CN112367190A - Network space security situation real-time detection method and system - Google Patents

Network space security situation real-time detection method and system Download PDF

Info

Publication number
CN112367190A
CN112367190A CN202011133686.3A CN202011133686A CN112367190A CN 112367190 A CN112367190 A CN 112367190A CN 202011133686 A CN202011133686 A CN 202011133686A CN 112367190 A CN112367190 A CN 112367190A
Authority
CN
China
Prior art keywords
data
risk
data stream
network
real
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011133686.3A
Other languages
Chinese (zh)
Inventor
黄杰
黄河
骆诗湘
黄峥琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202011133686.3A priority Critical patent/CN112367190A/en
Publication of CN112367190A publication Critical patent/CN112367190A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/211Schema design and management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention is suitable for the field of computer security, and particularly relates to a method and a system for detecting the security situation of a network space in real time, which comprises the following steps: capturing and copying real-time network data to obtain completely identical data streams to be detected and data streams to be released; detecting the data stream to be detected by using a trained network security detector to obtain a risk-free data stream release list; and selectively receiving the data stream to be released according to the risk-free data stream release list, and generating a real-time risk situation chart according to the risk-free data stream release list. The invention avoids the danger that the host computer is exposed to the network threat when the network security detector is broken through, greatly improves the security performance, and can help the management personnel to quickly know the security of the current network environment by analyzing the risk-free data stream release list to obtain the real-time risk situation chart.

Description

Network space security situation real-time detection method and system
Technical Field
The invention belongs to the field of computer security, and particularly relates to a method and a system for detecting a network space security situation in real time.
Background
With the continuous development of the internet scale and the application field, the foundation and global position of the internet is gradually enhanced. Meanwhile, network attacks and destruction behaviors are increasing day by day, and the characteristics of organization densification, behavior trending and target directness are gradually presented.
The current network security protection mainly depends on single-point security devices such as virus detection, intrusion detection and firewall, and because of the lack of effective cooperation among the devices, the efficiency of various security devices cannot be fully exerted, and the network security problem becomes a main problem influencing the development of the Internet and various applications. The network security situation awareness is generated under the background, and aims to grasp the security condition of network operation and the future development trend on the whole, perceive various threats faced by the current network in real time, and provide decision basis for timely and accurately taking countermeasures, so that the risk and loss brought by network threats are reduced to the minimum.
The existing single-point security device detects the network data through the network security detector, so that the network data is connected with the host through the network security detector, and once the network threat existing in the network data breaks through the network security detector, the host is directly threatened. Therefore, although the single-point safety equipment has a certain protection effect, the protection effect is not ideal.
Disclosure of Invention
The embodiment of the invention provides a real-time detection method for network space security situation, aiming at solving the problems in the background technology.
The embodiment of the invention is realized in such a way that a method for detecting the security situation of a network space in real time comprises the following steps:
capturing and copying real-time network data to obtain completely identical data streams to be detected and data streams to be released;
detecting the data stream to be detected by using a trained network security detector to obtain a risk-free data stream release list;
and selectively receiving the data stream to be released according to the risk-free data stream release list, and generating a real-time risk situation chart according to the risk-free data stream release list.
Preferably, the training process of the network security detector is as follows:
establishing a training database, wherein the training database comprises safety data, risk data and a data attribute list;
randomly reading all the safety data and the risk data, analyzing information contained in the safety data and the risk data, and generating corresponding information vectors;
reading a data attribute list, and dividing information vectors into a safety data information vector and a dangerous data information vector;
and calculating to obtain a data risk evaluation function according to all the safety data information vectors and the dangerous data information vectors.
Preferably, the process of detecting the data stream to be detected by using the trained network security detector to obtain the risk-free data stream release list further includes analyzing the network data to generate a corresponding network data information vector, and correcting the network security detector according to the network data information vector.
Preferably, after the process of detecting the data stream to be detected by using the trained network security detector to obtain the risk-free data stream release list, the method further includes:
deriving a risk data stream, and carrying out flow cleaning on the risk data stream to obtain a reduction data stream;
a restore data stream is received.
Another object of the present invention is to provide a real-time network space security situation detection system, which includes:
the data distribution end is used for capturing and copying real-time network data to obtain completely identical data streams to be detected and data streams to be released, and respectively transmitting the data streams to be detected and the data streams to be released to the network security detector and the data memory;
the network security detector is used for detecting the data stream to be detected, generating a risk-free data stream release list and sending the risk-free data stream release list to the data storage;
the data memory is used for storing the data stream to be released, receiving the risk-free data stream release list and selectively sending the data stream to be released to the host according to the risk-free data stream release list;
and the host is used for receiving the data stream to be detected and the risk-free data stream release list and generating a real-time risk situation chart according to the risk-free data stream release list.
Preferably, the real-time network space security situation detection system further includes a flow cleaning module, where the flow cleaning module is configured to perform flow cleaning on a dangerous data stream in the data stream to be detected to obtain a cleaned data stream, and transmit the cleaned data stream to the data storage.
Preferably, the network security detector includes a modification module, where the modification module is used for generating a corresponding network data information vector from the network data, and modifying the detection policy of the network security detector according to the network data information vector.
Preferably, the host is provided with an information visualization module, and the information visualization module is used for converting the risk-free data stream release list into visualization information.
It is a further object of the present invention to provide a computer device comprising a display screen, a memory, a processor and a computer program, wherein the memory has stored therein the computer program, which when executed by the processor, causes the processor to perform the steps of the network space security posture real-time detection method as described above.
It is a further object of the present invention to provide a readable storage medium, on which a computer program is stored, which, when executed by a processor, causes the processor to perform the steps of the cyberspace security posture real-time detection method as described above.
The method has the advantages that the real-time network data are copied and detected, so that the risk-free data flow release list is obtained, data are received according to the risk-free data flow release list, data analysis and data reception are performed separately, so that the situation that a host computer is exposed to network threats when a network security detector is broken through is avoided, the security performance is greatly improved, and in addition, the real-time risk situation chart obtained by analyzing the risk-free data flow release list can help a manager to quickly know the security of the current network environment.
Drawings
Fig. 1 is a network structure diagram of a method for detecting a network space security situation in real time according to an embodiment of the present invention;
fig. 2 is a main flowchart of a method for detecting a network space security situation in real time according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a training process of a network security detector according to an embodiment of the present invention;
fig. 4 is a specific flowchart of a network space security situation real-time detection system according to an embodiment of the present invention;
fig. 5 is a specific flowchart of another network space security situation real-time detection system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the invention, the real-time network data is copied and detected to further obtain the risk-free data stream release list, and finally, the data is received according to the risk-free data stream release list, and the data analysis and the data reception are carried out separately, so that the situation that a host computer is exposed to network threats when a network security detector is broken through is avoided, and the security performance is greatly improved.
The first embodiment is as follows:
fig. 1 is a network structure diagram of a method for detecting a network space security situation in real time according to an embodiment of the present invention;
fig. 2 is a main flow chart of a method for detecting a network space security situation in real time according to an embodiment of the present invention.
According to the method, the real-time network data is copied and separately detected and transmitted, so that the network data is prevented from directly leading to a host, and a real-time risk situation chart is finally drawn.
S101, capturing and copying real-time network data to obtain completely identical data streams to be detected and data streams to be released;
in the invention, all network data are received, the network data comprise information to be transmitted, such as video information, audio information, character information and the like, after the network data are captured, the network data are copied to obtain a same network data, and the two groups of network data are respectively a data stream to be detected and a data stream to be released.
S102, detecting a data stream to be detected by using a trained network security detector to obtain a risk-free data stream release list;
in the present invention, the network security detector is a tool for detecting network data security, and has the capability of parsing data, and there are two common data formats: JSON and XML; the JOSN data analysis process comprises the following steps: firstly creating a JSON file, then including document.h and cos-ext.h header files in the class, then obtaining a JSON file path through FileUtils, analyzing JSON data through a Document object, and finally obtaining different types of data values; the XML data parsing process comprises the following steps: firstly, creating an XML file, then including a header file in the class and using a named file, then obtaining the full path of the XML file, loading the XML file, and finally obtaining and analyzing elements; the risk-free data stream release list records the total amount of recorded data in the data stream to be detected, and information of safety data and risk data.
S103, receiving the data stream to be released selectively according to the risk-free data stream release list, and generating a real-time risk situation chart according to the risk-free data stream release list.
In the present invention, the risk situation graph may be a bar graph, a pie graph or other graphs capable of displaying statistical data.
The network data contains irregular information, the network data is directly detected through the network security detector, although the network data can also be detected and transmitted, once the network security detector has a problem or is maliciously broken through, the host computer is completely exposed to the network data, and therefore the host computer is dangerous. In the invention, real-time network data are firstly obtained from a network, the obtained network data are separately copied, two groups of obtained network data are respectively a data stream to be detected and a data stream to be released, the data contents of the data stream to be detected and the data stream to be released are completely consistent, the data stream to be released is separately stored, the data stream to be detected is transmitted to a network safety detector, the network safety detector is used for analyzing the network data, a corresponding risk-free data stream release list is generated according to the analysis result, the information contained in the risk-free data stream release list is the classification of the data stream to be detected, the data with risks in the data stream to be detected is classified into one type, the data with relative safety is classified into another type, and then the separately stored data stream to be released is selectively received according to the risk-free data stream release list, and finally, generating an implementation risk situation chart by using the risk-free data flow release list, wherein the implementation risk situation chart can be a column chart, a bar chart, a pie chart or other charts capable of displaying statistical data.
Example two:
fig. 3 is a schematic diagram of a training process of the network security detector according to an embodiment of the present invention.
S201, establishing a training database;
in this step, a training database is first consulted, the training database includes safety data, risk data and a data attribute list, the safety data and the risk data are completely analyzed data, the safety and various items of information are completely known, and the data attribute list is used for recording the safety of all the safety data and the safety of the risk data.
S202, randomly reading data in a training database;
in this step, when data is read from the training database, only one piece of data is read each time, the piece of data is security data or risk data, a tag is added after the piece of security data or risk data is read, and the security data or risk data to which the tag is added is avoided in the next reading, so that the data is prevented from being read repeatedly.
S203, analyzing the data, generating a corresponding information vector, and storing the information vector;
in this step, after reading the security Data or the risk Data, analyzing the security Data or the risk Data to obtain specific information contained in the security Data or the risk Data, and classifying the specific information, where the type of the information may be a state code, a protocol type, a Header, a User-Agent, Cookies, referees, Data, and the like, and by using the information, establishing a corresponding information vector for each piece of the security Data or the risk Data, where the information vector includes { the state code, the protocol type, the Header, the User-Agent, the Cookies, the referees, Data, … … }.
S204, judging whether the safety data and the risk data in the training database are read completely, if so, turning to S205, and if not, skipping to S202;
in this step, the safety data or risk data in the training database are read through cyclic reading, so as to ensure that all the safety data or risk data are read.
S205, reading a data attribute list in a training database;
in this step, after all the safety data or risk data are read, a data attribute list is obtained from the training database.
S206, dividing the information vector into a safety data information vector and a dangerous data information vector;
in the step, the information vector is divided through the information in the data attribute list, and the whole information vector is divided into a safety data information vector and a dangerous data information vector.
And S207, calculating according to all the safety data information vectors and the dangerous data information vectors to obtain a data risk evaluation function.
In this step, a correlation analysis is performed on vector elements contained in the safety data information vector and the risk data information vector, correlations between the vector elements and the risk data and the safety data are analyzed, vector elements (such as a, B, C … …, and the like) related to the risk data are obtained, weights (such as a, B, C … …, z, and the like) of the vector elements related to the risk data are obtained, a risk index value is set to Dg, and Dg =1-a B C … … z is set to be a data risk assessment function.
The training process of the network security detector is as follows: firstly, establishing a training database according to the existing data, wherein the training database needs to contain risk data and safety data to facilitate the reading of a network safety detector, the training database also needs to contain a data attribute list which needs to record the safety of the risk data and the safety data in the training database, then the network safety detector is used for reading the risk data and the safety data in the training database one by one, each piece of risk data or safety data is read to generate an information vector, the information vector specifically records each piece of information contained in the read risk data or safety data, after the risk data and the safety data are read, the network safety detector is used for classifying all generated information vectors, at the moment, the attribute list is read from the training database, and the network safety detector classifies the information vectors according to the data attribute list, and finally generating a data risk evaluation function Dg =1-a b c … … z, wherein the network safety detector judges the risk of the network data according to the data risk evaluation function, and when Dg is greater than a preset value, the risk degree is high, otherwise, the danger degree is low.
Example three:
fig. 4 is a specific flowchart of a network space security situation real-time detection system according to an embodiment of the present invention.
S301, a data distribution end captures and copies real-time network data to obtain completely identical data streams to be detected and data streams to be released, and respectively transmits the data streams to be detected and the data streams to be released to a network security detector and a data memory;
in this step, the data offloading end is used for receiving network data, and has functions of copying data and sending data.
S302, a network security detector detects a data stream to be detected to generate a risk-free data stream release list and sends the risk-free data stream release list to a data storage;
in this step, the network security detector has a function of analyzing data, and can determine the security of the data by using a data risk evaluation function and generate a corresponding risk-free data stream release list.
S303, the data memory receives the risk-free data stream release list and selectively sends the data stream to be released to the host according to the risk-free data stream release list;
in this step, the data storage is essentially a storage, which has a function of receiving and sending data, and can selectively send the to-be-released data stream according to the risk-free data stream release list.
S304, the host receives the data stream to be detected and the risk-free data stream release list, and generates a real-time risk situation chart according to the risk-free data stream release list.
The whole work flow of the network space security situation real-time detection system is as follows: firstly, a data distribution end is utilized to capture real-time network data from a network, then one part of network data is independently copied, two parts of network data are respectively a data stream to be detected and a data stream to be released, the data distribution end sends the data stream to be detected to a network safety detector and then sends the data stream to be released to a data memory, the data memory temporarily stores the data stream to be released, the network safety detector analyzes the data stream to be detected after the data stream to be detected enters the network safety detector, then a data risk evaluation function is utilized to evaluate the data stream to obtain a risk-free data stream release list, the risk-free data stream release list records the total amount of data recorded in the data stream to be detected and information of safety data and risk data, the network safety detector sends the risk-free data stream release list to the data memory, and the data memory receives the risk-free data stream release list, and finally, generating a real-time risk situation chart by using the risk-free data flow release list so as to facilitate a manager to know the risk degree of the current network environment.
Example four:
fig. 5 is a specific flowchart of another network space security situation real-time detection system according to an embodiment of the present invention.
S401, a data distributing end captures and copies real-time network data to obtain completely same data streams to be detected and data streams to be released, and respectively transmits the data streams to be detected and the data streams to be released to a network security detector and a data memory;
s402, detecting the data stream to be detected by the network security detector to generate a risk-free data stream release list, and sending the risk-free data stream release list to the data memory;
s403, the data memory receives the risk-free data stream release list and selectively sends the data stream to be released to the host according to the risk-free data stream release list;
s404, the flow cleaning module performs flow cleaning on dangerous data flows in the data flows to be detected to obtain cleaned data flows;
s405, the host receives data;
s406, the information visualization module converts the risk-free data stream playlist into visualization information.
In the invention, real-time network data are captured from a network by using a data distribution end, then one network data is independently copied, two network data are respectively a data stream to be detected and a data stream to be released, the data distribution end sends the data stream to be detected to a network safety detector and then sends the data stream to be released to a data memory, the data memory temporarily stores the data stream to be released, the network safety detector analyzes the data stream to be detected after the data stream to be detected enters the network safety detector, then a data risk evaluation function is used for evaluating the data stream to obtain a risk-free data stream release list, meanwhile, the detected risk data are independently separated, and then the risk data are sent to a flow cleaning module, and the flow cleaning module performs flow cleaning on the risk data at the first time after receiving the risk data, after the risk data are transmitted to the flow cleaning module, normal data and malicious data are distinguished through a flow cleaning technology, and the normal data are directly transmitted to the data storage to ensure the normal operation of data transmission; in a typical DDoS attack response, risk data firstly enters a flow cleaning module, then the risk data is classified into basic framework attack data or application layer attack data, then further differentiation is carried out, the risk data is mainly determined through vectors and expected features, and the risk data is processed and realized through an exclusive technology of a DDoS center; the method comprises the steps that a risk-free data flow release list records the total amount of data recorded in a data flow to be detected and information of safety data and risk data, a network safety detector sends the risk-free data flow release list to a data storage, the data storage receives the risk-free data flow release list, then the data storage selectively sends the data flow to be released according to the content recorded in the risk-free data flow release list, the data with risks are deleted, a host receives the data flow to be detected and the risk-free data flow release list, and finally a real-time risk situation chart is generated by the risk-free data flow release list, so that a manager can conveniently know the risk degree of the current network environment.
Example five:
the process of detecting the data stream to be detected by using the trained network security detector to obtain the risk-free data stream release list further comprises analyzing the network data to generate a corresponding network data information vector, and correcting the network security detector according to the network data information vector.
In the present invention, the training database is established according to the existing data, so the number of the sample data contained therein is limited, in other words, the network threat that can be detected by the network security detector trained by the training database is limited, and therefore, the self authentication capability needs to be continuously improved in the detection process. Therefore, after the training of the network security detector is completed, the network security detector is put into practical use. The data stream to be detected enters a network safety detector, the network safety detector detects the data stream to be detected, at the same time, data with risks are separated, then the data with risks are analyzed, corresponding information vectors are generated, after a fixed interval time (the interval time can be one hour, one day or one week), correlation analysis is carried out on the information vectors, correlation between the vector elements and data safety is analyzed, vector elements (such as A1, B1, C1 … … and the like) relevant to data risks are obtained, new weights (such as a1, B1, C1 … …, z1 and the like) of the vector elements relevant to the data risks are obtained, and Dg =1-a 1B 1C 1 … … z1 is a new data risk assessment function.
It will be understood by those skilled in the art that all or part of the steps in the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, the program may be stored in a computer readable storage medium, and the computer readable storage medium may include a computer storage medium and a communication medium without loss of generality. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM, EEPROM, flash memory or other solid state storage media, CD-ROM, DVD, or other optical storage media, magnetic cassettes, magnetic tape, magnetic disk, or other magnetic storage devices. Of course, those skilled in the art will appreciate that computer storage media is not limited to the foregoing.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A real-time detection method for network space security situation is characterized by comprising the following steps:
capturing and copying real-time network data to obtain completely identical data streams to be detected and data streams to be released;
detecting the data stream to be detected by using a trained network security detector to obtain a risk-free data stream release list;
and selectively receiving the data stream to be released according to the risk-free data stream release list, and generating a real-time risk situation chart according to the risk-free data stream release list.
2. The method according to claim 1, wherein the network space security posture real-time detection method is characterized in that the training process of the network security detector is as follows:
establishing a training database, wherein the training database comprises safety data, risk data and a data attribute list;
randomly reading all the safety data and the risk data, analyzing information contained in the safety data and the risk data, and generating corresponding information vectors;
reading a data attribute list, and dividing information vectors into a safety data information vector and a dangerous data information vector;
and calculating to obtain a data risk evaluation function according to all the safety data information vectors and the dangerous data information vectors.
3. The method according to claim 1, wherein the step of detecting the data stream to be detected by using the trained cyber-security detector to obtain the risk-free data stream release list further comprises analyzing the cyber data to generate a corresponding cyber-data information vector, and correcting the cyber-security detector according to the cyber-data information vector.
4. The method according to claim 1, wherein the step of detecting the data stream to be detected by using the trained cybersecurity detector to obtain the risk-free data stream release list further comprises:
deriving a risk data stream, and carrying out flow cleaning on the risk data stream to obtain a reduction data stream;
a restore data stream is received.
5. A cyberspace security posture real-time detecting system, comprising:
the data distribution end is used for capturing and copying real-time network data to obtain completely identical data streams to be detected and data streams to be released, and respectively transmitting the data streams to be detected and the data streams to be released to the network security detector and the data memory;
the network security detector is used for detecting the data stream to be detected, generating a risk-free data stream release list and sending the risk-free data stream release list to the data storage;
the data memory is used for storing the data stream to be released, receiving the risk-free data stream release list and selectively sending the data stream to be released to the host according to the risk-free data stream release list;
and the host is used for receiving the data stream to be detected and the risk-free data stream release list and generating a real-time risk situation chart according to the risk-free data stream release list.
6. The method according to claim 5, wherein the real-time network space security situation detection system further comprises a traffic cleaning module, and the traffic cleaning module is configured to perform traffic cleaning on the dangerous data stream in the data stream to be detected to obtain a cleaned data stream, and transmit the cleaned data stream to the data storage.
7. The method according to claim 5, wherein the cyber-space security posture real-time detection method comprises a modification module, the modification module is used for the cyber-data to generate a corresponding cyber-data information vector, and the detection strategy of the cyber-space security detector is modified according to the cyber-data information vector.
8. The method according to claim 5, wherein the host is provided with an information visualization module, and the information visualization module is used for converting the risk-free data stream release list into visual information.
9. A computer device comprising a display screen, a memory, a processor, and a computer program, wherein the memory has stored therein the computer program, which when executed by the processor, causes the processor to perform the steps of the cyberspace security posture real-time detection method of any one of claims 1-4.
10. A readable storage medium, having stored thereon a computer program which, when executed by a processor, causes the processor to perform the steps of the cyberspace security posture real-time detection method according to any one of claims 1 to 4.
CN202011133686.3A 2020-10-21 2020-10-21 Network space security situation real-time detection method and system Withdrawn CN112367190A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011133686.3A CN112367190A (en) 2020-10-21 2020-10-21 Network space security situation real-time detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011133686.3A CN112367190A (en) 2020-10-21 2020-10-21 Network space security situation real-time detection method and system

Publications (1)

Publication Number Publication Date
CN112367190A true CN112367190A (en) 2021-02-12

Family

ID=74511454

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011133686.3A Withdrawn CN112367190A (en) 2020-10-21 2020-10-21 Network space security situation real-time detection method and system

Country Status (1)

Country Link
CN (1) CN112367190A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113452684A (en) * 2021-06-17 2021-09-28 湖南工程学院 Network security detection gateway and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113452684A (en) * 2021-06-17 2021-09-28 湖南工程学院 Network security detection gateway and system

Similar Documents

Publication Publication Date Title
Viegas et al. BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks
US8800034B2 (en) Insider threat correlation tool
US20150222654A1 (en) Method and system of assessing and managing risk associated with compromised network assets
US8099782B1 (en) Event aggregation in a network
US9038187B2 (en) Insider threat correlation tool
US8799462B2 (en) Insider threat correlation tool
US20120124666A1 (en) Method for detecting and preventing a ddos attack using cloud computing, and server
CN106790023A (en) Network security Alliance Defense method and apparatus
US20090106843A1 (en) Security risk evaluation method for effective threat management
EP2863611A1 (en) Device for detecting cyber attack based on event analysis and method thereof
CN113206859A (en) Detection method and system for low-rate DDoS attack
CN104115463A (en) A streaming method and system for processing network metadata
CA2543291A1 (en) Method and system for addressing intrusion attacks on a computer system
CN112385196B (en) System and method for reporting computer security incidents
CN111586046A (en) Network traffic analysis method and system combining threat intelligence and machine learning
US9680857B1 (en) Cyber intelligence clearinghouse
CN114189361B (en) Situation awareness method, device and system for defending threat
CN113411295A (en) Role-based access control situation awareness defense method and system
CN110365673B (en) Method, server and system for isolating network attack plane
Khan et al. Towards augmented proactive cyberthreat intelligence
CN112367190A (en) Network space security situation real-time detection method and system
US20070118906A1 (en) System and method for deprioritizing and presenting data
Gyanchandani et al. Intrusion detection using C4. 5: performance enhancement by classifier combination
CN116633685A (en) Analysis method based on IPv6 development situation monitoring
CN114338214B (en) Risk control method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210212

WW01 Invention patent application withdrawn after publication