CN116582333A - Network security audit management method and system - Google Patents

Network security audit management method and system Download PDF

Info

Publication number
CN116582333A
CN116582333A CN202310600359.1A CN202310600359A CN116582333A CN 116582333 A CN116582333 A CN 116582333A CN 202310600359 A CN202310600359 A CN 202310600359A CN 116582333 A CN116582333 A CN 116582333A
Authority
CN
China
Prior art keywords
data
database
information
parameter
characteristic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310600359.1A
Other languages
Chinese (zh)
Inventor
张磊
金铮
施彦坤
朱旭晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Westsoft Computer Engineering Co ltd
Original Assignee
Hangzhou Westsoft Computer Engineering Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Westsoft Computer Engineering Co ltd filed Critical Hangzhou Westsoft Computer Engineering Co ltd
Priority to CN202310600359.1A priority Critical patent/CN116582333A/en
Publication of CN116582333A publication Critical patent/CN116582333A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a network security audit management method and system. A network security audit management method, comprising: extracting to-be-processed data, and constructing to obtain a first database; analyzing the first database to establish a fuzzy characteristic main body set G; traversing the first database by using the set G, selecting associated data, and adding a main body identification tag for the associated data to obtain a second database; traversing the set G, and constructing to obtain a plurality of data packets to obtain local characteristic information; determining association information between data packets to obtain global feature information; and constructing a target database according to the local characteristic information and the global characteristic information. According to the method, the information in the audit information database is preprocessed, the data quantity is reduced, the preprocessed data is analyzed to obtain the local characteristic information and the global characteristic information, the target database is constructed, the target database is audited through the audit equipment, the audit speed is improved, and the audit effect is enhanced.

Description

Network security audit management method and system
Technical Field
The application relates to the technical field of network security, in particular to a network security audit management method and system.
Background
With the rapid development of internet technology, network systems become more huge, and network security problems become one of the major challenges faced by the internet, so that the requirements of people on network security are gradually increased. The audit information data is rapidly and comprehensively analyzed by the network security audit technology, so that some network security problems existing in the network system can be well found.
For some audit information data with huge base number and complex structure, in the process of carrying out audit analysis on the audit information data by a network security audit technology, the audit workload is large, and the result obtained by audit is possibly incomplete, so that the expected audit effect is difficult to achieve.
Disclosure of Invention
The application aims to provide a network security audit management method and system, which are used for solving the technical problems in the background technology.
In view of the foregoing, in a first aspect, the present application provides a network security audit management method, including:
acquiring parameter information of an audit information database, and determining a data extraction rule according to the parameter information, wherein network data for network security audit is stored in the audit information database;
extracting data to be processed from the audit information database based on the data extraction rule, and constructing a first database, wherein the data in the first database is stored in the form of a data group;
performing security analysis on the first database through a pre-constructed security assessment model to obtain a security analysis result, wherein the security analysis result records a plurality of fuzzy feature subjects, and a fuzzy feature subject set G is established;
traversing the first database one by using elements in the set G, selecting associated data of each fuzzy characteristic main body, adding a main body identification tag for the corresponding associated data in the first database, and obtaining a second database after traversing is finished;
traversing the set G, respectively taking each fuzzy characteristic main body in the set G as a clustering center, and constructing a plurality of data packets based on the second database to obtain local characteristic information;
determining association information among the data packets according to the main body identification tags in all the data packets to obtain global characteristic information;
and constructing a target database according to the local characteristic information and the global characteristic information, and carrying out network security audit on the target database through audit equipment.
Further, traversing the first database by using elements in the set G one by one, selecting associated data of each fuzzy feature body, and adding a body identification tag to the associated data corresponding to the first database, including:
for set G, g= { G (r) 1 ,G(r) 2 ,…,G(r) n Wherein n represents the number of elements in the set G, for any one element G (r) in the set G i R represents feature information of the element, i represents the number of items of the element;
traversing the first database with elements in the set G, respectively, for any one element G (r) i And selecting the associated data corresponding to the element from the first database according to the characteristic information of the element, determining the main body identification tag of the element, and adding the main body identification tag for the selected associated data.
Further, the traversing set G respectively uses each fuzzy feature body in the set G as a clustering center, and constructs a plurality of data packets based on the second database, including:
for any element G (r) in collection G i Performing tag identification on the second database, copying a target data set with a main body identification tag corresponding to the element from the second database according to the main body identification tag of the element, taking a fuzzy characteristic main body corresponding to the element as a clustering center, and associating the copied target data set with the fuzzy characteristic main body to construct a data packet, wherein the target data set in the data packet carries the corresponding main body identification tag;
and traversing the set G to obtain a plurality of data packets, wherein the number of the data packets is equal to the number of elements in the set G.
Further, the determining the association information between the data packets according to the body identification tags in all the data packets includes:
constructing a global association characteristic map, wherein all data packet individuals are recorded in the global association characteristic map;
determining an identifier of a data packet unit by using a fuzzy characteristic main body corresponding to the data packet unit, wherein the identifier of the data packet unit is specifically a main body identification tag corresponding to the fuzzy characteristic main body corresponding to the data packet unit;
for any one data packet unit, establishing a connection relation between the data packet unit and other data packet units with association according to identifiers carried by the data packet unit, and counting the number of the data packet units with connection relation with the data packet unit to obtain a first association parameter of the data packet unit;
counting the number of target data groups contained by the data packet individual and any data packet individual with a connection relation established between the data packet individual and any data packet individual to obtain a second association parameter of the data packet individual;
calculating global characteristic parameters of the individual data packets according to the first association parameters and the second association parameters;
and using the global association characteristic map and the global characteristic parameter of each data packet unit as association information between the data packets.
Further, calculating a global characteristic parameter of any one of the data packet individuals according to the first association parameter and the second association parameter, including:
the calculation expression formula of the global characteristic parameter of any one data packet individual is calculated according to the first association parameter and the second association parameter is as follows:
wherein Q represents a global characteristic parameter, F 1 Representing the first associated parameter,F 2 Representing the second associated parameter, alpha and beta are respectively the first associated parameter F 1 And a second associated parameter F 2 Is used for the correction parameters of the (a).
Further, the obtaining the parameter information of the audit information database, determining the data extraction rule according to the parameter information, includes:
and the parameter information comprises data storage capacity, data storage capacity and data transmission rate of the audit information database, a first preset extraction proportion is adjusted according to the data storage capacity and the data transmission rate to obtain a second preset extraction proportion, and the second preset extraction proportion is used as the data extraction proportion of the audit information database to obtain the data extraction rule.
In a second aspect, the present application provides a network security audit management system, where the system applies any one of the above network security audit management methods, and the system includes:
the data acquisition module is used for acquiring parameter information of an audit information database, determining a data extraction rule according to the parameter information, and extracting to-be-processed data from the audit information database based on the data extraction rule;
the first construction module is used for constructing a first database according to the data to be processed extracted from the audit information database;
the first data analysis module is used for carrying out security analysis on the first database to obtain a security analysis result, and establishing a fuzzy characteristic main body set G according to the security analysis result;
the second data analysis module is used for carrying out local feature analysis and global feature analysis on the fuzzy feature main body set G and the first database to obtain local feature information and global feature information;
and the second construction module is used for constructing a target database according to the local characteristic information and the global characteristic information.
Further, for the second data analysis module, further comprising:
the computing unit is used for computing global characteristic parameters;
and the second data analysis module performs global feature analysis on the fuzzy feature main body set G and the first database to obtain a first association parameter and a second association parameter, and the calculation unit calculates the global feature parameter according to the first association parameter and the second association parameter.
The beneficial effects of the application are as follows:
according to the application, the information in the audit information database is preprocessed based on priori knowledge and risk characteristic indexes, so that the data volume is reduced, the local characteristic analysis and the global characteristic analysis are performed on the preprocessed data, the local characteristic information and the global characteristic information are obtained, the target database is constructed based on the local characteristic information and the global characteristic information, and the target database is audited by audit equipment, so that the audit workload is reduced, the audit speed is improved, and the audit effect is enhanced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the structures shown in these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a network security audit management method according to an embodiment of the present application.
Fig. 2 is a schematic structural diagram of a network security audit management system according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, some embodiments of the present application will be described in further detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. However, those of ordinary skill in the art will understand that in various embodiments of the present application, numerous technical details have been set forth in order to provide a better understanding of the present application. However, the claimed technical solution of the present application can be realized without these technical details and various changes and modifications based on the following embodiments.
Example 1
Referring to fig. 1, the present embodiment provides a network security audit management method, which includes the following contents:
s1, acquiring parameter information of an audit information database, determining a data extraction rule according to the parameter information, wherein network data for network security audit is stored in the audit information database;
in a specific implementation process, parameter information of an audit information database storing network data for network security audit can be obtained, the parameter information at least comprises data storage capacity, data storage capacity and data transmission rate of the audit information database, under normal conditions, when extraction is performed in the audit information database, data extraction is performed according to a first preset extraction proportion, preset standard parameters of the first preset extraction proportion are subjected to data extraction, under the condition that other conditions are unchanged, when the data storage capacity of the audit information database is changed, the time required for extraction and the total amount of data obtained by extraction are changed along with the change of the first preset extraction proportion, in order to improve the efficiency of audit analysis of subsequent data, the first preset extraction proportion can be adaptively adjusted according to the data storage capacity, the data storage capacity and the data transmission rate of the audit information database, and meanwhile, the time required for extraction during data extraction is also related to the data storage capacity and the data transmission rate of the audit information database.
It is conceivable that in the process of extracting data from the audit information database, the data can be simply screened according to the existing priori knowledge, and the data with low association degree between part of the data and the network security problem can be removed, and the specific screening mode can be adjusted according to the actually required audit precision.
S2, extracting to-be-processed data from an audit information database based on a data extraction rule, and constructing a first database;
in one specific implementation, the data to be processed is stored in the first database in the form of a data set.
S3, carrying out safety analysis on the first database through a pre-constructed safety evaluation model to obtain a safety analysis result, recording a plurality of fuzzy characteristic subjects on the safety analysis result, and establishing a fuzzy characteristic subject set G;
in a specific implementation process, risk characteristic indexes can be determined according to data information corresponding to network security events occurring in a history, a security evaluation model is constructed according to the risk characteristic indexes, security analysis is carried out on a data set contained in a first database through the security evaluation model, data which does not meet the risk characteristic indexes is found out, a plurality of fuzzy characteristic subjects are obtained, a fuzzy characteristic subject set G is built for the plurality of fuzzy characteristic subjects, and any element in the fuzzy characteristic subject set G represents a fuzzy characteristic subject.
S4, traversing the first database one by using elements in the set G, selecting associated data of each fuzzy characteristic main body, adding a main body identification tag for the associated data corresponding to the first database, and obtaining a second database after traversing is finished;
in one specific implementation, for set G, denoted as g= (G (r)) 1 ,G(r) 2 ,…,G(r) n Wherein n represents the number of elements in the set G, for any one element G (r) in the set G i R represents feature information of the element, i represents the number of items of the element;
the characteristic information carried by each element comprises at least one characteristic item, each group of data sets in the first database is traversed through the characteristic information carried by each element, whether the characteristic information contained in the data sets has the same characteristic item as one or more characteristic items in the characteristic information carried by the element or not is judged, and if the characteristic items are the same, the corresponding data sets are related with the fuzzy characteristic main body represented by the element;
the method comprises the steps of determining the identity of each fuzzy feature body, determining the association data of each fuzzy feature body, adding a main body identification tag to a corresponding data set after determining the association data of each fuzzy feature body, representing that the association data is associated with the fuzzy feature body, traversing a first database by each element in a set G, and obtaining a second database, wherein part or all of the data sets in the second database carry the main body identification tag, and the carried main body identification tag can be one or more.
S5, traversing the set G, respectively taking each fuzzy characteristic main body in the set G as a clustering center, and constructing a plurality of data packets based on a second database to obtain local characteristic information;
in a specific implementation process, a data group associated with each fuzzy feature body can be copied in a second database according to the body identification label corresponding to the fuzzy feature body, the body identification label carried by the data group is synchronously copied in the copying process, and a plurality of data packets are constructed by taking each fuzzy feature body as a clustering center to obtain local feature information.
S6, determining association information among the data packets according to the main body identification tags in all the data packets to obtain global characteristic information;
in a specific implementation process, for any one data packet, the type of the main body identification tag carried by the data group contained in the data packet can be counted to obtain the association information between the main body identification tag and other data packets, so as to obtain global feature information.
And S7, constructing a target database according to the local characteristic information and the global characteristic information, and carrying out network security audit on the target database through audit equipment.
According to the network security audit management method, the information in the audit information database is preprocessed through the priori knowledge and the risk characteristic indexes, the data volume is reduced, the local characteristic analysis and the global characteristic analysis are carried out on the preprocessed data, the target database is constructed, the speed of network security audit on the information in the audit information database through the audit equipment is improved, the audit workload is reduced, and the audit effect is enhanced.
In a specific implementation process, for step S5, traversing the set G, and constructing a plurality of data packets based on the second database by using each fuzzy feature body in the set G as a cluster center, including:
for any element G (r) in collection G i And (3) carrying out tag identification on the second database, copying a target data set with the body identification tag corresponding to the element from the second database according to the body identification tag of the element, associating the copied target data set with the fuzzy characteristic body corresponding to the element to obtain a data packet by taking the fuzzy characteristic body corresponding to the element as a clustering center, wherein the target data set in the data packet carries the corresponding body identification tag, traversing the set G to obtain a plurality of data packets, and conceivably, the number of the data packets is equal to the number of the elements in the set G.
In a specific implementation, for step S6, determining association information between data packets according to the body id tags in all the data packets includes:
constructing a global association feature map, wherein the global association feature map records all data packet individuals;
determining an identifier of a data packet unit by using a fuzzy characteristic main body corresponding to the data packet unit, wherein the identifier of the data packet unit is specifically a main body identification tag corresponding to the fuzzy characteristic main body corresponding to the data packet unit;
specifically, each data packet unit corresponds to a fuzzy feature body, each fuzzy feature body corresponds to a unique identity, namely a unique identity identification tag is used for representing the identity, and the body identification tag corresponding to the data packet unit is used as the identifier of the data packet unit.
For any one data packet unit, establishing a connection relation between the data packet unit and other data packet units with association according to identifiers carried by the data packet unit, and counting the number of the data packet units with connection relation with the data packet unit to obtain a first association parameter of the data packet unit;
specifically, each data packet individual carries a plurality of body identification tags, for any one data packet individual, the body identification tags corresponding to the data packet individual are removed, and the remaining body identification tags respectively represent one data packet individual, so that the connection relationship between the data packet individual and other data packet individuals with the association can be established, and the number of the data packet individuals with the connection relationship with the data packet individual, namely the number of the remaining body identification tags, can be counted.
Counting the number of target data groups contained by the data packet individual and any data packet individual with a connection relation established between the data packet individual and any data packet individual to obtain a second association parameter of the data packet individual;
specifically, each data packet unit includes at least one group of data sets, any one of the data sets includes at least one subject identification tag, for the data set including more than one subject identification tag, there must be at least one data packet unit including the data set, and a connection relationship is established between the data packet unit and the at least one data packet unit, for the two data packet units, at least one group of the same data sets is included at the same time, the number of the same data sets included at the same time is recorded, and the number is used as the second association parameter of the data packet unit.
Calculating global characteristic parameters of the individual data packets according to the first association parameters and the second association parameters;
specifically, in this embodiment, the calculation expression formula for calculating the global characteristic parameter of any one data packet unit according to the first association parameter and the second association parameter is as follows:
wherein Q represents a global characteristic parameter, F 1 Representing the first associated parameter, F 2 Representing the second associated parameter, alpha and beta are respectively the first associated parameter F 1 And a second associated parameter F 2 Is used for the correction parameters of the (a).
After the global characteristic parameter of each data packet is obtained through calculation, the global association characteristic map and the global characteristic parameter of each data packet are used as association information between the data packets, and the association information is used as global characteristic information.
In a specific implementation process, the first association parameter and the second association parameter are added into the global association feature map, so that the association condition among all data packet individuals can be conveniently inquired.
In a specific implementation process, after the local feature information and the global feature information are obtained, a target database can be established and obtained, wherein the target database comprises the local feature information and the global feature information corresponding to the audit information database, network security audit is directly carried out on the target database through audit equipment, the audit workload is reduced, and the audit efficiency is improved.
Example 2
Referring to fig. 2, on the basis of embodiment 1, this embodiment provides a network security audit management system, including:
the data acquisition module is used for acquiring parameter information of the audit information database, determining a data extraction rule according to the parameter information, and extracting to-be-processed data from the audit information database based on the data extraction rule;
the first construction module is used for constructing a first database according to the data to be processed extracted from the audit information database;
the first data analysis module is used for carrying out security analysis on the first database to obtain a security analysis result, and establishing a fuzzy characteristic main body set G according to the security analysis result;
the second data analysis module is used for carrying out local feature analysis and global feature analysis on the fuzzy feature main body set G and the first database to obtain local feature information and global feature information;
specifically, traversing the first database one by using elements in the set G, selecting associated data of each fuzzy characteristic main body, adding a main body identification tag for the corresponding associated data in the first database, and obtaining a second database after traversing is finished;
traversing the set G, respectively taking each fuzzy characteristic main body in the set G as a clustering center, and constructing a plurality of data packets based on a second database to obtain local characteristic information;
determining association information among the data packets according to the main body identification tags in all the data packets to obtain global characteristic information;
and the second construction module is used for constructing a target database according to the local characteristic information and the global characteristic information.
In a specific implementation, for the second data analysis module, the method further includes:
the computing unit is used for computing global characteristic parameters;
the second data analysis module performs global feature analysis on the fuzzy feature main body set G and the first database to obtain a first association parameter and a second association parameter, and the global feature parameter is obtained through calculation according to the first association parameter and the second association parameter by the calculation unit.
It will be understood that modifications and variations will be apparent to those skilled in the art from the foregoing description, and it is intended that all such modifications and variations be included within the scope of the following claims. Parts of the specification not described in detail belong to the prior art known to those skilled in the art.

Claims (8)

1. A network security audit management method, comprising:
acquiring parameter information of an audit information database, and determining a data extraction rule according to the parameter information, wherein network data for network security audit is stored in the audit information database;
extracting data to be processed from the audit information database based on the data extraction rule, and constructing a first database, wherein the data in the first database is stored in the form of a data group;
performing security analysis on the first database through a pre-constructed security assessment model to obtain a security analysis result, wherein the security analysis result records a plurality of fuzzy feature subjects, and a fuzzy feature subject set G is established;
traversing the first database one by using elements in the set G, selecting associated data of each fuzzy characteristic main body, adding a main body identification tag for the corresponding associated data in the first database, and obtaining a second database after traversing is finished;
traversing the set G, respectively taking each fuzzy characteristic main body in the set G as a clustering center, and constructing a plurality of data packets based on the second database to obtain local characteristic information;
determining association information among the data packets according to the main body identification tags in all the data packets to obtain global characteristic information;
and constructing a target database according to the local characteristic information and the global characteristic information, and carrying out network security audit on the target database through audit equipment.
2. The network security audit management method according to claim 1, wherein traversing the first database one by one with elements in the set G, selecting associated data of each fuzzy feature body, and adding a body identification tag to the corresponding associated data in the first database, includes:
for set G, g= { G (r) 1 ,G(r) 2 ,…,G(r) n Wherein n represents the number of elements in the set G, for any one element G (r) in the set G i R represents feature information of the element, i represents the number of items of the element;
traversing the first database with elements in the set G, respectively, for any one element G (r) i Selecting associated data corresponding to the element from the first database according to the characteristic information of the element, and determining a main body identification tag of the element to selectThe obtained association data is added with a main body identification tag.
3. The network security audit management method according to claim 2, wherein traversing the set G, using each fuzzy feature body in the set G as a cluster center, and constructing a plurality of data packets based on the second database includes:
for any element G (r) in collection G i Performing tag identification on the second database, copying a target data set with a main body identification tag corresponding to the element from the second database according to the main body identification tag of the element, taking a fuzzy characteristic main body corresponding to the element as a clustering center, and associating the copied target data set with the fuzzy characteristic main body to construct a data packet, wherein the target data set in the data packet carries the corresponding main body identification tag;
and traversing the set G to obtain a plurality of data packets, wherein the number of the data packets is equal to the number of elements in the set G.
4. A network security audit management method according to claim 3 wherein said determining association information between packets based on body identification tags in all packets includes:
constructing a global association characteristic map, wherein all data packet individuals are recorded in the global association characteristic map; determining an identifier of a data packet unit by using a fuzzy characteristic main body corresponding to the data packet unit, wherein the identifier of the data packet unit is specifically a main body identification tag corresponding to the fuzzy characteristic main body corresponding to the data packet unit;
for any one data packet unit, establishing a connection relation between the data packet unit and other data packet units with association according to identifiers carried by the data packet unit, and counting the number of the data packet units with connection relation with the data packet unit to obtain a first association parameter of the data packet unit;
counting the number of target data groups contained by the data packet individual and any data packet individual with a connection relation established between the data packet individual and any data packet individual to obtain a second association parameter of the data packet individual;
calculating global characteristic parameters of the individual data packets according to the first association parameters and the second association parameters;
and using the global association characteristic map and the global characteristic parameter of each data packet unit as association information between the data packets.
5. The network security audit management method according to claim 4 wherein calculating a global characteristic of any one of the individual data packets based on the first associated parameter and the second associated parameter includes:
the calculation expression formula of the global characteristic parameter of any one data packet individual is calculated according to the first association parameter and the second association parameter is as follows:
wherein Q represents a global characteristic parameter, F 1 Representing the first associated parameter, F 2 Representing the second associated parameter, alpha and beta are respectively the first associated parameter F 1 And a second associated parameter F 2 Is used for the correction parameters of the (a).
6. The network security audit management method according to claim 1 wherein the obtaining parameter information of the audit information database, determining a data extraction rule according to the parameter information, includes:
and the parameter information comprises data storage capacity, data storage capacity and data transmission rate of the audit information database, a first preset extraction proportion is adjusted according to the data storage capacity and the data transmission rate to obtain a second preset extraction proportion, and the second preset extraction proportion is used as the data extraction proportion of the audit information database to obtain the data extraction rule.
7. A network security audit management system, characterized in that the system applies a network security audit management method according to any of claims 1-6, the system comprising:
the data acquisition module is used for acquiring parameter information of an audit information database, determining a data extraction rule according to the parameter information, and extracting to-be-processed data from the audit information database based on the data extraction rule;
the first construction module is used for constructing a first database according to the data to be processed extracted from the audit information database;
the first data analysis module is used for carrying out security analysis on the first database to obtain a security analysis result, and establishing a fuzzy characteristic main body set G according to the security analysis result;
the second data analysis module is used for carrying out local feature analysis and global feature analysis on the fuzzy feature main body set G and the first database to obtain local feature information and global feature information;
and the second construction module is used for constructing a target database according to the local characteristic information and the global characteristic information.
8. A network security audit management system according to claim 7 and further including, for the second data analysis module:
the computing unit is used for computing global characteristic parameters;
and the second data analysis module performs global feature analysis on the fuzzy feature main body set G and the first database to obtain a first association parameter and a second association parameter, and the calculation unit calculates the global feature parameter according to the first association parameter and the second association parameter.
CN202310600359.1A 2023-05-25 2023-05-25 Network security audit management method and system Pending CN116582333A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310600359.1A CN116582333A (en) 2023-05-25 2023-05-25 Network security audit management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310600359.1A CN116582333A (en) 2023-05-25 2023-05-25 Network security audit management method and system

Publications (1)

Publication Number Publication Date
CN116582333A true CN116582333A (en) 2023-08-11

Family

ID=87543872

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310600359.1A Pending CN116582333A (en) 2023-05-25 2023-05-25 Network security audit management method and system

Country Status (1)

Country Link
CN (1) CN116582333A (en)

Similar Documents

Publication Publication Date Title
CN111614690B (en) Abnormal behavior detection method and device
CN108665159A (en) A kind of methods of risk assessment, device, terminal device and storage medium
CN109919781A (en) Case recognition methods, electronic device and computer readable storage medium are cheated by clique
CN107729519B (en) Multi-source multi-dimensional data-based evaluation method and device, and terminal
CN111866196B (en) Domain name traffic characteristic extraction method, device and equipment and readable storage medium
CN113111063A (en) Medical patient main index discovery method applied to multiple data sources
CN116644184B (en) Human resource information management system based on data clustering
CN111460315B (en) Community portrait construction method, device, equipment and storage medium
CN104965846B (en) Visual human's method for building up in MapReduce platform
CN109144999B (en) Data positioning method, device, storage medium and program product
CN116862434A (en) Material data management system and method based on big data
CN116578904A (en) Block chain address attribute classification method and system based on integrated machine learning
CN116582333A (en) Network security audit management method and system
CN106095987A (en) Community network-based content personalized pushing method and system
CN110991241A (en) Abnormality recognition method, apparatus, and computer-readable medium
CN113448876B (en) Service testing method, device, computer equipment and storage medium
CN115829371A (en) Data quality assessment method and related device applied to government affair field
CN113393169B (en) Financial industry transaction system performance index analysis method based on big data technology
CN112182121B (en) Vehicle-related relationship discovery method, device, equipment and medium
CN112148764B (en) Feature screening method, device, equipment and storage medium
CN110399399B (en) User analysis method, device, electronic equipment and storage medium
CN113705072A (en) Data processing method, data processing device, computer equipment and storage medium
CN113761584B (en) Archive information management system based on Internet platform
CN117333006B (en) Inlet and outlet industrial product risk information monitoring system and method
CN116362933B (en) Intelligent campus management method and system based on big data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination