CN113536311A - Network security situation sensing system and method based on AI technology - Google Patents

Network security situation sensing system and method based on AI technology Download PDF

Info

Publication number
CN113536311A
CN113536311A CN202110820491.4A CN202110820491A CN113536311A CN 113536311 A CN113536311 A CN 113536311A CN 202110820491 A CN202110820491 A CN 202110820491A CN 113536311 A CN113536311 A CN 113536311A
Authority
CN
China
Prior art keywords
data
module
network
internet
network security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110820491.4A
Other languages
Chinese (zh)
Inventor
黄强
运凯
鲁学仲
李浩升
王庆鹏
马怡璇
康婉晴
田昊苗
杨雪慧
陈伟
赵梅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information and Telecommunication Branch of State Grid Xinjiang Electric Power Co Ltd
Original Assignee
Information and Telecommunication Branch of State Grid Xinjiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information and Telecommunication Branch of State Grid Xinjiang Electric Power Co Ltd filed Critical Information and Telecommunication Branch of State Grid Xinjiang Electric Power Co Ltd
Priority to CN202110820491.4A priority Critical patent/CN113536311A/en
Publication of CN113536311A publication Critical patent/CN113536311A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1464Management of the backup or restore process for networked environments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/906Clustering; Classification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Abstract

The invention discloses a network security situation perception system and a method based on AI technology, comprising an internet terminal, an encryption transmission channel, an internet protection module, a data processing module, a data storage module and a decryption module, wherein the data input module is provided with big data input, mobile terminal data input and direct input, the data input module is connected with the internet terminal through the encryption transmission channel, and the internet terminal is correspondingly connected with the decryption module; the internet terminal is respectively connected with the data processing module, the data storage module and the internet protection module, and the output end of the internet protection module is respectively connected with the network anti-eavesdropping unit, the network tracking unit and the network blocking unit. The invention has good data collection function, high-efficiency and stable AI data processing function, reliable useful data storage function, and good Internet protection function due to the arrangement of the Internet protection module.

Description

Network security situation sensing system and method based on AI technology
Technical Field
The invention belongs to the technical field of network security based on AI technology, and particularly relates to a network security situation perception system and method based on AI technology.
Background
The network security posture value (network security establishment value) is a computer science terminology published in 2018. Through a series of mathematical methods, massive network security information is merged and fused into one group or a plurality of groups of numerical values which can represent the network operation state within a certain value range. In computer science, Artificial Intelligence (AI), sometimes referred to as machine intelligence, is the intelligence exhibited by a machine, as opposed to the natural intelligence exhibited by humans and animals. Colloquially, the term "artificial intelligence" is used to describe machines that mimic the "cognitive" functions of humans in connection with other human thoughts, such as "learning" and "problem solving.
At present, when the network security situation perception system based on the AI technology is in actual use, a good data collection function is lacked, efficient, reliable, safe and comprehensive data collection work cannot be carried out, a high-efficient and stable AI data processing function is lacked, a reliable useful data storage function is lacked, actual useful data cannot be well stored, and a good internet protection function is lacked.
Disclosure of Invention
The invention aims to provide a network security situation awareness system and method based on an AI technology, and aims to solve the problems.
The invention is mainly realized by the following technical scheme:
a network security situation perception system based on AI technology comprises an internet terminal, an encryption transmission channel, an internet protection module, a data processing module, a data storage module and a decryption module, wherein the data input module is provided with big data input, mobile terminal data input and direct input, the data input module is connected with the internet terminal through the encryption transmission channel, and the internet terminal is correspondingly connected with the decryption module; the internet terminal is respectively connected with the data processing module, the data storage module and the internet protection module, and the output end of the internet protection module is respectively connected with the network eavesdropping prevention unit, the network tracking unit and the network blocking unit; the data processing module is used for classifying data received by the internet terminal and analyzing and evaluating network security situation; the data storage module is used for storing data processed by the internet terminal; the internet protection module is used for performing internet protection work on the internet terminal.
In order to better realize the invention, the system further comprises a data analysis processing unit connected with the data input module, wherein the data analysis processing unit is used for analyzing and processing the data input to the data input module, integrating a simulation process by utilizing data of a physical model, a sensor and an operation history, carrying out a trial operation work through a simulation construction model, and finding and filtering out bad information and virus programs.
In order to better realize the invention, the data processing module is respectively connected with the AI processing module and the AI co-processing module, the AI co-processing module is used for performing segmented group data processing, performing whole-segment group data processing through the AI processing module, separating a targeted ground data processing mode, constructing a data model, extracting outline data of different levels of the model, automatically generating situation network data, planning external situation path data, realizing efficient data retrieval and association updating, further integrating cloud big data organization and data, and cooperatively matching an internet terminal to perform good data interaction with a client terminal.
In order to better implement the present invention, the data storage module is further connected to the cloud data storage platform and the data storage hard disk respectively.
The invention is mainly realized by the following technical scheme:
a network security situation perception method based on AI technology is carried out by adopting the network security situation perception system, and comprises the following steps:
s1, inputting network data to a data input module in a large data input data, mobile terminal data input and direct input mode, filtering the network data by the data input module, and transmitting the network data to an Internet terminal through an encryption transmission channel, wherein the Internet terminal can decrypt the encrypted data through a decryption module;
s2, the Internet terminal processes the data transmitted by the data processing module, classifies the data by the AI processing module and the AI co-processing module, and analyzes and evaluates the network security situation;
s3, the internet terminal transmits the processed data to a data storage module, the data storage module can back up useful data through a cloud data storage platform, and data entity storage is carried out through a data storage hard disk;
and S4, aiming at the evaluation data obtained by analysis, the Internet terminal performs Internet protection work through an Internet protection module.
In order to better implement the present invention, in step S2, a normal index is preset as a reference value, multiple times of simulation operations are performed, the current simulation result is intelligently analyzed and compared, whether hidden danger or risk exists is evaluated, and the hidden danger or risk is automatically reported and followed up, so as to complete the network security situation awareness operation.
In order to better implement the present invention, in step S4, the network anti-eavesdropping unit, the network tracking unit, and the network blocking unit perform network anti-eavesdropping, network unauthorized access tracking, and network unauthorized access blocking and intercepting operations, and construct a network security situation awareness work table, where the table format presents data of the commissioning status, the running time, and the interruption time, and a manager can check the dynamic table at each time point in the background, and perform fast tracking processing if an abnormality or a hidden trouble occurs.
The invention has the beneficial effects that:
(1) the invention has good data collection function by setting a multi-data input mode and data filtering, can carry out high-efficiency, reliable, safe and comprehensive data collection work, is provided with the AI processing module and the AI co-processing module, and has high-efficiency and stable AI data processing function;
(2) the cloud data storage platform and the entity data storage hard disk are arranged, so that the cloud data storage hard disk has a reliable useful data storage function, actual useful data can be well stored, and meanwhile, the Internet protection module is arranged, so that a good Internet protection effect can be achieved;
(3) the intelligent data acquisition system has a good data acquisition function by setting a multi-data input mode and data filtering, can perform efficient, reliable, safe and comprehensive data acquisition work, is provided with the AI processing module and the AI co-processing module, has a high-efficiency and stable AI data processing function, has a reliable useful data storage function by setting the cloud data storage platform and the entity data storage hard disk, can well store actual useful data, and can play a good internet protection role by setting the internet protection module.
Drawings
FIG. 1 is a schematic diagram of the system of the present invention.
Detailed Description
The embodiments of the present invention will be further described with reference to the accompanying drawings.
Example 1:
a network security situation perception system based on AI technology, as shown in figure 1, comprises an internet terminal, wherein the internet terminal is connected with an encryption transmission channel, a decryption module, an internet protection module, a data processing module and a data storage module;
the data storage module is connected with a cloud data storage platform and a data storage hard disk, the data processing module is connected with an AI processing module and an AI co-processing module, the internet protection module is connected with a network anti-eavesdropping unit, a network tracking unit and a network blocking unit, the encryption transmission channel is connected with a data input module, the data input module is provided with big data input, mobile terminal data input and direct input, and the data input module is connected with a data analysis processing unit.
Furthermore, the data analysis processing unit can analyze and process the data input to the data input module, namely, the data such as a physical model, a sensor, operation history and the like are fully utilized, a multidisciplinary and multiscale simulation process is integrated, a model is constructed through simulation, then test operation work is carried out, and bad information and virus programs are found and filtered out.
Furthermore, the data processing module can perform fragment-type group data processing through the AI co-processing module, perform whole-segment type group data processing through the AI processing module, separate a targeted ground data processing mode, construct a data model, extract outline data of different levels of the model, automatically generate situation network data, plan external situation path data and the like, and finally perform efficient data retrieval and correlation updating, so that cloud-side big data organization and data fusion are realized, and the data processing module can cooperate with an internet terminal to perform good data interaction with a client terminal and improve the data processing efficiency.
The intelligent data acquisition system has a good data acquisition function by setting a multi-data input mode and data filtering, can perform efficient, reliable, safe and comprehensive data acquisition work, is provided with the AI processing module and the AI co-processing module, has a high-efficiency and stable AI data processing function, has a reliable useful data storage function by setting the cloud data storage platform and the entity data storage hard disk, can well store actual useful data, and can play a good internet protection role by setting the internet protection module.
Example 2:
a network security situation perception method based on AI technology is carried out by adopting the network security situation perception system, and comprises the following steps:
s1, network data can be input into a data input module through modes of big data input data, mobile terminal data input, direct input and the like, the network data are filtered by the data input module and then transmitted to an internet terminal through an encryption transmission channel, and the internet terminal can decrypt encrypted data through a decryption module;
s2, the Internet terminal can process data transmitted by the data processing module, classify the data by the AI processing module and the AI co-processing module, analyze the data in a targeted manner, analyze and evaluate the network security situation by means of the existing mathematical model and the network security model, namely, presetting a normal index as a reference value, carrying out a plurality of times of analog simulation work, intelligently analyzing and comparing the current analog simulation result, evaluating whether hidden danger or risk exists, automatically reporting and following, preventing the hidden danger, and further finishing the network security situation sensing work;
s3, the internet terminal transmits the processed useful data to the data storage module, the data storage module can back up the useful data through the cloud data storage platform, and data entity storage is carried out through the data storage hard disk, so that the safety of the useful data is guaranteed;
s4, aiming at the analyzed evaluation data, the internet terminal can perform internet protection work through an internet protection module, namely, the internet terminal performs the work of network eavesdropping prevention, network illegal access tracking and network illegal access blocking interception through the network eavesdropping prevention unit, the network tracking unit and the network blocking unit, and a network security situation perception work table is constructed, the data of the trial operation state, the operation time, the interruption time and the like are presented in a table format, the network situation collapse is effectively prevented, the perception level of the whole network security situation is improved, real-time visual supervision is adopted, and a manager can check the dynamic table of each time point at a background, if abnormity or hidden danger occurs, the rapid tracking processing is facilitated.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and all simple modifications and equivalent variations of the above embodiments according to the technical spirit of the present invention are included in the scope of the present invention.

Claims (7)

1. A network security situation perception system based on AI technology is characterized by comprising an internet terminal, an encryption transmission channel, an internet protection module, a data processing module, a data storage module and a decryption module, wherein the data input module is provided with big data input, mobile terminal data input and direct input, the data input module is connected with the internet terminal through the encryption transmission channel, and the internet terminal is correspondingly connected with the decryption module; the internet terminal is respectively connected with the data processing module, the data storage module and the internet protection module, and the output end of the internet protection module is respectively connected with the network eavesdropping prevention unit, the network tracking unit and the network blocking unit; the data processing module is used for classifying data received by the internet terminal and analyzing and evaluating network security situation; the data storage module is used for storing data processed by the internet terminal; the internet protection module is used for performing internet protection work on the internet terminal.
2. The AI-technology-based network security situation awareness system of claim 1, further comprising a data analysis and processing unit connected to the data input module, wherein the data analysis and processing unit is configured to analyze data input to the data input module, integrate a simulation process with data of a physical model, a sensor and an operation history, perform a test run operation via a simulation building model, and discover and filter out unwanted information and virus programs.
3. The AI-technology-based network security situation awareness system of claim 1, wherein the data processing module is connected to the AI processing module and the AI co-processing module, respectively, and the AI co-processing module is configured to perform segment-wise group data processing, perform whole-segment-wise group data processing through the AI processing module, separate a point-wise ground data processing manner, construct a data model, extract different-level outline data of the model, automatically generate situation network data, and plan external situation path data, thereby implementing efficient data retrieval and association update, further integrating cloud-side big data organization and data, and cooperatively cooperating with an Internet terminal to perform good data interaction with a client terminal.
4. The AI-technology-based network security situation awareness system of claim 1, wherein the data storage module is connected to the cloud data storage platform and the data storage hard disk respectively.
5. A network security situation awareness method based on AI technology, which is performed by the network security situation awareness system of any one of claims 1-4, and comprises the following steps:
s1, inputting network data to a data input module in a large data input data, mobile terminal data input and direct input mode, filtering the network data by the data input module, and transmitting the network data to an Internet terminal through an encryption transmission channel, wherein the Internet terminal can decrypt the encrypted data through a decryption module;
s2, the Internet terminal processes the data transmitted by the data processing module, classifies the data by the AI processing module and the AI co-processing module, and analyzes and evaluates the network security situation;
s3, the internet terminal transmits the processed data to a data storage module, the data storage module can back up useful data through a cloud data storage platform, and data entity storage is carried out through a data storage hard disk;
and S4, aiming at the evaluation data obtained by analysis, the Internet terminal performs Internet protection work through an Internet protection module.
6. The AI-technology-based network security situation awareness method of claim 5, wherein in step S2, a normal index is preset as a reference value, and multiple simulation runs are performed, and the current simulation result is intelligently analyzed and compared to evaluate whether hidden danger or risk exists, and then reported and followed automatically, thereby completing the network security situation awareness work.
7. The AI-technology-based network security situation awareness method according to claim 5, wherein in step S4, network eavesdropping prevention, network unauthorized access tracking, and network unauthorized access blocking interception are performed through the network eavesdropping prevention unit, the network tracking unit, and the network blocking unit, and a network security situation awareness working table is constructed, which presents data of the commissioning status, the running time, and the interruption time in a table format, and a manager can check the dynamic table at each time point in the background, and perform fast tracking processing if an abnormality or a hidden danger occurs.
CN202110820491.4A 2021-07-20 2021-07-20 Network security situation sensing system and method based on AI technology Pending CN113536311A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110820491.4A CN113536311A (en) 2021-07-20 2021-07-20 Network security situation sensing system and method based on AI technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110820491.4A CN113536311A (en) 2021-07-20 2021-07-20 Network security situation sensing system and method based on AI technology

Publications (1)

Publication Number Publication Date
CN113536311A true CN113536311A (en) 2021-10-22

Family

ID=78100502

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110820491.4A Pending CN113536311A (en) 2021-07-20 2021-07-20 Network security situation sensing system and method based on AI technology

Country Status (1)

Country Link
CN (1) CN113536311A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547526A (en) * 2017-08-17 2018-01-05 北京奇安信科技有限公司 The data processing method and device combined a kind of cloud
CN107623697A (en) * 2017-10-11 2018-01-23 北京邮电大学 A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model
CN108418841A (en) * 2018-05-18 2018-08-17 广西电网有限责任公司 Next-generation key message infrastructure network Security Situation Awareness Systems based on AI
CN108494803A (en) * 2018-05-24 2018-09-04 广西电网有限责任公司 Polynary heterogeneous network secure data visualization system based on artificial intelligence
CN108696529A (en) * 2018-05-29 2018-10-23 广西电网有限责任公司 Network security situation awareness analysis system based on multivariate information fusion
CN110400183A (en) * 2019-07-31 2019-11-01 电子科技大学中山学院 Data analysis system of electronic commerce platform
CN110493179A (en) * 2019-07-04 2019-11-22 湖北央中巨石信息技术有限公司 Network security situation awareness model and method based on time series
CN112583842A (en) * 2020-12-23 2021-03-30 黑龙江省网络空间研究中心 Network security situation awareness system platform based on data stream processing
US20210194924A1 (en) * 2019-08-29 2021-06-24 Darktrace Limited Artificial intelligence adversary red team

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547526A (en) * 2017-08-17 2018-01-05 北京奇安信科技有限公司 The data processing method and device combined a kind of cloud
CN107623697A (en) * 2017-10-11 2018-01-23 北京邮电大学 A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model
CN108418841A (en) * 2018-05-18 2018-08-17 广西电网有限责任公司 Next-generation key message infrastructure network Security Situation Awareness Systems based on AI
CN108494803A (en) * 2018-05-24 2018-09-04 广西电网有限责任公司 Polynary heterogeneous network secure data visualization system based on artificial intelligence
CN108696529A (en) * 2018-05-29 2018-10-23 广西电网有限责任公司 Network security situation awareness analysis system based on multivariate information fusion
CN110493179A (en) * 2019-07-04 2019-11-22 湖北央中巨石信息技术有限公司 Network security situation awareness model and method based on time series
CN110400183A (en) * 2019-07-31 2019-11-01 电子科技大学中山学院 Data analysis system of electronic commerce platform
US20210194924A1 (en) * 2019-08-29 2021-06-24 Darktrace Limited Artificial intelligence adversary red team
CN112583842A (en) * 2020-12-23 2021-03-30 黑龙江省网络空间研究中心 Network security situation awareness system platform based on data stream processing

Similar Documents

Publication Publication Date Title
CN112804196A (en) Log data processing method and device
CN105471882A (en) Behavior characteristics-based network attack detection method and device
CN109165337B (en) Method and system for establishing bid and ask field association analysis based on knowledge graph
CN112541022A (en) Abnormal object detection method, abnormal object detection device, storage medium and electronic equipment
CN110602041A (en) White list-based Internet of things equipment identification method and device and network architecture
CN116781430B (en) Network information security system and method for gas pipe network
CN107360152A (en) A kind of Web based on semantic analysis threatens sensory perceptual system
CN108512841A (en) A kind of intelligent system of defense and defence method based on machine learning
CN102045357A (en) Affine cluster analysis-based intrusion detection method
CN113824682A (en) Modular SCADA security situation perception system architecture
CN114598551A (en) Information network security early warning system for dealing with continuous threat attack
CN115309913A (en) Deep learning-based financial data risk identification method and system
CN113516565A (en) Intelligent alarm processing method and device for power monitoring system based on knowledge base
CN115330129A (en) Enterprise safety risk early warning analysis method and system
CN112288317B (en) Industrial big data analysis platform and method based on multi-source heterogeneous data governance
CN113536311A (en) Network security situation sensing system and method based on AI technology
CN113194080A (en) Network security system based on cloud computing and artificial intelligence
Chimphlee et al. A Rough-Fuzzy Hybrid Algorithm for computer intrusion detection
CN115640606A (en) Data visualization method and system based on safety
Zhang Application of Artificial Intelligence Technology in Computer Network Security.
KR102357630B1 (en) Apparatus and Method for Classifying Attack Tactics of Security Event in Industrial Control System
Xu Research on network intrusion detection method based on machine learning
CN113849636A (en) Big data analysis modeling prediction method based on artificial intelligence
KR20210152817A (en) Apparatus and method for identifying focused monitoring information among security event of heterogeneous systems
CN111274234A (en) Machine scoring system and method based on data analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211022

RJ01 Rejection of invention patent application after publication