CN116707927A - Situation awareness method, system, computer equipment and storage medium - Google Patents
Situation awareness method, system, computer equipment and storage medium Download PDFInfo
- Publication number
- CN116707927A CN116707927A CN202310717844.7A CN202310717844A CN116707927A CN 116707927 A CN116707927 A CN 116707927A CN 202310717844 A CN202310717844 A CN 202310717844A CN 116707927 A CN116707927 A CN 116707927A
- Authority
- CN
- China
- Prior art keywords
- information
- authentication
- data
- situation
- feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000000605 extraction Methods 0.000 claims abstract description 19
- 230000006399 behavior Effects 0.000 claims abstract description 11
- 238000007499 fusion processing Methods 0.000 claims abstract description 10
- 238000007781 pre-processing Methods 0.000 claims abstract description 10
- 230000005856 abnormality Effects 0.000 claims abstract description 9
- 238000007405 data analysis Methods 0.000 claims abstract description 9
- 238000010801 machine learning Methods 0.000 claims abstract description 9
- 238000012549 training Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 10
- 238000001514 detection method Methods 0.000 claims description 10
- 239000013598 vector Substances 0.000 claims description 7
- 230000002776 aggregation Effects 0.000 claims description 3
- 238000004220 aggregation Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 230000009467 reduction Effects 0.000 claims description 3
- 238000006722 reduction reaction Methods 0.000 claims description 3
- 238000005070 sampling Methods 0.000 claims description 3
- 238000011156 evaluation Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 6
- 238000012098 association analyses Methods 0.000 description 4
- 239000011159 matrix material Substances 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 238000012800 visualization Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007500 overflow downdraw method Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a situation awareness method, a system, computer equipment and a storage medium, and relates to the technical field of network security, wherein the method comprises the following steps: identity authentication, namely authenticating a logged-in user, wherein the authentication comprises first login authentication and subsequent quantum security enhanced HSS authentication; data acquisition, namely acquiring data information in a network environment; feature extraction, preprocessing, feature extraction and machine learning are carried out on the collected data information to obtain feature information; situation assessment, carrying out data fusion processing to obtain a situation assessment result of the current network environment; and safety precaution, analyzing the data information collected at present through big data analysis, and responding to the abnormality. The technical scheme provided by the invention realizes the continuous evaluation of the credibility of the access behaviors of the user by authenticating the user logging in the situation awareness system.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a situation awareness method, a situation awareness system, a computer device, and a computer readable storage medium.
Background
The security situation awareness system can be understood as a customer's security brain and is a big data security analysis platform integrating detection, early warning and response treatment. The platform takes full flow analysis as a core, and combines technologies such as threat alarm, behavior analysis modeling, UEBA (user and entity behavior analysis, user andentity behavior analytics), collapse host detection, graph association analysis, machine learning, big data association analysis, visualization and the like, so that threat visualization, attack, suspicious flow visualization and the like can be realized. The platform can effectively help clients to discover threats in time before loss occurs after advanced threat intrusion.
With the continuous expansion of the internet scale and the increasingly finer patterns of operation management, a network control center will gush in a large amount of data and information, so that how to enable management staff to effectively grasp the operation situation of a system from numerous, massive, dynamic and possibly flawed data, and further effectively control the operation of the system becomes a problem to be solved urgently. The situation awareness system realizes situation awareness defense of network security by carrying out situation awareness on various data in the network environment. At present, situation awareness technology mainly aims at defending abnormal items in network security by collecting data information in a network environment, dynamic security data generated by system operation and the like and analyzing the data. However, the current situation awareness technology has difficulty in guaranteeing the safety of the acquired data in practical application
Disclosure of Invention
The invention is completed in order to at least partially solve the technical problem that the safety of the acquired data is difficult to ensure in the prior art.
According to an aspect of the present invention, there is provided a situation awareness method including: identity authentication, namely authenticating a logged-in user, wherein the authentication comprises first login authentication and quantum security enhancement HSS (Home Subscriber Server) authentication which is continuously carried out on the user after the first login authentication; data acquisition, namely acquiring data information in a network environment; feature extraction, preprocessing acquired data information to obtain a service data sample, performing feature extraction on the service data sample to obtain a feature sample set, performing machine learning according to the feature sample set to obtain a training model, and performing feature detection on the service data sample through the training model to obtain feature information; carrying out data fusion processing on the acquired data information based on the characteristic information to obtain a situation assessment result of the current network environment; and safety precaution, based on the characteristic information and the situation assessment result, analyzing the currently collected data information through big data analysis, and responding to the abnormality.
Optionally, the first login authentication uses a digital certificate or SIM (Subscriber Identity Module) card to complete identity authentication.
Optionally, the quantum security enhanced HSS authentication includes providing a quantum random number to the HSS module via the quantum key cloud platform to replace the pseudorandom number to promote random number security in the authentication vector.
Optionally, the quantum security enhanced HSS authentication continues to evaluate the trustworthiness of the user access behaviour and re-authenticates the user or cuts off the user access when an anomaly is found.
Optionally, the data information in the network environment includes device operation status information, configuration information, traffic transmission information, and security alarm information.
Optionally, the data information in the collected network environment is symmetrically encrypted by adopting a quantum key.
Optionally, in the feature extraction, the preprocessing includes data cleansing, conversion, reduction, aggregation, and sampling.
Optionally, the situation assessment includes correlation identification of the collected data information in terms of time, space, and protocol.
According to another aspect of the present invention, there is provided a situation awareness system including: the identity authentication module is arranged to authenticate a logged-in user and comprises a first login authentication module used for first login authentication and an HSS authentication module used for continuously carrying out quantum security enhanced HSS authentication on the user after the first login authentication; the data acquisition module is used for acquiring data information in a network environment; the feature extraction module is used for preprocessing the acquired data information to obtain a service data sample, extracting features of the service data sample to obtain a feature sample set, performing machine learning according to the feature sample set to obtain a training model, and performing feature detection on the service data sample through the training model to obtain feature information; the situation assessment module is used for carrying out data fusion processing on the collected data information based on the characteristic information to obtain a situation assessment result of the current network environment; and the safety early warning module is used for analyzing the currently acquired data information through big data analysis based on the characteristic information and the situation assessment result and responding to the abnormality.
According to a further aspect of the present invention there is provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, which when executed by the processor performs the aforementioned situational awareness method.
According to yet another aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the aforementioned situation awareness method.
The technical scheme provided by the invention can comprise the following beneficial effects:
according to the situation awareness method, through the provided big data security analysis, through data modeling, behavior learning and information association analysis, a security monitoring and protection system is built, the network space security continuous monitoring capability is provided, and various attack threats and anomalies can be found in time; by authenticating the user logging in the situation awareness system, the continuous evaluation of the credibility of the user access behavior is realized; the quantum key is adopted to encrypt the acquired data, so that the data acquisition safety is ensured, and the safety risks of interception, tampering, counterfeiting and the like of the data are prevented.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate and do not limit the invention.
Fig. 1 is a schematic flow chart of a situation awareness method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a situation awareness system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the following detailed description of the embodiments of the present invention will be given with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.
The invention provides a situation awareness method, in particular to a situation awareness method based on a quantum key. As shown in fig. 1, the method comprises the steps of: s1, identity authentication: authenticating a logged-in user, including first login authentication and quantum security enhanced HSS authentication which is continuously performed on the user after the first login authentication; s2, data acquisition: collecting data information in a network environment; s3, feature extraction: preprocessing the acquired data information to obtain a service data sample, extracting features of the service data sample to obtain a feature sample set, performing machine learning according to the feature sample set to obtain a training model, and performing feature detection on the service data sample through the training model to obtain feature information; s4, situation assessment: carrying out data fusion processing on the acquired data information based on the characteristic information to obtain a situation assessment result of the current network environment; s5, safety precaution: and analyzing the currently acquired data information through big data analysis based on the characteristic information and the situation assessment result, and responding to the abnormality.
The above steps S1 to S5 are described in more detail below, respectively.
S1, identity authentication
Identity authentication refers to the authentication of legitimacy of a user who is logged into, for example, situational awareness system 10 (see fig. 2). The user here may comprise a person or a device. The identity authentication may include a first sign-on authentication and a quantum security enhanced HSS authentication to the user that persists after the first sign-on authentication. Alternatively, the first sign-on authentication may use a digital certificate or a SIM card to complete the identity authentication. After the first log-in authentication is completed, the user needs to be subjected to quantum security enhanced HSS authentication continuously to evaluate the credibility of the access behavior of the terminal user continuously, and the terminal user can respond timely after detecting the abnormality, for example, the user is re-authenticated, the access of the user is cut off, and the continuous dynamic credibility of the user and the equipment is realized. Optionally, quantum security enhanced HSS authentication may include providing quantum random numbers to the HSS module (e.g., located in the situational awareness system 10) via the quantum key cloud platform in place of pseudo random numbers to promote random number security in the authentication vector. Here, the pseudo random number is generated by an algorithm in an original protocol in a situation awareness system, for example.
S2, data acquisition
Here, the collected data information in the network environment may include device operation state information, configuration information, traffic transmission information, and security alarm information. The data collected may originate from two aspects: firstly, log data, alarm data, captured data packet information, statistical information, metadata and the like on various internal devices and systems accessed by the situation awareness system 10, for example; second, data is collected externally, i.e., from third party sources outside of the devices and systems to which situational awareness system 10 is connected. In addition, these data from the outside are associated with data from the inside.
In order to ensure the safety of data and prevent the safety risks of interception, tampering, counterfeiting and the like of the data, the quantum key can be adopted to carry out symmetric encryption on the data information in the acquired network environment.
S3, feature extraction
After a large amount of data is collected by the data collection step (S2), useful data is extracted from the data and subjected to corresponding preprocessing, thereby obtaining a service data sample. Here, the useful data means data that can be used for the subsequent feature extraction, excluding invalid data. Here, preprocessing may include data cleansing, conversion, reduction, aggregation, sampling, and the like.
And carrying out feature extraction on the service data samples to obtain a feature sample set. The following exemplary description of the method of performing feature extraction is given, but it should be understood that the method of performing feature extraction is not limited thereto: 1) Performing standardized processing on the original d-dimensional data set; 2) Constructing a covariance matrix of the sample; 3) Calculating eigenvalues and corresponding eigenvectors of the covariance matrix; 4) Selecting feature vectors corresponding to the first k maximum feature values, wherein k is less than or equal to d; 5) Constructing a mapping matrix W through the first k eigenvectors; 6) The d-dimensional raw data is converted into a k-dimensional feature subspace by the mapping matrix W. Here, k and d are both positive integers.
And performing machine learning according to the feature sample set to obtain a training model, and performing feature detection on the service data sample through the training model to obtain feature information. Thus, the accuracy of the feature detection of the service data sample can be improved.
S4, situation assessment
And carrying out data fusion processing on the acquired data information based on the characteristic information to obtain a situation assessment result of the current network environment. More specifically, situation assessment is mainly performed by performing data fusion processing on related events, and can perform association identification on acquired data information from multiple aspects of time, space, protocol and the like.
The situation assessment results may include a risk level for the current network environment. In other words, situation assessment combines data information, carries out risk assessment on the current time, and judges the risk level.
The data fusion processing here means that, based on the feature information (the feature information is a sufficient representation amount or a sufficient statistic of the original information) obtained in the above-described feature extraction (S3), the multi-source data is classified, aggregated and synthesized according to the feature information to generate feature vectors, and then these feature vectors are fused by a feature-level fusion method, and an attribute description based on the fused feature vectors is made.
S5, safety precaution
And analyzing the currently acquired data information through big data analysis based on the characteristic information and the situation assessment result, and responding to the abnormality. Specifically, a big data analysis technology can be adopted, and technical support is provided for network security analysis based on various data such as flow, logs, equipment configuration, equipment operation information and the like. Optionally, the response processing in the security pre-warning includes blocking, analyzing threat sources, providing security alerts, and the like.
According to another aspect of the present invention, there is provided a situational awareness system 10, as shown in fig. 2, the situational awareness system 10 including: an identity authentication module 11 configured to authenticate a logged-in user, including a first login authentication module for first login authentication and an HSS authentication module for quantum security enhanced HSS authentication performed continuously on the user after the first login authentication; a data acquisition module 12 arranged to acquire data information in a network environment; a feature extraction module 13 configured to pre-process the collected data information to obtain a service data sample, perform feature extraction on the service data sample to obtain a feature sample set, perform machine learning according to the feature sample set to obtain a training model, and perform feature detection on the service data sample through the training model to obtain feature information; a situation assessment module 14 configured to perform data fusion processing on the collected data information based on the feature information, and obtain a situation assessment result of the current network environment; and a safety pre-warning module 15 configured to analyze the currently collected data information through big data analysis based on the feature information and the situation evaluation result, and to respond to the abnormality.
Based on the same technical concept, the embodiment of the present invention correspondingly provides a computer device 20, as shown in fig. 3, where the computer device 20 includes a memory 21 and a processor 22, a computer program is stored in the memory 21, and when the processor 22 runs the computer program stored in the memory 21, the processor 22 executes the foregoing situation awareness method.
Based on the same technical concept, the embodiment of the invention correspondingly provides a computer readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the processor executes the situation awareness method.
In summary, the situation awareness method, the system, the computer equipment and the storage medium provided by the embodiment of the invention have the advantages that through the provided big data security analysis, the security monitoring and protection system is built through data modeling, behavior learning and information association analysis, the network space security continuous monitoring capability is provided, and various attack threats and anomalies can be found in time; by authenticating the user logging in the situation awareness system, the continuous evaluation of the credibility of the user access behavior is realized; the quantum key is adopted to encrypt the acquired data, so that the data acquisition safety is ensured, and the safety risks of interception, tampering, counterfeiting and the like of the data are prevented. In addition, the security elements with changed network situation can be obtained, understood and displayed, and the forward prediction of the recent development trend can be realized.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, functional modules/units in the apparatus, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (11)
1. A situation awareness method, comprising:
identity authentication, namely authenticating a logged-in user, wherein the authentication comprises first login authentication and quantum security enhanced HSS authentication which is continuously performed on the user after the first login authentication;
data acquisition, namely acquiring data information in a network environment;
feature extraction, preprocessing acquired data information to obtain a service data sample, performing feature extraction on the service data sample to obtain a feature sample set, performing machine learning according to the feature sample set to obtain a training model, and performing feature detection on the service data sample through the training model to obtain feature information;
carrying out data fusion processing on the acquired data information based on the characteristic information to obtain a situation assessment result of the current network environment; and
and safety early warning, analyzing the currently collected data information through big data analysis based on the characteristic information and the situation assessment result, and responding to the abnormality.
2. The situation awareness method of claim 1 wherein the first sign-on authentication employs a digital certificate or a SIM card to complete identity authentication.
3. The situation awareness method of claim 1 wherein the quantum security enhanced HSS authentication comprises providing a quantum random number to the HSS module via a quantum key cloud platform to replace a pseudorandom number to promote random number security in an authentication vector.
4. A situation awareness method according to claim 1 or 3, characterized in that the quantum security enhanced HSS authentication continuously evaluates the trustworthiness of the user access behaviour and re-authenticates the user or cuts off the user access when an anomaly is found.
5. The situation awareness method of claim 1 wherein the data information in the network environment comprises device operational status information, configuration information, traffic transmission information, and security alert information.
6. The situation awareness method according to claim 1 or 5, characterized in that the data information in the collected network environment is encrypted symmetrically by means of a quantum key.
7. The situation awareness method of claim 1 wherein in the feature extraction the preprocessing comprises data cleansing, conversion, reduction, aggregation and sampling.
8. The situational awareness method of claim 1, wherein the situational assessment includes associative identification of the collected data information in terms of time, space, and protocol.
9. A situational awareness system, comprising:
the identity authentication module is arranged to authenticate a logged-in user and comprises a first login authentication module used for first login authentication and an HSS authentication module used for continuously carrying out quantum security enhanced HSS authentication on the user after the first login authentication;
the data acquisition module is used for acquiring data information in a network environment;
the feature extraction module is used for preprocessing the acquired data information to obtain a service data sample, extracting features of the service data sample to obtain a feature sample set, performing machine learning according to the feature sample set to obtain a training model, and performing feature detection on the service data sample through the training model to obtain feature information;
the situation assessment module is used for carrying out data fusion processing on the collected data information based on the characteristic information to obtain a situation assessment result of the current network environment;
and the safety early warning module is used for analyzing the currently acquired data information through big data analysis based on the characteristic information and the situation assessment result and responding to the abnormality.
10. A computer device comprising a memory and a processor, the memory having a computer program stored therein, the processor performing the situational awareness method of any of claims 1 to 8 when the processor runs the computer program stored in the memory.
11. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, performs the situation awareness method according to any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310717844.7A CN116707927A (en) | 2023-06-16 | 2023-06-16 | Situation awareness method, system, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310717844.7A CN116707927A (en) | 2023-06-16 | 2023-06-16 | Situation awareness method, system, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116707927A true CN116707927A (en) | 2023-09-05 |
Family
ID=87838886
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310717844.7A Pending CN116707927A (en) | 2023-06-16 | 2023-06-16 | Situation awareness method, system, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116707927A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117473475A (en) * | 2023-11-01 | 2024-01-30 | 北京宝联之星科技股份有限公司 | Big data security protection method, system and medium based on trusted computing |
-
2023
- 2023-06-16 CN CN202310717844.7A patent/CN116707927A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117473475A (en) * | 2023-11-01 | 2024-01-30 | 北京宝联之星科技股份有限公司 | Big data security protection method, system and medium based on trusted computing |
| CN117473475B (en) * | 2023-11-01 | 2024-04-09 | 北京宝联之星科技股份有限公司 | Big data security protection method, system and medium based on trusted computing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114584405B (en) | Electric power terminal safety protection method and system | |
| US9836600B2 (en) | Method and apparatus for detecting a multi-stage event | |
| US9870470B2 (en) | Method and apparatus for detecting a multi-stage event | |
| US10491630B2 (en) | System and method for providing data-driven user authentication misuse detection | |
| US8418247B2 (en) | Intrusion detection method and system | |
| CN108650225B (en) | Remote safety monitoring equipment, system and remote safety monitoring method | |
| CN115996146B (en) | Numerical control system security situation sensing and analyzing system, method, equipment and terminal | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| US10073980B1 (en) | System for assuring security of sensitive data on a host | |
| CN106951776A (en) | A kind of Host Anomaly Detection method and system | |
| CN112671767B (en) | Security event early warning method and device based on alarm data analysis | |
| CN112491779A (en) | Abnormal behavior detection method and device and electronic equipment | |
| CN116707927A (en) | Situation awareness method, system, computer equipment and storage medium | |
| WO2019220363A1 (en) | Creation and verification of behavioral baselines for the detection of cybersecurity anomalies using machine learning techniques | |
| CN118074979A (en) | Block chain-based safety monitoring system | |
| CN117319090A (en) | Intelligent network safety protection system | |
| CN118018229A (en) | Network threat detection method based on big data | |
| Mihailescu et al. | Unveiling Threats: Leveraging User Behavior Analysis for Enhanced Cybersecurity | |
| CN113506109A (en) | Fraud transaction identification method and device | |
| Liang et al. | Outlier-based Anomaly Detection in Firewall Logs | |
| CN115643084A (en) | Method, device and equipment for detecting network security situation of 5G digital power grid system | |
| CN117955729A (en) | Flow-based malicious software detection method and device and electronic equipment | |
| CN117879867A (en) | Cloud security dynamic defense system based on zero trust and computer equipment | |
| CN118200022A (en) | Data encryption method and system based on malicious attack of big data network | |
| Zhang et al. | Design of Network Security Storage Algorithm Based on Markov Model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |