CN113709147A - Network security event response method, device and equipment - Google Patents
Network security event response method, device and equipment Download PDFInfo
- Publication number
- CN113709147A CN113709147A CN202110988536.9A CN202110988536A CN113709147A CN 113709147 A CN113709147 A CN 113709147A CN 202110988536 A CN202110988536 A CN 202110988536A CN 113709147 A CN113709147 A CN 113709147A
- Authority
- CN
- China
- Prior art keywords
- event
- attack
- information
- network
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The disclosure relates to a method, a device and equipment for responding to a network security event, wherein the method comprises the following steps: acquiring a network security event; when the type of the detected network security event is a network attack event, matching attack source information of the network attack event with an attack record, and determining attack times corresponding to the attack source information; if the attack times meet the triggering condition, performing linkage disposal on the network attack event; and if the attack times do not meet the triggering condition, matching the feature information of the network attack event with the feature library, and determining emergency response information corresponding to the feature information so as to respond to the network attack event according to the emergency response information. According to the technical scheme disclosed by the invention, the automatic linkage handling of the network attack can be realized, and the response efficiency of the network attack event is improved.
Description
Technical Field
The present disclosure relates to the field of internet technologies, and in particular, to a method, an apparatus, and a device for responding to a network security event.
Background
In recent years, with the development of network technology, internet applications bring great convenience to the life and work of users. However, as the internet is applied more and more, countless attack events, vulnerabilities and the like exist in the network, which threatens the assets of the user, and the important data loss events are more and more frequent.
Therefore, the frequent occurrence of the cyber attack events puts higher demands on the response and the emergency handling efficiency of the cyber attack events.
Disclosure of Invention
In order to solve the technical problem or at least partially solve the technical problem, the present disclosure provides a method, an apparatus, and a device for responding to a network security event.
In a first aspect, an embodiment of the present disclosure provides a method for responding to a network security event, including:
acquiring a network security event and the type of the network security event;
when the type of the network security event is detected to be a network attack event, determining attack source information of the network attack event, matching the attack source information with a pre-generated attack record according to the attack source information, and determining attack times corresponding to the attack source information;
if the attack times meet a preset trigger condition, performing linkage disposal on the network attack event;
and if the attack times do not meet the trigger condition, extracting the feature information of the network attack event, matching the feature information with a pre-stored feature library according to the feature information, determining emergency response information corresponding to the feature information, and responding to the network attack event according to the emergency response information.
In an embodiment of the present disclosure, after obtaining the network security event and the type of the network security event, the method further includes: when the type of the network security event is detected to be a vulnerability event, extracting the feature information of the vulnerability event, matching the feature information of the vulnerability event with the feature library according to the feature information of the vulnerability event, and determining emergency response information corresponding to the feature information of the vulnerability event so as to respond to the vulnerability event according to the emergency response information of the vulnerability event.
In an embodiment of the present disclosure, the feature information includes attack source information, and after extracting the feature information of the network attack event, the method further includes: and updating the attack record according to the attack source information of the network attack event, and adding one to the count of the attack times corresponding to the attack source information.
In an embodiment of the present disclosure, the responding to the vulnerability event according to the emergency response information of the vulnerability event includes: judging whether a network security event to be responded exists or not; and if the network security event to be responded exists, adjusting the response time of the vulnerability event so as to respond to the vulnerability event according to the emergency response information of the vulnerability event in the adjusted response time.
In one embodiment of the present disclosure, after acquiring the network security event, the method further includes: adding the network security event to a message queue; and subscribing to acquire the data of the network security event from the message queue, and performing data washing operation on the data.
In an embodiment of the present disclosure, after matching with a pre-stored feature library according to the feature information, the method further includes: if the emergency response information corresponding to the feature information is not matched in the feature library, sending a request to a preset terminal; and receiving the emergency response information returned by the preset terminal, and adding the returned emergency response information to the feature library.
In a second aspect, an embodiment of the present disclosure provides a device for responding to a network security event, including:
the acquisition module is used for acquiring a network security event and the type of the network security event;
the matching module is used for determining attack source information of the network attack event when the type of the network security event is detected to be the network attack event, matching the attack source information with a pre-generated attack record according to the attack source information and determining attack times corresponding to the attack source information;
the processing module is used for performing linkage handling on the network attack event if the attack times meet a preset triggering condition;
and the response module is used for extracting the characteristic information of the network attack event if the attack times do not meet the trigger condition, matching the characteristic information with a pre-stored characteristic library according to the characteristic information, determining emergency response information corresponding to the characteristic information and responding to the network attack event according to the emergency response information.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including: a processor; a memory for storing the processor-executable instructions; the processor is configured to read the executable instruction from the memory, and execute the instruction to implement the method for responding to the network security event according to the first aspect.
In a fourth aspect, the present disclosure provides a computer-readable storage medium, where the storage medium stores a computer program, and the computer program, when executed by a processor, implements the method for responding to the network security event according to the first aspect.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages: the network attack event is directly processed in a linkage mode by determining the attack times of the attack source information of the network attack event under the condition that the triggering condition is met, and the corresponding emergency response information is determined according to the characteristic information of the network attack event so as to respond to the network attack event according to the emergency response information, so that the automatic linkage processing of the network attack is realized, and the response efficiency of the network attack event is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flowchart of a method for responding to a network security event according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of another method for responding to a network security event according to an embodiment of the present disclosure;
fig. 3 is a schematic flow chart of an application scenario provided by the embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a response apparatus for a network security event according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
Fig. 1 is a schematic flow chart of a response method for a network security event according to an embodiment of the present disclosure, which may be applied to a network security event emergency response scenario, and acquire corresponding emergency response information based on feature information matching of the network security event. The method provided by the embodiment of the present disclosure may be executed by a device for responding to a network security event, which may be implemented by software and/or hardware, and may be integrated on any electronic device with computing capability.
As shown in fig. 1, a method for responding to a network security event provided by an embodiment of the present disclosure may include:
In the embodiment of the disclosure, in a scene of a network security event, the network security event can be detected by a related detection method, and then the detected network security event can be obtained to respond to the network security event.
The types of the network security events comprise network attack events and vulnerability events. The network attack event includes, for example, webshell attack, IP (Internet Protocol) scan, and the like, and the vulnerability event includes, for example, SQL (Structured Query Language) injection vulnerability, and the like.
As an example, network security events may be obtained via network scan tools or traffic mirroring detection. And acquiring the occurred network attack event, vulnerability event and event information by using the detected data as a data source.
In one embodiment of the present disclosure, after acquiring the network security event, the network security event is added to the message queue. And further, subscribing and acquiring the data of the network security event from the message queue, and performing data cleaning operation on the data of the network security event.
The data cleaning operation comprises the steps of removing dirty data and merging repeated data. For example, for data of a network attack event, if it is determined that source information and destination information do not exist in the data, the data is removed; for data of a vulnerability event, if it is determined that a Uniform Resource Locator (URL) and a vulnerability type do not exist in the data, removing the data; and merging data of the repeated network attack events for the repeated network attack events in the time sequence.
And 102, when the type of the detected network security event is a network attack event, determining attack source information of the network attack event, matching the attack source information with a pre-generated attack record, and determining attack times corresponding to the attack source information.
In the embodiment of the disclosure, attack source information and attack times corresponding to the attack source information are recorded in the attack record. By matching the attack source information of the network attack event with the attack record, the attack times corresponding to the attack source information can be determined.
And 103, if the attack times meet a preset trigger condition, performing linkage handling on the network attack event.
In the embodiment of the disclosure, when the attack times are greater than the preset threshold, it is determined that the attack times satisfy the trigger condition. Furthermore, under the condition that the triggering condition is met, the network attack event is directly processed in a linkage mode, and the subsequent characteristic extraction step is not required to be executed.
And step 104, if the attack times do not meet the trigger condition, extracting the feature information of the network attack event, matching the feature information with a pre-stored feature library according to the feature information, and determining emergency response information corresponding to the feature information so as to respond to the network attack event according to the emergency response information.
In the embodiment of the disclosure, the feature information of the network attack event includes attack source information, attack destination information and attack means information, the attack source information is used for indicating a network attack source, the attack destination information is used for indicating a network attack object, and the attack means information is used for indicating a network attack mode. The method comprises the steps of presetting a feature library, storing feature information of network attack events and emergency response information corresponding to the feature information of each network attack event in the feature library, and executing corresponding steps according to the emergency response information to respond to the network attack events.
For example, taking IP scanning as an example, if a certain IP is detected for scanning many times, it is marked as abnormal scanning, and it is determined as a network attack event. Further, determining that the trigger condition is not met, extracting feature information to determine emergency response information for the IP scan event, including short-term grouping of the IP, such as disabling access for 24 hours, and updating an attack record. Further, if the IP scan event is detected again after 24 hours, and it is determined that the trigger condition is satisfied by the attack record matching, an automatic grouping operation is performed on the IP.
In an embodiment of the present disclosure, the feature information includes attack source information, and after extracting the feature information of the network attack event, the method further includes: and updating the attack record according to the attack source information of the network attack event, and adding one to the count of the attack times corresponding to the attack source information. As an example, after extracting attack source information of a network attack event, it may be determined whether the same attack source information exists in an attack record, if so, adding one to a count of the attack source information, if not, adding the attack source information to the attack record, and adding one to a corresponding count.
According to the technical scheme of the embodiment of the disclosure, the attack times of the attack source information of the network attack event are determined, the network attack event is directly subjected to linkage treatment under the condition that the triggering condition is met, the repeated network attack source information can be directly subjected to linkage treatment, the response efficiency of the network attack event is improved, corresponding emergency response information is determined according to the characteristic information of the network attack event, the network attack event is responded according to the emergency response information, the automatic linkage treatment of the network attack is realized, the response efficiency of the network attack event is improved, and the influence and loss caused by the network attack are reduced.
Based on the foregoing embodiment, fig. 2 is a schematic flow chart of another network security event provided in the embodiment of the present disclosure, and as shown in fig. 2, after the network security event and the type of the network security event are obtained, the method further includes:
and 105, when the type of the detected network security event is a vulnerability event, extracting feature information of the vulnerability event, matching the feature information of the vulnerability event with a feature library according to the feature information of the vulnerability event, and determining emergency response information corresponding to the feature information of the vulnerability event so as to respond to the vulnerability event according to the emergency response information of the vulnerability event.
In the embodiment of the present disclosure, the feature information of the vulnerability event includes url, vulnerability type, and the like. The feature library stores feature information of the vulnerability events and emergency response information corresponding to the feature information of each vulnerability event, and corresponding steps can be executed according to the emergency response information to respond to the vulnerability events.
In one embodiment of the present disclosure, responding to the vulnerability event according to the emergency response information of the vulnerability event includes: and judging whether a network security event to be responded exists, if so, adjusting the response time of the vulnerability event so as to respond to the vulnerability event according to the emergency response information of the vulnerability event in the adjusted response time. For example, when a network security event to be responded is detected to exist, the first time is determined as the response time of the vulnerability event, and the vulnerability event is responded at the first time. And if the network security event to be responded does not exist, responding the vulnerability event according to the emergency response information of the vulnerability event at the second time.
According to the technical scheme of the embodiment of the disclosure, corresponding emergency response information is determined according to the feature information of the vulnerability event, so that the vulnerability event is responded according to the emergency response information, automatic linkage disposal of the vulnerability is realized, and the response efficiency of the network security event is improved.
Fig. 3 is a schematic flow chart of an application scenario provided in the embodiment of the present disclosure.
Referring to fig. 3, after matching with a pre-stored feature library according to the feature information, the method further includes: and if the emergency response information corresponding to the feature information is not matched in the feature library, sending a request to a preset terminal. And receiving emergency response information returned by the preset terminal, and adding the returned emergency response information to the feature library.
The feature library is formed by means of an emergency plan, and the emergency plan is used for processing network security events in a targeted mode. The characteristic extraction step comprises extracting characteristic information of the network attack event and the vulnerability event. If the emergency response information corresponding to the feature information is not matched in the feature library, that is, the feature matching fails is confirmed, and manual marking is needed. Therefore, a request is sent to the preset terminal, and the request carries the extracted characteristic information. And the terminal side can determine the emergency response flow of the network attack event by the user through the emergency plan and carry out emergency linkage, and if the network security event does not exist, the network security event is abandoned and emergency linkage disposal is not carried out. And then, receiving emergency response information corresponding to the feature information returned by the terminal, and adding the returned emergency response information to the feature library as supplement, so that a large amount of feature data is accumulated through manual marking, the number of covered network security events can be increased along with the operation of the system, and the response efficiency of the network security events is improved.
Based on the above embodiment, the present disclosure further provides a response device for a network security event.
Fig. 4 is a schematic structural diagram of a device for responding to a network security event according to an embodiment of the present disclosure, and as shown in fig. 4, the device for responding to a network security event includes: an acquisition module 41, a matching module 42, a processing module 43, and a response module 44.
The obtaining module 41 is configured to obtain the network security event and the type of the network security event.
And the matching module 42 is configured to determine attack source information of the network attack event when the type of the network security event is detected to be the network attack event, match the attack source information with a pre-generated attack record according to the attack source information, and determine attack times corresponding to the attack source information.
And the processing module 43 is configured to perform linkage handling on the network attack event if the attack frequency meets a preset trigger condition.
And the response module 44 is configured to, if the attack frequency does not meet the trigger condition, extract feature information of the network attack event, match the feature information with a pre-stored feature library according to the feature information, determine emergency response information corresponding to the feature information, and respond to the network attack event according to the emergency response information.
In one embodiment of the present disclosure, the apparatus further comprises: and the second response module is used for extracting the characteristic information of the vulnerability event when the type of the network security event is detected to be the vulnerability event, matching the characteristic information of the vulnerability event with the characteristic library according to the characteristic information of the vulnerability event, determining emergency response information corresponding to the characteristic information of the vulnerability event and responding to the vulnerability event according to the emergency response information of the vulnerability event.
In one embodiment of the present disclosure, the feature information includes attack source information, and the apparatus further includes: and the recording module is used for updating the attack record according to the attack source information of the network attack event and adding one to the count of the attack times corresponding to the attack source information.
In an embodiment of the disclosure, the second response module is specifically configured to: judging whether a network security event to be responded exists or not; and if the network security event to be responded exists, adjusting the response time of the vulnerability event so as to respond to the vulnerability event according to the emergency response information of the vulnerability event in the adjusted response time.
In an embodiment of the present disclosure, the obtaining module 41 is specifically configured to: adding the network security event to a message queue; and subscribing to acquire the data of the network security event from the message queue, and performing data washing operation on the data.
In one embodiment of the present disclosure, the apparatus further comprises: the sending module is used for sending a request to a preset terminal if the emergency response information corresponding to the feature information is not matched in the feature library; and the receiving module is used for receiving the emergency response information returned by the preset terminal and adding the returned emergency response information to the feature library.
The response device for the network security event provided by the embodiment of the disclosure can execute the response method for any network security event provided by the embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the execution method. Reference may be made to the description of any method embodiment of the disclosure that may not be described in detail in the embodiments of the apparatus of the disclosure.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 5, the electronic device 600 includes one or more processors 601 and memory 602.
The processor 601 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device 600 to perform desired functions.
The memory 602 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. Volatile memory can include, for example, Random Access Memory (RAM), cache memory (or the like). The non-volatile memory may include, for example, Read Only Memory (ROM), a hard disk, flash memory, and the like. One or more computer program instructions may be stored on a computer-readable storage medium and executed by processor 601 to implement the methods of the embodiments of the present disclosure above and/or other desired functionality. Various contents such as an input signal, a signal component, a noise component, etc. may also be stored in the computer-readable storage medium.
In one example, the electronic device 600 may further include: an input device 603 and an output device 604, which are interconnected by a bus system and/or other form of connection mechanism (not shown). The input device 603 may also include, for example, a keyboard, a mouse, and the like. The output device 604 may output various information including the determined distance information, direction information, and the like to the outside. The output devices 604 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the electronic device 600 relevant to the present disclosure are shown in fig. 5, omitting components such as buses, input/output interfaces, and the like. In addition, electronic device 600 may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform any of the methods provided by embodiments of the present disclosure.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform any of the methods provided by the embodiments of the present disclosure.
A computer-readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (9)
1. A method for responding to a network security event, comprising:
acquiring a network security event and the type of the network security event;
when the type of the network security event is detected to be a network attack event, determining attack source information of the network attack event, matching the attack source information with a pre-generated attack record according to the attack source information, and determining attack times corresponding to the attack source information;
if the attack times meet a preset trigger condition, performing linkage disposal on the network attack event;
and if the attack times do not meet the trigger condition, extracting the feature information of the network attack event, matching the feature information with a pre-stored feature library according to the feature information, determining emergency response information corresponding to the feature information, and responding to the network attack event according to the emergency response information.
2. The method of claim 1, after obtaining a network security event and a type of the network security event, further comprising:
when the type of the network security event is detected to be a vulnerability event, extracting the feature information of the vulnerability event, matching the feature information of the vulnerability event with the feature library according to the feature information of the vulnerability event, and determining emergency response information corresponding to the feature information of the vulnerability event so as to respond to the vulnerability event according to the emergency response information of the vulnerability event.
3. The method of claim 1, wherein the characteristic information comprises attack source information, and after extracting the characteristic information of the network attack event, further comprising:
and updating the attack record according to the attack source information of the network attack event, and adding one to the count of the attack times corresponding to the attack source information.
4. The method of claim 2, wherein responding to the vulnerability event according to the emergency response information of the vulnerability event comprises:
judging whether a network security event to be responded exists or not;
and if the network security event to be responded exists, adjusting the response time of the vulnerability event so as to respond to the vulnerability event according to the emergency response information of the vulnerability event in the adjusted response time.
5. The method of claim 1, after acquiring the network security event, further comprising:
adding the network security event to a message queue;
and subscribing to acquire the data of the network security event from the message queue, and performing data washing operation on the data.
6. The method of claim 1, after matching with a pre-stored feature library based on the feature information, further comprising:
if the emergency response information corresponding to the feature information is not matched in the feature library, sending a request to a preset terminal;
and receiving the emergency response information returned by the preset terminal, and adding the returned emergency response information to the feature library.
7. A device for responding to a network security event, comprising:
the acquisition module is used for acquiring a network security event and the type of the network security event;
the matching module is used for determining attack source information of the network attack event when the type of the network security event is detected to be the network attack event, matching the attack source information with a pre-generated attack record according to the attack source information and determining attack times corresponding to the attack source information;
the processing module is used for performing linkage handling on the network attack event if the attack times meet a preset triggering condition;
and the response module is used for extracting the characteristic information of the network attack event if the attack times do not meet the trigger condition, matching the characteristic information with a pre-stored characteristic library according to the characteristic information, determining emergency response information corresponding to the characteristic information and responding to the network attack event according to the emergency response information.
8. An electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions;
the processor is used for reading the executable instructions from the memory and executing the instructions to realize the response method of the network security event in any one of the claims 1-6.
9. A computer-readable storage medium, characterized in that the storage medium stores a computer program, which when executed by a processor implements the method for responding to a network security event of any of the preceding claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110988536.9A CN113709147B (en) | 2021-08-26 | 2021-08-26 | Network security event response method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110988536.9A CN113709147B (en) | 2021-08-26 | 2021-08-26 | Network security event response method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113709147A true CN113709147A (en) | 2021-11-26 |
| CN113709147B CN113709147B (en) | 2023-04-18 |
Family
ID=78655232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110988536.9A Active CN113709147B (en) | 2021-08-26 | 2021-08-26 | Network security event response method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113709147B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114301716A (en) * | 2022-02-22 | 2022-04-08 | 绿盟科技集团股份有限公司 | Network security assessment method and device, network security equipment and storage medium |
| CN116566729A (en) * | 2023-06-15 | 2023-08-08 | 广州谦益科技有限公司 | Network security operation analysis method and device based on security cloud, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017028031A1 (en) * | 2015-08-14 | 2017-02-23 | 华为技术有限公司 | Mobile network security processing method, warning method and user terminal |
| CN106850675A (en) * | 2017-03-10 | 2017-06-13 | 北京安赛创想科技有限公司 | A kind of determination method and device of attack |
| CN111490989A (en) * | 2020-04-10 | 2020-08-04 | 全球能源互联网研究院有限公司 | Network system, attack detection method and device and electronic equipment |
| CN111565205A (en) * | 2020-07-16 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network attack identification method and device, computer equipment and storage medium |
| CN111917769A (en) * | 2020-07-30 | 2020-11-10 | 中盈优创资讯科技有限公司 | Automatic handling method and device of security event and electronic equipment |
| CN112134877A (en) * | 2020-09-22 | 2020-12-25 | 北京华赛在线科技有限公司 | Network threat detection method, device, equipment and storage medium |
-
2021
- 2021-08-26 CN CN202110988536.9A patent/CN113709147B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017028031A1 (en) * | 2015-08-14 | 2017-02-23 | 华为技术有限公司 | Mobile network security processing method, warning method and user terminal |
| CN106850675A (en) * | 2017-03-10 | 2017-06-13 | 北京安赛创想科技有限公司 | A kind of determination method and device of attack |
| CN111490989A (en) * | 2020-04-10 | 2020-08-04 | 全球能源互联网研究院有限公司 | Network system, attack detection method and device and electronic equipment |
| CN111565205A (en) * | 2020-07-16 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network attack identification method and device, computer equipment and storage medium |
| CN111917769A (en) * | 2020-07-30 | 2020-11-10 | 中盈优创资讯科技有限公司 | Automatic handling method and device of security event and electronic equipment |
| CN112134877A (en) * | 2020-09-22 | 2020-12-25 | 北京华赛在线科技有限公司 | Network threat detection method, device, equipment and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114301716A (en) * | 2022-02-22 | 2022-04-08 | 绿盟科技集团股份有限公司 | Network security assessment method and device, network security equipment and storage medium |
| CN114301716B (en) * | 2022-02-22 | 2023-05-26 | 绿盟科技集团股份有限公司 | Network security assessment method and device, network security equipment and storage medium |
| CN116566729A (en) * | 2023-06-15 | 2023-08-08 | 广州谦益科技有限公司 | Network security operation analysis method and device based on security cloud, electronic equipment and storage medium |
| CN116566729B (en) * | 2023-06-15 | 2024-02-13 | 广州谦益科技有限公司 | Network security operation analysis method and device based on security cloud, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113709147B (en) | 2023-04-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220078207A1 (en) | Domain name processing systems and methods | |
| CN108881294B (en) | Attack source IP portrait generation method and device based on network attack behaviors | |
| US9680848B2 (en) | Apparatus, system and method for detecting and preventing malicious scripts using code pattern-based static analysis and API flow-based dynamic analysis | |
| CN113709147B (en) | Network security event response method, device and equipment | |
| US20210250327A1 (en) | Domain name processing systems and methods | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN110113315B (en) | Service data processing method and device | |
| CN111586005B (en) | Scanner scanning behavior identification method and device | |
| CN108881271B (en) | Reverse tracing method and device for proxy host | |
| CN103491101A (en) | Phishing website detecting method and device and client-side | |
| JP2016091549A (en) | Systems, devices, and methods for separating malware and background events | |
| CN112769775A (en) | Threat information correlation analysis method, system, equipment and computer medium | |
| CN108156127B (en) | Network attack mode judging device, judging method and computer readable storage medium thereof | |
| CN111597553A (en) | Process processing method, device, equipment and storage medium in virus searching and killing | |
| CN103475673A (en) | Phishing website recognizing method and device and client side | |
| CN108268775B (en) | Web vulnerability detection method and device, electronic equipment and storage medium | |
| CN112202763B (en) | IDS strategy generation method, device, equipment and medium | |
| CN114186278A (en) | Database abnormal operation identification method and device and electronic equipment | |
| CN114461762A (en) | Archive change identification method, device, equipment and storage medium | |
| CN109067726B (en) | Identification method and device for station building system, electronic equipment and storage medium | |
| CN113961414A (en) | Log data processing method, device, equipment and storage medium | |
| US20210042371A1 (en) | Data enrichment systems and methods for abbreviated domain name classification | |
| CN110995848B (en) | Service management method, device, system, electronic equipment and storage medium | |
| CN112398794B (en) | Method, device, equipment and storage medium for detecting network abnormal behavior | |
| CN114157711B (en) | Asset disposal method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |