Network security operation and maintenance correlation analysis method
Technical Field
The invention relates to the technical field of network security analysis, in particular to a network security operation and maintenance correlation analysis method.
Background
The operation and maintenance, referred to herein as internet operation and maintenance, generally belongs to the technical sector, and is also four major sectors for technical support of internet products, such as research, development, testing, and system management, and the division is somewhat different between domestic and foreign companies and between large and small companies.
The generation of an internet product generally goes through the process of: the system comprises a product manager, a demand analysis, development of a research and development department, testing of a testing department, deployment and release of an operation and maintenance department and long-term operation and maintenance; the operation and maintenance, which is essentially the operation and maintenance of each stage of the life cycle of the network, the server and the service, achieve an acceptable state in terms of cost, stability and efficiency, however, the currently used network operation and maintenance processing method has the following disadvantages in the actual use process:
with the continuous promotion of company information construction, the network security problem is increasingly prominent, and system abnormal events occurring in the operation and maintenance process lack analysis related to the security problem at present, and the use requirements of customers are increasingly not met in the use process.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a network security operation and maintenance correlation analysis method, which has the advantages of clear and quick analysis process, capability of quickly processing the generated security problem by combining with a system operation and maintenance event database, capability of generating a corresponding business analysis report and the like, and solves the problems of low analysis and processing efficiency and inconvenience for customers of the currently used security operation and maintenance analysis method.
(II) technical scheme
In order to realize the purpose that the analysis process is clear and quick, the generated safety problem can be quickly processed by combining the system operation and maintenance event database, and a corresponding business analysis report can be generated, the invention provides the following technical scheme: the system comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a monitoring module, a discrimination module and an analysis and evaluation module, and the discrimination module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) The host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
Preferably, the analysis and evaluation module generates a corresponding business analysis report from the received processing result, and an output end of the analysis and evaluation module is electrically connected to a display screen and a printer.
Preferably, the system operation and maintenance event database module backs up problems, processing procedures and results, and the system operation and maintenance event database module communicates with the attack network security processing module, the application network security processing module and the host network security processing module in an internet manner.
Preferably, the supervision module, the identification module and the analysis and evaluation module are all managed and restricted by the typical network security index module, and the typical network security index module can store and backup problems with high occurrence frequency.
Preferably, the host network security processing module and the processing personnel communicate in an internet mode, and the operating personnel, the analysis and evaluation module and the system operation and maintenance event database module communicate in an internet mode.
Preferably, the attack network security processing module, the application network security processing module and the host network security processing module are independent entities and have no information interaction with each other, and the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems.
(III) advantageous effects
Compared with the prior art, the invention provides a network security operation and maintenance correlation analysis method, which has the following beneficial effects:
1. the network security operation and maintenance correlation analysis method has the advantages that various typical indexes of network security operation are accessed, and the network security operation and maintenance correlation analysis method is fused and analyzed with the system operation and maintenance event database module, so that network security problems generated by customers in the using process can be accurately analyzed and processed, the whole analysis and processing process becomes high-efficiency, meanwhile, safety problems generated by the customers and processed or unprocessed are stored in the system operation and maintenance event database module, when corresponding problems are encountered next time, the problems can be rapidly processed, and the efficiency of the whole analysis and processing process is improved.
2. According to the network security operation and maintenance association analysis method, the processing results of the attack network security processing module and the application network security processing module are respectively transmitted to the analysis evaluation module, corresponding business analysis reports can be generated from the analysis evaluation module, corresponding processing personnel can process the network security generated by a host and the like used by a client, and the processing results can be respectively uploaded to the analysis evaluation module and the system operation and maintenance event database module by operating personnel, so that the corresponding business analysis reports can be conveniently generated and backup processing can be conveniently performed, and the problems that the analysis and processing efficiency of the currently used security operation and maintenance analysis method is low and the client is inconvenient to use are solved.
Drawings
FIG. 1 is a schematic flow chart of the present invention;
fig. 2 is a schematic diagram of information feedback according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
a network security operation and maintenance correlation analysis method comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) The attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) the host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
The user accesses the typical network security index module, wherein the monitoring module can monitor the network security of the user all the time, when the monitoring module finds a problem, the detailed information of the security problem can be transmitted to the distinguishing module, the distinguishing module analyzes and judges the generated information so as to accurately process different types of problems, the distinguishing module transmits corresponding security problem information to the attack type network security processing module, the application type network security processing module or the host computer network security processing module, and the attack type network security processing module and the application type network security processing module can process the received security problem by combining corresponding data in the system operation and maintenance event database module; the host network security processing module sends the received security problems to handheld equipment of an operator to inform the operator of processing the security problems, the operator feeds back the completion information to the host network security processing module after the problem processing is completed, meanwhile, the operator also uploads the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, the attack network security processing module and the application network security processing module also feed back and upload the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, and the analysis and evaluation module generates a corresponding business analysis report so as to facilitate the manager to analyze and summarize the problem information; the system operation and maintenance event database module respectively carries out classified storage and backup on the problems processed by the attack network security processing module, the application network security processing module and the host network security processing module so as to form a large database, so that the same kind of problems can be rapidly processed next time, and the processing speed of the whole system is improved.
The analysis evaluation module can generate corresponding business analysis report with the processing result of receiving, the output electric connection of analysis evaluation module has display screen and printer, the business analysis report that the analysis evaluation module generated can show on the display screen, the printer that sets up simultaneously can print the report, in order to make things convenient for the user to carry out the analysis, calculate and discuss, simultaneously can also be at the multiple electrical apparatus of the output of analysis evaluation module electric connection still, in order to make things convenient for the user to use, promote user's work efficiency.
The system operation and maintenance event database module can back up problems, processing processes and results, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module by adopting an internet mode, the system operation and maintenance event database module can realize the faster information interaction between the system operation and maintenance event database module and the attack network security processing module, the application network security processing module and the host network security processing module by establishing communication through the internet, moreover, the information combination between the system operation and maintenance event database module and the typical network security index module is realized, the use and the operation of a user are convenient, meanwhile, the system operation and maintenance event database module can store the stored problem information in a classified manner and can integrate and expand the later problem information of the same type, the space occupied by the information and the integrity of the information are reduced, and the user can call the information conveniently.
The monitoring module, the distinguishing module and the analysis and evaluation module are all managed and restricted by the typical network security index module, the typical network security index module can store and backup problems with high occurrence frequency, the problems generated in the using process of a client can be accurately analyzed and processed by accessing various typical indexes of network security operation and fusing and analyzing with the system operation and maintenance event database module, the whole analysis and processing process becomes efficient, the stored problem information with high frequency is convenient for a user to call, and the attack network security processing module and the application network security processing module can directly call a processing method from the typical network security index module when solving similar problems.
Host computer network security processing module and processing personnel adopt the mode of internet to communicate, all communicate through the mode of internet between operating personnel and analysis evaluation module and the system operation and maintenance incident database module, information interaction between operating personnel and the processing system has been realized, make operating personnel can upload and backup the problem information that its was handled, and simultaneously, the mode that uses the internet communicates, can not receive the region restriction, operating personnel can upload information anytime and anywhere, and communication mode is stable and quick, to a great extent, avoided appearing the condition emergence that the information lost, make entire system's practicality higher, and convenience of customers uses.
The attack network security processing module, the application network security processing module and the host network security processing module are all independent individuals and have no information interaction with each other, the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems, the attack network security processing module, the application network security processing module and the host network security processing module without information interaction avoid the condition of information disorder among the modules, so that the attack network security processing module, the application network security processing module and the host network security processing module can work independently without mutual influence, and meanwhile, for recent problem information stored by the attack network security processing module, the application network security processing module and the host network security processing module, regular cleaning can be carried out to reduce the occupied space of problem information, the attack type network security processing module, the application type network security processing module and the host computer network security processing module can conveniently store the problem information in the future, and the similar problems can be encountered again in the time, the three processing modules can quickly obtain a processing method from the interior of the processing modules, so that the whole system is more efficient.
Example two:
a network security operation and maintenance correlation analysis method comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) the host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
The user accesses the typical network security index module, wherein the monitoring module can monitor the network security of the user all the time, when the monitoring module finds a problem, the detailed information of the security problem can be transmitted to the distinguishing module, the distinguishing module analyzes and judges the generated information so as to accurately process different types of problems, the distinguishing module transmits corresponding security problem information to the attack type network security processing module, the application type network security processing module or the host computer network security processing module, and the attack type network security processing module and the application type network security processing module can process the received security problem by combining corresponding data in the system operation and maintenance event database module; the host network security processing module sends the received security problems to handheld equipment of an operator to inform the operator of processing the security problems, the operator feeds back the completion information to the host network security processing module after the problem processing is completed, meanwhile, the operator also uploads the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, the attack network security processing module and the application network security processing module also feed back and upload the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, and the analysis and evaluation module generates a corresponding business analysis report so as to facilitate the manager to analyze and summarize the problem information; the system operation and maintenance event database module respectively carries out classified storage and backup on the problems processed by the attack network security processing module, the application network security processing module and the host network security processing module so as to form a large database, so that the same kind of problems can be rapidly processed next time, and the processing speed of the whole system is improved.
The analysis evaluation module can generate corresponding business analysis report with the processing result of receiving, the output electric connection of analysis evaluation module has display screen and printer, the business analysis report that the analysis evaluation module generated can show on the display screen, the printer that sets up simultaneously can print the report, in order to make things convenient for the user to carry out the analysis, calculate and discuss, simultaneously can also be at the multiple electrical apparatus of the output of analysis evaluation module electric connection still, in order to make things convenient for the user to use, promote user's work efficiency.
The system operation and maintenance event database module can back up problems, processing processes and results, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module in an optical fiber mode, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module by using the optical fiber, stable information transmission can be guaranteed, information and file loss rarely occurs, the system operation and maintenance event database module has region limitation, the number of consumed optical fibers is large, the manufacturing cost of the system operation and maintenance event database module is increased, and the practicability of the whole system is reduced to a certain extent.
The monitoring module, the distinguishing module and the analysis and evaluation module are all managed and restricted by the typical network security index module, the typical network security index module can store and backup problems with high occurrence frequency, the problems generated in the using process of a client can be accurately analyzed and processed by accessing various typical indexes of network security operation and fusing and analyzing with the system operation and maintenance event database module, the whole analysis and processing process becomes efficient, the stored problem information with high frequency is convenient for a user to call, and the attack network security processing module and the application network security processing module can directly call a processing method from the typical network security index module when solving similar problems.
Host computer network security processing module and processing personnel adopt the mode of internet to communicate, all communicate through the mode of LAN and net twine between operating personnel and analysis evaluation module and the system operation and maintenance incident database module, operating personnel can store the course of treatment and the result of problem information in hand-held device in advance, then in the LAN scope of analysis evaluation module and system operation and maintenance incident database module, use LAN or net twine to upload data, the privacy nature of information has been increased to this kind of mode, but the practicality has been reduced, influence operating personnel's work efficiency.
The attack network security processing module, the application network security processing module and the host network security processing module are all independent individuals and have no information interaction with each other, the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems, the attack network security processing module, the application network security processing module and the host network security processing module without information interaction avoid the condition of information disorder among the modules, so that the attack network security processing module, the application network security processing module and the host network security processing module can work independently without mutual influence, and meanwhile, for recent problem information stored by the attack network security processing module, the application network security processing module and the host network security processing module, regular cleaning can be carried out to reduce the occupied space of problem information, the attack type network security processing module, the application type network security processing module and the host computer network security processing module can conveniently store the problem information in the future, and the similar problems can be encountered again in the time, the three processing modules can quickly obtain a processing method from the interior of the processing modules, so that the whole system is more efficient.
The invention has the beneficial effects that: by accessing various typical indexes of network safe operation and fusing and analyzing with the system operation and maintenance event database module, the network safety problems generated in the using process of a client can be accurately analyzed and processed, the whole analysis and processing process becomes high-efficiency, and simultaneously, the safety problems generated by the client and processed or not processed are stored in the system operation and maintenance event database module, so that the problems can be rapidly processed when the corresponding problems are encountered next time, the efficiency of the whole analysis and processing process is improved, by respectively transmitting the processing results of the attack network safety processing module and the application network safety processing module to the analysis and evaluation module, the corresponding service analysis report can be generated from the analysis and evaluation module, and the network safety generated by a host computer used by the client and the like can be processed by corresponding processing personnel, and the operator can respectively upload the processing results to the analysis evaluation module and the system operation and maintenance event database module so as to conveniently generate a corresponding service analysis report and perform backup processing, thereby solving the problems of low analysis and processing efficiency and inconvenience for customers of the currently used safety operation and maintenance analysis method.
Typical cases are as follows:
a network security operation and maintenance correlation analysis method comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) the host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
The user accesses the typical network security index module, wherein the monitoring module can monitor the network security of the user all the time, when the monitoring module finds a problem, the detailed information of the security problem can be transmitted to the distinguishing module, the distinguishing module analyzes and judges the generated information so as to accurately process different types of problems, the distinguishing module transmits corresponding security problem information to the attack type network security processing module, the application type network security processing module or the host computer network security processing module, and the attack type network security processing module and the application type network security processing module can process the received security problem by combining corresponding data in the system operation and maintenance event database module; the host network security processing module sends the received security problems to handheld equipment of an operator to inform the operator of processing the security problems, the operator feeds back the completion information to the host network security processing module after the problem processing is completed, meanwhile, the operator also uploads the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, the attack network security processing module and the application network security processing module also feed back and upload the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, and the analysis and evaluation module generates a corresponding business analysis report so as to facilitate the manager to analyze and summarize the problem information; the system operation and maintenance event database module respectively carries out classified storage and backup on the problems processed by the attack network security processing module, the application network security processing module and the host network security processing module so as to form a large database, so that the same kind of problems can be rapidly processed next time, and the processing speed of the whole system is improved.
The analysis evaluation module can generate corresponding business analysis report with the processing result of receiving, the output electric connection of analysis evaluation module has display screen and printer, the business analysis report that the analysis evaluation module generated can show on the display screen, the printer that sets up simultaneously can print the report, in order to make things convenient for the user to carry out the analysis, calculate and discuss, simultaneously can also be at the multiple electrical apparatus of the output of analysis evaluation module electric connection still, in order to make things convenient for the user to use, promote user's work efficiency.
The system operation and maintenance event database module can back up problems, processing processes and results, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module by adopting an internet mode, the system operation and maintenance event database module can realize the faster information interaction between the system operation and maintenance event database module and the attack network security processing module, the application network security processing module and the host network security processing module by establishing communication through the internet, moreover, the information combination between the system operation and maintenance event database module and the typical network security index module is realized, the use and the operation of a user are convenient, meanwhile, the system operation and maintenance event database module can store the stored problem information in a classified manner and can integrate and expand the later problem information of the same type, the space occupied by the information and the integrity of the information are reduced, and the user can call the information conveniently.
The monitoring module, the distinguishing module and the analysis and evaluation module are all managed and restricted by the typical network security index module, the typical network security index module can store and backup problems with high occurrence frequency, the problems generated in the using process of a client can be accurately analyzed and processed by accessing various typical indexes of network security operation and fusing and analyzing with the system operation and maintenance event database module, the whole analysis and processing process becomes efficient, the stored problem information with high frequency is convenient for a user to call, and the attack network security processing module and the application network security processing module can directly call a processing method from the typical network security index module when solving similar problems.
Host computer network security processing module and processing personnel adopt the mode of internet to communicate, all communicate through the mode of internet between operating personnel and analysis evaluation module and the system operation and maintenance incident database module, information interaction between operating personnel and the processing system has been realized, make operating personnel can upload and backup the problem information that its was handled, and simultaneously, the mode that uses the internet communicates, can not receive the region restriction, operating personnel can upload information anytime and anywhere, and communication mode is stable and quick, to a great extent, avoided appearing the condition emergence that the information lost, make entire system's practicality higher, and convenience of customers uses.
The attack network security processing module, the application network security processing module and the host network security processing module are all independent individuals and have no information interaction with each other, the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems, the attack network security processing module, the application network security processing module and the host network security processing module without information interaction avoid the condition of information disorder among the modules, so that the attack network security processing module, the application network security processing module and the host network security processing module can work independently without mutual influence, and meanwhile, for recent problem information stored by the attack network security processing module, the application network security processing module and the host network security processing module, regular cleaning can be carried out to reduce the occupied space of problem information, the attack type network security processing module, the application type network security processing module and the host computer network security processing module can conveniently store the problem information in the future, and the similar problems can be encountered again in the time, the three processing modules can quickly obtain a processing method from the interior of the processing modules, so that the whole system is more efficient.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.