CN114389867A - Network security analysis system - Google Patents

Network security analysis system Download PDF

Info

Publication number
CN114389867A
CN114389867A CN202111652560.1A CN202111652560A CN114389867A CN 114389867 A CN114389867 A CN 114389867A CN 202111652560 A CN202111652560 A CN 202111652560A CN 114389867 A CN114389867 A CN 114389867A
Authority
CN
China
Prior art keywords
data
analysis module
security
event
events
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111652560.1A
Other languages
Chinese (zh)
Inventor
冯国聪
邓子杰
邹洪
张佳发
明哲
余芸
陈华军
王健
张华兵
黄潜
胡健
许伟杰
黄清水
毕凯峰
母天石
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southern Power Grid Digital Grid Research Institute Co Ltd
Original Assignee
Southern Power Grid Digital Grid Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southern Power Grid Digital Grid Research Institute Co Ltd filed Critical Southern Power Grid Digital Grid Research Institute Co Ltd
Priority to CN202111652560.1A priority Critical patent/CN114389867A/en
Publication of CN114389867A publication Critical patent/CN114389867A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

The invention discloses a network security analysis system, comprising: the data event analysis module is used for carrying out statistics according to the data asset events; the data risk analysis module is used for providing a data security risk trend function, carrying out classified statistics on data security events and displaying the data security events in a graph; and the data flow analysis module is used for establishing an access relation view of the data assets and the account. The network security analysis system is mainly used for monitoring and managing global data risks, can realize real-time monitoring of network data and correspondingly perform data security analysis by monitoring and managing the data risks in a full life cycle, and provides security monitoring capability based on the full life cycle of data such as data acquisition and data transmission, so that the security and reliability of the global data are effectively improved.

Description

Network security analysis system
Technical Field
The invention relates to the technical field related to data security analysis, in particular to a network security analysis system.
Background
Along with the continuous deepening of the informatization degree of each industry, the complexity and the openness of the IT system are improved; with the rapid development and application of emerging technologies such as cloud computing, big data, artificial intelligence and the like, data serving as production data supporting the existence and development of the advanced technologies becomes a core asset of an organization and is paid attention and protected unprecedented. However, data can better play its value only in continuous flowing, and the traditional safety idea taking isolation as the leading idea is not suitable for the requirement of the big data era, so that the idea of data safety control for ensuring data use safety is pregnant and born.
Currently, many units face the situation: the data of each business system in the same unit are respectively stored in respective databases, so that effective control and management of each database are difficult, the functions are difficult to expand, wider and higher-level data application is difficult to develop, and the data information cannot be utilized to provide effective decision support for decision makers. Meanwhile, data calling can be carried out only through a specific interface between systems, so that the structure and the relation of the whole information system of a unit are more and more complex, and the stable operation of the system is influenced. By constructing a comprehensive data platform, data integration can be effectively carried out, application cooperation is realized, unit global production and management are better served, the requirements of integral production management, process monitoring and operation management on integrity, consistency and safety sharing of real-time and quasi-real-time data information are met, information integration is realized, and informatization is converted into whole unit integration, sharing and cooperation. However, how to monitor and manage global data risk is a real problem currently facing.
Disclosure of Invention
The present invention is directed to a network security analysis system to solve the problems set forth in the background art.
In order to achieve the purpose, the invention provides the following technical scheme:
a network security analysis system, comprising: the system comprises a data event analysis module, a data risk analysis module and a data flow direction analysis module.
And the data event analysis module is used for carrying out statistics according to the data asset events and graphically displaying the proportion of the data asset events of various levels and types. Furthermore, different display contents are selected according to different levels and types of data asset events, and the display contents comprise asset names, event names and event data.
And the data risk analysis module is used for providing a data security risk trend function, carrying out classification statistics on data security events and displaying the data security events by a graph. Further, it can be presented according to different time dimensions. Furthermore, the data security event risk is selected and displayed according to different event types, and the colors of the event occurrence intervals are distinguished, so that the data security event risk is rapidly judged.
And the data flow analysis module is used for establishing an access relation view of the data assets and the account. Furthermore, the calling of the data assets is displayed through the time and the path of the account number access, and the selection is carried out according to the time range. Furthermore, the method establishes a global data asset flow direction display, can highlight a data path used by a certain data asset or a certain account, and can quickly locate a business process of using data by the account, and can give a corresponding safety alarm when abnormal access occurs.
Compared with the prior art, the invention has the beneficial effects that: the network security analysis system is mainly used for monitoring and managing global data risks, can realize real-time monitoring of network data and correspondingly perform data security analysis by monitoring and managing the data risks in a full life cycle, and provides security monitoring capability based on the full life cycle of data such as data acquisition and data transmission, so that the security and reliability of the global data are effectively improved.
Drawings
Fig. 1 is a schematic structural diagram of an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A network security analysis system, comprising: the system comprises a data event analysis module, a data risk analysis module and a data flow direction analysis module.
And the data event analysis module is used for carrying out statistics according to the data asset events and graphically displaying the proportion of the data asset events of various levels and types. Here, the event refers to an event that does not belong to a standard service, which may cause service interruption or service quality degradation. And selecting different display contents according to the data asset events with different levels and types, wherein the display contents comprise asset names, event names and event data. Here, the underlying technology of the present system may employ the following prior art:
firstly, a flow-based statistical analysis technology is used for searching possible malicious activities by analyzing flow information of a network, and a netflow technology of a network outlet router is adopted for realization.
Secondly, the intrusion detection technology based on characteristics can find unauthorized access and malicious content by analyzing the traffic information of the network and automatically carry out full packet inspection on the traffic entering and exiting the network. The technology can provide real-time alerts to the system when malicious or potentially harmful activity occurs in network traffic supervised by the system, and provide correlation and visualization capabilities for derived data.
And thirdly, a decision technology based on the threat. The method adopts a technical means to carry out real-time full packet inspection on the flow entering and exiting the supervision network, and aims to find out malicious network flow and characteristically express the malicious network flow so as to enhance the network security analysis, situation awareness and security response capability.
The data risk analysis module: the system is used for providing a data security risk trend function, performing classification statistics on data security events and displaying the data security events in a graph. The method comprises the following steps: displaying according to different time dimensions; and selecting and displaying according to different event types, and distinguishing colors according to event occurrence intervals, so that the data security event risk is judged quickly.
The data flow direction analysis module: the method is used for establishing an access relation view of the data assets and the account. And displaying the calling of the data assets through the time and the path of the account number access, and selecting according to the time range. And establishing a global data asset flow direction display, and highlighting a data path used by a certain data asset or a certain account so as to quickly locate a business process of using data by the account, and giving a corresponding safety alarm when abnormal access occurs.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (6)

1. A network security analysis system, comprising: the system comprises a data event analysis module, a data risk analysis module and a data flow direction analysis module;
the data event analysis module is used for carrying out statistics according to the data asset events;
the data risk analysis module: the system is used for providing a data security risk trend function, performing classified statistics on data security events and displaying the data security events by a graph;
the data flow direction analysis module: the method is used for establishing an access relation view of the data assets and the account.
2. The network security analysis system of claim 1, wherein the data event analysis module graphically displays the percentage of the data asset events of various levels and categories, and selects different display contents according to the data asset events of different levels and categories, wherein the display contents comprise asset names, event names and event data.
3. The network security analysis system according to claim 1 or 2, wherein the data risk analysis module is displayed in a form including: and displaying according to different time dimensions.
4. The network security analysis system of claim 3, wherein the data risk analysis module is presented in a form comprising: and selecting and displaying according to different event types, and distinguishing colors according to event occurrence intervals.
5. The network security analysis system of claim 3, wherein the data stream analysis module exposes the invocation of the data asset by the time and path of the account access, and selects according to a time range.
6. The network security analysis system of claim 5, wherein the data flow analysis module establishes a global data asset flow display, which can highlight a data path used by a certain data asset or a certain account, so as to quickly locate a business process of using data by the account, and when abnormal access occurs, a corresponding security alarm can be given.
CN202111652560.1A 2021-12-30 2021-12-30 Network security analysis system Pending CN114389867A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111652560.1A CN114389867A (en) 2021-12-30 2021-12-30 Network security analysis system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111652560.1A CN114389867A (en) 2021-12-30 2021-12-30 Network security analysis system

Publications (1)

Publication Number Publication Date
CN114389867A true CN114389867A (en) 2022-04-22

Family

ID=81199844

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111652560.1A Pending CN114389867A (en) 2021-12-30 2021-12-30 Network security analysis system

Country Status (1)

Country Link
CN (1) CN114389867A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
US20170346846A1 (en) * 2016-05-31 2017-11-30 Valarie Ann Findlay Security threat information gathering and incident reporting systems and methods
CN111815132A (en) * 2020-06-28 2020-10-23 云南电网有限责任公司电力科学研究院 Network security management information publishing method and system for power monitoring system
CN112215505A (en) * 2020-10-19 2021-01-12 国网山东省电力公司电力科学研究院 Data security intelligent management and control platform suitable for electric power industry

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
US20170346846A1 (en) * 2016-05-31 2017-11-30 Valarie Ann Findlay Security threat information gathering and incident reporting systems and methods
CN111815132A (en) * 2020-06-28 2020-10-23 云南电网有限责任公司电力科学研究院 Network security management information publishing method and system for power monitoring system
CN112215505A (en) * 2020-10-19 2021-01-12 国网山东省电力公司电力科学研究院 Data security intelligent management and control platform suitable for electric power industry

Similar Documents

Publication Publication Date Title
CN107302466B (en) Big data analysis platform and method for dynamic loop monitoring system
CN104407964B (en) A kind of centralized monitoring system and method based on data center
CN107317718B (en) A kind of O&M service management and management platform
CN105553957A (en) Network safety situation awareness early-warning method and system based big data
CN105871605A (en) Operation and maintenance monitoring platform based on big power marketing data
CN108763957A (en) A kind of safety auditing system of database, method and server
CN110866642A (en) Security monitoring method and device, electronic equipment and computer readable storage medium
CN102035855A (en) Network security incident association analysis system
CN103260049A (en) Intelligent skynet video quality diagnostic system
CN103336510A (en) Comprehensive operation and maintenance management system for internet of things
CN112598368A (en) Sewage treatment online supervision platform
CN113658428A (en) Intelligent active management and control platform for expressway
CN112071032A (en) Dangerous chemical major hazard source alarm hierarchical management system
CN116859800A (en) Production workshop safety monitoring system and method based on complex event stream
CN104065503A (en) Discriminant analysis method for fault sourcing of facilities in intelligent traffic internet of things
CN113132370A (en) Universal integrated safety pipe center system
CN110493044B (en) Quantifiable situation perception method and system
CN114389867A (en) Network security analysis system
CN110149303B (en) Party-school network security early warning method and early warning system
CN113129645B (en) Monitoring system for AIS equipment specification
Li et al. Network security situation awareness method based on visualization
CN107885141A (en) A kind of city integrated piping lane monitoring and operation management system and method
CN114124662A (en) Resource intelligent operation and maintenance system based on cross-network environment
CN112650889A (en) Method and system for constructing enterprise safety, environmental protection and security protection monitoring data warehouse
CN112559621A (en) Property integrated command center management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination