CN114363057A - Intelligent network security analysis method and system - Google Patents
Intelligent network security analysis method and system Download PDFInfo
- Publication number
- CN114363057A CN114363057A CN202111678247.5A CN202111678247A CN114363057A CN 114363057 A CN114363057 A CN 114363057A CN 202111678247 A CN202111678247 A CN 202111678247A CN 114363057 A CN114363057 A CN 114363057A
- Authority
- CN
- China
- Prior art keywords
- data
- network security
- database operation
- analysis method
- intelligent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 46
- 238000012423 maintenance Methods 0.000 claims abstract description 39
- 238000007726 management method Methods 0.000 claims abstract description 16
- 230000005540 biological transmission Effects 0.000 claims abstract description 12
- 238000012550 audit Methods 0.000 claims description 13
- 238000013480 data collection Methods 0.000 claims description 7
- 238000007781 pre-processing Methods 0.000 claims description 6
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 claims description 3
- 231100000279 safety data Toxicity 0.000 claims description 3
- 230000004044 response Effects 0.000 abstract description 7
- 238000000034 method Methods 0.000 abstract description 4
- 238000012544 monitoring process Methods 0.000 abstract description 4
- 238000010223 real-time analysis Methods 0.000 abstract description 3
- 230000010354 integration Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a network security intelligent analysis method and a system thereof, wherein the system comprises a database operation and maintenance platform provided with a network security intelligent analysis algorithm library, and the database operation and maintenance platform is used for centralized management of database operation and maintenance; the method is characterized in that a database operation and maintenance platform is arranged in a centralized manner, data are defined, collected, monitored and managed by means of cloud computing, and functions of auditing, auditing and the like are provided. The invention provides the safety monitoring based on the data life cycle such as data acquisition, data transmission and the like, and realizes the network safety intelligent analysis and response of the whole cycle, real-time analysis, quick response and intelligent response.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an intelligent network security analysis method and system.
Background
With the rapid development and application of emerging technologies such as cloud computing, big data, artificial intelligence and the like, data serving as production data supporting the existence and development of the advanced technologies becomes a core asset of an organization and is paid attention and protected unprecedented. However, data can better play its value only in continuous flowing, and the traditional safety idea taking isolation as the leading idea is not suitable for the requirement of the big data era, so that the idea of data safety control for ensuring data use safety is pregnant and born. By constructing a comprehensive data platform, data integration can be effectively carried out, application cooperation is realized, unit global production and management are better served, the requirements of integral production management, process monitoring and operation management on integrity, consistency and safety sharing of real-time and quasi-real-time data information are met, information integration is realized, and informatization is converted into whole unit integration, sharing and cooperation. However, the traditional intelligent analysis system architecture mainly adopts an off-line analysis mode and only interfaces one data source. The system architecture is often limited to a single algorithm scene, outdated analysis and judgment can be made only based on historical data, the system architecture cannot be suitable for the requirements of 'full cycle, real-time analysis and quick response' of network security, cannot cope with the current complex security situation, and cannot meet the requirements of more and more data source combined data full life cycle monitoring management.
Disclosure of Invention
The present invention is directed to a network security intelligent analysis method and system, so as to solve the problems set forth in the background art.
In order to achieve the purpose, the invention provides the following technical scheme:
a network security intelligent analysis method and system, the said system includes the database operation and maintenance platform with network security intelligent analysis algorithm base, the said database operation and maintenance platform is used for centralized management of database operation and maintenance; different network security intelligent analysis algorithm models are packaged in the network security intelligent analysis algorithm library, and the network security intelligent analysis algorithm models form microservice application;
the analysis method comprises the following steps:
s1, a data acquisition stage: defining data acquisition information, then acquiring data, and preprocessing the acquired data;
s2, data transmission stage: carrying out real-time data acquisition on information involved in the data transmission process, and preprocessing the acquired data;
s3, inputting the preprocessed data into a network security intelligent analysis algorithm library according to the data types;
and S4, analyzing the different types of network safety data by the micro-service in the network safety intelligent analysis algorithm library, diagnosing the safety condition of the network, and visually displaying the safety condition.
Here, the database operation and maintenance platform provides analysis processing for structured and unstructured data.
Further, in the step S1, the defined information includes a data collection department, a service system, and a source, and the defined information is converted into data for data collection.
Further, in the step S2, data information of departments, service systems, protocols, source IPs, source ports, destination IPs, destination ports, and sensitive quantities involved in the data transmission process is collected in real time. Through the step of S2, the data information definition and collection of the whole process department are realized, the user maintenance operation is realized without knowing the system password, and the security of password management is improved.
Preferably, the database operation and maintenance platform is centrally arranged and comprises a user account management module for uniformly managing the user accounts, so that the functions of the user accounts are defined, illegal login and illegal operation are quickly discovered, analyzed, positioned and responded, and a basis is provided for safety audit and tracking.
Preferably, the database operation and maintenance platform audits database operation, provides centralized log audit, associates user operation behaviors, finds abnormal operations such as misoperation in time, and gives an alarm.
In order to implement high-risk command control, preferably, the database operation and maintenance platform performs access control based on a user, and aims at high-risk operations such as: the data can be blocked in real time by deleting the database, the data table and the like, and the data is prevented from being damaged due to high-risk commands such as a drop table, a drop database, a trunk table and the like. Furthermore, for normal high-risk commands to be executed by operation and maintenance, threats such as malicious operation of operation and maintenance personnel are prevented by adding an auditing link.
In order to realize illegal operation control, preferably, the database operation and maintenance platform controls a channel for directly accessing data, provides a fine-grained management function of user permissions, and avoids risks such as data leakage caused by abuse of the database user permissions. Further, the platform actively monitors database activities, prevents unauthorized database access, authority or role upgrade, and prevents illegal access to sensitive data.
In order to implement the sensitive command approval function, preferably, the database operation and maintenance platform provides an auditing link for sensitive database operation commands such as DELETE, SELECT and the like based on user access control, records auditing information, prevents data leakage and damage, and provides source-tracing auditing of the sensitive commands.
Compared with the prior art, the invention has the beneficial effects that: according to the network security intelligent analysis method and the system thereof, the database operation and maintenance platform is arranged in a centralized manner, the cloud computing means is utilized to define, collect, monitor and manage the data, and functions of auditing, auditing and the like are provided, so that the security monitoring based on the data life cycle of data collection, data transmission and the like is provided, and the network security intelligent analysis and response of the whole cycle, real-time analysis, quick response and intelligent response are realized.
Drawings
FIG. 1 is a block diagram of an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, an intelligent network security analysis method and a system thereof include a database operation and maintenance platform provided with an intelligent network security analysis algorithm library, where the database operation and maintenance platform is used for centralized management of database operation and maintenance; different network security intelligent analysis algorithm models are packaged in the network security intelligent analysis algorithm library, and the network security intelligent analysis algorithm models form microservice application;
the analysis method comprises the following steps:
s1, a data acquisition stage: defining data acquisition information, then acquiring data, and preprocessing the acquired data;
s2, data transmission stage: carrying out real-time data acquisition on information involved in the data transmission process, and preprocessing the acquired data;
s3, storing the preprocessed data, namely data acquisition stage data, data transmission stage data and source data acquired and transmitted from each acquisition point into a database, and inputting the data into a network security intelligent analysis algorithm library according to the data type;
and S4, analyzing the different types of network safety data by the micro-service in the network safety intelligent analysis algorithm library, diagnosing the safety condition of the network, and visually displaying the safety condition.
Here, the database operation and maintenance platform provides analysis processing for structured and unstructured data.
Further, in the step S1, the defined information includes a data collection department, a service system, and a source, and the defined information is converted into data for data collection.
Further, in the step S2, data information of departments, service systems, protocols, source IPs, source ports, destination IPs, destination ports, and sensitive quantities involved in the data transmission process is collected in real time. Through the step of S2, the data information definition and collection of the whole process department are realized, the user maintenance operation is realized without knowing the system password, and the security of password management is improved.
The database operation and maintenance platform is set in a centralized mode and comprises a user account management module for uniformly managing the user accounts, the functions of the user accounts are clarified, illegal login and illegal operation are quickly discovered, analyzed, positioned and responded, and a basis is provided for safety audit and tracking.
The database operation and maintenance platform audits database operation, provides centralized log audit, associates operation behaviors of users, finds abnormal operations such as misoperation in time and gives an alarm.
The database operation and maintenance platform is based on user access control, and aims at high-risk operation such as: the data can be blocked in real time by deleting the database, the data table and the like, and the data is prevented from being damaged due to high-risk commands such as a drop table, a drop database, a trunk table and the like. Furthermore, for normal high-risk commands to be executed by operation and maintenance, threats such as malicious operation of operation and maintenance personnel are prevented by adding an auditing link.
The database operation and maintenance platform controls a channel for directly accessing data, provides a fine-grained management function of user authority, and avoids dangers such as data leakage caused by abuse of the database user authority. Further, the platform actively monitors database activities, prevents unauthorized database access, authority or role upgrade, and prevents illegal access to sensitive data.
The database operation and maintenance platform provides an auditing link for sensitive database operation commands such as DELETE, SELECT and the like based on user access control, records auditing information, prevents data leakage and damage, and provides sensitive command traceability auditing.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. The system is characterized by comprising a database operation and maintenance platform provided with a network security intelligent analysis algorithm library, wherein the database operation and maintenance platform is used for centralized management of database operation and maintenance; different network security intelligent analysis algorithm models are packaged in the network security intelligent analysis algorithm library, and the network security intelligent analysis algorithm models form microservice application;
the analysis method comprises the following steps:
s1, a data acquisition stage: defining data acquisition information, then acquiring data, and preprocessing the acquired data;
s2, data transmission stage: carrying out real-time data acquisition on information involved in the data transmission process, and preprocessing the acquired data;
s3, inputting the preprocessed data into a network security intelligent analysis algorithm library according to the data types;
and S4, analyzing the different types of network safety data by the micro-service in the network safety intelligent analysis algorithm library, diagnosing the safety condition of the network, and visually displaying the safety condition.
2. The intelligent network security analysis method and system according to claim 1, wherein in the step S1, the defined information includes data collection department, service system, and source, and the defined information is converted into data for data collection.
3. The intelligent network security analysis method and system according to claim 1 or 2, wherein in the step S2, data information of departments, service systems, protocols, source IPs, source ports, destination IPs, destination ports and sensitive quantities involved in the data transmission process are collected in real time.
4. The intelligent network security analysis method and system according to claim 3, wherein the database operation and maintenance platform is centralized and includes a user account management module for managing the user's account uniformly, so as to clarify the functions of the user's account, quickly find, analyze, locate and respond to illegal login and illegal operations, and provide basis for security audit and tracking.
5. The intelligent network security analysis method and system according to claim 4, wherein the database operation and maintenance platform audits database operations, provides centralized log audit, associates user operation behavior, finds abnormal operations such as misoperation in time, and gives an alarm.
6. The intelligent network security analysis method and system according to claim 5, wherein the database operation and maintenance platform is based on user access control and can block high-risk operations in real time.
7. The intelligent network security analysis method and system according to claim 6, wherein the normal high-risk commands to be executed by the operation and maintenance are processed by adding an audit link.
8. The intelligent network security analysis method and system according to claim 6, wherein the database operation and maintenance platform manages and controls a channel for directly accessing data, and provides a fine-grained management function of user authority.
9. The intelligent network security analysis method and system according to claim 8, wherein the database operation and maintenance actively monitors database activities, preventing unauthorized database access, rights or role upgrade, and illegal access to sensitive data.
10. The intelligent network security analysis method and system according to claim 9, wherein the database operation and maintenance platform provides an audit link for the sensitive database operation command based on user access control, records audit information, prevents data leakage and damage, and provides a source audit for the sensitive command.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111678247.5A CN114363057A (en) | 2021-12-31 | 2021-12-31 | Intelligent network security analysis method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111678247.5A CN114363057A (en) | 2021-12-31 | 2021-12-31 | Intelligent network security analysis method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114363057A true CN114363057A (en) | 2022-04-15 |
Family
ID=81105722
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111678247.5A Pending CN114363057A (en) | 2021-12-31 | 2021-12-31 | Intelligent network security analysis method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363057A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871605A (en) * | 2016-03-30 | 2016-08-17 | 国网江西省电力科学研究院 | Operation and maintenance monitoring platform based on big power marketing data |
| CN111262838A (en) * | 2020-01-09 | 2020-06-09 | 南方电网科学研究院有限责任公司 | Intelligent analysis method, system and equipment for network security |
| CN111600890A (en) * | 2020-05-18 | 2020-08-28 | 广东电网有限责任公司惠州供电局 | Network security perception system based on big data |
| CN112766517A (en) * | 2021-01-12 | 2021-05-07 | 南方电网数字电网研究院有限公司 | Monitoring and early warning method for electric power operation and maintenance network security |
-
2021
- 2021-12-31 CN CN202111678247.5A patent/CN114363057A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871605A (en) * | 2016-03-30 | 2016-08-17 | 国网江西省电力科学研究院 | Operation and maintenance monitoring platform based on big power marketing data |
| CN111262838A (en) * | 2020-01-09 | 2020-06-09 | 南方电网科学研究院有限责任公司 | Intelligent analysis method, system and equipment for network security |
| CN111600890A (en) * | 2020-05-18 | 2020-08-28 | 广东电网有限责任公司惠州供电局 | Network security perception system based on big data |
| CN112766517A (en) * | 2021-01-12 | 2021-05-07 | 南方电网数字电网研究院有限公司 | Monitoring and early warning method for electric power operation and maintenance network security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105139139B (en) | Data processing method and device and system for O&M audit | |
| CN108763957A (en) | A kind of safety auditing system of database, method and server | |
| CN103593804A (en) | Electric power information communication scheduling and monitoring platform | |
| CN111209269A (en) | Big data management system of wisdom city | |
| CN101252441B (en) | Acquired safety control method and system based on target capable of setting information safety | |
| CN105868914A (en) | Cloud management system and management method of automobile electronic health archive | |
| CN105871605A (en) | Operation and maintenance monitoring platform based on big power marketing data | |
| CN105631522A (en) | IT system operation and maintenance management system | |
| CN108960456A (en) | Private clound secure, integral operation platform | |
| CN103166794A (en) | Information security management method with integration security control function | |
| CN112766672A (en) | Network security guarantee method and system based on comprehensive evaluation | |
| KR20140035146A (en) | Apparatus and method for information security | |
| CN113516337A (en) | Method and device for monitoring data security operation | |
| CN110033174A (en) | A kind of industrial information efficient public security system building method | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| CN118071297A (en) | Hydraulic engineering construction management integrated system based on multisource data analysis | |
| CN117879887A (en) | Computer host information transmission supervision system based on artificial intelligence | |
| CN113672479B (en) | Data sharing method and device and computer equipment | |
| CN112688929B (en) | Sharing system based on Internet threat information | |
| CN112084152B (en) | Full life cycle management system of electronic measuring instrument | |
| CN114363057A (en) | Intelligent network security analysis method and system | |
| CN117149559A (en) | Auditing method and system based on operation log information of power network equipment | |
| Yan et al. | Research on key technologies of industrial internet data security | |
| CN114465800A (en) | Industrial control network security protection architecture and network security protection method for tobacco industry | |
| CN107733914B (en) | Centralized management and control system for heterogeneous security mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220415 |
|
| RJ01 | Rejection of invention patent application after publication |