CN114448718B - Network security guarantee method for parallel detection and repair - Google Patents

Network security guarantee method for parallel detection and repair Download PDF

Info

Publication number
CN114448718B
CN114448718B CN202210210305.XA CN202210210305A CN114448718B CN 114448718 B CN114448718 B CN 114448718B CN 202210210305 A CN202210210305 A CN 202210210305A CN 114448718 B CN114448718 B CN 114448718B
Authority
CN
China
Prior art keywords
attack
vulnerability
network
behavior
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210210305.XA
Other languages
Chinese (zh)
Other versions
CN114448718A (en
Inventor
侯波涛
左晓军
常杰
郭禹伶
郗波
刘惠颖
刘硕
王颖
史丽鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Hebei Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Electric Power Research Institute of State Grid Hebei Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202210210305.XA priority Critical patent/CN114448718B/en
Publication of CN114448718A publication Critical patent/CN114448718A/en
Application granted granted Critical
Publication of CN114448718B publication Critical patent/CN114448718B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention relates to the technical field of network security, in particular to a network security guarantee method for parallel detection and repair, which comprises a parameter acquisition step, a security parameter analysis step, a prediction step and a repair reaction step, wherein the parameter acquisition step comprises the step of acquiring data of an actual network environment according to a set network defense element; the safety parameter analysis step comprises the steps of calling an algorithm in a memory according to the data obtained in the parameter acquisition step, and defining and analyzing parameters; the predicting step comprises judging the attack type according to the analysis result in the safety parameter analyzing step, and analyzing the attack; the repairing reaction step comprises the steps of defending and repairing according to the attack type, and has the characteristics of high safety, self-perfection and stable operation.

Description

Network security guarantee method for parallel detection and repair
Technical Field
The invention relates to the technical field of network security, in particular to a network security guarantee method for parallel detection and repair.
Background
Network security refers to that hardware, software and data in a network system are protected, the system is not damaged, changed and leaked due to accidental or malicious reasons, the system continuously and reliably operates normally, and network service is not interrupted. The communication network security protection engineering is continuously explored and practiced in the aspect of information security protection for many years, and an information security protection system with the main characteristics of network isolation, regional division and deep defense is built. Network security, generally refers to the security of a computer network, and in fact may also refer to the security of a computer communication network. The computer communication network is a system for interconnecting a plurality of computers with independent functions through communication equipment and transmission media and realizing information transmission and exchange among the computers under the support of communication software. The computer network is a system in which a plurality of independent computer systems, terminal devices and data devices distributed in a region are connected by communication means for the purpose of sharing resources, and data exchange is performed under the control of a protocol. The computer network is basically aimed at resource sharing, and the communication network is a way to realize network resource sharing, so that the computer network is safe, the corresponding computer communication network must be safe, and the information exchange and resource sharing should be realized for network users, and the network safety refers to the safety of the computer network as well as the safety of the computer communication network. With the increasing complexity of application systems and network environments, security threats are increasing, and traditional security products (systems) with different administrative functions only solve certain specific security problems and mainly adopt passive protection. The security architecture built based on "passive prevention" is also insufficient to cope with current complex network attacks. Therefore, in order to cope with increasingly complex network threats, the security technologies with different security emphasis points need to be combined together in a targeted manner to form an integrated security overall solution, so as to realize the transition from passive prevention to active defense.
With the rapid development of computer technology, information networks have become an important guarantee of social development. There are many sensitive information, even national secrets. It is inevitable to attract various man-made attacks (e.g., information leakage, information theft, data falsification, data deletion, computer viruses, etc.) from around the world. At the same time, network entities are subject to such things as floods, fires, earthquakes, electromagnetic radiation, etc.
The network active defense is a system engineering, has more uncertain factors, generates a large amount of network data information by a plurality of network nodes, complex network branch structures, devices and the like, and is necessary to carry out system, comprehensive monitoring and analysis on network information and a safety environment.
Disclosure of Invention
The network security guarantee method for parallel detection and repair provided by the invention has the characteristics of high security, self-perfection and stable operation.
The technical scheme of the invention is as follows:
the network safety guarantee method for parallel detection and repair comprises parameter acquisition, safety parameter analysis, prediction and repair reaction,
the parameter acquisition step comprises the steps of acquiring data of an actual network environment according to a set network defense element;
the safety parameter analysis step comprises the steps of calling an algorithm in a memory according to the data obtained in the parameter acquisition step, and defining and analyzing parameters;
the prediction step packet judges the attack type according to the analysis result in the safety parameter analysis step and analyzes the attack;
the repairing reaction step comprises the steps of defending and repairing according to the attack type.
As a further optimization of the scheme, the network defense elements to be acquired comprise an original information set a, an information function set B, an information relation set C, an intrusion action set D, a target vulnerability set E and a defense set F.
As a further optimization of the scheme, the security parameter analysis step includes analyzing the target vulnerability set, storing the historical vulnerability set in the data, storing the defending strategy for the historical vulnerability, and storing the vulnerability into the historical vulnerability set after the repair is completed for the first attacked point which does not appear at the historical vulnerability.
As further optimization of the scheme, the historical vulnerability type is set as Ec, the current vulnerability number is collected, the current vulnerability number is compared with the historical vulnerability type EC, the occurrence time and the occurrence position of each vulnerability type Ec are recorded, the occurrence frequency and the occurrence frequency in a unit time period of the vulnerability are calculated, and the possibility of future occurrence is calculated, so that the possibility of being attacked is calculated.
As a further optimization of the scheme, the predicting step includes setting a time window t, counting the attack behaviors in the t time period, and predicting the attack behaviors in the next time period ti according to the attack behaviors in the time window.
As a further optimization of the scheme, if an attack behavior consistent with the attack behavior stored in the existing database appears in the window of the t time period, predicting the attack behavior of the future ti time period according to the historical attack behavior and recording the prediction result; and predicts t based on vulnerability in t time i If the elapsed time of the network behavior is too short and effective behavior cannot be extracted for prediction, comparing and judging the network behavior similar to the network composition, taking the attack behavior experienced by the reference network behavior as a prediction result, and storing the attack behavior.
As a further optimization of the scheme, when predicting the attack behavior according to the weaknesses, analyzing the weaknesses in the adopted time window t, searching the weaknesses with the highest attacked priority and marking if at the predicted t i When the vulnerable priority is higher than the vulnerability in the time window t in the time period, the vulnerability is taken as a node at the place where the vulnerability appears, vulnerability analysis is carried out as a new time window in the time period of the first t, and t is the time after the new node i The attack behavior of the time period is predicted and passes through t i The time period, the vulnerability of the new attack with higher priority does not appear.
As bookFurther optimization of the scheme, time period t i The probability of attack occurring therein is equal to the period t i The product of the ratio of the priority of attack of each vulnerability and the probability of attack of each vulnerability in the system and the future time period t is judged i The number s of possible attacks.
As a further optimization of the scheme, the type and the time point of attack are predicted according to each vulnerability characteristic, defense preparation is established according to the type and the time point, trigger instructions aiming at possible attack types are set, and corresponding defense means and repair measures are automatically invoked after the instructions are started.
As a further optimization of the scheme, when an unpredictable attack occurs, comparing and analyzing the attack sequence with the data format attacked by the intrusion action set, searching the data format with the highest similarity and the corresponding attack action, and making corresponding defending measures according to the attack action.
The working principle of the invention is as follows:
in the method, data sent by an original information set, an information function set, an information relation set, an intrusion action set, a target vulnerability set and a defense set in an information transmission process are collected through a parameter collection step, the data are stored and warehoused, in a safety parameter analysis step, the information is analyzed and processed according to an algorithm to obtain secondary data, a prediction step is executed, according to analysis results, attack actions which are possibly happened are predicted according to the analysis results by combining intrusion actions and corresponding defense means, the probability of happening is analyzed, the relation among the probability of happening, the risk degree and the defense success is optimized, the risk is defined and predicted in an omnibearing system, the predicted attack actions are prevented according to the prediction results, meanwhile, a learning algorithm is called for intrusion with higher risk, if attack occurs, the attack actions and the defense measures at the moment can be obtained according to the time, the previous problems are combined, the system is further repaired, the attack actions are recorded after the defense is performed, and more attack instructions can be identified and prevented through a learning mode.
The effect intended in this application is that,
according to the original information set, the information function set, the information relation set, the intrusion action set, the target vulnerability set and the defense set, a plurality of angles and data are sent to analyze and count the information, and the analysis of the data is more accurate due to the fact that the reference data is comprehensive. For network intrusion behavior, prediction and early warning can be performed, a database is continuously updated by means of a learning algorithm, defense experience and repair experience are enhanced, and the repair capability is improved while network safety is ensured.
Description of the embodiments
The technical solutions of the embodiments of the present invention will be clearly and completely described below in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The network safety guarantee method for parallel detection and repair comprises parameter acquisition, safety parameter analysis, prediction and repair reaction,
the parameter acquisition step comprises the steps of acquiring data of an actual network environment according to a set network defense element;
the safety parameter analysis step comprises the steps of calling an algorithm in a memory according to the data obtained in the parameter acquisition step, and defining and analyzing parameters;
the predicting step comprises judging the attack type according to the analysis result in the safety parameter analyzing step, and analyzing the attack;
the repairing reaction step comprises the steps of defending and repairing according to the attack type.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
The method comprises the steps of firstly collecting data sent by an original information set, an information function set, an information relation set, an intrusion action set, a target vulnerability set and a defense set in an information transmission process through a parameter collecting step, storing the data in a warehouse, analyzing and processing the information according to an algorithm in a safety parameter analyzing step to obtain secondary data, executing a predicting step, predicting possible attack actions according to an analysis result by combining intrusion action and corresponding defense means, analyzing the occurrence probability, optimizing the relation among the occurrence probability, the risk degree and the defense success, defining and predicting a risk in an omnibearing system, preventing the predicted attack actions according to a predicting result, and calling a learning algorithm for the intrusion with higher risk, if the attack occurs, further repairing the system according to the attack actions and the defense measures, combining the previous problems, recording, and identifying and preventing more instructions through a learning mode, wherein network defense elements to be collected comprise an original information set A, an information function set B, an information relation set C, an intrusion action set D, a target vulnerability set F and a defense set.
When the parameter acquisition step is carried out, firstly, resource information in transmission information is collected, wherein the resource information comprises hardware assets and software assets, the acquired resources are defined according to the type, priority or value of the acquired resources, and the potential possibility and weakness level of the invaded resources can be analyzed in sequence.
The information function set is used for analyzing further characteristics of the resource information, and the relation set born by the resource information of each mark can be analyzed, wherein the relation set comprises the relation between the resource and other resources, the role of the resource in the network environment, the role object of the resource, the appearance frequency and other characteristics.
The information relation set is used for expressing the relation between each resource and the action relation, such as attack or weakness to a certain resource, the influence degree to other resources and the relation generated between the resources, so that the sequence of attack behaviors and the relation tightness degree between the weaknesses can be analyzed and predicted according to the information relation, and the problem can be better predicted.
The intrusion action set is an attack set, and firstly, the network database is docked to obtain information of network attack, including the risk degree, preventive measures, what resource data the intrusion is frequently generated on and corresponding extension behaviors.
The target vulnerability information does not include the mark id for each vulnerability, the occurrence time of the vulnerability, the influence degree of the vulnerability on the resource information, and the attack information of the vulnerability in history.
The defending information comprises defending actions corresponding to various invasion actions, when specific attack actions are faced, the defending actions can be reacted at the first time, a defending network is built, and meanwhile, the defending information also comprises a repairing method after attack, so that loss can be reduced to the greatest extent.
The security parameter analysis step comprises the steps of analyzing a target vulnerability set, storing a historical vulnerability set in data, storing a defending strategy for the historical vulnerability, storing the vulnerability into the historical vulnerability set after repairing is completed for the first time attacked point which does not appear in the historical vulnerability, setting the historical vulnerability type as Ec, collecting the number of the current vulnerabilities, comparing the current vulnerability type with the historical vulnerability type Ec, recording the occurrence time and the position of each vulnerability type Ec, calculating the possibility of future occurrence according to the occurrence times and the occurrence frequency of the vulnerabilities in a unit time period, and calculating the possibility of attack, wherein the prediction step comprises the steps of setting a time window t, counting the attack behaviors which are performed in the time period t, predicting the attack behaviors of the next time period ti according to the attack behaviors in the time window, and if the attack behaviors which are consistent with the attack behaviors stored in the existing database appear in the window of the time period t, predicting the future attack behaviors according to the historical attack behaviors i Predicting the attack behaviors in the time period and recording the prediction results; and predicts t based on vulnerability in t time i If the elapsed time of the network behavior is too short, the effective behavior cannot be extracted to predict, then the network behavior is compared with the network behavior similar to the network composition, the attack behavior experienced by the reference network behavior is used as a prediction result and stored, when the attack behavior is predicted according to the weak points, the weak points in the adopted time window t are analyzed, the weak point with the highest attack priority is searched for marking, if the attack priority appears in the predicted ti time period to be higher than the time windowthe weak point in t is taken as a node at which the weak point appears, weak point analysis is carried out by taking the weak point as a new time window in the previous t period of time, and t is taken after the new node i The attack behavior of the time period is predicted and passes through t i Time period, no new vulnerability with higher priority of attack occurs, time period t i The probability of attack occurring therein is equal to the period t i The product of the ratio of the priority of attack of each vulnerability and the probability of attack of each vulnerability in the system and the future time period t is judged i The number s of possible attacks. According to each vulnerability characteristic, predicting the type and time point of the attack, establishing defense preparation according to the type and time point, setting a trigger instruction aiming at the possible attack type, and automatically calling corresponding defense means and repair measures after the instruction is started. When an unpredictable attack occurs, comparing and analyzing the attack sequence with the data format attacked by the invasion action set, searching the data format with highest similarity and the corresponding attack action, and making corresponding defending measures according to the attack action.
In various embodiments, the hardware implementation of the technology may directly employ existing smart devices, including, but not limited to, industrial personal computers, PCs, smartphones, handheld standalone machines, floor stand-alone machines, and the like. The input device is preferably a screen keyboard, the data storage and calculation module adopts an existing memory, a calculator and a controller, the internal communication module adopts an existing communication port and protocol, and the remote communication module adopts an existing gprs network, a universal Internet and the like.
After the new attack behavior is built or repaired, the database is updated and perfected according to the defending data and the intrusion behavior, meanwhile, the type of intrusion behavior is simulated and simulated, meanwhile, corresponding weaknesses of disguise are thrown out, the corresponding defending means are exposed to the intrusion behavior, and the defending and repairing stability and effect are tested.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms. The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
The functional units in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units. The integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, and the computer program may be stored in a computer readable storage medium, where the computer program, when executed by a processor, may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the content of the computer readable medium can be appropriately increased or decreased according to the requirements of the jurisdiction's jurisdiction and the patent practice, for example, in some jurisdictions, the computer readable medium does not include electrical carrier signals and telecommunication signals according to the jurisdiction and the patent practice.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.

Claims (6)

1. A network security guarantee method for parallel detection and repair is characterized by comprising a parameter acquisition step, a security parameter analysis step, a prediction step and a repair reaction step,
the parameter acquisition step comprises the steps of acquiring data of an actual network environment according to a set network defense element;
the safety parameter analysis step comprises the steps of calling an algorithm in a memory according to the data obtained in the parameter acquisition step, and defining and analyzing parameters;
the predicting step comprises judging the attack type according to the analysis result in the safety parameter analyzing step, and analyzing the attack;
the repairing reaction step comprises the steps of defending and repairing according to attack types;
the security parameter analysis step comprises the steps of analyzing a target vulnerability set, storing a history vulnerability set in data, storing a defense strategy for the history vulnerability, and storing the vulnerability into the history vulnerability set after repairing a first attacked point which does not appear at the history vulnerability;
the predicting step comprises setting a time window t, counting the attack behaviors in the t time period, and according to the attack behaviors in the time window, proceeding the following time period t i Predicting the attack behavior of the (a);
if the attack behavior consistent with the attack behavior stored in the existing database appears in the window of the t time period, the future t is based on the historical attack behavior i Predicting the attack behaviors in the time period and recording the prediction results; and predicts t based on vulnerability in t time i If the elapsed time of the network behavior is too short and effective behavior cannot be extracted for prediction, comparing and judging the network behavior similar to the network composition, taking the attack behavior experienced by the referenced network behavior as a prediction result, and storing the attack behavior;
when predicting the attack according to the weaknesses, analyzing the weaknesses in the adopted time window t, searching the weaknesses with the highest priority of attack, and marking if the weaknesses are in the predicted t i Occurrence of attack within a time periodIf the priority is higher than the vulnerability in the time window t, the vulnerability appearance position is taken as a node, vulnerability analysis is carried out by taking the vulnerability appearance position as a new time window in the first t period of time, and t is the period after the new node i The attack behavior of the time period is predicted, and the new vulnerability with higher attack priority does not appear after the time period ti.
2. The network security protection method for parallel detection and repair according to claim 1, wherein the network defense elements to be collected comprise an original information set a, an information function set B, an information relation set C, an intrusion action set D, a target vulnerability set E and a defense set F.
3. The network security method for concurrent detection and repair according to claim 2, wherein the type of historical vulnerability is set as E c Collect the current vulnerability count and match the historical vulnerability type E C In contrast, the time and position of occurrence of each vulnerability type Ec are recorded, the occurrence frequency of the vulnerability and the occurrence frequency in unit time period are used, and the possibility of occurrence in the future is calculated, so that the possibility of being attacked is calculated.
4. A network security method for parallel detection and repair according to claim 3 wherein the probability of an attack occurring within time period ti is equal to time period t i The product of the ratio of the priority of attack of each vulnerability and the probability of attack of each vulnerability in the system and the future time period t is judged i The number s of possible attacks.
5. The network security guarantee method for parallel detection and restoration according to claim 4, wherein the type and time point of attack are predicted according to each vulnerability characteristic, and a defending preparation is established according to the type and time point, a triggering instruction aiming at a possible attack type is set, and corresponding defending means and restoration means are automatically invoked after the instruction is started.
6. The network security guarantee method for parallel detection and restoration according to claim 5, wherein when an unpredictable attack occurs, the attack sequence is compared with the data format attacked by the intrusion action set to find the data format with the highest similarity and the corresponding attack action, and corresponding defending measures are made according to the attack action.
CN202210210305.XA 2022-03-03 2022-03-03 Network security guarantee method for parallel detection and repair Active CN114448718B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210210305.XA CN114448718B (en) 2022-03-03 2022-03-03 Network security guarantee method for parallel detection and repair

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210210305.XA CN114448718B (en) 2022-03-03 2022-03-03 Network security guarantee method for parallel detection and repair

Publications (2)

Publication Number Publication Date
CN114448718A CN114448718A (en) 2022-05-06
CN114448718B true CN114448718B (en) 2023-08-01

Family

ID=81359838

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210210305.XA Active CN114448718B (en) 2022-03-03 2022-03-03 Network security guarantee method for parallel detection and repair

Country Status (1)

Country Link
CN (1) CN114448718B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115828233B (en) * 2022-11-18 2023-05-12 国网河北省电力有限公司电力科学研究院 Data packaging method for dynamic safety detection system of power grid

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200622598A (en) * 2004-12-30 2006-07-01 Secureuni Technologies Co Ltd Method for operation of vulnerability management
CN101162993A (en) * 2007-11-29 2008-04-16 哈尔滨工程大学 Network risk analysis method
CN101681328A (en) * 2007-03-16 2010-03-24 普利瓦里公司 Predictive assessment of network risks
CN106899595A (en) * 2017-02-28 2017-06-27 中国人民解放军空军装备研究院雷达与电子对抗研究所 Imperfect information Network Security Analysis Method and device based on intensified learning
CN108200095A (en) * 2018-02-09 2018-06-22 华北电力科学研究院有限责任公司 The Internet boundaries security strategy fragility determines method and device
CN113392409A (en) * 2021-08-17 2021-09-14 深圳市位元领航科技有限公司 Risk automated assessment and prediction method and terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2553427B (en) * 2016-08-02 2021-09-15 Sophos Ltd Identifying and remediating phishing security weaknesses
US11159556B2 (en) * 2019-10-25 2021-10-26 EMC IP Holding Company LLC Predicting vulnerabilities affecting assets of an enterprise system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200622598A (en) * 2004-12-30 2006-07-01 Secureuni Technologies Co Ltd Method for operation of vulnerability management
CN101681328A (en) * 2007-03-16 2010-03-24 普利瓦里公司 Predictive assessment of network risks
CN101162993A (en) * 2007-11-29 2008-04-16 哈尔滨工程大学 Network risk analysis method
CN106899595A (en) * 2017-02-28 2017-06-27 中国人民解放军空军装备研究院雷达与电子对抗研究所 Imperfect information Network Security Analysis Method and device based on intensified learning
CN108200095A (en) * 2018-02-09 2018-06-22 华北电力科学研究院有限责任公司 The Internet boundaries security strategy fragility determines method and device
CN113392409A (en) * 2021-08-17 2021-09-14 深圳市位元领航科技有限公司 Risk automated assessment and prediction method and terminal

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于博弈论和网络弱点分析的网络主动防御技术研究;牛通 等;《智能计算机与应用》;第2卷(第3期);全文 *
自动高效的网络安全评估方法;王春露;王彦丞;;计算机科学与探索(08);全文 *

Also Published As

Publication number Publication date
CN114448718A (en) 2022-05-06

Similar Documents

Publication Publication Date Title
Fava et al. Projecting cyberattacks through variable-length markov models
Sendi et al. Real time intrusion prediction based on optimized alerts with hidden Markov model
Yi et al. An intelligent communication warning vulnerability detection algorithm based on IoT technology
CN112637220A (en) Industrial control system safety protection method and device
CN110417772A (en) The analysis method and device of attack, storage medium, electronic device
CN110545280B (en) Quantitative evaluation method based on threat detection accuracy
CN110598404A (en) Security risk monitoring method, monitoring device, server and storage medium
KR102222377B1 (en) Method for Automatically Responding to Threat
CN114448718B (en) Network security guarantee method for parallel detection and repair
Wang et al. Threat Analysis of Cyber Attacks with Attack Tree+.
CN116112211A (en) Knowledge-graph-based network attack chain reduction method
Zhang et al. Network security situational awareness model based on threat intelligence
CN112347484A (en) Software vulnerability detection method, device, equipment and computer readable storage medium
CN114584358B (en) Intelligent network security system, device and storage medium based on Bayesian regularization
TianYu et al. Research on security threat assessment for power iot terminal based on knowledge graph
CN116094817A (en) Network security detection system and method
CN115587357A (en) Threat scene analysis method and system based on big data
Lakhdhar et al. Proactive security for safety and sustainability of mission critical systems
Aung et al. Developing and analysis of cyber security models for security operation center in Myanmar
Maciel et al. Impact assessment of multi-threats in computer systems using attack tree modeling
CN109861865A (en) A kind of alarm interlock method, device, system, computer equipment and storage medium
Wang et al. Industrial information security detection and protection: Monitoring and warning platform architecture design and cryptographic antitheft technology system upgrade
CN117648689B (en) Automatic response method for industrial control host safety event based on artificial intelligence
JP6857627B2 (en) White list management system
CN117609990A (en) Self-adaptive safety protection method and device based on scene association analysis engine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant