CN112839042B - Situation awareness system based on information system network security - Google Patents
Situation awareness system based on information system network security Download PDFInfo
- Publication number
- CN112839042B CN112839042B CN202110022975.4A CN202110022975A CN112839042B CN 112839042 B CN112839042 B CN 112839042B CN 202110022975 A CN202110022975 A CN 202110022975A CN 112839042 B CN112839042 B CN 112839042B
- Authority
- CN
- China
- Prior art keywords
- data
- unit
- security
- network
- processing unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention is suitable for the technical field of network security, and provides a situation awareness system based on information system network security; the method comprises the following steps: the system comprises a data acquisition unit, a data judgment and storage unit, a data processing unit, a situation prediction unit, a decision processing unit and a feedback unit; the data acquisition unit is used for acquiring the safety historical data of the network system; the data judgment and storage unit is in communication connection with the data acquisition unit and the data processing unit; the decision processing unit is used for comparing the safety historical data with the existing network state data set, judging whether the safety historical data are the same or not, if so, directly sending the same result to the decision processing unit, and directly carrying out safety processing by the decision processing unit; if the data do not have the same data, sending the processing instruction to the data processing unit, and executing the next operation by the data processing unit; and the situation prediction unit is in communication connection with the data processing unit and predicts the development trend of the network security state according to the security state and the historical information of the current network.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a situation awareness system based on information system network security.
Background
Situation awareness is an ability of dynamically and integrally knowing security risks based on environment, is a mode of improving discovery, identification, understanding, analysis and response handling ability of security threats from a global perspective on the basis of security big data, and is finally a way of falling on the ground of security ability for decision and action.
The prior network security situation awareness system needs to analyze all data during each processing in the processing process, and unnecessary time is spent for repeated processing for many times due to the existence of repeated parts processed before and during the data processing process.
Disclosure of Invention
The invention aims to provide a situation awareness system based on information system network security, so as to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme:
a situation awareness system based on information system network security, comprising: the system comprises a data acquisition unit, a data judgment and storage unit, a data processing unit, a situation prediction unit, a decision processing unit and a feedback unit;
the data acquisition unit is used for acquiring the safety historical data of the network system;
the data judgment and storage unit is in communication connection with the data acquisition unit and the data processing unit; the decision processing unit is used for comparing the safety historical data with the existing network state data set, judging whether the safety historical data are the same or not, if so, directly sending the same result to the decision processing unit, and directly carrying out safety processing by the decision processing unit; if the data do not have the same data, sending the processing instruction to the data processing unit, and executing the next operation by the data processing unit;
the data processing unit is used for receiving the processing instruction of the data judging and storing unit, processing and fusing the collected network security data and the current network security data by means of classification, merging, association analysis and the like, and comprehensively analyzing fused information;
the situation prediction unit is in communication connection with the data processing unit and predicts the development trend of the network security state according to the security state and the historical information of the current network; a security state for assessing network development trends;
the decision processing unit is in communication connection with the data judgment storage unit and the situation prediction unit and carries out safety processing according to the safety state of the evaluated network development trend;
and the feedback unit is in communication connection with the situation prediction unit and the decision processing unit and feeds the safety processing result back to the situation prediction unit, so that the situation prediction unit can evaluate and feed back the safety processing result conveniently.
As a further scheme of the invention: the data judging and storing unit comprises a storage module and a comparison module; the storage module is in communication connection with the comparison module;
the storage module is used for storing the network state data set and storing processing strategies related to the network state data set;
the comparison module is used for comparing the acquired security history data with the network state data set, and if the comparison has the same data, the result is sent to the decision processing unit; and if the data do not have the same data, sending the processing instruction to the data processing unit, and executing the next operation by the data processing unit.
As a still further scheme of the invention: and the situation prediction unit is used for learning and adjusting the analysis and prediction result according to the safety processing result acquired from the feedback unit.
As a still further scheme of the invention: and the situation prediction unit is used for sending the adjusted processing strategy with the identification information to the data judgment storage unit and covering the original processing strategy with the same identification information in the data judgment storage unit.
As a still further scheme of the invention: the security history data includes various system logs, security logs, vulnerability scanning results, audit data, traffic data, host status and host configuration.
As a still further scheme of the invention: the data judgment and storage unit further comprises a cleaning module used for cleaning the network state data set stored in the comparison module at regular time.
As a still further scheme of the invention: and the comparison module is used for preferably acquiring the network state data which is counted more when the comparison operation is carried out.
As a still further scheme of the invention: the processing method of the system comprises the following steps:
acquiring security history data of a network system;
the system comprises a decision processing unit, a data processing unit and a data processing unit, wherein the decision processing unit is used for comparing safety historical data with the existing network state data set, judging whether the safety historical data are the same or not, directly sending the same result to the decision processing unit if the safety historical data are the same, directly carrying out safety processing by the decision processing unit, sending a processing instruction to the data processing unit if the safety historical data are not the same, and executing the next operation by the data processing unit;
the method comprises the steps of processing and fusing the security data in the acquired network and the current network security data by means of classification, merging, association analysis and the like, and comprehensively analyzing fused information;
predicting the development trend of the network security state according to the security state and the historical information of the current network; a security state for assessing network development trends;
performing security processing according to the security state of the evaluated network development trend;
and the safety processing result is fed back to the situation prediction unit, so that the situation prediction unit can evaluate and feed back the safety processing result conveniently.
Compared with the prior art, the invention has the beneficial effects that: by arranging the data judging and storing unit, the same safety problem can be found quickly, further, the data can be processed quickly in a mature mode, the data processing unit and the situation prediction unit are prevented from carrying out secondary processing, and compared with the analysis processing of the data processing unit and the situation prediction unit, the comparison operation of the data judging and storing unit is simpler and quicker; through the upper feedback unit, the processing result can be fed back to the situation prediction unit, so that the situation prediction unit can adjust the analysis prediction result, and further the next processing can be more accurate.
Drawings
Fig. 1 is a schematic structural diagram of a situation awareness system based on information system network security.
Fig. 2 is a schematic structural diagram of a data determination storage unit in a situation awareness system based on information system network security.
FIG. 3 is a process flow diagram of a situation awareness system based on information system network security.
In the figure: the system comprises a data acquisition unit-1, a data judgment storage unit-2, a data processing unit-3, a situation prediction unit-4, a decision processing unit-5, a feedback unit-6, a storage module-21, a comparison module-22, a cleaning module-23 and a counting module-24.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, etc. may be used to describe various information in embodiments of the present invention, the information should not be limited by these terms. These terms are only used to distinguish one type of information from another.
Example 1
Referring to fig. 1 to 3, in embodiment 1 of the present invention, a structure diagram of a situation awareness system based on information system network security provided by the embodiment of the present invention includes: the system comprises a data acquisition unit 1, a data judgment and storage unit 2, a data processing unit 3, a situation prediction unit 4, a decision processing unit 5 and a feedback unit 6;
the data acquisition unit 1 is used for acquiring security history data of a network system;
the data judgment and storage unit 2 is in communication connection with the data acquisition unit 1 and the data processing unit 3; the system comprises a decision processing unit 5, a safety history data collection and a decision processing unit 5, wherein the decision processing unit 5 is used for comparing the safety history data with the existing network state data collection, judging whether the safety history data are the same or not, and directly sending the same result to the decision processing unit 5 if the safety history data are the same, and directly carrying out safety processing on the decision processing unit 5; if the data do not have the same data, sending the processing instruction to the data processing unit 3, and executing the next operation by the data processing unit 3;
the data processing unit 3 is used for receiving the processing instruction of the data judgment and storage unit 2, processing and fusing the collected network security data and the current network security data by means of classification, merging, association analysis and the like, and comprehensively analyzing fused information;
the situation prediction unit 4 is in communication connection with the data processing unit 3 and predicts the development trend of the network security state according to the security state and the historical information of the current network; a security state for assessing network development trends;
the decision processing unit 5 is in communication connection with the data judgment storage unit 2 and the situation prediction unit 4, and performs security processing according to the security state of the evaluated network development trend;
and the feedback unit 6 is in communication connection with the situation prediction unit 4 and the decision processing unit 5, and feeds the security processing result back to the situation prediction unit 4, so that the situation prediction unit 4 can evaluate and feed back the security processing result.
Specifically, the data judgment storage unit 2 is arranged, so that the same safety problem can be found quickly, further, the data can be processed quickly in a mature mode, secondary processing of the data processing unit 3 and the situation prediction unit 4 is avoided, and compared with analysis processing of the data processing unit 3 and the situation prediction unit 4, comparison operation of the data judgment storage unit 2 is simpler and quicker; through the upper feedback unit 6, the processing result can be fed back to the situation prediction unit 4, so that the situation prediction unit 4 can adjust the analysis prediction result, and further the next processing can be more accurate.
As a preferred embodiment of the present invention, the data determining and storing unit 2 includes a storage module 21 and a comparison module 22; the storage module 21 is in communication connection with the comparison module 22;
a storage module 21, configured to store the network status data set, and configured to store a processing policy associated with the network status data set;
a comparison module 22, configured to compare the acquired security history data with the network status data set, and if the obtained security history data and the network status data set have the same data, send the result to the decision processing unit 5; if the data do not have the same data, the processing instruction is sent to the data processing unit 3, and the data processing unit 3 executes the next operation.
The comparison module 22 sends the result with the same data to the decision processing unit 5, and the decision processing unit 5 obtains the association scheme stored in the storage module 21 for processing.
As a preferred embodiment of the present invention, the situation prediction unit 4 is configured to perform learning adjustment on the analysis prediction result according to the feedback result obtained from the feedback unit 6, send the adjusted processing strategy with the identification information to the data judgment storage unit 2, overwrite the original processing strategy with the same identification information in the data judgment storage unit 2, and update the processing strategy inside the data judgment storage unit 2 in time.
As a preferred embodiment of the present invention, the security history data includes various system logs, security logs, vulnerability scan results, audit data, traffic data, host status and host configuration.
The data judgment and storage unit 2 further includes a cleaning module 23, configured to clean the network state data set stored in the comparison module 22 at regular time, and mainly delete network state data that is not used for a long time. The storage module 21 and the comparison module 22 are both in communication connection with the cleaning module 23.
The data judgment storage unit 2 further includes a counting module 24, configured to count called data in the network status data set; and correlates the count data with the network status data to ensure that the comparison module 22 can make calls based on the number of times when calling the data. The storage module 21 and the comparison module 22 are both in communication connection with the comparison module 22.
The comparison module 22 preferably acquires the network state data counted more when performing the comparison operation. Therefore, the problem can be quickly found, and the processing is quicker.
Continuous feedback processing is realized through the upper feedback unit 6, and continuous improvement of a processing scheme is further ensured.
Example 2
Referring to fig. 1 to 3, a processing method of a situation awareness system based on information system network security includes the following steps:
s101: acquiring security history data of a network system;
s102: comparing the safety historical data with the existing network state data set;
s103: judging whether the two are the same, if so, directly sending the same result to the decision processing unit 5, and directly carrying out safety processing by the decision processing unit 5;
s104: if the data do not have the same data, sending the processing instruction to the data processing unit 3, and executing the next operation by the data processing unit 3;
s105: the method comprises the steps of processing and fusing the security data in the acquired network and the current network security data by means of classification, merging, association analysis and the like, and comprehensively analyzing fused information;
s106: predicting the development trend of the network security state according to the security state and the historical information of the current network; a security state for assessing network development trends;
s107: performing security processing according to the security state of the evaluated network development trend;
s108: and feeding back the safety processing result to the situation prediction unit 4, so that the situation prediction unit 4 can evaluate and feed back the safety processing result.
By arranging the data judgment storage unit 2, the same safety problem can be found quickly, further, the data can be processed quickly in a mature mode, the data processing unit 3 and the situation prediction unit 4 are prevented from performing secondary processing, and compared with the analysis processing of the data processing unit 3 and the situation prediction unit 4, the comparison operation of the data judgment storage unit 2 is simpler and quicker; through the upper feedback unit 6, the processing result can be fed back to the situation prediction unit 4, so that the situation prediction unit 4 can adjust the analysis prediction result, and further the next processing can be more accurate.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in sequence as indicated by the arrows, the steps are not necessarily executed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in various embodiments may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (9)
1. A situation awareness system based on information system network security, comprising: the system comprises a data acquisition unit, a data judgment and storage unit, a data processing unit, a situation prediction unit, a decision processing unit and a feedback unit;
the data acquisition unit is used for acquiring the safety historical data of the network system;
the data judgment and storage unit is in communication connection with the data acquisition unit and the data processing unit; the decision processing unit is used for comparing the safety historical data with the existing network state data set, judging whether the safety historical data are the same or not, if so, directly sending the same result to the decision processing unit, and directly carrying out safety processing by the decision processing unit; if the data do not have the same data, sending the processing instruction to the data processing unit, and executing the next operation by the data processing unit;
the data processing unit receives the processing instruction of the data judging and storing unit, processes and fuses the collected network security data and the current network security data by means of classification, merging and correlation analysis, and comprehensively analyzes the fused information;
the situation prediction unit is in communication connection with the data processing unit and predicts the development trend of the network security state according to the security state and the historical information of the current network; a security state for assessing network development trends;
the decision processing unit is in communication connection with the data judgment storage unit and the situation prediction unit and carries out safety processing according to the safety state of the evaluated network development trend;
and the feedback unit is in communication connection with the situation prediction unit and the decision processing unit and feeds the safety processing result back to the situation prediction unit, so that the situation prediction unit can evaluate and feed back the safety processing result conveniently.
2. The situational awareness system based on information system network security of claim 1, wherein the data determination storage unit comprises a storage module and a comparison module; the storage module is in communication connection with the comparison module;
the storage module is used for storing the network state data set and storing processing strategies related to the network state data set;
the comparison module is used for comparing the acquired security history data with the network state data set, and if the comparison has the same data, the result is sent to the decision processing unit; and if the data do not have the same data, sending the processing instruction to the data processing unit, and executing the next operation by the data processing unit.
3. The situational awareness system according to claim 2, wherein the situational prediction unit is configured to perform learning adjustment on the analysis prediction result according to the security processing result obtained from the feedback unit.
4. The situational awareness system according to claim 3, wherein the situational prediction unit is configured to send the adjusted processing policy with identification information to the data judgment storage unit, and to overwrite the original processing policy with the same identification information in the data judgment storage unit.
5. A situational awareness system based on information system network security according to claim 1 wherein said security history data includes various system logs, security logs, vulnerability scan results, audit data, traffic data, host status and host configuration.
6. The situational awareness system based on information system network security of claim 2, wherein the data determination storage unit further comprises a cleaning module, and the cleaning module is configured to perform data cleaning on the network state data set stored in the comparison module at regular time.
7. The situational awareness system based on information system network security of claim 6, wherein the data determination storage unit further comprises a counting module; the counting module is used for counting the called data in the network state data set; and associating the count data with the network status data.
8. The situational awareness system based on information system network security of claim 7, wherein the comparing module preferentially obtains the network status data counted more when performing the comparing operation.
9. A situational awareness system based on information system network security according to any of claims 1-8, characterized in that the processing method of the system comprises the following steps:
acquiring security history data of a network system;
comparing the security history data with the existing network state data set, judging whether the security history data are the same or not, if the security history data are the same, directly sending the same result to a decision processing unit, directly performing security processing by the decision processing unit, if the security history data do not have the same data, sending a processing instruction to a data processing unit, and executing the next operation by the data processing unit;
the method comprises the steps of processing and fusing the security data in the acquired network and the current network security data by means of classification, merging, association analysis and the like, and comprehensively analyzing fused information;
predicting the development trend of the network security state according to the security state and the historical information of the current network; a security state for assessing network development trends;
performing security processing according to the security state of the evaluated network development trend;
and the safety processing result is fed back to the situation prediction unit, so that the situation prediction unit can evaluate and feed back the safety processing result conveniently.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110022975.4A CN112839042B (en) | 2021-01-08 | 2021-01-08 | Situation awareness system based on information system network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110022975.4A CN112839042B (en) | 2021-01-08 | 2021-01-08 | Situation awareness system based on information system network security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112839042A CN112839042A (en) | 2021-05-25 |
| CN112839042B true CN112839042B (en) | 2021-11-23 |
Family
ID=75928512
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110022975.4A Active CN112839042B (en) | 2021-01-08 | 2021-01-08 | Situation awareness system based on information system network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112839042B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113779566A (en) * | 2021-09-08 | 2021-12-10 | 滨州学院 | Computer network security situation sensing system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110445807A (en) * | 2019-08-23 | 2019-11-12 | 瑞森网安(福建)信息科技有限公司 | Network security situation sensing system and method |
| CN110602062A (en) * | 2019-08-27 | 2019-12-20 | 北京邮电大学 | Network active defense method and device based on reinforcement learning |
| EP3152869B1 (en) * | 2014-06-06 | 2020-09-02 | Crowdstrike, Inc. | Real-time model of states of monitored devices |
| CN111740983A (en) * | 2020-06-17 | 2020-10-02 | 郑州云智信安安全技术有限公司 | Computer network security situation sensing system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9954897B2 (en) * | 2016-03-01 | 2018-04-24 | Intelligent Fusion Technology, Inc. | Methods and systems providing cyber security |
-
2021
- 2021-01-08 CN CN202110022975.4A patent/CN112839042B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3152869B1 (en) * | 2014-06-06 | 2020-09-02 | Crowdstrike, Inc. | Real-time model of states of monitored devices |
| CN110445807A (en) * | 2019-08-23 | 2019-11-12 | 瑞森网安(福建)信息科技有限公司 | Network security situation sensing system and method |
| CN110602062A (en) * | 2019-08-27 | 2019-12-20 | 北京邮电大学 | Network active defense method and device based on reinforcement learning |
| CN111740983A (en) * | 2020-06-17 | 2020-10-02 | 郑州云智信安安全技术有限公司 | Computer network security situation sensing system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112839042A (en) | 2021-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105066381B (en) | The method and apparatus for obtaining the repair message of air-conditioning | |
| CN112839042B (en) | Situation awareness system based on information system network security | |
| CN103841096A (en) | Intrusion detection method with matching algorithm automatically adjusted | |
| EP3780824A1 (en) | Radio frequency resource allocation method, apparatus, device and system, and storage medium | |
| CN100502356C (en) | Multilevel aggregation-based abnormal flow control method and system | |
| US20190289479A1 (en) | Adaptive talkgroup selection and resource assignment for listening posts | |
| CN101341692B (en) | Admission control using backup link based on access network in Ethernet | |
| CN111083710A (en) | Intelligent networking method for 5G system | |
| CN117061239B (en) | Method and system for safely uploading and storing operation data of Internet of things terminal | |
| CN113568968A (en) | Grid-based intelligent community big data service system | |
| CN109818831A (en) | A kind of system data dynamic monitoring device and method across private network based on DMZ | |
| CN117041089B (en) | Equipment monitoring system and method for remote data center | |
| CN113727348B (en) | Method, device, system and storage medium for detecting user data of User Equipment (UE) | |
| Slimen et al. | Anomaly prevision in radio access networks using functional data analysis | |
| CN117336033A (en) | Traffic interception method and device, storage medium and electronic equipment | |
| CN115314421B (en) | Quantification management system based on network intelligent platform | |
| CN107454611B (en) | Immune danger wireless sensor network fault diagnosis method based on KNN | |
| CN110738770A (en) | Face recognition forbidden processing method, gate, control end and system | |
| CN109286610A (en) | Service blocking apparatus, method, equipment and storage medium | |
| CN116415045A (en) | Data acquisition method and device, electronic equipment and storage medium | |
| CN113449326A (en) | Industrial big data analysis system based on multi-source heterogeneous data processing | |
| WO2018149664A1 (en) | Method and system for managing telecommunication network apparatuses | |
| CN105812203B (en) | A kind of request message processing method and equipment | |
| CN107819750A (en) | Processing method, device, storage medium, processor and the system of request message | |
| CN110636013B (en) | Dynamic scheduling method and device for message queue |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |