CN112104659A - Real-time monitoring platform based on government affair application safety - Google Patents
Real-time monitoring platform based on government affair application safety Download PDFInfo
- Publication number
- CN112104659A CN112104659A CN202010984906.7A CN202010984906A CN112104659A CN 112104659 A CN112104659 A CN 112104659A CN 202010984906 A CN202010984906 A CN 202010984906A CN 112104659 A CN112104659 A CN 112104659A
- Authority
- CN
- China
- Prior art keywords
- government affair
- real
- time
- users
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Tourism & Hospitality (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Development Economics (AREA)
- Educational Administration (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Economics (AREA)
- General Engineering & Computer Science (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of government affair application safety monitoring, and discloses a real-time monitoring platform based on government affair application safety, which comprises a government affair big data center, a government affair application situation perception analysis system, log acquisition equipment and flow auditing equipment, wherein the log acquisition equipment and the flow auditing equipment acquire data in a distributed manner from a government affair private network and are connected to the government affair big data center; the government affair application situation perception analysis system analyzes, models and learns users of government affair application based on data stored in a government affair big data center, so that normal states of the users in different scenes are built, a base line is formed, the current behaviors of the users are monitored in real time, and suspicious behaviors of the users, the systems and equipment are found in time through built rule models, statistical models, machine learning models and unsupervised cluster analysis. The method solves the problems that the current government affair application lacks a real-time monitoring mechanism, can not analyze threat elements in time and can not discover abnormal behaviors in time.
Description
Technical Field
The invention relates to the technical field of government affair application safety monitoring, in particular to a real-time monitoring platform based on government affair application safety.
Background
Along with the requirements of government administration departments on the informatization level, a large government data platform which is uniform, efficient, resource integration, interconnection, intercommunication, information sharing, transparent, open and convenient to use is gradually established. In the process of informatization development of government affair management, the security threat of business systems is increasing day by day, and in this case, how to ensure the information security is one of the key problems that the informatization construction of government affair management must solve. With the increasing widespread application of mobile government affairs and remote government affairs, how to ensure the application safety becomes a very serious challenge.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a real-time monitoring platform based on government affair application safety, which aims to solve the technical problems that the current government affair application lacks a real-time monitoring mechanism, cannot analyze threat elements in time and cannot discover abnormal behaviors in time.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a real-time monitoring platform based on government affair application safety comprises a government affair big data center, a government affair application situation perception analysis system, log acquisition equipment and flow auditing equipment, wherein the log acquisition equipment and the flow auditing equipment acquire data in a distributed manner from a government affair private network, and are uniformly connected to the government affair big data center;
the government affair application situation perception analysis system analyzes, models and learns users of government affair application based on mass data stored in a government affair big data center, so that normal states of the users in different scenes are built, a base line is formed, the current behaviors of the users are monitored in real time, and suspicious behaviors of the users, the systems and equipment are found in time through built rule models, statistical models, machine learning models and unsupervised cluster analysis.
Furthermore, the real-time monitoring platform also comprises a government affair application situation visualization system, the government affair application situation visualization system can realize the real-time safety of the whole network, display all areas and threat degrees of government affair application, display threats which occur in real time through a dynamic line from an attack source to an attack target, display the threat degree of the whole network, and have clear whole attack threat situation, early warning and accurate and quick judgment and response.
Furthermore, the government affair big data center configures different acquisition strategies for each data acquisition engine, and ensures that each data acquisition engine can acquire data in a targeted manner, such as dynamic configuration, acquisition period and cleaning and filtering strategies.
Furthermore, the flow auditing equipment supports full protocol auditing, including data flow of 2 nd to 7 th layers of a network, supports specific protocols or IP to carry out self-defined detection, and self-defined IP addresses, URLs, domain names and file access monitoring.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
1. the method and the system realize real-time monitoring of government affair application data through a government affair application situation perception analysis system, and perform threat element analysis and rapid discovery and accurate tracing of abnormal behaviors.
2. According to the invention, all areas and threat degrees of government affair application can be displayed through a government affair application situation visualization system, threats which are happening in real time are displayed through a dynamic line from an attack source to an attack target, the whole network threat degree can be displayed, the whole attack threat situation is clear, and the overall user behavior threat situation is displayed in real time.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A real-time monitoring platform based on government application security, comprising: the system comprises a first log acquisition device, a second log acquisition device, a flow auditing device, a government affair big data center, a government affair application situation perception analysis system and a government affair application situation visualization system;
the monitoring platform collects data in a distributed manner from the government affair private network through log collection equipment and flow auditing equipment, and the log collection equipment and the flow auditing equipment are uniformly connected to a government affair big data center;
the government affair application situation perception analysis system analyzes, models and learns users of government affair application based on mass data stored in a government affair big data center, so that normal states of the users in different scenes are built, a base line is formed, the current behaviors of the users are monitored in real time, and suspicious behaviors of the users, the systems and equipment are found in time through built rule models, statistical models, machine learning models and unsupervised cluster analysis;
the government affair application situation awareness analysis system associates users and behaviors which are seemingly irrelevant, so that the accuracy and the sensitivity of abnormal behavior monitoring are improved, and abnormal user behaviors including historical abnormal behaviors which do not appear can be found quickly;
the first log collection equipment is used for collecting logs of each government affair application server and safety equipment in an active collection or passive receiving mode and carrying out normalization processing;
the second log acquisition equipment is used for acquiring logs of the database server and the host equipment in an active acquisition or passive receiving mode and carrying out normalization processing;
the flow auditing equipment is used for acquiring network flow data of the switch, acquiring, auditing and restoring through a flow mirror image file, and transmitting a restored flow log to a government affair big data center in an encrypted manner;
the flow auditing equipment supports full protocol auditing, including data flow of 2 nd to 7 th layers of a network, supports a specific protocol or IP to carry out self-defining detection, and monitors access of a self-defining IP address, a URL (uniform resource locator), a domain name and a file, and collected data can be reused by other systems;
the government affair big data center realizes unified processing, storage, full-text retrieval and data sharing of the acquired data and the data synchronized by other application systems; the government affair big data center configures different acquisition strategies for each data acquisition engine, and ensures that each data acquisition engine acquires data in a targeted manner, such as dynamic configuration, acquisition period and cleaning and filtering strategies;
the government affair application situation awareness analysis system is used for analyzing flow logs, equipment logs and system logs submitted by the flow auditing equipment and the log collecting equipment and providing an application interaction interface; the government affair application situation awareness analysis system provides a real-time stream data analysis engine and an offline analysis engine; a data retrieval module at the bottom layer of the government affair application situation awareness analysis system processes all data by adopting a distributed computing and search engine technology, and a cluster can be established by a plurality of devices to ensure the supply of storage space and computing capacity;
the system for visualizing the situation of the government affair application can realize real-time safety of the whole network, display all areas and threat degrees of the government affair application, display the threats which are happening in real time through a dynamic line from an attack source to an attack target, display the threat degree of the whole network, have clear situation of the whole attack threat, display the behavior threat condition of the whole user in real time, early warn, and accurately and quickly study, judge and respond.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (4)
1. A real-time monitoring platform based on government affair application safety is characterized by comprising a government affair big data center, a government affair application situation perception analysis system, log acquisition equipment and flow auditing equipment, wherein the log acquisition equipment and the flow auditing equipment acquire data in a distributed manner from a government affair private network, and are uniformly connected to the government affair big data center;
the government affair application situation perception analysis system analyzes, models and learns users of government affair application based on data stored in a government affair big data center, so that normal states of the users in different scenes are built, a base line is formed, the current behaviors of the users are monitored in real time, and suspicious behaviors of the users, the systems and equipment are found in time through built rule models, statistical models, machine learning models and unsupervised cluster analysis.
2. The real-time monitoring platform based on the government affair application security according to claim 1, wherein the real-time monitoring platform further comprises a government affair application situation visualization system, the government affair application situation visualization system can realize the whole network real-time security, display all areas and threat degrees of government affair application, display real-time occurring threats through a dynamic line from an attack source to an attack target, display the whole network threat degree, have clear whole attack threat situation, can give an early warning and can accurately and quickly study and respond.
3. The real-time monitoring platform based on government affair application security according to claim 2, wherein the government affair big data center configures different collection strategies for each data collection engine, so as to ensure that each data collection engine collects data in a targeted manner, such as dynamic configuration, collection period and cleaning and filtering strategies.
4. The real-time monitoring platform based on government affair application safety according to claim 3, wherein the flow auditing equipment supports full protocol auditing including network layer 2-7 data flow, supports specific protocol or IP for self-defining detection and self-defining IP address, URL, domain name and file access monitoring.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010984906.7A CN112104659A (en) | 2020-09-18 | 2020-09-18 | Real-time monitoring platform based on government affair application safety |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010984906.7A CN112104659A (en) | 2020-09-18 | 2020-09-18 | Real-time monitoring platform based on government affair application safety |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112104659A true CN112104659A (en) | 2020-12-18 |
Family
ID=73760325
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010984906.7A Pending CN112104659A (en) | 2020-09-18 | 2020-09-18 | Real-time monitoring platform based on government affair application safety |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112104659A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112622564A (en) * | 2020-12-22 | 2021-04-09 | 宋清云 | Safety system and device for air circulation in automobile |
CN114598551A (en) * | 2022-03-29 | 2022-06-07 | 南方电网科学研究院有限责任公司 | Information network security early warning system for dealing with continuous threat attack |
CN114938300A (en) * | 2022-05-17 | 2022-08-23 | 浙江木链物联网科技有限公司 | Industrial control system situation perception method and system based on equipment behavior analysis |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106778253A (en) * | 2016-11-24 | 2017-05-31 | 国家电网公司 | Threat context aware information security Initiative Defense model based on big data |
CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
CN108259462A (en) * | 2017-11-29 | 2018-07-06 | 国网吉林省电力有限公司信息通信公司 | Big data Safety Analysis System based on mass network monitoring data |
CN108769048A (en) * | 2018-06-08 | 2018-11-06 | 武汉思普崚技术有限公司 | A kind of secure visualization and Situation Awareness plateform system |
CN109167764A (en) * | 2018-08-17 | 2019-01-08 | 广州韵成通信科技有限公司 | A kind of electronic government affairs system network aware analysis platform system |
CN109886408A (en) * | 2019-02-28 | 2019-06-14 | 北京百度网讯科技有限公司 | A kind of deep learning method and device |
CN111245793A (en) * | 2019-12-31 | 2020-06-05 | 西安交大捷普网络科技有限公司 | Method and device for analyzing abnormity of network data |
-
2020
- 2020-09-18 CN CN202010984906.7A patent/CN112104659A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106778253A (en) * | 2016-11-24 | 2017-05-31 | 国家电网公司 | Threat context aware information security Initiative Defense model based on big data |
CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
CN108259462A (en) * | 2017-11-29 | 2018-07-06 | 国网吉林省电力有限公司信息通信公司 | Big data Safety Analysis System based on mass network monitoring data |
CN108769048A (en) * | 2018-06-08 | 2018-11-06 | 武汉思普崚技术有限公司 | A kind of secure visualization and Situation Awareness plateform system |
CN109167764A (en) * | 2018-08-17 | 2019-01-08 | 广州韵成通信科技有限公司 | A kind of electronic government affairs system network aware analysis platform system |
CN109886408A (en) * | 2019-02-28 | 2019-06-14 | 北京百度网讯科技有限公司 | A kind of deep learning method and device |
CN111245793A (en) * | 2019-12-31 | 2020-06-05 | 西安交大捷普网络科技有限公司 | Method and device for analyzing abnormity of network data |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112622564A (en) * | 2020-12-22 | 2021-04-09 | 宋清云 | Safety system and device for air circulation in automobile |
CN112622564B (en) * | 2020-12-22 | 2023-06-06 | 宋清云 | Safety system for ventilation in automobile and device thereof |
CN114598551A (en) * | 2022-03-29 | 2022-06-07 | 南方电网科学研究院有限责任公司 | Information network security early warning system for dealing with continuous threat attack |
CN114938300A (en) * | 2022-05-17 | 2022-08-23 | 浙江木链物联网科技有限公司 | Industrial control system situation perception method and system based on equipment behavior analysis |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107958322B (en) | Urban network space comprehensive treatment system | |
CN107196910B (en) | Threat early warning monitoring system, method and deployment framework based on big data analysis | |
CN112104659A (en) | Real-time monitoring platform based on government affair application safety | |
CN109768889A (en) | A kind of visualization safety management wisdom operation platform | |
CN109902072A (en) | A kind of log processing system | |
Spyridopoulos et al. | Incident analysis & digital forensics in SCADA and industrial control systems | |
EP3403308A1 (en) | Network monitoring, detection, and analysis system | |
JP2002330177A (en) | Security management server and host sever operating in linkage with the security management server | |
CN107273267A (en) | Log analysis method based on elastic components | |
CN110866642A (en) | Security monitoring method and device, electronic equipment and computer readable storage medium | |
CN112416872A (en) | Cloud platform log management system based on big data | |
CN112738040A (en) | Network security threat detection method, system and device based on DNS log | |
CN113642023A (en) | Data security detection model training method, data security detection device and equipment | |
CN113259356A (en) | Threat intelligence and terminal detection response method and system under big data environment | |
CN112734057A (en) | Comprehensive automatic comprehensive operation and maintenance monitoring system for railway marshalling station | |
Lee et al. | A study on efficient log visualization using d3 component against apt: How to visualize security logs efficiently? | |
CN112714118B (en) | Network traffic detection method and device | |
CN111049853A (en) | Security authentication system based on computer network | |
CN114006719B (en) | AI verification method, device and system based on situation awareness | |
CN115567258A (en) | Network security situation awareness method, system, electronic device and storage medium | |
CN112769755A (en) | DNS log statistical feature extraction method for threat detection | |
KR100868195B1 (en) | Method and apparatus for managing database by using monitoring function | |
CN115296888B (en) | Data Radar Monitoring System | |
CN117640432B (en) | Operation and maintenance monitoring method for distributed data center | |
CN113630396B (en) | Method, device and system for processing network security alarm information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201218 |
|
RJ01 | Rejection of invention patent application after publication |