CN112217791A - Network security situation sensing system based on video monitoring data center - Google Patents

Network security situation sensing system based on video monitoring data center Download PDF

Info

Publication number
CN112217791A
CN112217791A CN202010918937.2A CN202010918937A CN112217791A CN 112217791 A CN112217791 A CN 112217791A CN 202010918937 A CN202010918937 A CN 202010918937A CN 112217791 A CN112217791 A CN 112217791A
Authority
CN
China
Prior art keywords
situation
security
network
data center
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010918937.2A
Other languages
Chinese (zh)
Inventor
谭修羽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010918937.2A priority Critical patent/CN112217791A/en
Publication of CN112217791A publication Critical patent/CN112217791A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Multimedia (AREA)
  • Alarm Systems (AREA)

Abstract

The invention relates to the technical field of data center network security situation perception, and discloses a network security situation perception system based on a video monitoring data center, which comprises a data acquisition module, a data processing module, a situation generation module and a situation evaluation and prejudgment module, wherein the data acquisition module is used for acquiring data; the situation generation module displays the overall situation of the network environment of the video monitoring data center; the situation assessment and pre-judgment module analyzes the overall situation of the network environment of the video monitoring data center, judges the association among security events, bugs and alarm information, calculates and masters the threats suffered by services, networks and hosts, determines the sequence or steps of the same attack behavior, forms a complete attack process and generates a correct security situation map. The invention can enable a security administrator to find out the security attack threat hidden in the video monitoring data center network in time, can quickly find out the malicious attack behavior in the early stage, and accurately positions the damaged target and the attack source.

Description

Network security situation sensing system based on video monitoring data center
Technical Field
The invention relates to the technical field of data center network security situation perception, in particular to a network security situation perception system based on a video monitoring data center.
Background
The snow project is a large-scale management system with very strong comprehensiveness, and not only needs to meet the requirements of public security management, city management, traffic management, emergency command and the like, but also needs to consider the requirements of disaster accident early warning, safety production monitoring and the like on image monitoring, and simultaneously needs to consider the integration of supporting systems such as alarming, entrance guard and the like and the linkage with a broadcasting system. The construction of the project accelerates the formation of a video private network, the video private network is an important basis for realizing social security and stability, is an important component part for the construction of safe cities, and becomes an important carrier of smart cities. The system can meet the requirements of security management, city management, traffic management, emergency command and the like, and plays an irreplaceable role in preventing, finding, controlling and attacking illegal crimes, providing case clues, fixing illegal crime evidences and the like.
Along with the construction of the snow project, the data storage capacity behind the video monitoring is increased day by day, and the safety problem of the video monitoring is also followed.
The data center mainly comprises a database area, a video networking basic platform area, a terminal office area, a video application platform area, an operation and maintenance management area and the like, and is mainly used for completing the collection, processing and application of all front-end contents and performing unified management. The investigation at the center finds that the safety equipment is lack and dispersed, and the purpose of uniform situation perception is not achieved.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a network security situation perception system based on a video monitoring data center, which aims to solve the problems that security equipment of the video monitoring data center is lack and dispersed, and the attack threat hidden in the video monitoring data center network cannot be found in time.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a network security situation sensing system based on a video monitoring data center comprises a data acquisition module, a data processing module, a situation generation module and a situation evaluation and pre-judgment module, wherein the data acquisition module is used for detecting and acquiring asset alarm information and log information of the network security situation sensing system in real time;
the data acquisition module is in communication connection with the data processing module, the data processing module is in communication connection with the situation generation module, and the situation generation module is in communication connection with the situation evaluation and pre-judgment module;
the situation generation module displays the overall situation of the network environment of the video monitoring data center, and mainly comprises asset overall operation situation, vulnerability information, intrusion detection information, security audit information, alarm information, security event information, network availability information and network flow information;
the situation assessment and pre-judgment module analyzes the overall situation of the network environment of the video monitoring data center, judges the association among security events, bugs and alarm information, calculates and masters the threats suffered by services, networks and hosts, determines the sequence or steps of the same attack behavior, forms a complete attack process and generates a correct security situation map.
Further, the main functions of the data acquisition module are to set and configure data sensors, analyzers and decision makers;
the sensor is responsible for monitoring the local network and the host, and if suspicious behaviors are found, the sensor sends the suspicious behaviors to the analyzer in time;
and the decision maker implements high-level comprehensive processing according to the analysis result of each security domain, and determines the security condition of the whole network system.
Further, the sensor and the sensor are connected by using a ring.
Furthermore, a bidirectional interaction mode is used between the analyzer and the sensor, the sensor actively submits the extracted information to the analyzer, and the analyzer can issue an instruction to reconfigure the sensor.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
1. the network security situation perception system can enable a security manager to find out the security attack threat hidden in the video monitoring data center network in time, can quickly find out malicious attack behaviors in early stage, accurately position a damaged target and an attack source, can enable an invasion path and an attacker background to conduct research judgment and tracing, finds out the potential safety hazard in the video monitoring data center network from the source, and reduces the loss of the video monitoring data center caused by the security attack threat as much as possible.
2. The network security situation awareness system framework structure is an open and extensible annular structure, complexity of the system can be reduced, and the problem of single-point failure is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A network security situation perception system based on a video monitoring data center comprises a data acquisition module, a data processing module, a situation generation module and a situation evaluation and pre-judgment module;
the data acquisition module is in communication connection with the data processing module, the data processing module is in communication connection with the situation generation module, and the situation generation module is in communication connection with the situation evaluation and pre-judgment module;
the data acquisition module has the main functions of setting and configuring a data sensor, an analyzer and a decision maker, detecting alarm information and log information of each asset of the network security situation sensing system in real time and acquiring detected data;
the sensor is responsible for monitoring the local network and the host, if suspicious behaviors are found, the sensor is timely sent to the analyzer, and after the analyzer receives the report, the analysis result is transmitted to the database after comprehensive analysis; the sensors are connected by using a ring, so that the analysis level of each sensor is enhanced by sensor complementary information, and the data is further simplified;
the decision maker implements advanced comprehensive processing according to the analysis result of each security domain, determines the security condition of the whole network system and stores the security condition into the database;
the analyzer and the sensor use a bidirectional interaction mode, so that the sensor can actively submit the extracted information to the analyzer, and the analyzer can also issue an instruction to reconfigure the sensor;
the data processing module has the main function of converting effective acquired information data into a uniform alarm data standard format and storing the alarm data standard format in a database of the data processing module;
the situation generation module has the main functions of classifying alarm information and aggregating the same type of original alarm information to form super alarm information;
the situation generation module can display the overall situation of the network environment of the video monitoring data center, and the situation generation module mainly comprises the overall operation situation of assets, vulnerability information, intrusion detection information, security audit information, alarm information, security event information, network availability information and network flow information;
the situation assessment and pre-judgment module has the main functions of determining the sequence or steps of the same attack behavior and correlating related alarm information to form a complete attack process;
the situation assessment and pre-judgment module analyzes the overall situation of the network environment of the video monitoring data center, can judge the association among security events, vulnerabilities and alarm information, seeks a solution of the security events, and assesses the development trend of the security events according to the occurrence frequency of the security events within a period of time (daily, weekly and monthly);
the situation evaluation and pre-judgment module is used as a center for sensing the network security situation, comprehensively understands the situation of the whole video monitoring data center network, calculates and masters the threats suffered by services, networks and hosts by combining the relation of each event after identifying the situation information security event, and generates a correct security situation graph;
the network security situation perception system framework structure forms a perception ring formed by combining security monitoring of a data acquisition module, security analysis of a situation generation module, situation evaluation and security decision of a pre-judgment module, full-process monitoring is realized by various sensors, and each sensor acquires security state data of each device to realize monitoring of the operation dynamic state of the whole network; the security analysis analyzes data information through filtering and verification; the security decision is realized by predicting and evaluating the security situation of the whole network;
the network security situation awareness system framework structure is an open and extensible annular structure, complexity of the system can be reduced, and the problem of single-point failure is solved.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. A network security situation sensing system based on a video monitoring data center is characterized by comprising a data acquisition module, a data processing module, a situation generation module and a situation evaluation and pre-judgment module, wherein the data acquisition module is used for detecting and acquiring asset alarm information and log information of the network security situation sensing system in real time;
the data acquisition module is in communication connection with the data processing module, the data processing module is in communication connection with the situation generation module, and the situation generation module is in communication connection with the situation evaluation and pre-judgment module;
the situation generation module displays the overall situation of the network environment of the video monitoring data center, and mainly comprises asset overall operation situation, vulnerability information, intrusion detection information, security audit information, alarm information, security event information, network availability information and network flow information;
the situation assessment and pre-judgment module analyzes the overall situation of the network environment of the video monitoring data center, judges the association among security events, bugs and alarm information, calculates and masters the threats suffered by services, networks and hosts, determines the sequence or steps of the same attack behavior, forms a complete attack process and generates a correct security situation map.
2. The video surveillance data center-based network security situation awareness system according to claim 1, wherein the primary functions of the data acquisition module are to set up and configure data sensors, analyzers and decision makers;
the sensor is responsible for monitoring the local network and the host, and if suspicious behaviors are found, the sensor sends the suspicious behaviors to the analyzer in time;
and the decision maker implements high-level comprehensive processing according to the analysis result of each security domain, and determines the security condition of the whole network system.
3. The system for sensing network security situation based on video surveillance data center according to claim 2, characterized in that the sensors are connected with each other by a ring.
4. The system as claimed in claim 3, wherein the analyzer and the sensor use a bidirectional interaction mode, the sensor actively submits the extracted information to the analyzer, and the analyzer can issue an instruction to reconfigure the sensor.
CN202010918937.2A 2020-09-04 2020-09-04 Network security situation sensing system based on video monitoring data center Withdrawn CN112217791A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010918937.2A CN112217791A (en) 2020-09-04 2020-09-04 Network security situation sensing system based on video monitoring data center

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010918937.2A CN112217791A (en) 2020-09-04 2020-09-04 Network security situation sensing system based on video monitoring data center

Publications (1)

Publication Number Publication Date
CN112217791A true CN112217791A (en) 2021-01-12

Family

ID=74049977

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010918937.2A Withdrawn CN112217791A (en) 2020-09-04 2020-09-04 Network security situation sensing system based on video monitoring data center

Country Status (1)

Country Link
CN (1) CN112217791A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338214A (en) * 2021-12-31 2022-04-12 中国联合网络通信集团有限公司 Risk control method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338214A (en) * 2021-12-31 2022-04-12 中国联合网络通信集团有限公司 Risk control method and system
CN114338214B (en) * 2021-12-31 2023-08-18 中国联合网络通信集团有限公司 Risk control method and system

Similar Documents

Publication Publication Date Title
CN102622818B (en) All-directional intelligent monitoring method for bank ATMs
CN103578240B (en) A kind of security protection service network based on Internet of Things
CN102682565B (en) Be suitable for fire-fighting and the security protection integral intelligent video frequency monitoring system of open space
CN201611507U (en) Full-intelligent security device of bank ATM
CN203773681U (en) Power distribution room security and protection system
CN104599458A (en) Wireless intelligent video surveillance system based warning method
CN104144063A (en) Website security monitoring and alarming system based on log analysis and firewall security matrixes
US20120159650A1 (en) Apparatus and method for recognizing security situation and generating situation information based on spatial linkage of physical and it security
CN103152227A (en) Integrated real-time detection system and detection method coping with network threats and attacks
CN103716313A (en) User privacy information protection method and user privacy information protection system
CN112907869B (en) Intrusion detection system based on multiple sensing technologies
CN105812200A (en) Abnormal behavior detection method and device
CN104601553A (en) Internet-of-things tampering invasion detection method in combination with abnormal monitoring
CN104753952A (en) Intrusion detection and analysis system on basis of service data flow of virtual machines
CN106254125A (en) The method and system of security incident correlation analysiss based on big data
CN112217791A (en) Network security situation sensing system based on video monitoring data center
Frattini et al. Facing cyber-physical security threats by PSIM-SIEM integration
CN113132370A (en) Universal integrated safety pipe center system
CN111885020A (en) Network attack behavior real-time capturing and monitoring system with distributed architecture
Schauer et al. Detecting sophisticated attacks in maritime environments using hybrid situational awareness
CN203982148U (en) High-risk district warning early warning high in the clouds long distance control system
CN203786853U (en) Access cloud remote verification system for electric power security and protection high-danger zone
CN104601946A (en) Wireless intelligent video monitoring system
CN115037536A (en) Big data-based security and protection information management early warning platform capable of preventing data loss
CN103914055A (en) Cloud terminal remote monitoring system for electric power security and protection high-risk area

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210112