CN115987695A - Network security monitoring system based on big data analysis - Google Patents
Network security monitoring system based on big data analysis Download PDFInfo
- Publication number
- CN115987695A CN115987695A CN202310274391.5A CN202310274391A CN115987695A CN 115987695 A CN115987695 A CN 115987695A CN 202310274391 A CN202310274391 A CN 202310274391A CN 115987695 A CN115987695 A CN 115987695A
- Authority
- CN
- China
- Prior art keywords
- data
- editing
- module
- network
- uploading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a network security monitoring system based on big data analysis, which relates to the technical field of network security and comprises a data receiving module, a data classification module, a security monitoring module, a distributed database and a data backup module; the data receiving module is used for collecting network information, network data and network content uploaded or edited by different IPs to obtain IP editing data; after the cloud server receives the IP editing data, monitoring coefficient analysis is carried out on the cached IP editing data by using the data classification module, and a monitoring priority table of the IP editing data is generated; the data monitoring efficiency is improved; the safety monitoring module is used for judging whether the IP editing data has network danger or not; the data backup module is used for backing up the IP editing data without danger; selecting the storage block with the largest spare coefficient as a selected block; the system is convenient for workers and other network users to check; effectively alleviate the storage pressure, improve data storage efficiency.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security monitoring system based on big data analysis.
Background
With the rapid development and deep application of computer science and technology, the revolution in network space is constantly changing and affecting people's life style; because people have higher dependence on the internet and many confidential information about enterprises and individuals are involved in the internet, the problem of network security is always an important issue in the process of technology development.
From the perspective of network operation and managers, the operations of accessing, reading and writing information of a local network are hoped to be protected and controlled, threats such as 'trapdoor', virus, illegal access, denial of service, illegal occupation of network resources, illegal control and the like are avoided, and attacks of network hackers are prevented and defended; therefore, the invention provides a network security monitoring system based on big data analysis.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention provides a network security monitoring system based on big data analysis.
In order to achieve the above object, an embodiment according to a first aspect of the present invention provides a network security monitoring system based on big data analysis, including a data receiving module, a data classifying module, a security monitoring module, a distributed database, and a data backup module;
the data receiving module is used for collecting network information, network data and network content uploaded or edited by different IPs to obtain IP editing data and transmitting the IP editing data to the cloud server for caching;
after the cloud server receives the IP editing data, monitoring coefficient JC analysis is carried out on the cached IP editing data by using the data classification module, and a monitoring priority table of the IP editing data is generated; the IP editing data are sequentially transmitted to a safety monitoring module according to a monitoring priority table for safety monitoring;
the safety monitoring module is used for monitoring network data, network information and network content in the IP editing data, then carrying out calculation processing on the monitoring data according to memory calculation and real-time flow calculation, and judging whether the IP editing data has network danger or not;
if the danger exists, the early warning module is started to carry out early warning; if no danger exists, the safety monitoring module is used for transmitting the IP editing data to a distributed database;
the distributed database analyzes, compares, previews and presents the IP editing data, and judges whether the IP editing data has network danger again; if no danger exists, uploading and backing up the IP editing data;
the data backup module is used for backing up the IP editing data without danger; the data backup module comprises a plurality of storage blocks, and the storage block with the largest vacancy coefficient KY is selected as a selected block; and backing up the received IP editing data to the selected block.
Further, the specific analysis steps of the data classification module are as follows:
acquiring the data volume of IP editing data as LZ; acquiring an IP identity corresponding to the IP editing data; the IP identity calls a data uploading record of a corresponding IP; the data uploading record comprises data uploading time, data uploading amount and whether the uploading is successful or not;
carrying out threat value WX evaluation according to the data uploading record; calculating a monitoring coefficient JC of the IP editing data by using a formula JC = LZ x b1+ WX x b2, wherein b1 and b2 are both scale factors; and sequencing the IP editing data according to the size of the monitoring coefficient JC, generating a monitoring priority table of the IP editing data and feeding the monitoring priority table back to the cloud server.
Further, the threat value WX evaluation is performed according to the data upload record, specifically:
counting the total uploading frequency of the corresponding IP as an editing frequency P1 within a preset time period;
counting the uploading failure ratio of the corresponding IP as Zb; intercepting a time period between adjacent uploading failures as a warning buffering time period, and counting the uploading frequency of the corresponding IP in each warning buffering time period as a warning buffering frequency Li; comparing the warning buffer frequency Li with a preset buffer threshold value;
counting the number of times that Li is smaller than a preset buffer threshold value to be C1; when Li is smaller than a preset buffer threshold, obtaining a difference value between Li and the preset buffer threshold, and summing to obtain a total difference and buffer value GZ; calculating a slow-slow attraction value CJ by using a formula CJ = C1 × a3+ GZ × a4, wherein a3 and a4 are both scale factors;
normalizing the editing frequency, the uploading failure ratio and the difference and slow attraction value, and taking the numerical values, and calculating by using a formula WX = eta x (Zb × a1+ CJ × a 2)/P1 to obtain the threat value WX of the IP, wherein a1 and a2 are scale factors; eta is a preset compensation factor.
Further, the data backup module specifically includes:
acquiring residual memory data of the storage block and marking the residual memory data as Nc; establishing a curve graph of the change of the residual memory data Nc along with time, and deriving the curve graph to obtain a memory change rate curve graph;
marking the memory change rate as NBi; comparing NBi to a preset rate threshold; if the NBi is larger than or equal to a preset speed threshold value, intercepting a corresponding curve segment from a corresponding curve graph and marking the curve segment;
counting the number of the labeled curve segments as N1 within a preset time period; integrating the difference values of the corresponding NBi and a preset speed threshold value on all the labeling curve segments to time to obtain a labeling reference area M1;
calculating to obtain a memory change index Cs by using a formula Cs = N1 × r3+ M1 × r4, wherein r3 and r4 are both coefficient factors; the spare coefficient KY of the storage block is obtained by using the formula KY = (Nc × r 5)/(Cs × r 6), where r5 and r6 are coefficient factors.
Further, the safety monitoring module specifically includes:
the memory calculation uses a Spark framework to realize data calculation based on the memory;
the real-time flow calculation is used for receiving and calculating the data of the data collection unit in real time, realizing the processing of cleaning and analyzing the data through calculation service and outputting the result to the distributed database; wherein, the real-time flow calculation adopts any one of a Storm framework, a Spark framework or a combination of the Storm framework and the Spark framework.
Further, the distributed database comprises an analysis unit, a comparison unit, a rehearsal unit and a presentation unit; the analysis unit is used for carrying out classification analysis on the received IP editing data;
the comparison unit is used for comparing the IP editing data with data in a distributed database;
the preview unit is used for previewing the IP editing data content according to the comparison data;
and the presentation unit is used for presenting the preview result and judging whether the IP editing data has network danger again.
Further, when the early warning module is triggered, the audible and visual alarm starts to buzz and light, informs workers of checking, locks the uploaded IP and warns the uploading IP to stop uploading or editing.
Compared with the prior art, the invention has the beneficial effects that:
the data receiving module is used for collecting network information, network data and network content uploaded or edited by different IPs to obtain IP editing data; after the cloud server receives the IP editing data, monitoring coefficient JC analysis is carried out on the cached IP editing data by using the data classification module, and a monitoring priority table of the IP editing data is generated; the cloud server is used for sequentially transmitting the corresponding IP editing data to a safety monitoring module according to the monitoring priority list to carry out safety monitoring; the data monitoring efficiency is improved;
the safety monitoring module is used for monitoring network data, network information and network content in the IP editing data, then carrying out calculation processing on the monitoring data according to memory calculation and real-time flow calculation, and judging whether the IP editing data has network danger or not; if the danger exists, the early warning module is started to perform early warning; locking the uploaded IP and warning the uploaded IP to stop uploading or editing; the later-stage network security maintenance personnel can find the uploader in time conveniently, and the network security is improved; if no danger exists, the IP editing data is transmitted to a distributed database; the distributed database analyzes, compares, previews and presents the IP editing data, judges whether the IP editing data has network danger again, and uploads and backs up the IP editing data if the IP editing data does not have the network danger; the system is convenient for workers and other network users to check;
the data backup module is used for backing up IP editing data without danger; analyzing the spare coefficients of the plurality of storage blocks, selecting the storage block with the largest spare coefficient KY as a selected block, and backing up the received IP editing data to the selected block; the invention can reasonably select the corresponding storage area block for data storage according to the storage condition of the storage area block, thereby effectively reducing the storage pressure of the computer and improving the data storage efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a system block diagram of a network security monitoring system based on big data analysis according to the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
As shown in fig. 1, a network security monitoring system based on big data analysis includes a data receiving module, a cloud server, a data classification module, a security monitoring module, an early warning module, a distributed database, and a data backup module;
the data receiving module is used for collecting network information, network data and network content uploaded or edited by different IPs to obtain IP editing data; transmitting the IP editing data to a cloud server for caching;
after the cloud server receives the IP editing data, monitoring coefficients JC of the cached IP editing data are analyzed by using the data classification module, and a monitoring priority table of the IP editing data is generated; the specific analysis steps of the data classification module are as follows:
acquiring the data volume of IP editing data as LZ; acquiring an IP identity corresponding to the IP editing data; the IP identity calls a data uploading record of the corresponding IP; the data uploading record comprises data uploading time, data uploading amount and whether the uploading is successful or not; if the uploading fails, the uploading data is in network danger, and the uploading IP is warned;
carrying out threat value WX evaluation according to the data uploading record, and specifically comprising the following steps:
counting the total uploading frequency of the corresponding IP as an editing frequency P1 within a preset time period;
counting the uploading failure ratio of the corresponding IP as Zb; intercepting a time period between adjacent uploading failures as a warning buffering time period, and counting the uploading frequency of the corresponding IP in each warning buffering time period as a warning buffering frequency Li; comparing the warning buffering frequency Li with a preset buffering threshold value;
counting the number of times that Li is smaller than a preset buffer threshold value to be C1; when Li is smaller than a preset buffer threshold, obtaining a difference value between Li and the preset buffer threshold, and summing to obtain a total difference and buffer value GZ; calculating a difference slow attraction value CJ by using a formula CJ = C1 × a3+ GZ × a4, wherein a3 and a4 are both scale factors;
normalizing the editing frequency, the uploading failure ratio and the difference and slow attraction value, and taking the numerical values, and calculating by using a formula WX = eta x (Zb x a1+ CJ x a 2)/P1 to obtain an IP threat value WX, wherein a1 and a2 are scale factors; eta is a preset compensation factor;
calculating a monitoring coefficient JC of the IP editing data by using a formula JC = LZ multiplied by b1+ WX multiplied by b2, wherein b1 and b2 are both scale factors;
sequencing the IP editing data according to the size of a monitoring coefficient JC to generate a monitoring priority table of the IP editing data; the data classification module is used for feeding back a monitoring priority table of the IP editing data to the cloud server; the cloud server is used for sequentially transmitting the corresponding IP editing data to the safety monitoring module according to the monitoring priority table for safety monitoring; the data monitoring efficiency is improved;
the safety monitoring module is used for monitoring network data, network information and network content in the IP editing data, then carrying out calculation processing on the monitoring data according to memory calculation and real-time flow calculation, and judging whether the IP editing data has network danger or not;
if the danger exists, the early warning module is started to perform early warning; if no danger exists, the safety monitoring module is used for transmitting the IP editing data to the distributed database;
the memory calculation uses a Spark frame to realize data calculation based on the memory;
the real-time flow calculation is used for receiving and calculating the data of the data collection unit in real time, realizing the processing of cleaning and analyzing the data through calculation service, and outputting the result to a distributed database;
wherein, the real-time flow calculation adopts any one of or the combination of a Storm framework and a Spark framework; the flow computing mode can well analyze the large-scale flow data in real time in the constantly changing motion process, capture possibly useful information and send the result to the next computing node;
the distributed database comprises an analysis unit, a comparison unit, a rehearsal unit and a presentation unit; the analysis unit is used for carrying out classification analysis on the received IP editing data; the comparison unit is used for comparing the IP editing data with the data in the distributed database; the preview unit is used for previewing the IP editing data content according to the comparison data; the presentation unit is used for presenting the preview result and judging whether the IP editing data has network danger again;
if the danger exists, the early warning module is started to carry out early warning;
if no danger exists, uploading and backing up the IP editing data; the system is convenient for workers and other network users to check;
when the early warning module is triggered, the audible and visual alarm is started to emit buzzing and light, a worker can be informed to check, the uploaded IP is locked, and the uploading or editing behavior of the uploaded IP is warned to stop; the later-stage network security maintenance personnel can find the uploader in time conveniently, and the network security is improved;
the data backup module is used for backing up the IP editing data without danger; the data backup module comprises a plurality of storage blocks, and the specific backup steps are as follows:
acquiring residual memory data of the storage block and marking the residual memory data as Nc; establishing a curve graph of the change of the residual memory data Nc along with time, and deriving the curve graph to obtain a memory change rate curve graph;
marking the memory change rate as NBi; comparing NBi to a preset rate threshold; if the NBi is larger than or equal to a preset speed threshold value, intercepting a corresponding curve segment from a corresponding curve graph and marking the curve segment;
counting the number of the labeled curve segments as N1 within a preset time period; integrating the difference values of the corresponding NBi and a preset speed threshold value on all the labeling curve segments with time to obtain a labeling reference area M1;
calculating to obtain a memory change index Cs by using a formula Cs = N1 × r3+ M1 × r4, wherein r3 and r4 are both coefficient factors; performing normalization processing on the residual memory data and the memory change index, taking the numerical values of the residual memory data and the memory change index, and calculating a vacancy coefficient KY of the storage block by using a formula KY = (Nc × r 5)/(Cs × r 6), wherein r5 and r6 are coefficient factors;
selecting a storage block with the largest vacancy coefficient KY as a selected block; the data backup module is used for backing up the received IP editing data to the selected block; the invention can reasonably select the corresponding storage area block for data storage according to the storage condition of the storage area block, thereby effectively reducing the storage pressure of the computer and improving the data storage efficiency.
The above formulas are all calculated by removing dimensions and taking numerical values thereof, the formula is a formula which is obtained by acquiring a large amount of data and performing software simulation to obtain the closest real situation, and the preset parameters and the preset threshold value in the formula are set by the technical personnel in the field according to the actual situation or obtained by simulating a large amount of data.
The working principle of the invention is as follows:
when the network safety monitoring system works, the data receiving module is used for collecting network information, network data and network contents uploaded or edited by different IPs to obtain IP editing data; transmitting the IP editing data to a cloud server for caching; after the cloud server receives the IP editing data, monitoring coefficient JC analysis is carried out on the cached IP editing data by using the data classification module, and a monitoring priority table of the IP editing data is generated; the cloud server is used for sequentially transmitting the corresponding IP editing data to the safety monitoring module according to the monitoring priority table for safety monitoring; the data monitoring efficiency is improved;
the safety monitoring module is used for monitoring network data, network information and network content in the IP editing data, then carrying out calculation processing on the monitoring data according to memory calculation and real-time flow calculation, and judging whether the IP editing data has network danger or not; if the danger exists, the early warning module is started to carry out early warning; locking the uploaded IP, and warning the uploaded IP to stop uploading or editing behavior; the later-stage network security maintenance personnel can find the uploader in time conveniently, and the network security is improved; if no danger exists, transmitting the IP editing data to a distributed database; the distributed database analyzes, compares, previews and presents the IP editing data, judges whether the IP editing data has network danger again, and uploads and backs up the IP editing data if the IP editing data does not have the network danger; the system is convenient for workers and other network users to check;
the data backup module is used for backing up the IP editing data without danger; analyzing the spare coefficients of the plurality of storage blocks, selecting the storage block with the largest spare coefficient KY as a selected block, and backing up the received IP editing data to the selected block; the invention can reasonably select the corresponding storage area block for data storage according to the storage condition of the storage area block, thereby effectively reducing the storage pressure of the computer and improving the data storage efficiency.
In the description herein, references to the description of "one embodiment," "an example," "a specific example" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.
Claims (7)
1. A network security monitoring system based on big data analysis is characterized by comprising a data receiving module, a cloud server, a data classification module, a security monitoring module, an early warning module, a distributed database and a data backup module;
the data receiving module is used for collecting network information, network data and network content uploaded or edited by different IPs to obtain IP editing data and transmitting the IP editing data to the cloud server for caching;
after the cloud server receives the IP editing data, monitoring coefficients JC analysis are carried out on the cached IP editing data by using a data classification module, and a monitoring priority table of the IP editing data is generated; the IP editing data are sequentially transmitted to a safety monitoring module according to a monitoring priority table for safety monitoring;
the safety monitoring module is used for monitoring network data, network information and network content in the IP editing data, then carrying out calculation processing on the monitoring data according to memory calculation and real-time flow calculation, and judging whether the IP editing data has network danger or not;
if the danger exists, the early warning module is started to perform early warning; if no danger exists, the safety monitoring module is used for transmitting the IP editing data to a distributed database;
the distributed database analyzes, compares, previews and presents the IP editing data, and judges whether the IP editing data has network danger again; if no danger exists, uploading and backing up the IP editing data;
the data backup module is used for backing up the IP editing data without danger; the data backup module comprises a plurality of storage blocks, and the storage block with the largest vacancy coefficient KY is selected as a selected block; and backing up the received IP editing data to the selected block.
2. The big data analysis-based network security monitoring system according to claim 1, wherein the data classification module comprises the following specific analysis steps:
acquiring the data volume of IP editing data as LZ; acquiring an IP identity corresponding to the IP editing data; the IP identity calls a data uploading record of a corresponding IP; the data uploading record comprises data uploading time, data uploading amount and whether the uploading is successful or not;
carrying out threat value WX evaluation according to the data uploading record; calculating a monitoring coefficient JC of the IP editing data by using a formula JC = LZ × b1+ WX × b2, wherein b1 and b2 are both scale factors;
and sequencing the IP editing data according to the size of the monitoring coefficient JC, generating a monitoring priority table of the IP editing data and feeding the monitoring priority table back to the cloud server.
3. The big data analysis-based network security monitoring system according to claim 2, wherein the threat value WX evaluation is performed according to the data upload record, specifically:
counting the total uploading frequency of the corresponding IP as an editing frequency P1 within a preset time period;
counting the uploading failure ratio of the corresponding IP as Zb; intercepting a time period between adjacent uploading failures as a warning buffering time period, and counting the uploading frequency of the corresponding IP in each warning buffering time period as a warning buffering frequency Li; comparing the warning buffer frequency Li with a preset buffer threshold value;
counting the number of times that Li is smaller than a preset buffer threshold value to be C1; when Li is smaller than a preset buffer threshold, obtaining a difference value between Li and the preset buffer threshold, and summing to obtain a total difference value GZ; calculating a slow-slow attraction value CJ by using a formula CJ = C1 × a3+ GZ × a4, wherein a3 and a4 are both scale factors;
normalizing the editing frequency, the uploading failure ratio and the difference and slow attraction value, and taking the numerical values, and calculating by using a formula WX = eta x (Zb × a1+ CJ × a 2)/P1 to obtain the threat value WX of the IP, wherein a1 and a2 are scale factors; eta is a preset compensation factor.
4. The big data analysis-based network security monitoring system according to claim 1, wherein the data backup module specifically comprises:
acquiring residual memory data of the storage block and marking the residual memory data as Nc; establishing a curve graph of the change of the residual memory data Nc along with time, and obtaining a memory change rate curve graph by deriving the curve graph;
marking the memory change rate as NBi; comparing NBi to a preset rate threshold; if NBi is larger than or equal to a preset speed threshold value, intercepting a corresponding curve segment from a corresponding curve graph and marking the curve segment;
counting the number of the labeled curve segments as N1 within a preset time period; integrating the difference values of the corresponding NBi and a preset speed threshold value on all the labeling curve segments with time to obtain a labeling reference area M1;
calculating to obtain a memory change index Cs by using a formula Cs = N1 × r3+ M1 × r4, wherein r3 and r4 are both coefficient factors; the spare coefficient KY of the storage block is obtained by using the formula KY = (Nc × r 5)/(Cs × r 6), where r5 and r6 are coefficient factors.
5. The big data analysis-based network security monitoring system according to claim 1, wherein the security monitoring module specifically comprises:
the memory calculation uses a Spark framework to realize data calculation based on the memory;
the real-time flow calculation is used for receiving and calculating the data of the data collection unit in real time, realizing the processing of cleaning and analyzing the data through calculation service, and outputting the result to a distributed database; wherein, the real-time flow calculation adopts any one of a Storm framework and a Spark framework alone or the combination of the two.
6. The big data analysis-based network security monitoring system according to claim 1, wherein the distributed database comprises an analysis unit, a comparison unit, a preview unit and a presentation unit; the analysis unit is used for carrying out classification analysis on the received IP editing data;
the comparison unit is used for comparing the IP editing data with data in a distributed database;
the preview unit is used for previewing the IP editing data content according to the comparison data;
and the presentation unit is used for presenting the preview result and judging whether the IP editing data has network danger again.
7. The network safety monitoring system based on big data analysis of claim 1, wherein when the early warning module is triggered, the audible and visual alarm starts to beep and light, informs the staff to check, locks the uploading IP, and warns the uploading IP to stop uploading or editing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310274391.5A CN115987695B (en) | 2023-03-21 | 2023-03-21 | Network security monitoring system based on big data analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310274391.5A CN115987695B (en) | 2023-03-21 | 2023-03-21 | Network security monitoring system based on big data analysis |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115987695A true CN115987695A (en) | 2023-04-18 |
CN115987695B CN115987695B (en) | 2023-06-20 |
Family
ID=85974517
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310274391.5A Active CN115987695B (en) | 2023-03-21 | 2023-03-21 | Network security monitoring system based on big data analysis |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115987695B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040044912A1 (en) * | 2002-08-26 | 2004-03-04 | Iven Connary | Determining threat level associated with network activity |
CN109548057A (en) * | 2018-12-18 | 2019-03-29 | 广州旭隆通信科技有限公司 | A kind of method and system of base station monitoring and maintenance |
CN110996336A (en) * | 2019-03-29 | 2020-04-10 | 国家无线电监测中心检测中心 | Radio monitoring system supporting mobile monitoring station |
CN111324460A (en) * | 2020-02-19 | 2020-06-23 | 云南电网有限责任公司 | Power monitoring control system and method based on cloud computing platform |
CN112637215A (en) * | 2020-12-22 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Network security detection method and device, electronic equipment and readable storage medium |
CN114157463A (en) * | 2021-11-23 | 2022-03-08 | 四川邮电职业技术学院 | Big data analysis-based network information security early warning platform and early warning method |
CN114172272A (en) * | 2021-12-13 | 2022-03-11 | 铜陵有色金属集团铜冠建筑安装股份有限公司 | Energy-saving multi-load power distribution cabinet debugging method |
CN114519926A (en) * | 2022-02-23 | 2022-05-20 | 王家国 | Intelligent control system of environment-friendly monitoring instrument based on Internet of things |
CN115344020A (en) * | 2022-09-16 | 2022-11-15 | 合肥合锻智能制造股份有限公司 | Multi-parallel equipment interconnection reconstruction production control system |
CN115442375A (en) * | 2022-11-08 | 2022-12-06 | 深圳市亲邻科技有限公司 | Property digital management system based on cloud edge cooperation technology |
-
2023
- 2023-03-21 CN CN202310274391.5A patent/CN115987695B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040044912A1 (en) * | 2002-08-26 | 2004-03-04 | Iven Connary | Determining threat level associated with network activity |
CN109548057A (en) * | 2018-12-18 | 2019-03-29 | 广州旭隆通信科技有限公司 | A kind of method and system of base station monitoring and maintenance |
CN110996336A (en) * | 2019-03-29 | 2020-04-10 | 国家无线电监测中心检测中心 | Radio monitoring system supporting mobile monitoring station |
CN111324460A (en) * | 2020-02-19 | 2020-06-23 | 云南电网有限责任公司 | Power monitoring control system and method based on cloud computing platform |
CN112637215A (en) * | 2020-12-22 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Network security detection method and device, electronic equipment and readable storage medium |
CN114157463A (en) * | 2021-11-23 | 2022-03-08 | 四川邮电职业技术学院 | Big data analysis-based network information security early warning platform and early warning method |
CN114172272A (en) * | 2021-12-13 | 2022-03-11 | 铜陵有色金属集团铜冠建筑安装股份有限公司 | Energy-saving multi-load power distribution cabinet debugging method |
CN114519926A (en) * | 2022-02-23 | 2022-05-20 | 王家国 | Intelligent control system of environment-friendly monitoring instrument based on Internet of things |
CN115344020A (en) * | 2022-09-16 | 2022-11-15 | 合肥合锻智能制造股份有限公司 | Multi-parallel equipment interconnection reconstruction production control system |
CN115442375A (en) * | 2022-11-08 | 2022-12-06 | 深圳市亲邻科技有限公司 | Property digital management system based on cloud edge cooperation technology |
Also Published As
Publication number | Publication date |
---|---|
CN115987695B (en) | 2023-06-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110535855B (en) | Network event monitoring and analyzing method and system and information data processing terminal | |
CN109977689B (en) | Database security audit method and device and electronic equipment | |
CN107579956B (en) | User behavior detection method and device | |
CN111885040A (en) | Distributed network situation perception method, system, server and node equipment | |
US8707431B2 (en) | Insider threat detection | |
CN114584405B (en) | Electric power terminal safety protection method and system | |
KR102464390B1 (en) | Method and apparatus for detecting anomaly based on behavior analysis | |
CN108763957A (en) | A kind of safety auditing system of database, method and server | |
US8984633B2 (en) | Automated security analytics platform with visualization agnostic selection linked portlets | |
WO2014144081A1 (en) | Identity and asset risk score intelligence and threat mitigation | |
CN109362235B (en) | Method of classifying transactions at a network accessible storage device | |
CN103765432A (en) | Visual component and drill down mapping | |
Sukhija et al. | Event management and monitoring framework for HPC environments using ServiceNow and Prometheus | |
CN112287067A (en) | Sensitive event visualization application implementation method, system and terminal based on semantic analysis | |
CN115001934A (en) | Industrial control safety risk analysis system and method | |
CN114157463A (en) | Big data analysis-based network information security early warning platform and early warning method | |
CN110618977B (en) | Login anomaly detection method, device, storage medium and computer equipment | |
CN116074075A (en) | Security event association behavior analysis method, system and equipment based on association rule | |
CN113938306A (en) | Credible authentication method and system based on data cleaning rule | |
Miloslavskaya | Security intelligence centers for big data processing | |
JP7412938B2 (en) | Information analysis device, information analysis method, information analysis system and program | |
CN113162897A (en) | Industrial control network security filtering system and method | |
CN115987695A (en) | Network security monitoring system based on big data analysis | |
CN106790231A (en) | The generation method of security domain, device and safe operation and maintenance supervising system | |
CN116614258A (en) | Network danger prediction model of security situation awareness system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |