems of low analysis and processing efficiency and inconvenience for customers of the currently used safety operation and maintenance analysis method.
Typical cases are as follows:
a network security operation and maintenance correlation analysis method comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) the host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
The user accesses the typical network security index module, wherein the monitoring module can monitor the network security of the user all the time, when the monitoring module finds a problem, the detailed information of the security problem can be transmitted to the distinguishing module, the distinguishing module analyzes and judges the generated information so as to accurately process different types of problems, the distinguishing module transmits corresponding security problem information to the attack type network security processing module, the application type network security processing module or the host computer network security processing module, and the attack type network security processing module and the application type network security processing module can process the received security problem by combining corresponding data in the system operation and maintenance event database module; the host network security processing module sends the received security problems to handheld equipment of an operator to inform the operator of processing the security problems, the operator feeds back the completion information to the host network security processing module after the problem processing is completed, meanwhile, the operator also uploads the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, the attack network security processing module and the application network security processing module also feed back and upload the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, and the analysis and evaluation module generates a corresponding business analysis report so as to facilitate the manager to analyze and summarize the problem information; the system operation and maintenance event database module respectively carries out classified storage and backup on the problems processed by the attack network security processing module, the application network security processing module and the host network security processing module so as to form a large database, so that the same kind of problems can be rapidly processed next time, and the processing speed of the whole system is improved.
The analysis evaluation module can generate corresponding business analysis report with the processing result of receiving, the output electric connection of analysis evaluation module has display screen and printer, the business analysis report that the analysis evaluation module generated can show on the display screen, the printer that sets up simultaneously can print the report, in order to make things convenient for the user to carry out the analysis, calculate and discuss, simultaneously can also be at the multiple electrical apparatus of the output of analysis evaluation module electric connection still, in order to make things convenient for the user to use, promote user's work efficiency.
The system operation and maintenance event database module can back up problems, processing processes and results, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module by adopting an internet mode, the system operation and maintenance event database module can realize the faster information interaction between the system operation and maintenance event database module and the attack network security processing module, the application network security processing module and the host network security processing module by establishing communication through the internet, moreover, the information combination between the system operation and maintenance event database module and the typical network security index module is realized, the use and the operation of a user are convenient, meanwhile, the system operation and maintenance event database module can store the stored problem information in a classified manner and can integrate and expand the later problem information of the same type, the space occupied by the information and the integrity of the information are reduced, and the user can call the information conveniently.
The monitoring module, the distinguishing module and the analysis and evaluation module are all managed and restricted by the typical network security index module, the typical network security index module can store and backup problems with high occurrence frequency, the problems generated in the using process of a client can be accurately analyzed and processed by accessing various typical indexes of network security operation and fusing and analyzing with the system operation and maintenance event database module, the whole analysis and processing process becomes efficient, the stored problem information with high frequency is convenient for a user to call, and the attack network security processing module and the application network security processing module can directly call a processing method from the typical network security index module when solving similar problems.
Host computer network security processing module and processing personnel adopt the mode of internet to communicate, all communicate through the mode of internet between operating personnel and analysis evaluation module and the system operation and maintenance incident database module, information interaction between operating personnel and the processing system has been realized, make operating personnel can upload and backup the problem information that its was handled, and simultaneously, the mode that uses the internet communicates, can not receive the region restriction, operating personnel can upload information anytime and anywhere, and communication mode is stable and quick, to a great extent, avoided appearing the condition emergence that the information lost, make entire system's practicality higher, and convenience of customers uses.
The attack network security processing module, the application network security processing module and the host network security processing module are all independent individuals and have no information interaction with each other, the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems, the attack network security processing module, the application network security processing module and the host network security processing module without information interaction avoid the condition of information disorder among the modules, so that the attack network security processing module, the application network security processing module and the host network security processing module can work independently without mutual influence, and meanwhile, for recent problem information stored by the attack network security processing module, the application network security processing module and the host network security processing module, regular cleaning can be carried out to reduce the occupied space of problem information, the attack type network security processing module, the application type network security processing module and the host computer network security processing module can conveniently store the problem information in the future, and the similar problems can be encountered again in the time, the three processing modules can quickly obtain a processing method from the interior of the processing modules, so that the whole system is more efficient.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (7)

1. A network security operation and maintenance correlation analysis method is characterized by comprising a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a monitoring module, a discrimination module and an analysis and evaluation module, and the discrimination module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
2. A network security operation and maintenance correlation analysis method is characterized by comprising the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) The host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
3. The network security operation and maintenance correlation analysis method according to claim 1, wherein the analysis and evaluation module generates a corresponding business analysis report from the received processing result, and an output end of the analysis and evaluation module is electrically connected to a display screen and a printer.
4. The network security operation and maintenance association analysis method according to claim 1, wherein the system operation and maintenance event database module backs up problems, processing procedures and results, and the system operation and maintenance event database module communicates with the attack network security processing module, the application network security processing module and the host network security processing module in an internet manner.
5. The network security operation and maintenance correlation analysis method according to claim 1, wherein the supervision module, the resolution module and the analysis and evaluation module are managed and restricted by a typical network security index module, and the typical network security index module stores and backups problems with high occurrence frequency.
6. The network security operation and maintenance association analysis method according to claim 1, wherein the host network security processing module and the processing personnel communicate with each other in an internet manner, and the operating personnel, the analysis and evaluation module and the system operation and maintenance event database module communicate with each other in an internet manner.
7. The method according to claim 1, wherein the attack-type network security processing module, the application-type network security processing module, and the host-type network security processing module are independent entities and have no information interaction with each other, and the attack-type network security processing module, the application-type network security processing module, and the host-type network security processing module store recent security problems.
CN202010694496.2A 2020-07-17 2020-07-17 Network security operation and maintenance correlation analysis method Pending CN111865973A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010694496.2A CN111865973A (en) 2020-07-17 2020-07-17 Network security operation and maintenance correlation analysis method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010694496.2A CN111865973A (en) 2020-07-17 2020-07-17 Network security operation and maintenance correlation analysis method

Publications (1)

Publication Number Publication Date
CN111865973A true CN111865973A (en) 2020-10-30

Family

ID=73000599

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010694496.2A Pending CN111865973A (en) 2020-07-17 2020-07-17 Network security operation and maintenance correlation analysis method

Country Status (1)

Country Link
CN (1) CN111865973A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113037744A (en) * 2021-03-05 2021-06-25 中通服创发科技有限责任公司 Interactive safety event script arranging and disposing method and device
CN116232695A (en) * 2023-02-02 2023-06-06 深圳市网安信科技有限公司 Network security operation and maintenance association analysis system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002097587A2 (en) * 2001-05-31 2002-12-05 Internet Security Systems, Inc. Method and system for implementing security devices in a network
CN102958082A (en) * 2012-12-07 2013-03-06 广州杰赛科技股份有限公司 Network optimization analysis method and system
CN107483472A (en) * 2017-09-05 2017-12-15 中国科学院计算机网络信息中心 A kind of method, apparatus of network security monitoring, storage medium and server
CN108880842A (en) * 2017-05-11 2018-11-23 上海宏时数据系统有限公司 A kind of fault rootstock analyzing and positioning system and analysis method automating operation platform
CN109309687A (en) * 2018-11-27 2019-02-05 杭州迪普科技股份有限公司 Network security defence method, device and the network equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002097587A2 (en) * 2001-05-31 2002-12-05 Internet Security Systems, Inc. Method and system for implementing security devices in a network
CN102958082A (en) * 2012-12-07 2013-03-06 广州杰赛科技股份有限公司 Network optimization analysis method and system
CN108880842A (en) * 2017-05-11 2018-11-23 上海宏时数据系统有限公司 A kind of fault rootstock analyzing and positioning system and analysis method automating operation platform
CN107483472A (en) * 2017-09-05 2017-12-15 中国科学院计算机网络信息中心 A kind of method, apparatus of network security monitoring, storage medium and server
CN109309687A (en) * 2018-11-27 2019-02-05 杭州迪普科技股份有限公司 Network security defence method, device and the network equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113037744A (en) * 2021-03-05 2021-06-25 中通服创发科技有限责任公司 Interactive safety event script arranging and disposing method and device
CN116232695A (en) * 2023-02-02 2023-06-06 深圳市网安信科技有限公司 Network security operation and maintenance association analysis system

Similar Documents

Publication Publication Date Title
US20120257890A1 (en) System and method for cable monitoring
CN111158983A (en) Integrated operation and maintenance management system
CN111865973A (en) Network security operation and maintenance correlation analysis method
CN104281104B (en) A kind of unusual service condition information processing system and method
CN105049223A (en) Electric power communication network defect and fault processing decision-aided analysis method
CN112311588A (en) Intelligent optical fiber identification method for transformer substation
CN109542750A (en) Distributed information log system
CN103699964A (en) Agricultural-product tracing system based on evidence-chain and supply-chain panels
CN101616023A (en) A kind of method of cluster being implemented monitoring by note
CN105335770A (en) Abnormal production event real-time management system
CN209419625U (en) A kind of power matching network optical cable real time monitoring operational system based on WDM technology
JP2013041574A (en) Information processing system operation management device, operation management method and operation management program
CN109100116A (en) A kind of optical module fault diagnosis system and method
CN111192446A (en) Remote meter reading system
CN116886183A (en) Optical fiber state monitoring method, system and storage medium
CN109450103A (en) Condition detection method, device and the intelligent terminal of pressing plate
KR101288535B1 (en) Method for monitoring communication system and apparatus therefor
CN102783087A (en) Associative alarm method and device based on management layers
CN110377137A (en) Power capacity management system and management method based on PDU monitoring
CN104734354A (en) Intelligent power grid overhaul system based on network topology and overhaul method
CN218456425U (en) Internet computer big data information processing system
CN116208873B (en) ONU operation and maintenance management method, device and system
CN115277356B (en) Alarm information merging method and device and electronic equipment
CN118158137A (en) Method and system for monitoring card state of Internet of things
CN105357062A (en) Auxiliary analysis method of defect fault handling and decision making of electric power communication network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
TA01 Transfer of patent application right

Effective date of registration: 20210623

Address after: 056000 48 North Zhonghua street, contai District, Handan, Hebei.

Applicant after: HANDAN POWER SUPPLY BRANCH OF STATE GRID HEBEI ELECTRIC POWER SUPPLY Co.,Ltd.

Applicant after: STATE GRID HEBEI ELECTRIC POWER SUPPLY Co.,Ltd.

Applicant after: STATE GRID CORPORATION OF CHINA

Address before: 056000 48 North Zhonghua street, contai District, Handan, Hebei.

Applicant before: HANDAN POWER SUPPLY BRANCH OF STATE GRID HEBEI ELECTRIC POWER SUPPLY Co.,Ltd.

TA01 Transfer of patent application right
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination