CN112733893A - Communication network security situation perception protection disposal technology and method - Google Patents

Communication network security situation perception protection disposal technology and method Download PDF

Info

Publication number
CN112733893A
CN112733893A CN202011600166.9A CN202011600166A CN112733893A CN 112733893 A CN112733893 A CN 112733893A CN 202011600166 A CN202011600166 A CN 202011600166A CN 112733893 A CN112733893 A CN 112733893A
Authority
CN
China
Prior art keywords
data
network security
clustering
security situation
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011600166.9A
Other languages
Chinese (zh)
Inventor
赵仕嘉
蓝俊锋
陶志强
王翰文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Planning and Designing Institute of Telecommunications Co Ltd
Original Assignee
Guangdong Planning and Designing Institute of Telecommunications Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Planning and Designing Institute of Telecommunications Co Ltd filed Critical Guangdong Planning and Designing Institute of Telecommunications Co Ltd
Priority to CN202011600166.9A priority Critical patent/CN112733893A/en
Publication of CN112733893A publication Critical patent/CN112733893A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/25Fusion techniques
    • G06F18/254Fusion techniques of classification results, e.g. of results related to same input data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of network security, in particular to a communication network security situation perception protection disposal technology and a method, which comprises data acquisition equipment and comprises the following steps: establishing a database, collecting network security monitoring data in a server network by using data collection equipment, classifying the data according to time and storing the data in the database; establishing a network security situation awareness prediction model in a database, inputting network monitoring security data stored in the database into the network security situation awareness prediction model, and analyzing and processing the data by the network security situation awareness prediction model so as to predict the network security situation of the server within a set time length in the future; the invention can effectively solve the problem that the network security of the current server can only passively resist the invasion of viruses and hackers by protection software, can not predict the network security situation in the next period of time, and has lower intelligent degree.

Description

Communication network security situation perception protection disposal technology and method
Technical Field
The invention relates to the technical field of network security, in particular to a communication network security situation perception protection disposal technology and a communication network security situation perception protection disposal method.
Background
Without network security, there is no national security, and without informatization, there is no modernization. The construction of a strong network makes progress towards the goals of basic popularization of network infrastructure, remarkable enhancement of independent innovation capability, comprehensive development of information economy and strong network security guarantee, and the internet security protection technical measure regulation also clearly indicates that: "guarantee internet network security and information security", the national ministry of population, industry and informatization have also made relevant regulation and regulation regulations successively, require to do and prevent falsifying, defending attack work, the network security means that hardware, software and its data in the system of the network system are protected, will not suffer from destruction, alteration, reveal because of accidental or malicious reason, the system is operated reliably and normally continuously, the network service is not interrupted, the hacker attacks, obtains, destroys, falsify various important information through various means, cause the important economic loss and bad social influence to every organization, unit, even threaten the security of the national economy, the situation perception is a capability based on environment, trends, the whole is known about the security risk, it is on the basis of the security big data, promote the discovery recognition, understanding, analyzing and analyzing of the security threat from the global perspective, One way to respond to handling capabilities, ultimately for decision making and actions, is the fall-to of security capabilities, and the concept of situational awareness was first proposed in the military field, covering three levels of awareness, understanding and prediction, beginning to show up in the network security field with the prominence of network security importance.
At present, the network security of the server can only passively resist the invasion of viruses and hackers by protection software, the network security situation in the next period of time cannot be predicted, and the intelligent degree is low.
In summary, the present invention provides a communication network security situation awareness protection handling technique and method to solve the existing problems.
Disclosure of Invention
The invention aims to provide a communication network security situation perception protection disposal technology and a method thereof, which aim to solve the problems that the network security of the current server can only passively resist the invasion of viruses and hackers by protection software, the network security situation of the next period of time cannot be predicted, and the intelligent degree is low.
In order to achieve the purpose, the invention provides the following technical scheme:
a communication network security situation perception protection disposal technology and method comprises data acquisition equipment and comprises the following steps:
s1, establishing a database, collecting network security monitoring data in a server network by using data collection equipment, classifying the data according to time and storing the data in the database;
s2, constructing a network security situation perception prediction model in a database, inputting network monitoring security data stored in the database into the network security situation perception prediction model, and analyzing and processing the data by the network security situation perception prediction model so as to predict the network security situation of the server within a set time length in the future;
and S3, according to the obtained server network security situation result, when the server network security situation in the set time length in the future is dangerous, the server network is repaired in a targeted manner.
Preferably, the network monitoring security data collected by the data collection device includes network security data such as security logs, system logs, vulnerability data, and flow data in the server network, and current historical data such as network security state and historical information.
Preferably, the specific steps of analyzing and processing the data by the network security situation awareness prediction model in S2 are as follows:
s11, setting the value k and using the formula
Figure BDA0002868619470000021
K adjacent points of each group of data are calculated, wherein M (i), M (j) respectively represent data samples yi,yjAnd other data samples, i 1,2,.. and n, j 1, 2.. and n;
s12, using the formula
Figure BDA0002868619470000031
Calculating a local reconstruction weight matrix of each data sample according to the neighboring points of the data, wherein,
Figure BDA0002868619470000032
is XiAnd XijA weight value of (1) and a condition to be satisfied
Figure BDA0002868619470000033
QiIs a local covariance matrix, and
Figure BDA0002868619470000034
Xij(j ═ 1, 2.. k.) is XiK neighbors of (a);
s13, calculating the output value of the data sample according to the local reconstruction weight matrix of the data sample and the neighboring point thereof, wherein the calculation formula is as follows:
Figure BDA0002868619470000035
defining an error function as
Figure BDA0002868619470000036
ε (Y) is the value of the loss function, YiIs XiOutput vector y ofij(j ═ 1, 2.. k) is yiK neighbor points of (1), and are satisfied
Figure BDA0002868619470000037
And
Figure BDA0002868619470000038
i is a k multiplied by k order identity matrix;
and S14, clustering the output values of the data samples by using a kernel matching integrated clustering algorithm, fusing the clustered results, and predicting the network security situation within the set time length in the future by using the historical data and the current network security situation.
Preferably, the step of clustering the output values of the data samples by using the kernel matching integrated clustering algorithm in S14 is:
s21, sampling the output value of the data sample by resampling technique to obtain K different sample sequences Xi={a1,a2,...,anK, and repeating K times with each repetitionTraining 1 kernel matching clustering device by the obtained K sample sequences, finally obtaining K kernel matching clustering devices with different clustering results, and endowing the obtained K clustering devices with the same weight, wherein the weight is as follows:
Figure BDA0002868619470000039
s22, utilizing the error function of the clustering algorithm
Figure BDA00028686194700000310
Judging the clustering effect, and then optimizing the weights of K clustering devices according to the clustering effect, wherein DjRepresenting the expected output of the jth data sample, FijRepresenting the actual output of the ith classifier on the jth data sample;
s23, normalizing the optimized weight to make the weight fall to [0, 1]The normalized weight is:
Figure BDA0002868619470000041
wherein mi is the weight of the optimized ith clustering device, i is 1, 2.
Figure BDA0002868619470000045
Representing the weight of the ith clustering device after normalization;
s24, respectively acting the output values of the data samples in S22 on each clustering device to cluster the data samples, wherein the clustering function is Fi(X),
Figure BDA0002868619470000042
Where sgn is an indicator function, aiIs the coefficient, K (X, X)K) Is a kernel function;
s25, using the formula
Figure BDA0002868619470000043
Fusing the clustering results of the K clustering devices according to the weight; wherein, { xk|k=1,...,n}∈{x1,...,xnAs the support point, K (X, X)K) Is a kernel function, ak=<Rk,gmi>。
Preferably, F in S22rrThe calculation formula of (X) is:
Figure BDA0002868619470000044
preferably, the specific step of repairing the server network in S3 is:
s31, according to the evaluation result of the network security state, the server network is comprehensively checked to obtain the security data of the server network;
s32, according to the obtained network server safety data, the discovered loophole data is repaired, the source of the attack data is searched, the attack source is positioned, the attack path is discovered, the evidence information of the attack behavior is stored, meanwhile, according to the positioning information of the attack source, the IP address of the attack source is locked, and the server network does not accept any data transmitted by the IP address any more.
Preferably, the security data in S31 is divided into attack data and vulnerability data, and the attack data includes the location of the attack source and the attack path.
Compared with the prior art, the invention has the beneficial effects that:
1. in the invention, by designing the network security situation awareness prediction model, the network security situation awareness prediction model processes and calculates the network security situation of the server network in a future period of time through the collected past server network security data, so that the server can reasonably repair and protect the server network according to the calculated future network security situation, and the intelligent degree is higher.
2. In the invention, when the network security situation in the server network in a future period is dangerous, the network server is checked and repaired in advance, so that the protection performance of the network server can be improved, and meanwhile, the IP address of an attack source is blocked, so that the same IP source is prevented from attacking for multiple times, and the security of the server network is improved.
3. In the invention, the database taking time as a classification basis is designed and established, so that a user can conveniently search and call the previous network data of the server, and important data support is provided for the user to analyze the safety performance of the server network.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts based on the embodiments of the present invention belong to the protection scope of the present invention.
The invention provides a technical scheme that:
a communication network security situation perception protection disposal technology and method comprises data acquisition equipment, and is characterized by comprising the following steps:
s1, establishing a database, collecting network security monitoring data in a server network by using data collection equipment, classifying the data according to time and storing the data in the database;
s2, constructing a network security situation perception prediction model in a database, inputting network monitoring security data stored in the database into the network security situation perception prediction model, and analyzing and processing the data by the network security situation perception prediction model so as to predict the network security situation of the server within a set time length in the future;
and S3, according to the obtained server network security situation result, when the server network security situation in the set time length in the future is dangerous, the server network is repaired in a targeted manner.
Further, the network monitoring security data collected by the data collection device includes network security data such as security logs, system logs, vulnerability data, flow data and the like in the server network, and current historical data such as network security state, historical information and the like.
Further, the specific steps of analyzing and processing the data by the network security situation awareness prediction model in S2 are as follows:
s11, setting the value k and using the formula
Figure BDA0002868619470000061
K adjacent points of each group of data are calculated, wherein M (i), M (j) respectively represent data samples yi,yjAnd other data samples, i 1,2,.. and n, j 1, 2.. and n;
s12, using the formula
Figure BDA0002868619470000062
Calculating a local reconstruction weight matrix of each data sample according to the neighboring points of the data, wherein,
Figure BDA0002868619470000063
is XiAnd XijA weight value of (1) and a condition to be satisfied
Figure BDA0002868619470000064
QiIs a local covariance matrix, and
Figure BDA0002868619470000065
Xij(j ═ 1, 2.. k.) is XiK neighbors of (a);
s13, calculating the output value of the data sample according to the local reconstruction weight matrix of the data sample and the neighboring point thereof, wherein the calculation formula is as follows:
Figure BDA0002868619470000066
defining an error function as
Figure BDA0002868619470000071
ε (Y) is the value of the loss function, YiIs XiOutput vector y ofij(j ═ 1, 2.. k) is yiK neighbor points of (1), and are satisfied
Figure BDA0002868619470000072
And
Figure BDA0002868619470000073
i is a k multiplied by k order identity matrix;
and S14, clustering the output values of the data samples by using a kernel matching integrated clustering algorithm, fusing the clustered results, and predicting the network security situation within the set time length in the future by using the historical data and the current network security situation.
Further, the step of clustering the output values of the data samples by using the kernel matching integrated clustering algorithm in S14 is as follows:
s21, sampling the output value of the data sample by resampling technique to obtain K different sample sequences Xi={a1,a2,...,anRepeating the K times, training 1 kernel matching clustering device by using K sample sequences obtained each time, finally obtaining K kernel matching clustering devices with different clustering results, and giving the same weight to the obtained K clustering devices, wherein the weight is as follows:
Figure BDA0002868619470000074
s22, utilizing the error function of the clustering algorithm
Figure BDA0002868619470000075
Judging the clustering effect, and then optimizing the weights of K clustering devices according to the clustering effect, wherein DjRepresenting the expected output of the jth data sample, FijRepresenting the actual output of the ith classifier on the jth data sample;
s23, normalizing the optimized weight to make the weight fall to [0, 1]The normalized weight is:
Figure BDA0002868619470000076
wherein mi is the weight of the optimized ith clustering device, i is 1, 2.
Figure BDA0002868619470000078
Representing the weight of the ith clustering device after normalization;
s24, respectively acting the output values of the data samples in S22 on each clustering device to cluster the data samples, wherein the clustering function is Fi(X),
Figure BDA0002868619470000077
Where sgn is an indicator function, aiIs the coefficient, K (X, X)K) Is a kernel function;
s25, using the formula
Figure BDA0002868619470000081
Fusing the clustering results of the K clustering devices according to the weight; wherein, { xk|k=1,...,n}∈{x1,...,xnAs the support point, K (X, X)K) Is a kernel function, ak=<Rk,gmi>。
Further, F in S22rrThe calculation formula of (X) is:
Figure BDA0002868619470000082
further, the concrete step of repairing the server network in S3 is:
s31, according to the evaluation result of the network security state, the server network is comprehensively checked to obtain the security data of the server network;
s32, according to the obtained network server safety data, the discovered loophole data is repaired, the source of the attack data is searched, the attack source is positioned, the attack path is discovered, the evidence information of the attack behavior is stored, meanwhile, according to the positioning information of the attack source, the IP address of the attack source is locked, and the server network does not accept any data transmitted by the IP address any more.
Further, the security data in S31 is divided into attack data and vulnerability data, and the attack data includes the location of the attack source and the attack path.
The specific implementation case is as follows:
establishing a database, acquiring network security monitoring data in a server network by using data acquisition equipment, wherein the network monitoring security data acquired by the data acquisition equipment comprises network security data such as security logs, system logs, vulnerability data and flow data in the server network and historical data such as current network security state and historical information, and classifying the data according to time and storing the data in the database;
establishing a network security situation perception prediction model in a database, inputting network monitoring security data stored in the database into the network security situation perception prediction model, analyzing and processing the data by the network security situation perception prediction model, setting a value k, and utilizing a formula
Figure BDA0002868619470000091
K adjacent points of each group of data are calculated, wherein M (i), M (j) respectively represent data samples yi,yjAnd the average value between other data samples, i 1,2, and n, j 1,2
Figure BDA0002868619470000092
Calculating a local reconstruction weight matrix of each data sample according to the neighboring points of the data, wherein,
Figure BDA0002868619470000093
is XiAnd XijA weight value of (1) and a condition to be satisfied
Figure BDA0002868619470000094
QiIs a local covariance matrix, and
Figure BDA0002868619470000095
Xij(j ═ 1, 2.. k.) is XiThe output value of the data sample is calculated by the local reconstruction weight matrix of the data sample and the neighboring points thereof, and the calculation formula is as follows:
Figure BDA0002868619470000096
defining an error function as
Figure BDA0002868619470000097
ε (Y) is the value of the loss function, YiIs XiOutput vector y ofij(j ═ 1, 2.. k) is yiK neighbor points of (1), and are satisfied
Figure BDA0002868619470000098
And
Figure BDA0002868619470000099
i is a K multiplied by K order unit matrix, the output values of the data samples are clustered by utilizing a kernel matching integrated clustering algorithm, and the output values of the data samples are sampled by adopting a resampling technology to obtain K different sample sequences Xi={a1,a2,...,anRepeating the K times, training 1 kernel matching clustering device by using K sample sequences obtained each time, finally obtaining K kernel matching clustering devices with different clustering results, and giving the same weight to the obtained K clustering devices, wherein the weight is as follows:
Figure BDA00028686194700000910
error function using clustering algorithm
Figure BDA00028686194700000911
Judging the clustering effect, and then optimizing the weights of K clustering devices according to the clustering effect, wherein DjRepresenting the expected output of the jth data sample, FijRepresenting the actual output of the ith classifier on the jth data sample,
Figure BDA00028686194700000912
normalizing the optimized weight to make the weight fall in [0, 1]The normalized weight is:
Figure BDA0002868619470000101
wherein mi is the weight of the optimized ith clustering device, i is 1, 2.
Figure BDA0002868619470000104
Expressing the weight of the ith normalized clustering device, respectively acting the output values of the data samples in s22 on each clustering device to cluster the data samples, wherein the clustering function is Fi(X),
Figure BDA0002868619470000102
Where sgn is an indicator function, aiIs the coefficient, K (X, X)K) Is a kernel function, using a formula
Figure BDA0002868619470000103
Fusing the clustering results of the K clustering devices according to the weight, wherein xk|k=1,...,n}∈{x1,...,xnAs the support point, K (X, X)K) Is a kernel function, ak=<Rk,gmi>After the clustered results are fused, predicting the network security situation within the set time length in the future by using historical data and the current network security situation;
according to the obtained server network security situation result, when the server network security situation within the set time length in the future is dangerous, according to the network security state evaluation result, the server network is comprehensively checked to obtain the security data of the server network, the security data is divided into attack data and vulnerability data, the attack data comprises the position of an attack source and an attack path, according to the obtained network server security data, the discovered vulnerability data is repaired, the source of the attack data is searched, the attack source and the attack path are located, evidence information of attack behaviors is stored, meanwhile, according to the location information of the attack source, the IP address of the attack source is locked, and the server network does not receive any data transmitted by the IP address any more.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (7)

1. A communication network security situation perception protection disposal technology and method comprises data acquisition equipment, and is characterized by comprising the following steps:
s1, establishing a database, collecting network security monitoring data in a server network by using data collection equipment, classifying the data according to time and storing the data in the database;
s2, constructing a network security situation perception prediction model in a database, inputting network monitoring security data stored in the database into the network security situation perception prediction model, and analyzing and processing the data by the network security situation perception prediction model so as to predict the network security situation of the server within a set time length in the future;
and S3, according to the obtained server network security situation result, when the server network security situation in the set time length in the future is dangerous, the server network is repaired in a targeted manner.
2. The technology and method for handling communication network security situation awareness protection according to claim 1, wherein the network monitoring security data collected by the data collection device includes network security data such as security logs, system logs, vulnerability data, traffic data, and the like in a server network, and historical data such as current network security status, historical information, and the like.
3. The communication network security situation awareness protection handling technology and method according to claim 1, wherein the specific steps of the network security situation awareness prediction model performing analysis processing on the data in S2 are as follows:
s11, setting the value k and using the formula
Figure FDA0002868619460000011
K adjacent points of each group of data are calculated, wherein M (i), M (j) respectively represent data samples yi,yjAnd other data samples, i 1,2,.. and n, j 1, 2.. and n;
s12, using the formula
Figure FDA0002868619460000012
Calculating a local reconstruction weight matrix of each data sample according to the neighboring points of the data, wherein Wj iIs XiAnd XijA weight value of (1) and a condition to be satisfied
Figure FDA0002868619460000021
QiIs a local covariance matrix, and
Figure FDA0002868619460000022
Xij(j ═ 1, 2.. k.) is XiK neighbors of (a);
s13, calculating the output value of the data sample according to the local reconstruction weight matrix of the data sample and the neighboring point thereof, wherein the calculation formula is as follows:
Figure FDA0002868619460000023
defining an error function as
Figure FDA0002868619460000024
ε (Y) is the value of the loss function, YiIs XiOutput vector y ofij(j ═ 1, 2.. k) is yiK neighbor points of (1), and are satisfied
Figure FDA0002868619460000025
And
Figure FDA0002868619460000026
i is a k multiplied by k order identity matrix;
and S14, clustering the output values of the data samples by using a kernel matching integrated clustering algorithm, fusing the clustered results, and predicting the network security situation within the set time length in the future by using the historical data and the current network security situation.
4. The communication network security situation awareness protection handling technology and method according to claim 3, wherein the step of clustering the output values of the data samples in the S14 by using the kernel matching integrated clustering algorithm is:
s21, sampling the output value of the data sample by resampling technique to obtain K different sample sequences Xi={a1,a2,...,anRepeating the K times, training 1 kernel matching clustering device by using K sample sequences obtained each time, finally obtaining K kernel matching clustering devices with different clustering results, and giving the same weight to the obtained K clustering devices, wherein the weight is as follows:
Figure FDA0002868619460000027
s22, utilizing the error function of the clustering algorithm
Figure FDA0002868619460000028
Judging the clustering effect, and then optimizing the weights of K clustering devices according to the clustering effect, wherein DjRepresenting the expected output of the jth data sample, FijRepresenting the actual output of the ith classifier on the jth data sample;
s23, normalizing the optimized weight to make the weight fall to [0, 1]The normalized weight is:
Figure FDA0002868619460000031
wherein mi is the weight of the optimized ith clustering device, i is 1, 2.
Figure FDA0002868619460000035
Representing the weight of the ith clustering device after normalization;
s24, respectively acting the output values of the data samples in S22 on each clustering device to cluster the data samples, wherein the clustering function is Fi(X),
Figure FDA0002868619460000032
Where sgn is an indicator function, aiIs the coefficient, K (X, X)K) Is a kernel function;
s25, using the formula
Figure FDA0002868619460000033
Fusing the clustering results of the K clustering devices according to the weight; wherein, { xk|k=1,...,n}∈{x1,...,xnAs the support point, K (X, X)K) Is a kernel function, ak=<Rk,gmi>。
5. The communication network security situation awareness protection handling technology and method according to claim 4, wherein F in S22rrThe calculation formula of (X) is:
Figure FDA0002868619460000034
6. the technology and method for handling communication network security situation awareness protection according to claim 1, wherein the step of repairing the server network in S3 includes:
s31, according to the evaluation result of the network security state, the server network is comprehensively checked to obtain the security data of the server network;
s32, according to the obtained network server safety data, the discovered loophole data is repaired, the source of the attack data is searched, the attack source is positioned, the attack path is discovered, the evidence information of the attack behavior is stored, meanwhile, according to the positioning information of the attack source, the IP address of the attack source is locked, and the server network does not accept any data transmitted by the IP address any more.
7. The technology and method for handling communication network security situation awareness protection according to claim 6, wherein the security data in S31 is divided into attack data and vulnerability data, and the attack data includes a location of an attack source and an attack path.
CN202011600166.9A 2020-12-29 2020-12-29 Communication network security situation perception protection disposal technology and method Pending CN112733893A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011600166.9A CN112733893A (en) 2020-12-29 2020-12-29 Communication network security situation perception protection disposal technology and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011600166.9A CN112733893A (en) 2020-12-29 2020-12-29 Communication network security situation perception protection disposal technology and method

Publications (1)

Publication Number Publication Date
CN112733893A true CN112733893A (en) 2021-04-30

Family

ID=75611560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011600166.9A Pending CN112733893A (en) 2020-12-29 2020-12-29 Communication network security situation perception protection disposal technology and method

Country Status (1)

Country Link
CN (1) CN112733893A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114205212A (en) * 2021-12-08 2022-03-18 国网冀北电力有限公司计量中心 Network security early warning method, device, equipment and readable storage medium
CN116192520A (en) * 2023-03-02 2023-05-30 湖北盈隆腾辉科技有限公司 Secure communication management method and system based on big data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114205212A (en) * 2021-12-08 2022-03-18 国网冀北电力有限公司计量中心 Network security early warning method, device, equipment and readable storage medium
CN116192520A (en) * 2023-03-02 2023-05-30 湖北盈隆腾辉科技有限公司 Secure communication management method and system based on big data

Similar Documents

Publication Publication Date Title
CN110620759B (en) Multi-dimensional association-based network security event hazard index evaluation method and system
CN113965404B (en) Network security situation self-adaptive active defense system and method
US9386036B2 (en) Method for detecting and preventing a DDoS attack using cloud computing, and server
CN102098180B (en) Network security situational awareness method
CN114584405B (en) Electric power terminal safety protection method and system
CN110855497B (en) Alarm sequencing method and device based on big data environment
CN105009132A (en) Event correlation based on confidence factor
CN112165470B (en) Intelligent terminal access safety early warning system based on log big data analysis
CN112733893A (en) Communication network security situation perception protection disposal technology and method
CN115987615A (en) Network behavior safety early warning method and system
KR101692982B1 (en) Automatic access control system of detecting threat using log analysis and automatic feature learning
CN112039862A (en) Multi-dimensional stereo network-oriented security event early warning method
Grechishnikov et al. Algorithmic model of functioning of the system to detect and counter cyber attacks on virtual private network
CN115225384B (en) Network threat degree evaluation method and device, electronic equipment and storage medium
CN115795330A (en) Medical information anomaly detection method and system based on AI algorithm
KR20080079767A (en) A standardization system and method of event types in real time cyber threat with large networks
CN117478433B (en) Network and information security dynamic early warning system
CN113098827B (en) Network security early warning method and device based on situation awareness
CN115987687B (en) Network attack evidence obtaining method, device, equipment and storage medium
CN112287345A (en) Credible edge computing system based on intelligent risk detection
CN115001940A (en) Association security situation analysis method based on artificial intelligence
CN114285639A (en) Website security protection method and device
Dayanandam et al. Regression algorithms for efficient detection and prediction of DDoS attacks
CN110995692A (en) Network security intrusion detection method based on factor analysis and subspace collaborative representation
CN117544420B (en) Fusion system safety management method and system based on data analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination