CN116668194A - Network security situation assessment system based on Internet centralized control platform - Google Patents
Network security situation assessment system based on Internet centralized control platform Download PDFInfo
- Publication number
- CN116668194A CN116668194A CN202310930877.XA CN202310930877A CN116668194A CN 116668194 A CN116668194 A CN 116668194A CN 202310930877 A CN202310930877 A CN 202310930877A CN 116668194 A CN116668194 A CN 116668194A
- Authority
- CN
- China
- Prior art keywords
- data
- supervision
- security
- network
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004364 calculation method Methods 0.000 claims abstract description 54
- 238000004458 analytical method Methods 0.000 claims abstract description 34
- 238000011156 evaluation Methods 0.000 claims description 33
- 238000012545 processing Methods 0.000 claims description 33
- 238000012544 monitoring process Methods 0.000 claims description 20
- 238000004904 shortening Methods 0.000 claims description 19
- 238000000034 method Methods 0.000 claims description 13
- 238000007781 pre-processing Methods 0.000 claims description 11
- 238000004140 cleaning Methods 0.000 claims description 9
- 230000002159 abnormal effect Effects 0.000 claims description 8
- 238000013500 data storage Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 claims description 3
- 238000012937 correction Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network security situation assessment system based on an Internet centralized control platform, which relates to the technical field of network security situation assessment, solves the technical problem that in the prior art, network data cannot be analyzed in an internal and external manner so that situation assessment accuracy is low, calculates a security index of a supervision subject through a security index calculation unit, marks a generation period of the supervision subject as a network operation period, acquires security index calculation coefficients of the supervision subject corresponding to each moment, divides each moment in the network operation period into a high-index moment point and a low-index moment point according to the security index calculation coefficients, sends the high-index moment points and the low-index moment points to a security early warning unit, performs security early warning on the supervision subject through the security early warning unit, and performs security situation assessment on the supervision subject through the security situation assessment unit after receiving a security analysis early warning signal.
Description
Technical Field
The invention relates to the technical field of network security situation assessment, in particular to a network security situation assessment system based on an Internet centralized control platform.
Background
Situation assessment plays an important role in research, and is an important and key link of the whole process; through situation assessment, potential safety hazards and threats in the network can be discovered as early as possible, and the full assessment of the influence range and the severity of the potential safety hazards and the threats can help management staff to master the safety condition of the current network, so that containment and prevention measures are taken for the threats before the occurrence, the system is prevented from being attacked and destroyed, and the system is fully protected.
However, in the prior art, network data cannot be classified according to hierarchical processing in the situation assessment process, so that situation assessment cost cannot be controlled, and meanwhile, internal and external influence analysis cannot be performed on the network data, so that accuracy of situation assessment is low.
In view of the above technical drawbacks, a solution is now proposed.
Disclosure of Invention
The invention aims to solve the problems and provides a network security situation assessment system based on an Internet centralized control platform.
The aim of the invention can be achieved by the following technical scheme:
the network security situation assessment system based on the Internet centralized control platform comprises an assessment platform, wherein the assessment platform is in communication connection with a hierarchical processing unit, a security index calculation unit, a security early warning unit and a security situation assessment unit;
the layering processing unit performs layering processing on the network data, performs circle classification on the network data according to the layering processing, collects the network data generated by the operation of the network coverage equipment, marks the network data as a supervision main body after the network data are collected, and sends the current supervision main body to the evaluation platform after preprocessing and data cleaning are completed;
the method comprises the steps that after an assessment platform receives a supervision main body, a safety index calculation signal is generated and sent to a safety index calculation unit, after the safety index calculation unit receives the safety index calculation signal, safety index calculation is conducted on the supervision main body, the generation period of the supervision main body is marked as a network operation period, the safety index calculation coefficients corresponding to the supervision main body at all moments are obtained, all moments in the network operation period are divided into a high-index moment point and a low-index moment point according to the safety index calculation coefficients and sent to a safety early warning unit, safety early warning is conducted on the supervision main body through the safety early warning unit, a safety analysis early warning signal or a safety analysis no-early warning signal is generated through the safety early warning and sent to the assessment platform, and after the safety analysis early warning signal is received by the assessment platform, safety situation assessment is conducted on the supervision main body through a safety situation assessment unit.
As a preferred embodiment of the present invention, the hierarchical processing unit operates as follows:
preprocessing a supervision main body, synchronizing the data formats of all data chains in the supervision main body and compressing the data in all the data chains so that the data specifications of all the data chains in the supervision main body are kept consistent; after preprocessing is completed, each data chain in the supervision main body is subjected to data cleaning, the data chains are sequentially set, the data volume difference values of adjacent data chains are controlled, the data volume difference value threshold is set, the data chains are ordered according to the data volume difference value threshold, after ordering is completed, each single data chain is subjected to data interval control, each byte of data in each single data chain is subjected to interval setting, and the interval amount is set as a data interval threshold; the data difference value threshold and the data interval threshold are synchronously set in a floatable error range of corresponding parameters when being set; the data space is expressed as a storage chain which has no data storage in adjacent byte data and occupies the data chain when each byte data in the data chain is stored in the chain; after the preprocessing and data cleaning are completed, the current supervision subject is sent to the evaluation platform.
As a preferred embodiment of the present invention, the safety index calculation unit operates as follows:
acquiring inconsistent data link numbers of the data link setting sequences and the actual arrangement sequences corresponding to the supervision subjects at all times in a network operation period and deviation values of the real-time data generation amounts and the statistical data generation amounts of the supervision subjects at all times, and marking the inconsistent data link numbers of the data link setting sequences and the actual arrangement sequences corresponding to the supervision subjects at all times and the deviation values of the real-time data generation amounts and the statistical data generation amounts of the supervision subjects at all times in the network operation period as SJL and PCZ respectively; acquiring average data interval increment span values of the data chains corresponding to the supervision subjects at all times in the network operation period, and marking the average data interval increment span values of the data chains corresponding to the supervision subjects at all times in the network operation period as KDZ;
and acquiring a safety index calculation coefficient G corresponding to the supervision body at each moment through a formula, and comparing the safety index calculation coefficient G of the supervision body with a safety index calculation coefficient threshold.
As a preferred embodiment of the invention, the formula isWherein, bh1, bh2 and bh3 are all preset proportionality coefficients, and bh1 is more than bh2 is more than bh3 and more than 0, and beta is an error correction factor, and the value is 0.985.
As a preferred embodiment of the present invention, if the security index calculation coefficient G of the supervision body exceeds the security index calculation coefficient threshold, determining that the security analysis of the supervision body at the current moment is abnormal, marking the corresponding moment as a low-index moment point, generating a security risk signal and sending the security risk signal to the evaluation platform, and performing secondary hierarchical processing on the current supervision body after the evaluation platform receives the security risk signal; if the safety index calculation coefficient G of the supervision body does not exceed the safety index calculation coefficient threshold, judging that the safety analysis of the supervision body at the current moment is normal, and marking the corresponding moment as a high-index moment point.
As a preferred embodiment of the present invention, the safety precaution unit operates as follows:
the method comprises the steps of obtaining the increment span of continuous quantity peak values corresponding to high-index time points in a network operation period and the shortening amount of interval duration between low-index time points and high-index time points in the network operation period, and comparing the increment span of continuous quantity peak values corresponding to the high-index time points in the network operation period and the shortening amount of interval duration between the low-index time points and the high-index time points in the network operation period with a quantity increment span threshold and a duration shortening amount threshold respectively.
As a preferred implementation mode of the invention, if the increment span of the continuous quantity peak value corresponding to the high-index time point in the network operation period exceeds the quantity increment span threshold value and the shortening amount of the interval duration between the low-index time point and the high-index time point in the network operation period does not exceed the duration shortening amount threshold value, judging that the safety precaution is normal in the network operation period, generating a safety analysis precaution signal and sending the safety analysis precaution signal to an evaluation platform;
if the increment span of the continuous number peak value corresponding to the high-index time point in the network operation period does not exceed the number increment span threshold, or the shortening amount of the interval duration between the low-index time and the high-index time in the network operation period exceeds the duration shortening amount threshold, judging that the safety early warning is abnormal in the network operation period, generating a safety analysis early warning-free signal and sending the safety analysis early warning-free signal to an evaluation platform.
As a preferred embodiment of the invention, the safety situation assessment unit operates as follows:
and marking the time period corresponding to the security analysis early warning as an influence time period, acquiring the overlapping path distance of the corresponding external non-single attack track of the supervision body in the influence time period and the unauthorized access increment of the corresponding storage data of the data link before and after the supervision body is attacked by the external, and analyzing the overlapping path distance of the corresponding external non-single attack track of the supervision body in the influence time period and the unauthorized access increment of the corresponding storage data of the data link before and after the supervision body is attacked by the external.
As a preferred implementation mode of the invention, if the overlapping path distance of the monitoring body corresponding to the external non-single attack track exceeds the overlapping path distance threshold value in the influence time period, or the unauthorized access increment of the data stored by the data link corresponding to the data link before and after the monitoring body is attacked by the external exceeds the increment threshold value, judging that the threat level of the external attack of the network data in the current influence time period is high, generating an external high influence signal and sending the external high influence signal to an evaluation platform; if the overlapping path distance of the monitoring main body corresponding to the external non-single attack track in the influence time period does not exceed the overlapping path distance threshold value and the unauthorized access increment of the data link corresponding to the stored data before and after the monitoring main body is attacked by the external is not beyond the increment threshold value, judging that the threat degree of the external attack of the network data in the current influence time period is low, generating an external low influence signal and sending the external low influence signal to the evaluation platform.
As a preferred implementation mode of the invention, after the evaluation platform receives the external high influence signal, external attack of the current supervision body is prevented, and data chain hierarchical processing monitoring is carried out after the external attack is not received; and after the evaluation platform receives the external low influence signal, carrying out hierarchical processing on the data link for secondary execution and carrying out monitoring statistics on external attack of the current supervision body.
Compared with the prior art, the invention has the beneficial effects that:
1. in the invention, the network data is subjected to hierarchical processing, the network data is classified according to the hierarchical processing, and the security situation evaluation is carried out on the network data corresponding to the classification, so that the security situation evaluation is carried out on a large amount of useless network data, the evaluation intensity is increased, and unnecessary cost is generated.
2. According to the invention, the security index calculation is carried out on the supervision body, and whether the current supervision body has risks is judged through the security index calculation, so that the security protection efficiency of the supervision body is improved, and the security of the Internet centralized control platform is increased; the monitoring main body is subjected to safety early warning, and whether the safety index of the monitoring main body floats normally or not is judged in a network operation period, so that the safety early warning is carried out on network data, early warning control can be carried out in time when the network data is abnormal, and the safety of the network data can be ensured; and carrying out security situation assessment on the supervision body, and judging whether the network intrusion threat degree of the current supervision body is at risk or not, so that the external influence and the internal influence of the network data are synchronously analyzed, the security situation assessment is more accurately carried out, and the security early warning efficiency of the network data is improved.
Drawings
The present invention is further described below with reference to the accompanying drawings for the convenience of understanding by those skilled in the art.
Fig. 1 is a schematic block diagram of a network security situation assessment system based on an internet centralized control platform.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
Referring to fig. 1, a network security situation assessment system based on an internet centralized control platform comprises an assessment platform, wherein the assessment platform is in communication connection with a hierarchical processing unit, a security index calculation unit, a security early warning unit and a security situation assessment unit;
in the network operation process, protecting data generated by a real-time network and carrying out network security situation early warning on the data, so that an evaluation platform generates a layering processing signal in the network data storage process and sends the layering processing signal to a layering processing unit, the layering processing unit carries out layering processing on the network data after receiving the layering processing signal, circles the network data according to the layering processing and carries out security situation evaluation on the network data corresponding to the circle, and the situation that a large amount of useless network data is subjected to security situation evaluation is avoided, so that evaluation intensity is increased and unnecessary cost is generated;
collecting network data generated by the operation of network coverage equipment, wherein the network data are specifically data such as system logs, alarms, information and the like in the server, the memory and the like in the prior art of the network coverage equipment; marking the network data as a supervision subject after the network data acquisition is completed; preprocessing a supervision body, synchronizing the data formats of all data chains in the supervision body and compressing the data in all the data chains so that the data specifications of all the data chains in the supervision body are kept consistent; after preprocessing is completed, each data chain in the supervision main body is subjected to data cleaning, the data chains are sequentially set, the data volume difference values of adjacent data chains are controlled, the data volume difference value threshold is set, the data chains are ordered according to the data volume difference value threshold, after ordering is completed, each single data chain is subjected to data interval control, each byte of data in each single data chain is subjected to interval setting, and the interval amount is set as a data interval threshold; the data difference value threshold and the data interval threshold are synchronously set in a floatable error range of corresponding parameters when being set; the data space is expressed as a storage chain which has no data storage in adjacent byte data and occupies the data chain when each byte data in the data chain is stored in the chain; after preprocessing and data cleaning are completed, the current supervision body is sent to an evaluation platform;
after the evaluation platform receives the supervision main body, a safety index calculation signal is generated and sent to the safety index calculation unit, the safety index calculation unit calculates the safety index of the supervision main body after receiving the safety index calculation signal, and judges whether the current supervision main body has risks or not through the safety index calculation, so that the safety protection efficiency of the supervision main body is improved, and the safety of the Internet centralized control platform is improved;
marking the generation period of the supervision subject as a network operation period, acquiring inconsistent data link quantity of the supervision subject corresponding data link setting sequence and the actual arrangement sequence at each time in the network operation period and the deviation value of the supervision subject real-time data generation quantity and the statistical data generation quantity at each time, and marking the inconsistent data link quantity of the supervision subject corresponding data link setting sequence and the actual arrangement sequence at each time and the deviation value of the supervision subject real-time data generation quantity and the statistical data generation quantity at each time in the network operation period as SJL and PCZ respectively; acquiring average data interval increment span values of the data chains corresponding to the supervision subjects at all times in the network operation period, and marking the average data interval increment span values of the data chains corresponding to the supervision subjects at all times in the network operation period as KDZ;
by the formulaObtaining a safety index calculation coefficient G of a supervision main body corresponding to each moment, wherein bh1, bh2 and bh3 are preset proportional coefficients, bh1 is more than bh2 and more than bh3 is more than 0, beta is an error correction factor, and the value is 0.985;
comparing the safety index calculation coefficient G of the supervising subject with a safety index calculation coefficient threshold value:
if the safety index calculation coefficient G of the supervision body exceeds the safety index calculation coefficient threshold, judging that the safety analysis of the supervision body at the current moment is abnormal, marking the corresponding moment as a low-index moment point, simultaneously generating a safety risk signal and sending the safety risk signal to an evaluation platform, and carrying out secondary hierarchical processing on the current supervision body after the evaluation platform receives the safety risk signal; if the safety index calculation coefficient G of the supervision subject does not exceed the safety index calculation coefficient threshold, judging that the safety analysis of the supervision subject at the current moment is normal, and marking the corresponding moment as a high-index moment point; the high-index time point and the low-index time point are sent to a safety early warning unit;
after the safety early warning unit receives the high-index time point and the low-index time point, safety early warning is carried out on the supervision main body, and whether the safety index of the supervision main body floats normally or not in a network operation period is judged, so that safety early warning is carried out on network data, early warning control can be carried out in time when the network data is abnormal, and the safety of the network data can be ensured;
the method comprises the steps of obtaining the increment span of continuous quantity peak values corresponding to high-index time points in a network operation period and the shortening amount of interval duration between low-index time points and high-index time points in the network operation period, and comparing the increment span of continuous quantity peak values corresponding to the high-index time points in the network operation period and the shortening amount of interval duration between the low-index time points and the high-index time points in the network operation period with a quantity increment span threshold and a duration shortening amount threshold respectively:
if the increment span of the continuous number peak value corresponding to the high-index time point in the network operation period exceeds the number increment span threshold and the shortening amount of the interval duration between the low-index time and the high-index time in the network operation period does not exceed the duration shortening amount threshold, judging that the safety early warning is normal in the network operation period, generating a safety analysis early warning signal and transmitting the safety analysis early warning signal to an evaluation platform; if the increment span of the continuous quantity peak value corresponding to the high-index time point in the network operation period does not exceed the quantity increment span threshold, or the shortening amount of the interval duration between the low-index time and the high-index time in the network operation period exceeds the duration shortening amount threshold, judging that the safety early warning is abnormal in the network operation period, generating a safety analysis early warning-free signal and transmitting the safety analysis early warning-free signal to an evaluation platform;
after receiving the security analysis early warning signal, the assessment platform generates a security situation assessment signal and sends the security situation assessment signal to a security situation assessment unit, and after receiving the security situation assessment signal, the security situation assessment unit carries out security situation assessment on the supervision subject and judges whether the network intrusion threat degree of the current supervision subject is at risk or not, so that the external influence and the internal influence of the network data are synchronously analyzed, the security situation assessment is carried out more accurately, and the security early warning efficiency of the network data is improved;
marking a time period corresponding to the security analysis early warning as an influence time period, acquiring the overlapping path distance of the corresponding external non-single attack track of the supervision body and the unauthorized access increment of the corresponding storage data of the data link before and after the supervision body is attacked by the external in the influence time period, and analyzing the overlapping path distance of the corresponding external non-single attack track of the supervision body and the unauthorized access increment of the corresponding storage data of the data link before and after the supervision body is attacked by the external in the influence time period, wherein the external attack is represented as attack modes such as external unauthorized access, data transmission interruption and the like, and the overlapping path is represented as a real-time overlapping path of different external attacks, such as sequencing data of a third byte in a first data link of the supervision body; the overlapping path distance is expressed as the overlapping distance of different attack paths, and if the overlapping path is the third byte, the overlapping distance is only the chain length of the third byte;
if the overlapping path distance of the monitoring main body corresponding to the external non-single attack track in the influence time period exceeds the overlapping path distance threshold, or the unauthorized access increment of the data stored by the data link corresponding to the data link before and after the monitoring main body is attacked by the external exceeds the increment threshold, judging that the external attack threat of the network data in the current influence time period is high, generating an external high influence signal and sending the external high influence signal to an evaluation platform;
if the overlapping path distance of the monitoring main body corresponding to the external non-single attack track in the influence time period does not exceed the overlapping path distance threshold value and the unauthorized access increment of the data stored by the data link corresponding to the data before and after the monitoring main body is attacked by the external is not beyond the increment threshold value, judging that the external attack threat of the network data in the current influence time period is low, generating an external low influence signal and sending the external low influence signal to an evaluation platform;
after the evaluation platform receives the external high influence signal, the external attack of the current supervision body is prevented, and the data link hierarchical processing monitoring is carried out after the external attack is not received; and after the evaluation platform receives the external low influence signal, carrying out hierarchical processing on the data link for secondary execution and carrying out monitoring statistics on external attack of the current supervision body.
The formulas are all formulas obtained by collecting a large amount of data for software simulation and selecting a formula close to a true value, and coefficients in the formulas are set by a person skilled in the art according to actual conditions;
when the method is used, the hierarchical processing unit is used for carrying out hierarchical processing on the network data, the network data is classified according to the hierarchical processing, the network data generated by the operation of the network coverage equipment is collected, the network data is marked as a supervision main body after the network data is collected, and the current supervision main body is sent to the evaluation platform after the pretreatment and the data cleaning are completed; the method comprises the steps of carrying out safety index calculation on a supervision main body through a safety index calculation unit, marking a generation period of the supervision main body as a network operation period, obtaining a safety index calculation coefficient corresponding to the supervision main body at each moment, dividing each moment in the network operation period into a high-index moment point and a low-index moment point according to the safety index calculation coefficient, sending the high-index moment point and the low-index moment point to a safety early warning unit, carrying out safety early warning on the supervision main body through the safety early warning unit, generating a safety analysis early warning signal or a safety analysis early warning signal not through the safety early warning, sending the safety analysis early warning signal to an assessment platform, and carrying out safety situation assessment on the supervision main body through a safety situation assessment unit after the assessment platform receives the safety analysis early warning signal.
The preferred embodiments of the invention disclosed above are intended only to assist in the explanation of the invention. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. The invention is limited only by the claims and the full scope and equivalents thereof.
Claims (10)
1. The network security situation assessment system based on the Internet centralized control platform is characterized by comprising an assessment platform, wherein the assessment platform is in communication connection with a hierarchical processing unit, a security index calculation unit, a security early warning unit and a security situation assessment unit;
the layering processing unit performs layering processing on the network data, performs circle classification on the network data according to the layering processing, collects the network data generated by the operation of the network coverage equipment, marks the network data as a supervision main body after the network data are collected, and sends the current supervision main body to the evaluation platform after preprocessing and data cleaning are completed;
the method comprises the steps that after an assessment platform receives a supervision main body, a safety index calculation signal is generated and sent to a safety index calculation unit, after the safety index calculation unit receives the safety index calculation signal, safety index calculation is conducted on the supervision main body, the generation period of the supervision main body is marked as a network operation period, the safety index calculation coefficients corresponding to the supervision main body at all moments are obtained, all moments in the network operation period are divided into a high-index moment point and a low-index moment point according to the safety index calculation coefficients and sent to a safety early warning unit, safety early warning is conducted on the supervision main body through the safety early warning unit, a safety analysis early warning signal or a safety analysis no-early warning signal is generated through the safety early warning and sent to the assessment platform, and after the safety analysis early warning signal is received by the assessment platform, safety situation assessment is conducted on the supervision main body through a safety situation assessment unit.
2. The network security posture assessment system based on the internet centralized control platform as claimed in claim 1, wherein the hierarchical processing unit operates as follows:
preprocessing a supervision main body, synchronizing the data formats of all data chains in the supervision main body and compressing the data in all the data chains so that the data specifications of all the data chains in the supervision main body are kept consistent; after preprocessing is completed, each data chain in the supervision main body is subjected to data cleaning, the data chains are sequentially set, the data volume difference values of adjacent data chains are controlled, the data volume difference value threshold is set, the data chains are ordered according to the data volume difference value threshold, after ordering is completed, each single data chain is subjected to data interval control, each byte of data in each single data chain is subjected to interval setting, and the interval amount is set as a data interval threshold; the data difference value threshold and the data interval threshold are synchronously set in a floatable error range of corresponding parameters when being set; the data space is expressed as a storage chain which has no data storage in adjacent byte data and occupies the data chain when each byte data in the data chain is stored in the chain; after the preprocessing and data cleaning are completed, the current supervision subject is sent to the evaluation platform.
3. The network security situation assessment system based on the internet centralized control platform according to claim 1, wherein the operation process of the security index calculation unit is as follows:
acquiring inconsistent data link numbers of the data link setting sequences and the actual arrangement sequences corresponding to the supervision subjects at all times in a network operation period and deviation values of the real-time data generation amounts and the statistical data generation amounts of the supervision subjects at all times, and marking the inconsistent data link numbers of the data link setting sequences and the actual arrangement sequences corresponding to the supervision subjects at all times and the deviation values of the real-time data generation amounts and the statistical data generation amounts of the supervision subjects at all times in the network operation period as SJL and PCZ respectively; acquiring average data interval increment span values of the data chains corresponding to the supervision subjects at all times in the network operation period, and marking the average data interval increment span values of the data chains corresponding to the supervision subjects at all times in the network operation period as KDZ;
and acquiring a safety index calculation coefficient G corresponding to the supervision body at each moment through a formula, and comparing the safety index calculation coefficient G of the supervision body with a safety index calculation coefficient threshold.
4. The network security posture assessment system based on the internet centralized control platform of claim 3, wherein the formula isWherein, bh1, bh2 and bh3 are all preset proportionality coefficients, and bh1 is more than bh2 is more than bh3 and more than 0, and beta is an error correction factor, and the value is 0.985.
5. The network security situation assessment system based on the internet centralized control platform according to claim 4, wherein if the security index calculation coefficient G of the supervision subject exceeds the security index calculation coefficient threshold, determining that the security analysis of the supervision subject at the current moment is abnormal, marking the corresponding moment as a low-index moment point, simultaneously generating a security risk signal and sending the security risk signal to the assessment platform, and performing secondary hierarchical processing on the current supervision subject after the assessment platform receives the security risk signal; if the safety index calculation coefficient G of the supervision body does not exceed the safety index calculation coefficient threshold, judging that the safety analysis of the supervision body at the current moment is normal, and marking the corresponding moment as a high-index moment point.
6. The network security situation assessment system based on the internet centralized control platform as claimed in claim 1, wherein the operation process of the security early warning unit is as follows:
the method comprises the steps of obtaining the increment span of continuous quantity peak values corresponding to high-index time points in a network operation period and the shortening amount of interval duration between low-index time points and high-index time points in the network operation period, and comparing the increment span of continuous quantity peak values corresponding to the high-index time points in the network operation period and the shortening amount of interval duration between the low-index time points and the high-index time points in the network operation period with a quantity increment span threshold and a duration shortening amount threshold respectively.
7. The network security situation assessment system based on the internet centralized control platform according to claim 6, wherein if the increase span of the continuous number peak value corresponding to the high-index time point in the network operation period exceeds the number increase span threshold, and the reduction of the interval duration between the low-index time point and the high-index time point in the network operation period does not exceed the duration reduction threshold, the security early warning in the network operation period is judged to be normal, a security analysis early warning signal is generated, and the security analysis early warning signal is sent to the assessment platform;
if the increment span of the continuous number peak value corresponding to the high-index time point in the network operation period does not exceed the number increment span threshold, or the shortening amount of the interval duration between the low-index time and the high-index time in the network operation period exceeds the duration shortening amount threshold, judging that the safety early warning is abnormal in the network operation period, generating a safety analysis early warning-free signal and sending the safety analysis early warning-free signal to an evaluation platform.
8. The network security posture assessment system based on the internet centralized control platform as claimed in claim 1, wherein the security posture assessment unit operates as follows:
and marking the time period corresponding to the security analysis early warning as an influence time period, acquiring the overlapping path distance of the corresponding external non-single attack track of the supervision body in the influence time period and the unauthorized access increment of the corresponding storage data of the data link before and after the supervision body is attacked by the external, and analyzing the overlapping path distance of the corresponding external non-single attack track of the supervision body in the influence time period and the unauthorized access increment of the corresponding storage data of the data link before and after the supervision body is attacked by the external.
9. The network security situation assessment system based on the internet centralized control platform according to claim 8, wherein if the overlapping path distance of the monitoring body corresponding to the external non-single attack track exceeds the overlapping path distance threshold in the influence time period or the unauthorized access increment of the data stored in the data link corresponding to the data link before and after the monitoring body is attacked by the external exceeds the increment threshold, the network security situation assessment system based on the internet centralized control platform determines that the external attack threat level of the network data in the current influence time period is high, generates an external high influence signal and sends the external high influence signal to the assessment platform; if the overlapping path distance of the monitoring main body corresponding to the external non-single attack track in the influence time period does not exceed the overlapping path distance threshold value and the unauthorized access increment of the data link corresponding to the stored data before and after the monitoring main body is attacked by the external is not beyond the increment threshold value, judging that the threat degree of the external attack of the network data in the current influence time period is low, generating an external low influence signal and sending the external low influence signal to the evaluation platform.
10. The network security situation assessment system based on the internet centralized control platform according to claim 9, wherein after the assessment platform receives the external high influence signal, external attack of the current supervision body is prevented, and data link hierarchical processing monitoring is performed after the external attack is not received; and after the evaluation platform receives the external low influence signal, carrying out hierarchical processing on the data link for secondary execution and carrying out monitoring statistics on external attack of the current supervision body.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310930877.XA CN116668194B (en) | 2023-07-27 | 2023-07-27 | Network security situation assessment system based on Internet centralized control platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310930877.XA CN116668194B (en) | 2023-07-27 | 2023-07-27 | Network security situation assessment system based on Internet centralized control platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116668194A true CN116668194A (en) | 2023-08-29 |
| CN116668194B CN116668194B (en) | 2023-10-10 |
Family
ID=87715675
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310930877.XA Active CN116668194B (en) | 2023-07-27 | 2023-07-27 | Network security situation assessment system based on Internet centralized control platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116668194B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117251847A (en) * | 2023-08-31 | 2023-12-19 | 江苏南工科技集团有限公司 | High-robustness monitoring system for running security situation of computer software |
| CN117354859A (en) * | 2023-12-05 | 2024-01-05 | 深圳百沃彰世科技有限公司 | Mobile terminal communication quality detection and early warning system based on Internet of things |
| CN117670315A (en) * | 2024-01-31 | 2024-03-08 | 天科新能源有限责任公司 | Semi-solid battery recycling management system based on big data |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070169194A1 (en) * | 2004-12-29 | 2007-07-19 | Church Christopher A | Threat scoring system and method for intrusion detection security networks |
| CN103581186A (en) * | 2013-11-05 | 2014-02-12 | 中国科学院计算技术研究所 | Network security situation awareness method and system |
| CN103716177A (en) * | 2013-11-18 | 2014-04-09 | 国家电网公司 | Security risk assessment method and apparatus |
| WO2015070466A1 (en) * | 2013-11-18 | 2015-05-21 | 国家电网公司 | Security risk assessment method and apparatus |
| CN109302408A (en) * | 2018-10-31 | 2019-02-01 | 西安交通大学 | A kind of network security situation evaluating method |
| CN112291232A (en) * | 2020-10-27 | 2021-01-29 | 中国联合网络通信有限公司深圳市分公司 | Safety capability and safety service chain management platform based on tenants |
| CN112351010A (en) * | 2020-10-27 | 2021-02-09 | 滨州学院 | Network security situation sensing system and method based on local area network |
| CN112668837A (en) * | 2020-12-12 | 2021-04-16 | 南京珀煦软件科技有限公司 | Cloud computing platform for real-time monitoring and dynamic analysis of building engineering quality safety based on big data |
| CN113242227A (en) * | 2021-05-05 | 2021-08-10 | 航天云网云制造科技(浙江)有限公司 | Network security situation perception method |
| CN115001792A (en) * | 2022-05-27 | 2022-09-02 | 北京双湃智安科技有限公司 | Accuracy evaluation method for learning industrial Internet security perception system |
| CN115293249A (en) * | 2022-07-25 | 2022-11-04 | 武汉大学 | Power system typical scene probability prediction method based on dynamic time sequence prediction |
| CN115409364A (en) * | 2022-08-26 | 2022-11-29 | 道普信息技术有限公司 | Data security risk assessment method based on data analysis |
| CN115567241A (en) * | 2022-08-17 | 2023-01-03 | 江苏省未来网络创新研究院 | Multi-site network perception detection system |
| US11556638B1 (en) * | 2021-07-19 | 2023-01-17 | Expel, Inc. | Systems and methods for intelligent cybersecurity alert similarity detection and cybersecurity alert handling |
| WO2023077617A1 (en) * | 2021-11-02 | 2023-05-11 | 公安部第三研究所 | Network security situation adaptive active defense system and method |
-
2023
- 2023-07-27 CN CN202310930877.XA patent/CN116668194B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070169194A1 (en) * | 2004-12-29 | 2007-07-19 | Church Christopher A | Threat scoring system and method for intrusion detection security networks |
| CN103581186A (en) * | 2013-11-05 | 2014-02-12 | 中国科学院计算技术研究所 | Network security situation awareness method and system |
| CN103716177A (en) * | 2013-11-18 | 2014-04-09 | 国家电网公司 | Security risk assessment method and apparatus |
| WO2015070466A1 (en) * | 2013-11-18 | 2015-05-21 | 国家电网公司 | Security risk assessment method and apparatus |
| CN109302408A (en) * | 2018-10-31 | 2019-02-01 | 西安交通大学 | A kind of network security situation evaluating method |
| CN112351010A (en) * | 2020-10-27 | 2021-02-09 | 滨州学院 | Network security situation sensing system and method based on local area network |
| CN112291232A (en) * | 2020-10-27 | 2021-01-29 | 中国联合网络通信有限公司深圳市分公司 | Safety capability and safety service chain management platform based on tenants |
| CN112668837A (en) * | 2020-12-12 | 2021-04-16 | 南京珀煦软件科技有限公司 | Cloud computing platform for real-time monitoring and dynamic analysis of building engineering quality safety based on big data |
| CN113242227A (en) * | 2021-05-05 | 2021-08-10 | 航天云网云制造科技(浙江)有限公司 | Network security situation perception method |
| US11556638B1 (en) * | 2021-07-19 | 2023-01-17 | Expel, Inc. | Systems and methods for intelligent cybersecurity alert similarity detection and cybersecurity alert handling |
| WO2023077617A1 (en) * | 2021-11-02 | 2023-05-11 | 公安部第三研究所 | Network security situation adaptive active defense system and method |
| CN115001792A (en) * | 2022-05-27 | 2022-09-02 | 北京双湃智安科技有限公司 | Accuracy evaluation method for learning industrial Internet security perception system |
| CN115293249A (en) * | 2022-07-25 | 2022-11-04 | 武汉大学 | Power system typical scene probability prediction method based on dynamic time sequence prediction |
| CN115567241A (en) * | 2022-08-17 | 2023-01-03 | 江苏省未来网络创新研究院 | Multi-site network perception detection system |
| CN115409364A (en) * | 2022-08-26 | 2022-11-29 | 道普信息技术有限公司 | Data security risk assessment method based on data analysis |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117251847A (en) * | 2023-08-31 | 2023-12-19 | 江苏南工科技集团有限公司 | High-robustness monitoring system for running security situation of computer software |
| CN117251847B (en) * | 2023-08-31 | 2024-02-13 | 江苏南工科技集团有限公司 | High-robustness monitoring system for running security situation of computer software |
| CN117354859A (en) * | 2023-12-05 | 2024-01-05 | 深圳百沃彰世科技有限公司 | Mobile terminal communication quality detection and early warning system based on Internet of things |
| CN117354859B (en) * | 2023-12-05 | 2024-04-19 | 深圳百沃彰世科技有限公司 | Mobile terminal communication quality detection and early warning system based on Internet of things |
| CN117670315A (en) * | 2024-01-31 | 2024-03-08 | 天科新能源有限责任公司 | Semi-solid battery recycling management system based on big data |
| CN117670315B (en) * | 2024-01-31 | 2024-04-26 | 天科新能源有限责任公司 | Semi-solid battery recycling management system based on big data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116668194B (en) | 2023-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116668194B (en) | Network security situation assessment system based on Internet centralized control platform | |
| CN104125217A (en) | Cloud data center real-time risk assessment method based on mainframe log analysis | |
| CN115664744A (en) | Power Internet of things network security risk assessment method and system | |
| CN115858303B (en) | Zabbix-based server performance monitoring method and system | |
| CN116579615A (en) | Vegetation coverage monitoring system based on unmanned aerial vehicle remote sensing | |
| CN114383751A (en) | Power grid operation auxiliary analysis system based on wireless passive temperature measurement | |
| CN116344012B (en) | Medical management system based on diagnosis and treatment log | |
| CN117523299A (en) | Image recognition method, system and storage medium based on computer network | |
| CN106789322A (en) | The determination method and apparatus of key node in Information Network | |
| CN104486353B (en) | A kind of security incident detection method and device based on flow | |
| CN108805427A (en) | A kind of distribution Running State Warning System based on big data | |
| CN117201188A (en) | IT safe operation risk prediction method, system and medium based on big data | |
| CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
| CN115150206B (en) | Intrusion detection safety early warning system and method for information safety | |
| CN112417442A (en) | Method for evaluating protection capability of power internet of things sensing layer in transformer substation scene | |
| CN114397842A (en) | Intelligent inspection reinforcing method for safety of power monitoring network | |
| CN114386477A (en) | Automatic identification method for radiation field abnormity monitoring data | |
| CN111103487A (en) | Non-invasive PST anomaly monitoring method based on power consumption analysis | |
| CN115701889A (en) | Oil field industrial control safety supervision method based on SOAR | |
| CN117499426A (en) | Administrative safety monitoring and early warning system | |
| CN108769032A (en) | Intranet security specialist analytical method and system | |
| CN117171810B (en) | Low-carbon energy data access system and method for industrial park | |
| CN117934246B (en) | Wisdom community data management platform | |
| CN116821705A (en) | Meter data tampering detection method based on charging station and charging pile power | |
| CN117239934B (en) | Big data-based power equipment monitoring method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |