CN115051879B - Data analysis system of network security situation perception system based on machine learning - Google Patents
Data analysis system of network security situation perception system based on machine learning Download PDFInfo
- Publication number
- CN115051879B CN115051879B CN202210983676.1A CN202210983676A CN115051879B CN 115051879 B CN115051879 B CN 115051879B CN 202210983676 A CN202210983676 A CN 202210983676A CN 115051879 B CN115051879 B CN 115051879B
- Authority
- CN
- China
- Prior art keywords
- network
- network security
- data
- security
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention discloses a data analysis system of a network security situation perception system based on machine learning, which comprises a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation, the loopholes of an operating system and the vulnerability of terminal equipment, and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time and judging and early warning the current and future network security threats.
Description
Technical Field
The invention relates to the technical field of network security situation analysis, in particular to a data analysis system of a network security situation perception system based on machine learning.
Background
The network security situation awareness means that in a large-scale network environment, security elements which can cause network situation changes are acquired, understood and displayed, and the future network security development trend is predicted according to the security elements; with the integration and development of technologies such as internet, cloud computing, 5G and the like, the technology of internet of things is more and more mature, the network is not only information intercommunication between people, but also information intercommunication between people and terminals and between terminals, and the production and life efficiency of people is continuously improved; but when the industrial internet and the consumption internet are fused, the risk of network security threats is higher and higher, and the network security situation sensing system judges and warns the current network and threats which may occur in the future by collecting and sorting data, and gives an analysis report to help make network security precautionary measures; however, malicious attacks and stealing behaviors based on the network are also increasingly developed, and threats such as viruses, trojans, hackers, hostility and the like are more and more, so people need a data analysis system of a network security situation awareness system based on machine learning to solve the problems.
Disclosure of Invention
The invention aims to provide a data analysis system of a network security situation awareness system based on machine learning, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: the data analysis system of the network security situation awareness system based on machine learning comprises a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation behaviors, the vulnerability of terminal equipment and the loophole of an operating system and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time and judging and early warning the current and future network security threats.
Furthermore, the security element acquisition module comprises a user behavior acquisition unit, a terminal device acquisition unit and an operating system acquisition unit, wherein the user behavior acquisition unit is used for acquiring behavior habit data generated in the process that a user operates the terminal device and operates the operating system in a network; the terminal equipment acquisition unit is used for acquiring parameter information of terminal equipment in a network, connection conditions among the terminal equipment and information used by the mobile storage medium among the terminal equipment; the operating system acquisition unit is used for acquiring system log information, application log information and network log information of operating system operation in a network.
Furthermore, the security situation analysis module comprises a first analysis unit, a second analysis unit and a third analysis unit, wherein the first analysis unit is used for acquiring data acquired by the user behavior acquisition unit and analyzing whether behavior habits of a user for operating the terminal device and operating the operating system in the network are abnormal or not; the second analysis unit is used for acquiring the data acquired by the terminal equipment acquisition unit and analyzing the vulnerability of the terminal equipment in the process of operating the terminal equipment by a user in the network; the third analysis unit is used for acquiring the data acquired by the operating system acquisition unit and analyzing the compatibility of the operating system in the network, security holes existing in the operating system and the security of data storage in the operating system.
Further, the network security planning module comprises a security evaluation unit and a security management unit, wherein the security evaluation unit is used for receiving the network security situation analysis report obtained by the security situation analysis module and sending security early warning to the network security early warning module according to the current and future network security threats analyzed in the network security situation analysis report; and the safety management unit is used for establishing a network safety management system and formulating a network safety emergency response scheme.
Further, the network security early warning module comprises an early warning visualization unit and an emergency response unit, wherein the early warning visualization unit is used for converting network security threats analyzed in a network security situation analysis report from professional network security wordings into specific execution instructions to be provided to managers; the emergency response unit is used for monitoring the behaviors of users in the network, the operation of an operating system and the operation of terminal equipment in real time and carrying out emergency treatment on sudden network security threats.
The data analysis method of the network security situation awareness system based on machine learning comprises the following steps:
s1: the safety element acquisition module acquires data of an operating system, data of terminal equipment and behavior habit data of a user in a network;
s2: the security situation analysis module acquires and analyzes the data acquired by the security element acquisition module to obtain a network security situation analysis report;
s3: the network security planning module performs network security planning according to the network security situation analysis report, establishes a network security management system and formulates a network security emergency response scheme;
s4: and the network security early warning module performs visual analysis according to the early warning sent by the network security situation analysis report to obtain a specific execution instruction.
Further, in step S1: the safety acquisition module acquires data of an operating system in a network, including version, network protocol, safety configuration and firewall information of the operating system, to obtain a group of operating system data set A =
、
、...、
M represents the data type of the operating system; collecting data of terminal equipment in a network, wherein the data comprises equipment manufacturers, equipment service life, interface connection condition and mobile storage medium service condition to obtain a group of terminal data sets B = &
、
、
、...、
N represents the type of terminal equipment data; collecting behavior habit data of a user, including a user login account, an IP address, a browsing page and a reading file, to obtain a group of user behavior habit data sets C = &
、
、
、...、
And k represents the data types of the behavior habits of the users.
Further, in step S2: the security situation analysis module acquires data sets A, B and C, the mean values of the sets A, B and C are calculated respectively by using a covariance analysis algorithm, and the mean value calculation formula is as follows:
wherein, the first and the second end of the pipe are connected with each other,
is the value of the ith item in the collection, d is the total number of the collection,
is the mean value; and then calculating the variances of the sets A, B and C, wherein the variance calculation formula is as follows:
wherein
Is the variance of the set; then, the degree of correlation between any two data in the set is calculated according to a covariance formula, wherein the covariance formula is as follows:
finally, a covariance matrix formed by the covariance of the ith element and the jth element in the set is obtained as follows:
D=
if the value of the covariance matrix D is larger than 0, the set A, B and C data is in positive correlation with the network security threat, if the value of the covariance matrix D is smaller than 0, the set A, B and C data is in negative correlation with the network security threat, and if the value of the covariance matrix D is equal to 0, the set A, B and C data is not relevant to the network security threat; and obtaining a network situation analysis report according to the covariance matrix D of the three sets of A, B and C.
Further, in step S3: the network security planning module receives the network situation analysis report and carries out network security planning according to the network situation analysis report, and the network security planning comprises the following steps:
s301, comprehensively checking the operating system in the network, updating security patches, and comprehensively repairing operating system bugs; reinforcing security configuration, checking network password intensity, deleting redundant expired accounts, closing default opening sharing and high-risk port investigation;
s302, increasing user operation permission, and carrying out permission classification according to different user accounts to limit the operation of part of users; monitoring the behavior of a user entering a network in real time, and early warning abnormal behavior; upgrading data protection in the network, and verifying the data again when a user accesses and acquires the data;
s303, upgrading the terminal equipment, checking the manufacturing information of the terminal equipment, updating the firmware of the equipment which is not compatible with the update of the latest operating system, replacing the terminal equipment with data leakage, and managing and controlling the use of the mobile storage medium among the terminal equipment;
according to the network security plan, establishing a security management system and making a network security emergency response scheme, wherein the security management system comprises:
s311, training network safety awareness of operating terminal equipment personnel;
s312, performing safety evaluation on the operating system and the terminal equipment regularly;
s313, a security technology defense system is established in the aspects of architecture optimization, security operation and maintenance, monitoring and early warning.
Further, in step S4: and the network security early warning module receives the network security threat risk early warning, and performs visual analysis on professional network security expressions in the early warning to convert the professional network security expressions into executable simple instructions.
Compared with the prior art, the invention has the following beneficial effects: the method comprises the steps that behavior habit data of user operation in a network, parameter information of terminal equipment and operation data of an operation system are collected through a security element collection module, then a security situation analysis module analyzes the data collected by the security element collection module by means of a covariance analysis algorithm to obtain the behavior habits of the user, the degree of correlation between the terminal equipment and the operation system and network security threats to obtain a network situation security analysis report, a network security planning module carries out network security planning according to the network situation security analysis report, a network security management system is established, a network security emergency response scheme is formulated, network security threat early warning mentioned in the report is carried out, the network security early warning module carries out visual analysis, professional network security terms are converted into simple executable instructions to be provided for security management personnel, meanwhile, the network security early warning module monitors the behavior of the user in the network, the operation of the operation system and the operation of the terminal equipment in real time, and emergency treatment is carried out on the emergent network security.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic structural diagram of a data analysis system of a machine learning-based network security situation awareness system according to the present invention;
FIG. 2 is a schematic flow chart of the data analysis method of the network security situation awareness system based on machine learning according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the present invention provides a technical solution: the system comprises a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation behaviors, the vulnerability of terminal equipment and the vulnerability of an operating system and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats.
The security element acquisition module comprises a user behavior acquisition unit, a terminal equipment acquisition unit and an operating system acquisition unit, wherein the user behavior acquisition unit is used for acquiring behavior habit data generated in the process of operating the terminal equipment and the operating system by a user in a network; the terminal equipment acquisition unit is used for acquiring parameter information of terminal equipment in a network, connection conditions among the terminal equipment and information used by the mobile storage medium among the terminal equipment; the operating system acquisition unit is used for acquiring system log information, application log information and network log information of operating system operation in the network.
The security situation analysis module comprises a first analysis unit, a second analysis unit and a third analysis unit, wherein the first analysis unit is used for acquiring data acquired by the user behavior acquisition unit and analyzing whether behavior habits of a user for operating the terminal equipment and an operating system in a network are abnormal or not; the second analysis unit is used for acquiring the data acquired by the terminal equipment acquisition unit and analyzing the vulnerability of the terminal equipment in the process of operating the terminal equipment by a user in the network; the third analysis unit is used for acquiring the data acquired by the operating system acquisition unit and analyzing the compatibility of the operating system, the security loopholes of the operating system and the security of data storage in the operating system in the running process of the operating system in the network.
The network security planning module comprises a security evaluation unit and a security management unit, wherein the security evaluation unit is used for receiving a network security situation analysis report obtained by the security situation analysis module and sending security early warning to the network security early warning module according to the current and future network security threats analyzed in the network security situation analysis report; and the safety management unit is used for establishing a network safety management system and formulating a network safety emergency response scheme.
The network security early warning module comprises an early warning visualization unit and an emergency response unit, wherein the early warning visualization unit is used for converting network security threats analyzed in a network security situation analysis report from professional network security expressions into specific execution instructions to be provided for management personnel; the emergency response unit is used for monitoring the behaviors of users in the network, the operation of an operating system and the operation of terminal equipment in real time and carrying out emergency treatment on sudden network security threats.
The data analysis method of the network security situation awareness system based on machine learning comprises the following steps:
s1: the safety element acquisition module acquires data of an operating system, data of terminal equipment and behavior habit data of a user in a network;
s2: the security situation analysis module acquires and analyzes the data acquired by the security element acquisition module to obtain a network security situation analysis report;
s3: the network security planning module carries out network security planning according to the network security situation analysis report, establishes a network security management system and formulates a network security emergency response scheme;
s4: and the network security early warning module performs visual analysis according to the early warning sent by the network security situation analysis report to obtain a specific execution instruction.
In step S1: the security acquisition module acquires data of an operating system in a network, including version, network protocol, security configuration and firewall information of the operating system, to obtain a group of operating system data set A = &
、
、...、
M denotes the data kind of the operating system; collecting data of terminal equipment in a network, wherein the data comprises equipment manufacturers, equipment service life, interface connection condition and mobile storage medium service condition to obtain a group of terminal data sets B = &
、
、
、...、
N represents the type of terminal equipment data; collecting behavior habit data of a user, including a user login account, an IP address, a browsing page and a reading file, to obtain a group of user behavior habit data sets C = &
、
、
、...、
And k represents the data types of the behavior habits of the users.
In step S2: the security situation analysis module acquires data sets A, B and C, the mean values of the sets A, B and C are calculated respectively by using a covariance analysis algorithm, and the mean value calculation formula is as follows:
wherein, the first and the second end of the pipe are connected with each other,
is the value of the ith item in the collection, d is the total number of the collection,
is an average value; then, calculating the variance of the sets A, B and C, wherein the variance calculation formula is as follows:
wherein
Is the variance of the set; then, the degree of correlation between any two data in the set is calculated according to a covariance formula, wherein the covariance formula is as follows:
finally, a covariance matrix formed by the covariance of the ith element and the jth element in the set is obtained as follows:
D=
if the value of the covariance matrix D is larger than 0, the set A, B and C data is positively correlated with the network security threat, if the value of the covariance matrix D is smaller than 0, the set A, B and C data is negatively correlated with the network security threat, and if the value of the covariance matrix D is equal to 0, the set A, B and C data is not correlated with the network security threat; and obtaining a network situation analysis report according to the values of the covariance matrix D of the three sets of A, B and C.
In step S3: the network security planning module receives the network situation analysis report and carries out network security planning according to the network situation analysis report, and the network security planning comprises the following steps:
s301, comprehensively checking the operating system in the network, updating security patches, and comprehensively repairing operating system bugs; reinforcing security configuration, checking network password intensity, deleting redundant expired accounts, closing default opening sharing and high-risk port investigation;
s302, increasing user operation permission, and carrying out permission classification according to different user accounts to limit the operation of part of users; monitoring the behavior of a user entering a network in real time, and early warning abnormal behavior; upgrading data protection in a network, wherein a user accesses and acquires data and needs to verify the data again;
s303, upgrading the terminal equipment, checking the manufacturing information of the terminal equipment, updating the firmware of the equipment incompatible with the update of the latest operating system, replacing the terminal equipment with data leakage, and managing and controlling the use of the mobile storage medium among the terminal equipment;
according to the network safety planning, a safety management system is established and a network safety emergency response scheme is formulated, wherein the safety management system comprises:
s311, training network safety awareness of operating terminal equipment personnel;
s312, performing safety evaluation on the operating system and the terminal equipment regularly;
s313, a security technology defense system is established from the aspects of architecture optimization, security operation and maintenance and monitoring and early warning.
In step S4: and the network security early warning module receives the network security threat risk early warning, and performs visual analysis on professional network security expressions in the early warning to convert the professional network security expressions into executable simple instructions.
The first embodiment is as follows: the security element acquisition module acquires behavior habit data of user operation in a network, parameter information of terminal equipment and operation data of an operating system to respectively obtain an operating system data set A = &
、
、...、
Represents the data type of the operating system, and a terminal device data set B = &
、
、
、...、
N represents the type of terminal equipment data, and a user behavior habit data set C = &
、
、
、...、
H, k represents the data type of the user behavior habit; the security analysis module then utilizes the mean formula
Calculating the mean value of the sets A, B and C
,
,
And then using the variance formula
Calculating the variance of the sets A, B and C
,
,
And finally using the covariance formula
Calculating the degree of correlation between any two data in the sets A, B and C to respectively obtain covariance matrixes of the sets A, B and C
,
,
If the value of the covariance matrix is greater than 0, the set data is positively correlated with the network security threat; if the value of the covariance matrix is less than 0, the set data is in negative correlation with the network security threat; if the value of the covariance matrix is equal to 0, the set data is irrelevant to the network security threat, and finally a network security situation analysis report is obtained; and establishing a safety management system and formulating a network safety emergency response scheme according to the analysis report.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described above, or equivalents may be substituted for elements thereof. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. The data analysis system of the network security situation awareness system based on machine learning is characterized by comprising a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation behaviors, the vulnerability of terminal equipment and the loophole of an operating system and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats;
the method for realizing the data analysis system of the network security situation awareness system based on the machine learning comprises the following steps:
s1: the safety element acquisition module acquires data of an operating system, data of terminal equipment and behavior habit data of a user in a network;
s2: the security situation analysis module acquires and analyzes the data acquired by the security element acquisition module to obtain a network security situation analysis report;
s3: the network security planning module performs network security planning according to the network security situation analysis report, establishes a network security management system and formulates a network security emergency response scheme;
s4: the network security early warning module performs visual analysis according to the early warning sent by the network security situation analysis report to obtain a specific execution instruction;
in step S1: the security acquisition module acquires data of an operating system in a network, including version, network protocol, security configuration and firewall information of the operating system, to obtain a group of operating system data set A = &
、
、...、
M represents the data type of the operating system; collecting data of terminal equipment in a network, wherein the data comprises equipment manufacturer, equipment service life, interface connection condition and mobile storage medium service condition to obtain a group of terminal data set B =
、
、
、...、
N represents the type of terminal equipment data; collecting user's behavior habit data including user login account number, IP address, browsing page and reading file to obtain a group of user behavior habit data set C =
、
、
、...、
H, k represents the data type of the user behavior habit;
in step S2: the security situation analysis module acquires data sets A, B and C, the mean values of the sets A, B and C are calculated respectively by using a covariance analysis algorithm, and the mean value calculation formula is as follows:
wherein the content of the first and second substances,
is the value of the ith entry in the collection, d is the total number of the collection,
is an average value; then, calculating the variance of the sets A, B and C, wherein the variance calculation formula is as follows:
wherein
Variance of the set; then, the degree of correlation between any two data in the set is calculated according to a covariance formula, wherein the covariance formula is as follows:
finally, a covariance matrix formed by the covariance of the ith element and the jth element in the set is obtained as follows:
D=
if the value of the covariance matrix D is larger than 0, the set A, B and C data is positively correlated with the network security threat, if the value of the covariance matrix D is smaller than 0, the set A, B and C data is negatively correlated with the network security threat, and if the value of the covariance matrix D is equal to 0, the set A, B and C data is not correlated with the network security threat; obtaining a network situation analysis report according to the covariance matrix D of the three sets A, B and C;
in step S3: the network security planning module receives the network situation analysis report and carries out network security planning according to the network situation analysis report, and the network security planning comprises the following steps:
s301, comprehensively checking the operating system in the network, updating security patches, and comprehensively repairing operating system bugs; reinforcing security configuration, checking network password intensity, deleting redundant expired accounts, closing default opening sharing and high-risk port investigation;
s302, increasing user operation permission, and grading the permission according to different user accounts to limit the operation of part of users; monitoring the behavior of a user entering a network in real time, and early warning abnormal behavior; upgrading data protection in the network, and verifying the data again when a user accesses and acquires the data;
s303, upgrading the terminal equipment, checking the manufacturing information of the terminal equipment, updating the firmware of the equipment incompatible with the update of the latest operating system, replacing the terminal equipment with data leakage, and managing and controlling the use of the mobile storage medium among the terminal equipment;
according to the network safety planning, a safety management system is established and a network safety emergency response scheme is formulated, wherein the safety management system comprises:
s311, training network safety awareness of operating terminal equipment personnel;
s312, performing safety evaluation on the operating system and the terminal equipment regularly;
s313, establishing a security technology defense system in the aspects of architecture optimization, security operation and maintenance, monitoring and early warning;
in step S4: and the network security early warning module receives the network security threat risk early warning, and performs visual analysis on professional network security expressions in the early warning to convert the professional network security expressions into executable simple instructions.
2. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the safety element acquisition module comprises a user behavior acquisition unit, a terminal equipment acquisition unit and an operating system acquisition unit, wherein the user behavior acquisition unit is used for acquiring behavior habit data generated in the process of operating the terminal equipment and the operating system by a user in a network; the terminal equipment acquisition unit is used for acquiring parameter information of terminal equipment in a network, connection conditions among the terminal equipment and information used by the mobile storage medium among the terminal equipment; the operating system acquisition unit is used for acquiring system log information, application log information and network log information of operating system operation in the network.
3. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the security situation analysis module comprises a first analysis unit, a second analysis unit and a third analysis unit, wherein the first analysis unit is used for acquiring data acquired by the user behavior acquisition unit and analyzing whether behavior habits of a user for operating the terminal equipment and an operating system in a network are abnormal or not; the second analysis unit is used for acquiring the data acquired by the terminal equipment acquisition unit and analyzing the vulnerability of the terminal equipment in the process of operating the terminal equipment by a user in the network; the third analysis unit is used for acquiring the data acquired by the operating system acquisition unit and analyzing the compatibility of the operating system, the security loopholes of the operating system and the security of data storage in the operating system in the running process of the operating system in the network.
4. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the network security planning module comprises a security evaluation unit and a security management unit, wherein the security evaluation unit is used for receiving a network security situation analysis report obtained by the security situation analysis module and sending security early warning to the network security early warning module according to the current and future network security threats analyzed in the network security situation analysis report; and the safety management unit is used for establishing a network safety management system and formulating a network safety emergency response scheme.
5. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the network security early warning module comprises an early warning visualization unit and an emergency response unit, wherein the early warning visualization unit is used for converting network security threats analyzed in a network security situation analysis report from professional network security expressions into specific execution instructions to be provided for management personnel; the emergency response unit is used for monitoring the behavior of a user in the network, the operation of an operating system and the operation of terminal equipment in real time and carrying out emergency disposal on sudden network security threats.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210983676.1A CN115051879B (en) | 2022-08-17 | 2022-08-17 | Data analysis system of network security situation perception system based on machine learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210983676.1A CN115051879B (en) | 2022-08-17 | 2022-08-17 | Data analysis system of network security situation perception system based on machine learning |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115051879A CN115051879A (en) | 2022-09-13 |
| CN115051879B true CN115051879B (en) | 2022-11-22 |
Family
ID=83166942
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210983676.1A Active CN115051879B (en) | 2022-08-17 | 2022-08-17 | Data analysis system of network security situation perception system based on machine learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115051879B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115567258B (en) * | 2022-09-16 | 2024-03-01 | 中国联合网络通信集团有限公司 | Network security situation awareness method, system, electronic equipment and storage medium |
| CN115361227B (en) * | 2022-09-22 | 2023-05-09 | 珠海市鸿瑞信息技术股份有限公司 | Network security detection method based on data visualization |
| CN115766138B (en) * | 2022-11-03 | 2023-08-01 | 国家工业信息安全发展研究中心 | Industrial Internet enterprise network security grading evaluation method and system |
| CN116595512B (en) * | 2023-04-10 | 2023-11-07 | 广东堡塔安全技术有限公司 | Third party server safety management system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9762605B2 (en) * | 2011-12-22 | 2017-09-12 | Phillip King-Wilson | Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network |
| CN107835982B (en) * | 2015-05-04 | 2022-01-25 | 赛义德·卡姆兰·哈桑 | Method and apparatus for managing security in a computer network |
| CN109814179B (en) * | 2019-01-04 | 2021-01-12 | 南京信息工程大学 | Emergency communication processing system based on cloud perception |
-
2022
- 2022-08-17 CN CN202210983676.1A patent/CN115051879B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
Non-Patent Citations (1)
| Title |
|---|
| 网络安全态势感知关键技术研究及发展趋势分析;陶源等;《信息网络安全》;20180810(第08期);第82-83页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115051879A (en) | 2022-09-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115051879B (en) | Data analysis system of network security situation perception system based on machine learning | |
| CN113965404B (en) | Network security situation self-adaptive active defense system and method | |
| US20210194924A1 (en) | Artificial intelligence adversary red team | |
| US20210273949A1 (en) | Treating Data Flows Differently Based on Level of Interest | |
| JP7319370B2 (en) | Systems and methods for behavioral threat detection | |
| US20180343279A1 (en) | Systems and methods of network security and threat management | |
| WO2021171090A1 (en) | An artificial intelligence adversary red team | |
| EP2040435B1 (en) | Intrusion detection method and system | |
| CN114584405B (en) | Electric power terminal safety protection method and system | |
| CN111163115A (en) | Internet of things safety monitoring method and system based on double engines | |
| CN104509034A (en) | Pattern consolidation to identify malicious activity | |
| Sathya et al. | Discriminant analysis based feature selection in kdd intrusion dataset | |
| EP2936772B1 (en) | Network security management | |
| CN106101130A (en) | A kind of network malicious data detection method, Apparatus and system | |
| CN108259498A (en) | A kind of intrusion detection method and its system of the BP algorithm based on artificial bee colony optimization | |
| CN110830467A (en) | Network suspicious asset identification method based on fuzzy prediction | |
| CN113242267A (en) | Situation perception method based on brain-like calculation | |
| CN112039858A (en) | Block chain service security reinforcement system and method | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| Snehi et al. | Global intrusion detection environments and platform for anomaly-based intrusion detection systems | |
| CN115766235A (en) | Network security early warning system and early warning method | |
| AlSadhan et al. | Leveraging information security continuous monitoring for cyber defense | |
| KR20200054495A (en) | Method for security operation service and apparatus therefor | |
| CN116089965B (en) | Information security emergency management system and method based on SOD risk model | |
| KR102540904B1 (en) | A security total management system for weak security management based on big data and a total method of security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |