CN114139020B - Network security event structure hierarchical processing method and device - Google Patents
Network security event structure hierarchical processing method and device Download PDFInfo
- Publication number
- CN114139020B CN114139020B CN202111491045.XA CN202111491045A CN114139020B CN 114139020 B CN114139020 B CN 114139020B CN 202111491045 A CN202111491045 A CN 202111491045A CN 114139020 B CN114139020 B CN 114139020B
- Authority
- CN
- China
- Prior art keywords
- event
- security event
- data
- network security
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
- G06F16/9027—Trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/9035—Filtering based on additional data, e.g. user or group profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/906—Clustering; Classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N7/00—Computing arrangements based on specific mathematical models
- G06N7/02—Computing arrangements based on specific mathematical models using fuzzy logic
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computational Mathematics (AREA)
- Biomedical Technology (AREA)
- Fuzzy Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Molecular Biology (AREA)
- Health & Medical Sciences (AREA)
- Algebra (AREA)
- Artificial Intelligence (AREA)
- Automation & Control Theory (AREA)
- Evolutionary Computation (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a hierarchical processing method and a hierarchical processing device for a network security event structure, which comprise a data acquisition module, a data division module, a data processing module and a post-processing module; according to the invention, through the combination of hierarchical processing and an argument refining method, the calculation accuracy is improved by utilizing polynomial algebra and differential algebra, meanwhile, a consistency adjustment process is simpler by utilizing a fuzzy analytic hierarchy process, the weight calculation is simpler, the problem of complexity of the traditional weight calculation is solved, the acquisition efficiency of event data is greatly improved by extracting the event data from the data managed by the security event management model of the host time window, the event data is acquired more quickly, and the event structure after the refining processing is processed based on a Tri-tracing event relation classification method, so that the problem that the relation between the events after the hierarchical processing cannot be processed is effectively solved.
Description
Technical Field
The invention relates to the technical field of network security event processing, in particular to a hierarchical processing method and device for a network security event structure.
Background
In the fields of computer science, control theory and control engineering, the composition and structure of concurrent systems are more and more complex, the scale is more and more huge, and the efficient and correct modeling and verification of the systems are more and more difficult. The formalization method provides good framework support for modeling and verification of a concurrent system after decades of research and development, and corresponding technologies and theories are applied to various aspects in the fields of computer science and control engineering;
in the design and verification of a concurrent system which is becoming more complex, because more concurrency uncertainty is brought between a plurality of small events in a sub-event structure which is obtained by argument refinement and the original concurrent events, the problem of hierarchical processing of a network security event structure becomes complicated, and therefore the invention provides a hierarchical processing method and a hierarchical processing device of the network security event structure to solve the problems in the prior art.
Disclosure of Invention
Aiming at the problems, the invention aims to provide a network security event structure hierarchical processing method and a network security event structure hierarchical processing device, the network security event structure hierarchical processing method and the network security event structure hierarchical processing device improve the calculation accuracy by utilizing polynomial algebra and differential algebra through hierarchical processing and a argument refining method, simultaneously utilize a fuzzy analytic hierarchy process to enable a consistency adjusting process to be simpler, weight calculation to be simpler, and solve the complexity problem of traditional weight calculation.
In order to realize the purpose of the invention, the invention is realized by the following technical scheme: a hierarchical processing method and device for a network security event structure comprise the following steps:
firstly, extracting data information of a network security event based on a security event management model of a host time window, and establishing a tree-shaped index system by taking node resource information of the network security event as a data source extraction index;
step two, establishing a network security event evaluation model according to the characteristics of a tree-shaped index system and a network system structure, evaluating the network security event, and performing hierarchical division on the output result of the security event evaluation model by adopting a hierarchical structure;
preprocessing each divided layer of security event structure based on an improved CAIM algorithm, then carrying out quantitative analysis, carrying out weight calculation on the security event structure by adopting a fuzzy analytic hierarchy process, and simultaneously generating a polynomial algebraic event structure and a differential algebraic event structure;
step four, adopting an argument refinement method to perform horizontal refinement processing and vertical refinement processing on the polynomial algebraic event structure and the differential algebraic event structure, and performing logic relation classification on the refined event structure based on a Tri-tracing event relation classification method;
and fifthly, sorting the data output according to the logic relation to obtain a network security event structure after hierarchical processing.
The further improvement is that: in the first step, the security event management model of the host time window collects the data of the security event from the network in advance, and stores the data after collection, pretreatment and association operation, and then extracts corresponding data information from the data of the network security event stored by the security event management model of the host time window.
The further improvement is that: the evaluation of the network security event in the second step is carried out from three levels of an event level, a region level and a system level, wherein the event level is evaluated by using behavior characteristics and content characteristics in event characteristics; the region level is evaluated according to the relation characteristic and the position characteristic; the system level is to integrate the evaluation of the region level and the event level.
The further improvement lies in that: the preprocessing method in the third step is to perform discretization processing on the continuous variable of the network security event through an improved CAIM algorithm, determine the quantized value of each layer of situation factors of the network security event, perform weight calculation on the weights among the situation factors of different layers by using a fuzzy analytic hierarchy process, and finally perform upward fusion layer by layer according to a hierarchical network security event data structure by using Bayesian thrust as a fusion tool for calculating data to obtain a polynomial algebraic event structure and a differential algebraic event structure.
The further improvement lies in that: the horizontal refinement processing in the fourth step is to optimize the internal event structure of the network security event on the premise of keeping the behavior of the network security event system unchanged, and select an equivalent event structure with a simple structure to replace a complex event structure for horizontal refinement; the vertical refinement processing is to replace the network security event atomic function behaviors on a higher abstraction level with a detailed event structure on a lower abstraction level of the network security event structure, and change the abstraction level to carry out vertical refinement.
A hierarchical processing device of a network security event structure comprises a data acquisition module, a data dividing module, a data processing module and a post-processing module, wherein the data acquisition module is used for extracting network security event data from storage data of a security event management model, the data dividing module is used for evaluating network security events and dividing evaluation results by adopting a hierarchical structure, the data processing module is used for carrying out quantitative analysis and weight calculation on the security events and carrying out thinning processing on the obtained event structures, and the post-processing module is used for classifying and sorting the logic relations among the thinned event structures.
The further improvement is that: the data acquisition module extracts network security event data information based on a security event management model of a host time window, and the security event management model of the host time window collects data of security events from a network in advance and stores the data after collection, pretreatment and correlation operation;
the data acquisition module also comprises an index establishing submodule, wherein the index establishing submodule is used for extracting indexes to establish a tree-shaped index system based on node resource information of network security events as data sources.
The further improvement lies in that: the data division module comprises a data evaluation submodule, and the data evaluation submodule is used for evaluating the network security event data obtained by the data acquisition module from three levels of an event level, a region level and a system level and then performing hierarchical division by using a hierarchical structure.
The further improvement lies in that: the data processing module comprises a quantitative analysis submodule, a weight calculation submodule and a refining processing submodule, wherein the quantitative analysis submodule carries out quantitative analysis after preprocessing each layer of security event structures divided by the data division module based on an improved CAIM algorithm;
the weight calculation sub-module calculates the weight of the safety event structure by adopting a fuzzy analytic hierarchy process;
the refinement processing submodule adopts a variable refinement method to carry out horizontal refinement processing and vertical refinement processing on a polynomial algebraic event structure and a differential algebraic event structure of the network security event structure.
The further improvement is that: the post-processing module is used for carrying out logic relation classification on the event structure after the thinning processing based on a Tri-tracing event relation classification method and finally sorting the classification result.
The invention has the beneficial effects that: according to the invention, through the combination of hierarchical processing and an argument refining method, the calculation accuracy is improved by utilizing polynomial algebra and differential algebra, meanwhile, a consistency adjustment process is simpler by utilizing a fuzzy analytic hierarchy process, the weight calculation is simpler, the problem of complexity of the traditional weight calculation is solved, the acquisition efficiency of event data is greatly improved by extracting the event data from the data managed by the security event management model of the host time window, the event data is acquired more quickly, and the event structure after the refining processing is processed based on a Tri-tracing event relation classification method, so that the problem that the relation between the events after the hierarchical processing cannot be processed is effectively solved.
Drawings
FIG. 1 is a flow chart of an embodiment of the present invention.
FIG. 2 is a system architecture diagram according to an embodiment of the present invention.
FIG. 3 is a flowchart of an embodiment of the present invention.
FIG. 4 is a diagram of a system architecture according to a second embodiment of the present invention.
FIG. 5 is a flowchart of an embodiment of the present invention.
FIG. 6 is a block diagram of a system according to an embodiment of the present invention.
Detailed Description
For the purpose of enhancing understanding of the present invention, the present invention will be further described in detail with reference to the following examples, which are provided for illustration only and are not intended to limit the scope of the present invention.
Example one
As shown in fig. 1 and 2, the present embodiment provides a hierarchical processing method for a network security event structure, including the following steps:
firstly, extracting data information of a network security event based on a security event management model of a host time window, and establishing a tree-shaped index system by taking node resource information of the network security event as a data source extraction index;
the security event management model of the host time window collects data of security events from a network in advance, stores the data after collection, pretreatment and correlation operation, and then extracts corresponding data information from the data of the network security events stored by the security event management model of the host time window;
step two, establishing a network security event evaluation model according to the characteristics of a tree-shaped index system and a network system structure, evaluating network security events from an event level layer, an area level layer and a system level layer, and performing hierarchical division on the output result of the security event evaluation model by adopting a hierarchical structure;
wherein the event level is evaluated by using the behavior characteristics and the content characteristics in the event characteristics; the region level is evaluated according to the relation characteristic and the position characteristic; the system level integrates the evaluation of each area level and event level;
preprocessing each divided layer of security event structure based on an improved CAIM algorithm, then performing quantitative analysis, performing weight calculation on the security event structure by adopting a fuzzy analytic hierarchy process, and simultaneously generating a polynomial algebraic event structure and a differential algebraic event structure;
the preprocessing specifically comprises the steps of discretizing continuous variables of the network security events through an improved CAIM algorithm, determining a quantization value of each layer of situation factors of the network security events, calculating weights among the situation factors of different layers by using a fuzzy analytic hierarchy process, and finally utilizing Bayesian thrust as a fusion tool for calculating data to perform upward fusion layer by layer according to a hierarchical network security event data structure to obtain a polynomial algebraic event structure and a differential algebraic event structure;
step four, adopting an argument refinement method to perform horizontal refinement processing and vertical refinement processing on the polynomial algebraic event structure and the differential algebraic event structure, and performing logic relation classification on the refined event structure based on a Tri-tracing event relation classification method;
the horizontal refinement processing is to optimize the internal event structure of the network security event on the premise of keeping the behavior of the network security event system unchanged, and select an equivalent event structure with a simple structure to replace a complex event structure for horizontal refinement;
the vertical refinement processing is to replace the atomic function behavior of the network security event at a higher abstraction level with a detailed event structure at a lower abstraction level of the network security event structure, and change the abstraction level to carry out vertical refinement;
and fifthly, sorting the data classified and output according to the logical relationship to obtain the network security event structure after hierarchical processing.
A hierarchical processing device of a network security event structure comprises a data acquisition module, a data dividing module, a data processing module and a post-processing module, wherein the data acquisition module is used for extracting network security event data from storage data of a security event management model, the data dividing module is used for evaluating network security events and dividing evaluation results by adopting a hierarchical structure, the data processing module is used for carrying out quantitative analysis and weight calculation on the security events and carrying out thinning processing on the obtained event structures, and the post-processing module is used for classifying and sorting the logic relations among the thinned event structures.
The data acquisition module extracts network security event data information based on a security event management model of a host time window, and the security event management model of the host time window collects data of security events from a network in advance and stores the data after collection, pretreatment and correlation operation;
the data acquisition module also comprises an index establishment submodule, wherein the index establishment submodule is used for extracting an index to establish a tree-shaped index system based on node resource information of a network security event as a data source.
The data division module comprises a data evaluation submodule, and the data evaluation submodule is used for evaluating the network security event data obtained by the data acquisition module from three levels of an event level, a region level and a system level and then performing hierarchical division by using a hierarchical structure.
The data processing module comprises a quantitative analysis submodule, a weight calculation submodule and a refining processing submodule, wherein the quantitative analysis submodule carries out quantitative analysis after preprocessing each layer of security event structures divided by the data division module based on an improved CAIM algorithm;
the weight calculation submodule calculates the weight of the safety event structure by adopting a fuzzy analytic hierarchy process;
the refinement processing submodule adopts a variable refinement method to carry out horizontal refinement processing and vertical refinement processing on a polynomial algebraic event structure and a differential algebraic event structure of the network security event structure.
The post-processing module is used for carrying out logic relation classification on the event structure after the thinning processing based on a Tri-tracing event relation classification method and finally sorting the classification result.
Example two
As shown in fig. 3 and 4, the present embodiment provides a hierarchical processing method for a network security event structure, including the following steps:
firstly, extracting data information of a network security event based on a security event management model of a host time window, and establishing a tree-shaped index system by taking node resource information of the network security event as a data source extraction index;
the security event management model of the host time window collects data of security events from a network in advance, stores the data after collection, pretreatment and correlation operation, and then extracts corresponding data information from the data of the network security events stored by the security event management model of the host time window;
step two, establishing a network security event evaluation model according to the characteristics of a tree-shaped index system and a network system structure, evaluating network security events from an event level layer, an area level layer and a system level layer, and performing hierarchical division on the output result of the security event evaluation model by adopting a hierarchical structure;
wherein the event level is evaluated by using the behavior characteristics and the content characteristics in the event characteristics; the region level is evaluated according to the relation characteristic and the position characteristic; the system level integrates the evaluation of each area level and event level;
preprocessing each divided layer of security event structure based on an improved CAIM algorithm, then carrying out quantitative analysis, carrying out weight calculation on the security event structure by adopting a fuzzy analytic hierarchy process, and simultaneously generating a polynomial algebraic event structure and a differential algebraic event structure;
the preprocessing specifically comprises the steps of discretizing continuous variables of the network security events through an improved CAIM algorithm, determining a quantized value of each layer of situation factors of the network security events, calculating weights among the situation factors of different layers by using a fuzzy analytic hierarchy process, and finally performing upward fusion layer by layer according to a hierarchical network security event data structure by using Bayesian thrust as a fusion tool for calculating data to obtain a polynomial algebraic event structure and a differential algebraic event structure;
step four, an action thinning method is adopted to thin a polynomial algebraic event structure and a differential algebraic event structure, and the thinned event structure is classified according to a logic relation based on a Tri-Training event relation classification method;
the action refinement is to select one or more abstract actions at one level of the network security event structure and respectively replace the abstract actions with a concrete event structure at a lower level;
and fifthly, sorting the data classified and output according to the logical relationship to obtain the network security event structure after hierarchical processing.
A hierarchical processing device of a network security event structure comprises a data acquisition module, a data division module, a data processing module and a post-processing module, wherein the data acquisition module is used for extracting network security event data from storage data of a security event management model, the data division module is used for evaluating the network security event and dividing an evaluation result by adopting a hierarchical structure, the data processing module is used for carrying out quantitative analysis and weight calculation on the security event and carrying out refinement processing on the obtained event structure, and the post-processing module is used for classifying and sorting the logic relationship among the refined event structures.
The data acquisition module extracts network security event data information based on a security event management model of a host time window, and the security event management model of the host time window collects data of security events from a network in advance and stores the data after collection, pretreatment and correlation operation;
the data acquisition module also comprises an index establishing submodule, wherein the index establishing submodule is used for extracting indexes to establish a tree-shaped index system based on node resource information of network security events as data sources.
The data division module comprises a data evaluation submodule, and the data evaluation submodule is used for evaluating from three levels of an event level, a region level and a system level according to the network security event data obtained by the data acquisition module, and then performing hierarchical division by using a hierarchical structure.
The data processing module comprises a quantitative analysis submodule, a weight calculation submodule and a refining processing submodule, wherein the quantitative analysis submodule carries out quantitative analysis after preprocessing each layer of security event structures divided by the data division module based on an improved CAIM algorithm;
the weight calculation submodule calculates the weight of the safety event structure by adopting a fuzzy analytic hierarchy process;
the refinement processing submodule refines a polynomial algebraic event structure and a differential algebraic event structure of the network security event structure by adopting an action refinement method.
The post-processing module is used for carrying out logic relation classification on the event structure after the thinning processing based on a Tri-tracing event relation classification method and finally sorting the classification result.
EXAMPLE III
As shown in fig. 5 and 6, the present embodiment provides a hierarchical processing method for a network security event structure, including the following steps:
firstly, extracting data information of a network security event based on a security event management model of a host time window, and establishing a tree-shaped index system by taking node resource information of the network security event as a data source extraction index;
the security event management model of the host time window collects data of security events from a network in advance, stores the data after collection, pretreatment and correlation operation, and then extracts corresponding data information from the data of the network security events stored by the security event management model of the host time window;
step two, establishing a network security event evaluation model according to the characteristics of a tree-shaped index system and a network system structure, evaluating network security events from an event level layer, an area level layer and a system level layer, and performing hierarchical division on the output result of the security event evaluation model by adopting a hierarchical structure;
wherein the event level is evaluated by using the behavior characteristics and the content characteristics in the event characteristics; the region level is evaluated according to the relation characteristic and the position characteristic; the system level integrates the evaluation of each area level and event level;
preprocessing each divided layer of security event structure based on an improved CAIM algorithm, then carrying out quantitative analysis, carrying out weight calculation on the security event structure by adopting a fuzzy analytic hierarchy process, and simultaneously generating a polynomial algebraic event structure and a differential algebraic event structure;
the preprocessing specifically comprises the steps of discretizing continuous variables of the network security events through an improved CAIM algorithm, determining a quantized value of each layer of situation factors of the network security events, calculating weights among the situation factors of different layers by using a fuzzy analytic hierarchy process, and finally performing upward fusion layer by layer according to a hierarchical network security event data structure by using Bayesian thrust as a fusion tool for calculating data to obtain a polynomial algebraic event structure and a differential algebraic event structure;
step four, adopting an argument refinement method to perform horizontal refinement processing and vertical refinement processing on the polynomial algebraic event structure and the differential algebraic event structure, and performing logic relation classification on the refined event structure based on a Tri-tracing event relation classification method;
the horizontal refinement processing is to optimize the internal event structure of the network security event on the premise of keeping the behavior of the network security event system unchanged, and select an equivalent event structure with a simple structure to replace a complex event structure for horizontal refinement;
the vertical refinement processing is to replace the atomic function behavior of the network security event at a higher abstraction level with a detailed event structure at a lower abstraction level of the network security event structure, and change the abstraction level to carry out vertical refinement;
and fifthly, sorting the data output according to the logic relation to obtain a network security event structure after hierarchical processing, and analyzing and predicting the event situation according to the processed network security event structure.
A hierarchical processing device of a network security event structure comprises a data acquisition module, a data dividing module, a data processing module, a post-processing module and a prediction processing module, wherein the data acquisition module is used for extracting network security event data from storage data of a security event management model, the data dividing module is used for evaluating network security events and dividing evaluation results by adopting a hierarchical structure, the data processing module is used for carrying out quantitative analysis and weight calculation on the security events and carrying out thinning processing on the obtained event structures, the post-processing module is used for classifying and sorting the logic relations among the thinned event structures, and the prediction processing module is used for analyzing and predicting event situations according to the network security event structures after hierarchical processing.
The data acquisition module extracts network security event data information based on a security event management model of a host time window, and the security event management model of the host time window collects data of security events from a network in advance and stores the data after collection, pretreatment and correlation operation;
the data acquisition module also comprises an index establishing submodule, wherein the index establishing submodule is used for extracting indexes to establish a tree-shaped index system based on node resource information of network security events as data sources.
The data division module comprises a data evaluation submodule, and the data evaluation submodule is used for evaluating the network security event data obtained by the data acquisition module from three levels of an event level, a region level and a system level and then performing hierarchical division by using a hierarchical structure.
The data processing module comprises a quantitative analysis submodule, a weight calculation submodule and a refining processing submodule, wherein the quantitative analysis submodule carries out quantitative analysis after preprocessing each layer of security event structures divided by the data division module based on an improved CAIM algorithm;
the weight calculation submodule calculates the weight of the safety event structure by adopting a fuzzy analytic hierarchy process;
the refinement processing submodule refines a polynomial algebraic event structure and a differential algebraic event structure of the network security event structure by adopting a variable refinement method.
The post-processing module is used for carrying out logic relation classification on the event structure after the thinning processing based on a Tri-tracing event relation classification method and finally sorting the classification result.
The prediction processing module comprises a situation analysis prediction submodule and an event processing submodule, the situation analysis prediction submodule pushes away the situation of the network security event and fuses inference data to carry out situation analysis based on a Bayesian method, and the time processing submodule is used for judging the influence of the network security event according to the situation analysis result and timely making corresponding prevention or popularization measures.
The foregoing illustrates and describes the principles, general features, and advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (3)
1. A hierarchical processing method for a network security event structure is characterized by comprising the following steps:
firstly, extracting data information of a network security event based on a security event management model of a host time window, and establishing a tree-shaped index system by taking node resource information of the network security event as a data source extraction index;
step two, establishing a network security event evaluation model according to the characteristics of a tree-shaped index system and a network system structure, evaluating the network security event, and performing hierarchical division on the output result of the security event evaluation model by adopting a hierarchical structure;
the horizontal refinement processing is that on the premise of keeping the system behavior of the network security event unchanged, the internal event structure of the network security event is optimized, and an equivalent event structure with a simple structure is selected to replace a complex event structure for horizontal refinement; the vertical refinement processing is to replace the network security event atomic function behavior on a higher abstraction level with a detailed event structure on a lower abstraction level of the network security event structure, and change the abstraction level to carry out vertical refinement;
preprocessing each divided layer of security event structure based on an improved CAIM algorithm, then carrying out quantitative analysis, carrying out weight calculation on the security event structure by adopting a fuzzy analytic hierarchy process, and simultaneously generating a polynomial algebraic event structure and a differential algebraic event structure;
discretizing the continuous variable of the network security event through an improved CAIM algorithm, determining the quantized value of each layer of situation factors of the network security event, calculating the weight between the situation factors of different layers by using a fuzzy analytic hierarchy process, and finally performing upward fusion layer by layer according to a hierarchical network security event data structure by using Bayesian thrust as a fusion tool for calculating data to obtain a polynomial algebraic event structure and a differential algebraic event structure;
step four, adopting an argument refinement method to perform horizontal refinement processing and vertical refinement processing on the polynomial algebraic event structure and the differential algebraic event structure, and performing logic relation classification on the refined event structure based on a Tri-tracing event relation classification method;
and fifthly, sorting the data classified and output according to the logical relationship to obtain the network security event structure after hierarchical processing.
2. The method according to claim 1, wherein the method comprises: in the first step, the security event management model of the host time window collects the data of the security event from the network in advance, and stores the data after collection, pretreatment and association operation, and then extracts corresponding data information from the data of the network security event stored by the security event management model of the host time window.
3. The method according to claim 1, wherein the method comprises: the evaluation of the network security event in the second step is carried out from three levels of an event level, a region level and a system level, wherein the event level is evaluated by using behavior characteristics and content characteristics in event characteristics; the region level is evaluated according to the relation characteristic and the position characteristic; the system level is to integrate the evaluation at the area level and the event level.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111491045.XA CN114139020B (en) | 2021-12-08 | 2021-12-08 | Network security event structure hierarchical processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111491045.XA CN114139020B (en) | 2021-12-08 | 2021-12-08 | Network security event structure hierarchical processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114139020A CN114139020A (en) | 2022-03-04 |
| CN114139020B true CN114139020B (en) | 2023-03-28 |
Family
ID=80384988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111491045.XA Active CN114139020B (en) | 2021-12-08 | 2021-12-08 | Network security event structure hierarchical processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114139020B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111680863A (en) * | 2020-04-26 | 2020-09-18 | 南京南数数据运筹科学研究院有限公司 | Network environment safety condition evaluation method based on analytic hierarchy process |
| CN112738016A (en) * | 2020-11-16 | 2021-04-30 | 中国南方电网有限责任公司 | Intelligent security event correlation analysis system for threat scene |
| CN113411303A (en) * | 2021-05-12 | 2021-09-17 | 桂林电子科技大学 | Evaluation index system construction method based on hierarchical clustering and analytic hierarchy process |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102722534B (en) * | 2012-05-21 | 2015-08-12 | 中国标准化研究院 | The event severities evaluation method of information Network Based and system |
| CN104112181A (en) * | 2014-06-12 | 2014-10-22 | 西北工业大学 | Analytical hierarchy process-based information security Bayesian network evaluation method |
| CN106209829A (en) * | 2016-07-05 | 2016-12-07 | 杨林 | A kind of network security management system based on warning strategies |
| CN107204876B (en) * | 2017-05-22 | 2020-09-29 | 成都网络空间安全技术有限公司 | Network security risk assessment method |
| CN108337270A (en) * | 2018-05-18 | 2018-07-27 | 梧州井儿铺贸易有限公司 | A kind of enterprise network security event management system |
| WO2020046286A1 (en) * | 2018-08-29 | 2020-03-05 | General Electronic Company | Integrated cybersecurity risk assessment and state monitoring for electrical power grid |
| CN110620759B (en) * | 2019-07-15 | 2023-05-16 | 公安部第一研究所 | Multi-dimensional association-based network security event hazard index evaluation method and system |
| CN112351004A (en) * | 2020-10-23 | 2021-02-09 | 烟台南山学院 | Computer network based information security event processing system and method |
-
2021
- 2021-12-08 CN CN202111491045.XA patent/CN114139020B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111680863A (en) * | 2020-04-26 | 2020-09-18 | 南京南数数据运筹科学研究院有限公司 | Network environment safety condition evaluation method based on analytic hierarchy process |
| CN112738016A (en) * | 2020-11-16 | 2021-04-30 | 中国南方电网有限责任公司 | Intelligent security event correlation analysis system for threat scene |
| CN113411303A (en) * | 2021-05-12 | 2021-09-17 | 桂林电子科技大学 | Evaluation index system construction method based on hierarchical clustering and analytic hierarchy process |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114139020A (en) | 2022-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yu et al. | LSTM-EFG for wind power forecasting based on sequential correlation features | |
| CN109033497B (en) | High-concurrency-oriented multi-stage data mining algorithm intelligent selection method | |
| Kourehpaz et al. | Machine learning for enhanced regional seismic risk assessments | |
| CN104636449A (en) | Distributed type big data system risk recognition method based on LSA-GCC | |
| KR20150069424A (en) | System and method for large unbalanced data classification based on hadoop for prediction of traffic accidents | |
| KR20180086602A (en) | Apparatus and method for estimating traffic jam area based on machine learning | |
| CN113052225A (en) | Alarm convergence method and device based on clustering algorithm and time sequence association rule | |
| KR101703972B1 (en) | System and method for predicting groundwater potential area using spatial information | |
| Cheng et al. | Hinnperf: Hierarchical interaction neural network for performance prediction of configurable systems | |
| CN117764631A (en) | Data governance optimization method and system based on source-side static data modeling | |
| Tong et al. | Multimedia network public opinion supervision prediction algorithm based on big data | |
| Hou et al. | Simulating the dynamics of urban land quantity in China from 2020 to 2070 under the Shared Socioeconomic Pathways | |
| Huo et al. | Traffic anomaly detection method based on improved GRU and EFMS-Kmeans clustering | |
| CN114139020B (en) | Network security event structure hierarchical processing method and device | |
| CN104102716A (en) | Imbalance data predicting method based on cluster stratified sampling compensation logic regression | |
| Tuan et al. | Object Detection in Remote Sensing Images Using Picture Fuzzy Clustering and MapReduce. | |
| Jia et al. | Research on big data fusion method of smart grid in the environment of Internet of Things | |
| CN113254512A (en) | Military and civil fusion policy information data analysis and optimization system | |
| Wei et al. | Evaluation model of college English teaching effect based on particle swarm algorithm and support vector machine | |
| Duda et al. | Fog computing and Big data in projects of class smart city | |
| Yang et al. | Combining prediction models and dimensionality reduction technology for water resources management under incomplete information and dynamic change | |
| Zheng | Design and verification of use case generation algorithm based on multiple combination tests | |
| Tu | Analysis and prediction method of student behavior mining based on campus big data | |
| Huang et al. | Functional Domains Clustering of Autonomous Transportation Systems Based on Latent Dirichlet Allocation | |
| Li et al. | Modeling and analysis of mandatory lane-changing behavior considering heterogeneity in means and variances |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |