CN112261033A - Network security protection method based on enterprise intranet - Google Patents
Network security protection method based on enterprise intranet Download PDFInfo
- Publication number
- CN112261033A CN112261033A CN202011121536.0A CN202011121536A CN112261033A CN 112261033 A CN112261033 A CN 112261033A CN 202011121536 A CN202011121536 A CN 202011121536A CN 112261033 A CN112261033 A CN 112261033A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- module
- enterprise
- intranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention belongs to the technical field of network protection, and particularly relates to a network security protection method based on an enterprise intranet. The invention monitors external attack in the enterprise network by means of external equipment, monitors and analyzes various types of abnormality in the network, predicts and analyzes abnormal data, comprehensively analyzes the network and the security situation from the aspects of external threat alarm, internal security threat monitoring, prediction and the like, and forms the enterprise internal network security protection method of the external attack alarm and the internal threat monitoring double modes. A multi-dimensional anomaly detection system based on an actual security scene is provided in the aspect of security protection of an enterprise internal network. The monitoring and protecting capability of various types of security threats in the internal network of the enterprise is improved.
Description
Technical Field
The invention belongs to the technical field of network protection, and particularly relates to a network security protection method based on an enterprise intranet.
Background
The network security situation analysis mainly comprises the process of detecting, filtering, checking and alarming malicious attacks existing in the network. Generally, the security protection of the enterprise network mainly depends on traditional security devices such as a firewall, an IDS, a missing scan, etc., or a security management platform using these security devices as data sources as a protection main body, so as to implement the security protection of the enterprise intranet network.
The network security threat mainly takes the internet of an operator as a high-incidence scene, and the security threat has the characteristics of concealment, sporadic nature, destructiveness and the like. Most of the intranet is in an interconnected or logically isolated state with the internet, so that the intranet faces the same network security threat after the network threat is triggered in the internet. The safety protection measures of the intranet mainly include deploying a boundary firewall between the internet and the intranet, adding a blocking safety strategy and isolating external safety threats; deploying vulnerability scanning equipment at an internal network outlet to detect security vulnerability threats existing in network access flow; deploying intrusion detection equipment at an intranet outlet of an enterprise, and blocking and monitoring characteristic traffic with security threats in network access traffic; deploying an administration platform in an enterprise intranet, collecting and gathering log information of various safety equipment, and monitoring on the platform by means of alarm results built in the safety equipment; the main protection idea is to ensure the safety detection of the intranet and internet outlets and the safety of the intranet.
The current enterprise intranet network safety protection mode is mainly based on the deployment of boundary safety protection equipment, so that the safety threat from the outside is detected, and the network safety protection is realized. But network threats not only exist on external networks but also frequently occur within the network and are often regular. The security threat inside the network can more directly damage the internal network information system and can more easily acquire the key information in the network. Compared with the external network threat, the internal threat is more threatening to the security protection of the intranet, and the internal threat is gradually evolving into an important direction of the network security protection.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: how to provide a set of network security protection method for the enterprise intranet and construct a novel network security situation monitoring system for the enterprise intranet.
