CN113836247A - Wall map battle method and system for network security management - Google Patents
Wall map battle method and system for network security management Download PDFInfo
- Publication number
- CN113836247A CN113836247A CN202110914318.0A CN202110914318A CN113836247A CN 113836247 A CN113836247 A CN 113836247A CN 202110914318 A CN202110914318 A CN 202110914318A CN 113836247 A CN113836247 A CN 113836247A
- Authority
- CN
- China
- Prior art keywords
- network
- map
- data
- network space
- space map
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/29—Geographical information databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/36—Creation of semantic tools, e.g. ontology or thesauri
- G06F16/367—Ontology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/25—Fusion techniques
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Remote Sensing (AREA)
- Animal Behavior & Ethology (AREA)
- Computational Linguistics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a wall map battle method and a wall map battle system for network security management, which are used for solving the technical problem that the prior network security management lacks 'wall map battle' application in the technical field of network security. The method comprises the following steps: a network space map is drawn by combining a GIS map to obtain the visual expression of the network space; integrating the associated data of the network entity object into a network space map to obtain an integrated network space map; and carrying out network security management by using the fused network space map. The invention provides a wall map battle method for network security management, which integrates the associated data and a network space map to enrich the visual expression of network space elements by comprehensively displaying and describing the distribution of network space resources through the network space map, realizes the visual management of network security events, the visualization and digitization of network space and the overall process display of various events of network space, and solves the visual processing of network security management.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a wall map battle method and a wall map battle system for network security management.
Background
The chart-hanging battle method is widely applied in the traditional industry, and good social benefits are obtained. The characteristics of network space such as virtualization, diversity, development and the like and the difference from the traditional geography bring practical difficulties in cognition and expression, and how to apply the wall map battle method and system to the network security management is a challenge.
In view of this, how to combine the wall map battle with the network security management becomes a key point for the technical problem to be solved and the research of the technicians in the field.
Disclosure of Invention
In view of the above problems, the embodiment of the invention provides a wall map battle method and system for network security management, which solve the technical problem that the prior art lacks 'wall map battle' application in network security management.
In order to solve the technical problems, the invention provides the following technical scheme:
in a first aspect, the present invention provides a wall map battle method for network security administration, the method comprising:
a network space map is drawn by combining a GIS map to obtain the visual expression of the network space;
integrating the associated data of the network entity object into a network space map to obtain an integrated network space map;
and carrying out network security management by using the fused network space map.
In one embodiment, the method for drawing the network space map comprises the following steps:
drawing a GIS map, and describing real infrastructure and a spatial geographic position corresponding to the infrastructure through the GIS map;
acquiring the resource type, the resource state and the resource attribute of a network layer, and drawing a network space map by utilizing network space mapping;
and acquiring configuration data of the network entity object, and butting the network space map with the GIS map.
In one embodiment, the network layer comprises an IP layer, a router layer, a POP layer and an AS layer;
the configuration data of the network entity object comprises standard geographic position data, standard network position data, real unit data, real machine room data, real system data and real service equipment data.
In one embodiment, the merging the data associated with the network entity object into the network space map includes:
acquiring asset data of a network service main body through an API (application programming interface) interface, and fusing the asset data into a network space map;
collecting role data of a network participant through an API (application programming interface) interface, and fusing the role data into a network space map;
and acquiring or calling the operation data of the network space composition elements through the API interface, and fusing the operation data into the network space map.
In an embodiment, the developing network security management of multiple scenes using the fused cyberspace map further includes:
acquiring dynamic interaction data generated by interaction of a network service main body and a network participation main body through an API (application programming interface) interface, and merging the dynamic interaction data into a network space map;
and establishing attribute association by using a graph database to form a knowledge graph, and fusing the knowledge graph into a network space map.
In an embodiment, the developing network security management by using the converged network space map includes:
establishing an evaluation detection model according to the collected network service data and the associated attributes of the network entity object and the event object;
analyzing the incidence relation of each element of the incidence data by using an evaluation detection model;
and developing the network security combat task according to the incidence relation.
In one embodiment, the network security combat mission comprises:
the system comprises a resource exploration task, a risk assessment task, a monitoring and early warning task and an emergency response task.
In a second aspect, the present invention provides a wall map warfare system for network security administration, the system comprising:
the map building module: the system comprises a network space map drawing module, a network space display module, a GIS map drawing module and a display module, wherein the network space map drawing module is used for drawing a network space map by combining the GIS map to obtain visual expression of a network space;
a data fusion module: the system comprises a network space map, a data processing unit and a data processing unit, wherein the network space map is used for integrating the associated data of the network entity object into the network space map to obtain an integrated network space map;
the map-hanging battle module: the method is used for developing network security management by utilizing the fused network space map.
In one embodiment, the map building module specifically includes:
a first mapping unit: the system is used for drawing a GIS map and describing real infrastructure and a spatial geographic position corresponding to the infrastructure through the GIS map;
a second map drawing unit: the system comprises a network layer, a data processing module and a data processing module, wherein the network layer is used for acquiring the resource type, the resource state and the resource attribute of the network layer and drawing a network space map by utilizing network space mapping;
a map docking unit: and the system is used for acquiring configuration data of the network entity object and butting the network space map with the GIS map.
In one embodiment, the network layer in the second map drawing unit includes an IP layer, a router layer, a POP layer, and an AS layer;
the configuration data of the network entity object in the docking unit comprises standard geographic position data, standard network position data, real unit data, real machine room data, real system data and real service equipment data.
In one embodiment, the data fusion module specifically includes:
an asset data fusion unit: the system comprises a network service main body, an API interface, a network space map and a database, wherein the network service main body is used for acquiring asset data of a network service main body through the API interface and fusing the asset data into the network space map;
role data fusion unit: the system comprises a network participant body, an API interface, a role data acquisition module and a role data processing module, wherein the role data acquisition module is used for acquiring role data of the network participant body through the API interface and fusing the role data into a network space map;
operating a data fusion unit: the system is used for acquiring or calling the operation data of the network space composition elements through the API interface and fusing the operation data into the network space map.
In one embodiment, the data fusion module further comprises:
a dynamic interactive data fusion unit: the dynamic interaction data acquisition system is used for acquiring dynamic interaction data generated by interaction between the network service main body and the network participation main body through an API (application programming interface) interface and fusing the dynamic interaction data into a network space map;
a knowledge graph fusion unit: the method is used for establishing attribute association by using the graph database to form a knowledge graph and fusing the knowledge graph into the network space map.
In one embodiment, the wall map battle module specifically includes:
a model creation unit: the evaluation detection model is established according to the collected network service data and the associated attributes of the network entity object and the event object;
a model analysis unit: the system is used for analyzing the incidence relation of each element of the incidence data by utilizing an evaluation detection model;
a task development unit: and the network safety battle mission is developed according to the incidence relation.
In one embodiment, the network security combat task in the task development unit includes:
the system comprises a resource exploration task, a risk assessment task, a monitoring and early warning task and an emergency response task.
In a third aspect, the present invention provides an electronic device comprising:
a processor, a memory, an interface to communicate with a gateway;
the memory is used for storing programs and data, and the processor calls the programs stored in the memory to execute the wall map battle method for network security management provided by any one of the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium including a program which, when executed by a processor, is configured to perform a charting battle method for network security administration provided in any one of the first aspect.
It can be known from the above description that the embodiments of the present invention provide a wall map battle method and system for network security management, which integrate the associated data and the network space map to enrich the visual expression of the network space elements by displaying and describing the distribution of the network space resources in all aspects through the network space map, thereby implementing the visual management of the network security events, implementing the visualization and digitization of the network space, implementing the overall process display of various events in the network space, and solving the visual processing of the network security management.
Drawings
Fig. 1 is a schematic flow chart of a wall chart battle method for network security management according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a wall map battle system for network security management according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer and more obvious, the present invention is further described below with reference to the accompanying drawings and the detailed description. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Based on the disadvantages of the prior art, an embodiment of the present invention provides a specific implementation of a wall map battle method for network security management, and as shown in fig. 1, the method specifically includes the following steps:
s110: a network space map is drawn by combining a GIS map to obtain the visual expression of the network space;
it will be understood by those skilled in the art that GIS, i.e., Geographic Information systems (Geographic Information systems or Geo-Information systems), are sometimes also referred to as "geoscience Information systems". It is a specific and very important spatial information system. The system is a technical system for collecting, storing, managing, operating, analyzing, displaying and describing relevant geographic distribution data in the whole or partial earth surface (including the atmosphere) space under the support of a computer hardware and software system. The rendered network space map may actually map the displayed geospatial information of the various devices that make up the network space.
The specific forming method of the network space map comprises the following steps:
firstly, drawing a GIS map, and describing real infrastructure and a spatial geographic position corresponding to the infrastructure through the GIS map. The GIS map can be based on real geospatial data, including provincial cities, brief addresses, detailed addresses, longitude and latitude and other information. 3D stereoscopic display can be carried out on streets and buildings based on the GIS map.
Then, the resource type, the resource state and the resource attribute of the network layer are obtained, and a network space map is drawn by utilizing network space mapping. The network layer comprises an IP layer, a router layer, a POP layer (machine room layer) and an AS layer (network operators, such AS China telecom, China Mobile and the like), basic participating elements of network spaces of the four network layers, namely the IP layer, the router layer, the POP layer and the AS layer, can come from a global network management mechanism and a domestic communication management and supervision mechanism, can realize real-time query and acquisition through network space mapping products or technologies, and can realize hierarchical drawing of the network space through query or call to construct a map prototype of the network space.
And finally, acquiring configuration data of the network entity object, and butting the network space map with the GIS map. The configuration data of the network entity object includes standard geographical location data, standard network location data, real unit data, real machine room data, real system data and real service equipment data. The standard geographic position data is actually spatial geographic position data; the marked network position data comprises data such as IPV4/IPV6 and the like; the actual system data and the actual service device data are similar to the actual machine room data and are not repeated here. Through standard geographic position data, standard network position data, real unit data, real machine room data, real system data and real service equipment data, information of personnel, important business, network assets, network topological structure and the like of a specific unit is structured, and geographic position information forms tree branches of a network space map, so that the butt joint of a GIS map and a network space map network is realized.
As shown in step S110, the network space map constructed in step S110 is equivalent to the description of the network entity object in the geospatial position, which also increases the actual expression that the interactive content really embodies the network space. Thus, by S120: and integrating the associated data with the network entity object into the network space map to obtain the integrated network space map, enriching the content of the network space map and comprehensively reflecting the visual mapping of the network.
The mapping process specifically comprises the following steps:
and acquiring the asset data of the network service main body through an API (application programming interface) interface, and merging the asset data into a network space map. Specifically, basic information of network service main bodies such as key information infrastructure (such as key services related to civil services) in a district scope, a data center (provided information data services), a machine room and the like is widely acquired through an API (application programming interface) or system acquisition. The basic information includes network information and geographic information such as network operators, IP addresses, service types, service access modes, network topology structures and the like. And network asset detection information, asset detection, fingerprint identification, vulnerability monitoring, availability monitoring and other data, specifically including IP addresses, service types, operating system versions, open ports, service versions, service languages, development frames, third-party components, domain names, vulnerability types, version numbers, danger levels, sensitive information, response states and the like in the jurisdiction, forming asset data through subsequent integration, and merging the asset data into a network space map.
And collecting role data of the network participant through an API (application programming interface) interface, and fusing the role data into a network space map. Specifically, basic information of a subject, a supervision subject and an object participating in a network space, such as network participation modes of a person responsible for a data center, a network police, a common internet user and the like, IP address allocation, address information (law enforcement geographic information, if equipped with special equipment) and the like, is collected through an API (application programming interface) or a system, role data of roles of network participation entities are constructed, and the role data are merged into a network space map.
And acquiring or calling the operation data of the network space composition elements through the API interface, and fusing the operation data into the network space map. Specifically, through API interface or system collection, active or passive collection/call of operation logs or data of network space basic elements (systems, services, network devices, etc.), or through a third party such as DNS resolution, a cloud service provider, etc., open operation data is obtained, operation data of network space entity roles and virtual role relationships is constructed, and the operation data is merged into a network space map.
And acquiring dynamic interaction data generated by interaction between the network service main body and the network participation main body through an API (application programming interface) interface, and merging the dynamic interaction data into a network space map. Specifically, for the interaction behavior of the network behavior main body (i.e. the entity role or the virtual role) and the social relationship thereof, including information flow, the virtual community, the public activity space and the like, for example, people portrayal and distribution display are performed on a network space map, including basic information of people, personnel tags, network identities, attribution unit information and managed system risk information, the generation of the mastered dynamic interaction data in the whole life cycle provides traceable basis for the occurrence of network security events.
And establishing attribute association by using a graph database to form a knowledge graph, and fusing the knowledge graph into a network space map. Specifically, the network entity objects and the event objects (including network administration means or network security events) can be manually associated through key attributes, the network entity objects and the event objects can be grouped and classified, the clearness of the integrity logical relationship of data can be ensured through a graph database, and an achievable scheme is provided for the formation of a knowledge graph. The knowledge graph is merged into the network space map, so that the incidence relation of the network space can be more intuitively understood.
Executing S130 on the basis of the steps: and carrying out network security management by using the fused network space map.
Firstly, an evaluation detection model is created according to the collected network service data and the associated attributes of the network entity object and the event object, and the formed evaluation detection model can perform distributed storage and distributed retrieval on the associated data.
Then, analyzing the incidence relation of each element of the incidence data by using an evaluation detection model, specifically, mining the identity information of the network entity object from the original data with different sources and different formats, and associating the related attributes belonging to the same network entity object together to form a specific richer network entity object; and automatically analyzing the selected objects, excavating whether the objects have the association relationship, visually displaying the corresponding association relationship, and analyzing network events or entities with the same characteristics in the data in the specified range to realize rapid analysis.
And finally, developing the network security combat task according to the incidence relation. The network security combat task comprises the following steps: the system comprises a resource exploration task, a risk assessment task, a monitoring and early warning task and an emergency response task.
The resource exploration task comprises the following steps: developing a resource investigation task in a district scope, and specifying a unit scope of investigation, a task time point, and specific data volume and quality requirements of examination; the scheduling condition of the network police personnel, the network space detection completion condition, the data fusion condition and the like. The method is characterized in that a geographical space map is combined, key core assets of network service main bodies such as basic network elements, key information infrastructures, data centers and machine rooms in an area range are used as targets, complete, efficient and timely acquisition of the data is supervised, visual display of a single-point device, a local network, a certain area and the complete acquisition condition is expressed respectively by adopting points, lines, planes, thermodynamic diagrams and self definition, the current task progress condition is expressed by colors, different asset element categories are identified by icons, and more details can be displayed by hierarchical zooming.
The risk assessment task includes: based on the resource exploration task, the formed risk monitoring data supports the development of risk assessment and improvement of a specific industry or a specific network main body, and an improvement task is issued. The battle tasks are combined with a network space map, and the number, severity level and range of application systems affected by certain risks are displayed by combining a radar map from the aspect that actual application systems in key information infrastructures, data centers, machine rooms and the like in the scope of the concerned district are taken as concerned objects. The affected degree is displayed through colors, the current solution of the risk is identified through icons, more detailed information is provided through hierarchical grading, and the method is implemented to the personnel and time plan level.
The monitoring and early warning task comprises the following steps: based on the content, the method monitors the important characteristic behaviors, tracks the occurrence and the influence of events, suggests measures, handles policemen, progress conditions, event backtracking and the like, and performs visual display by combining GIS geographic information.
The emergency response tasks include: and carrying out scene display of a full life cycle on emergency treatment, and sequentially implementing the scene display to police officers, vehicles, monitoring equipment, service equipment and other elements for association to form a service closed loop.
In summary, the embodiments of the present invention provide a wall map battle method for network security management, which integrates the associated data with the network space map to enrich the visual expression of the network space elements by displaying and describing the distribution of the network space resources in all aspects through the network space map, so as to implement the visual management of the network security events, implement the visualization and digitization of the network space, implement the overall process display of various events in the network space, and solve the visual processing of the network security management.
Based on the same inventive concept, the embodiment of the present application further provides a charted battle system for network security administration, which can be used to implement the charted battle method for network security administration described in the above embodiment, as in the following embodiment. Because the principle of solving the problems of the wall map battle system for the network security management is similar to that of the wall map battle method for the network security management, the implementation of the wall map battle system for the network security management can be referred to the implementation of the wall map battle method for the network security management, and repeated parts are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. While the system described in the embodiments below is preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.
The invention provides a wall map battle system for network security management, which is shown in figure 2. In fig. 2, the system comprises:
the map building module 210: the system comprises a network space map drawing module, a network space display module, a GIS map drawing module and a display module, wherein the network space map drawing module is used for drawing a network space map by combining the GIS map to obtain visual expression of a network space;
the data fusion module 220: the system comprises a network space map, a data processing unit and a data processing unit, wherein the network space map is used for integrating the associated data of the network entity object into the network space map to obtain an integrated network space map;
the chart battle module 230: the method is used for developing network security management by utilizing the fused network space map.
In an embodiment of the present invention, the map building module 210 specifically includes:
the first mapping unit 211: the system is used for drawing a GIS map and describing real infrastructure and a spatial geographic position corresponding to the infrastructure through the GIS map;
the second map drawing unit 212: the system comprises a network layer, a data processing module and a data processing module, wherein the network layer is used for acquiring the resource type, the resource state and the resource attribute of the network layer and drawing a network space map by utilizing network space mapping;
map docking unit 213: and the system is used for acquiring configuration data of the network entity object and butting the network space map with the GIS map.
In an embodiment of the present invention, the network layer in the second map drawing unit 212 includes an IP layer, a router layer, a POP layer, and an AS layer;
the configuration data of the network entity object in the docking unit 213 comprises standard geographical location data, standard network location data, real unit data, real house data, real system data and real service device data.
In an embodiment of the present invention, the data fusion module 220 specifically includes:
the asset data fusion unit 221: the system comprises a network service main body, an API interface, a network space map and a database, wherein the network service main body is used for acquiring asset data of a network service main body through the API interface and fusing the asset data into the network space map;
the role data fusion unit 222: the system comprises a network participant body, an API interface, a role data acquisition module and a role data processing module, wherein the role data acquisition module is used for acquiring role data of the network participant body through the API interface and fusing the role data into a network space map;
the operation data fusion unit 223: the system is used for acquiring or calling the operation data of the network space composition elements through the API interface and fusing the operation data into the network space map.
In an embodiment of the present invention, the data fusion module 220 further includes:
the dynamic interactive data fusion unit 224: the dynamic interaction data acquisition system is used for acquiring dynamic interaction data generated by interaction between the network service main body and the network participation main body through an API (application programming interface) interface and fusing the dynamic interaction data into a network space map;
knowledge-graph fusion unit 225: the method is used for establishing attribute association by using the graph database to form a knowledge graph and fusing the knowledge graph into the network space map.
In an embodiment of the present invention, the charting battle module 230 specifically includes:
the model creation unit 231: the evaluation detection model is established according to the collected network service data and the associated attributes of the network entity object and the event object;
the model analysis unit 232: the system is used for analyzing the incidence relation of each element of the incidence data by utilizing an evaluation detection model;
task developing unit 233: and the network safety battle mission is developed according to the incidence relation.
In an embodiment of the present invention, the network security combat task in the task development unit 233 includes:
the system comprises a resource exploration task, a risk assessment task, a monitoring and early warning task and an emergency response task.
An embodiment of the present application further provides a specific implementation manner of an electronic device, which is capable of implementing all steps in a wall map battle method for network security management in the foregoing embodiment, and referring to fig. 3, the electronic device 300 specifically includes the following contents:
a processor 310, a memory 320, a communication unit 330, and a bus 340;
the processor 310, the memory 320 and the communication unit 330 complete communication with each other through the bus 340; the communication unit 330 is used for implementing information transmission between server-side devices and terminal devices and other related devices.
The processor 310 is used to call the computer program in the memory 320, and when the processor executes the computer program, the processor implements all the steps in the wall map battle method for network security management in the above-mentioned embodiment.
Those of ordinary skill in the art will understand that: the Memory may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory is used for storing programs, and the processor executes the programs after receiving the execution instructions. Further, the software programs and modules within the aforementioned memories may also include an operating system, which may include various software components and/or drivers for managing system tasks (e.g., memory management, storage device control, power management, etc.), and may communicate with various hardware or software components to provide an operating environment for other software components.
The processor may be an integrated circuit chip having signal processing capabilities. The processor may be a general-purpose processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The present application further provides a computer-readable storage medium comprising a program which, when executed by a processor, is configured to perform a wall map combat method for network security administration provided in any of the method embodiments described above.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media capable of storing program codes, such as ROM, RAM, magnetic or optical disk, etc., and the specific type of media is not limited in this application.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A wall map battle method for network security management is characterized by comprising the following steps:
a network space map is drawn by combining a GIS map to obtain the visual expression of the network space;
integrating the associated data of the network entity object into a network space map to obtain an integrated network space map;
and carrying out network security management by using the fused network space map.
2. The wall map battle method for network security management as claimed in claim 1, wherein the method for drawing the network space map comprises:
drawing a GIS map, and describing real infrastructure and a spatial geographic position corresponding to the infrastructure through the GIS map;
acquiring the resource type, the resource state and the resource attribute of a network layer, and drawing a network space map by utilizing network space mapping;
and acquiring configuration data of the network entity object, and butting the network space map with the GIS map.
3. The charting battle method for network security management as claimed in claim 2,
the network layer comprises an IP layer, a router layer, a POP layer and an AS layer;
the configuration data of the network entity object comprises standard geographic position data, standard network position data, real unit data, real machine room data, real system data and real service equipment data.
4. The charting battle method for network security management as claimed in claim 1, wherein the merging the data associated with the network entity object into the network space map comprises:
acquiring asset data of a network service main body through an API (application programming interface) interface, and fusing the asset data into a network space map;
collecting role data of a network participant through an API (application programming interface) interface, and fusing the role data into a network space map;
and acquiring or calling the operation data of the network space composition elements through the API interface, and fusing the operation data into the network space map.
5. The charting battle method for network security management as claimed in claim 4, wherein the developing multi-scenario network security management using the merged cyberspace map further comprises:
acquiring dynamic interaction data generated by interaction of a network service main body and a network participation main body through an API (application programming interface) interface, and merging the dynamic interaction data into a network space map;
and establishing attribute association by using a graph database to form a knowledge graph, and fusing the knowledge graph into a network space map.
6. The wall map battle method for network security management as claimed in claim 1, wherein said developing network security management using the fused cyberspace map comprises:
establishing an evaluation detection model according to the collected network service data and the associated attributes of the network entity object and the event object;
analyzing the incidence relation of each element of the incidence data by using an evaluation detection model;
and developing the network security combat task according to the incidence relation.
7. The charting battle method for network security management as claimed in claim 6, wherein the network security battle mission comprises:
the system comprises a resource exploration task, a risk assessment task, a monitoring and early warning task and an emergency response task.
8. A charting combat system for network security administration, the system comprising:
the map building module: the system comprises a network space map drawing module, a network space display module, a GIS map drawing module and a display module, wherein the network space map drawing module is used for drawing a network space map by combining the GIS map to obtain visual expression of a network space;
a data fusion module: the system comprises a network space map, a data processing unit and a data processing unit, wherein the network space map is used for integrating the associated data of the network entity object into the network space map to obtain an integrated network space map;
the map-hanging battle module: the method is used for developing multi-scene network security management by utilizing the fused network space map.
9. An electronic device, comprising:
a processor, a memory, an interface to communicate with a gateway;
the memorizer is used for storing programs and data, and the processor calls the programs stored in the memorizer to execute the wall map battle method for network safety management in any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium includes a program which, when executed by a processor, is configured to execute a wall map fighting method for network security administration according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110914318.0A CN113836247A (en) | 2021-08-10 | 2021-08-10 | Wall map battle method and system for network security management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110914318.0A CN113836247A (en) | 2021-08-10 | 2021-08-10 | Wall map battle method and system for network security management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113836247A true CN113836247A (en) | 2021-12-24 |
Family
ID=78963148
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110914318.0A Pending CN113836247A (en) | 2021-08-10 | 2021-08-10 | Wall map battle method and system for network security management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113836247A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826671A (en) * | 2022-03-18 | 2022-07-29 | 中国人民解放军国防科技大学 | Network asset identification method and device based on fingerprint hierarchical matching |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104079606A (en) * | 2013-03-28 | 2014-10-01 | 深圳先进技术研究院 | Network object and event integral monitoring method based on GIS (Geographic Information System) super cloud computing |
| CN108881346A (en) * | 2017-05-12 | 2018-11-23 | 中国人民解放军信息工程大学 | The cyberspace actual resource method for visualizing and system of facing position service |
| CN111026822A (en) * | 2019-11-19 | 2020-04-17 | 东华大学 | Network space mapping model, network and physical space mapping model construction method |
| CN111935331A (en) * | 2020-07-30 | 2020-11-13 | 重庆智载科技有限公司 | Network space mapping method, visualization method and system |
| CN112100545A (en) * | 2020-09-11 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Visualization method, device and equipment of network assets and readable storage medium |
| CN112667765A (en) * | 2021-03-22 | 2021-04-16 | 远江盛邦(北京)网络安全科技股份有限公司 | Network space map construction method, device and equipment |
-
2021
- 2021-08-10 CN CN202110914318.0A patent/CN113836247A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104079606A (en) * | 2013-03-28 | 2014-10-01 | 深圳先进技术研究院 | Network object and event integral monitoring method based on GIS (Geographic Information System) super cloud computing |
| CN108881346A (en) * | 2017-05-12 | 2018-11-23 | 中国人民解放军信息工程大学 | The cyberspace actual resource method for visualizing and system of facing position service |
| CN111026822A (en) * | 2019-11-19 | 2020-04-17 | 东华大学 | Network space mapping model, network and physical space mapping model construction method |
| CN111935331A (en) * | 2020-07-30 | 2020-11-13 | 重庆智载科技有限公司 | Network space mapping method, visualization method and system |
| CN112100545A (en) * | 2020-09-11 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Visualization method, device and equipment of network assets and readable storage medium |
| CN112667765A (en) * | 2021-03-22 | 2021-04-16 | 远江盛邦(北京)网络安全科技股份有限公司 | Network space map construction method, device and equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826671A (en) * | 2022-03-18 | 2022-07-29 | 中国人民解放军国防科技大学 | Network asset identification method and device based on fingerprint hierarchical matching |
| CN114826671B (en) * | 2022-03-18 | 2023-11-03 | 中国人民解放军国防科技大学 | Network asset identification method and device based on hierarchical matching of fingerprints |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110335187B (en) | Smart city operating system | |
| Wang et al. | Spatial, temporal, and content analysis of Twitter for wildfire hazards | |
| CN111092938A (en) | Smart city management system based on cloud platform | |
| CN110597943A (en) | Interest point processing method and device based on artificial intelligence and electronic equipment | |
| US20050255842A1 (en) | Communication system and method for comprehensive collection, aggregation and dissemination of geospatial information | |
| CN111368221A (en) | Information providing method, information acquiring method, device, server and storage medium | |
| JP2015210681A (en) | Decision-making support system and decision-making support method | |
| CN113778983A (en) | Internet of things equipment and data standardized access and summary presentation method | |
| CN111429583A (en) | Space-time situation perception method and system based on three-dimensional geographic information | |
| Szczytowski | Geo-fencing based disaster management service | |
| CN114070760A (en) | Network space asset mapping method and device, network space asset database and computer readable storage medium | |
| CN114841662A (en) | Infrastructure construction project management and control method and device, computer equipment and storage medium | |
| Caroleo et al. | A knowledge-based multi-criteria decision support system encompassing cascading effects for disaster management | |
| CN113836247A (en) | Wall map battle method and system for network security management | |
| CN111402400A (en) | Pipeline engineering display method, device, equipment and storage medium | |
| Rome et al. | The use of what-if analysis to improve the management of crisis situations | |
| CN112256687A (en) | Data processing method and device | |
| WO2023108832A1 (en) | Network space map generation method and apparatus, and device and storage medium | |
| Liu et al. | SafeCity: A Heterogeneous Mobile Crowd Sensing System for Urban Public Safety | |
| Kopylec et al. | Visualizing cascading failures in critical cyber infrastructures | |
| Villanueva et al. | Crowded event management in smart cities using a digital twin approach | |
| CN116010372A (en) | Space-time data processing system, method, device, equipment, medium and product | |
| CN112507053A (en) | Method for establishing visualization system and application method | |
| CN113076308A (en) | Space-time big data service system | |
| Kaku et al. | Sentinel Asia initiative for disaster management support in the Asia-Pacific region |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211224 |
|
| RJ01 | Rejection of invention patent application after publication |