CN113132389A - Network security monitoring system - Google Patents
Network security monitoring system Download PDFInfo
- Publication number
- CN113132389A CN113132389A CN202110432276.7A CN202110432276A CN113132389A CN 113132389 A CN113132389 A CN 113132389A CN 202110432276 A CN202110432276 A CN 202110432276A CN 113132389 A CN113132389 A CN 113132389A
- Authority
- CN
- China
- Prior art keywords
- module
- network
- management
- security
- asset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 83
- 238000004891 communication Methods 0.000 claims abstract description 42
- 238000007726 management method Methods 0.000 claims description 89
- 238000004458 analytical method Methods 0.000 claims description 31
- 238000012550 audit Methods 0.000 claims description 24
- 238000012545 processing Methods 0.000 claims description 16
- 241000700605 Viruses Species 0.000 claims description 10
- 238000007405 data analysis Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 6
- 238000012423 maintenance Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000013499 data model Methods 0.000 claims description 4
- 238000009795 derivation Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 8
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Abstract
The invention discloses a network safety monitoring system, which comprises: the system comprises a data acquisition module, a communication function module and a local management module; the data acquisition module is used for acquiring security event data, user operation data and operation information data of the network system and summarizing the acquired various data; the communication function module is used for providing a communication interface for transmitting various data acquired by the data acquisition module; the local management module is used for managing local resources of the network system. The embodiment of the invention discloses a network security monitoring system which can improve the security of a network system.
Description
Technical Field
The embodiment of the invention relates to a network technology, in particular to a network safety monitoring system.
Background
Network Security (Network Security) refers to that hardware, software and data in the system of a Network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and Network service is not interrupted. The network security comprises network equipment security, network information security and network software security.
The network security problem of the computer should be the same as the fire and theft prevention problem of each household, and the problem of preventing the computer from the fire and the theft is solved. However, the existing network security monitoring system cannot provide protection for the network security of the network system well.
Disclosure of Invention
The invention provides a network security monitoring system which can improve the security of a network system.
In a first aspect, an embodiment of the present invention provides a network security monitoring system, including: the system comprises a data acquisition module, a communication function module and a local management module;
the data acquisition module is used for acquiring security event data, user operation data and operation information data of the network system and summarizing the acquired various data;
the communication function module is used for providing a communication interface for transmitting various data acquired by the data acquisition module;
the local management module is used for managing local resources of the network system.
In a possible implementation manner of the first aspect, a network security monitoring system further includes: the system comprises a security event acquisition module, an operation information module, a security event acquisition and processing module and a service agent module;
the data acquisition module is used for acquiring security event data of the network system through the security event acquisition module, acquiring user operation data of the network system through the operation type module, acquiring operation information data of the network system through the operation information module, summarizing the acquired various data through the acquisition security event summarizing processing module, and providing calling capacity of the security network management platform through the service agent module.
In a possible implementation manner of the first aspect, a network security monitoring system further includes: the system comprises a virus outbreak detection module, an attack event early warning module, a permission change module, an override operation module, an illegal network access module, an illegal equipment access module, a login information module, a user operation information module, a network connection relation module, an equipment running state module, a safe running index module, a hardware running abnormity module, a data analysis processing module, a safe event module, a running abnormity module, an equipment fault module and a network management platform calling module;
the security event acquisition module is used for monitoring viruses through the virus outbreak detection module, monitoring network attacks through the attack event early warning module, monitoring authority change through the authority change module, monitoring unauthorized operation through the unauthorized operation module, monitoring unauthorized network access through the unauthorized network access module and monitoring unauthorized equipment access through the unauthorized equipment access module;
the operation type module is used for acquiring login information through the login information module and acquiring user operation information through the user operation information module;
the operation information module is used for monitoring the network connection relation through the network connection relation module, monitoring the equipment operation state through the equipment operation state module, monitoring the safe operation index through the safe operation index module, monitoring the hardware operation abnormity through the hardware operation abnormity module, analyzing and processing data through the data analysis processing module, collecting the safety event through the safety event module, monitoring the operation abnormity through the operation abnormity module, and monitoring the equipment fault through the equipment fault module;
the service agent module is used for providing platform calling capability through the network management platform calling module.
In a possible implementation manner of the first aspect, the communication function module is further configured to maintain a log of the communication interface and record a system log of the security device.
In a possible implementation manner of the first aspect, a network security monitoring system further includes a log standard protocol maintenance module and a security device system log module;
the communication function module is used for maintaining the log of the communication interface through the log standard protocol maintenance module and recording the system log of the security equipment through the system log module of the security equipment.
In a possible implementation manner of the first aspect, a network security monitoring system further includes: a TCP module, an SNMP module and a TRAP module;
the communication function module is used for carrying out message transmission through the TCP module and the communication interface, carrying out network protocol management through the SNMP module and providing an additional inlet of the SNMP through the TRAP module.
In a possible implementation manner of the first aspect, a network security monitoring system further includes: the system comprises a network protocol management module, a data model base module and a resource object module;
the SNMP module is used for managing the network protocol through the network protocol management module, using the database through the data model base module and searching the resource object through the resource object module.
In a possible implementation manner of the first aspect, the TCP module is specifically configured to allocate a sequence number to each transmitted packet, receive ACK information sent by a packet receiving end, and retransmit the packet when the ACK information is not received within the RTT.
In a possible implementation manner of the first aspect, a network security monitoring system further includes: the system comprises a GUI graph management module, a safety module, a yield analysis module, an alarm management module, a safety audit module, an operation state control module and a safety check module;
the local management module is used for carrying out asset management through the GUI graph management module, carrying out local safety management through the safety module, carrying out alarm management through the local yield analysis of the yield analysis module, providing a safety audit management interface through the safety audit module, carrying out running state control through the running state control module and carrying out safety check through the safety check module.
In a possible implementation manner of the first aspect, a network security monitoring system further includes: the system comprises an asset management module, an asset adding module, an asset deleting module, an asset rewriting module, an asset query module, an asset statistical module, an operation module, a security event module, an operation behavior module, an index analysis module, a trend analysis module, a query module, a derivation and summary module, a login behavior module, an access behavior module and a security event auditing module;
the GUI graph management module is used for managing the asset adding module, the asset deleting module, the asset rewriting module and the asset inquiring module through the asset management module, and adding, deleting, rewriting and inquiring local assets through the asset adding module, the asset deleting module, the asset rewriting module and the asset inquiring module respectively;
the safety module is used for carrying out asset statistics through the asset statistics module, carrying out operation management through the operation module, carrying out safety time management through the safety event module and carrying out operation behavior management through the operation behavior module;
the yield analysis module is used for carrying out index analysis through the index analysis module and carrying out trend analysis through the trend analysis module;
the alarm management module is used for inquiring the alarm event through the inquiry module and exporting the alarm event through the export summary module;
the safety audit module is used for auditing, registering and managing through the login behavior module, auditing, accessing and managing through the access behavior module and providing safety audit data through the safety event audit module.
The network safety monitoring system provided by the embodiment of the invention comprises a data acquisition module, a communication function module and a local management module, wherein the data acquisition module is used for acquiring safety event data, user operation data and operation information data of a network system and summarizing the acquired various data, the communication function module is used for providing a communication interface for transmitting the various data acquired by the data acquisition module, the local management module is used for managing local resources of the network system, the data of the network system can be comprehensively acquired and summarized, the communication interface for remote management is provided, and the controllability and the integrity of the safety management of the network system are improved.
Drawings
Fig. 1 is a schematic structural diagram of a network security monitoring system according to an embodiment of the present invention;
fig. 2 is a functional schematic diagram of a data acquisition module in a network security monitoring system according to an embodiment of the present invention;
fig. 3 is a functional schematic diagram of a communication functional module in a network security monitoring system according to an embodiment of the present invention;
fig. 4 is a functional schematic diagram of a local management module in a network security monitoring system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Fig. 1 is a schematic structural diagram of a network security monitoring system according to an embodiment of the present invention, and as shown in fig. 1, the network security monitoring system according to the embodiment includes:
the system comprises a data acquisition module 11, a communication function module 12 and a local management module 13.
The data acquisition module 11 is used for acquiring security event data, user operation data and operation information data of the network system and summarizing the acquired various data; the communication function module 12 is used for providing a communication interface for transmitting various data acquired by the data acquisition module 11; the local management module 13 is used for managing local resources of the network system.
In an embodiment, the communication function module 12 is further configured to maintain a log of the communication interface and record a system log of the security device.
The network safety monitoring system provided by the embodiment of the invention comprises a data acquisition module, a communication function module and a local management module, wherein the data acquisition module is used for acquiring safety event data, user operation data and operation information data of a network system and summarizing the acquired various data, the communication function module is used for providing a communication interface for transmitting the various data acquired by the data acquisition module, the local management module is used for managing local resources of the network system, the data of the network system can be comprehensively acquired and summarized, the communication interface for remote management is provided, and the controllability and the integrity of the safety management of the network system are improved.
Specific functions of the data acquisition module 11, the communication function module 12, and the local management module 13 in the network security monitoring system shown in fig. 1 are respectively described in detail.
Fig. 2 is a functional schematic diagram of a data acquisition module in a network security monitoring system according to an embodiment of the present invention, and as shown in fig. 2, the network security monitoring system further includes: a security event collection module 14, an operation class module 15, an operation information module 16, a collected security event summary processing module 17 and a service agent module 18. The connection relationship of the modules is shown in fig. 2.
The data acquisition module 11 is used for acquiring security event data of the network system through the security event acquisition module 14, acquiring user operation data of the network system through the operation class module 15, acquiring operation information data of the network system through the operation information module 16, summarizing the acquired various data through the acquired security event summarizing processing module 17, and providing calling capability of the security network management platform through the service agent module 18.
Further, the network security monitoring system shown in fig. 2 may further include: the system comprises a virus outbreak detection module 19, an attack event early warning module 20, a permission changing module 21, an override operation module 22, an illegal network access module 23, an illegal device access module 24, a login information module 25, a user operation information module 26, a network connection relation module 27, a device operation state module 28, a safe operation index module 29, a hardware operation abnormity module 30, a data analysis processing module 31, a safe event module 32, an operation abnormity module 33, a device fault module 34 and a network management platform calling module 35.
The security event collection module 14 is used for monitoring viruses through a virus outbreak detection module 19, monitoring network attacks through an attack event early warning module 20, monitoring authority changes through an authority change module 21, monitoring unauthorized operations through an unauthorized operation module 22, monitoring unauthorized network accesses through an unauthorized network access module 23, and monitoring unauthorized device accesses through an unauthorized device access module 24.
The operation class module 15 is used for collecting login information through the login information module 25 and collecting user operation information through the user operation information module 26.
The operation information module 16 is used for monitoring the network connection relationship through the network connection relationship module 27, monitoring the operation state of the device through the device operation state module 28, monitoring the safe operation index through the safe operation index module 29, monitoring the hardware operation abnormity through the hardware operation abnormity module 30, performing data analysis processing through the data analysis processing module 31, collecting the safety event through the safety event module 32, monitoring the operation abnormity through the operation abnormity module 33, and monitoring the device fault through the device fault module 34.
The service agent module 18 is used to provide platform invocation capabilities through the network management platform invocation module 35.
Fig. 3 is a functional schematic diagram of a communication functional module in a network security monitoring system according to an embodiment of the present invention, and as shown in fig. 3, the network security monitoring system further includes: a log standard protocol maintenance module 36 and a security device system log module 37 are also included. The connection relationship of the modules is shown in fig. 3.
The communication function module 12 is configured to maintain the log of the communication interface through a log standard protocol maintenance module 36, and record the system log of the security device through a security device system log module 37.
Further, the Network security monitoring system shown in fig. 3 may further include a Transmission Control Protocol (TCP) module 38, a Simple Network Management Protocol (SNMP) module 39, and a TRAP (TRAP) module 40.
The communication function module 12 is used for performing message transmission through the TCP module 38 via the communication interface, performing network protocol management through the SNMP module 39, and providing an additional entry of SNMP through the TRAP module 40.
Further, the network security monitoring system shown in fig. 3 may further include a network protocol management module 41, a data model library module 42, and a resource object module 43.
The SNMP module 39 is used for network protocol management by the network protocol management module 41 and searching for resource objects by the resource object module 43 using the database by the database model base module 42.
Further, the TCP module 38 in the network security monitoring system shown in fig. 3 is specifically configured to allocate a sequence number to each transmitted packet, receive Acknowledgement (ACK) information sent by a packet receiving end, and retransmit the packet when the ACK information is not received within Round Trip Time (RTT). The communication function module 12 improves the integrity and auditability of the network security system.
Fig. 4 is a functional schematic diagram of a local management module in a network security monitoring system according to an embodiment of the present invention, and as shown in fig. 4, the network security monitoring system further includes: also included are a Graphical User Interface (GUI) graph management module 44, a security module 45, a yield analysis module 46, an alarm management module 47, a security audit module 48, a run state control module 49, and a security audit module 50. The connection relationship of the modules is shown in fig. 4.
The local management module 13 is configured to perform asset management through the GUI graphics management module 44, perform local security management through the security module 45, perform local yield analysis through the yield analysis module 46, perform alarm management through the alarm management module 47, provide a security audit management interface through the security audit module 48, perform operation state control through the operation state control module 49, and perform security check through the security check module 50.
Further, the network security monitoring system shown in fig. 4 further includes: an asset management module 51, an asset addition module 52, an asset deletion module 53, an asset rewrite module 54, an asset query module 55, an asset statistics module 56, an execution module 57, a security event module 32, an operational behavior module 58, an index analysis module 59, a trend analysis module 60, a query module 61, an export summary module 62, a login behavior module 63, an access behavior module 64, and a security event audit module 65. Wherein the security event module 32 may be the same module as the security event module 32 of fig. 2.
The GUI graphics management module 44 is used for managing the asset adding module 52, the asset deleting module 53, the asset rewriting module 54 and the asset querying module 55 through the asset management module 51, and performing adding, deleting, rewriting and querying management on the local assets through the asset adding module 52, the asset deleting module 53, the asset rewriting module 54 and the asset querying module 55 respectively.
The security module 45 is used for performing asset statistics through an asset statistics module 56, performing operation management through an operation module 57, performing security time management through a security event module 32, and performing operation behavior management through an operation behavior module 58.
The alarm management module 47 is used for querying the alarm event through the query module 61 and exporting the alarm event through the export summary module 62.
The security audit module 48 is used for performing audit registration management through the login behavior module 63, performing audit access management through the access behavior module 64, and providing security audit data through the security event audit module 65.
The network security monitoring system provided by the embodiment of the invention has comprehensiveness in data acquisition, and the security event acquisition modules 14 are respectively used for acquiring security event data, so that virus outbreak can be detected, an attack event can be warned in advance, authority change and unauthorized operation can be detected, and illegal network access and illegal equipment access can be prevented; the operation type module 15 can set login information and user operation information, and the operation information module 16 can check network connection relation, equipment operation state, safe operation index, hardware operation abnormity, data analysis and processing, safety event, operation abnormity, equipment failure and the like. The method can collect and summarize the security events, can report a platform to serve as an agent, provides a security network management platform for calling, and improves the controllability of the network security system.
The network security monitoring system provided by the embodiment of the invention is provided with the security audit module 48, which can audit login information, access behavior information and security events, has the function of security check, and has the functions of asset analysis and security protection, thereby improving the confidentiality and the usability of the network security system.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments illustrated herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A network security monitoring system, comprising: the system comprises a data acquisition module, a communication function module and a local management module;
the data acquisition module is used for acquiring security event data, user operation data and operation information data of the network system and summarizing the acquired various data;
the communication function module is used for providing a communication interface for transmitting various data acquired by the data acquisition module;
the local management module is used for managing local resources of the network system.
2. The network security monitoring system of claim 1, further comprising: the system comprises a security event acquisition module, an operation information module, a security event acquisition and processing module and a service agent module;
the data acquisition module is used for acquiring security event data of a network system through the security event acquisition module, acquiring user operation data of the network system through the operation type module, acquiring operation information data of the network system through the operation information module, summarizing the acquired various data through the acquired security event summarizing processing module, and providing calling capacity of a security network management platform through the service agent module.
3. The network security monitoring system of claim 2, further comprising: the system comprises a virus outbreak detection module, an attack event early warning module, a permission change module, an override operation module, an illegal network access module, an illegal equipment access module, a login information module, a user operation information module, a network connection relation module, an equipment running state module, a safe running index module, a hardware running abnormity module, a data analysis processing module, a safe event module, a running abnormity module, an equipment fault module and a network management platform calling module;
the security event acquisition module is used for monitoring viruses through the virus outbreak detection module, monitoring network attacks through the attack event early warning module, monitoring authority change through the authority change module, monitoring unauthorized operation through the unauthorized operation module, monitoring unauthorized network access through the unauthorized network access module and monitoring unauthorized equipment access through the unauthorized equipment access module;
the operation type module is used for acquiring login information through the login information module and acquiring user operation information through the user operation information module;
the operation information module is used for monitoring the network connection relationship through the network connection relationship module, monitoring the equipment operation state through the equipment operation state module, monitoring the safe operation index through the safe operation index module, monitoring the hardware operation abnormity through the hardware operation abnormity module, analyzing and processing data through the data analysis processing module, acquiring a safety event through the safety event module, monitoring the operation abnormity through the operation abnormity module, and monitoring the equipment fault through the equipment fault module;
the service agent module is used for providing platform calling capability through the network management platform calling module.
4. The network security monitoring system of claim 1, wherein the communication function module is further configured to maintain a log of the communication interface and record a system log of a security device.
5. The network security monitoring system of claim 4, further comprising a log standard protocol maintenance module and a security device system log module;
the communication function module is used for maintaining the log of the communication interface through the log standard protocol maintenance module and recording the system log of the security equipment through the system log module of the security equipment.
6. The network security monitoring system according to claim 4 or 5, further comprising: a Transmission Control Protocol (TCP) module, a Simple Network Management Protocol (SNMP) module and a TRAP module;
the communication function module is used for carrying out message transmission through the TCP module and the communication interface, carrying out network protocol management through the SNMP module and providing an additional inlet of the SNMP through the TRAP module.
7. The network security monitoring system of claim 6, further comprising: the system comprises a network protocol management module, a data model base module and a resource object module;
the SNMP module is used for managing network protocols through the network protocol management module, using a database through the database model base module and searching resource objects through the resource object module.
8. The network security monitoring system according to claim 6, wherein the TCP module is specifically configured to assign a sequence number to each transmitted packet, receive an acknowledgement ACK message sent by a packet receiving end, and retransmit the packet when the ACK message is not received within the round trip delay RTT.
9. The network security monitoring system of claim 1, further comprising: the system comprises a Graphical User Interface (GUI) graphical management module, a safety module, a yield analysis module, an alarm management module, a safety audit module, an operation state control module and a safety check module;
the local management module is used for carrying out asset management through the GUI graph management module, carrying out local safety management through the safety module, carrying out alarm management through the alarm management module through local yield analysis of the yield analysis module, providing a safety audit management interface through the safety audit module, carrying out operation state control through the operation state control module, and carrying out safety check through the safety check module.
10. The network security monitoring system of claim 9, further comprising: the system comprises an asset management module, an asset adding module, an asset deleting module, an asset rewriting module, an asset query module, an asset statistical module, an operation module, a security event module, an operation behavior module, an index analysis module, a trend analysis module, a query module, a derivation and summary module, a login behavior module, an access behavior module and a security event auditing module;
the GUI graph management module is used for managing the asset adding module, the asset deleting module, the asset rewriting module and the asset inquiring module through the asset management module, and adding, deleting, rewriting and inquiring local assets through the asset adding module, the asset deleting module, the asset rewriting module and the asset inquiring module respectively;
the safety module is used for carrying out asset statistics through the asset statistics module, carrying out operation management through the operation module, carrying out safety time management through the safety event module and carrying out operation behavior management through the operation behavior module;
the yield analysis module is used for performing index analysis through the index analysis module and performing trend analysis through the trend analysis module;
the alarm management module is used for inquiring the alarm event through the inquiry module and exporting the alarm event through the export summary module;
the safety audit module is used for auditing, registering and managing through the login behavior module, auditing, accessing and managing through the access behavior module, and providing safety audit data through the safety event audit module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110432276.7A CN113132389A (en) | 2021-04-21 | 2021-04-21 | Network security monitoring system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110432276.7A CN113132389A (en) | 2021-04-21 | 2021-04-21 | Network security monitoring system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113132389A true CN113132389A (en) | 2021-07-16 |
Family
ID=76778793
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110432276.7A Pending CN113132389A (en) | 2021-04-21 | 2021-04-21 | Network security monitoring system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113132389A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114024734A (en) * | 2021-11-01 | 2022-02-08 | 中国华电集团有限公司 | Intelligent network security detection and analysis system based on UEBA |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106534146A (en) * | 2016-11-28 | 2017-03-22 | 北京天行网安信息技术有限责任公司 | Safety monitoring system and method |
CN208227074U (en) * | 2018-02-09 | 2018-12-11 | 鼎信信息科技有限责任公司 | Electric power monitoring system network security monitors terminal |
CN110175451A (en) * | 2019-04-23 | 2019-08-27 | 国家电网公司华东分部 | A kind of method for safety monitoring and system based on electric power cloud |
CN111190876A (en) * | 2019-12-31 | 2020-05-22 | 天津浪淘科技股份有限公司 | Log management system and operation method thereof |
CN111245659A (en) * | 2020-01-13 | 2020-06-05 | 辽宁金晟科技股份有限公司 | Intelligent network management system |
CN112491805A (en) * | 2020-11-04 | 2021-03-12 | 深圳供电局有限公司 | Network security equipment management system applied to cloud platform |
-
2021
- 2021-04-21 CN CN202110432276.7A patent/CN113132389A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106534146A (en) * | 2016-11-28 | 2017-03-22 | 北京天行网安信息技术有限责任公司 | Safety monitoring system and method |
CN208227074U (en) * | 2018-02-09 | 2018-12-11 | 鼎信信息科技有限责任公司 | Electric power monitoring system network security monitors terminal |
CN110175451A (en) * | 2019-04-23 | 2019-08-27 | 国家电网公司华东分部 | A kind of method for safety monitoring and system based on electric power cloud |
CN111190876A (en) * | 2019-12-31 | 2020-05-22 | 天津浪淘科技股份有限公司 | Log management system and operation method thereof |
CN111245659A (en) * | 2020-01-13 | 2020-06-05 | 辽宁金晟科技股份有限公司 | Intelligent network management system |
CN112491805A (en) * | 2020-11-04 | 2021-03-12 | 深圳供电局有限公司 | Network security equipment management system applied to cloud platform |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114024734A (en) * | 2021-11-01 | 2022-02-08 | 中国华电集团有限公司 | Intelligent network security detection and analysis system based on UEBA |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107454109B (en) | Network privacy stealing behavior detection method based on HTTP traffic analysis | |
CN101147143B (en) | Methods and apparatus providing security to computer systems and networks | |
KR100838799B1 (en) | System and operating method of detecting hacking happening for complementary security management system | |
CN1841397B (en) | Aggregating the knowledge base of computer systems to proactively protect a computer from malware | |
CN103563302B (en) | Networked asset information management | |
KR100351306B1 (en) | Intrusion Detection System using the Multi-Intrusion Detection Model and Method thereof | |
US20030084328A1 (en) | Method and computer-readable medium for integrating a decode engine with an intrusion detection system | |
CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
CN113839935B (en) | Network situation awareness method, device and system | |
SE524963C2 (en) | Node and mobile device for a mobile telecommunications network providing intrusion detection | |
CN111628981B (en) | Network security system and method capable of being linked with application system | |
CN103124293A (en) | Cloud data safe auditing method based on multi-Agent | |
Lindqvist et al. | eXpert-BSM: A host-based intrusion detection solution for Sun Solaris | |
CN113364799B (en) | Method and system for processing network threat behaviors | |
CN113438249B (en) | Attack tracing method based on strategy | |
CN116827675A (en) | Network information security analysis system | |
CN114640548A (en) | Network security sensing and early warning method and system based on big data | |
CN113407949A (en) | Information security monitoring system, method, equipment and storage medium | |
KR20030056652A (en) | Blacklist management apparatus in a policy-based network security management system and its proceeding method | |
CN113411295A (en) | Role-based access control situation awareness defense method and system | |
GB2381722A (en) | intrusion detection (id) system which uses signature and squelch values to prevent bandwidth (flood) attacks on a server | |
KR20010104036A (en) | Union security service system using internet | |
KR20170046001A (en) | System and method for improvement invasion detection | |
CN113132389A (en) | Network security monitoring system | |
KR101201629B1 (en) | Cloud computing system and Method for Security Management for each Tenant in Multi-tenancy Environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210716 |
|
RJ01 | Rejection of invention patent application after publication |