CN114257414A - Intelligent network security duty method and system - Google Patents
Intelligent network security duty method and system Download PDFInfo
- Publication number
- CN114257414A CN114257414A CN202111410097.XA CN202111410097A CN114257414A CN 114257414 A CN114257414 A CN 114257414A CN 202111410097 A CN202111410097 A CN 202111410097A CN 114257414 A CN114257414 A CN 114257414A
- Authority
- CN
- China
- Prior art keywords
- network security
- alarm
- alarm information
- network
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00006—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E60/00—Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/12—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention relates to the technical field of power supply network safety, and provides a network safety intelligent duty method and system. S101, collecting alarms of network security protection equipment to generate network security alarm information, S102, storing the collected network security alarm information to a database, S103, classifying the network security alarm information in the database according to a network attack mode, S104, associating and combining different types of network security alarm information and corresponding alarm events, and S105, auditing the combined network security alarm information, and removing error alarm information or periodic alarm information in the network security alarm information. By the network security intelligent on-duty method and system, the pressure of on-duty personnel can be reduced, and the on-duty efficiency is improved. And secondly, the professional skill threshold of the operator on duty can be reduced, and the alarm research and judgment accuracy is improved.
Description
Technical Field
The invention relates to the technical field of power supply network safety, in particular to a network safety intelligent duty method and system.
Background
In the power industry, the operation of a power system is monitored in real time through a communication technology, so that the real-time acquisition of power data is realized, but various power supply and distribution equipment access a power grid database through a communication mobile terminal to upload power grid data, and meanwhile, a great challenge is also caused to a power network safety protection system.
Because the quality of safety data generated by various safety protection tools is low at present, the quantity of safety data in a large-scale network is huge by a large amount of manual analysis, more than 10 ten thousand pieces of alarm information can be generated in one network accessed by 100Mpbs every hour, and manual work cannot be processed in time at all. Even if a security event can generate an alarm, the alarm is often annihilated in a large amount of redundant alarms, and how to effectively process the network security alarm and improve the alarm quality is a problem to be solved urgently by large-scale network security protection.
Disclosure of Invention
The invention provides a network security intelligent shift method for removing a large amount of redundant alarms and improving the alarm quality, which comprises the following steps:
s101, collecting alarms of network safety protection equipment to generate network safety alarm information;
s102, storing the acquired network security alarm information into a database;
s103, classifying the network security alarm information in the database according to the mode of network attack;
s104, associating and combining different types of network security alarm information with corresponding alarm events;
and S105, auditing the combined network safety alarm information, and removing error alarm information or periodic alarm information in the network safety alarm information.
Preferably, the step of auditing the combined network security alarm information and removing false alarm information or periodic alarm information in the network security alarm information specifically includes:
s401, collecting an alarm of the network safety protection equipment;
s402, selecting an alarm type with an alarm ratio reaching a set threshold value in the network security alarm information;
s403, selecting a source IP or a target IP with an alarm ratio reaching a threshold value according to the selected alarm type;
s404, counting the time sequences of the selected alarms, and solving the period of each alarm time sequence;
s405, performing hypothesis test on the periods generated by the alarm sequences to determine periodic alarms;
and S406, removing the periodic alarm.
Preferably, the step of classifying the network security alarm information in the database according to the network attack mode includes:
according to the mode of network attack, the network attack is divided into distributed attack from a plurality of source IP addresses to destination IP addresses, attack from one source IP address to a plurality of destination IP addresses and intrusion attack from a single source IP address to a single destination IP address.
Preferably, the network security alarm information includes an alarm rule, a source IP address, a destination IP address, a source port and a destination port;
the database adopts a Mongodb database;
the network safety protection equipment comprises an intrusion prevention system, a flow probe and a firewall.
The invention also provides a network security intelligent duty system, which executes the network security intelligent duty method;
the system comprises a data processing terminal and network safety protection equipment;
the data processing terminal comprises a network security alarm acquisition module, a network security alarm storage module and a network security alarm analysis module;
the network security alarm acquisition module is connected with the network security protection equipment;
the network security alarm acquisition module is used for acquiring the alarm of the network security protection equipment and generating network security alarm information;
the network security alarm storage module is used for storing the acquired network security alarm information into a database;
the network security alarm analysis module is used for classifying the network security alarm information and associating and combining the network security alarm information and the alarm event;
and the data processing terminal is used for auditing the network security alarm information and removing the false alarm information in the network security alarm information.
Preferably, the system further comprises an intelligent linkage module;
the data processing terminal is connected with the network safety protection equipment through the intelligent linkage module;
when the data processing terminal judges that the network security alarm information is judged to be network attack, the data processing terminal sends a linkage signal to the network security protection equipment through the intelligent linkage module to control the network security protection equipment to block an attack address.
Preferably, the system further comprises a front-end display operation module;
and the front-end display operation module is used for displaying the network security alarm information and providing an operation interface for studying and judging the network security alarm information.
Preferably, the data processing terminal further comprises an alarm aggregation module;
and the alarm aggregation module is used for studying and judging the network security alarm information and classifying the network security alarm information according to the network attack mode.
Preferably, the data processing terminal further comprises an alarm removing module;
and the alarm removing module is used for carrying out hypothesis test on the periods generated by the alarm sequences and removing the periodic alarms according to the hypothesis test result.
According to the technical scheme, the invention has the following advantages:
the collected network security alarm information is classified, and the network security alarm information and the alarm event are combined in a correlation mode, so that the network security alarm information is reduced preliminarily, and the false alarm information is further removed through auditing the network security alarm information, so that the network security alarm quantity is reduced. And classifying the network security alarm information according to the network attack mode, and setting a corresponding threshold value for each type of alarm. Periodic alarms and non-periodic alarms can be screened out through the set threshold value, so that the system can identify whether some alarms are periodic and conventional alarms or not, further screening of the alarms of the type can be carried out, and the alarm quality is improved. Through the selection of the source IP or the target IP of which the alarm proportion reaches the threshold value, the time sequence of the selected alarm is counted, the corresponding alarm period is solved according to the time sequence, hypothesis test is carried out on the solved alarm period, and the scientificity of the sought alarm period is ensured. After a certain alarm is determined to be a periodic alarm, the periodic alarm is removed or reduced, and the alarm quality is further improved.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings used in the description will be briefly introduced, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without inventive labor.
Fig. 1 is a flow chart of a network security intelligent duty method.
FIG. 2 is a flow chart of an implementation of an alarm removal module.
Fig. 3 is a schematic diagram of a network security intelligent duty system.
In the figure: 1. the system comprises a data processing terminal, 2, a network security alarm acquisition module, 3, network security protection equipment, 4, an intelligent linkage module, 5, a network security alarm storage module, 6, a network security alarm analysis module, 7, a front-end display operation module, 8, an alarm removal module and 9, an alarm aggregation module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides an intelligent network security duty method, which comprises the following steps as shown in figures 1 to 3:
s101, after the network safety protection device 3 is attacked or abnormal in function, a corresponding alarm is sent out. The alarm comprises the following steps: emergency alerts, primary alerts, secondary alerts, warning alerts, uncertain alerts, false alerts, and periodic alerts. And generating network safety alarm information by collecting the alarm of the network safety protection equipment 3. The network safety protection device 3 is a set of software and hardware devices deployed between the scheduling intranet and the extranet, and between the private network and the public network, and is used for forming a protection barrier on an interface between the intranet and the extranet and between the private network and the public network. The network safety protection equipment 3 comprises a transverse isolation device, a longitudinal encryption authentication device, a firewall, an anti-virus system, an intrusion prevention system, a flow probe and the like.
S102, storing the acquired network security alarm information into a database;
the database adopts an expandable Mongodb database, and the Mongodb database is a database based on distributed file storage and can quickly read or write network security alarm information.
S103, classifying the network security alarm information in the database according to the mode of network attack.
And generating different types of network security alarm information according to different network attacks. Further, the network attacks that occur in practice are classified into three categories: distributed attacks from multiple source IP addresses to destination IP addresses, such as denial of service attacks and the like; attacks from one source IP address to multiple destination IP addresses, such as various scanning attack activities, etc.; intrusion activity from a single source IP address to a single destination IP address, such as hole utilization, password guessing, and the like.
It is further explained that the network security alarm information includes an alarm rule, a source IP address, a destination IP address, a source port and a destination port. The alarm rules include: the network safety equipment name, fault symptom, occurrence position, occurrence time, occurrence reason and other information which send out the alarm. For example, the name of the network security device sending the alarm is an intrusion prevention system, and the fault symptom is a distributed attack from a plurality of source IP addresses to destination IP addresses in a network attack mode.
And S104, associating and combining the network security alarm information of different types with corresponding alarm events.
The alarm event includes: connectivity events, performance events, and dysfunctional events, among others. The method for associating the network security alarm information with the corresponding alarm event comprises the following steps: derivative association, namely dividing the alarms into root alarms and derivative alarms based on the generation relation among the alarms; topology association, namely forming a local end alarm and an opposite end alarm based on a network element topology connection relation; time correlation, the same fault point generates an alarm and has the trigger characteristic of the same time point; causality association, wherein the alarm A causes the alarm B to trigger or the event C occurs, such as the disconnection of an optical cable causes the EMS network element to be disconnected; and link association, wherein the aggregation line has a fault, the whole path network element equipment is triggered to alarm, and a normalized dispatching list is formed.
The method for combining the network security alarm information and the corresponding alarm event comprises the following steps:
1. compression: the same alarm occurring multiple times is compressed into one alarm of the same type.
2. And (3) filtering: false alarms that do not satisfy a given condition are ignored.
3. Inhibition: when the events associated with the alarms are consistent, certain alarms are suppressed, such as ignoring low-level alarms when high-level alarms occur.
4. Counting: and replacing the specified number of repeated alarms into a new type of alarm.
5. Summarizing: the alarm is referenced by its super class.
6. Thinning: a certain alarm is replaced with a more specific sub-category of alarms.
And S105, auditing the combined network safety alarm information, and removing error alarm information or periodic alarm information in the network safety alarm information.
The step of auditing the merged network security alarm information and removing the false alarm information or the periodic alarm information in the network security alarm information specifically comprises the following steps:
s401, collecting an alarm of the network safety protection equipment 3;
s402, selecting an alarm type with an alarm ratio reaching a set threshold value in the network security alarm information;
s403, selecting a source IP or a target IP with an alarm ratio reaching a threshold value according to the selected alarm type;
s404, counting the time sequences of the selected alarms, and solving the period of each alarm time sequence;
s405, performing hypothesis test on the periods generated by the alarm sequences to determine periodic alarms;
and S406, removing the periodic alarm.
Based on the method, the invention correspondingly provides a network security intelligent duty system and a method for implementing the network security intelligent duty method. The system comprises a data processing terminal 1 and a network security protection device 3. The data processing terminal comprises a network security alarm acquisition module 2, a network security alarm storage module 5 and a network security alarm analysis module 6.
The data processing terminal 1 is connected with the network safety protection device 3 through the network safety alarm acquisition module 2, acquires the alarm of the network safety protection device 3 through the network safety alarm acquisition module 2, and generates network safety alarm information. The network security alarm acquisition module 2 adopts a syslog protocol, which is a system log or system record mode, and transmits the system log or system record on the network through an internet protocol (TCP/IP).
The data processing terminal 1 stores the acquired network security alarm information into a database through the network security alarm storage module 5. The data processing terminal 1 classifies the network security alarm information through the network security alarm analysis module 6, and associates and merges the network security alarm information and the alarm event. The data processing terminal 1 is further configured to audit the network security alarm information and remove the false alarm information in the network security alarm information.
It is further explained that the data processing terminal 1 further comprises an alarm aggregation module 9 and an alarm removal module 8. The alarm aggregation module 9 is configured to study and judge the network security alarm information, identify the type of network attack on the network security protection device 3 or the type of alarm occurrence through the alarm aggregation module 9, and classify the network security alarm information according to the mode of network attack or the type of alarm.
The alarm removal module 8 performs hypothesis testing on the periods generated by the alarm sequences, wherein the hypothesis testing is also called statistical hypothesis testing, and is a statistical inference method for judging whether the difference between the samples and the sample and between the sample and the whole is caused by sampling errors or essential differences. And performing hypothesis test on the alarm, and reducing or removing the periodic alarm after determining that the alarm is the periodic alarm. Meanwhile, the alarm removing module 8 is further configured to remove false alarms that do not satisfy the given condition.
The network safety intelligent duty system also comprises an intelligent linkage module 4, and the data processing terminal 1 is connected with the network safety protection equipment 3 through the intelligent linkage module 4. When the data processing terminal 1 judges that the network security alarm information is judged to be a network attack, the data processing terminal 1 sends a linkage signal to the network security protection devices 3 through the intelligent linkage module 4 to control each network security protection device 3 to block the attack address.
The network security intelligent duty system further comprises a front-end display operation module 7, wherein the front-end display operation module 7 displays details of the current network security alarm information by adopting Vue technology, and conducts research and judgment operation on the network security alarm information. Vue is a progressive framework for building user interfaces that can be designed to be applied layer by layer from the bottom up.
The front-end display operation module 7 includes: a display device. The data processing terminal 1 generates alarms with different time sequence relations according to a certain time sequence, displays the network safety alarm information through a display device and provides an operation interface for judging the network safety alarm information.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (9)
1. An intelligent network security duty method is characterized by comprising the following steps:
s101, collecting alarms of network safety protection equipment to generate network safety alarm information;
s102, storing the acquired network security alarm information into a database;
s103, classifying the network security alarm information in the database according to the mode of network attack;
s104, associating and combining different types of network security alarm information with corresponding alarm events;
and S105, auditing the combined network safety alarm information, and removing error alarm information or periodic alarm information in the network safety alarm information.
2. The network security intelligent on-duty method of claim 1, wherein auditing the merged network security alarm information and removing false alarm information or periodic alarm information in the network security alarm information specifically comprises:
s401, collecting an alarm of the network safety protection equipment;
s402, selecting an alarm type with an alarm ratio reaching a set threshold value in the network security alarm information;
s403, selecting a source IP or a target IP with an alarm ratio reaching a threshold value according to the selected alarm type;
s404, counting the time sequences of the selected alarms, and solving the period of each alarm time sequence;
s405, performing hypothesis test on the periods generated by the alarm sequences to determine periodic alarms;
and S406, removing the periodic alarm.
3. The method of claim 1, wherein the step of classifying the network security alarm information in the database according to the network attack mode comprises:
according to the mode of network attack, the network attack is divided into distributed attack from a plurality of source IP addresses to a destination IP address, attack from one source IP address to a plurality of destination IP addresses and intrusion attack from a single source IP address to a single destination IP address.
4. The network security intelligent duty method of claim 1,
the network safety alarm information comprises an alarm rule, a source IP address, a destination IP address, a source port and a destination port;
the database adopts a Mongodb database;
the network safety protection equipment comprises an intrusion prevention system, a flow probe and a firewall.
5. A network security intelligent duty system, characterized in that the system executes the network security intelligent duty method of any one of claims 1 to 4;
the system comprises a data processing terminal and network safety protection equipment;
the data processing terminal comprises a network security alarm acquisition module, a network security alarm storage module and a network security alarm analysis module;
the network security alarm acquisition module is connected with the network security protection equipment;
the network security alarm acquisition module is used for acquiring the alarm of the network security protection equipment and generating network security alarm information;
the network security alarm storage module is used for storing the acquired network security alarm information into a database;
the network security alarm analysis module is used for classifying the network security alarm information and associating and combining the network security alarm information and the alarm event;
and the data processing terminal is used for auditing the network security alarm information and removing the false alarm information in the network security alarm information.
6. The network security intelligent duty system of claim 5, wherein the system further comprises an intelligent linkage module;
the data processing terminal is connected with the network safety protection equipment through the intelligent linkage module;
when the data processing terminal judges that the network security alarm information is judged to be network attack, the data processing terminal sends a linkage signal to the network security protection equipment through the intelligent linkage module to control the network security protection equipment to block an attack address.
7. The network security intelligent duty system of claim 5, wherein the system further comprises a front-end display operation module;
and the front-end display operation module is used for displaying the network security alarm information and providing an operation interface for studying and judging the network security alarm information.
8. The network security intelligent duty system of claim 5,
the data processing terminal also comprises an alarm aggregation module;
and the alarm aggregation module is used for studying and judging the network security alarm information and classifying the network security alarm information according to the network attack mode.
9. The network security intelligent duty system of claim 5,
the data processing terminal also comprises an alarm removing module;
and the alarm removing module is used for carrying out hypothesis test on the periods generated by the alarm sequences and removing the periodic alarms according to the hypothesis test result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111410097.XA CN114257414A (en) | 2021-11-25 | 2021-11-25 | Intelligent network security duty method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111410097.XA CN114257414A (en) | 2021-11-25 | 2021-11-25 | Intelligent network security duty method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114257414A true CN114257414A (en) | 2022-03-29 |
Family
ID=80791161
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111410097.XA Pending CN114257414A (en) | 2021-11-25 | 2021-11-25 | Intelligent network security duty method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114257414A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114928531A (en) * | 2022-05-06 | 2022-08-19 | 广西电网有限责任公司 | Network security integrated intelligent protection method and device, robot and medium |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101227331A (en) * | 2008-01-25 | 2008-07-23 | 华中科技大学 | Method for reducing alarm of network attack detection system by mistake |
US20110016528A1 (en) * | 2008-08-15 | 2011-01-20 | Venus Info Tech Inc. | Method and Device for Intrusion Detection |
US20130127618A1 (en) * | 2011-11-21 | 2013-05-23 | Daniel Sheleheda | Method and apparatus for machine to machine network security monitoring in a communications network |
CN103617562A (en) * | 2013-12-04 | 2014-03-05 | 国家电网公司 | System and method for intelligently processing power grid warning messages |
WO2016029570A1 (en) * | 2014-08-28 | 2016-03-03 | 北京科东电力控制系统有限责任公司 | Intelligent alert analysis method for power grid scheduling |
CN105681286A (en) * | 2015-12-31 | 2016-06-15 | 中电长城网际系统应用有限公司 | Association analysis method and association analysis system |
CN107196804A (en) * | 2017-06-01 | 2017-09-22 | 国网山东省电力公司信息通信公司 | Power system terminal communication access network Centralized Alarm Monitoring system and method |
CN107426132A (en) * | 2016-05-23 | 2017-12-01 | 腾讯科技(深圳)有限公司 | The detection method and device of network attack |
CN110460558A (en) * | 2018-05-07 | 2019-11-15 | 南京联成科技发展股份有限公司 | A kind of method and system based on the discovery of visual challenge model |
CN111541661A (en) * | 2020-04-15 | 2020-08-14 | 全球能源互联网研究院有限公司 | Power information network attack scene reconstruction method and system based on causal knowledge |
WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
CN113676464A (en) * | 2021-08-09 | 2021-11-19 | 国家电网有限公司 | Network security log alarm processing method based on big data analysis technology |
-
2021
- 2021-11-25 CN CN202111410097.XA patent/CN114257414A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101227331A (en) * | 2008-01-25 | 2008-07-23 | 华中科技大学 | Method for reducing alarm of network attack detection system by mistake |
US20110016528A1 (en) * | 2008-08-15 | 2011-01-20 | Venus Info Tech Inc. | Method and Device for Intrusion Detection |
US20130127618A1 (en) * | 2011-11-21 | 2013-05-23 | Daniel Sheleheda | Method and apparatus for machine to machine network security monitoring in a communications network |
CN103617562A (en) * | 2013-12-04 | 2014-03-05 | 国家电网公司 | System and method for intelligently processing power grid warning messages |
WO2016029570A1 (en) * | 2014-08-28 | 2016-03-03 | 北京科东电力控制系统有限责任公司 | Intelligent alert analysis method for power grid scheduling |
CN105681286A (en) * | 2015-12-31 | 2016-06-15 | 中电长城网际系统应用有限公司 | Association analysis method and association analysis system |
CN107426132A (en) * | 2016-05-23 | 2017-12-01 | 腾讯科技(深圳)有限公司 | The detection method and device of network attack |
CN107196804A (en) * | 2017-06-01 | 2017-09-22 | 国网山东省电力公司信息通信公司 | Power system terminal communication access network Centralized Alarm Monitoring system and method |
CN110460558A (en) * | 2018-05-07 | 2019-11-15 | 南京联成科技发展股份有限公司 | A kind of method and system based on the discovery of visual challenge model |
WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
CN111541661A (en) * | 2020-04-15 | 2020-08-14 | 全球能源互联网研究院有限公司 | Power information network attack scene reconstruction method and system based on causal knowledge |
CN113676464A (en) * | 2021-08-09 | 2021-11-19 | 国家电网有限公司 | Network security log alarm processing method based on big data analysis technology |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114928531A (en) * | 2022-05-06 | 2022-08-19 | 广西电网有限责任公司 | Network security integrated intelligent protection method and device, robot and medium |
CN114928531B (en) * | 2022-05-06 | 2023-09-05 | 广西电网有限责任公司 | Network security integrated intelligent protection method, device, robot and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112651006B (en) | Power grid security situation sensing system | |
CN102447570B (en) | Monitoring device and method based on health degree analysis | |
CN106371986A (en) | Log treatment operation and maintenance monitoring system | |
US8144599B2 (en) | Binary class based analysis and monitoring | |
CN111756582B (en) | Service chain monitoring method based on NFV log alarm | |
CN109586239B (en) | Real-time diagnosis and fault early warning method for intelligent substation | |
CN110191004B (en) | Port detection method and system | |
CN107547228B (en) | Implementation architecture of safe operation and maintenance management platform based on big data | |
CN112416872A (en) | Cloud platform log management system based on big data | |
CN113271303A (en) | Botnet detection method and system based on behavior similarity analysis | |
CN114996090A (en) | Server abnormity detection method and device, electronic equipment and storage medium | |
CN113671909A (en) | Safety monitoring system and method for steel industrial control equipment | |
CN114257414A (en) | Intelligent network security duty method and system | |
CN102104606B (en) | Worm detection method of intranet host | |
CN110609761B (en) | Method and device for determining fault source, storage medium and electronic equipment | |
CN115550034A (en) | Service flow monitoring method and device for distribution network power monitoring system | |
CN114006719B (en) | AI verification method, device and system based on situation awareness | |
CN111988172B (en) | Network information management platform, device and security management method | |
CN115333915A (en) | Network management and control system for heterogeneous host | |
CN114428715A (en) | Log processing method, device and system and storage medium | |
CN111245796A (en) | Big data analysis method for industrial network intrusion detection | |
CN116204386B (en) | Method, system, medium and equipment for automatically identifying and monitoring application service relationship | |
CN113965486B (en) | Line detection method and device for vertically positioning faults | |
CN113890814B (en) | Fault perception model construction and fault perception method and system, equipment and medium | |
CN115514582B (en) | Industrial Internet attack chain correlation method and system based on ATT & CK |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |