CN116471124B - Computer network safety prediction system for analyzing based on big data information - Google Patents
Computer network safety prediction system for analyzing based on big data information Download PDFInfo
- Publication number
- CN116471124B CN116471124B CN202310724432.6A CN202310724432A CN116471124B CN 116471124 B CN116471124 B CN 116471124B CN 202310724432 A CN202310724432 A CN 202310724432A CN 116471124 B CN116471124 B CN 116471124B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- network
- network environment
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000007123 defense Effects 0.000 claims abstract description 27
- 238000001514 detection method Methods 0.000 claims abstract description 19
- 238000011156 evaluation Methods 0.000 claims abstract description 15
- 238000004458 analytical method Methods 0.000 claims description 42
- 238000000034 method Methods 0.000 claims description 15
- 238000000605 extraction Methods 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 14
- 238000004140 cleaning Methods 0.000 claims description 13
- 238000013075 data extraction Methods 0.000 claims description 13
- 238000007619 statistical method Methods 0.000 claims description 8
- 238000005457 optimization Methods 0.000 claims description 6
- 238000012937 correction Methods 0.000 claims description 5
- 238000012216 screening Methods 0.000 claims description 5
- 230000000694 effects Effects 0.000 claims description 4
- 238000001914 filtration Methods 0.000 claims description 3
- 238000010606 normalization Methods 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 238000013016 damping Methods 0.000 claims description 2
- 230000006399 behavior Effects 0.000 abstract description 4
- 230000010485 coping Effects 0.000 abstract description 2
- 238000005065 mining Methods 0.000 abstract 1
- 230000006872 improvement Effects 0.000 description 8
- 238000012986 modification Methods 0.000 description 8
- 230000004048 modification Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 4
- 238000003064 k means clustering Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000000611 regression analysis Methods 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 238000012731 temporal analysis Methods 0.000 description 2
- 238000000700 time series analysis Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 241001123248 Arma Species 0.000 description 1
- 101000911753 Homo sapiens Protein FAM107B Proteins 0.000 description 1
- 235000008694 Humulus lupulus Nutrition 0.000 description 1
- 102100026983 Protein FAM107B Human genes 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000007429 general method Methods 0.000 description 1
- 238000012417 linear regression Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- YHXISWVBGDMDLQ-UHFFFAOYSA-N moclobemide Chemical compound C1=CC(Cl)=CC=C1C(=O)NCCN1CCOCC1 YHXISWVBGDMDLQ-UHFFFAOYSA-N 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 231100000279 safety data Toxicity 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention relates to the technical field of computer network security. The invention relates to a computer network security prediction system for analyzing based on big data information. The system comprises a data generation unit, a safety detection unit, an early warning feedback unit and a data updating unit; the data generating unit is used for collecting the existing computer network data when predicting the existing computer network environment; the invention provides more comprehensive and accurate network security prediction service by fully mining various data sources such as network flow, log information, user behavior and the like, recognizes various threat types by adopting the existing network characteristics, evaluates the severity degree and potential hazard of the threat, provides accurate threat prediction results, generates an accurate defense measure scheme by combining the threat evaluation results and the existing network attack means, and simultaneously automatically detects the network environment at regular intervals, thereby improving the coping capacity of network security vulnerabilities.
Description
Technical Field
The invention relates to the technical field of computer network security, in particular to a computer network security prediction system for analyzing based on big data information.
Background
At present, computer network security faces increasing and complicating threats, traditional network security protection means have been difficult to satisfy the demand to security and precaution nature, and current computer network security prediction system adopts information content and needs the user to carry out input information in to the storage system, and self-learning ability is lower, and when detecting the network environment, needs user operation to assist to combine real-time network information to accomplish high quality detection to the network environment, and is comparatively troublesome, proposes the computer network security prediction system based on big data information analysis.
Disclosure of Invention
The present invention is directed to a computer network security prediction system for analyzing big data information, so as to solve the problems set forth in the background art.
In order to achieve the above object, a computer network security prediction system for analyzing based on big data information is provided, which comprises a data generation unit, a security detection unit, an early warning feedback unit and a data updating unit;
the data generation unit is used for collecting the existing computer network data and classifying the collected data when predicting the existing computer network environment, screening according to the influence on network safety, and extracting the network characteristics of the reserved data;
the security detection unit is used for detecting the network characteristics extracted by the data generation unit, analyzing detected vulnerabilities combined with network attack means, simulating corresponding defending measures according to the detected vulnerabilities, and simultaneously evaluating the defending measures combined with the existing computer network environment;
the early warning feedback unit is used for conveying the defensive measure scheme simulated by the safety detection unit to the cloud according to the evaluation result and collecting cloud feedback data;
the data updating unit is used for judging the defensive measure scheme simulated by the safety detection unit according to cloud feedback data collected by the early warning feedback unit, conveying the defensive measure scheme simulated by the safety detection unit to the existing computer network environment according to a judging result, completing the updating of the computer network environment, and simultaneously, regularly predicting the computer network environment.
As a further improvement of the technical scheme, the data generating unit comprises a network data acquisition module and a data processing module;
the network data acquisition module comprises an information collection module and an information classification module;
the information collection module is used for collecting real-time network environment data of a network to be predicted;
the information classification module is used for carrying out property analysis on the network environment data collected by the information collection module and packaging and classifying the data according to different properties.
As a further improvement of the technical scheme, the data processing module comprises a data cleaning module and a data extraction module;
the data cleaning module is used for cleaning the data in the data packets classified by the information classification module according to the influence on the network security environment, and reserving the network environment data with influence;
the data extraction module is used for extracting characteristics of the network environment data reserved by the data cleaning module by using a statistical analysis algorithm.
As a further improvement of the technical scheme, the data extraction module statistical analysis algorithm comprises the following steps:
performing feature extraction and normalization processing on the data to enable the data to be suitable for clustering analysis, so as to obtain class labels of each sample;
calculating the center point of each category according to the category label, visually displaying and explaining the clustering center, and finding out the characteristics and regularity of each category;
and obtaining the network environment data characteristics according to the characteristic category.
As a further improvement of the technical scheme, the security detection unit comprises a threat assessment module and a defense generation module;
the threat assessment module is used for assessing the analysis data of the data processing module by combining with the network environment to be predicted, and searching a corresponding attack means in the network according to the assessment result;
the defending generation module is used for analyzing the attack means collected by the threat assessment module, obtaining a defending correction scheme, and assessing the defending correction scheme according to the network environment predicted by the need.
As a further improvement of the technical scheme, the threat assessment module comprises a vulnerability extraction module and an attack analysis module;
the vulnerability extraction module is used for analyzing the characteristic data extracted by the data extraction module in combination with the real-time network environment so as to obtain network vulnerability information;
the attack analysis module is used for collecting corresponding network data attack means in the network according to the network vulnerability information acquired by the vulnerability extraction module and carrying out combination classification on the collected network data attack means.
As a further improvement of the technical scheme, the defense generating module comprises a defense evaluating module and an implementation analyzing module;
the defense evaluation module is used for analyzing the network data attack means collected by the attack analysis module by combining with the existing network vulnerability restoration means so as to obtain a corresponding system updating scheme;
the implementation analysis module is used for analyzing the system updating scheme acquired by the defense evaluation module by combining the network environment to be predicted.
As a further improvement of the technical scheme, the early warning feedback unit comprises a report generating module and a feedback collecting module;
the report generation module is used for screening invalid data in the system updating scheme according to the analysis result of the implementation analysis module, and sending the screened system updating scheme to the cloud;
the filtering expression of invalid data in the system updating scheme is as follows:
;
wherein,for unlimited data value, when the value is greater than 1, the data is invalid, otherwise, when the value is less than 1, the data is valid, and +.>To obtain a system update scheme->For analysis of system update scheme->Get combined implementation of system update scheme->To evaluate the effect of the implementation, the final pass +.>The index size judges the validity of the data and provides better data value.
The feedback collection module is used for collecting cloud feedback data of the system updating scheme.
As a further improvement of the technical scheme, the data updating unit comprises a system optimizing module and a report updating module;
the system optimization module is used for judging the system updating scheme screened by the report generation module according to the feedback data collected by the feedback collection module, and transmitting the system updating scheme to the real-time network environment data according to the judging result to finish the network environment safety data updating;
the report updating module is used for continuously predicting the real-time network environment data and keeping the real-time network environment data continuously updated.
Compared with the prior art, the invention has the beneficial effects that:
in the computer network security prediction system based on big data information analysis, various data sources such as network flow, log information and user behaviors are fully mined, so that more comprehensive and accurate network security prediction service is provided, various threat types are identified by adopting the existing network characteristics, the severity and potential hazard of the threat are evaluated, an accurate threat prediction result is provided, an accurate defense measure scheme is generated by combining the threat evaluation result and the existing network attack means, and meanwhile, the network environment is automatically detected at regular intervals, so that the network security vulnerability coping capability is improved.
Drawings
FIG. 1 is an overall flow diagram of the present invention;
FIG. 2 is a flow chart diagram of classifying collected environmental data in accordance with the present invention;
FIG. 3 is a flow chart of the present invention for analyzing retained data;
FIG. 4 is a flow chart of searching for a corresponding attack means according to the present invention;
FIG. 5 is a block flow diagram of the evaluation of a defensive correction scenario of the present invention;
FIG. 6 is a block flow diagram of the cloud feedback data of the system update scheme of the present invention;
FIG. 7 is a flow chart of the present invention for performing network environment security data updates.
The meaning of each reference sign in the figure is:
1. a data generation unit; 2. a security detection unit;
10. a network data acquisition module; 11. an information collection module; 12. an information classification module;
20. a data processing module; 21. a data cleaning module; 22. a data extraction module;
30. a threat assessment module; 31. a vulnerability extraction module; 32. an attack analysis module;
40. a defense generation module; 41. a defense evaluation module; 42. implementing an analysis module;
50. an early warning feedback unit; 51. a report generation module; 52. a feedback collection module;
60. a data updating unit; 61. a system optimization module; 62. and a report updating module.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1: referring to fig. 1-7, the present embodiment is directed to a computer network security prediction system for analyzing big data information, which includes a data generating unit 1, a security detecting unit 2, an early warning feedback unit 50, and a data updating unit 60;
the data generating unit 1 is used for collecting the existing computer network data and classifying the collected data when predicting the existing computer network environment, screening according to the influence on network safety, and extracting the network characteristics of the reserved data;
the security detection unit 2 is used for detecting the network characteristics extracted by the data generation unit 1, analyzing the detected vulnerabilities combined with network attack means, simulating corresponding defending measures according to the detected vulnerabilities, and simultaneously evaluating the defending measures combined with the existing computer network environment;
the early warning feedback unit 50 is used for conveying the defensive measure scheme simulated by the safety detection unit 2 to the cloud according to the evaluation result and collecting cloud feedback data;
the data updating unit 60 is configured to determine the defensive measure scheme simulated by the security detection unit 2 according to the cloud feedback data collected by the early warning feedback unit 50, and transmit the defensive measure scheme simulated by the security detection unit 2 to the existing computer network environment according to the determination result, thereby completing the updating of the computer network environment and simultaneously performing periodic prediction on the computer network environment.
The data generation unit (1) comprises a network data acquisition module (10) and a data processing module (20);
the information collection module 11 is used for collecting real-time network environment data of a network needing prediction;
the information classification module 12 is used for performing property analysis on the network environment data collected by the information collection module 11, and packaging and classifying the data according to different properties. Data traffic flowing through the network is monitored and analyzed by the network device using network packet capture techniques. System logs and application logs are collected periodically from network devices and servers using a log collector and monitoring agent. And using a proxy server and a monitoring tool to record the behaviors and operations of the user on the computer network, and classifying and storing the data according to the flow, the log, the behaviors and the operations.
The data processing module 20 includes a data cleaning module 21 and a data extraction module 22;
the data cleaning module 21 is configured to clean data in the data packets classified by the information classification module 12 according to the influence on the network security environment, and retain the network environment data with influence; the collected data is denoised and preprocessed by using a data cleaning algorithm to remove invalid and redundant data, and the following is a common data cleaning algorithm:
missing value filling algorithm: common algorithms include mean filling, median filling, mode filling, interpolation, and the like. Wherein, the mean filling formula is: the mean of the column in which the missing value is located.
The data extraction module 22 is configured to perform feature extraction on the network environment data retained by the data cleansing module 21 using a statistical analysis algorithm.
The data extraction module 22 performs the following statistical analysis algorithm steps:
performing feature extraction and normalization processing on the data to enable the data to be suitable for clustering analysis, so as to obtain class labels of each sample;
calculating the center point of each category according to the category label, visually displaying and explaining the clustering center, and finding out the characteristics and regularity of each category;
and obtaining the network environment data characteristics according to the characteristic category.
Critical information and patterns, such as abnormal behavior, potential threats, and attack signatures, are extracted from the cleaned data. With statistical analysis methods, for descriptive statistical analysis, the mean formula can be used:
;
where mean represents the mean, xi represents the value of the ith data point, and n represents the number of data points.
For correlation analysis, the formula of pearson correlation coefficient can be used:
;
wherein r represents a correlation coefficient, xi and yi represent values of two variables at an ith observation point, bar { x } and bar { y } represent average values of the two variables, so that key information in different indexes is extracted, and accurate prediction and evaluation of network security threat are realized.
The security detection unit 2 includes a threat assessment module 30 and a defense generation module 40;
the threat assessment module 30 is configured to assess the analysis data of the data processing module 20 in combination with a network environment to be predicted, and find a corresponding attack means in the network according to the assessment result;
the defense generating module 40 is configured to analyze the attack means collected by the threat assessment module 30, obtain a defense modification scheme, and assess the defense modification scheme according to a network environment that needs to be predicted.
Threat assessment module 30 includes a vulnerability extraction module 31 and an attack analysis module 32;
the vulnerability extraction module 31 is configured to analyze the feature data extracted by the data extraction module 22 in combination with a real-time network environment, so as to obtain network vulnerability information; using machine learning algorithms and pattern matching techniques:
the regular expression: text for matching certain rules is commonly used in text processing.
KMP algorithm: the method is used for searching the appearance position of a pattern string P in a text string S, and the speed is high.
BM algorithm: the method is also one of character string matching algorithms, can quickly inquire whether the text string contains a mode string, compares and classifies the extracted key information with the known security threat, and determines the threat type. The level of threat is assessed by comprehensively considering the severity, potential hazard and possibility of the threat in combination with the historical data and the rule engine.
The attack analysis module 32 is configured to collect corresponding network data attack means in the network according to the network vulnerability information obtained by the vulnerability extraction module 31, and perform combination classification on the collected network data attack means. The method for carrying out combined classification on the collected network data attack means generally uses a clustering algorithm, and common clustering algorithms include hierarchical clustering, K-means clustering, DBSCAN clustering and the like. Taking K-means clustering as an example, the formula is as follows:
given a data set X and a number of clusters K, the goal of the K-means clustering algorithm is to divide the data set into K clusters such that the similarity of data points within each cluster is highest, and the similarity between different clusters is lowest, where the similarity can be defined according to different data sets and problems.
Randomly selecting k data points as an initial centroid;
assigning all data points to clusters in which the closest centroid is located;
next, for each cluster, calculating the center point of all data points therein as a new centroid;
finally, the above process is repeated until the centroid does not change significantly any more or reaches a preset number of iterations. By clustering the network data attack means, similar attack means can be put together, and meanwhile, differences, rules and characteristics among different attack means are found, so that powerful support is provided for network security defense.
The defense generating module 40 includes a defense evaluating module 41 and an implementation analyzing module 42;
the defense evaluation module 41 is configured to analyze the network data attack means collected by the attack analysis module 32 in combination with the existing network vulnerability restoration means, so as to obtain a corresponding system update scheme;
the formula for analyzing the detected vulnerabilities combined with the network attack means is as follows:
detecting the influence of vulnerability and analysis vulnerability on network attack- > making corresponding countermeasures
Analyzing possible intrusion paths and potential attack targets of an attacker by using a network topology analysis and path inference algorithm, providing basis for formulating defending measures, and analyzing the network topology:
path algorithm: common path algorithms are Dijkstra's algorithm, bellman-Ford algorithm, etc. The formula of Dijkstra algorithm is as follows:
page ranking algorithm: common page ranking algorithms are the PageRank algorithm, the HITS algorithm, and the like. The formula of the PageRank algorithm is as follows:
;
wherein,representing web page->Ranking value of->For damping factor->For the total number of pages in the website, < > is->For web page->Is the number of outgoing chains.
The path inference algorithm expression is as follows:
;
wherein the method comprises the steps ofFor time stamp->For the source IP address>For the target IP address>For the source port->As a result of the fact that the destination port,is a protocol type.
And (3) flow information analysis: modeling flow information by using algorithms such as a support vector machine, so as to accurately analyze attack types and attack sources and identify potential attack targets;
TTL-basedTraceroute algorithm: different router hops in the network are probed by modifying the TTL field of the Traceroute tool. The algorithm has no definite formula, but can infer path information in the network by intercepting network data packets and analyzing TTL fields in the network data packets
The implementation analysis module 42 is configured to analyze the system update scheme acquired by the defense evaluation module 41 in conjunction with the network environment that needs to be predicted. Using data analysis methods
The data analysis method is mainly used for predicting the change trend and the bandwidth requirement of the future network environment based on historical data or real-time data.
Time series analysis: time series analysis can help us link historical data with future trends, and common methods are ARIMA model and ARMA model.
Regression analysis: regression analysis can help us find correlations between different variables to predict values of future variables. The common methods are linear regression, polynomial regression, etc.
The early warning feedback unit 50 includes a report generation module 51 and a feedback collection module 52;
the report generating module 51 is configured to screen invalid data in the system update scheme according to the analysis result of the implementation analysis module 42, and send the screened system update scheme to the cloud;
the filtering expression of invalid data in the system updating scheme is as follows:
;
wherein,for unlimited data value, when the value is greater than 1, the data is invalid, otherwise, when the value is less than 1, the data is valid, and +.>To obtain a system update scheme->For analysis of system update scheme->Get combined implementation of system update scheme->To evaluate the effect of the implementation, the final pass +.>The index size judges the validity of the data and provides better data value.
The feedback collection module 52 is configured to collect cloud feedback data of the system update scheme, send the system update scheme to the user, and collect user modification information.
And sending the system updating scheme to the user. You can input "please send system update scheme" in GalaxyBot, i can provide you with the latest system update scheme according to what you input.
User modification information is collected. If you want to modify this system update scheme, you can enter "i want to modify some information" in GalaxyBot, after which i ask you what you need to be modified. The method can be concretely as follows: if you want to modify the description of the new function of the system you can enter: the description of "please modify new functions" is "wherein '×' represents what you want to modify. -if you want to modify the update time, you can enter: "please modify update time" is "wherein'/represents the time you want to modify.
The scheme is modified. I will make corresponding modifications to the system update scheme based on the modification information you provide.
A new update scheme is generated. Next, i will present the modified system update scenario to you for your review and validation. The general method formula is as follows: sending system update scheme- > user provides modification information- > modifies scheme- > generates new update scheme.
The data update unit 60 includes a system optimization module 61 and a report update module 62;
the system optimization module 61 is configured to determine the system update scheme screened by the report generation module 51 according to the feedback data collected by the feedback collection module 52, and send the system update scheme to the real-time network environment data according to the determination result, so as to complete the update of the network environment security data;
the report update module 62 is configured to continuously predict real-time network environment data, periodically report to generate a network security report according to a time interval set by a user, and include contents such as security event statistics, threat trend analysis, and defense effect evaluation, so as to help the user understand network security status and take corresponding countermeasures, and keep the real-time network environment data continuously updated.
The foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the above-described embodiments, and that the above-described embodiments and descriptions are only preferred embodiments of the present invention, and are not intended to limit the invention, and that various changes and modifications may be made therein without departing from the spirit and scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (1)
1. The computer network safety prediction system based on big data information analysis is characterized in that: comprises a data generating unit (1), a safety detecting unit (2), an early warning feedback unit (50) and a data updating unit (60);
the data generating unit (1) is used for collecting the existing computer network data and classifying the collected data when predicting the existing computer network environment, screening according to the influence on network safety, and extracting the network characteristics of the reserved data;
the security detection unit (2) is used for detecting the network characteristics extracted by the data generation unit (1), analyzing the detected vulnerabilities combined with network attack means, simulating corresponding defending measures according to the detected vulnerabilities, and simultaneously evaluating the defending measures combined with the existing computer network environment;
the early warning feedback unit (50) is used for conveying the defensive measure scheme simulated by the safety detection unit (2) to the cloud according to the evaluation result and collecting cloud feedback data;
the data updating unit (60) is used for judging a defensive measure scheme simulated by the safety detection unit (2) according to cloud feedback data collected by the early warning feedback unit (50), and transmitting the defensive measure scheme simulated by the safety detection unit (2) to the existing computer network environment according to a judging result to finish updating the computer network environment and simultaneously predict the computer network environment regularly;
the data generation unit (1) comprises a network data acquisition module (10) and a data processing module (20);
the network data acquisition module (10) comprises an information collection module (11) and an information classification module (12);
the information collection module (11) is used for collecting real-time network environment data of a network needing prediction;
the information classification module (12) is used for carrying out property analysis on the network environment data collected by the information collection module (11) and carrying out packaging classification on the data according to different properties;
the data processing module (20) comprises a data cleaning module (21) and a data extraction module (22);
the data cleaning module (21) is used for cleaning the data in the data packets classified by the information classification module (12) according to the influence on the network security environment, and reserving the network environment data with the influence;
the data extraction module (22) is used for extracting characteristics of the network environment data reserved by the data cleaning module (21) by using a statistical analysis algorithm;
the data extraction module (22) performs the following statistical analysis algorithm steps:
performing feature extraction and normalization processing on the data to enable the data to be suitable for clustering analysis, so as to obtain class labels of each sample;
calculating the center point of each category according to the category label, visually displaying and explaining the clustering center, and finding out the characteristics and regularity of each category;
obtaining network environment data characteristics according to the characteristic categories;
the security detection unit (2) comprises a threat assessment module (30) and a defense generation module (40);
the threat assessment module (30) is used for assessing the analysis data of the data processing module (20) by combining with the network environment to be predicted, and searching a corresponding attack means in the network according to the assessment result;
the defense generating module (40) is used for analyzing the attack means collected by the threat assessment module (30), acquiring a defense correction scheme and assessing the defense correction scheme according to the network environment predicted by the need;
the threat assessment module (30) comprises a vulnerability extraction module (31) and an attack analysis module (32);
the vulnerability extraction module (31) is used for analyzing the characteristic data extracted by the data extraction module (22) in combination with a real-time network environment so as to obtain network vulnerability information;
the attack analysis module (32) is used for collecting corresponding network data attack means in the network according to the network vulnerability information acquired by the vulnerability extraction module (31) and carrying out combination classification on the collected network data attack means;
the defense generating module (40) comprises a defense evaluating module (41) and an implementation analyzing module (42);
the defense evaluation module (41) is used for analyzing the network data attack means collected by the attack analysis module (32) by combining the existing network vulnerability restoration means so as to obtain a corresponding system updating scheme;
the formula for analyzing the detected vulnerabilities combined with the network attack means is as follows:
detecting the influence of the vulnerability and the analysis vulnerability on the network attack- > making a corresponding countermeasure;
analyzing a possible intrusion path and a potential attack target of an attacker by using network topology analysis and path inference algorithm, and providing basis for establishment of defending measures; network topology analysis: the method comprises a path algorithm and a page ranking algorithm;
the path algorithm adopts the formula of Dijkstra algorithm as follows:
;
the page ranking algorithm adopts the formula of PageRank algorithm as follows:
;
wherein,representing web page->Ranking value of->For damping factor->For the total number of pages in the website, < > is->For web page->Is out of chainNumber of pieces;
the path inference algorithm expression is as follows:
;
wherein the method comprises the steps ofFor time stamp->For the source IP address>For the target IP address>For the source port->As a result of the fact that the destination port,is a protocol type;
the implementation analysis module (42) is used for analyzing the system update scheme acquired by the defense evaluation module (41) in combination with the network environment to be predicted;
the early warning feedback unit (50) comprises a report generation module (51) and a feedback collection module (52);
the report generation module (51) is used for screening invalid data in the system updating scheme according to the analysis result of the implementation analysis module (42), and sending the screened system updating scheme to the cloud;
the filtering expression of invalid data in the system updating scheme is as follows:
;
wherein,for unlimited data value, when the value is greater than 1, the data is invalid, otherwise, when the value is less than 1, the data is valid, and +.>To obtain a system update scheme->For analysis of system update scheme->Get combined implementation of system update scheme->To evaluate the effect of the implementation, the final pass +.>The data validity is judged by the index size, so that better data value is provided;
the feedback collection module (52) is used for collecting cloud feedback data of a system updating scheme;
the data updating unit (60) comprises a system optimization module (61) and a report updating module (62);
the system optimization module (61) is used for judging the system updating scheme screened by the report generation module (51) according to the feedback data collected by the feedback collection module (52), and transmitting the system updating scheme to the real-time network environment data according to the judging result to complete the network environment security data updating;
the report updating module (62) is used for continuously predicting the real-time network environment data and keeping the real-time network environment data continuously updated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310724432.6A CN116471124B (en) | 2023-06-19 | 2023-06-19 | Computer network safety prediction system for analyzing based on big data information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310724432.6A CN116471124B (en) | 2023-06-19 | 2023-06-19 | Computer network safety prediction system for analyzing based on big data information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116471124A CN116471124A (en) | 2023-07-21 |
| CN116471124B true CN116471124B (en) | 2023-11-21 |
Family
ID=87175720
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310724432.6A Active CN116471124B (en) | 2023-06-19 | 2023-06-19 | Computer network safety prediction system for analyzing based on big data information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116471124B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116996325B (en) * | 2023-09-25 | 2023-12-08 | 江苏天创科技有限公司 | Network security detection method and system based on cloud computing |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108494810A (en) * | 2018-06-11 | 2018-09-04 | 中国人民解放军战略支援部队信息工程大学 | Network security situation prediction method, apparatus and system towards attack |
| CN108494802A (en) * | 2018-05-22 | 2018-09-04 | 广西电网有限责任公司 | Key message infrastructure security based on artificial intelligence threatens Active Defending System Against |
| CN113962461A (en) * | 2021-10-22 | 2022-01-21 | 国网辽宁省电力有限公司抚顺供电公司 | Power distribution network toughness improvement strategy based on environmental data prediction |
| CN114205123A (en) * | 2021-11-20 | 2022-03-18 | 湖北天融信网络安全技术有限公司 | Attack and defense confrontation-based threat hunting method, device, equipment and storage medium |
| CN114301647A (en) * | 2021-12-20 | 2022-04-08 | 上海纽盾科技股份有限公司 | Prediction defense method, device and system for vulnerability information in situation awareness |
| CN114301700A (en) * | 2021-12-31 | 2022-04-08 | 上海纽盾科技股份有限公司 | Method, device, system and storage medium for adjusting network security defense scheme |
| CN115549965A (en) * | 2022-08-24 | 2022-12-30 | 复旦大学 | Network security training method based on simulation network |
| WO2023077617A1 (en) * | 2021-11-02 | 2023-05-11 | 公安部第三研究所 | Network security situation adaptive active defense system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11423157B2 (en) * | 2019-05-14 | 2022-08-23 | Noblis, Inc. | Adversarial reinforcement learning system for simulating security checkpoint environments |
-
2023
- 2023-06-19 CN CN202310724432.6A patent/CN116471124B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108494802A (en) * | 2018-05-22 | 2018-09-04 | 广西电网有限责任公司 | Key message infrastructure security based on artificial intelligence threatens Active Defending System Against |
| CN108494810A (en) * | 2018-06-11 | 2018-09-04 | 中国人民解放军战略支援部队信息工程大学 | Network security situation prediction method, apparatus and system towards attack |
| CN113962461A (en) * | 2021-10-22 | 2022-01-21 | 国网辽宁省电力有限公司抚顺供电公司 | Power distribution network toughness improvement strategy based on environmental data prediction |
| WO2023077617A1 (en) * | 2021-11-02 | 2023-05-11 | 公安部第三研究所 | Network security situation adaptive active defense system and method |
| CN114205123A (en) * | 2021-11-20 | 2022-03-18 | 湖北天融信网络安全技术有限公司 | Attack and defense confrontation-based threat hunting method, device, equipment and storage medium |
| CN114301647A (en) * | 2021-12-20 | 2022-04-08 | 上海纽盾科技股份有限公司 | Prediction defense method, device and system for vulnerability information in situation awareness |
| CN114301700A (en) * | 2021-12-31 | 2022-04-08 | 上海纽盾科技股份有限公司 | Method, device, system and storage medium for adjusting network security defense scheme |
| CN115549965A (en) * | 2022-08-24 | 2022-12-30 | 复旦大学 | Network security training method based on simulation network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116471124A (en) | 2023-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113965404B (en) | Network security situation self-adaptive active defense system and method | |
| EP3528463B1 (en) | An artificial intelligence cyber security analyst | |
| Patgiri et al. | An investigation on intrusion detection system using machine learning | |
| Banadaki et al. | Detecting malicious dns over https traffic in domain name system using machine learning classifiers | |
| CN110620759A (en) | Network security event hazard index evaluation method and system based on multidimensional correlation | |
| US20070226803A1 (en) | System and method for detecting internet worm traffics through classification of traffic characteristics by types | |
| CN111586046B (en) | Network traffic analysis method and system combining threat intelligence and machine learning | |
| Balkanli et al. | Feature selection for robust backscatter DDoS detection | |
| CN116471124B (en) | Computer network safety prediction system for analyzing based on big data information | |
| Mustapha et al. | Detecting DDoS attacks using adversarial neural network | |
| Dhakar et al. | A novel data mining based hybrid intrusion detection framework | |
| CN113904881B (en) | Intrusion detection rule false alarm processing method and device | |
| US20230012220A1 (en) | Method for determining likely malicious behavior based on abnormal behavior pattern comparison | |
| Dalmazo et al. | Expedite feature extraction for enhanced cloud anomaly detection | |
| Meddeb et al. | Anomaly-based behavioral detection in mobile Ad-Hoc networks | |
| Gonaygunta | Machine learning algorithms for detection of cyber threats using logistic regression | |
| Radivilova et al. | The complex method of intrusion detection based on anomaly detection and misuse detection | |
| Gannarapu et al. | Bot detection using machine learning algorithms on social media platforms | |
| Tafazzoli et al. | A proposed architecture for network forensic system in large-scale networks | |
| Borah et al. | Towards the development of an efficient intrusion detection system | |
| Menahem et al. | ACTIDS: an active strategy for detecting and localizing network attacks | |
| Bing et al. | Application process of machine learning in cyberspace security | |
| Kendrick et al. | Selecting Scalable Network Features for Infiltration Detection | |
| Ali et al. | Securing Cloud Environments: A Convolutional Neural Network (CNN) approach to Intrusion Detection System | |
| El-Taj et al. | False positive reduction by correlating the intrusion detection system alerts: Investigation study |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231026 Address after: Room 302, 3rd Floor, Building 1, No. 715, North Section of Hupan Road, Xinglong Street, Tianfu New Area, China (Sichuan) Pilot Free Trade Zone, Shuangliu District, Chengdu City, Sichuan Province, 610213 Applicant after: Guoxin Jinhong (Chengdu) Inspection and Testing Technology Research Institute Co.,Ltd. Address before: 518110 Room 201, unit 2, Gaojian Science Park, No. 3, Guanbao Road, Luhu community, Guanhu street, Longhua District, Shenzhen, Guangdong Province Applicant before: Changtong intelligent (Shenzhen) Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |