CN112084239B - Signaling network security mining analysis method based on big data feature model identification - Google Patents
Signaling network security mining analysis method based on big data feature model identification Download PDFInfo
- Publication number
- CN112084239B CN112084239B CN202010965374.2A CN202010965374A CN112084239B CN 112084239 B CN112084239 B CN 112084239B CN 202010965374 A CN202010965374 A CN 202010965374A CN 112084239 B CN112084239 B CN 112084239B
- Authority
- CN
- China
- Prior art keywords
- target
- abnormal
- signaling
- suspicious
- model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000011664 signaling Effects 0.000 title claims abstract description 85
- 238000004458 analytical method Methods 0.000 title claims abstract description 27
- 238000005065 mining Methods 0.000 title claims abstract description 20
- 230000002159 abnormal effect Effects 0.000 claims abstract description 66
- 238000012216 screening Methods 0.000 claims abstract description 20
- 230000006399 behavior Effects 0.000 claims description 31
- 238000004364 calculation method Methods 0.000 claims description 17
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 11
- 238000001514 detection method Methods 0.000 claims description 9
- 230000008447 perception Effects 0.000 claims description 9
- 230000002776 aggregation Effects 0.000 claims description 6
- 238000004220 aggregation Methods 0.000 claims description 6
- 238000012098 association analyses Methods 0.000 claims description 6
- 230000003068 static effect Effects 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 5
- 238000004422 calculation algorithm Methods 0.000 claims description 4
- 238000007621 cluster analysis Methods 0.000 claims description 3
- 238000001914 filtration Methods 0.000 claims description 3
- 230000004927 fusion Effects 0.000 claims description 3
- 238000010219 correlation analysis Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000007418 data mining Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 4
- 238000000034 method Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013075 data extraction Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2465—Query processing support for facilitating data mining operations in structured databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
- G06F16/285—Clustering or classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/25—Fusion techniques
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a signaling network security mining analysis method based on big data feature model identification, which comprises the following steps: s1, discovering a non-safe suspicious target in a sensitive signaling message based on a screening parameter model; s2, carrying out full-quantity signaling message completion on the unsafe suspicious target; s3, extracting the behavior characteristics of the unsafe suspicious target as a target characteristic parameter model, and carrying out mining recommendation of the abnormal target based on the target characteristic parameter model. The invention utilizes big data mining analysis processing technology to carry out unsafe general object screening in the signaling network to the illegal user behavior data information contained in the signaling network protocol data, and to accurately recommend and intelligently identify abnormal objects.
Description
Technical Field
The invention relates to the technical field of signaling network communication and big data processing, in particular to a signaling network security mining analysis method based on big data feature model identification.
Background
At present, the existing security intrusion detection defense of the signaling network mainly adopts signaling network intrusion detection discovery technology of basic message processing layers such as authentication and authentication of signaling protocol interaction messages, legal compliance verification of message elements and the like.
Existing signaling network security intrusion detection defense techniques are limited to resolving signaling message security at the signaling protocol message level. It is difficult to find out that a hacker of the signaling network performs target user information sniffing, target user information stealing, target user position tracking and short message monitoring/interception by using MAP of the No. 7 signaling network, CAP signaling message and Diameter signaling message carried by the IP network.
Disclosure of Invention
Aiming at the defects in the prior art, the signaling network security mining analysis method based on the big data feature model identification solves the problems of target user information sniffing, target user information stealing, target user position tracking and short message monitoring/interception of a signaling network hacker.
In order to achieve the aim of the invention, the invention adopts the following technical scheme: a signaling network security mining analysis method based on big data feature model identification comprises the following steps:
s1, discovering a non-safe suspicious target in a sensitive signaling message based on a screening parameter model;
s2, carrying out full-quantity signaling message completion on the unsafe suspicious target;
s3, extracting the behavior characteristics of the unsafe suspicious target as a target characteristic parameter model, and carrying out mining recommendation of the abnormal target based on the target characteristic parameter model.
Further: the specific steps of the step S1 are as follows:
s11, loading a corresponding operator through a preset suspicious behavior parameter model based on MAP/CAP signaling message data;
s12, analyzing and calculating the signaling message data by utilizing a Spark calculation engine according to an operator to obtain a calculation result, and storing the calculation result into a security risk database;
s13, screening data in the security risk database by a suspicious network element target screening function through a preset parameter threshold value, and filtering out unsafe suspicious targets and network element information.
Further: the suspicious behavior parameter model in step S11 includes suspicious network elements, suspicious users, attack behaviors and trend statistics detection, and the bottommost model of the suspicious behavior parameter model is a specific field of signaling information.
Further: the mining recommendation of the abnormal target in the step S3 comprises abnormal network element target recommendation and abnormal target intelligent recommendation.
Further: the specific steps of the abnormal network element target recommendation are as follows:
extracting suspicious network element target data from a security risk database;
identifying an abnormal network element target by a Spark calculation engine through a correlation analysis and recommendation algorithm and combining an abnormal behavior parameter model;
and (3) carrying out association analysis and weight calculation on the suspicious network element target parameter value and the security class parameter value in the Spark Task program operation, obtaining abnormal network element target data, and inputting the abnormal network element target data into a security risk identification database.
Further: the abnormal behavior parameter model comprises an abnormal network element model, suspicious users, attack behaviors and trend statistical detection.
Further: and the abnormal target intelligent recommendation is realized through a feature model.
Further: the feature model comprises an abnormal network element identification feature model, an abnormal user identification feature model and an attack identification feature model, and each feature model comprises a judgment target parameter value feature, a judgment target signaling rule feature and a judgment target static information feature;
the target parameter value features are that fusion cluster analysis is carried out on abnormal network elements and target feature parameter values of all user judgment targets, so that the value domain feature perception of a parameter model of the system intelligent perception abnormal targets is realized, and feature value domain pattern matching recognition capability is provided for subsequent abnormal target discovery;
the target signaling rule feature is to aggregate and analyze signaling messages related to signaling behaviors of all user judging network elements and target features to obtain the characteristic parameters. The signaling preference capability for realizing the intelligent perception of abnormal targets of the system comprises various signaling sets from a source network element to a destination network element, which can acquire the position information of a user and user data;
the target static information feature is that time sequence segment aggregation is carried out on related signaling messages of all user judging targets to obtain the characteristic parameters, the signaling combination attack mode capability of the system for intelligently sensing abnormal targets is realized, and the signaling combination attack mode capability comprises network element multi-signaling flow combination and user signaling flow combination.
The beneficial effects of the invention are as follows: the invention utilizes big data mining analysis processing technology to carry out unsafe general object screening in the signaling network to the illegal user behavior data information contained in the signaling network protocol data, and to accurately recommend and intelligently identify abnormal objects.
The three models of target screening, target recommendation and target intelligent feature recognition have the capability of recognizing various terminals, network elements and message behaviors with safety risks, and the models have strong scalability.
The invention aims at the continuous analysis, extraction and identification of signaling behavior data information of unsafe targets in signaling network communication protocol data, and continuous iterative model evaluation, but the dynamic behavior intention depiction of the target conditions in the network is an implementation method with dynamic perception capability.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a schematic diagram of an application scenario of the present invention;
FIG. 3 is a schematic diagram of the operation of the present invention;
FIG. 4 is a logic diagram of suspicious network element target recommendation in the present invention;
FIG. 5 is a diagram of a suspicious behavior parametric model according to the present invention;
FIG. 6 is a flowchart of suspicious network element target recommendation in the present invention;
FIG. 7 is a logic diagram of abnormal network element target recommendation in the present invention;
FIG. 8 is a diagram of an abnormal behavior parametric model in accordance with the present invention;
FIG. 9 is a flowchart of the abnormal network element target recommendation in the present invention;
FIG. 10 is a schematic diagram of feature model construction in accordance with the present invention;
FIG. 11 is a diagram of a feature model structure in accordance with the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and all the inventions which make use of the inventive concept are protected by the spirit and scope of the present invention as defined and defined in the appended claims to those skilled in the art.
As shown in fig. 1 and fig. 2, a signaling network security mining analysis method based on big data feature model identification includes the following steps:
s1, discovering a non-safe suspicious target in a sensitive signaling message based on a screening parameter model;
s2, carrying out full-quantity signaling message completion on the unsafe suspicious target;
s3, extracting the behavior characteristics of the unsafe suspicious target as a target characteristic parameter model, and carrying out mining recommendation of the abnormal target based on the target characteristic parameter model.
As shown in fig. 3, the data acquisition access service is utilized to access the acquisition signaling message data to construct a security integration database; preliminary screening of suspicious targets, risk behavior detection is carried out on the security basic data to obtain risk target data, and a security risk library is constructed; performing feature analysis on risk target data by abnormal behavior depth mining analysis to identify risk targets, extracting knowledge of risk target identification, and constructing a safety analysis identification model parameter library; the risk management application provides interactive services such as position sniffing, abnormal communication, disguised network element attack, distributed network element attack, abnormal target report of interference user behavior, analysis and judgment and the like based on the security analysis and identification model parameter library result. And (3) feature operator management, namely providing feature parameter calculation operator program management for a feature model of the system.
The data access aims at the access of signaling message data sources such as MAP/CAP and the like, and comprises the extraction of static data and the butt joint of real-time streaming data.
And (3) primarily screening suspicious targets, and constructing a suspicious target screening parameter model based on MAP/CAP (MAP/CAP) related position sniffing, abnormal communication, camouflage network element attack, distributed network element attack and interference user signaling information type analysis. And (3) completing screening of suspicious behaviors, targets and network elements through risk detection analysis of various signaling message data, forming screening results and storing the screening results into a security risk database.
And further judging the suspicious target by the abnormal behavior depth mining analysis, carrying out target all signaling message data completion on the suspicious target, carrying out feature analysis, and carrying out association analysis.
After data verification and screening, the abnormal data are displayed on the interface through the service interface.
As shown in fig. 4, based on MAP/CAP signaling message data, a corresponding operator is loaded through a preset suspicious behavior parameter model, and analysis and calculation are performed by using a Spark calculation engine. The calculation result is stored in a security risk database. And then, screening data in the security risk database by a suspicious network element target screening function through a preset parameter threshold value, and filtering more possible suspicious target and network element information.
The suspicious behavior parameter model can be primarily decomposed into a four-layer structure, and as shown in fig. 5, the example model is divided into four layers, including suspicious network elements, suspicious users, attack behaviors and trend statistical monitoring. The bottom layer model is a specific field of signaling information, such as: ATI, UDA, PSI, UL/UGL, etc. And respectively calculating model data of the bottommost layer according to operators by the recommendation task, summarizing respective calculation results into a model of the upper layer, and so on. For the second layer model, the weight is set, and the user sets different weight ratios for the model according to the actual service requirement, so that recommendation of suspicious network element target data can be realized more accurately.
The recommendation task regularly extracts data from the HDFS/MPP, and uses MR, spark MLlib (association analysis, recommendation algorithm and the like) to dock a suspicious parameter recommendation model through the Spark task, identify suspicious network elements or targets, output the suspicious network elements or targets into a security risk database and support the target recommendation function of the subsequent abnormal network elements. The overall flow is shown in fig. 6.
As shown in fig. 7, the abnormal network element target recommendation, the selectable target of which is derived from the target of the suspicious network element target recommendation. And carrying out overall signaling message completion on the screened unsafe suspicious targets by abnormal target mining analysis, further extracting the behavior characteristics of the suspicious targets as a target characteristic parameter model, and carrying out abnormal target mining recommendation based on the abnormal target parameter recommendation model. The function is also used for analyzing and calculating by utilizing a Spark calculation engine through a preset abnormal behavior parameter model, and finally providing an abnormal target.
Similar to the suspicious behavior parameter model, the abnormal behavior parameter model can be primarily decomposed into a four-layer structure, as shown in fig. 8, and a virtual box marking part in the drawing is a further judging condition of the abnormal behavior parameter model on the suspicious behavior parameter model, so that abnormal network elements and targets are recommended. When the model is judged, the lowest parameter value is calculated firstly as the suspicious behavior parameter model, and after the parameter model of the upper layer is summarized and calculated by weight, the final abnormal network element target value is output for the user to judge.
And (3) recommending tasks by the abnormal network element targets, regularly extracting data from a security risk database (MPP), using MR (magnetic resonance) and Spark MLlib (association analysis, recommendation algorithm and the like) through Spark tasks, combining an abnormal behavior parameter recommending model, identifying the abnormal network element or target, carrying out association analysis and weight calculation on suspicious network element target parameter values and security class parameter values in the Spark Task program operation, obtaining abnormal network element target data, and outputting the abnormal network element target data to a security risk identification database for user judgment. The overall flow is shown in fig. 9.
As shown in fig. 10, after performing data extraction on space-time and parameter value domain dimension commonality attributes of various parameters of an abnormal parameter model for judging abnormal network elements & targets, clustering methods such as clustering of different space-time and dimension commonality clustering variable exploration systems, dynamic clustering, fuzzy clustering, clustering forecast and the like are used for finding abnormal network elements & targets internal rule clustering (shown in the following diagram) of any shape. And providing an interpretable, understandable and usable feature model for judging the abnormal network element and target features.
The feature model building target is shown in fig. 11, and comprises three main types of service models of abnormal network elements, targets (users) and attack intelligent analysis and judgment, wherein in each service model, the characteristics of target parameter values, the characteristics of target signaling rules and the characteristics of static information are judged by the classes.
Signaling type preference feature: and carrying out aggregation analysis on signaling messages related to the signaling behaviors of all user positive judging network elements and target characteristics to obtain the characteristic parameters. The signaling preference capability of the system for intelligently sensing the abnormal target is realized, and the signaling preference capability comprises various signaling sets from a source network element to a destination network element, wherein the signaling sets can acquire the position information of a user, the user data and the like.
Multiple signaling flow aggregation features: and carrying out time sequence segment aggregation on all related signaling messages of the user judgment target to obtain the characteristic parameters. The signaling combination attack mode capability of the system for intelligently sensing abnormal targets is realized. The method comprises the steps of combining network element multiple signaling flows and combining user signaling flows.
Parameter value characteristics: and carrying out fusion cluster analysis on the abnormal network element and target characteristic parameter values of all the user judgment targets, so as to realize the value domain characteristic perception of the parameter model of the intelligent perception abnormal targets of the system and provide characteristic value domain pattern matching recognition capability for the subsequent abnormal target discovery.
Claims (3)
1. The signaling network security mining analysis method based on the big data feature model identification is characterized by comprising the following steps:
s1, discovering a non-safe suspicious target in a sensitive signaling message based on a screening parameter model;
s2, carrying out full-quantity signaling message completion on the unsafe suspicious target;
s3, extracting behavior features of the unsafe suspicious target as a target feature parameter model, and carrying out mining recommendation of the abnormal target based on the target feature parameter model;
the mining recommendation of the abnormal target in the step S3 comprises abnormal network element target recommendation and abnormal target intelligent recommendation; the abnormal target intelligent recommendation is realized through a feature model; the specific steps of the abnormal network element target recommendation are as follows:
extracting suspicious network element target data from a security risk database;
identifying an abnormal network element target by a Spark calculation engine through a correlation analysis and recommendation algorithm and combining an abnormal behavior parameter model;
carrying out association analysis and weight calculation on suspicious network element target parameter values and security class parameter values in the Spark Task program operation, obtaining abnormal network element target data, and inputting the abnormal network element target data into a security risk identification database;
the abnormal behavior parameter model comprises an abnormal network element model, suspicious users, attack behaviors and trend statistical detection;
the feature model comprises an abnormal network element identification feature model, an abnormal user identification feature model and an attack identification feature model, and each feature model comprises a judgment target parameter value feature, a judgment target signaling rule feature and a judgment target static information feature;
the target parameter value features are that fusion cluster analysis is carried out on abnormal network elements and target feature parameter values of all user judgment targets, so that the value domain feature perception of a parameter model of the system intelligent perception abnormal targets is realized, and feature value domain pattern matching recognition capability is provided for subsequent abnormal target discovery;
the target signaling rule features are that the signaling messages related to the signaling behaviors of all the user judging network elements and target features are subjected to aggregation analysis to obtain the characteristic parameters; the signaling preference capability for realizing the intelligent perception of abnormal targets of the system comprises various signaling sets from a source network element to a destination network element, which can acquire the position information of a user and user data;
the target static information feature is that time sequence segment aggregation is carried out on related signaling messages of all user judging targets to obtain the characteristic parameters, the signaling combination attack mode capability of the system for intelligently sensing abnormal targets is realized, and the signaling combination attack mode capability comprises network element multi-signaling flow combination and user signaling flow combination.
2. The signaling network security mining analysis method based on big data feature model identification according to claim 1, wherein the specific steps of step S1 are as follows:
s11, loading a corresponding operator through a preset suspicious behavior parameter model based on MAP/CAP signaling message data;
s12, analyzing and calculating the signaling message data by utilizing a Spark calculation engine according to an operator to obtain a calculation result, and storing the calculation result into a security risk database;
s13, screening data in the security risk database by a suspicious network element target screening function through a preset parameter threshold value, and filtering out unsafe suspicious targets and network element information.
3. The signaling network security mining analysis method based on big data feature model recognition according to claim 2, wherein the suspicious behavior parameter model in step S11 includes suspicious network elements, suspicious users, attack behaviors and trend statistics detection, and a bottommost model of the suspicious behavior parameter model is a specific field of signaling information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010965374.2A CN112084239B (en) | 2020-09-15 | 2020-09-15 | Signaling network security mining analysis method based on big data feature model identification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010965374.2A CN112084239B (en) | 2020-09-15 | 2020-09-15 | Signaling network security mining analysis method based on big data feature model identification |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112084239A CN112084239A (en) | 2020-12-15 |
CN112084239B true CN112084239B (en) | 2023-11-24 |
Family
ID=73737816
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010965374.2A Active CN112084239B (en) | 2020-09-15 | 2020-09-15 | Signaling network security mining analysis method based on big data feature model identification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112084239B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114339767B (en) * | 2021-12-30 | 2024-04-05 | 恒安嘉新(北京)科技股份公司 | Signaling detection method and device, electronic equipment and storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103354633A (en) * | 2013-07-31 | 2013-10-16 | 上海欣方软件有限公司 | Signaling data mining and analyzing-based specific mobile subscriber coarse positioning system and method thereof |
CN104753946A (en) * | 2015-04-01 | 2015-07-01 | 浪潮电子信息产业股份有限公司 | Security analysis framework based on network traffic meta data |
CN105451234A (en) * | 2015-11-09 | 2016-03-30 | 北京市天元网络技术股份有限公司 | Signaling interactive data-based suspicious number analyzing method and device |
CN108848515A (en) * | 2018-05-31 | 2018-11-20 | 武汉虹信技术服务有限责任公司 | A kind of internet of things service quality-monitoring platform and method based on big data |
CN109257193A (en) * | 2017-07-11 | 2019-01-22 | 中国移动通信有限公司研究院 | Edge cache management method, personal cloud system and computer readable storage medium |
CN109672671A (en) * | 2018-12-12 | 2019-04-23 | 北京华清信安科技有限公司 | Security gateway and security protection system based on intelligent behavior analysis |
CN111225375A (en) * | 2019-12-31 | 2020-06-02 | 汉熵通信有限公司 | Next-generation Internet of things system architecture design method and application system |
CN111610056A (en) * | 2020-06-02 | 2020-09-01 | 中研(山东)测控技术有限公司 | 5G technology big data-based acquisition equipment |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10769734B2 (en) * | 2015-01-13 | 2020-09-08 | Causam Energy, Inc. | Systems and methods for advanced energy settlements, network-based messaging, and software applications for electric power grids, microgrids, grid elements, and/or electric power networks |
-
2020
- 2020-09-15 CN CN202010965374.2A patent/CN112084239B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103354633A (en) * | 2013-07-31 | 2013-10-16 | 上海欣方软件有限公司 | Signaling data mining and analyzing-based specific mobile subscriber coarse positioning system and method thereof |
CN104753946A (en) * | 2015-04-01 | 2015-07-01 | 浪潮电子信息产业股份有限公司 | Security analysis framework based on network traffic meta data |
CN105451234A (en) * | 2015-11-09 | 2016-03-30 | 北京市天元网络技术股份有限公司 | Signaling interactive data-based suspicious number analyzing method and device |
CN109257193A (en) * | 2017-07-11 | 2019-01-22 | 中国移动通信有限公司研究院 | Edge cache management method, personal cloud system and computer readable storage medium |
CN108848515A (en) * | 2018-05-31 | 2018-11-20 | 武汉虹信技术服务有限责任公司 | A kind of internet of things service quality-monitoring platform and method based on big data |
CN109672671A (en) * | 2018-12-12 | 2019-04-23 | 北京华清信安科技有限公司 | Security gateway and security protection system based on intelligent behavior analysis |
CN111225375A (en) * | 2019-12-31 | 2020-06-02 | 汉熵通信有限公司 | Next-generation Internet of things system architecture design method and application system |
CN111610056A (en) * | 2020-06-02 | 2020-09-01 | 中研(山东)测控技术有限公司 | 5G technology big data-based acquisition equipment |
Non-Patent Citations (4)
Title |
---|
recent applications of big data analytics in railway transportation systems:a survey;Faeze Ghofrani等;transportation research part C: emerging technologies;226-246 * |
安徽联通企业级大数据平台构建及应用实践;吴涛;刘韬;王斌;;电信科学;第34卷(第01期);135-147 * |
移动运营商大数据和云计算应用探讨;张长青;;电信网技术(第03期);34-38 * |
通信运营商大数据平台容量需求测算模型探讨;倪飞;;江西通信科技(第04期);25-27 * |
Also Published As
Publication number | Publication date |
---|---|
CN112084239A (en) | 2020-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111565390B (en) | Internet of things equipment risk control method and system based on equipment portrait | |
CN107888574B (en) | Method, server and storage medium for detecting database risk | |
CN104660594B (en) | A kind of virtual malicious node and its Network Recognition method towards social networks | |
CN105376255B (en) | A kind of Android platform intrusion detection method based on K-means cluster | |
CN106686264B (en) | Fraud telephone screening and analyzing method and system | |
CN116506217B (en) | Analysis method, system, storage medium and terminal for security risk of service data stream | |
CN108471429A (en) | A kind of network attack alarm method and system | |
CN108683687A (en) | A kind of network attack identification method and system | |
CN108881263A (en) | A kind of network attack result detection method and system | |
CN114372286A (en) | Data security management method and device, computer equipment and storage medium | |
CN107579986B (en) | Network security detection method in complex network | |
CN105825129B (en) | Malware discrimination method and system in a kind of converged communication | |
CN109218321A (en) | A kind of network inbreak detection method and system | |
CN112491779B (en) | Abnormal behavior detection method and device and electronic equipment | |
CN116305168B (en) | Multi-dimensional information security risk assessment method, system and storage medium | |
KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
CN108234426B (en) | APT attack warning method and APT attack warning device | |
CN112039862A (en) | Multi-dimensional stereo network-oriented security event early warning method | |
CN110716973A (en) | Big data based security event reporting platform and method | |
CN114157484A (en) | Data security storage system based on cloud computing | |
CN112084239B (en) | Signaling network security mining analysis method based on big data feature model identification | |
CN114972827A (en) | Asset identification method, device, equipment and computer readable storage medium | |
CN113722740B (en) | Method for detecting risk of horizontal unauthorized access to sensitive data based on interface portrait | |
CN114205816A (en) | Information security architecture of power mobile Internet of things and use method thereof | |
CN114372497A (en) | Multi-modal security data classification method and classification system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |