TW201122895A

TW201122895A - Security operation and instant messaging system, its union defense system and union defense method.

Info

Publication number: TW201122895A
Application number: TW98145736A
Authority: TW
Inventors: Chien-Hsien Lee
Original assignee: Trade Van Information Services Co
Priority date: 2009-12-30
Filing date: 2009-12-30
Publication date: 2011-07-01

Abstract

A security operation and instant messaging system, its union defense system and a union defense method are disclosed. The present invention is provided for a security operation center (SOC) to perform real-time reporting of a monitored event, such that an instant messaging agent (IM agent) can perform analysis and process of the monitored event, so as to determine whether the monitored event can be handled by oneself or needs to be reported to monitoring personnel via instant messaging according to an analysis result of the monitored event and pre-stored event records. Furthermore, the security operation and instant messaging union defense system and its union defense method of the present invention allow each security operation center to have its own union defense contant person list respectively, so as to facilitate each security operation center to perform instant message delivery of monitored event reporting and event process recording, thereby achieving union defense effect among each of the security operation centers.

Description

201122895 . 六、發明説明：【發明所屬之技術領域】本發明係關於一種安全監控即時通訊系統與其聯防系統以及聯防方法’更詳而言之’係一種透過即時通訊而傳送監控事件及處理對策之安全監控即時通訊系統、整合多個該安全監控即時通訊系統之聯防系統以及安全監控與即時通訊之聯防方法。【先前技術】201122895 . VI. Description of the Invention: [Technical Field] The present invention relates to a security monitoring instant messaging system and its joint prevention system and a joint prevention method. More specifically, it is a type of monitoring event and countermeasures transmitted through instant messaging. The security monitoring instant messaging system, the integrated defense system of a plurality of the security monitoring instant messaging systems, and the joint prevention method of the security monitoring and the instant communication. [Prior Art]

隨著電腦網路迅速發展’人們生活與網際網路已息息相關’無論查詢資料或網路購物，皆是透過網路於電腦與伺服器間進行連線傳遞訊息，所以網路安金更顯重要，而網路安全除了常見的資料外洩外，此外，就屬電腦遭受網路連線異常或病毒入侵等資安攻擊。With the rapid development of the computer network, 'people's life and the Internet are closely related'. Whether it is querying data or online shopping, it is through the network to communicate between the computer and the server, so the network is more important. In addition to the common data leakage, Internet security is also a security attack on computers that suffer from network connection anomalies or virus intrusions.

由於網路攻擊事件層出不窮，因而網路安全也越受重視，特別是一般大型企業或是公家機關對於網路安全更是. 不敢輕忽，比如：個人使用上常見的信件病毒、網路釣魚或社=工程，再者網路入侵病毒、木馬程式、電腦蠕蟲等等大型機構的伺服器主機則可能有系統入侵或是阻網路攻擊事件，除了有資料被竊取可能外’更可中心（Security Operation Center’ SOC) 監控，以針對資安威脅進行預警、監 ’並提供適當解決方案、通報系統資以達到監控或防禦之效果，進而避免企業 π成立_構内電腦網路的癱瘓。一般而言’企業機構多自盯’’％安全監控進行集中式的管理與等方式，控、通報與分析處理安人員 3 111314 201122895 機關因資安問題所造成損失。目前企業機關之網路安全監控中心接收到資安攻擊事件時，系統内部會進行分析處理以及訊息通報，然而，該方式仍有多處不便之處，像是監控部分，資安人員需24 小時於特定電腦上監控或針對資安狀況進行處理，此將造成資安人員之不便；再者，訊息通報目.前多透過電子郵件傳送至資安人員電子郵件内，若資安人員恰好無接收郵件或剛好不在電腦前面，恐移漏重要資安事件而造成嚴重傷害。此外，目前各企業機關之資訊安全監控中心多委外進行建置，其最大問題在於各家資安監控系統有各自定義或設定，簡單來說，各系統間要進行溝通或交流更顯不易，因此，造成各家企業僅能運用自家系統之情況，除了資安資源無法分享外，再嚴重者，若遇系統或資安人員無法立即解決之問題，也難以立即得到幫助，簡單來說，就是缺少聯合防禦資安之概念與實際作法，因而僅有事倍功半之情況發生，也讓各企業機關於資安保護上更顯不足。因此，如何使安全監控系統處理安全問題時可省時便利，除了能做到即時通知於任一處之監控人員外，更期盼各系統間形成聯合的系統，以達到聯合防禦的效果，簡單來說，透過系統間聯合防禦之概念，使各系統達到溝通及監控資訊分享等目的，藉此減少資源浪費又有事半功倍之效果，綜上所述，實為目前亟欲解決之技術課題。【發明内容】鑒於上述習知技術之缺點，本發明係提供一種安全監 4 111314 201122895 ,, 1 · -控即時通訊系統與其聯防系統以及聯防方法，藉由即時通说而將監控事件以及處理對策即時通知，以達到安全監控功能之目的。 ^Due to the emergence of cyber attacks, network security has become more and more important, especially for large enterprises or public organizations. For the sake of network security, it is not easy to ignore, such as: common mail viruses, phishing or If you have a network intrusion, a Trojan horse, a computer worm, etc., the server host of a large organization may have a system intrusion or a network attack. In addition to the possibility of data being stolen, it is more central ( Security Operation Center' SOC) monitors and alerts the security threats, provides appropriate solutions, and informs the system to achieve monitoring or defense effects, thereby preventing enterprises from establishing a network of computers. Generally speaking, 'enterprise institutions are more self-targeting'. 'Security monitoring. Centralized management and other methods, control, notification and analysis and handling. Security personnel 3 111314 201122895 The losses caused by the organization's security problems. At present, when the network security monitoring center of the enterprise organization receives the security attack, the system will analyze and process the information and notify the information. However, there are still many inconveniences in this mode, such as the monitoring part. The security personnel need 24 hours. Monitoring on a specific computer or handling the security situation, this will cause inconvenience to the security personnel; in addition, the message is reported. Most of the previous emails are sent to the security personnel emails, if the security personnel just do not receive The mail is just not in front of the computer, and it may cause serious harm from the important security incident. In addition, at present, the information security monitoring centers of various enterprise organizations have been deployed outside the committee. The biggest problem is that each security monitoring system has its own definition or setting. In short, it is more difficult to communicate or communicate between systems. Therefore, it is difficult for each company to use its own system, except that the resources of the security resources cannot be shared. If the system or the security personnel cannot solve the problem immediately, it is difficult to get immediate help. In short, it is The lack of the concept and practice of joint defense of security, so that only half of the situation occurs, but also make the enterprise security more inadequate. Therefore, how to make the security monitoring system deal with security problems can save time and convenience. In addition to being able to notify the monitoring personnel at any place, it is expected to form a joint system among the systems to achieve the effect of joint defense. In other words, through the concept of joint defense between systems, each system achieves the purpose of communication and monitoring information sharing, thereby reducing the waste of resources and having a multiplier effect. In summary, it is a technical issue that is currently being solved. SUMMARY OF THE INVENTION In view of the above-mentioned shortcomings of the prior art, the present invention provides a security supervisor 4 111314 201122895, a control instant messaging system and its joint defense system and a joint defense method, which will monitor events and countermeasures through instant messaging. Instant notification for the purpose of security monitoring. ^

本:明：供一種安全監控即時通訊系統，用於安全監控中心進订事件監控以及即時通報，係包括：事件資料庫，係用f儲存複數筆事件紀錄；即時通訊代理人（IM r二r依據該事件資料庫所儲存的事件紀錄處理該 :二控中心所偵測之監控事件；以及聯絡人清單，係儲鲁存作為聯絡人之監护r人g次社 ’、所；以供該㈣通訊代理人將所處理的^事件即時傳送至該監控人員。 ;Μ施例中’將該即時通訊代理人所處理的監押事件有^訊息係透過即時通訊軟體傳送至該監控人員再者’於-具體實施例中，該監且該事件紀錄為資安⑽^ 事件八折㈣^ 卩時軌代理人復包括： ==二分析該資安事件之狀態與等級，以分析 ·:::= 料庫所儲存的資安紀錄來處理該資安事 =:聯::清單所儲存的監控人員資料將該資安事送至該監==二供該分析模組將該資安事件傳之指令；以及處理;Τέ 、且係用於接收該監控人員傳送果，而;^m2、且’純㈣分析模組所分析出的結該事件資料庫=::;:rr監控人員傳送之指令或其中，該分析模m次Γ 行該資安事件的處理。行分析，以在分析女事件與該資安紀錄的關聯性進析出该賢安事件與該資安紀錄具有關聯 111314 5 201122895 性，則供該處理模組以該事件資料庫所儲存的資安紀錄來處理該資安事件。此外，於另-具體實施例中，該監控事件為感測事件，該安全監控即時通訊系統係與無線感測網路連結，該無線感測網路係由複數個感測器所形成，透過無線技術將該感測器所擷取之感測數據傳回該安全監控中心，以作為供該即時通訊代理人處理該安全監控中心所偵測之感測事件。本發明另提供一種整合多個前述安全監控即時通訊系統之聯防系統’該聯防系統係包括：複數個聯防料人清單，係分別位於各該安全監控即時通訊系統中，各該聯防聯絡人清早係儲存監控人員資料以及其它該安全龄時通訊系統之即時通訊代理人資料，以供各該安全^即監二人所處理的監押事杜P *貝科將本、之即時通訊代理人所處理的皿控事件即時傳送至該監控里監控即時通訊系統。、-欠具匕的安全其中’該監控事件為f安事件，且該事紀錄。該與本端之即時通訊代理人所處安事件貪安的訊息係包含#安事件通報或資安處理紀錄，牛有關 :控即時=之即時通訊代理人係以與所處理的資安：安有關的'Ht本端事件資料庫之更新。事件此外’該監控事件亦為感測事件，該安全訊系統係與無線感測網路連結’該無線感測網^由= 201122895 · ·.» 理該安全監w貞㈣㈣通訊代理人處本發明又提供一種安全監控與法，係用於複數個安全監控中 ▲ 訊之聯防方共同防紫’該安全監控與即時通;:==縱之Ben: Ming: For a security monitoring instant messaging system, used for security monitoring center subscription event monitoring and instant notification, including: event database, using f to store multiple event records; instant messaging agent (IM r two r According to the event records stored in the event database, the monitoring events detected by the second control center; and the list of contacts are stored as the contact person's monitoring personnel. (4) The communication agent immediately transmits the processed event to the monitoring personnel. In the application, 'the event of the custody handled by the instant messaging agent is transmitted to the monitoring personnel via the instant messaging software'. In the specific embodiment, the event is recorded as a security (10)^ event 20% (four) ^ 卩 time track agent complex includes: == two analysis of the status and level of the security event to analyze ·::: = The security records stored in the database to handle the security information =: Lian:: The monitoring personnel information stored in the list will be sent to the supervisor == two for the analysis module to pass the security incident Instruction; and processing; And is used to receive the monitoring personnel to transmit the fruit, and ^m2, and the 'pure (four) analysis module analyzes the node of the event database =::;: rr the instruction transmitted by the monitoring personnel or the analysis module The following is the processing of the security incident. The analysis is conducted to analyze the correlation between the female incident and the security record. The Xianan incident is related to the security record. 111314 5 201122895 The security event is processed by the security record stored in the event database. In addition, in another embodiment, the monitoring event is a sensing event, and the security monitoring instant messaging system is connected to the wireless sensing network. The wireless sensing network is formed by a plurality of sensors, and the sensing data captured by the sensor is transmitted back to the security monitoring center through wireless technology, as the instant messaging agent handles the security. The sensing event detected by the monitoring center. The invention further provides a joint defense system integrating a plurality of the foregoing security monitoring instant messaging systems. The joint defense system includes: a plurality of linked preventer lists, respectively In the fully-monitored instant messaging system, each of the joint liaisons stores the information of the monitoring personnel and other instant messaging agent information of the secure age communication system for the security of the security personnel. *Beca will immediately transmit the container control event handled by the instant messaging agent to the monitoring and monitoring instant messaging system. - The security of the insufficiency is 'the monitoring event is the f-an event, and the matter is recorded. The message of the incident with the local instant messenger's security incident includes the #安 event notification or the security record. The cow is related to: the instant messaging agent is controlled by the instant messaging agent. Relevant 'Ht local event database update. Event addition' The monitoring event is also a sensing event, the security system is connected to the wireless sensing network 'The wireless sensing network ^ by 201122895 · ·.» The safety supervision w贞 (4) (4) communication agent office The present invention also provides a security monitoring and law, which is used in a plurality of security monitoring ▲ the joint defense party to prevent purple 'this security monitoring and instant messaging; :== vertical

聯絡人清單係储存監控人員資==!全各該聯防資料；令各該安全監控中心對雜全監控中心析’係將該監控事件與所儲存之事彳m控事件進行分析，以分析出該監控事件是否與該事二錄3性分以及於該安全監控巾'。分析聯性；該監控事件封裴成聯二：*所分析的該監控人員及該其它安全監控中心。人π早通知The list of contacts is stored in the monitoring personnel ==! All the joint defense data; so that the security monitoring center analyzes the monitoring event and the stored events, to analyze the Whether the monitoring event is recorded with the matter and the security monitoring towel'. Analytical association; The monitoring event is sealed into two: * The monitored personnel and the other security monitoring centers analyzed. People π early notice

其中，該監控事件係為資安事件，該事件紀錄6 紀錄，且透過複數安全監控中心間之聯防㈣，= 安事件監控、即時通知及事件處理。，_貝測網路連結，該無透過無線技術將該控中心，而該監控心對所接收到的感此外，该安全監控中心係與無線感線感測網路係由複數個感測器所形成，感測器所操取之感測數據傳回該安全監事件係為感測事件，以供該安全監控中測事件進行分析。相較於各0技術，本發明之安全監控即時通訊气其聯防系統β及聯防方法，係提供安全監控中心可= 111314 7 201122895 時通訊而達到即時監控通知之效果外，更透過聯絡人清單 . 方式可建立聯合防禦機制，將各安全監控中心組成樹狀之聯合系統，以將監控事件相關訊息進行傳送，並提供監控事件通報、處理或事件紀錄等資訊，以提升各安全監控中心對安全監控防禦能力以及監控事件處理之速度與強度。此外，該聯合防禦概念不僅用於資訊安全監控處理，更可配合無線技術與多個感測器間形成網狀網路架構，並將所擷取的感測數據進行處理及傳遞，藉此提供各安全監控即時通訊系統間之訊息傳遞及聯合防禦。 · 【實施方式】以下係藉由特定的具體實例說明本發明之技術内容，熟悉此技藝之人士可由本說明書所揭示之内容輕易地暸解本發明之其他優點與功效。如第1圖所示，係本發明之安全監控即時通訊系統之基本系統架構及其應用架構方塊圖。如圖所示，'該安全監控即時通訊系統1係用於安全監控中心進行事件監控以及 $ 即時通報，其係包括即時通訊代理人10、事件資料庫11 以及聯絡人清單12。其中，該安全監控即時通訊系統1係設置於安全監控中心（在此未予以圖示）内，用於監控、分析、判斷及處理所偵測之監控事件，當即時通訊代理人 10接收來自安全監控中心所通報監控事件後，即對該監控事件進行監控、分析以及後續處理程序；而事件資料庫11 係與即時通訊代理人10相連通，用於儲存複數筆事件紀錄，而該事件紀錄是指已知的監控事件之相關資料，其包 8 111314 201122895 ,,, . 含狀態、等級、分析結果及處理對策等資訊；該聯絡人清單12係包含作為聯絡人的監控人員資料，以供該即時通訊代理人10進行監控事件通知，以將監控事件即時傳送至該聯絡人清單12内監控人員之通訊裝置，該通訊裝置可為電腦、手機、PAD或可供上網之電子裝置。其中，該即時通訊代理人10與該聯絡人清單12内監控人員係透過即時通訊軟體（在此未予以圖示）進行訊息傳遞，也就是監控人員僅需擁有可上網之裝置即可，如第 • 1圖所示，該即時通訊代理人10可透過一個或多個即時通訊伺服器（IM server)所形成之即時通訊網路將訊息傳送至監控人員端20。簡單來說，由於該監控事件係透過即時通訊軟網路以即時通訊軟體進行傳遞，此時無論監控人員身處何處，僅需將即時通訊軟體設於開啟狀態下，就可即時接收到該監控事件相關資訊，因此，監控人員無需侷限於單一電腦前進行24小時監控動作，或者僅能於收發郵件 ^ 後才得知監控事件之發生情形。再者，所使用之即時通訊軟體係以該聯絡人清單12 作為聯繫之選擇，其好處在於可將監控人員進行分組或分類，以便依據監控内容、時間分配或屬性等差異，僅通知部分監控人員或告知相關人員，如此使得監控事件通知上更省事。於一具體實施例，前述監控事件可為資安事件，透過該安全監控即時通訊系統進行資訊安全事件之監控，而該事件紀錄為資安紀錄，係為各類資安事件態樣以及處理方 9 111314 201122895 ,, 式。如第2圖所示，係用以進一步說明第1圖安全監控即時通訊系統具體實施例之即時通訊代理人之基本架構方塊圖。如圖所示，本實施例安全監控即時通訊系統為一資安監控即時通訊系統Γ，用以處理資安事件監控、即時通知及處理，其中，該資安監控即時通訊系統Γ的即時通訊代理人10’復包括分析模組101、接收模組102、處理模組103 以及通報模組104。該分析模組101係用以分析該資安事件之狀態與等級，以決定該資安事件需由系統自行處理，或是通知監控人員後等待監控人員之處理指令。該接收模組102係用於接收監控人員傳送之指令。該處理模組103係用於執行處理資安事件之指令，這裡所指之處理係包括前述系統自行處理或是由接收模組 102接收監控人員傳送之指令來決定處理對策。該通報模組104係供該分析模組101將分析後之資安事件等相關訊息傳送給監控人員。詳而言之，該分析模組101係將資安事件與資安紀錄進行關聯比對，當分析模組101收到資安事件時會先進行分析判斷，以決定後續處理方式，而該分析判斷的準則係與事件資料庫11内的資安紀錄比對，若曾有類似資安事件，則可採用已儲存之處理對策進行處理，若未曾發生過之資安事件，則透過通報模組104傳送資安事件資訊至監控人員端20並等待回傳指令，而本實施例之即時通訊代理 10 111314 201122895 1 人10’之通報模組104係經由即時通訊網路與監控人員端 -20之即時通訊軟體21進行訊息傳遞。、再者，該處理模組1〇3係依據監控人員端2〇所傳送之指令進行資安事件處理，如前所述，監控人員端2〇收到資安事件資訊後並回傳處理指令，透過接收模組1〇2接受後再傳給處理模組1〇3進行處理；此外，該處理模組ι〇3 係依據分析模組101提供自行處理之指令進行資安處理，如刚所述，若資女監控即時通訊系統1 ’可自行處理資安事件’則依據事件資料庫11内資安紀錄所提供的預設處理對策自行處理該資安事件並回報監控人員端。此外，於另一具體實施例中，本發明之安全監控即時通訊系統亦可結合無線感測網路（sensor network)並應用於環境狀態的偵測感應上。換言之，該安全監控即時通訊系統之監控事件可為感測事件，藉此無線感測器進行環境感測，再透過複數個感測器所形成無線感測網路進行感測 •數據傳送，且將該些感測數據傳回某一安全監控即時通訊系統’以進行前述感測事件的訊息傳遞及處理。詳而言之，前述無線感測器係具有無線電波 C radiofrequency ; RF )傳輸能力及特定感測用途之獨立電力的感測器，可用於感測如溫度、溼度、震動、光線、水貝或空氣等多類型環境數據，且複數個無線感測器間形成無線感測網路以將所擷取偵測數據進行傳送，如由圧£丘 802.15.4標準規範下之Zigbee通訊技術所形成短距離無線感測網路，該複數個無線感測器中係包含具協調者 111314 11 201122895 (coordinator)身份之無線感測器，以 ' w將該些數攄進杆儲存及判斷，該些具協調者身份之無線感剩安全監控中心或是置於安全監控中心內 ^ ’再藉由安全監批即時通訊系統内聯絡人清單以將所擷驭戸冰 / 衣〗兄資料傳遞1他安全監控即時通訊糸統，或是安全監控八 1 4通訊系統内之監控人員；前述具體應用層面廣泛，如國家邊界區域透過設置無線感測器進行震動感測以防止非# 〇 Ί許可人員的進Among them, the monitoring event is a security incident, which records 6 records and is monitored through the multiple security monitoring centers (4), = event monitoring, instant notification and event handling. , _ beta network connection, the wireless control technology does not pass the control center, and the monitoring heart is received. In addition, the security monitoring center and the wireless sensing line sensing network are composed of a plurality of sensors. The sensing data acquired by the sensor is returned to the safety monitoring event as a sensing event for analysis in the safety monitoring. Compared with the 0 technologies, the security monitoring instant messaging system of the present invention has its joint defense system β and the joint defense method, and provides the security monitoring center to control the effect of the instant monitoring notification when the communication is reached, and the contact list is also obtained. The method can establish a joint defense mechanism, and each security monitoring center is formed into a tree-like joint system to transmit monitoring event related information, and provide information such as monitoring event notification, processing or event record to improve security monitoring of each security monitoring center. Defensive capabilities and monitoring the speed and intensity of event processing. In addition, the joint defense concept is not only used for information security monitoring and processing, but also forms a mesh network structure with wireless technology and multiple sensors, and processes and transmits the captured sensing data. Each security monitors the messaging and joint defense between instant messaging systems. [Embodiment] The technical contents of the present invention are described below by way of specific examples, and those skilled in the art can easily understand other advantages and effects of the present invention from the contents disclosed in the present specification. As shown in Fig. 1, it is a block diagram of the basic system architecture and application architecture of the security monitoring instant messaging system of the present invention. As shown in the figure, the security monitoring instant messaging system 1 is used for security monitoring center for event monitoring and instant notification, and includes an instant messaging agent 10, an event database 11 and a contact list 12. The security monitoring instant messaging system 1 is installed in a security monitoring center (not shown here) for monitoring, analyzing, judging and processing the detected monitoring events, when the instant messaging agent 10 receives security. After the monitoring center reports the monitoring event, it monitors, analyzes and processes the monitoring event; and the event database 11 is connected to the instant messaging agent 10 for storing a plurality of event records, and the event record is Refers to the relevant monitoring event related information, including 8 111314 201122895,,, . Contains information such as status, grade, analysis results and treatment countermeasures; the contact list 12 contains the monitoring personnel information as the contact person for the purpose The instant messaging agent 10 performs a monitoring event notification to immediately transmit the monitoring event to the communication device of the monitoring person in the contact list 12, which may be a computer, a mobile phone, a PAD or an electronic device for accessing the Internet. The instant messaging agent 10 and the monitoring personnel in the contact list 12 transmit information through the instant messaging software (not shown here), that is, the monitoring personnel only need to have a device capable of accessing the Internet, such as • As shown in Fig. 1, the instant messaging agent 10 can transmit the message to the monitoring personnel terminal 20 through an instant messaging network formed by one or more IM servers. In short, since the monitoring event is transmitted by the instant messaging soft network through the instant messaging software, no matter where the monitoring personnel are located, the instant messaging software can be instantly received only when the instant messaging software is set to the open state. Monitoring event related information, therefore, the monitoring personnel need not be limited to a single computer to perform 24-hour monitoring actions, or can only know the occurrence of monitoring events after sending and receiving emails. Moreover, the instant messaging soft system used is selected by the contact list 12 as a contact, and the advantage is that the monitoring personnel can be grouped or classified so that only some monitoring personnel can be notified according to differences in monitoring content, time allocation or attributes. Or inform the relevant personnel, so that the monitoring of event notifications is more convenient. In a specific embodiment, the monitoring event may be a security incident, and the information security event is monitored through the security monitoring instant messaging system, and the event is recorded as a security record, which is a variety of security incidents and processing parties. 9 111314 201122895 ,,. As shown in Fig. 2, it is a block diagram showing the basic architecture of the instant messaging agent of the specific embodiment of the security monitoring instant communication system of Fig. 1. As shown in the figure, the security monitoring instant messaging system of the present embodiment is a security monitoring instant messaging system for processing security event monitoring, instant notification and processing, wherein the security monitoring instant messaging system is an instant messaging agent. The person 10' includes an analysis module 101, a receiving module 102, a processing module 103, and a notification module 104. The analysis module 101 is configured to analyze the status and level of the security event to determine whether the security event needs to be handled by the system itself, or to notify the monitoring personnel and wait for the processing instructions of the monitoring personnel. The receiving module 102 is configured to receive an instruction transmitted by a monitoring personnel. The processing module 103 is configured to execute an instruction for processing a security event, and the processing referred to herein includes processing by the system itself or receiving an instruction transmitted by the monitoring personnel by the receiving module 102 to determine a processing countermeasure. The notification module 104 is configured to transmit, by the analysis module 101, related information such as the analyzed security events to the monitoring personnel. In detail, the analysis module 101 compares the security events with the security records. When the analysis module 101 receives the security incident, it first analyzes and determines the subsequent processing methods, and the analysis is performed. The criteria for judging are compared with the records of the security records in the event database. If there has been a similar incident, the stored processing measures can be used. If there is no incident of security, the notification module will be used. 104 transmits the security event information to the monitoring personnel terminal 20 and waits for the returning instruction, and the instant messaging agent of the present embodiment 10 111314 201122895 1 person 10' notification module 104 is instant via the instant messaging network and the monitoring personnel terminal-20 The communication software 21 performs message delivery. Furthermore, the processing module 1〇3 performs the security event processing according to the instruction transmitted by the monitoring personnel terminal 2, as described above, the monitoring personnel terminal 2 receives the information of the security event and returns the processing instruction. After being received by the receiving module 1〇2, it is transmitted to the processing module 1〇3 for processing; in addition, the processing module ι〇3 is provided with self-processing instructions according to the analysis module 101, such as just As mentioned, if the Zidu monitoring instant messaging system 1 'can handle the security incidents on its own', the self-administered incidents will be handled according to the default processing measures provided by the security records in the event database 11 and the monitoring personnel will be reported. In addition, in another embodiment, the security monitoring instant messaging system of the present invention can also be combined with a wireless sensor network and applied to the detection of environmental conditions. In other words, the monitoring event of the security monitoring instant messaging system can be a sensing event, whereby the wireless sensor performs environment sensing, and then the wireless sensing network formed by the plurality of sensors performs sensing and data transmission, and The sensing data is transmitted back to a security monitoring instant messaging system to perform message transmission and processing of the foregoing sensing events. In detail, the aforementioned wireless sensor is a sensor having radio wave C radiofrequency (RF) transmission capability and independent power for specific sensing purposes, and can be used for sensing such as temperature, humidity, vibration, light, water shell or air. And other types of environmental data, and a plurality of wireless sensors form a wireless sensing network to transmit the captured detection data, such as a short distance formed by Zigbee communication technology under the standard of 802.15.4 a wireless sensing network, wherein the plurality of wireless sensors include a wireless sensor having the identity of the coordinator 111314 11 201122895 (coordinator), which is used to store and judge the numbers into the poles, and the coordination The wireless sensory security monitoring center of the identity is placed in the security monitoring center ^ 'and then through the security supervision and approval of the contact list in the instant messaging system to pass the ice / clothing brothers information 1 his security monitoring instant Communication system, or security monitoring of monitoring personnel in the 8.4 communication system; the above specific application areas are extensive, such as the national border area by setting the wireless sensor for vibration sensing # Billion into the only non-licensed personnel Ί

出，或於河川各區段設置水質感測器以監控水質變化或有無污染情況’或者保全純透過溫度及震動感測以達到監測功能及資訊即時通知效果，更可使用於偏遠地區之自動放牧，係於牧場四周散佈無線感測器，若感測到牛群超出牧％範圍時驅動牛隻所掛項圈達到嚇阻效果，簡單來說，透過環境數據偵測及無線網路傳送作為即時監控資訊傳送以提供系統分析及後續事件處理。Out, or set up water quality sensors in various sections of the river to monitor changes in water quality or pollution status or to maintain temperature and vibration sensing to achieve monitoring function and information notification effect, and can be used for automatic grazing in remote areas. It is distributed around the ranch to distribute wireless sensors. If it senses that the herd exceeds the range of grazing, it will drive the bulls to keep the collars to the deterrent effect. Simply speaking, through environmental data detection and wireless network transmission as real-time monitoring. Information transfer to provide system analysis and subsequent event processing.

另外，整合多個本發明之安全監控即時通訊系統以形成本發明另一實施例之聯防系統，由於係將多個安全監控即時通訊系統1聯合組成，故本實施例之聯防系統之系統架構與第1及2圖相似，唯不同處在於，本實施例之整合多個安全監控即時通訊系統之聯防系統具有複數個聯防聯絡人清單，各該聯防聯絡人清單係分別位於各該安全監控即時通訊系統中，各該聯防聯絡人清單係儲存監控人員資料以及其匕β亥女全監控即時通訊系統之即時通訊代理人資料，且透過通報模組將本端之即時通訊代理人取得的監控事件封裝成聯防訊息並即時傳送至該聯防聯絡人清單之其 111314 12 201122895 ., . 它成員。因此，本實施例之安全監控即時通訊之聯防系統與前述最大差異在於藉由聯防聯絡人清單除了負責處理本端之安全監控即時通訊系統之監控人員外，更包含其它即時通訊代理人，藉由各即時通訊代理人間形成一樹狀架構之關係，進而產生聯合防禦之效果。於一較佳實施例中，前述之安全監控即時通訊之聯防系統可為一資安監控即時通訊之聯防系統，而監控事仵與事件紀錄分別為資安事件及資安紀錄，因而該通報模組所 • 傳送的聯防訊息係包含資安事件通報或資安處理紀錄。而該資安事件通報係為資安事件内容、狀態及分析結果等訊息；而資安處理紀錄係為任一資安監控即時通訊系統處理後所產生的紀錄，可提供予其他資安監控即時通訊系統作為紀錄以防範未來。於另一實施例中，該資安監控即時通訊之聯防系統内之即時通訊代理人係以該聯防訊息進行該事件資料舉更 ^ 新，亦即當即時通訊代理人接收到該聯防訊息後，會以該些聯防訊息進行事件資料庫更新，由於該些聯防訊息包括資安事件相關資訊、分析結果、處理方式等，因此，當接收聯防訊息後更新事件資料庫可讓往後資安防禦分析更完整。如第3A圖所示，係用以說明本發明整合多個安全監控即時通訊系統之聯防系統之聯防實施上的概要圖。先行說明的是，於聯防機制中的每一個資訊安全監控中心内的即時通訊代理人之功能與前述相同，主要差異係其聯絡人 13 111314 201122895 清單除了原本的監控人員外，另外還有其他即時通訊代理人，簡單來說，當任一成員加入聯絡人清單中就可等於加入整個聯防系統，間接與其他成員相連繫。如圖所示，即時通訊代理人Η是即時通訊代理人C的聯絡人，所以（H，c) 形成聯防系統，即時通訊代理人Ϊ是即時通訊代理人c的聯絡人，所以（I，C)形成聯防系統，因而（H,c^〇(ic)聯隽組成更大聯防系統(H’CJ)，由上述方式類推，於第3圖= 係表示一個擁有13個成員的聯防系°统 (A，B，C，D，E，F，G,H，I,J，K，L,M)。假設即時通訊代理人C遭受資安攻擊，產生資安事件 X，即時通訊代理人C之聯絡人清單中有三位聯防成員’所以即時通訊代理人C將此資安事件χ透過訊網路發送給贴邮個即時通訊代理人，即時通^代理人Η跟即時通訊代理人！接收到此資安事件χ檢查盆人清單發現只有即時通訊代理人c，故不再發送給其他聯絡人，即時通訊代理人Α收到此資安事件X 後可以發送給(B，D，E)三個即時通訊代理人將與該資安事件x相關的訊息傳遞给全部個成ΐ即Γ 分析結”發送‘ 防成貝進订防示决戚，首先即時通訊代理人發送給(以綱，即時通訊代理人Β發送_，代理人C杳送給(Η，Ι)，剩下類推傳遞給全部成員。因為每個成昌卢成將威脅为析結果Υ ,^ 母個成貝處理攻擊的能力不同，辦以透過聯防訊息的傳遞，只要所仕成貝擁有處理能力，即 Π1314 14 201122895.,. . 能將分析結果快速散佈給所有成員，因而透過聯防機制提昇整體防護能力。如第3B圖所示，係說明本發明整合多個安全監控即時通訊系統之聯防系統結合無線感測網路實施上之概要圖。於本實施例中，安全監控中心A’〜D’可分別與無線感測網路結合，如安全監控中心A’係連接一無線感測網路，該無線感測網路内包含多個無線感測器30、3.1、32、33，每一個無線感測器可感測所在位置的環境狀態，如溫度、 • 光線、水質或震動等環境感測數據，該些無線感測器30-33 間透過無線傳輸技術將所擷取感測數據進行傳遞，最後傳遞至具協調者（coordinator )身份之無線感測器40以對感測數據進行紀錄與處理，或者是送至所屬安全監控中心A’ 進行感測數據紀錄及對應處理，同樣地，於聯防系統中的另一端，例如安全監控中心D’，亦接收由無線感測器34-36 及具協調者身·份之無線感測器41所傳送來的感測數據，最 I 後所有安全監控中心A’〜D’形成一聯防系統，且對該些感測數據進行資訊分析及資料傳遞，藉此形成即時資料傳遞與分析處理之聯防系統。如第4圖所示，係用以說明本發明安全監控與即時通訊之聯防方法之處理流程圖。如圖所示，本實施例係將聯防方式應用於資訊安全監控、即時通知及處理的資訊安全監控中心，於流程S401中，係為即時通訊代理人收到資安事件。當資訊安全監控中心察覺資安攻擊時，即由即時通訊代理人對該資安事件進行判斷，接著進至步驟S402。 15 111314 201122895 於該步驟S402中，係判斷該資安事件是否啟動聯防；由於資安攻擊種類甚多，因而依據該資安事件等級、狀態來決定是否啟動聯防機制，若無需啟動聯防，則進至步驟 S403 ;反之，若資安事件重大而需啟動聯防機制，則進至步驟S407。於該步驟S403中，係判斷事件處理對策，即判斷該資安事件係由資安監控即時通訊系統本端（例如資訊安全監控中心）自行處理或是通知監控人員進行處理。通常係透過前述事件資料庫之資安紀錄進行比對判斷，若該資安紀錄已儲存解決方式，即屬本端的資安監控即時通訊系統可自行處理，則進至步驟S404 ;反之，若該資安事件無法由本端的資安監控即時通訊系統自行處理，即屬於需通報的資安事件，則進至步驟S406。於該步驟S404中，啟動預設處理對策以排除或處理該資安事件，該預設處理對策係儲存於事件資料庫中，其中，多為為常見資安攻擊以及其處理方式之紀錄，接著進至步驟S405。於該步驟S405中，透過即時通訊網路將該資安事件的處理結果通知監控人員，即可結束本實施例之資安監控與即時通訊之聯防方法的處理。於該步驟S406中，由於本端的資安監控即時通訊系統無法直接處理，故可透過即時通訊網路通知監控人員，以等待監控人員提供指令以進行後續處理，即可結束本實施例之資安監控與即時通訊之聯防方法的處理。 16 111314 201122895 於該步驟S407中，由於資安事件重大而需啟動聯防機制，故將該資安事件封裝為聯防訊息，以便即時通知資安監控即時通訊之聯防系統其它成員，接著進至步驟 S408。另提出說明的是，亦可透過即時通訊網路通知監控人員，也就是說，先行通知負責監控本端的資安監控即時通訊系統之監控人員，以等待該監控人員提供指令以進行後續處理。於該步驟S408中，係為通知聯防聯絡人清單内之聯 • 防成員，此處所述之聯防成員係為聯防聯絡人清單上之其它即時通訊代理人，以等待其它即時通訊代理人就該資安事件提供處理方式，即可結束本實施例之資安監控與即時通訊之聯防方法的處理。如第5圖所示，係用以說明本發明安全監控與即時通訊之聯防方法中即時通訊代理人接收外部訊息之處理流程圖。本實施例同樣以聯防方式應用於資訊安全監控、即時 | 通知及處理的資訊安全監控中心，如圖所示，於步驟S501 中，即時通訊代理人收到外部訊息，意即可能是監控人員所傳回或是其它即時通訊代理人所傳送之訊息，接著進至步驟S502。於該步驟S502中，係判斷訊息種類，即判斷所接收外部訊息為監控人員所傳之指令，或其它即時通訊代理人所傳送之聯防訊息，若談外部訊息被判斷為聯防訊息，則進至步驟S503 ;反之，若該外部訊息被判斷為監控人員所傳之指令，則進至步驟S510。 17 111314 201122895 於該步驟S503中，係判斷該聯防訊息為資安事件或是資安事件之分析與紀錄，若該外部訊息屬於資安事件，則進至步驟S504 ;反之，若該外部訊息屬於資安事件之分析與紀錄，則進至步驟S508。於該步驟S504中，接收到該聯防訊息之本端資安監控即時通訊系統之即時通訊代理人會將該聯防訊息進行資料庫更新，使得該些聯防訊息被儲存以作為下次資安事件判斷準則，接著進至步驟S505。於該步驟S505中，將該資安相關資料與資安紀錄作比對，以比對出是否有相應的資安紀錄，以作為對策參考用，若比對的結果並未比對出該資安紀錄，即表示不曾遭遇該資安事件，則進至步驟S506 ;反之，若比對的結果可比對出該資安紀錄，即表示先前已遭遇過該資安事件，則進至步驟S507。於該步驟S506中，將資安事件繼續傳送給其它即時通訊代理人，即可結束本實施例之資安監控與即時通訊之聯防方法的處理。於該步驟S507中，將分析結果等紀錄傳送至其它即時通訊代理人，即可結束本實施例之資安監控與即時通訊之聯防方法的處理。 . 於該步驟S508中，由於判斷出該聯防訊息為資安事件之分析與紀錄，更新事件資料庫以作為下次資安事件判斷準則，接著進至步驟S508。於該步驟S509中，將所收到之分析結果與資安紀錄 18 111314 201122895 .、 * 傳送至其它即時通訊代理人，即可結束本實施例之資安監控與即時通訊之聯防方法的處理。於該步驟S510中，由於判斷出所收到的訊息種類為監控人員所傳送之指令，故執行監控人員所傳送指令對應程序，也就是說，即時通訊代理人依據監控人員所送回指令進行資安事件處理，接著進至步驟S511。於該步驟S511中，將處理结果回報至監控人員端，即可結束本實施例之資安監控與即時通訊之聯防方法的處 #理。此外，該安全監控與即時通訊之聯防方法係可與無線感測網路結合應用，主要將複數個無線感測器所感測的感測數據進行無線傳遞，最後送至所述安全監控中心内，藉由多個安全監控中心間聯繫關係進行資料傳遞及處理，藉此結合無線感測網路與本發明之安全監控即時通訊系統形成為一聯防系統。In addition, a plurality of security monitoring instant messaging systems of the present invention are integrated to form a joint defense system according to another embodiment of the present invention. Since a plurality of security monitoring instant messaging systems 1 are combined, the system architecture of the joint defense system of the present embodiment is The first and second figures are similar, except that the joint defense system of the plurality of security monitoring instant messaging systems of the embodiment has a plurality of linked contact lists, and each of the linked contact lists is located in each of the security monitoring instant messages. In the system, each of the linked contact lists stores the monitoring personnel information and the instant messaging agent information of the full-monitoring instant messaging system of the company, and encapsulates the monitoring events obtained by the local instant messaging agent through the notification module. Chenglian anti-message and immediately transmitted to the list of the joint contact person's 111314 12 201122895 . Therefore, the maximum difference between the security monitoring and instant messaging system of the present embodiment and the foregoing is that the contact person list is in addition to the monitoring personnel of the security monitoring instant messaging system of the local end, and includes other instant messaging agents. The relationship between the instant messaging agents forms a tree structure, which in turn produces the effect of joint defense. In a preferred embodiment, the aforementioned security monitoring instant messaging joint defense system can be a joint security monitoring system for monitoring instant messaging, and the monitoring events and event records are respectively a security incident and a security record, and thus the notification module The group's joint defense information is transmitted by the security incident report or the security record. The information on the incidents of the security incidents is the content, status and analysis results of the Zi'an incidents. The records of the security records are the records generated by any of the security monitoring instant messaging systems. They can be provided to other security monitoring instants. The communication system acts as a record to guard against the future. In another embodiment, the instant messaging agent in the security monitoring system of the security monitoring instant messaging system uses the joint defense message to perform the event information update, that is, when the instant messaging agent receives the joint defense message, The event database will be updated with these joint defense messages. Since the joint defense messages include information related to the security incidents, analysis results, and processing methods, the event database can be updated after receiving the joint defense message for subsequent security analysis. more complete. As shown in Fig. 3A, it is a schematic diagram for explaining the joint prevention implementation of the joint defense system of the present invention integrating a plurality of security monitoring instant messaging systems. First of all, the function of the instant messaging agent in each information security monitoring center in the joint defense mechanism is the same as the above. The main difference is the contact person. 13 111314 201122895 List In addition to the original monitoring personnel, there are other instants. The communication agent, in simple terms, when any member joins the contact list, can be equal to joining the entire defense system and indirectly connected to other members. As shown in the figure, the instant messaging agent is the contact person of the instant messaging agent C, so (H, c) forms a joint defense system, and the instant messaging agent is the contact person of the instant messaging agent c, so (I, C ) Forming a joint defense system, and thus (H, c^〇(ic) is combined to form a larger joint defense system (H'CJ), which is analogized by the above method. In Figure 3, it represents a joint defense system with 13 members. (A, B, C, D, E, F, G, H, I, J, K, L, M). Assume that the instant messenger C is subject to a security attack, generating a security incident X, instant messaging agent C There are three joint defense members in the list of contacts', so the instant messaging agent C sends the security incident to the postal instant messaging agent through the Internet, and immediately passes the agent to the instant messaging agent! This security incident χ check the list of people on the basin and found that only the instant messenger c is no longer sent to other contacts. The instant messaging agent can send it to (B, D, E) after receiving this security incident X. An instant messenger will pass the message related to the security incident x to all members. The knot "sends" to prevent the order into the order, first the instant messaging agent sends it to (with the outline, the instant messenger Β sends _, the agent C 杳 gives (Η, Ι), and the analogy is passed to All members. Because each Cheng Chang Lu Cheng will threaten to analyze the results, ^ mother has a different ability to deal with the attack, through the transmission of the joint defense message, as long as the company has the processing capacity, that is, 1314 14 201122895. The analysis results can be quickly distributed to all members, thus improving the overall protection capability through the joint defense mechanism. As shown in Fig. 3B, the invention discloses a joint defense system integrating multiple security monitoring instant messaging systems with a wireless sensing network. In the embodiment, the security monitoring centers A' to D' can be respectively combined with the wireless sensing network, such as the security monitoring center A' is connected to a wireless sensing network, the wireless sensing network The road includes a plurality of wireless sensors 30, 3.1, 32, 33, each of which senses the environmental state of the location, such as temperature, light, water quality or vibration, etc. The line sensors 30-33 transmit the captured sensing data through wireless transmission technology, and finally to the wireless sensor 40 with the coordinator identity to record and process the sensing data, or Send to the security monitoring center A' to perform sensing data record and corresponding processing. Similarly, the other end of the joint defense system, such as the security monitoring center D', is also received by the wireless sensor 34-36 and the coordinator. · The sensing data transmitted by the wireless sensor 41, and finally all the security monitoring centers A'~D' form a joint prevention system, and the information analysis and data transmission are performed on the sensing data, thereby forming A joint defense system for real-time data transfer and analysis processing. As shown in Fig. 4, it is a flowchart for explaining the joint prevention method of the security monitoring and the instant communication of the present invention. As shown in the figure, in this embodiment, the joint defense mode is applied to the information security monitoring center for information security monitoring, instant notification, and processing. In the process S401, the instant messaging agent receives the security event. When the information security monitoring center detects the security attack, the instant messaging agent judges the security event, and then proceeds to step S402. 15 111314 201122895 In this step S402, it is determined whether the security event starts the joint defense; because there are many types of security attacks, it is determined according to the level and status of the security event whether to start the joint defense mechanism, if it is not necessary to start the joint defense, then Go to step S403; otherwise, if the security event is important and the joint defense mechanism needs to be activated, proceed to step S407. In the step S403, the event processing countermeasure is determined, that is, the security event is determined by the local end of the security monitoring instant messaging system (for example, the information security monitoring center) to process or notify the monitoring personnel for processing. Usually, the comparison records are made through the security records of the event database. If the security record has been stored, the local security monitoring instant messaging system can handle the processing itself, and then proceed to step S404; The security incident cannot be handled by the local security monitoring instant messaging system itself, that is, the security incident to be notified, and the process proceeds to step S406. In the step S404, the preset processing countermeasure is started to exclude or process the security event, and the preset processing countermeasure is stored in the event database, wherein most of the records are common security attacks and their processing methods, and then Proceed to step S405. In the step S405, the monitoring result of the security event is notified to the monitoring personnel through the instant messaging network, and the processing of the joint security prevention and instant messaging prevention method of the present embodiment can be ended. In this step S406, since the local security monitoring instant messaging system cannot directly process, the monitoring personnel can be notified through the instant messaging network, and wait for the monitoring personnel to provide instructions for subsequent processing, thereby ending the security monitoring of the embodiment. The handling of the joint defense method with instant messaging. 16 111314 201122895 In this step S407, since the security event is required to start the joint defense mechanism, the security event is encapsulated into a joint defense message, so as to immediately notify the other members of the security monitoring instant messaging system, and then proceed to step S408. . It is also stated that the monitoring personnel can also be notified through the instant messaging network, that is, the monitoring personnel responsible for monitoring the local security monitoring instant messaging system are first notified to wait for the monitoring personnel to provide instructions for subsequent processing. In the step S408, it is notified to the joint defense members in the contact list, and the joint defense members described herein are other instant messaging agents on the contact list, waiting for other instant messaging agents to The security incident provides a processing method, which can end the processing of the joint defense method of the security monitoring and instant messaging of the embodiment. As shown in Fig. 5, it is a flowchart for explaining the processing of an external communication agent receiving an external message in the joint prevention method of the security monitoring and the instant communication of the present invention. In this embodiment, the information security monitoring center is also applied to the information security monitoring, instant | notification and processing. As shown in the figure, in step S501, the instant messaging agent receives an external message, which means that the monitoring personnel may be The message transmitted by the other instant messaging agent is returned, and then proceeds to step S502. In the step S502, determining the type of the message, that is, determining that the received external message is an instruction transmitted by the monitoring personnel, or a joint defense message transmitted by another instant messaging agent, if the external message is determined to be a joint defense message, then proceed to Step S503; conversely, if the external message is judged to be an instruction transmitted by the monitoring personnel, the process proceeds to step S510. 17 111314 201122895 In the step S503, it is determined that the joint defense message is an analysis and record of a security event or a security event. If the external message belongs to the security event, the process proceeds to step S504; otherwise, if the external message belongs to The analysis and record of the security incident proceeds to step S508. In the step S504, the instant messaging agent of the local security monitoring instant messaging system that receives the joint defense message updates the database to the database, so that the joint defense messages are stored for use as the next security incident. The criterion then proceeds to step S505. In the step S505, the relevant information of the security information is compared with the security record to compare whether there is a corresponding security record for use as a countermeasure reference, and if the result of the comparison is not compared with the capital If the security record is not encountered, the process proceeds to step S506. If the result of the comparison is comparable to the security record, that is, the security event has been previously encountered, then the process proceeds to step S507. In the step S506, the security event is continuously transmitted to other instant messaging agents, and the processing of the joint security monitoring and instant messaging prevention method of the embodiment can be ended. In the step S507, the record of the analysis result and the like are transmitted to the other instant communication agent, and the processing of the joint prevention method of the security monitoring and the instant communication of the embodiment can be ended. In the step S508, since it is determined that the joint defense message is an analysis and record of the security event, the event database is updated as the next security event determination criterion, and then proceeds to step S508. In the step S509, the received analysis result and the security record 18 111314 201122895 ., * are transmitted to other instant messaging agents, and the processing of the joint security prevention and control method of the present embodiment can be terminated. In the step S510, since it is determined that the received message type is an instruction transmitted by the monitoring personnel, the instruction corresponding program transmitted by the monitoring personnel is executed, that is, the instant messaging agent performs the security according to the instruction sent by the monitoring personnel. Event processing, and then proceeds to step S511. In the step S511, the processing result is reported to the monitoring personnel end, and the method of the joint defense method of the security monitoring and the instant communication of the embodiment can be ended. In addition, the security monitoring and instant messaging prevention method can be combined with the wireless sensing network, and the sensing data sensed by the plurality of wireless sensors is wirelessly transmitted, and finally sent to the security monitoring center. The data transmission and processing is performed by the relationship between the plurality of security monitoring centers, thereby forming a joint defense system by combining the wireless sensing network with the security monitoring instant messaging system of the present invention.

綜上所述，本發明之安全監控即時通訊系統與其聯防 W 系統以及聯防方法，係藉由即時通訊代理人透過即時通訊軟體以達到即時通訊之效果，以解決傳統mail或人員監控等不便之情況，再者，事件資料庫内存有事件紀錄作為判斷依據，且包含對應解決的處理對策，藉此使安全監控即時通訊系統於能力範圍内自行排除各類資安攻擊事件或進行環境感測之訊息傳遞等目的；另外，藉由多個即時通訊代理人之聯絡人關係，構成聯合防禦概念，僅需於聯絡人清單内加入其它即時通訊代理人，即構成似樹狀結構之防 19 111314 201122895 索系統，可將監控事件、分析結果及事件紀錄等資訊即時傳送，藉此在最短時間内達到警示或協助解決問題，因此，透過上述聯防做法已解決目前多數資訊安全監控中心間無法互相協助的缺點，同時達到提前知悉資安事件資料以執行監控、防禦以及協助處理等效益。此外，除了將該聯防糸統應用於資訊安全監控外，更可結合無線感測網路加以應用，進仃％境感測以達成感測數據即時傳遞與分析處理之效果，藉此讓該聯防方式應用層面更加廣泛。、上述貫施例僅例示性說明本發明之原理及其功效，而非用於限制本發明。任何熟習此項技藝之人士均可在背本發明之精神及範訂，對上述實施例進行修錦變。因此，本發B月之避+丨仅嗜_岡 '、範圍所列。*利保護乾圍，應如後述之申請專利【圖式簡單說明】第1圖係本發明之安全監控即時通訊架構及其應用架構方塊圖；基本糸統體，2圖係進一步說明第1圖安全監控即時通訊系統且只施例之㈣独代理人之基核構方塊®; 、第3A圖係本發明整合多個安全監聯防系統之聯防實施上的概要圖；、為統之第3B圖么本發明整合多個安全 “ ^ 聯防系統結合無線感測網路實施上之概J圖。〜^系統之理流:圖4圖=發明安全監控與即時通訊之聯防方法之處 111314 20 201122895 第5圖係本發明安全監控與即時通訊之聯防方法中即時通訊代理人接收外部訊息之處理流程圖。【主要元件符號說明】In summary, the security monitoring instant messaging system and the integrated anti-W system and the joint prevention method of the present invention achieve the effect of instant messaging through instant messaging agents through instant messaging software, thereby solving the inconvenience of traditional mail or personnel monitoring. Furthermore, there is an event record in the event database as the basis for judgment, and the corresponding countermeasures are included, thereby enabling the security monitoring instant messaging system to self-exclude various types of security attacks or environmental sensing messages within the capability range. In addition, through the contact relationship of multiple instant messaging agents, the concept of joint defense is formed, and only other instant messaging agents need to be added to the list of contacts, which constitutes a tree-like structure. 19 111314 201122895 The system can transmit information such as monitoring events, analysis results and event records in real time to alert or assist in solving problems in the shortest time. Therefore, through the above-mentioned joint prevention practices, the shortcomings of most information security monitoring centers cannot be mutually assisted. At the same time, to reach the information on the advance incident Execution monitoring, prevention and treatment assistance benefits. In addition, in addition to the application of the anti-theft system to information security monitoring, it can also be applied in combination with the wireless sensing network to achieve the effect of instant transmission and analysis of the sensing data, thereby enabling the joint defense. The application level is more extensive. The above-described embodiments are merely illustrative of the principles of the invention and its effects, and are not intended to limit the invention. Any person skilled in the art can make modifications to the above embodiments in light of the spirit and scope of the present invention. Therefore, the avoidance of B 丨丨本丨丨、、、、、、、、、 *Protection protection of the trunk, should be patented as described later [Simple description of the diagram] Figure 1 is a block diagram of the security monitoring instant messaging architecture and its application architecture of the present invention; Basic architecture, 2 diagram further illustrates Figure 1 Safely monitor the instant messaging system and only apply the (4) sole agent's core structure block; and Fig. 3A is a schematic diagram of the joint prevention implementation of the integrated safety supervision system of the present invention; The invention integrates multiple security "^ joint defense system combined with wireless sensing network implementation on the J diagram. ~ ^ system flow: Figure 4 Figure = invention security monitoring and instant messaging joint prevention method 111314 20 201122895 5 is a flow chart of the process of receiving an external message by the instant messaging agent in the joint prevention method of the security monitoring and the instant communication of the present invention.

1 安全監控即時通訊系統 1，資安監控即時通訊系統 10 、 10，即時通訊代理人 101 分析模組 102 接收模組 103 處理板組 104 通報模組 11 事件資料庫 12 聯絡人清單 20 監控人員端 21 即時通訊軟體 30 〜36 無線感測器 40 ' 41 具協調者身份之無線感測器 A〜Μ 即時通訊代理人 Α，〜D，安全監控中心 S401〜S408 步驟 S501-S511 步驟 X 資安事件 Y 威脅分析結果 1113141 Security monitoring instant messaging system 1, security monitoring instant messaging system 10, 10, instant messaging agent 101 analysis module 102 receiving module 103 processing board group 104 notification module 11 event database 12 contact list 20 monitoring personnel 21 instant messaging software 30 ~ 36 wireless sensor 40 ' 41 wireless sensor A with coordinator identity 即时 instant messaging agent 〜, ~ D, security monitoring center S401 ~ S408 Step S501-S511 Step X 资安事件Y threat analysis result 111314

Claims

201122895 VII. Patent application scope: 1. A security monitoring instant messaging system for security monitoring center to conduct things = monitoring and instant notification. The security monitoring instant messaging system includes: an event database for storing a plurality of event records; Event: = Γ 人 ' 用以依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据依据― 卩传送传送 Γ Γ Γ , , , , , , , , 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10丨 (4) Full Μ & (4) Track (such as = #安安事件, and the material (4) is the security record: The security monitoring and immediate policy of the Shen-month patent cadre 3. 'The security record is for the security incident. The results of the analysis and processing of the 5.. patent application scope of the third paragraph of the security, the instant messaging agent re-packaged ^ word pass "system, which analyzes the value of the status and level of the analysis of the security incident, knife precipitation疋No to use the event database to clarify the information on the six secretaries of the 辜〜廿廿廿廿廿廿 = = = = = : : : : : : : : : : : : : : : : : : : : : : : : : : : : : Transmitting the security event to the receiving module is for receiving an instruction transmitted by the monitoring personnel; to process the module, and determining, according to the analysis result of the analyzing module, the receiving module The receiving monitor monitors the order of the transmission or the processing of the asset security database. The handling of the security incident is as follows: 6. If you apply for the security monitoring instant messaging system of the fifth item, the analysis module Associated with the security record and the security record An analysis is performed to analyze the "An incident" and the security record, and the processing module processes the security incident with the security record stored in the event database. Ό m Patent 1 & The security monitoring instant messaging system of the project, wherein the monitoring event is a sensing event. 8. If the application is for the security monitoring instant messaging system of the VII, the Queen’s control system and the wireless sensing network The wireless sensing network is formed by a plurality of sensors, and the sensing data captured by the sensing H is transmitted back to the security monitoring center via wireless technology as the instant messaging agent processes the Sensing events detected by the Security Monitoring Center. 9. A joint defense system that integrates multiple security monitoring instant messaging systems as described in the scope of the patent application. The joint defense system includes: The list is located in each of the safety monitoring systems. The system towel, each of the linked contact lists is the storage monitoring personnel 111314 23 201122895 information and other such safety supervision That is, '' 'personal information, for each security monitoring 5 = the monitoring person stored in the instant messaging anti-contact list == the local communication agent information will be the local end ^4 or the other instant control event Transmitted to the supervisor 2 = the supervisory communication system handled. - The full-monitoring of the female monitor. 10. The integrated multi-system joint defense system of claim 9 of the patent scope, wherein the local instant messaging system Transmitting via instant messaging software; the U-bike or other security monitoring is flooded to H. For example, the joint defense system of the ninth system of the patent application scope, wherein: Qing;:: Wang & control instant messaging event record is f An record. In order to ride the security incident, and 12. If the patent application scope is integrated with multiple security systems, the information related to the security incident handled by the local communication is the Baoan Er'an processing record. For example, please refer to the nth item of the patent scope to integrate multiple instants = anti-systems. Among them, each of the security monitoring instant messaging:: The update of the local event database. The information related to the event is carried out as the joint defense system of the integrated system of the scope of patent application No. u, wherein each of the security monitoring;; the instant messaging agent includes: R, first, 111314 24 201122895, analysis module, It is used to analyze the status and level of the security incident, and analyze whether the information stored in the incident database is used to record the information of the monitoring personnel stored in the security incident or (4) the list of joint contact persons or The other instant messaging agent data will be transmitted; the thousand notification module is for the analysis module to monitor the event, or the other instant messaging agent; the receiving module is used to receive the monitoring personnel The transmitted message transmitted by the referring person or the other instant messaging agent is related to the 2 pieces; and the 7-beautiful child handling group, and the receiving module determined according to the analysis module is determined by the receiving module The receiving supervisor (4) sends the fingerprint, reduces the information sent by the instant messaging agent and the information about the security incident handled or the information stored in the local event database. Text processing events. x greedy application for the scope of patents, the integration of multiple security monitoring (4) prevention system, in which the analysis module is analyzed by the sex of the security incident to analyze the security incident: Haibe *The record has money linkage, the ship's storage area is stored in the material bank (4) material. Event greedy. 16. If the scope of application for patent scope 9 is integrated, multiple safety supervisors 17=m system The event is the sensing event I. The second item: Integrating multiple security monitoring instant messaging ', · · Eight, the full monitoring instant messaging system is connected with Π1314 25 201122895 wireless sensing network, the wireless sensing network Formed by a plurality of sensors, the sensory data captured by the sensor is transmitted back to the security monitoring center through wireless technology, as the instant messaging agent processes the sensing detected by the security monitoring center. 18. A joint prevention method for security monitoring and instant messaging is used for the joint defense of information security and event tracking among a plurality of security monitoring centers. The method for preventing security monitoring and instant messaging includes the following steps: Each of the security monitoring centers establishes a list of contact prevention contacts, each of which lists the monitoring personnel data and other information of the security monitoring center; and causes the security monitoring center to analyze the received monitoring events, which is to monitor the monitoring events. The event is correlated with the stored event record to analyze whether the monitoring event is related to the event record; and when the security monitoring center analyzes the non-relevance, the monitored monitoring event is encapsulated into a joint defense The message is notified to the monitoring personnel and the other security monitoring center according to the list of the joint contact person. 19. The method for preventing and controlling security monitoring and instant messaging according to claim 18 of the patent scope, wherein the monitoring event is a security incident, and the The event is recorded as a security record. 20. In the case of the joint application of the security monitoring and instant messaging of claim 19, the analysis of the unrelated security monitoring center updates the stored security records with the joint defense message. ' 21. Security monitoring and instant messaging as claimed in item 19 of the patent application Joint defense 26 111314 201122895 ,., '· I , method, wherein the joint defense information system includes the security incident notification or the security security record. 22. For the joint defense and security communication method of claim 19, The analysis of the correlation between the security incident and the stored security record indicates whether there is a treatment strategy for handling the security incident in the security record. 23. For security monitoring and instant messaging of claim 18 The joint defense method, wherein the security monitoring center is connected to the wireless sensing network, and the wireless sensing network is formed by a plurality of sensors, and the sensing data captured by the sensor is wirelessly The security monitoring center is returned, and the monitoring event is a sensing event for the security monitoring center to analyze the received sensing event. 24. The method for joint prevention of security monitoring and instant messaging in claim 23, wherein each of the security monitoring centers receives the sensing data returned by the sensor to immediately notify the contact list of the contact person Monitor personnel and other security monitoring centers. 27 111314