CN111865973A - Network security operation and maintenance correlation analysis method - Google Patents
Network security operation and maintenance correlation analysis method Download PDFInfo
- Publication number
- CN111865973A CN111865973A CN202010694496.2A CN202010694496A CN111865973A CN 111865973 A CN111865973 A CN 111865973A CN 202010694496 A CN202010694496 A CN 202010694496A CN 111865973 A CN111865973 A CN 111865973A
- Authority
- CN
- China
- Prior art keywords
- module
- network security
- processing module
- analysis
- security processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network security analysis and discloses a network security operation and maintenance correlation analysis method which comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module. The invention has the advantages that: through various typical indexes of access network safety operation to fuse the analysis mutually with system operation and maintenance incident database module, can carry out accurate analysis and processing to the network safety problem that the customer produced in the use, make whole analysis processing process become high-efficient, produce simultaneously to the customer and in order to do the security problem of handling or not doing the processing store system operation and maintenance incident database module, in order to conveniently carry out rapid processing to this problem, improved whole analysis processing process efficiency.
Description
Technical Field
The invention relates to the technical field of network security analysis, in particular to a network security operation and maintenance correlation analysis method.
Background
The operation and maintenance, referred to herein as internet operation and maintenance, generally belongs to the technical sector, and is also four major sectors for technical support of internet products, such as research, development, testing, and system management, and the division is somewhat different between domestic and foreign companies and between large and small companies.
The generation of an internet product generally goes through the process of: the system comprises a product manager, a demand analysis, development of a research and development department, testing of a testing department, deployment and release of an operation and maintenance department and long-term operation and maintenance; the operation and maintenance, which is essentially the operation and maintenance of each stage of the life cycle of the network, the server and the service, achieve an acceptable state in terms of cost, stability and efficiency, however, the currently used network operation and maintenance processing method has the following disadvantages in the actual use process:
with the continuous promotion of company information construction, the network security problem is increasingly prominent, and system abnormal events occurring in the operation and maintenance process lack analysis related to the security problem at present, and the use requirements of customers are increasingly not met in the use process.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a network security operation and maintenance correlation analysis method, which has the advantages of clear and quick analysis process, capability of quickly processing the generated security problem by combining with a system operation and maintenance event database, capability of generating a corresponding business analysis report and the like, and solves the problems of low analysis and processing efficiency and inconvenience for customers of the currently used security operation and maintenance analysis method.
(II) technical scheme
In order to realize the purpose that the analysis process is clear and quick, the generated safety problem can be quickly processed by combining the system operation and maintenance event database, and a corresponding business analysis report can be generated, the invention provides the following technical scheme: the system comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a monitoring module, a discrimination module and an analysis and evaluation module, and the discrimination module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) The host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
Preferably, the analysis and evaluation module generates a corresponding business analysis report from the received processing result, and an output end of the analysis and evaluation module is electrically connected to a display screen and a printer.
Preferably, the system operation and maintenance event database module backs up problems, processing procedures and results, and the system operation and maintenance event database module communicates with the attack network security processing module, the application network security processing module and the host network security processing module in an internet manner.
Preferably, the supervision module, the identification module and the analysis and evaluation module are all managed and restricted by the typical network security index module, and the typical network security index module can store and backup problems with high occurrence frequency.
Preferably, the host network security processing module and the processing personnel communicate in an internet mode, and the operating personnel, the analysis and evaluation module and the system operation and maintenance event database module communicate in an internet mode.
Preferably, the attack network security processing module, the application network security processing module and the host network security processing module are independent entities and have no information interaction with each other, and the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems.
(III) advantageous effects
Compared with the prior art, the invention provides a network security operation and maintenance correlation analysis method, which has the following beneficial effects:
1. the network security operation and maintenance correlation analysis method has the advantages that various typical indexes of network security operation are accessed, and the network security operation and maintenance correlation analysis method is fused and analyzed with the system operation and maintenance event database module, so that network security problems generated by customers in the using process can be accurately analyzed and processed, the whole analysis and processing process becomes high-efficiency, meanwhile, safety problems generated by the customers and processed or unprocessed are stored in the system operation and maintenance event database module, when corresponding problems are encountered next time, the problems can be rapidly processed, and the efficiency of the whole analysis and processing process is improved.
2. According to the network security operation and maintenance association analysis method, the processing results of the attack network security processing module and the application network security processing module are respectively transmitted to the analysis evaluation module, corresponding business analysis reports can be generated from the analysis evaluation module, corresponding processing personnel can process the network security generated by a host and the like used by a client, and the processing results can be respectively uploaded to the analysis evaluation module and the system operation and maintenance event database module by operating personnel, so that the corresponding business analysis reports can be conveniently generated and backup processing can be conveniently performed, and the problems that the analysis and processing efficiency of the currently used security operation and maintenance analysis method is low and the client is inconvenient to use are solved.
Drawings
FIG. 1 is a schematic flow chart of the present invention;
fig. 2 is a schematic diagram of information feedback according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
a network security operation and maintenance correlation analysis method comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) The attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) the host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
The user accesses the typical network security index module, wherein the monitoring module can monitor the network security of the user all the time, when the monitoring module finds a problem, the detailed information of the security problem can be transmitted to the distinguishing module, the distinguishing module analyzes and judges the generated information so as to accurately process different types of problems, the distinguishing module transmits corresponding security problem information to the attack type network security processing module, the application type network security processing module or the host computer network security processing module, and the attack type network security processing module and the application type network security processing module can process the received security problem by combining corresponding data in the system operation and maintenance event database module; the host network security processing module sends the received security problems to handheld equipment of an operator to inform the operator of processing the security problems, the operator feeds back the completion information to the host network security processing module after the problem processing is completed, meanwhile, the operator also uploads the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, the attack network security processing module and the application network security processing module also feed back and upload the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, and the analysis and evaluation module generates a corresponding business analysis report so as to facilitate the manager to analyze and summarize the problem information; the system operation and maintenance event database module respectively carries out classified storage and backup on the problems processed by the attack network security processing module, the application network security processing module and the host network security processing module so as to form a large database, so that the same kind of problems can be rapidly processed next time, and the processing speed of the whole system is improved.
The analysis evaluation module can generate corresponding business analysis report with the processing result of receiving, the output electric connection of analysis evaluation module has display screen and printer, the business analysis report that the analysis evaluation module generated can show on the display screen, the printer that sets up simultaneously can print the report, in order to make things convenient for the user to carry out the analysis, calculate and discuss, simultaneously can also be at the multiple electrical apparatus of the output of analysis evaluation module electric connection still, in order to make things convenient for the user to use, promote user's work efficiency.
The system operation and maintenance event database module can back up problems, processing processes and results, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module by adopting an internet mode, the system operation and maintenance event database module can realize the faster information interaction between the system operation and maintenance event database module and the attack network security processing module, the application network security processing module and the host network security processing module by establishing communication through the internet, moreover, the information combination between the system operation and maintenance event database module and the typical network security index module is realized, the use and the operation of a user are convenient, meanwhile, the system operation and maintenance event database module can store the stored problem information in a classified manner and can integrate and expand the later problem information of the same type, the space occupied by the information and the integrity of the information are reduced, and the user can call the information conveniently.
The monitoring module, the distinguishing module and the analysis and evaluation module are all managed and restricted by the typical network security index module, the typical network security index module can store and backup problems with high occurrence frequency, the problems generated in the using process of a client can be accurately analyzed and processed by accessing various typical indexes of network security operation and fusing and analyzing with the system operation and maintenance event database module, the whole analysis and processing process becomes efficient, the stored problem information with high frequency is convenient for a user to call, and the attack network security processing module and the application network security processing module can directly call a processing method from the typical network security index module when solving similar problems.
Host computer network security processing module and processing personnel adopt the mode of internet to communicate, all communicate through the mode of internet between operating personnel and analysis evaluation module and the system operation and maintenance incident database module, information interaction between operating personnel and the processing system has been realized, make operating personnel can upload and backup the problem information that its was handled, and simultaneously, the mode that uses the internet communicates, can not receive the region restriction, operating personnel can upload information anytime and anywhere, and communication mode is stable and quick, to a great extent, avoided appearing the condition emergence that the information lost, make entire system's practicality higher, and convenience of customers uses.
The attack network security processing module, the application network security processing module and the host network security processing module are all independent individuals and have no information interaction with each other, the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems, the attack network security processing module, the application network security processing module and the host network security processing module without information interaction avoid the condition of information disorder among the modules, so that the attack network security processing module, the application network security processing module and the host network security processing module can work independently without mutual influence, and meanwhile, for recent problem information stored by the attack network security processing module, the application network security processing module and the host network security processing module, regular cleaning can be carried out to reduce the occupied space of problem information, the attack type network security processing module, the application type network security processing module and the host computer network security processing module can conveniently store the problem information in the future, and the similar problems can be encountered again in the time, the three processing modules can quickly obtain a processing method from the interior of the processing modules, so that the whole system is more efficient.
Example two:
a network security operation and maintenance correlation analysis method comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) the host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
The user accesses the typical network security index module, wherein the monitoring module can monitor the network security of the user all the time, when the monitoring module finds a problem, the detailed information of the security problem can be transmitted to the distinguishing module, the distinguishing module analyzes and judges the generated information so as to accurately process different types of problems, the distinguishing module transmits corresponding security problem information to the attack type network security processing module, the application type network security processing module or the host computer network security processing module, and the attack type network security processing module and the application type network security processing module can process the received security problem by combining corresponding data in the system operation and maintenance event database module; the host network security processing module sends the received security problems to handheld equipment of an operator to inform the operator of processing the security problems, the operator feeds back the completion information to the host network security processing module after the problem processing is completed, meanwhile, the operator also uploads the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, the attack network security processing module and the application network security processing module also feed back and upload the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, and the analysis and evaluation module generates a corresponding business analysis report so as to facilitate the manager to analyze and summarize the problem information; the system operation and maintenance event database module respectively carries out classified storage and backup on the problems processed by the attack network security processing module, the application network security processing module and the host network security processing module so as to form a large database, so that the same kind of problems can be rapidly processed next time, and the processing speed of the whole system is improved.
The analysis evaluation module can generate corresponding business analysis report with the processing result of receiving, the output electric connection of analysis evaluation module has display screen and printer, the business analysis report that the analysis evaluation module generated can show on the display screen, the printer that sets up simultaneously can print the report, in order to make things convenient for the user to carry out the analysis, calculate and discuss, simultaneously can also be at the multiple electrical apparatus of the output of analysis evaluation module electric connection still, in order to make things convenient for the user to use, promote user's work efficiency.
The system operation and maintenance event database module can back up problems, processing processes and results, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module in an optical fiber mode, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module by using the optical fiber, stable information transmission can be guaranteed, information and file loss rarely occurs, the system operation and maintenance event database module has region limitation, the number of consumed optical fibers is large, the manufacturing cost of the system operation and maintenance event database module is increased, and the practicability of the whole system is reduced to a certain extent.
The monitoring module, the distinguishing module and the analysis and evaluation module are all managed and restricted by the typical network security index module, the typical network security index module can store and backup problems with high occurrence frequency, the problems generated in the using process of a client can be accurately analyzed and processed by accessing various typical indexes of network security operation and fusing and analyzing with the system operation and maintenance event database module, the whole analysis and processing process becomes efficient, the stored problem information with high frequency is convenient for a user to call, and the attack network security processing module and the application network security processing module can directly call a processing method from the typical network security index module when solving similar problems.
Host computer network security processing module and processing personnel adopt the mode of internet to communicate, all communicate through the mode of LAN and net twine between operating personnel and analysis evaluation module and the system operation and maintenance incident database module, operating personnel can store the course of treatment and the result of problem information in hand-held device in advance, then in the LAN scope of analysis evaluation module and system operation and maintenance incident database module, use LAN or net twine to upload data, the privacy nature of information has been increased to this kind of mode, but the practicality has been reduced, influence operating personnel's work efficiency.
The attack network security processing module, the application network security processing module and the host network security processing module are all independent individuals and have no information interaction with each other, the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems, the attack network security processing module, the application network security processing module and the host network security processing module without information interaction avoid the condition of information disorder among the modules, so that the attack network security processing module, the application network security processing module and the host network security processing module can work independently without mutual influence, and meanwhile, for recent problem information stored by the attack network security processing module, the application network security processing module and the host network security processing module, regular cleaning can be carried out to reduce the occupied space of problem information, the attack type network security processing module, the application type network security processing module and the host computer network security processing module can conveniently store the problem information in the future, and the similar problems can be encountered again in the time, the three processing modules can quickly obtain a processing method from the interior of the processing modules, so that the whole system is more efficient.
The invention has the beneficial effects that: by accessing various typical indexes of network safe operation and fusing and analyzing with the system operation and maintenance event database module, the network safety problems generated in the using process of a client can be accurately analyzed and processed, the whole analysis and processing process becomes high-efficiency, and simultaneously, the safety problems generated by the client and processed or not processed are stored in the system operation and maintenance event database module, so that the problems can be rapidly processed when the corresponding problems are encountered next time, the efficiency of the whole analysis and processing process is improved, by respectively transmitting the processing results of the attack network safety processing module and the application network safety processing module to the analysis and evaluation module, the corresponding service analysis report can be generated from the analysis and evaluation module, and the network safety generated by a host computer used by the client and the like can be processed by corresponding processing personnel, and the operator can respectively upload the processing results to the analysis evaluation module and the system operation and maintenance event database module so as to conveniently generate a corresponding service analysis report and perform backup processing, thereby solving the problems of low analysis and processing efficiency and inconvenience for customers of the currently used safety operation and maintenance analysis method.
Typical cases are as follows:
a network security operation and maintenance correlation analysis method comprises a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a supervision module, a resolution module and an analysis and evaluation module, and the resolution module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
A network security operation and maintenance correlation analysis method comprises the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) the host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
The user accesses the typical network security index module, wherein the monitoring module can monitor the network security of the user all the time, when the monitoring module finds a problem, the detailed information of the security problem can be transmitted to the distinguishing module, the distinguishing module analyzes and judges the generated information so as to accurately process different types of problems, the distinguishing module transmits corresponding security problem information to the attack type network security processing module, the application type network security processing module or the host computer network security processing module, and the attack type network security processing module and the application type network security processing module can process the received security problem by combining corresponding data in the system operation and maintenance event database module; the host network security processing module sends the received security problems to handheld equipment of an operator to inform the operator of processing the security problems, the operator feeds back the completion information to the host network security processing module after the problem processing is completed, meanwhile, the operator also uploads the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, the attack network security processing module and the application network security processing module also feed back and upload the problem information, the processing process and the processing result to the analysis and evaluation module and the system operation and maintenance event database module respectively, and the analysis and evaluation module generates a corresponding business analysis report so as to facilitate the manager to analyze and summarize the problem information; the system operation and maintenance event database module respectively carries out classified storage and backup on the problems processed by the attack network security processing module, the application network security processing module and the host network security processing module so as to form a large database, so that the same kind of problems can be rapidly processed next time, and the processing speed of the whole system is improved.
The analysis evaluation module can generate corresponding business analysis report with the processing result of receiving, the output electric connection of analysis evaluation module has display screen and printer, the business analysis report that the analysis evaluation module generated can show on the display screen, the printer that sets up simultaneously can print the report, in order to make things convenient for the user to carry out the analysis, calculate and discuss, simultaneously can also be at the multiple electrical apparatus of the output of analysis evaluation module electric connection still, in order to make things convenient for the user to use, promote user's work efficiency.
The system operation and maintenance event database module can back up problems, processing processes and results, the system operation and maintenance event database module is communicated with the attack network security processing module, the application network security processing module and the host network security processing module by adopting an internet mode, the system operation and maintenance event database module can realize the faster information interaction between the system operation and maintenance event database module and the attack network security processing module, the application network security processing module and the host network security processing module by establishing communication through the internet, moreover, the information combination between the system operation and maintenance event database module and the typical network security index module is realized, the use and the operation of a user are convenient, meanwhile, the system operation and maintenance event database module can store the stored problem information in a classified manner and can integrate and expand the later problem information of the same type, the space occupied by the information and the integrity of the information are reduced, and the user can call the information conveniently.
The monitoring module, the distinguishing module and the analysis and evaluation module are all managed and restricted by the typical network security index module, the typical network security index module can store and backup problems with high occurrence frequency, the problems generated in the using process of a client can be accurately analyzed and processed by accessing various typical indexes of network security operation and fusing and analyzing with the system operation and maintenance event database module, the whole analysis and processing process becomes efficient, the stored problem information with high frequency is convenient for a user to call, and the attack network security processing module and the application network security processing module can directly call a processing method from the typical network security index module when solving similar problems.
Host computer network security processing module and processing personnel adopt the mode of internet to communicate, all communicate through the mode of internet between operating personnel and analysis evaluation module and the system operation and maintenance incident database module, information interaction between operating personnel and the processing system has been realized, make operating personnel can upload and backup the problem information that its was handled, and simultaneously, the mode that uses the internet communicates, can not receive the region restriction, operating personnel can upload information anytime and anywhere, and communication mode is stable and quick, to a great extent, avoided appearing the condition emergence that the information lost, make entire system's practicality higher, and convenience of customers uses.
The attack network security processing module, the application network security processing module and the host network security processing module are all independent individuals and have no information interaction with each other, the attack network security processing module, the application network security processing module and the host network security processing module can store recent security problems, the attack network security processing module, the application network security processing module and the host network security processing module without information interaction avoid the condition of information disorder among the modules, so that the attack network security processing module, the application network security processing module and the host network security processing module can work independently without mutual influence, and meanwhile, for recent problem information stored by the attack network security processing module, the application network security processing module and the host network security processing module, regular cleaning can be carried out to reduce the occupied space of problem information, the attack type network security processing module, the application type network security processing module and the host computer network security processing module can conveniently store the problem information in the future, and the similar problems can be encountered again in the time, the three processing modules can quickly obtain a processing method from the interior of the processing modules, so that the whole system is more efficient.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A network security operation and maintenance correlation analysis method is characterized by comprising a typical network security index module and a system operation and maintenance event database module, wherein the network security index module comprises a monitoring module, a discrimination module and an analysis and evaluation module, and the discrimination module comprises an attack network security processing module, an application network security processing module and a host network security processing module.
2. A network security operation and maintenance correlation analysis method is characterized by comprising the following steps:
1) the supervision module transmits the supervised security problem to the discrimination module;
2) the identification module judges the type of the received security problem and transmits the corresponding problem to the corresponding attack network security processing module, the application network security processing module and the host network security processing module;
3) the attack network security processing module and the application network security processing module are respectively combined with corresponding data in the system operation and maintenance event database module to process security problems and feed back processing results to the analysis and evaluation module;
4) The host network security processing module issues the security problem to a processing personnel;
5) and the processing personnel processes the received safety problems and uploads the processing results to the analysis and evaluation module, the host network safety processing module and the system operation and maintenance event database module respectively.
3. The network security operation and maintenance correlation analysis method according to claim 1, wherein the analysis and evaluation module generates a corresponding business analysis report from the received processing result, and an output end of the analysis and evaluation module is electrically connected to a display screen and a printer.
4. The network security operation and maintenance association analysis method according to claim 1, wherein the system operation and maintenance event database module backs up problems, processing procedures and results, and the system operation and maintenance event database module communicates with the attack network security processing module, the application network security processing module and the host network security processing module in an internet manner.
5. The network security operation and maintenance correlation analysis method according to claim 1, wherein the supervision module, the resolution module and the analysis and evaluation module are managed and restricted by a typical network security index module, and the typical network security index module stores and backups problems with high occurrence frequency.
6. The network security operation and maintenance association analysis method according to claim 1, wherein the host network security processing module and the processing personnel communicate with each other in an internet manner, and the operating personnel, the analysis and evaluation module and the system operation and maintenance event database module communicate with each other in an internet manner.
7. The method according to claim 1, wherein the attack-type network security processing module, the application-type network security processing module, and the host-type network security processing module are independent entities and have no information interaction with each other, and the attack-type network security processing module, the application-type network security processing module, and the host-type network security processing module store recent security problems.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010694496.2A CN111865973A (en) | 2020-07-17 | 2020-07-17 | Network security operation and maintenance correlation analysis method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010694496.2A CN111865973A (en) | 2020-07-17 | 2020-07-17 | Network security operation and maintenance correlation analysis method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111865973A true CN111865973A (en) | 2020-10-30 |
Family
ID=73000599
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010694496.2A Pending CN111865973A (en) | 2020-07-17 | 2020-07-17 | Network security operation and maintenance correlation analysis method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111865973A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113037744A (en) * | 2021-03-05 | 2021-06-25 | 中通服创发科技有限责任公司 | Interactive safety event script arranging and disposing method and device |
| CN116232695A (en) * | 2023-02-02 | 2023-06-06 | 深圳市网安信科技有限公司 | Network security operation and maintenance association analysis system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002097587A2 (en) * | 2001-05-31 | 2002-12-05 | Internet Security Systems, Inc. | Method and system for implementing security devices in a network |
| CN102958082A (en) * | 2012-12-07 | 2013-03-06 | 广州杰赛科技股份有限公司 | Network optimization analysis method and system |
| CN107483472A (en) * | 2017-09-05 | 2017-12-15 | 中国科学院计算机网络信息中心 | A kind of method, apparatus of network security monitoring, storage medium and server |
| CN108880842A (en) * | 2017-05-11 | 2018-11-23 | 上海宏时数据系统有限公司 | A kind of fault rootstock analyzing and positioning system and analysis method automating operation platform |
| CN109309687A (en) * | 2018-11-27 | 2019-02-05 | 杭州迪普科技股份有限公司 | Network security defence method, device and the network equipment |
-
2020
- 2020-07-17 CN CN202010694496.2A patent/CN111865973A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002097587A2 (en) * | 2001-05-31 | 2002-12-05 | Internet Security Systems, Inc. | Method and system for implementing security devices in a network |
| CN102958082A (en) * | 2012-12-07 | 2013-03-06 | 广州杰赛科技股份有限公司 | Network optimization analysis method and system |
| CN108880842A (en) * | 2017-05-11 | 2018-11-23 | 上海宏时数据系统有限公司 | A kind of fault rootstock analyzing and positioning system and analysis method automating operation platform |
| CN107483472A (en) * | 2017-09-05 | 2017-12-15 | 中国科学院计算机网络信息中心 | A kind of method, apparatus of network security monitoring, storage medium and server |
| CN109309687A (en) * | 2018-11-27 | 2019-02-05 | 杭州迪普科技股份有限公司 | Network security defence method, device and the network equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113037744A (en) * | 2021-03-05 | 2021-06-25 | 中通服创发科技有限责任公司 | Interactive safety event script arranging and disposing method and device |
| CN116232695A (en) * | 2023-02-02 | 2023-06-06 | 深圳市网安信科技有限公司 | Network security operation and maintenance association analysis system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20120257890A1 (en) | System and method for cable monitoring | |
| CN111158983A (en) | Integrated operation and maintenance management system | |
| CN111865973A (en) | Network security operation and maintenance correlation analysis method | |
| CN104281104B (en) | A kind of unusual service condition information processing system and method | |
| CN105049223A (en) | Electric power communication network defect and fault processing decision-aided analysis method | |
| CN112311588A (en) | Intelligent optical fiber identification method for transformer substation | |
| CN109542750A (en) | Distributed information log system | |
| CN103699964A (en) | Agricultural-product tracing system based on evidence-chain and supply-chain panels | |
| CN101616023A (en) | A kind of method of cluster being implemented monitoring by note | |
| CN105335770A (en) | Abnormal production event real-time management system | |
| CN209419625U (en) | A kind of power matching network optical cable real time monitoring operational system based on WDM technology | |
| JP2013041574A (en) | Information processing system operation management device, operation management method and operation management program | |
| CN109100116A (en) | A kind of optical module fault diagnosis system and method | |
| CN111192446A (en) | Remote meter reading system | |
| CN116886183A (en) | Optical fiber state monitoring method, system and storage medium | |
| CN109450103A (en) | Condition detection method, device and the intelligent terminal of pressing plate | |
| KR101288535B1 (en) | Method for monitoring communication system and apparatus therefor | |
| CN102783087A (en) | Associative alarm method and device based on management layers | |
| CN110377137A (en) | Power capacity management system and management method based on PDU monitoring | |
| CN104734354A (en) | Intelligent power grid overhaul system based on network topology and overhaul method | |
| CN218456425U (en) | Internet computer big data information processing system | |
| CN116208873B (en) | ONU operation and maintenance management method, device and system | |
| CN115277356B (en) | Alarm information merging method and device and electronic equipment | |
| CN118158137A (en) | Method and system for monitoring card state of Internet of things | |
| CN105357062A (en) | Auxiliary analysis method of defect fault handling and decision making of electric power communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210623 Address after: 056000 48 North Zhonghua street, contai District, Handan, Hebei. Applicant after: HANDAN POWER SUPPLY BRANCH OF STATE GRID HEBEI ELECTRIC POWER SUPPLY Co.,Ltd. Applicant after: STATE GRID HEBEI ELECTRIC POWER SUPPLY Co.,Ltd. Applicant after: STATE GRID CORPORATION OF CHINA Address before: 056000 48 North Zhonghua street, contai District, Handan, Hebei. Applicant before: HANDAN POWER SUPPLY BRANCH OF STATE GRID HEBEI ELECTRIC POWER SUPPLY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |