CN113612641A - Efficient log flow acquisition and intelligent analysis system based on energy network - Google Patents
Efficient log flow acquisition and intelligent analysis system based on energy network Download PDFInfo
- Publication number
- CN113612641A CN113612641A CN202110885211.8A CN202110885211A CN113612641A CN 113612641 A CN113612641 A CN 113612641A CN 202110885211 A CN202110885211 A CN 202110885211A CN 113612641 A CN113612641 A CN 113612641A
- Authority
- CN
- China
- Prior art keywords
- event
- merging
- module
- data
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 32
- 238000013500 data storage Methods 0.000 claims abstract description 30
- 238000012545 processing Methods 0.000 claims abstract description 21
- 238000000034 method Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 6
- 230000009471 action Effects 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 abstract description 5
- 238000012544 monitoring process Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000002955 isolation Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005034 decoration Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2255—Hash tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2462—Approximate or statistical queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Probability & Statistics with Applications (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computational Linguistics (AREA)
- Mathematical Physics (AREA)
- Fuzzy Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an efficient log traffic acquisition and intelligent analysis system based on an energy network, which comprises a data acquisition module, an intelligent data analysis module, a merging event processing module, a data storage module and an original data encryption module, wherein the data acquisition module is used for acquiring a log traffic; the data acquisition module receives acquisition information transmitted by different devices; the data intelligent analysis module sends the acquired information to the data storage module for storage, judges whether the acquired information is an event or not, and converts the acquired information into the event if the acquired information is the event; judging whether the event is a merging event, if so, sending the event to a merging event processing module, and if not, sending the event to a data storage module for storage; the merging event processing module counts the merging number of different events in a period of time, and then sends all merging events to the data storage module at regular time through the timer; the data storage module stores the collected events and the collected information by using a database; the original data encryption module encrypts original flow data.
Description
Technical Field
The application relates to the field of energy networks, in particular to an efficient log flow acquisition and intelligent analysis system based on an energy network.
Background
In recent years, an energy system becomes an important attack target of international network battles, the safety protection of the energy monitoring system bears huge pressure, and a general safety product is generally based on network flow and message analysis technology, mainly monitors and analyzes internet general services and protocols, and is not the best choice for the energy network monitoring system which has the advantages of network space isolation, relative determination of equipment and users, private controllability of network services and no operation under normal conditions; meanwhile, in the existing acquisition technology, log information of network equipment is acquired by configuring a log module of the equipment in an energy network and by a syslog mode, so that the supported equipment types are few, the event types are single, and the repeated logs are lack of merging processing, so that the repeated logs are displayed too much, and the cost for a user to search for the event causes is increased; in addition, the current traffic collection and reporting platform does not encrypt the message, and has risks of tampering and information stealing, so that a system suitable for an energy monitoring system, equipment event-oriented network data collection and analysis, and traffic uploading to a remote platform is urgently needed to be developed.
Disclosure of Invention
In view of this, the invention provides an efficient log traffic collection and intelligent analysis system based on an energy network.
Specifically, the invention is realized by the following technical scheme:
the invention provides an efficient log flow acquisition and intelligent analysis system based on an energy network, which comprises:
the system comprises a data acquisition module, a data intelligent analysis module, a merging event processing module, a data storage module and an original data encryption module;
the data acquisition module receives acquisition information uploaded by different devices and sends the acquisition information to the data intelligent analysis module;
the data intelligent analysis module sends the acquired information to the data storage module for storage, judges whether the acquired information is an event or not, and converts the acquired information into the event if the acquired information is the event; judging whether the event is a merging event, if so, sending the merging event to a merging event processing module, and if not, sending the merging event to a data storage module for storage;
the merging event processing module counts the merging number of different events in a period of time, and then sends all merging events to the data storage module at regular time through the timer;
the data storage module stores the acquired events and the acquired information by using a mysql database;
the original data encryption module carries out AES encryption on original flow data to prevent the data from being tampered or stolen and analyzed.
Preferably, the specific method for converting the collected information into the event is as follows: and acquiring the equipment or system, the event type and the sub-event type content in the acquired information by using a searching and intercepting mode.
Preferably, the specific method for judging whether the event is a merge event is as follows: grouping according to the formats of the event library and the merging event library, and then matching with the merging event library and the event library by using an efficient matching algorithm.
Preferably, the matching algorithm comprises: and calculating a hash value by utilizing a left and right removing hash algorithm and creating a hash table to quickly find the event node needing to be deduplicated.
Preferably, the matching algorithm steps are as follows:
the first step is as follows: adopting a left and right removal hash table algorithm to create a hash table, and calculating a hash value based on IP;
the second step is that: judging whether the IP values in the hash table are equal, if so, considering that an IP node is created before, and if not, creating a new IP hash node;
the third step: analyzing the device or system type and the event type of the event by using the merge event library, judging whether the statistic of the event type is 0, and directly sending the event type to a data storage module if the statistic of the event type is 0 for representing the first time; and if not, counting the merging times.
Preferably, the event library and the merge event library are composed of a device or system, an event type and a sub-event type.
Preferably, the event library and the merge event library are in the specific format:
the event type of the equipment or system type is a sub-event type, wherein the event type is represented by A, and the sub-event type is represented by B; the concrete expression is as follows: device or system type AB.
Preferably, before sending to the data storage module for storage, the method further includes: converting the collected information into a message format of a collected event; the specific form of the message format is as follows:
< level > < space > date < space > time < space > device or system < space > action < space > cause.
Preferably, the specific algorithm for the merging event processing module to count the number of merging events is as follows:
the variable t represents a period of time, the variable pre _ count represents that a certain event merging statistic is sent at last time regularly, the variable now _ count represents that the event merging statistic is sent within the t time, and the time represents that the merging event generates an event and is updated once every time; the statistics in the time period t are as follows: now _ count-pre _ count;
and recording time, comparing the time when the events are sent at regular time, and judging the merging probability of the subsequent events.
Preferably, the recording time is used for time comparison during timing transmission, and the specific process of judging the probability of merging the subsequent occurrences of the event is as follows:
polling a hash table at regular time through an independent thread to judge whether a new event is generated, if the new event is generated, updating the repetition times of the event, sending the event to a data storage module, and assigning a value of the now _ count to a pre _ count after the event is sent; if no new event is generated, whether the difference between the time value of the IP node and the current time value is 30S or not is checked, if the difference is 30S, the IP node is considered to be in 30S, no new event is generated, the probability that a merging event appears behind the IP node is considered to be relatively low, the IP node is deleted, and the number of traversal times is reduced.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages:
the method provided by the embodiment of the application,
1) the modules of data acquisition, intelligent analysis, data storage and event merging and processing are integrated, so that the energy network acquisition system is simpler and more efficient in structure;
2) the establishment of the event library is convenient for quickly matching the event types;
3) the number of the collected objects is large, and more device type logs can be obtained;
4) the traffic adopts encryption processing to prevent information from being stolen and tampered.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a block diagram of a log traffic collection and intelligent analysis system based on energy network efficiency according to an embodiment of the present invention;
FIG. 2 is a flow diagram of an intelligent analysis of data modular filtering event provided by an embodiment of the present invention;
FIG. 3 is a flow chart of determining a merge event according to an embodiment of the present invention;
fig. 4 is a deployment network topology of the intelligent analysis system according to the embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1:
as shown in fig. 1, in the log traffic collection and intelligent analysis system based on energy network and high efficiency provided in the embodiment of the present application, as shown in fig. 4, service ports of the log traffic collection and intelligent analysis system are respectively connected to a dispatch data network switch and a station control layer switch, and the system includes:
the system comprises a data acquisition module, a data intelligent analysis module, a merging event processing module, a data storage module and an original data encryption module;
the data acquisition module receives acquisition information uploaded by different devices, supports acquisition information collection of various device types, and specifically comprises the following steps: the system comprises network equipment (a switch), safety protection equipment (a firewall, a transverse and longitudinal isolation device and intrusion detection equipment), a database, host equipment (a telecontrol machine server, a monitoring host, a workstation and the like), and an intelligent data analysis module, wherein the collected information is sent to the intelligent data analysis module; for receiving data acquisition information transmitted by different devices, the used message channels are different, and the receiving function of each message channel needs to be realized; the specific message channels are shown in the following table:
the method comprises the steps that a multithreading and libervent asynchronous communication mechanism is utilized to receive acquisition information sent by acquisition equipment in a power network, the efficiency of receiving information is improved, the acquisition information acquired by different threads is placed into different queues in a multi-queue processing mode, and a data intelligent analysis module is convenient to analyze data;
the message format GB/T31992 is specifically as follows:
< level > < space > date < space > time < space > device or system < space > action < space > cause < space > device
The reason is in the format:
< event type > < space > < event subtype > < space > < content >
The behavior is defined as a device type, and the specific device type is as follows:
| FW | fire wall |
| FID | Transverse positive isolating device |
| BID | Transverse directionReverse isolation device |
| SVR | Server |
| SW | Switch |
| VEAD | Longitudinal encryption device |
| AV | Anti-virus system |
| IDS | Intrusion detection system |
| DB | Database with a plurality of databases |
| DCD | Network safety monitoring device |
As shown in fig. 2, the intelligent data analysis module sends the collected information to a data storage module for storage, and determines whether the collected information is an event, and if the collected information is an event, the collected information is converted into an event, and the specific method includes: acquiring the equipment or system, the event type and the sub-event type content in the acquired information by using a searching and intercepting mode; judging whether the event is a merging event, if the event is the merging event, sending the merging event to the merging event processing module, and if the event is not the merging event, converting the acquired information into the information format of the acquired event and sending the information format to the data storage module for storage; the specific form of the message format is as follows:
< level > < space > date < space > time < space > device or system < space > behavior < space > cause;
the specific method for judging whether the event is a merging event comprises the following steps: grouping according to the formats of the event library and the merging event library, and then matching with the merging event library and the event library by utilizing an efficient matching algorithm;
the matching algorithm comprises: by utilizing a left-and-right removing hash algorithm and by creating a hash table, calculating a hash value and quickly finding out event nodes needing to be subjected to duplicate removal, the traditional duplicate removal processing usually traverses comparison items one by one, and the efficiency is low and the processing is complicated;
as shown in fig. 3, the matching algorithm steps are as follows:
the first step is as follows: adopting a left and right removal hash table algorithm to create a hash table, and calculating a hash value based on IP;
the second step is that: judging whether the IP values in the hash table are equal, if so, considering that an IP node is created before, and if not, creating a new IP hash node;
the third step: analyzing the device or system type and the event type of the event by using the merge event library, judging whether the statistic of the event type is 0, if the statistic of the event type is 0, representing that the event type is the first time, directly sending the event type to a data storage module; if not, counting the merging times;
the event library and the merging event library consist of equipment or a system, an event type and a sub-event type;
the specific form of the event library and the merge event library is as follows:
the event type of the equipment or system type is a sub-event type, wherein the event type is represented by A, and the sub-event type is represented by B; the concrete expression is as follows: device or system type A B;
the specific expression is shown in the following table:
| apparatus or systems | Event type | Sub-event type | Event library form |
| FW | A | B | FW A B |
| FID | A | B | FID A B |
| SVR | A | B | SVR A B |
The merging event processing module counts the merging number of different events within a period of time, and then sends all merging events to the data storage module at regular time through the timer, so that the same events are prevented from being reported continuously and repeatedly within a period of time, the storage space is saved, and the efficiency of searching the events by a user is improved;
as shown in fig. 3, the specific algorithm for the merge event processing module to count the number of merge events is as follows:
the variable t represents a period of time, the variable pre _ count represents that a certain event merging statistic is sent at last time regularly, the variable now _ count represents that the event merging statistic is sent within the t time, and the time represents that the merging event generates an event and is updated once every time; the statistics in the time period t are as follows: now _ count-pre _ count;
the method can accurately calculate the number of repetitions of the same event in a period of time by storing pre _ count and not _ count, wherein the time is recorded for time comparison during timing transmission, the subsequent merging probability of the event is judged, the number of traversal times is reduced, the traversal efficiency is improved, the existing merging technology does not usually have time comparison and judgment, data storage redundancy is caused, a storage memory is consumed, the number of traversal times is increased, the merging efficiency is reduced, and the specific process is as follows:
polling a hash table at regular time through an independent thread to judge whether a new event is generated, if the new event is generated, updating the repetition times of the event, sending the event to a data storage module, and assigning a value of the now _ count to a pre _ count after the event is sent; if no new event is generated, whether the time value of the IP node is 30S different from the current time value is checked, if the time value of the IP node is 30S different, the IP node is considered to be in 30S and no new event is generated, the probability of a merging event appearing behind the IP node is considered to be relatively low, the IP node is deleted, and the number of traversal times is reduced;
the data storage module stores the collected events and the collected information by using a mysql database, the stored collected information is stored for at least 3 months, and the event information is stored for one year;
the original data encryption module carries out AES encryption on original flow data to prevent the data from being tampered or stolen and analyzed; and a new process is started, and the acquisition and encryption of user flow are carried out, so that the acquisition efficiency is ensured.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. An efficient log traffic collection and intelligent analysis system based on an energy network, the system comprising: the system comprises a data acquisition module, a data intelligent analysis module, a merging event processing module, a data storage module and an original data encryption module;
the data acquisition module receives acquisition information uploaded by different devices and sends the acquisition information to the data intelligent analysis module;
the data intelligent analysis module sends the acquired information to a data storage module for storage, judges whether the acquired information is an event or not, and converts the acquired information into the event if the acquired information is the event; judging whether the event is a merging event, if so, sending the merging event to the merging event processing module, and if not, sending the merging event to the data storage module for storage;
the merging event processing module counts merging numbers of different events within a period of time, and then sends all merging events to the data storage module at regular time through the timer;
the data storage module stores the acquired events and the acquired information by using a mysql database;
the original data encryption module carries out AES encryption on original flow data to prevent the data from being tampered or stolen and analyzed.
2. The system for efficient log traffic collection and intelligent analysis based on energy network as claimed in claim 1, wherein the specific method for converting the collected information into events is: and acquiring the equipment or system, the event type and the sub-event type content in the acquired information by using a searching and intercepting mode.
3. The system for efficient log traffic collection and intelligent analysis based on an energy network as claimed in claim 2, wherein the specific method for determining whether the event is a merge event is as follows: grouping according to the formats of the event library and the merging event library, and then matching with the merging event library and the event library by using an efficient matching algorithm.
4. The energy-efficient log traffic collection and intelligent analysis system according to claim 3, wherein the matching algorithm comprises: and calculating a hash value by utilizing a left and right removing hash algorithm and creating a hash table to quickly find the event node needing to be deduplicated.
5. The energy-network-efficient log traffic collection and intelligent analysis system according to claim 4, wherein the matching algorithm comprises the following steps:
the first step is as follows: adopting a left and right removal hash table algorithm to create a hash table, and calculating a hash value based on IP;
the second step is that: judging whether the IP values in the hash table are equal, if so, considering that an IP node is created before, and if not, creating a new IP hash node;
the third step: analyzing the device or system type and the event type of the event by using the merge event library, judging whether the statistic of the event type is 0, if the statistic of the event type is 0, representing that the event type is the first time, directly sending the event type to a data storage module; and if not, counting the merging times.
6. The energy-efficient network-based log traffic collection and intelligent analysis system of claim 3, wherein the event repository and merge event repository consists of devices or systems, event types and sub-event types.
7. The energy-efficient log traffic collection and intelligent analysis system according to claim 6, wherein the event library and the merge event library are in the format of:
the event type of the equipment or system type is a sub-event type, wherein the event type is represented by A, and the sub-event type is represented by B; the concrete expression is as follows: device or system type AB.
8. The energy-efficient log traffic collection and intelligent analysis system according to claim 1, wherein before sending to the data storage module for storage, the system further comprises: converting the collected information into a message format of a collected event; the specific form of the message format is as follows:
< level > < space > date < space > time < space > device or system < space > action < space > cause.
9. The efficient log traffic collection and intelligent analysis system based on energy network as claimed in claim 5, wherein the specific algorithm for the merging event processing module to count the number of merging events is:
the variable t represents a period of time, the variable pre _ count represents that a certain event merging statistic is sent at last time regularly, the variable now _ count represents that the event merging statistic is sent within the t time, and the time represents that the merging event generates an event and is updated once every time; the statistics in the time period t are as follows: now _ count-pre _ count;
and recording time, comparing the time when the events are sent at regular time, and judging the merging probability of the subsequent events.
10. The system for efficient log traffic collection and intelligent analysis based on an energy network as claimed in claim 9, wherein the recording time is used for time comparison during the timed sending, and the specific process of determining the probability of merging the subsequent occurrences of the event is as follows:
polling a hash table at regular time through an independent thread to judge whether a new event is generated, if the new event is generated, updating the repetition times of the event, sending the event to a data storage module, and assigning a value of the now _ count to a pre _ count after the event is sent; if no new event is generated, whether the difference between the time value of the IP node and the current time value is 30S or not is checked, if the difference is 30S, the IP node is considered to be in 30S, no new event is generated, the probability that a merging event appears behind the IP node is considered to be relatively low, the IP node is deleted, and the number of traversal times is reduced.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110885211.8A CN113612641A (en) | 2021-08-03 | 2021-08-03 | Efficient log flow acquisition and intelligent analysis system based on energy network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110885211.8A CN113612641A (en) | 2021-08-03 | 2021-08-03 | Efficient log flow acquisition and intelligent analysis system based on energy network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113612641A true CN113612641A (en) | 2021-11-05 |
Family
ID=78306591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110885211.8A Pending CN113612641A (en) | 2021-08-03 | 2021-08-03 | Efficient log flow acquisition and intelligent analysis system based on energy network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113612641A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954222A (en) * | 2015-05-22 | 2015-09-30 | 东南大学 | Tunnel-mode ESP (electronic stability program) hardware encapsulating device on basis of IPSEC (internet protocol security) protocols |
| CN109033431A (en) * | 2018-08-13 | 2018-12-18 | 北京天地和兴科技有限公司 | A kind of efficient electric power networks data acquisition and intelligent analysis system and processing method |
| CN110929896A (en) * | 2019-12-04 | 2020-03-27 | 全球能源互联网研究院有限公司 | Security analysis method and device for system equipment |
| CN111092865A (en) * | 2019-12-04 | 2020-05-01 | 全球能源互联网研究院有限公司 | Security event analysis method and system |
| CN112351004A (en) * | 2020-10-23 | 2021-02-09 | 烟台南山学院 | Computer network based information security event processing system and method |
-
2021
- 2021-08-03 CN CN202110885211.8A patent/CN113612641A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954222A (en) * | 2015-05-22 | 2015-09-30 | 东南大学 | Tunnel-mode ESP (electronic stability program) hardware encapsulating device on basis of IPSEC (internet protocol security) protocols |
| CN109033431A (en) * | 2018-08-13 | 2018-12-18 | 北京天地和兴科技有限公司 | A kind of efficient electric power networks data acquisition and intelligent analysis system and processing method |
| CN110929896A (en) * | 2019-12-04 | 2020-03-27 | 全球能源互联网研究院有限公司 | Security analysis method and device for system equipment |
| CN111092865A (en) * | 2019-12-04 | 2020-05-01 | 全球能源互联网研究院有限公司 | Security event analysis method and system |
| CN112351004A (en) * | 2020-10-23 | 2021-02-09 | 烟台南山学院 | Computer network based information security event processing system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102918534B (en) | Inquiry pipeline | |
| CN111885012B (en) | Network situation perception method and system based on information acquisition of various network devices | |
| US10148540B2 (en) | System and method for anomaly detection in information technology operations | |
| CN110650038B (en) | Security event log collecting and processing method and system for multiple classes of supervision objects | |
| KR101007899B1 (en) | Pattern discovery in a network security system | |
| US20160359886A1 (en) | Method and apparatus for grouping features into bins with selected bin boundaries for use in anomaly detection | |
| CN109150869B (en) | Switch information acquisition and analysis system and method | |
| WO2017218636A1 (en) | System and method for automated network monitoring and detection of network anomalies | |
| CN109361573B (en) | Flow log analysis method, system and computer readable storage medium | |
| CN113612763B (en) | Network attack detection device and method based on network security malicious behavior knowledge base | |
| CN111581397A (en) | Network attack tracing method, device and equipment based on knowledge graph | |
| CN112688822B (en) | Edge computing fault or security threat monitoring system and method based on multi-point cooperation | |
| CN111740868B (en) | Alarm data processing method and device and storage medium | |
| CN112804348B (en) | Method for judging repeatability of reported data of edge computing node by cloud monitoring center | |
| US20210152454A1 (en) | Network Flow Measurement Method, Network Measurement Device, and Control Plane Device | |
| CN111782620A (en) | Credit link automatic tracking platform and method thereof | |
| CN112671767B (en) | Security event early warning method and device based on alarm data analysis | |
| CN113271303A (en) | Botnet detection method and system based on behavior similarity analysis | |
| US10873467B2 (en) | Method and system for compression and optimization of in-line and in-transit information security data | |
| CN111274218A (en) | Multi-source log data processing method for power information system | |
| CN116257021A (en) | Intelligent network security situation monitoring and early warning platform for industrial control system | |
| CN109033431A (en) | A kind of efficient electric power networks data acquisition and intelligent analysis system and processing method | |
| CN113259367B (en) | Industrial control network flow multistage anomaly detection method and device | |
| CN117395076A (en) | Network perception abnormality detection system and method based on big data | |
| CN115776449B (en) | Train Ethernet communication state monitoring method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Cao Yang Inventor after: Gao kuanying Inventor after: Yuan Ye Inventor after: Sha Xuesong Inventor after: Zhang Jinshan Inventor after: Liu Changchuan Inventor after: Li Zhigang Inventor after: Zhang Haogong Inventor after: Xu Haoran Inventor before: Zou Conglin Inventor before: Gao kuanying Inventor before: Yuan Ye Inventor before: Zhang Haibo Inventor before: Liao Wenhui Inventor before: Zhang Xian Inventor before: Liu Bochao Inventor before: Bai Xue |
|
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211105 |