CN112291261A - Network security log audit analysis method driven by knowledge graph - Google Patents
Network security log audit analysis method driven by knowledge graph Download PDFInfo
- Publication number
- CN112291261A CN112291261A CN202011272117.7A CN202011272117A CN112291261A CN 112291261 A CN112291261 A CN 112291261A CN 202011272117 A CN202011272117 A CN 202011272117A CN 112291261 A CN112291261 A CN 112291261A
- Authority
- CN
- China
- Prior art keywords
- data
- log
- network
- network security
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/35—Clustering; Classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/36—Creation of semantic tools, e.g. ontology or thesauri
- G06F16/367—Ontology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/38—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2216/00—Indexing scheme relating to additional aspects of information retrieval not explicitly covered by G06F16/00 and subgroups
- G06F2216/03—Data mining
Abstract
A method for auditing and analyzing a network security log driven by a knowledge graph comprises the following steps: s1, configuring network security audit equipment; s2, acquiring log data of the network security audit equipment; s3, knowledge extraction of the weblog is realized; s4, acquiring network security level evaluation data; s5, integrating the grade evaluation data and the grade protection grading filing data; s6, constructing a network security log knowledge graph; s7, constructing a network security level protection log knowledge graph; s8, constructing nodes, and distinguishing and numbering all real-time data; and S9, comparing the weblog with the network security level protection log knowledge graph. According to the invention, efficient association and deep mining analysis of the network logs are realized, and meanwhile, through comparison analysis of real-time data and data in the map, problems can be directly analyzed and processed without accurate modeling, so that the method is suitable for large data analysis of the network security logs.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a knowledge graph driven network security log audit analysis method.
Background
The network log is a behavior record of an information system expressed according to a certain specification, and has a remarkable effect on the aspects of audit analysis and source tracing of network security. With the expansion of network applications, the network moves from one giga to ten thousand mega, and the data volume of the weblog is also increased sharply. The knowledge and technology involved in weblog analysis are quite extensive, and cross-domain composite technology support is needed, including knowledge in the fields of safety, operation and maintenance, data analysis and industry. In addition, the variety of log data is increasing, which aggravates the difficulty of log audit analysis, current network attacks are more and more complicated, and the log audit analysis must be performed by means of third-party software or manual sorting analysis. But the traditional manual or software analysis log has not met the era of the rapid development of the internet nowadays.
Disclosure of Invention
Objects of the invention
In order to solve the technical problems in the background technology, the invention provides a knowledge graph driven audit analysis method of network security logs, which realizes the high-efficiency association and deep mining analysis of the network logs by establishing a network security level protection log knowledge graph, and simultaneously can directly analyze and process the data without accurately modeling the problems through the comparison analysis of real-time data and data in the graph, is suitable for the big data analysis of the network security logs, and provides an effective means for solving the large-scale complicated log audit analysis.
(II) technical scheme
The invention provides a knowledge graph driven network security log audit analysis method, which comprises the following steps:
s1, configuring network security audit equipment; s2, acquiring log data of the network security audit equipment; s3, distinguishing and processing the log data in S2 to realize knowledge extraction of the weblog; s4, acquiring network security level evaluation data; s5, integrating the grade evaluation data and the grade protection grading filing data to realize data gain and support full-text retrieval; s6, performing ontology construction and data gain in S5 aiming at the structural fields analyzed in the S3 log through knowledge reasoning and knowledge fusion to form a network security log knowledge graph; s7, comprehensively and uniformly analyzing and processing the scattered diversified security event information in the S6, intensively collecting, standardizing, aggregating and associating event log data from scattered event sources, constructing a network security level protection log knowledge graph, and distinguishing and numbering the data in the network security level protection log knowledge graph; s8, taking the server, the network equipment and the safety equipment as body construction nodes, taking the service data flow as the relation connecting the two nodes, taking the direction of the service data flow as the direction of the relation, and distinguishing and numbering all real-time data; and S9, comparing the weblog with the network security level protection log knowledge graph, and outputting a comparison analysis result.
Preferably, in step S1, the network security audit device includes an operation and maintenance audit device, a database audit device, a behavior audit device, a network audit device, an application audit device, and a log audit device; the operation audit mainly aims at recording and managing the operation of operation personnel on managed information assets, and generally has an account management function, the database audit records, analyzes and reports the behavior of a user accessing a database, and is used for helping the user generate a compliance report and trace the source of an accident afterwards, simultaneously strengthening the record of internal and external network behaviors and improving the safety of the data assets, the behavior audit mainly records the internet surfing behavior of the user, and comprehensively manages the bandwidth, illegal sites and access duration of the user, the network audit dynamically monitors communication contents, network behaviors and network flow in real time by acquiring, analyzing and identifying network data, finds and captures various sensitive information and illegal behaviors, gives an alarm in real time and responds to the alarm, various conversations and events in the network system are comprehensively recorded, and the application audit analyzes the behavior of business personnel accessing the application system, Analyzing, recording and reporting to help users plan prevention in advance, real-time monitoring in the process, response of violation behaviors, regulation report after the fact, accident tracking and tracing, strengthen internal and external network behavior supervision, promote normal operation of core assets, understand self operation conditions through log audit, solve BUG problems and view operation and maintenance operations from a log view angle.
Preferably, in the step S2, the blog is classified into four types, a security management center blog, a security computing environment blog, a security area boundary blog, and a security communication blog.
Preferably, in step S3, the data processing includes data validity verification, normalization, enrichment and labeling.
Preferably, in step S5, the level protection grading record classifies the assets into five levels according to the affected objects and the affected objects' degrees of attack, wherein one level represents the least important degree and five levels represents the most important degree.
Preferably, in step S7, the server, the network device and the security device are respectively marked as E, F, G, the sub-servers under the server are marked as E1, E2, E3... En, n is a positive integer greater than or equal to 1, the specific network devices are marked as F1, F2, F3... Fn, n is a positive integer greater than or equal to 1, the specific network devices are marked as G1, G2, G3... Gn, n is a positive integer greater than or equal to 1, the data number in the network security level protection log knowledge graph is in a three-dimensional coordinate form, the data number is exemplified by E1, F1, H, the first bit represents an issuing node of the data, F1 represents a receiving node of the data, wherein H represents detailed information of the data in the network security level protection log knowledge graph, that means that the data issued from the E1 and received by the F1 network device.
Preferably, in step S8, the server, the network device, and the security device are respectively labeled as A, B, C, the sub-servers under the server are labeled as a1, a2, A3.. An, where n is a positive integer greater than or equal to 1, the specific network devices are labeled as B1, B2, and B3.. Bn, where n is a positive integer greater than or equal to 1, the specific network devices are labeled as C1, C2, C3... Cn, where n is a positive integer greater than or equal to 1, and the number is in a three-dimensional coordinate form, taking data numbers as examples of a1, B1, and D as examples, the first bit represents An issuing node of the data, and B1 represents a receiving node of the data, where D represents detailed information of the specific data, that is, that represents issuing of the data from the a1 server and is received by the B1 network device.
Preferably, in the step S9, the data number in the network security level protection log knowledge graph is compared with the real-time data number, a corresponds to E, B corresponds to F, C corresponds to G, the three-dimensional number comparison sequence is from the first bit to the second bit, and finally to the third bit, the data number in the graph corresponds to the first bit and the second bit of the real-time data number one by one, example a1 corresponds to E1, B1 corresponds to F1, and C1 corresponds to G1.
The technical scheme of the invention has the following beneficial technical effects: the method has the advantages that the log knowledge graph is protected through establishing the network security level, the efficient association and deep mining analysis of the network logs are realized, meanwhile, through the comparison analysis of real-time data and data in the graph, problems do not need to be accurately modeled, analysis and processing can be directly carried out on the data, the method is suitable for large data analysis of the network security logs, and an effective means is provided for solving large-scale complex log audit analysis.
Drawings
FIG. 1 is a flow chart of a method for auditing and analyzing a security log of a knowledge-graph-driven network according to the present invention.
Fig. 2 is a schematic diagram of classification of network security audit equipment in the method for auditing and analyzing network security logs driven by a knowledge graph according to the present invention.
Fig. 3 is a schematic diagram illustrating classification of weblogs in the method for auditing and analyzing web security logs driven by a knowledge graph according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1-3, the method for auditing and analyzing a network security log driven by a knowledge graph provided by the invention comprises the following steps:
s1, configuring network security audit equipment;
s2, acquiring log data of the network security audit equipment;
s3, distinguishing and processing the log data in S2 to realize knowledge extraction of the weblog;
s4, acquiring network security level evaluation data;
s5, integrating the grade evaluation data and the grade protection grading filing data to realize data gain and support full-text retrieval;
s6, performing ontology construction and data gain in S5 aiming at the structural fields analyzed in the S3 log through knowledge reasoning and knowledge fusion to form a network security log knowledge graph;
s7, comprehensively and uniformly analyzing and processing the scattered diversified security event information in the S6, intensively collecting, standardizing, aggregating and associating event log data from scattered event sources, constructing a network security level protection log knowledge graph, and distinguishing and numbering the data in the network security level protection log knowledge graph;
s8, taking the server, the network equipment and the safety equipment as body construction nodes, taking the service data flow as the relation connecting the two nodes, taking the direction of the service data flow as the direction of the relation, and distinguishing and numbering all real-time data;
and S9, comparing the weblog with the network security level protection log knowledge graph, and outputting a comparison analysis result.
According to the invention, the log knowledge graph is protected by establishing the network security level, so that the high-efficiency association and deep mining analysis of the network log are realized, meanwhile, through the comparison analysis of real-time data and data in the graph, the problem can be directly analyzed and processed without accurately modeling, the method is suitable for large-data analysis of the network security log, and an effective means is provided for solving the large-scale complex log audit analysis.
In an optional embodiment, in step S1, the network security audit device includes an operation and maintenance audit device, a database audit device, a behavior audit device, a network audit device, an application audit device, and a log audit device; the operation audit mainly aims at recording and managing the operation of operation personnel on managed information assets, and generally has an account management function, the database audit records, analyzes and reports the behavior of a user accessing a database, and is used for helping the user generate a compliance report and trace the source of an accident afterwards, simultaneously strengthening the record of internal and external network behaviors and improving the safety of the data assets, the behavior audit mainly records the internet surfing behavior of the user, and comprehensively manages the bandwidth, illegal sites and access duration of the user, the network audit dynamically monitors communication contents, network behaviors and network flow in real time by acquiring, analyzing and identifying network data, finds and captures various sensitive information and illegal behaviors, gives an alarm in real time and responds to the alarm, various conversations and events in the network system are comprehensively recorded, and the application audit analyzes the behavior of business personnel accessing the application system, Analyzing, recording and reporting to help users plan prevention in advance, real-time monitoring in the process, response of violation behaviors, regulation report after the fact, accident tracking and tracing, strengthen internal and external network behavior supervision, promote normal operation of core assets, and realize self operation conditions, BUG problems and operation and maintenance operation from a log view angle by log audit; the network security audit equipment is divided, so that complete equipment is ensured, and comprehensive log data information is provided for follow-up.
In an alternative embodiment, in the step S2, the weblogs are classified into four types, a security management center log, a security computing environment log, a security area boundary log, and a security communication weblog; and the logs are classified, so that the logs are conveniently and accurately processed and collected.
In an alternative embodiment, in step S3, the data processing includes data validity verification, normalization, enrichment and labeling; and the data is effectively processed, so that a network security log knowledge graph is conveniently formed.
In an alternative embodiment, in step S5, the level protection grading record divides the assets into five levels according to the infringed object and the infringement degree of the infringed object, wherein one level represents the lightest degree of importance and five levels represent the highest degree of importance; in the actual operation process, attention of different degrees can be paid according to different degrees of importance.
In an optional embodiment, in the step S7, the server, the network device, and the security device are respectively marked as E, F, G, the sub-servers under the server are marked as E1, E2, E3... En, n is a positive integer greater than or equal to 1, the specific network devices are marked as F1, F2, F3... Fn, n is a positive integer greater than or equal to 1, the specific network devices are marked as G1, G2, G3... Gn, n is a positive integer greater than or equal to 1, the data number in the network security level protection log knowledge graph is in a three-dimensional coordinate form, the data number is exemplified by E1, F1, H, the first bit represents an issuing node of the data, F1 represents a receiving node of the data, wherein H represents detailed information of the data in the network security level protection log knowledge graph, that means that the data issued from the E1 server and received by the F1 network device; the data in the network security level protection log knowledge graph are labeled, massive data can be divided into multiple groups, and quick searching and comparison are facilitated.
In An optional embodiment, in the step S8, the server, the network device, and the security device are respectively labeled as A, B, C, the sub-servers under the server are labeled as a1, a2, A3.. An, where n is a positive integer greater than or equal to 1, the specific network devices are labeled as B1, B2, B3.. Bn, where n is a positive integer greater than or equal to 1, the specific network devices are labeled as C1, C2, C3... Cn, where n is a positive integer greater than or equal to 1, and the number is in a three-dimensional coordinate form, taking data numbers as examples of a1, B1, and D as examples, the first bit represents An issuing node of the data, and B1 represents a receiving node of the data, where D represents detailed information of the specific data, that is to issue data from the a1 server, and is received by the B1 network device; the real-time data and the data in the network security level protection log knowledge graph are numbered in the same type, so that the real-time data and the data in the network security level protection log knowledge graph are convenient to compare one by one, and the partition of the real-time data in the network security level protection log knowledge graph can be quickly determined.
In an optional embodiment, in the step S9, comparing the data number in the network security level protection log knowledge graph with the real-time data number, where a corresponds to E, B corresponds to F, C corresponds to G, the three-dimensional number comparison sequence is from the first bit to the second bit, and finally to the third bit, the data number in the graph corresponds to the first bit and the second bit of the real-time data number one by one, example a1 corresponds to E1, B1 corresponds to F1, and C1 corresponds to G1; the data number in the network security level protection log knowledge graph is compared with the real-time data number, the partition of the real-time data in the network security level protection log knowledge graph can be determined quickly, comparison and analysis are carried out according to the previous data in the partition, and audit analysis of the network security log can be completed quickly.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (8)
1. A knowledge graph driven network security log audit analysis method is characterized by comprising the following steps:
s1, configuring network security audit equipment;
s2, acquiring log data of the network security audit equipment;
s3, distinguishing and processing the log data in S2 to realize knowledge extraction of the weblog;
s4, acquiring network security level evaluation data;
s5, integrating the grade evaluation data and the grade protection grading filing data to realize data gain and support full-text retrieval;
s6, performing ontology construction and data gain in S5 aiming at the structural fields analyzed in the S3 log through knowledge reasoning and knowledge fusion to form a network security log knowledge graph;
s7, comprehensively and uniformly analyzing and processing the scattered diversified security event information in the S6, intensively collecting, standardizing, aggregating and associating event log data from scattered event sources, constructing a network security level protection log knowledge graph, and distinguishing and numbering the data in the network security level protection log knowledge graph;
s8, taking the server, the network equipment and the safety equipment as body construction nodes, taking the service data flow as the relation connecting the two nodes, taking the direction of the service data flow as the direction of the relation, and distinguishing and numbering all real-time data;
and S9, comparing the weblog with the network security level protection log knowledge graph, and outputting a comparison analysis result.
2. The method for auditing and analyzing network security logs driven by a knowledge graph according to claim 1, wherein in the step S1, the network security audit equipment comprises operation and maintenance audit equipment, database audit equipment, behavior audit equipment, network audit equipment, application audit equipment and log audit equipment; the operation audit mainly aims at recording and managing the operation of operation personnel on managed information assets, and generally has an account management function, the database audit records, analyzes and reports the behavior of a user accessing a database, and is used for helping the user generate a compliance report and trace the source of an accident afterwards, simultaneously strengthening the record of internal and external network behaviors and improving the safety of the data assets, the behavior audit mainly records the internet surfing behavior of the user, and comprehensively manages the bandwidth, illegal sites and access duration of the user, the network audit dynamically monitors communication contents, network behaviors and network flow in real time by acquiring, analyzing and identifying network data, finds and captures various sensitive information and illegal behaviors, gives an alarm in real time and responds to the alarm, various conversations and events in the network system are comprehensively recorded, and the application audit analyzes the behavior of business personnel accessing the application system, Analyzing, recording and reporting to help users plan prevention in advance, real-time monitoring in the process, response of violation behaviors, regulation report after the fact, accident tracking and tracing, strengthen internal and external network behavior supervision, promote normal operation of core assets, understand self operation conditions through log audit, solve BUG problems and view operation and maintenance operations from a log view angle.
3. The method for auditing and analyzing knowledge-graph driven network security logs according to claim 1, wherein in the step of S2, the network logs are classified into four categories, a security management center log, a security computing environment log, a security region boundary log and a security communication network log.
4. The method for auditing and analyzing knowledge-graph-driven network security logs according to claim 1, wherein in the step of S3, the data processing includes data validity verification, normalization, enrichment and labeling.
5. The method of claim 1, wherein in step S5, the level protection grading record divides the assets into five levels according to the affected objects and the affected objects' degrees of attack, wherein one level represents the lightest degree of importance and the five levels represent the highest degree of importance.
6. The method for auditing and analyzing a security log driven by a knowledge graph according to claim 1, wherein in the step S7, the server, the network device and the security device are respectively labeled as E, F, G, the sub-servers under the server are labeled as E1, E2, E3... En, n is a positive integer greater than or equal to 1, the specific network device is labeled as F1, F2, F3... Fn, n is a positive integer greater than or equal to 1, the specific network device is labeled as G1, G2, G3... Gn, n is a positive integer greater than or equal to 1, the data number in the security level protection log knowledge graph is in a three-dimensional coordinate form, the data number exemplified by E1, F1, H is the first bit represents the sending node of the data, F1 represents the receiving node of the data, wherein H represents detailed information of the data in the security level protection log knowledge graph, i.e., representing data sent from the E1 server that is received by the F1 network device.
7. The method for auditing and analyzing safety logs driven by a knowledge graph according to claim 1, wherein in the step S8, the servers, the network devices and the safety devices are respectively marked as A, B, C, the sub-servers under the servers are marked as a1, a2, A3.. An, n is a positive integer greater than or equal to 1, the specific network devices are marked as B1, B2, B3.. Bn, n is a positive integer greater than or equal to 1, the specific network devices are marked as C1, C2, C3... Cn, n is a positive integer greater than or equal to 1 and is numbered in a three-dimensional coordinate form, the data numbers as a1, B1 and D are taken as examples, the first bit represents An issuing node of the data, and B1 represents a receiving node of the data, wherein D represents detailed information of the specific data, that is data issued from the a1 and received by a B1 network device.
8. The method of claim 1, wherein in step S9, the data numbers in the security level protection log are compared with the real-time data numbers, a corresponds to E, B corresponds to F, C corresponds to G, the three-dimensional numbers are compared from the first to the second and finally to the third, the data numbers in the log correspond to the first and the second of the real-time data numbers one-to-one, example a1 corresponds to E1, B1 corresponds to F1, and C1 corresponds to G1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011272117.7A CN112291261A (en) | 2020-11-13 | 2020-11-13 | Network security log audit analysis method driven by knowledge graph |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011272117.7A CN112291261A (en) | 2020-11-13 | 2020-11-13 | Network security log audit analysis method driven by knowledge graph |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112291261A true CN112291261A (en) | 2021-01-29 |
Family
ID=74398017
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011272117.7A Pending CN112291261A (en) | 2020-11-13 | 2020-11-13 | Network security log audit analysis method driven by knowledge graph |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112291261A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113158229A (en) * | 2021-03-16 | 2021-07-23 | 深圳供电局有限公司 | Data auditing method based on knowledge graph |
| CN113568987A (en) * | 2021-07-29 | 2021-10-29 | 湖南大学 | Training method and device for knowledge graph embedded model and computer equipment |
| CN115208627A (en) * | 2022-06-07 | 2022-10-18 | 广西双正工程监理服务有限公司 | Information system safety detection evaluation and processing system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270785A (en) * | 2018-01-15 | 2018-07-10 | 中国人民解放军国防科技大学 | Knowledge graph-based distributed security event correlation analysis method |
| CN109005069A (en) * | 2018-08-29 | 2018-12-14 | 中国人民解放军国防科技大学 | Network security knowledge graph association analysis method based on heaven-earth integrated network |
| CN109922075A (en) * | 2019-03-22 | 2019-06-21 | 中国南方电网有限责任公司 | Network security knowledge map construction method and apparatus, computer equipment |
-
2020
- 2020-11-13 CN CN202011272117.7A patent/CN112291261A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270785A (en) * | 2018-01-15 | 2018-07-10 | 中国人民解放军国防科技大学 | Knowledge graph-based distributed security event correlation analysis method |
| CN109005069A (en) * | 2018-08-29 | 2018-12-14 | 中国人民解放军国防科技大学 | Network security knowledge graph association analysis method based on heaven-earth integrated network |
| CN109922075A (en) * | 2019-03-22 | 2019-06-21 | 中国南方电网有限责任公司 | Network security knowledge map construction method and apparatus, computer equipment |
Non-Patent Citations (3)
| Title |
|---|
| 王瑞萍等: "审计知识图谱的构建与研究――基于Neo4j的图谱技术", 《中国注册会计师》 * |
| 董聪等: "面向网络空间安全情报的知识图谱综述", 《信息安全学报》 * |
| 陶源等: "基于知识图谱驱动的网络安全等级保护日志审计分析模型研究", 《信息网络安全》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113158229A (en) * | 2021-03-16 | 2021-07-23 | 深圳供电局有限公司 | Data auditing method based on knowledge graph |
| CN113568987A (en) * | 2021-07-29 | 2021-10-29 | 湖南大学 | Training method and device for knowledge graph embedded model and computer equipment |
| CN113568987B (en) * | 2021-07-29 | 2024-01-26 | 湖南大学 | Training method and device for knowledge graph embedded model and computer equipment |
| CN115208627A (en) * | 2022-06-07 | 2022-10-18 | 广西双正工程监理服务有限公司 | Information system safety detection evaluation and processing system |
| CN115208627B (en) * | 2022-06-07 | 2024-03-22 | 广西双正工程监理服务有限公司 | Information system security detection evaluation and processing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112291261A (en) | Network security log audit analysis method driven by knowledge graph | |
| CN107579956B (en) | User behavior detection method and device | |
| CN112417477A (en) | Data security monitoring method, device, equipment and storage medium | |
| Zhang et al. | Twitter trends manipulation: a first look inside the security of twitter trending | |
| Singh et al. | Continuous auditing and continuous monitoring in ERP environments: Case studies of application implementations | |
| CN109446817A (en) | A kind of detection of big data and auditing system | |
| CN106201886A (en) | The Proxy Method of the checking of a kind of real time data task and device | |
| CN107392022A (en) | Reptile identification, processing method and relevant apparatus | |
| CN106528828A (en) | Multi-dimensional checking rule-based data quality detection method | |
| CN110020687A (en) | Abnormal behaviour analysis method and device based on operator's Situation Awareness portrait | |
| CN115001934A (en) | Industrial control safety risk analysis system and method | |
| Li | Event Mining | |
| CN106201887B (en) | A kind of verification method and device of off-line data task | |
| CN117195250A (en) | Data security management method and system | |
| Hemdan et al. | Spark-based log data analysis for reconstruction of cybercrime events in cloud environment | |
| Skopik et al. | Smart Log Data Analytics | |
| CN111930726A (en) | Off-line form-based grade protection evaluation data acquisition and analysis method and system | |
| CN109711849B (en) | Ether house address portrait generation method and device, electronic equipment and storage medium | |
| RU180789U1 (en) | DEVICE OF INFORMATION SECURITY AUDIT IN AUTOMATED SYSTEMS | |
| Mohammad et al. | A novel local network intrusion detection system based on support vector machine | |
| CN117370548A (en) | User behavior risk identification method, device, electronic equipment and medium | |
| Design of a network security audit system based on log data mining | ||
| CN114186118A (en) | Network public opinion topic information processing system, method, storage medium and terminal | |
| WO2017038221A1 (en) | Device for outputting information for inspection and for analyzing system tendency through analysis and translation of computer operation log | |
| Chen et al. | Applying a random forest approach to imbalanced dataset on network monitoring analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210129 |