CN112333166B - Attack mode automatic identification system based on Internet of things - Google Patents

Attack mode automatic identification system based on Internet of things Download PDF

Info

Publication number
CN112333166B
CN112333166B CN202011163524.4A CN202011163524A CN112333166B CN 112333166 B CN112333166 B CN 112333166B CN 202011163524 A CN202011163524 A CN 202011163524A CN 112333166 B CN112333166 B CN 112333166B
Authority
CN
China
Prior art keywords
attack
module
host
automatic identification
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011163524.4A
Other languages
Chinese (zh)
Other versions
CN112333166A (en
Inventor
韩世海
景钰文
朱珠
梁花
高爽
李玮
张森
晏尧
王凌云
雷娟
徐鑫
张伟
李洋
徐镭洋
张逸
於舰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of State Grid Chongqing Electric Power Co Ltd
State Grid Corp of China SGCC
Original Assignee
Electric Power Research Institute of State Grid Chongqing Electric Power Co Ltd
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of State Grid Chongqing Electric Power Co Ltd, State Grid Corp of China SGCC filed Critical Electric Power Research Institute of State Grid Chongqing Electric Power Co Ltd
Priority to CN202011163524.4A priority Critical patent/CN112333166B/en
Publication of CN112333166A publication Critical patent/CN112333166A/en
Application granted granted Critical
Publication of CN112333166B publication Critical patent/CN112333166B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an attack mode automatic identification system based on the Internet of things, which comprises a network security monitoring system, an attack mode automatic identification module and a host, wherein the network security monitoring system comprises a security interaction platform and a logic isolation device which are arranged at the boundary of an information intranet server and an information extranet server, and an IPS/IDS device identifies an intrusion threat; the honeypot system refines the attack characteristics of the intruder; the APT attack detection equipment identifies advanced persistent threats; the attack tracing equipment restores the attack behavior and positions the invader through the invader positioning information module; the DNS monitoring system locates the attacked host; the behavior tracking system and the behavior analysis and verification module form service access control, and the host is in signal connection with the intranet server through the attack mode automatic identification module; the method realizes active identification of intrusion threats, extraction of attack characteristics of intruders, identification of high-level persistent threats, reduction of attack behaviors and positioning of intruders, and improves protection of hosts and data.

Description

Attack mode automatic identification system based on Internet of things
Technical Field
The invention relates to the technical field of Internet of things, in particular to an attack mode automatic identification system based on the Internet of things.
Background
The traditional internet is mature in development and wide in application, and security holes still exist. As a new product, the Internet of things has a more complex system structure and no unified standard, and the safety problem in all aspects is more prominent. The key realization technology is that a sensing network is exposed to a natural environment, particularly some sensors placed in a severe environment, how to maintain the integrity of the network for a long time puts new requirements on the sensing technology, and the sensing network must have a self-healing function. This is not only influenced by environmental factors, but also more severely by human factors. The RFID is another key implementation technology, namely, the electronic tag is put into an article in advance to achieve a real-time monitoring state, so that some personal privacy is exposed to some owners of part of tagged articles, and the safety of personal information has a problem. Not only personal information security, but also cooperation between enterprises and countries is quite common nowadays, and once a network is attacked, the consequences are much more unthinkable.
The power industry of China shifts from a high-speed growth stage to a high-quality development stage, and is in the hard stage of changing a development mode, optimizing a supply and demand structure and converting growth power, a new round of power system reformation requires a power grid enterprise to accelerate power transmission and distribution price reformation, the power grid enterprise urgently needs to realize innovation and application of a business mode through digitization, the automation, digitization and intelligence levels of a power system are continuously improved, and the development of the industry is supported.
The power system improves the automation, digitization and intelligence levels, and simultaneously needs to attach more attention to the network security monitoring system, once the power network is attacked, the consequences are afraid of imagination, and as the prior art lacks an attack mode automatic identification system based on the Internet of things, the invasion threat is difficult to identify, the attack characteristics of an intruder are difficult to refine, advanced persistent threat cannot be identified, the attack behavior is difficult to restore, the intruder cannot be positioned, the host computer receiving the attack is difficult to position, the protection effect on the host computer and data is unsatisfactory, so that the attack mode automatic identification system based on the Internet of things needs to be redesigned.
Disclosure of Invention
The invention aims to provide an attack mode automatic identification system based on the Internet of things, and aims to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: an attack mode automatic identification system based on the Internet of things comprises: the system comprises a network security monitoring system, an attack mode automatic identification module and a host, wherein the network security monitoring system comprises a security interaction platform and logic isolation equipment which are arranged at the boundary of an information intranet server and an information extranet server;
the attack mode automatic identification module comprises an IPS/IDS device, a honeypot system, an APT attack detection device, an attack tracing device, a positioning invader information module, a DNS monitoring system, a behavior tracking system and a behavior analysis and verification module, wherein the IPS/IDS device identifies an invasion threat, and the honeypot system refines the attack characteristics of the invader; the APT attack detection equipment identifies advanced persistent threats; the attack tracing equipment restores the attack behavior and positions the invader through the invader positioning information module; the DNS monitoring system locates the attacked host; the behavior tracking system and the behavior analysis and verification module form service access control;
the host is in signal connection with the intranet server through the attack mode automatic identification module;
the host is electrically connected with a host protection system and a database switch, the host is electrically connected with a database through the database switch, and the database is configured with the database protection system.
By adopting the technical scheme, the network security monitoring system is used for carrying out primary monitoring on the Internet of things, and the honeypot system is used for refining the attack characteristics of the intruder; the APT attack detection equipment identifies advanced persistent threats; the attack tracing equipment restores the attack behavior and positions the invader through the invader positioning information module; the DNS monitoring system locates the attacked host; the behavior tracking system and the behavior analysis and verification module form service access control, active intrusion threat identification, intruder attack characteristic extraction, advanced persistent threat identification, attack behavior restoration and intruder positioning are achieved, the analysis and verification module analyzes the fingerprint characteristics of the internet of things terminal, the security situation data and the internet of things attack path, the security performance is greatly improved, the host under attack can be quickly positioned, and rapid processing is conveniently carried out.
Preferably, the network security monitoring system comprises a boundary security division module, a boundary access control module, a boundary intrusion prevention module, a WEB application protection module, a network audit module, an APT attack detection module, a boundary DDOS attack protection module, an interface control module and an interface authentication module.
By adopting the technical scheme, the information extranet server interface and the safety of the outer boundary are ensured.
Preferably, the host protection system comprises a network device and a hardware device security detection system.
By adopting the technical scheme, the host is protected in all directions.
Preferably, the network device and hardware device security detection system includes a security device configuration checking tool, a firewall policy unified management and control, a security baseline system, and a host monitoring and response system.
By adopting the technical scheme, the safety of the host is protected in all directions from a plurality of sides such as equipment configuration, network flow, dynamic response and the like.
Preferably, the host protection system comprises an investigation and evidence obtaining system, a configuration missing scanning device and a unified vulnerability patch marketing and control system.
By adopting the technical scheme, the host protection system comprises an investigation and evidence obtaining system, so that the investigation accuracy and traceability of network events are ensured; and a missed scanning device and a unified vulnerability patch control system are configured, so that the security vulnerability of the host can be found in time, and the closed loop is reformed.
Preferably, the host is also electrically connected with a safety audit system, a comprehensive log audit system, a service system safety risk detection platform, a network fault positioning system and a network data safety monitoring system.
By adopting the technical scheme, the network state and the information system running state are detected in real time through the safety audit system, the comprehensive log audit system, the service system safety risk detection platform, the network fault positioning system and the network data safety monitoring system.
Preferably, the database protection system comprises a database firewall, the database is connected with the database firewall, and the database switch is connected with the database auditing system; the database switch is electrically connected with a network DLP device.
By adopting the technical scheme, the database protection system comprises a database firewall, the database is connected with the database firewall, and the database switch is connected with the database auditing system to ensure that the operation of the database is strictly audited; the execution of illegal addition, deletion, modification and check operations is avoided; the database switch is electrically connected with a network DLP device, and is used for performing content identification, threat monitoring and safety protection on sensitive data in a network, so that sensitive data leakage protection in the network is realized.
Preferably, the host is electrically connected with a data processing system, and the data processing system comprises data destruction equipment, data encryption equipment and data desensitization equipment; the data destruction equipment ensures that the destroyed data can not be recovered through a state secret authentication algorithm; the data encryption equipment meets the requirements on key data encryption storage and ciphertext access functions.
By adopting the technical scheme, the data desensitization equipment meets the data stamping requirement according to the equal protection requirement, and the traceability of data is ensured by the technical means of sensitive field carding, data invisible mark implantation and the like; data safety protection needs to be enhanced by data safety protection, technical examination, detection, monitoring audit and emergency treatment measures, and the technical protection of the data whole life cycle is enhanced; wherein, the business secret data is mainly protected according to the security and confidentiality requirements of the country and the company; important data should adopt security measures such as data encryption, authority control, security audit, data destruction, data desensitization and the like to ensure data security.
Preferably, the host is electrically connected with a login detection module, and the login detection module comprises a face detection module, a fingerprint detection module and a voice detection module.
By adopting the technical scheme, the malicious login of non-working personnel to the host is prevented through the face detection module, the fingerprint detection module and the voice detection module.
Preferably, the host is electrically connected with a dynamic backup recovery tool, monitors all running tracks including the operating system, realizes holographic log collection, and realizes that the whole system including the system disk and all other data disks is restored to any specified time within 10 minutes.
By adopting the technical scheme, the data can be conveniently recovered through the dynamic backup recovery tool.
Compared with the prior art, the invention has the beneficial effects that:
the method comprises the steps that a network security monitoring system is used for carrying out primary monitoring on the Internet of things, and intrusion threats are identified through an IPS/IDS device; the honeypot system refines the attack characteristics of the intruder; the APT attack detection equipment identifies advanced persistent threats; the attack tracing equipment restores the attack behavior and positions the invader through the invader positioning information module; the DNS monitoring system locates the attacked host; the behavior tracking system and the behavior analysis and verification module form service access control, active identification of intrusion threats, extraction of attack characteristics of intruders, identification of advanced persistent threats, reduction of attack behaviors and positioning of the intruders are realized, the analysis and verification module analyzes fingerprint characteristics of an internet of things terminal, security situation data and an internet of things attack path, the security performance is greatly improved, an attacked host can be rapidly positioned, and rapid processing is facilitated;
the safety of the host is protected in all directions from a plurality of sides such as equipment configuration, network flow, dynamic response and the like;
the host protection system comprises an investigation and evidence-obtaining system, and the investigation accuracy and traceability of network events are ensured; configuring a missing scanning device and a unified vulnerability patch control system, ensuring the timely discovery of the security vulnerability of the host, and performing closed-loop modification;
the method comprises the steps that the network state and the running state of an information system are detected in real time, a database protection system comprises a database firewall, a database is connected with the database firewall, and a database switch is connected with a database auditing system to ensure that the operation of the database is strictly audited; the execution of illegal addition, deletion, modification and check operations is avoided; the database switch is electrically connected with a network DLP device, and is used for performing content identification, threat monitoring and safety protection on sensitive data in a network, so that sensitive data leakage protection in the network is realized;
the malicious login of non-working personnel to the host is prevented through the face detection module, the fingerprint detection module and the voice detection module;
and the data is conveniently recovered through a dynamic backup recovery tool.
Drawings
FIG. 1 is a schematic structural diagram of an attack mode automatic identification system based on the Internet of things;
FIG. 2 is a schematic structural diagram of an attack mode automatic identification module;
FIG. 3 is a schematic diagram of a network security monitoring system;
FIG. 4 is a schematic diagram of a host protection system;
FIG. 5 is a block diagram of a data processing system;
fig. 6 is a schematic structural diagram of the login detection module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Referring to fig. 1-6, the present invention provides a technical solution:
an attack mode automatic identification system based on the Internet of things comprises a network security monitoring system, an attack mode automatic identification module and a host, wherein the network security monitoring system (shown in figures 1 and 3) comprises a security interaction platform and a logic isolation device which are arranged at the boundary of an information intranet server and an information extranet server; the network security monitoring system comprises a boundary security division module, a boundary access control module, a boundary intrusion prevention module, a WEB application protection module, a network audit module, an APT attack detection module, a boundary DDOS attack protection module, an interface control module and an interface authentication module, and ensures the information extranet server interface and the security of the outer boundary;
an attack mode automatic identification module (as shown in fig. 1 and fig. 2), wherein the attack mode automatic identification module comprises an IPS/IDS device, a honeypot system, an APT attack detection device, an attack tracing device, a positioning intruder information module, a DNS monitoring system, a behavior tracking system and a behavior analysis check module, the IPS/IDS device identifies an intrusion threat, and the honeypot system refines intruder attack characteristics; the APT attack detection equipment identifies advanced persistent threats; the attack tracing equipment restores the attack behavior and positions the invader through the invader positioning information module; the DNS monitoring system locates the attacked host; the behavior tracking system and the behavior analysis and verification module form service access control; primarily monitoring the Internet of things through a network security monitoring system, and refining the attack characteristics of the intruder through a honeypot system; the APT attack detection equipment identifies advanced persistent threats; the attack tracing equipment restores the attack behavior and positions the invader through the invader positioning information module; a DNS monitoring system locates the attacked host; the behavior tracking system and the behavior analysis and verification module form service access control, active recognition of intrusion threats, extraction of attack characteristics of intruders, recognition of advanced persistent threats, reduction of attack behaviors and positioning of the intruders are achieved, the analysis and verification module analyzes fingerprint characteristics of the internet of things terminal, security situation data and internet of things attack paths, safety performance is greatly improved, a host which is attacked can be rapidly positioned, and rapid processing is conveniently carried out.
The host is in signal connection with the intranet server through the attack mode automatic identification module;
the host is electrically connected with a host protection system and a database switch (as shown in fig. 1 and 4);
the host machine protection system comprises network equipment and a hardware equipment safety detection system, wherein the network equipment and hardware equipment safety detection system comprises a safety equipment configuration checking tool, a firewall strategy unified management and control system, a safety baseline system and a host machine monitoring and response system, and the host machine safety is protected in an all-around way from multiple sides of equipment configuration, network flow, dynamic response and the like; the host protection system comprises an investigation and forensics system, configured missing scanning equipment and a unified vulnerability patch marketing and control system, and the host protection system comprises an investigation and forensics system (shown in figure 1) and ensures the investigation accuracy and traceability of network events; configuring a missing scanning device and a unified vulnerability patch control system, ensuring the timely discovery of the security vulnerability of the host, and performing closed-loop modification;
the host is electrically connected with a database (as shown in figure 1) through a database switch, the database is provided with a database protection system, the database protection system comprises a database firewall, the database is connected with the database firewall, and the database switch is connected with a database auditing system to ensure that the operation of the database is strictly audited; the execution of illegal addition, deletion, modification and check operations is avoided; the database switch is electrically connected with a network DLP device, and is used for performing content identification, threat monitoring and safety protection on sensitive data in a network, so that sensitive data leakage protection in the network is realized;
the host is also electrically connected with a safety audit system, a comprehensive log audit system, a service system safety risk detection platform, a network fault positioning system and a network data safety monitoring system (shown in figure 1), and a network state and an information system running state are detected in real time through the safety audit system, the comprehensive log audit system, the service system safety risk detection platform, the network fault positioning system and the network data safety monitoring system;
the host is electrically connected with a data processing system (as shown in fig. 1 and 5), and the data processing system comprises a data destruction device, a data encryption device and a data desensitization device; the data destruction equipment ensures that the destroyed data can not be recovered through a state secret authentication algorithm; the data encryption equipment meets the requirements on key data encryption storage and ciphertext access functions, the data desensitization equipment meets the requirements on data stamping according to the requirements of equal protection, and the traceability of data is ensured through technical means such as sensitive field carding, data invisible mark implantation and the like; data safety protection needs to be enhanced by data safety protection, technical examination, detection, monitoring audit and emergency treatment measures, and technical protection of the data whole life cycle is enhanced. Wherein, the business secret data is mainly protected according to the security and confidentiality requirements of the country and the company; important data should adopt security measures such as data encryption, authority control, security audit, data destruction, data desensitization and the like to ensure data security.
The host is electrically connected with a login detection module, the login detection module comprises a face detection module, a fingerprint detection module and a voice detection module, and the non-working personnel is prevented from maliciously logging in the host (as shown in fig. 1 and 6) through the face detection module, the fingerprint detection module and the voice detection module; the host is electrically connected with a dynamic backup recovery tool, monitors all running tracks including an operating system, realizes holographic log collection, realizes that the whole system including a system disk and all other data disks is restored to any specified time within 10 minutes, and is convenient for recovering data through the dynamic backup recovery tool.
The parts not involved in the present invention are the same as or can be implemented by the prior art. Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. An attack mode automatic identification system based on the Internet of things is characterized in that: the system comprises a network security monitoring system, an attack mode automatic identification module and a host, wherein the network security monitoring system comprises a security interaction platform and a logic isolation device which are arranged at the boundary of an information intranet server and an information extranet server;
the attack mode automatic identification module comprises an IPS/IDS device, a honeypot system, an APT attack detection device, an attack tracing device, an intruder positioning information module, a DNS monitoring system, a behavior tracking system and a behavior analysis and verification module, wherein the IPS/IDS device identifies an intrusion threat; the honeypot system refines the attack characteristics of the intruder; the APT attack detection equipment identifies advanced persistent threats; the attack tracing equipment restores the attack behavior and positions the invader through the invader positioning information module; the DNS monitoring system locates the attacked host; the behavior tracking system and the behavior analysis and verification module form service access control;
the host is in signal connection with the intranet server through the attack mode automatic identification module;
the host is electrically connected with a host protection system and a database switch, the host is electrically connected with a database through the database switch, and the database is configured with the database protection system.
2. The internet of things-based attack mode automatic identification system according to claim 1, characterized in that: the network security monitoring system also comprises a boundary security division module, a boundary access control module, a boundary intrusion prevention module, a WEB application protection module, a network audit module, an APT attack detection module, a boundary DDOS attack protection module, an interface control module and an interface authentication module.
3. The attack mode automatic identification system based on the internet of things according to claim 1, characterized in that: the host protection system comprises network equipment and a hardware equipment safety detection system.
4. The internet of things-based attack mode automatic identification system according to claim 3, characterized in that: the network equipment and hardware equipment safety detection system comprises a safety equipment configuration checking tool, firewall strategy unified management and control, a safety baseline system and a host monitoring and response system.
5. The internet of things-based attack mode automatic identification system according to claim 1, characterized in that: the host protection system comprises a survey evidence obtaining system, configured missing scanning equipment and a unified vulnerability patch marketing and control system.
6. The internet of things-based attack mode automatic identification system according to claim 1, characterized in that: the host is also electrically connected with a safety audit system, a comprehensive log audit system, a service system safety risk detection platform, a network fault positioning system and a network data safety monitoring system.
7. The internet of things-based attack mode automatic identification system according to claim 1, characterized in that: the database protection system comprises a database firewall, the database firewall is connected with the database switch, the database switch is connected with a database auditing system, and the database switch is electrically connected with a network DLP device.
8. The attack mode automatic identification system based on the internet of things according to claim 1, characterized in that: the host is electrically connected with a data processing system, and the data processing system comprises data destruction equipment, data encryption equipment and data desensitization equipment; the data destruction equipment ensures that the destroyed data can not be recovered through a state secret authentication algorithm; the data encryption equipment meets the requirements on key data encryption storage and ciphertext access functions; the data desensitization equipment meets the data stamping requirement according to the equal insurance requirement, and the traceability of the data is ensured through technical means such as sensitive field combing, data invisible mark implanting and the like.
9. The internet of things-based attack mode automatic identification system according to claim 1, characterized in that: the host computer electric connection has the detection module that logs in, and the detection module that logs in includes face detection module, fingerprint detection module, pronunciation detection module.
10. The attack mode automatic identification system based on the internet of things according to claim 1, characterized in that: the host is electrically connected with a dynamic backup recovery tool, monitors all running tracks including the operating system, realizes holographic log collection, and realizes that the whole system including the system disk and all other data disks is restored to any specified time within 10 minutes.
CN202011163524.4A 2020-10-27 2020-10-27 Attack mode automatic identification system based on Internet of things Active CN112333166B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011163524.4A CN112333166B (en) 2020-10-27 2020-10-27 Attack mode automatic identification system based on Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011163524.4A CN112333166B (en) 2020-10-27 2020-10-27 Attack mode automatic identification system based on Internet of things

Publications (2)

Publication Number Publication Date
CN112333166A CN112333166A (en) 2021-02-05
CN112333166B true CN112333166B (en) 2023-04-18

Family

ID=74296456

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011163524.4A Active CN112333166B (en) 2020-10-27 2020-10-27 Attack mode automatic identification system based on Internet of things

Country Status (1)

Country Link
CN (1) CN112333166B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114679291B (en) * 2021-05-31 2024-04-09 北京网藤科技有限公司 System for be used for industrial network intrusion monitoring
CN114629676B (en) * 2021-11-26 2024-03-19 中国大唐集团科学技术研究院有限公司火力发电技术研究院 Safety protection system and method for thermal power generating unit fuel system
CN114285623B (en) * 2021-12-21 2023-01-20 北京永信至诚科技股份有限公司 Evaluation method and device for network security honeypot system indexes
CN114640527B (en) * 2022-03-21 2023-03-24 重庆市规划和自然资源信息中心 Real estate registration service network security risk identification method and system based on log audit
CN116578434B (en) * 2023-05-15 2023-10-20 合芯科技(苏州)有限公司 Information notification management system and method for IC design platform

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101567888B (en) * 2008-12-29 2011-12-21 郭世泽 Safety protection method of network feedback host computer
CN108259472A (en) * 2017-12-28 2018-07-06 广州锦行网络科技有限公司 Dynamic joint defence mechanism based on attack analysis realizes system and method
US11354406B2 (en) * 2018-06-28 2022-06-07 Intel Corporation Physics-based approach for attack detection and localization in closed-loop controls for autonomous vehicles
CN110099060A (en) * 2019-05-07 2019-08-06 瑞森网安(福建)信息科技有限公司 A kind of network information security guard method and system
CN111490970A (en) * 2020-02-19 2020-08-04 西安交大捷普网络科技有限公司 Tracing analysis method for network attack

Also Published As

Publication number Publication date
CN112333166A (en) 2021-02-05

Similar Documents

Publication Publication Date Title
CN112333166B (en) Attack mode automatic identification system based on Internet of things
CN103413088B (en) A kind of computer document operation safety auditing system
CN108632276B (en) Computer network information safety system
CN105553940A (en) Safety protection method based on big data processing platform
CN115314286A (en) Safety guarantee system
CN114418263A (en) A defense system for power monitoring device of thermal power plant
CN111914300A (en) Document encryption device and method for preventing file leakage
Aboelfotoh et al. A review of cyber-security measuring and assessment methods for modern enterprises
CN108521431A (en) A kind of information security of computer network system
CN112235243A (en) Log audit security platform based on Web application security
CN111600890A (en) Network security perception system based on big data
Manral et al. Establishing forensics capabilities in the presence of superuser insider threats
Liu Discussion and Practice of Computer Network Information and Network Security Protection Strategy
Lei et al. Self-recovery Service Securing Edge Server in IoT Network against Ransomware Attack.
CN112261017A (en) Server abnormal behavior monitoring and management method oriented to cloud computing environment
CN112131576A (en) Safety protection system for power plant database
Yang et al. Analysis of Computer Network Security and Prevention Technology
Teymourlouei et al. Detecting and preventing information security breaches
Rani A Perspective for Intrusion Detection & Prevention in Cloud Environment
Wang et al. Research on the information security technology of university campus network
Sun et al. Research on the design of the implementation plan of network security level protection of information security
Gu et al. Optimization Strategy of Computer Network Security Technology in Big Data Environment
Li et al. The Application of the Key Technology and Security Model in University Ideological and Political Network
Wang Identification of Factors Influencing Enterprise Data Security Risks under the Background of Digital Transformation
Sun et al. Research on Security Evaluation Technology of Intelligent Video Terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Han Shihai

Inventor after: Lei Juan

Inventor after: Xu Xin

Inventor after: Zhang Wei

Inventor after: Li Yang

Inventor after: Xu Leiyang

Inventor after: Zhang Yi

Inventor after: Yu Jian

Inventor after: Jing Yuwen

Inventor after: Zhu Zhu

Inventor after: Liang Hua

Inventor after: Gao Shuang

Inventor after: Li Wei

Inventor after: Zhang Sen

Inventor after: Yan Yao

Inventor after: Wan Lingyun

Inventor before: Han Shihai

Inventor before: Lei Juan

Inventor before: Xu Xin

Inventor before: Zhang Wei

Inventor before: Li Yang

Inventor before: Xu Leiyang

Inventor before: Zhang Yi

Inventor before: Yu Jian

Inventor before: Jing Yuwen

Inventor before: Zhu Zhu

Inventor before: Liang Hua

Inventor before: Gao Shuang

Inventor before: Li Wei

Inventor before: Zhang Sen

Inventor before: Yan Yao

Inventor before: Wang Lingyun