(II) technical scheme
In order to solve the above technical problem, the present invention provides a network security protection method based on an enterprise intranet, the network security protection method is implemented based on a network security protection system, and the network security protection system includes: the system comprises a threat characteristic library construction module, an abnormal behavior rule library construction module, a network data acquisition module, an external alarm data analysis module, an internal compliance detection module, an unknown threat prediction module and a network security situation alarm module;
the network security protection method comprises the following steps:
step 1: the threat characteristic library construction module extracts key identification fields in characteristic sample data of typical security threats, selects the security threats which can only identify independence in the sample data, and stores the identification information into different types of data tables, and the multiple data tables form a security threat characteristic library;
step 2: the abnormal behavior rule base building module carries out data definition on typical user illegal behaviors in an enterprise intranet, defined rule data are stored in different types of data tables, and the plurality of data tables form an abnormal behavior rule base;
and step 3: the network data acquisition module acquires original log data which can reflect the running states of the equipment and the system, including original running log data and operation log data of safety equipment, network equipment and an application system in an enterprise intranet, splits the original log data, marks the meaning of fields according to different field attributes after splitting, deletes invalid fields and forms a data set with a uniform standard format;
and 4, step 4: the external alarm data analysis module receives the data set in the standard format and the security threat characteristic library, introduces the data set in the standard format into the correlation analysis model, analyzes the difference between the data characteristics in the data set in the standard format and the data characteristics in the security characteristic database by calling an FP-growth algorithm in the correlation analysis model, extracts the network data corresponding to the difference value of 0 after matching when the difference is 0, and generates the external alarm information of the enterprise network;
and 5: the internal compliance detection module receives the data set in the standard format and the abnormal behavior rule base, introduces the data set in the standard format into the association analysis model, analyzes the difference between the data characteristics in the data set in the standard format and the data characteristics in the abnormal behavior rule base by calling an FP-growth algorithm in the association analysis model, extracts the network data corresponding to the difference value of 0 after matching when the difference is 0, and generates the internal abnormal behavior warning information of the enterprise network;
and 7: the unknown threat prediction module receives a data set in a standard format, transmits the data set in the standard format into the data prediction model, and the data prediction model processes and analyzes the data in the data set, predicts the data state of the next period, finds potential abnormal values, extracts network data corresponding to the abnormal values and generates enterprise network unknown threat warning information;
and 8: the network security situation warning module is used for receiving the enterprise network external warning information, the enterprise network internal abnormal behavior warning information and the enterprise network unknown threat warning information, counting the warning information, and displaying the counted data to form the network security warning information of the enterprise intranet.
Wherein, the characteristic sample data of the typical security threat comprises sample data information of network viruses, trojans, worms and loophole security threats.
The abnormal behavior rule base building module defines data of typical user illegal behaviors in an enterprise intranet, namely, abnormal behavior rules are defined according to states of traffic access information, port access information and protocol use information of the behaviors.
The network data acquisition module splits original log data in a mode of regular expressions, key value pairs and analysis scripts.
And the data set in a uniform standard JSON format is output by the network data acquisition module.
And the data prediction model adopted by the unknown threat prediction module calls a K-means algorithm and an ALS algorithm to process and analyze the data in the data set.
The data prediction model takes 30 days as a time interval period, sets window sliding time to be 7 days, and predicts the data state of the next period.
The objects for statistical processing by the network security situation warning module include, for example, warning frequency summation, warning time interval statistics, and warning type statistics.
And the network security situation warning module displays the counted data by utilizing an E-Chart visualization tool.
The form of the network security situation warning module for displaying the counted data comprises a bar chart, a line chart and a two-dimensional area chart.
(III) advantageous effects
Compared with the prior art, the method and the system aim at the current safety protection situations of various scenes, solidified analysis models and incomplete data processing, an application scene and analysis model interaction system is established, full data analysis is carried out based on a big data technology, and the accuracy and the reliability of the platform for monitoring the application scene state are improved.
The invention breaks through the key technologies of multi-source data acquisition technology, data preprocessing technology, big data scene analysis, trend prediction and the like, forms a set of comprehensive enterprise intranet network safety protection method, and realizes the comprehensive monitoring of the enterprise intranet scene safety.
The method monitors external attacks in the enterprise network by means of external equipment, monitors and analyzes various types of abnormalities in the network, predicts and analyzes abnormal data, comprehensively analyzes the network and the security situation from the aspects of external threat alarm, internal security threat monitoring, prediction and the like, and forms the enterprise internal network security protection method with double modes of external attack alarm and internal threat monitoring. A multi-dimensional anomaly detection system based on an actual security scene is provided in the aspect of security protection of an enterprise internal network. The monitoring and protecting capability of various types of security threats in the internal network of the enterprise is improved. The actual measurement shows that the method can be used for completing the behavior data analysis under most enterprise business scenes in one minute on a common server. Comprehensive safety protection capability for an enterprise intranet is achieved by means of comprehensive data acquisition capability and a powerful safety analysis technology. The method can comprehensively master external attack behaviors and internal violation and abnormal behaviors, and can early warn the security risk of enterprises. The network data processing capacity of the method is as follows: greater than 60,000EPS data collection capability. Greater than 150,000FPS data processing capability. PB level data storage capability. Query result second level return capability.
Drawings
FIG. 1 is a flow chart of the technical solution of the present invention.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
In order to solve the above technical problem, the present invention provides a network security protection method based on an enterprise intranet, the network security protection method is implemented based on a network security protection system, and the network security protection system includes: the system comprises a threat characteristic library construction module, an abnormal behavior rule library construction module, a network data acquisition module, an external alarm data analysis module, an internal compliance detection module, an unknown threat prediction module and a network security situation alarm module;
the network security protection method comprises the following steps:
step 1: the threat characteristic library construction module extracts key identification fields in characteristic sample data of typical security threats, selects the security threats which can only identify independence in the sample data, and stores the identification information into different types of data tables, and the multiple data tables form a security threat characteristic library;
step 2: the abnormal behavior rule base building module carries out data definition on typical user illegal behaviors in an enterprise intranet, defined rule data are stored in different types of data tables, and the plurality of data tables form an abnormal behavior rule base;
and step 3: the network data acquisition module acquires original log data which can reflect the running states of the equipment and the system, including original running log data and operation log data of safety equipment, network equipment and an application system in an enterprise intranet, splits the original log data, marks the meaning of fields according to different field attributes after splitting, deletes invalid fields and forms a data set with a uniform standard format;
and 4, step 4: the external alarm data analysis module receives the data set in the standard format and the security threat characteristic library, introduces the data set in the standard format into the correlation analysis model, analyzes the difference between the data characteristics in the data set in the standard format and the data characteristics in the security characteristic database by calling an FP-growth algorithm in the correlation analysis model, extracts the network data corresponding to the difference value of 0 after matching when the difference is 0, and generates the external alarm information of the enterprise network;
and 5: the internal compliance detection module receives the data set in the standard format and the abnormal behavior rule base, introduces the data set in the standard format into the association analysis model, analyzes the difference between the data characteristics in the data set in the standard format and the data characteristics in the abnormal behavior rule base by calling an FP-growth algorithm in the association analysis model, extracts the network data corresponding to the difference value of 0 after matching when the difference is 0, and generates the internal abnormal behavior warning information of the enterprise network;
and 7: the unknown threat prediction module receives a data set in a standard format, transmits the data set in the standard format into the data prediction model, and the data prediction model processes and analyzes the data in the data set, predicts the data state of the next period, finds potential abnormal values, extracts network data corresponding to the abnormal values and generates enterprise network unknown threat warning information;
and 8: the network security situation warning module is used for receiving the enterprise network external warning information, the enterprise network internal abnormal behavior warning information and the enterprise network unknown threat warning information, counting the warning information, and displaying the counted data to form the network security warning information of the enterprise intranet.
Wherein, the characteristic sample data of the typical security threat comprises sample data information of network viruses, trojans, worms and loophole security threats.
The abnormal behavior rule base building module defines data of typical user illegal behaviors in an enterprise intranet, namely, abnormal behavior rules are defined according to states of traffic access information, port access information and protocol use information of the behaviors.
The network data acquisition module splits original log data in a mode of regular expressions, key value pairs and analysis scripts.
And the data set in a uniform standard JSON format is output by the network data acquisition module.
And the data prediction model adopted by the unknown threat prediction module calls a K-means algorithm and an ALS algorithm to process and analyze the data in the data set.
The data prediction model takes 30 days as a time interval period, sets window sliding time to be 7 days, and predicts the data state of the next period.
The objects for statistical processing by the network security situation warning module include, for example, warning frequency summation, warning time interval statistics, and warning type statistics.
And the network security situation warning module displays the counted data by utilizing an E-Chart visualization tool.
The form of the network security situation warning module for displaying the counted data comprises a bar chart, a line chart and a two-dimensional area chart.
In addition, the invention also provides a network security protection system based on the intranet, which carries out multidimensional analysis on the multi-source and high-magnitude security data in the intranet to realize the detection of various security threats in the network and the prediction of the security threats possibly existing in the network; the network safety protection system based on the enterprise intranet takes safety equipment alarm monitoring, internal compliance detection and in-network threat prediction as entry points to construct a network safety protection model based on the enterprise intranet; the flow of the network security protection system based on the intranet is shown in fig. 1.
The network security protection system based on the enterprise intranet comprises: the system comprises a threat characteristic library construction module, an abnormal behavior rule library construction module, a network data acquisition module, an external alarm data analysis module, an internal compliance detection module, an unknown threat prediction module and a network security situation alarm module;
the threat characteristic library construction module is used for extracting key identification fields in characteristic sample data of typical security threats, selecting security threats which can only identify independence in the sample data, and storing the identification information into data tables of different types, wherein the plurality of data tables form a security threat characteristic library;
the abnormal behavior rule base building module is used for carrying out data definition on typical user illegal behaviors in an enterprise intranet, such as access data of a source address and a destination address, storing the defined rule data into different types of data tables, and forming an abnormal behavior rule base by the multiple data tables;
the network data acquisition module is used for acquiring original log data which can reflect the running states of the equipment and the system, including original running log data and operation log data of safety equipment, network equipment and an application system in an enterprise intranet, splitting the original log data, marking the meaning of fields according to different field attributes after splitting, deleting invalid fields and forming a data set with a uniform standard format;
the external alarm data analysis module is used for receiving the data set in the standard format and the security threat characteristic library, importing the data set in the standard format into the correlation analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the security characteristic database by calling an FP-growth algorithm in the correlation analysis model, and extracting the network data corresponding to the difference value of 0 after matching to generate the external alarm information of the enterprise network when the difference is 0;
the internal compliance detection module is used for receiving the data set in the standard format and the abnormal behavior rule base, importing the data set in the standard format into the association analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the abnormal behavior rule base by calling an FP-growth algorithm in the association analysis model, and extracting the network data corresponding to the difference value of 0 when the difference is 0 after matching to generate the abnormal behavior warning information in the enterprise network;
the unknown threat prediction module is used for receiving a data set in a standard format, transmitting the data set in the standard format into the data prediction model, processing and analyzing the data in the data set by the data prediction model, predicting the data state in the next period, finding a potential abnormal value, extracting network data corresponding to the abnormal value, and generating unknown threat warning information of the enterprise network;
the network security situation warning module is used for receiving the enterprise network external warning information, the enterprise network internal abnormal behavior warning information and the enterprise network unknown threat warning information, counting the warning information, and displaying the counted data to form the network security warning information of the enterprise intranet.
Wherein, the characteristic sample data of the typical security threat comprises sample data information of network viruses, trojans, worms and loophole security threats.
The abnormal behavior rule base building module is used for defining data of typical user illegal behaviors in an enterprise intranet, namely, abnormal behavior rules are defined through states of traffic access information, port access information and protocol use information of the behaviors.
The network data acquisition module splits original log data in a mode of regular expressions, key value pairs and analysis scripts.
And the data set in a uniform standard JSON format is output by the network data acquisition module.
And the data prediction model adopted by the unknown threat prediction module calls a K-means algorithm and an ALS algorithm to process and analyze the data in the data set.
The data prediction model takes 30 days as a time interval period, sets window sliding time to be 7 days, and predicts the data state of the next period.
The objects for statistical processing by the network security situation warning module include, for example, warning frequency summation, warning time interval statistics, and warning type statistics.
And the network security situation warning module displays the counted data by utilizing an E-Chart visualization tool.
The form of the network security situation warning module for displaying the counted data comprises a bar chart, a line chart and a two-dimensional area chart.
Example 1
The operation flow of this embodiment is as follows:
the method comprises the following steps: initialization construction of threat characteristic library and abnormal behavior rule library
Inputting: extracting key identification fields in characteristic sample data of typical security threats, such as sample data information of security threats, such as network viruses, trojans, worms, bugs and the like, and adding identification data into an initialized threat characteristic library; and defining data of typical user violation behaviors in the intranet, such as access data of a source address and a destination address, and adding the defined data to an abnormal behavior rule base.
And (3) treatment: extracting key fields of characteristic sample data of typical security threats, selecting the security threats which can only identify the independence from the sample data, and storing the identification information into data tables of different types, wherein the plurality of data tables form a security threat characteristic library; the method comprises the steps of defining data of typical user illegal behaviors, namely defining abnormal behavior rules according to states of behavior traffic access information, port access information, protocol use information and the like, storing the defined rule data into different types of data tables, and forming an abnormal behavior rule base by a plurality of data tables.
And (3) outputting: a security threat characteristic library and an abnormal behavior rule library.
Step two: network data acquisition processing
Inputting: the original operation log data, operation log data and the like of the safety equipment, the network equipment and the application system in the enterprise intranet can reflect the information of the operation state of the equipment and the system.
And (3) treatment: splitting original log data acquired by equipment and a system by using a regular expression, a key value pair, an analysis script and other modes, labeling the meaning of a field according to different field attributes after splitting, deleting invalid fields, and forming a data set in a unified standard JSON format.
And (3) outputting: data set in standard format
Step three: external alarm data analysis
Inputting: a data set in a standard format, a security threat feature library.
And (3) treatment: and importing the data set in the standard format into an association analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in a security characteristic database by calling an FP-growth algorithm in the association analysis model, and extracting the network data corresponding to the difference value of 0 when the difference is 0 after matching to generate external alarm information.
And (3) outputting: and (4) warning information outside the enterprise network.
Step four: internal compliance testing
Inputting: a data set in a standard format and an abnormal behavior rule base.
And (3) treatment: and importing the data set in the standard format into an association analysis model, analyzing the difference between the data characteristics in the data set in the standard format and the data characteristics in the abnormal behavior rule base by calling an FP-growth algorithm in the association analysis model, and extracting the network data corresponding to the difference value of 0 when the difference is 0 after matching to generate the internal abnormal behavior alarm information.
And (3) outputting: and alarming information of abnormal behaviors in the enterprise network.
Step five: prediction of unknown threats
Inputting: data set in standard format
And (3) treatment: the data set in the standard format is transmitted into a data prediction model, the model calls a K-means algorithm and an ALS algorithm to process and analyze data in the data set, a 30-day interval period is used as a time interval period, window sliding time is set to be 7 days, the data state of the next period is predicted, potential abnormal values are found, network data corresponding to the abnormal values are extracted, and unknown threat warning information is generated.
And (3) outputting: and warning information of unknown threats of the enterprise network.
Step six: network security posture warning
Inputting: enterprise network external alarm information; warning information of abnormal behaviors in the enterprise network; and warning information of unknown threats of the enterprise network.
And (3) treatment: and performing statistical processing on the alarm information generated by the upper model, such as alarm frequency summation, alarm time period statistics, alarm type statistics and the like, and displaying the counted data by using an E-Chart visualization tool, such as a bar Chart, a line Chart, a two-dimensional area Chart and the like, so as to form the network security alarm information of the intranet.
And (3) outputting: and network security alarm information of the enterprise intranet.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A network security protection method based on an enterprise intranet is characterized in that the network security protection method is implemented based on a network security protection system, and the network security protection system comprises: the system comprises a threat characteristic library construction module, an abnormal behavior rule library construction module, a network data acquisition module, an external alarm data analysis module, an internal compliance detection module, an unknown threat prediction module and a network security situation alarm module;
the network security protection method comprises the following steps:
step 1: the threat characteristic library construction module extracts key identification fields in characteristic sample data of typical security threats, selects the security threats which can only identify independence in the sample data, and stores the identification information into different types of data tables, and the multiple data tables form a security threat characteristic library;
step 2: the abnormal behavior rule base building module carries out data definition on typical user illegal behaviors in an enterprise intranet, defined rule data are stored in different types of data tables, and the plurality of data tables form an abnormal behavior rule base;
and step 3: the network data acquisition module acquires original log data which can reflect the running states of the equipment and the system, including original running log data and operation log data of safety equipment, network equipment and an application system in an enterprise intranet, splits the original log data, marks the meaning of fields according to different field attributes after splitting, deletes invalid fields and forms a data set with a uniform standard format;
and 4, step 4: the external alarm data analysis module receives the data set in the standard format and the security threat characteristic library, introduces the data set in the standard format into the correlation analysis model, analyzes the difference between the data characteristics in the data set in the standard format and the data characteristics in the security characteristic database by calling an FP-growth algorithm in the correlation analysis model, extracts the network data corresponding to the difference value of 0 after matching when the difference is 0, and generates the external alarm information of the enterprise network;
and 5: the internal compliance detection module receives the data set in the standard format and the abnormal behavior rule base, introduces the data set in the standard format into the association analysis model, analyzes the difference between the data characteristics in the data set in the standard format and the data characteristics in the abnormal behavior rule base by calling an FP-growth algorithm in the association analysis model, extracts the network data corresponding to the difference value of 0 after matching when the difference is 0, and generates the internal abnormal behavior warning information of the enterprise network;
and 7: the unknown threat prediction module receives a data set in a standard format, transmits the data set in the standard format into the data prediction model, and the data prediction model processes and analyzes the data in the data set, predicts the data state of the next period, finds potential abnormal values, extracts network data corresponding to the abnormal values and generates enterprise network unknown threat warning information;
and 8: the network security situation warning module is used for receiving the enterprise network external warning information, the enterprise network internal abnormal behavior warning information and the enterprise network unknown threat warning information, counting the warning information, and displaying the counted data to form the network security warning information of the enterprise intranet.
2. The intranet-based network security protection method according to claim 1, wherein the typical security threat characteristic sample data includes sample data information of network viruses, trojans, worms, and vulnerability security threats.
3. The method according to claim 1, wherein the abnormal behavior rule base building module defines data of typical user violation behaviors in the intranet, that is, abnormal behavior rules are defined by states of traffic access information, port access information, and usage information of protocols of the behaviors.
4. The intranet-based network security protection method according to claim 1, wherein the network data collection module splits original log data in a manner of regular expressions, key value pairs and analysis scripts.
5. The intranet-based network security protection method according to claim 1, wherein the data set in the unified standard JSON format is output by the network data acquisition module.
6. The intranet-based network security protection method according to claim 1, wherein the data prediction model adopted by the unknown threat prediction module invokes a K-means algorithm or an ALS algorithm to process and analyze data in the data set.
7. The intranet-based network security protection method according to claim 6, wherein the data prediction model takes 30 days as a time interval period, sets a window sliding time to be 7 days, and predicts the data state of the next period.
8. The intranet-based network security protection method according to claim 1, wherein the objects for statistical processing by the network security posture alarm module include alarm frequency summation, alarm time period statistics, and alarm type statistics.
9. The intranet-based network security protection method according to claim 1, wherein the network security posture warning module displays the counted data by using an E-Chart visualization tool.
10. The intranet-based network security protection method according to claim 9, wherein the network security situation warning module displays the counted data in a form including a bar graph, a line graph, and a two-dimensional area graph.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011121536.0A CN112261033A (en) | 2020-10-19 | 2020-10-19 | Network security protection method based on enterprise intranet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011121536.0A CN112261033A (en) | 2020-10-19 | 2020-10-19 | Network security protection method based on enterprise intranet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112261033A true CN112261033A (en) | 2021-01-22 |
Family
ID=74244136
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011121536.0A Pending CN112261033A (en) | 2020-10-19 | 2020-10-19 | Network security protection method based on enterprise intranet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112261033A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261034A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection system based on enterprise intranet |
| CN113190200A (en) * | 2021-05-10 | 2021-07-30 | 郑州魔王大数据研究院有限公司 | Exhibition data security protection method and device |
| CN113572781A (en) * | 2021-07-28 | 2021-10-29 | 中国南方电网有限责任公司 | Method for collecting network security threat information |
| CN116846675A (en) * | 2023-08-04 | 2023-10-03 | 北京中科网芯科技有限公司 | Monitoring method for system network communication security |
| CN117336068A (en) * | 2023-10-16 | 2024-01-02 | 北京安博通科技股份有限公司 | Gateway equipment-based data message processing method, device and equipment |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013159607A1 (en) * | 2012-04-28 | 2013-10-31 | 北京网秦天下科技有限公司 | Security detection method and system |
| CN105553957A (en) * | 2015-12-09 | 2016-05-04 | 国家电网公司 | Network safety situation awareness early-warning method and system based big data |
| EP3166280A1 (en) * | 2015-11-03 | 2017-05-10 | Juniper Networks, Inc. | Integrated security system having threat visualization and automated security device control |
| CN107786369A (en) * | 2017-09-26 | 2018-03-09 | 广东电网有限责任公司电力调度控制中心 | Based on the perception of IRT step analyses and LSTM powerline network security postures and Forecasting Methodology |
| CN109688105A (en) * | 2018-11-19 | 2019-04-26 | 中国科学院信息工程研究所 | A kind of threat warning message generation method and system |
| US20190163916A1 (en) * | 2017-11-30 | 2019-05-30 | Bank Of America Corporation | Data integration system for triggering analysis of connection oscillations |
| CN109981686A (en) * | 2019-04-15 | 2019-07-05 | 广东电网有限责任公司 | A kind of network security situational awareness method and system based on circulation confrontation |
| CN109981594A (en) * | 2019-03-01 | 2019-07-05 | 南京安夏电子科技有限公司 | Network security situational awareness method based on big data |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
| CN111245793A (en) * | 2019-12-31 | 2020-06-05 | 西安交大捷普网络科技有限公司 | Method and device for analyzing abnormity of network data |
| CN112261034A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection system based on enterprise intranet |
-
2020
- 2020-10-19 CN CN202011121536.0A patent/CN112261033A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013159607A1 (en) * | 2012-04-28 | 2013-10-31 | 北京网秦天下科技有限公司 | Security detection method and system |
| EP3166280A1 (en) * | 2015-11-03 | 2017-05-10 | Juniper Networks, Inc. | Integrated security system having threat visualization and automated security device control |
| CN105553957A (en) * | 2015-12-09 | 2016-05-04 | 国家电网公司 | Network safety situation awareness early-warning method and system based big data |
| CN107786369A (en) * | 2017-09-26 | 2018-03-09 | 广东电网有限责任公司电力调度控制中心 | Based on the perception of IRT step analyses and LSTM powerline network security postures and Forecasting Methodology |
| US20190163916A1 (en) * | 2017-11-30 | 2019-05-30 | Bank Of America Corporation | Data integration system for triggering analysis of connection oscillations |
| CN109688105A (en) * | 2018-11-19 | 2019-04-26 | 中国科学院信息工程研究所 | A kind of threat warning message generation method and system |
| CN109981594A (en) * | 2019-03-01 | 2019-07-05 | 南京安夏电子科技有限公司 | Network security situational awareness method based on big data |
| CN109981686A (en) * | 2019-04-15 | 2019-07-05 | 广东电网有限责任公司 | A kind of network security situational awareness method and system based on circulation confrontation |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
| CN111245793A (en) * | 2019-12-31 | 2020-06-05 | 西安交大捷普网络科技有限公司 | Method and device for analyzing abnormity of network data |
| CN112261034A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection system based on enterprise intranet |
Non-Patent Citations (2)
| Title |
|---|
| JING LI 等: "Research on the Aggregation Model of Network Security Situation Awareness Based on Analytic Hierarchy Process", 《2013 FOURTH INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEMS DESIGN AND ENGINEERING APPLICATIONS》 * |
| 王月领: "基于大数据和人工智能的企业内网安全检测方法分析", 《信息技术与信息化 网络通信》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261034A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection system based on enterprise intranet |
| CN113190200A (en) * | 2021-05-10 | 2021-07-30 | 郑州魔王大数据研究院有限公司 | Exhibition data security protection method and device |
| CN113572781A (en) * | 2021-07-28 | 2021-10-29 | 中国南方电网有限责任公司 | Method for collecting network security threat information |
| CN116846675A (en) * | 2023-08-04 | 2023-10-03 | 北京中科网芯科技有限公司 | Monitoring method for system network communication security |
| CN116846675B (en) * | 2023-08-04 | 2024-02-20 | 北京中科网芯科技有限公司 | Monitoring method for system network communication security |
| CN117336068A (en) * | 2023-10-16 | 2024-01-02 | 北京安博通科技股份有限公司 | Gateway equipment-based data message processing method, device and equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112261033A (en) | Network security protection method based on enterprise intranet | |
| US8418247B2 (en) | Intrusion detection method and system | |
| CN105264861B (en) | Method and apparatus for detecting multistage event | |
| CN104509034B (en) | Pattern merges to identify malicious act | |
| US9191398B2 (en) | Method and system for alert classification in a computer network | |
| KR102225460B1 (en) | Method of detecting threat based on threat hunting using multi sensor data and apparatus using the same | |
| CN105009132A (en) | Event correlation based on confidence factor | |
| US20110066409A1 (en) | Network attack visualization and response through intelligent icons | |
| CN113691566B (en) | Mail server secret stealing detection method based on space mapping and network flow statistics | |
| US9961047B2 (en) | Network security management | |
| CN112953971B (en) | Network security flow intrusion detection method and system | |
| CN111181918B (en) | TTP-based high-risk asset discovery and network attack tracing method | |
| CN112261034A (en) | Network security protection system based on enterprise intranet | |
| CN110460611A (en) | Full flow attack detecting technology based on machine learning | |
| US10805326B1 (en) | Systems and methods for threat visualization with signature composure, spatial scale and temporal expansion | |
| Michalak et al. | Outlier Detection in Network Traffic Monitoring. | |
| Elshoush | An innovative framework for collaborative intrusion alert correlation | |
| CN114006719B (en) | AI verification method, device and system based on situation awareness | |
| Beigh et al. | Performance evaluation of different intrusion detection system: An empirical approach | |
| El-Taj et al. | Intrusion detection and prevention response based on signature-based and anomaly-based: Investigation study | |
| Sulaiman et al. | Big data analytic of intrusion detection system | |
| Azmi Bin Mustafa Sulaiman et al. | SIEM Network Behaviour Monitoring Framework using Deep Learning Approach for Campus Network Infrastructure | |
| EP2911362A2 (en) | Method and system for detecting intrusion in networks and systems based on business-process specification | |
| Pramudya et al. | Implementation of signature-based intrusion detection system using SNORT to prevent threats in network servers | |
| Maslan et al. | DDoS detection on network protocol using cosine similarity and N-Gram+ Method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210122 |