TW201122895A - Security operation and instant messaging system, its union defense system and union defense method. - Google Patents

Security operation and instant messaging system, its union defense system and union defense method. Download PDF

Info

Publication number
TW201122895A
TW201122895A TW98145736A TW98145736A TW201122895A TW 201122895 A TW201122895 A TW 201122895A TW 98145736 A TW98145736 A TW 98145736A TW 98145736 A TW98145736 A TW 98145736A TW 201122895 A TW201122895 A TW 201122895A
Authority
TW
Taiwan
Prior art keywords
security
monitoring
instant messaging
event
security monitoring
Prior art date
Application number
TW98145736A
Other languages
Chinese (zh)
Inventor
Chien-Hsien Lee
Original Assignee
Trade Van Information Services Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Trade Van Information Services Co filed Critical Trade Van Information Services Co
Priority to TW98145736A priority Critical patent/TW201122895A/en
Publication of TW201122895A publication Critical patent/TW201122895A/en

Links

Landscapes

  • Alarm Systems (AREA)

Abstract

A security operation and instant messaging system, its union defense system and a union defense method are disclosed. The present invention is provided for a security operation center (SOC) to perform real-time reporting of a monitored event, such that an instant messaging agent (IM agent) can perform analysis and process of the monitored event, so as to determine whether the monitored event can be handled by oneself or needs to be reported to monitoring personnel via instant messaging according to an analysis result of the monitored event and pre-stored event records. Furthermore, the security operation and instant messaging union defense system and its union defense method of the present invention allow each security operation center to have its own union defense contant person list respectively, so as to facilitate each security operation center to perform instant message delivery of monitored event reporting and event process recording, thereby achieving union defense effect among each of the security operation centers.

Description

201122895 . 六、發明説明: 【發明所屬之技術領域】 本發明係關於一種安全監控即時通訊系統與其聯防 系統以及聯防方法’更詳而言之’係一種透過即時通訊而 傳送監控事件及處理對策之安全監控即時通訊系統、整合 多個該安全監控即時通訊系統之聯防系統以及安全監控與 即時通訊之聯防方法。 【先前技術】201122895 . VI. Description of the Invention: [Technical Field] The present invention relates to a security monitoring instant messaging system and its joint prevention system and a joint prevention method. More specifically, it is a type of monitoring event and countermeasures transmitted through instant messaging. The security monitoring instant messaging system, the integrated defense system of a plurality of the security monitoring instant messaging systems, and the joint prevention method of the security monitoring and the instant communication. [Prior Art]

隨著電腦網路迅速發展’人們生活與網際網路已息息 相關’無論查詢資料或網路購物,皆是透過網路於電腦與 伺服器間進行連線傳遞訊息,所以網路安金更顯重要,而 網路安全除了常見的資料外洩外,此外,就屬電腦遭受網 路連線異常或病毒入侵等資安攻擊。With the rapid development of the computer network, 'people's life and the Internet are closely related'. Whether it is querying data or online shopping, it is through the network to communicate between the computer and the server, so the network is more important. In addition to the common data leakage, Internet security is also a security attack on computers that suffer from network connection anomalies or virus intrusions.

由於網路攻擊事件層出不窮,因而網路安全也越受重 視,特別是一般大型企業或是公家機關對於網路安全更是. 不敢輕忽,比如:個人使用上常見的信件病毒、網路釣魚 或社=工程,再者網路入侵病毒、木馬程式、電腦蠕蟲等 等 大型機構的伺服器主機則可能有系統入侵或是阻 網路攻擊事件,除了有資料被竊取可能外’更可 中心(Security Operation Center’ SOC) 監控,以針對資安威脅進行預警、監 ’並提供適當解決方案、通報系統資 以達到監控或防禦之效果,進而避免企業 π成立_構内電腦網路的癱瘓。一般而言’企業機構多自 盯’’%安全監控 進行集中式的管理與 等方式, 控、通報與分析處理 安人員 3 111314 201122895 機關因資安問題所造成損失。 目前企業機關之網路安全監控中心接收到資安攻擊 事件時,系統内部會進行分析處理以及訊息通報,然而, 該方式仍有多處不便之處,像是監控部分,資安人員需24 小時於特定電腦上監控或針對資安狀況進行處理,此將造 成資安人員之不便;再者,訊息通報目.前多透過電子郵件 傳送至資安人員電子郵件内,若資安人員恰好無接收郵件 或剛好不在電腦前面,恐移漏重要資安事件而造成嚴重傷 害。此外,目前各企業機關之資訊安全監控中心多委外進 行建置,其最大問題在於各家資安監控系統有各自定義或 設定,簡單來說,各系統間要進行溝通或交流更顯不易, 因此,造成各家企業僅能運用自家系統之情況,除了資安 資源無法分享外,再嚴重者,若遇系統或資安人員無法立 即解決之問題,也難以立即得到幫助,簡單來說,就是缺 少聯合防禦資安之概念與實際作法,因而僅有事倍功半之 情況發生,也讓各企業機關於資安保護上更顯不足。 因此,如何使安全監控系統處理安全問題時可省時便 利,除了能做到即時通知於任一處之監控人員外,更期盼 各系統間形成聯合的系統,以達到聯合防禦的效果,簡單 來說,透過系統間聯合防禦之概念,使各系統達到溝通及 監控資訊分享等目的,藉此減少資源浪費又有事半功倍之 效果,綜上所述,實為目前亟欲解決之技術課題。 【發明内容】 鑒於上述習知技術之缺點,本發明係提供一種安全監 4 111314 201122895 ,, 1 · -控即時通訊系統與其聯防系統以及聯防方法,藉由即時通 说而將監控事件以及處理對策即時通知,以達到安全監控 功能之目的。 ^Due to the emergence of cyber attacks, network security has become more and more important, especially for large enterprises or public organizations. For the sake of network security, it is not easy to ignore, such as: common mail viruses, phishing or If you have a network intrusion, a Trojan horse, a computer worm, etc., the server host of a large organization may have a system intrusion or a network attack. In addition to the possibility of data being stolen, it is more central ( Security Operation Center' SOC) monitors and alerts the security threats, provides appropriate solutions, and informs the system to achieve monitoring or defense effects, thereby preventing enterprises from establishing a network of computers. Generally speaking, 'enterprise institutions are more self-targeting'. 'Security monitoring. Centralized management and other methods, control, notification and analysis and handling. Security personnel 3 111314 201122895 The losses caused by the organization's security problems. At present, when the network security monitoring center of the enterprise organization receives the security attack, the system will analyze and process the information and notify the information. However, there are still many inconveniences in this mode, such as the monitoring part. The security personnel need 24 hours. Monitoring on a specific computer or handling the security situation, this will cause inconvenience to the security personnel; in addition, the message is reported. Most of the previous emails are sent to the security personnel emails, if the security personnel just do not receive The mail is just not in front of the computer, and it may cause serious harm from the important security incident. In addition, at present, the information security monitoring centers of various enterprise organizations have been deployed outside the committee. The biggest problem is that each security monitoring system has its own definition or setting. In short, it is more difficult to communicate or communicate between systems. Therefore, it is difficult for each company to use its own system, except that the resources of the security resources cannot be shared. If the system or the security personnel cannot solve the problem immediately, it is difficult to get immediate help. In short, it is The lack of the concept and practice of joint defense of security, so that only half of the situation occurs, but also make the enterprise security more inadequate. Therefore, how to make the security monitoring system deal with security problems can save time and convenience. In addition to being able to notify the monitoring personnel at any place, it is expected to form a joint system among the systems to achieve the effect of joint defense. In other words, through the concept of joint defense between systems, each system achieves the purpose of communication and monitoring information sharing, thereby reducing the waste of resources and having a multiplier effect. In summary, it is a technical issue that is currently being solved. SUMMARY OF THE INVENTION In view of the above-mentioned shortcomings of the prior art, the present invention provides a security supervisor 4 111314 201122895, a control instant messaging system and its joint defense system and a joint defense method, which will monitor events and countermeasures through instant messaging. Instant notification for the purpose of security monitoring. ^

本:明:供一種安全監控即時通訊系統,用於安全監 控中心進订事件監控以及即時通報,係包括:事件資料庫, 係用f儲存複數筆事件紀錄;即時通訊代理人(IM r二r依據該事件資料庫所儲存的事件紀錄處理該 :二控中心所偵測之監控事件;以及聯絡人清單,係儲 鲁存作為聯絡人之監护r人g次社 ’、 所;以供該㈣通訊代理人將 所處理的^事件即時傳送至該監控人員。 ;Μ施例中’將該即時通訊代理人所處理的監押事 件有^訊息係透過即時通訊軟體傳送至該監控人員 再者’於-具體實施例中,該監 且該事件紀錄為資安⑽^ 事件 八折㈣^ 卩時軌代理人復包括: ==二分析該資安事件之狀態與等級,以分析 ·:::= 料庫所儲存的資安紀錄來處理該資安事 =:聯::清單所儲存的監控人員資料將該資安事 送至該監==二供該分析模組將該資安事件傳 之指令;以及處理;Τέ 、且係用於接收該監控人員傳送 果,而;^m2、且’純㈣分析模組所分析出的結 該事件資料庫=::;:rr監控人員傳送之指令或 其中,該分析模m次Γ 行該資安事件的處理。 行分析,以在分析女事件與該資安紀錄的關聯性進 析出该賢安事件與該資安紀錄具有關聯 111314 5 201122895 性,則供該處理模組以該事件資料庫所儲存的資安紀錄來 處理該資安事件。 此外,於另-具體實施例中,該監控事件為感測事 件,該安全監控即時通訊系統係與無線感測網路連結,該 無線感測網路係由複數個感測器所形成,透過無線技術將 該感測器所擷取之感測數據傳回該安全監控中心,以作為 供該即時通訊代理人處理該安全監控中心所偵測之感測事 件。 本發明另提供一種整合多個前述安全監控即時通訊 系統之聯防系統’該聯防系統係包括:複數個聯防料人 清單,係分別位於各該安全監控即時通訊系統中,各該聯 防聯絡人清早係儲存監控人員資料以及其它該安全龄 時通訊系統之即時通訊代理人資料,以供各該安全^即 監二 人所處理的監押事杜P *貝科將本、之即時通訊代理 人所處理的皿控事件即時傳送至該監控里 監控即時通訊系統。 、-欠具匕的安全 其中’該監控事件為f安事件,且該事 紀錄。該與本端之即時通訊代理人所處安事件貪安 的訊息係包含#安事件通報或資安處理紀錄,牛有關 :控即時=之即時通訊代理人係以與所處理的資安:安 有關的'Ht本端事件資料庫之更新。 事件 此外’該監控事件亦為感測事件,該安全 訊系統係與無線感測網路連結’該無線感測網^由= 201122895 · ·.» 理該安全監w貞㈣㈣通訊代理人處 本發明又提供一種安全監控與 法,係用於複數個安全監控中 ▲ 訊之聯防方 共同防紫’該安全監控與即時通;:==縱之Ben: Ming: For a security monitoring instant messaging system, used for security monitoring center subscription event monitoring and instant notification, including: event database, using f to store multiple event records; instant messaging agent (IM r two r According to the event records stored in the event database, the monitoring events detected by the second control center; and the list of contacts are stored as the contact person's monitoring personnel. (4) The communication agent immediately transmits the processed event to the monitoring personnel. In the application, 'the event of the custody handled by the instant messaging agent is transmitted to the monitoring personnel via the instant messaging software'. In the specific embodiment, the event is recorded as a security (10)^ event 20% (four) ^ 卩 time track agent complex includes: == two analysis of the status and level of the security event to analyze ·::: = The security records stored in the database to handle the security information =: Lian:: The monitoring personnel information stored in the list will be sent to the supervisor == two for the analysis module to pass the security incident Instruction; and processing; And is used to receive the monitoring personnel to transmit the fruit, and ^m2, and the 'pure (four) analysis module analyzes the node of the event database =::;: rr the instruction transmitted by the monitoring personnel or the analysis module The following is the processing of the security incident. The analysis is conducted to analyze the correlation between the female incident and the security record. The Xianan incident is related to the security record. 111314 5 201122895 The security event is processed by the security record stored in the event database. In addition, in another embodiment, the monitoring event is a sensing event, and the security monitoring instant messaging system is connected to the wireless sensing network. The wireless sensing network is formed by a plurality of sensors, and the sensing data captured by the sensor is transmitted back to the security monitoring center through wireless technology, as the instant messaging agent handles the security. The sensing event detected by the monitoring center. The invention further provides a joint defense system integrating a plurality of the foregoing security monitoring instant messaging systems. The joint defense system includes: a plurality of linked preventer lists, respectively In the fully-monitored instant messaging system, each of the joint liaisons stores the information of the monitoring personnel and other instant messaging agent information of the secure age communication system for the security of the security personnel. *Beca will immediately transmit the container control event handled by the instant messaging agent to the monitoring and monitoring instant messaging system. - The security of the insufficiency is 'the monitoring event is the f-an event, and the matter is recorded. The message of the incident with the local instant messenger's security incident includes the #安 event notification or the security record. The cow is related to: the instant messaging agent is controlled by the instant messaging agent. Relevant 'Ht local event database update. Event addition' The monitoring event is also a sensing event, the security system is connected to the wireless sensing network 'The wireless sensing network ^ by 201122895 · ·.» The safety supervision w贞 (4) (4) communication agent office The present invention also provides a security monitoring and law, which is used in a plurality of security monitoring ▲ the joint defense party to prevent purple 'this security monitoring and instant messaging; :== vertical

聯絡人清單係储存監控人員資==!全各該聯防 資料;令各該安全監控中心對雜全監控中心 析’係將該監控事件與所儲存之事彳m控事件進行分 析,以分析出該監控事件是否與該事二錄3性分 以及於該安全監控巾'。分析聯性; 該監控事件封裴成聯二:*所分析的 該監控人員及該其它安全監控中心。 人π早通知The list of contacts is stored in the monitoring personnel ==! All the joint defense data; so that the security monitoring center analyzes the monitoring event and the stored events, to analyze the Whether the monitoring event is recorded with the matter and the security monitoring towel'. Analytical association; The monitoring event is sealed into two: * The monitored personnel and the other security monitoring centers analyzed. People π early notice

其中,該監控事件係為資安事件,該事件紀錄6 紀錄,且透過複數安全監控中心間之聯防㈣,= 安事件監控、即時通知及事件處理。 ,_貝 測網路連結,該無 透過無線技術將該 控中心,而該監控 心對所接收到的感 此外,该安全監控中心係與無線感 線感測網路係由複數個感測器所形成, 感測器所操取之感測數據傳回該安全監 事件係為感測事件,以供該安全監控中 測事件進行分析。 相較於各0技術,本發明之安全監控即時通訊气 其聯防系統β及聯防方法,係提供安全監控中心可= 111314 7 201122895 時通訊而達到即時監控通知之效果外,更透過聯絡人清單 . 方式可建立聯合防禦機制,將各安全監控中心組成樹狀之 聯合系統,以將監控事件相關訊息進行傳送,並提供監控 事件通報、處理或事件紀錄等資訊,以提升各安全監控中 心對安全監控防禦能力以及監控事件處理之速度與強度。 此外,該聯合防禦概念不僅用於資訊安全監控處理,更可 配合無線技術與多個感測器間形成網狀網路架構,並將所 擷取的感測數據進行處理及傳遞,藉此提供各安全監控即 時通訊系統間之訊息傳遞及聯合防禦。 · 【實施方式】 以下係藉由特定的具體實例說明本發明之技術内 容,熟悉此技藝之人士可由本說明書所揭示之内容輕易地 暸解本發明之其他優點與功效。 如第1圖所示,係本發明之安全監控即時通訊系統之 基本系統架構及其應用架構方塊圖。如圖所示,'該安全監 控即時通訊系統1係用於安全監控中心進行事件監控以及 $ 即時通報,其係包括即時通訊代理人10、事件資料庫11 以及聯絡人清單12。其中,該安全監控即時通訊系統1係 設置於安全監控中心(在此未予以圖示)内,用於監控、 分析、判斷及處理所偵測之監控事件,當即時通訊代理人 10接收來自安全監控中心所通報監控事件後,即對該監控 事件進行監控、分析以及後續處理程序;而事件資料庫11 係與即時通訊代理人10相連通,用於儲存複數筆事件紀 錄,而該事件紀錄是指已知的監控事件之相關資料,其包 8 111314 201122895 ,,, . 含狀態、等級、分析結果及處理對策等資訊;該聯絡人清 單12係包含作為聯絡人的監控人員資料,以供該即時通訊 代理人10進行監控事件通知,以將監控事件即時傳送至該 聯絡人清單12内監控人員之通訊裝置,該通訊裝置可為電 腦、手機、PAD或可供上網之電子裝置。 其中,該即時通訊代理人10與該聯絡人清單12内監 控人員係透過即時通訊軟體(在此未予以圖示)進行訊息 傳遞,也就是監控人員僅需擁有可上網之裝置即可,如第 • 1圖所示,該即時通訊代理人10可透過一個或多個即時通 訊伺服器(IM server)所形成之即時通訊網路將訊息傳送 至監控人員端20。簡單來說,由於該監控事件係透過即時 通訊軟網路以即時通訊軟體進行傳遞,此時無論監控人員 身處何處,僅需將即時通訊軟體設於開啟狀態下,就可即 時接收到該監控事件相關資訊,因此,監控人員無需侷限 於單一電腦前進行24小時監控動作,或者僅能於收發郵件 ^ 後才得知監控事件之發生情形。 再者,所使用之即時通訊軟體係以該聯絡人清單12 作為聯繫之選擇,其好處在於可將監控人員進行分組或分 類,以便依據監控内容、時間分配或屬性等差異,僅通知 部分監控人員或告知相關人員,如此使得監控事件通知上 更省事。 於一具體實施例,前述監控事件可為資安事件,透過 該安全監控即時通訊系統進行資訊安全事件之監控,而該 事件紀錄為資安紀錄,係為各類資安事件態樣以及處理方 9 111314 201122895 ,, 式。 如第2圖所示,係用以進一步說明第1圖安全監控即 時通訊系統具體實施例之即時通訊代理人之基本架構方塊 圖。如圖所示,本實施例安全監控即時通訊系統為一資安 監控即時通訊系統Γ,用以處理資安事件監控、即時通知 及處理,其中,該資安監控即時通訊系統Γ的即時通訊代 理人10’復包括分析模組101、接收模組102、處理模組103 以及通報模組104。 該分析模組101係用以分析該資安事件之狀態與等 級,以決定該資安事件需由系統自行處理,或是通知監控 人員後等待監控人員之處理指令。 該接收模組102係用於接收監控人員傳送之指令。 該處理模組103係用於執行處理資安事件之指令,這 裡所指之處理係包括前述系統自行處理或是由接收模組 102接收監控人員傳送之指令來決定處理對策。 該通報模組104係供該分析模組101將分析後之資安 事件等相關訊息傳送給監控人員。 詳而言之,該分析模組101係將資安事件與資安紀錄 進行關聯比對,當分析模組101收到資安事件時會先進行 分析判斷,以決定後續處理方式,而該分析判斷的準則係 與事件資料庫11内的資安紀錄比對,若曾有類似資安事 件,則可採用已儲存之處理對策進行處理,若未曾發生過 之資安事件,則透過通報模組104傳送資安事件資訊至監 控人員端20並等待回傳指令,而本實施例之即時通訊代理 10 111314 201122895 1 人10’之通報模組104係經由即時通訊網路與監控人員端 -20之即時通訊軟體21進行訊息傳遞。 、 再者,該處理模組1〇3係依據監控人員端2〇所傳送 之指令進行資安事件處理,如前所述,監控人員端2〇收到 資安事件資訊後並回傳處理指令,透過接收模組1〇2接受 後再傳給處理模組1〇3進行處理;此外,該處理模組ι〇3 係依據分析模組101提供自行處理之指令進行資安處理, 如刚所述,若資女監控即時通訊系統1 ’可自行處理資安事 件’則依據事件資料庫11内資安紀錄所提供的預設處理對 策自行處理該資安事件並回報監控人員端。 此外,於另一具體實施例中,本發明之安全監控即時 通訊系統亦可結合無線感測網路(sensor network)並應用 於環境狀態的偵測感應上。換言之,該安全監控即時通訊 系統之監控事件可為感測事件,藉此無線感測器進行環境 感測,再透過複數個感測器所形成無線感測網路進行感測 •數據傳送,且將該些感測數據傳回某一安全監控即時通訊 系統’以進行前述感測事件的訊息傳遞及處理。 詳而言之,前述無線感測器係具有無線電波 C radiofrequency ; RF )傳輸能力及特定感測用途之獨立電 力的感測器,可用於感測如溫度、溼度、震動、光線、水 貝或空氣等多類型環境數據,且複數個無線感測器間形成 無線感測網路以將所擷取偵測數據進行傳送,如由圧£丘 802.15.4標準規範下之Zigbee通訊技術所形成短距離無線 感測網路,該複數個無線感測器中係包含具協調者 111314 11 201122895 (coordinator)身份之無線感測器,以 ' w將該些數攄進杆儲 存及判斷,該些具協調者身份之無線感剩 安全監控中心或是置於安全監控中心內 ^ ’再藉由安全監批 即時通訊系統内聯絡人清單以將所擷驭戸冰 / 衣〗兄資料傳遞1他 安全監控即時通訊糸統,或是安全監控 八 1 4通訊系統内之 監控人員;前述具體應用層面廣泛,如國家邊界區域透過 設置無線感測器進行震動感測以防止非# 〇 Ί許可人員的進Among them, the monitoring event is a security incident, which records 6 records and is monitored through the multiple security monitoring centers (4), = event monitoring, instant notification and event handling. , _ beta network connection, the wireless control technology does not pass the control center, and the monitoring heart is received. In addition, the security monitoring center and the wireless sensing line sensing network are composed of a plurality of sensors. The sensing data acquired by the sensor is returned to the safety monitoring event as a sensing event for analysis in the safety monitoring. Compared with the 0 technologies, the security monitoring instant messaging system of the present invention has its joint defense system β and the joint defense method, and provides the security monitoring center to control the effect of the instant monitoring notification when the communication is reached, and the contact list is also obtained. The method can establish a joint defense mechanism, and each security monitoring center is formed into a tree-like joint system to transmit monitoring event related information, and provide information such as monitoring event notification, processing or event record to improve security monitoring of each security monitoring center. Defensive capabilities and monitoring the speed and intensity of event processing. In addition, the joint defense concept is not only used for information security monitoring and processing, but also forms a mesh network structure with wireless technology and multiple sensors, and processes and transmits the captured sensing data. Each security monitors the messaging and joint defense between instant messaging systems. [Embodiment] The technical contents of the present invention are described below by way of specific examples, and those skilled in the art can easily understand other advantages and effects of the present invention from the contents disclosed in the present specification. As shown in Fig. 1, it is a block diagram of the basic system architecture and application architecture of the security monitoring instant messaging system of the present invention. As shown in the figure, the security monitoring instant messaging system 1 is used for security monitoring center for event monitoring and instant notification, and includes an instant messaging agent 10, an event database 11 and a contact list 12. The security monitoring instant messaging system 1 is installed in a security monitoring center (not shown here) for monitoring, analyzing, judging and processing the detected monitoring events, when the instant messaging agent 10 receives security. After the monitoring center reports the monitoring event, it monitors, analyzes and processes the monitoring event; and the event database 11 is connected to the instant messaging agent 10 for storing a plurality of event records, and the event record is Refers to the relevant monitoring event related information, including 8 111314 201122895,,, . Contains information such as status, grade, analysis results and treatment countermeasures; the contact list 12 contains the monitoring personnel information as the contact person for the purpose The instant messaging agent 10 performs a monitoring event notification to immediately transmit the monitoring event to the communication device of the monitoring person in the contact list 12, which may be a computer, a mobile phone, a PAD or an electronic device for accessing the Internet. The instant messaging agent 10 and the monitoring personnel in the contact list 12 transmit information through the instant messaging software (not shown here), that is, the monitoring personnel only need to have a device capable of accessing the Internet, such as • As shown in Fig. 1, the instant messaging agent 10 can transmit the message to the monitoring personnel terminal 20 through an instant messaging network formed by one or more IM servers. In short, since the monitoring event is transmitted by the instant messaging soft network through the instant messaging software, no matter where the monitoring personnel are located, the instant messaging software can be instantly received only when the instant messaging software is set to the open state. Monitoring event related information, therefore, the monitoring personnel need not be limited to a single computer to perform 24-hour monitoring actions, or can only know the occurrence of monitoring events after sending and receiving emails. Moreover, the instant messaging soft system used is selected by the contact list 12 as a contact, and the advantage is that the monitoring personnel can be grouped or classified so that only some monitoring personnel can be notified according to differences in monitoring content, time allocation or attributes. Or inform the relevant personnel, so that the monitoring of event notifications is more convenient. In a specific embodiment, the monitoring event may be a security incident, and the information security event is monitored through the security monitoring instant messaging system, and the event is recorded as a security record, which is a variety of security incidents and processing parties. 9 111314 201122895 ,,. As shown in Fig. 2, it is a block diagram showing the basic architecture of the instant messaging agent of the specific embodiment of the security monitoring instant communication system of Fig. 1. As shown in the figure, the security monitoring instant messaging system of the present embodiment is a security monitoring instant messaging system for processing security event monitoring, instant notification and processing, wherein the security monitoring instant messaging system is an instant messaging agent. The person 10' includes an analysis module 101, a receiving module 102, a processing module 103, and a notification module 104. The analysis module 101 is configured to analyze the status and level of the security event to determine whether the security event needs to be handled by the system itself, or to notify the monitoring personnel and wait for the processing instructions of the monitoring personnel. The receiving module 102 is configured to receive an instruction transmitted by a monitoring personnel. The processing module 103 is configured to execute an instruction for processing a security event, and the processing referred to herein includes processing by the system itself or receiving an instruction transmitted by the monitoring personnel by the receiving module 102 to determine a processing countermeasure. The notification module 104 is configured to transmit, by the analysis module 101, related information such as the analyzed security events to the monitoring personnel. In detail, the analysis module 101 compares the security events with the security records. When the analysis module 101 receives the security incident, it first analyzes and determines the subsequent processing methods, and the analysis is performed. The criteria for judging are compared with the records of the security records in the event database. If there has been a similar incident, the stored processing measures can be used. If there is no incident of security, the notification module will be used. 104 transmits the security event information to the monitoring personnel terminal 20 and waits for the returning instruction, and the instant messaging agent of the present embodiment 10 111314 201122895 1 person 10' notification module 104 is instant via the instant messaging network and the monitoring personnel terminal-20 The communication software 21 performs message delivery. Furthermore, the processing module 1〇3 performs the security event processing according to the instruction transmitted by the monitoring personnel terminal 2, as described above, the monitoring personnel terminal 2 receives the information of the security event and returns the processing instruction. After being received by the receiving module 1〇2, it is transmitted to the processing module 1〇3 for processing; in addition, the processing module ι〇3 is provided with self-processing instructions according to the analysis module 101, such as just As mentioned, if the Zidu monitoring instant messaging system 1 'can handle the security incidents on its own', the self-administered incidents will be handled according to the default processing measures provided by the security records in the event database 11 and the monitoring personnel will be reported. In addition, in another embodiment, the security monitoring instant messaging system of the present invention can also be combined with a wireless sensor network and applied to the detection of environmental conditions. In other words, the monitoring event of the security monitoring instant messaging system can be a sensing event, whereby the wireless sensor performs environment sensing, and then the wireless sensing network formed by the plurality of sensors performs sensing and data transmission, and The sensing data is transmitted back to a security monitoring instant messaging system to perform message transmission and processing of the foregoing sensing events. In detail, the aforementioned wireless sensor is a sensor having radio wave C radiofrequency (RF) transmission capability and independent power for specific sensing purposes, and can be used for sensing such as temperature, humidity, vibration, light, water shell or air. And other types of environmental data, and a plurality of wireless sensors form a wireless sensing network to transmit the captured detection data, such as a short distance formed by Zigbee communication technology under the standard of 802.15.4 a wireless sensing network, wherein the plurality of wireless sensors include a wireless sensor having the identity of the coordinator 111314 11 201122895 (coordinator), which is used to store and judge the numbers into the poles, and the coordination The wireless sensory security monitoring center of the identity is placed in the security monitoring center ^ 'and then through the security supervision and approval of the contact list in the instant messaging system to pass the ice / clothing brothers information 1 his security monitoring instant Communication system, or security monitoring of monitoring personnel in the 8.4 communication system; the above specific application areas are extensive, such as the national border area by setting the wireless sensor for vibration sensing # Billion into the only non-licensed personnel Ί

出,或於河川各區段設置水質感測器以監控水質變化或有 無污染情況’或者保全純透過溫度及震動感測以達到監 測功能及資訊即時通知效果,更可使用於偏遠地區之自動 放牧,係於牧場四周散佈無線感測器,若感測到牛群超出 牧%範圍時驅動牛隻所掛項圈達到嚇阻效果,簡單來說, 透過環境數據偵測及無線網路傳送作為即時監控資訊傳送 以提供系統分析及後續事件處理。Out, or set up water quality sensors in various sections of the river to monitor changes in water quality or pollution status or to maintain temperature and vibration sensing to achieve monitoring function and information notification effect, and can be used for automatic grazing in remote areas. It is distributed around the ranch to distribute wireless sensors. If it senses that the herd exceeds the range of grazing, it will drive the bulls to keep the collars to the deterrent effect. Simply speaking, through environmental data detection and wireless network transmission as real-time monitoring. Information transfer to provide system analysis and subsequent event processing.

另外,整合多個本發明之安全監控即時通訊系統以形 成本發明另一實施例之聯防系統,由於係將多個安全監控 即時通訊系統1聯合組成,故本實施例之聯防系統之系統 架構與第1及2圖相似,唯不同處在於,本實施例之整合 多個安全監控即時通訊系統之聯防系統具有複數個聯防聯 絡人清單,各該聯防聯絡人清單係分別位於各該安全監控 即時通訊系統中,各該聯防聯絡人清單係儲存監控人員資 料以及其匕β亥女全監控即時通訊系統之即時通訊代理人資 料,且透過通報模組將本端之即時通訊代理人取得的監控 事件封裝成聯防訊息並即時傳送至該聯防聯絡人清單之其 111314 12 201122895 ., . 它成員。因此,本實施例之安全監控即時通訊之聯防系統 與前述最大差異在於藉由聯防聯絡人清單除了負責處理本 端之安全監控即時通訊系統之監控人員外,更包含其它即 時通訊代理人,藉由各即時通訊代理人間形成一樹狀架構 之關係,進而產生聯合防禦之效果。 於一較佳實施例中,前述之安全監控即時通訊之聯防 系統可為一資安監控即時通訊之聯防系統,而監控事仵與 事件紀錄分別為資安事件及資安紀錄,因而該通報模組所 • 傳送的聯防訊息係包含資安事件通報或資安處理紀錄。而 該資安事件通報係為資安事件内容、狀態及分析結果等訊 息;而資安處理紀錄係為任一資安監控即時通訊系統處理 後所產生的紀錄,可提供予其他資安監控即時通訊系統作 為紀錄以防範未來。 於另一實施例中,該資安監控即時通訊之聯防系統内 之即時通訊代理人係以該聯防訊息進行該事件資料舉更 ^ 新,亦即當即時通訊代理人接收到該聯防訊息後,會以該 些聯防訊息進行事件資料庫更新,由於該些聯防訊息包括 資安事件相關資訊、分析結果、處理方式等,因此,當接 收聯防訊息後更新事件資料庫可讓往後資安防禦分析更完 整。 如第3A圖所示,係用以說明本發明整合多個安全監 控即時通訊系統之聯防系統之聯防實施上的概要圖。先行 說明的是,於聯防機制中的每一個資訊安全監控中心内的 即時通訊代理人之功能與前述相同,主要差異係其聯絡人 13 111314 201122895 清單除了原本的監控人員外,另外還有其他即時通訊代理 人,簡單來說,當任一成員加入聯絡人清單中就可等於加 入整個聯防系統,間接與其他成員相連繫。如圖所示,即 時通訊代理人Η是即時通訊代理人C的聯絡人,所以(H,c) 形成聯防系統,即時通訊代理人Ϊ是即時通訊代理人c的 聯絡人,所以(I,C)形成聯防系統,因而(H,c^〇(ic)聯隽 組成更大聯防系統(H’CJ),由上述方式類推,於第3圖= 係表示一個擁有13個成員的聯防系°统 (A,B,C,D,E,F,G,H,I,J,K,L,M)。 假設即時通訊代理人C遭受資安攻擊,產生資安事件 X,即時通訊代理人C之聯絡人清單中有三位聯防 成員’所以即時通訊代理人C將此資安事件χ透過 訊網路發送給贴邮個即時通訊代理人,即時通^代理 人Η跟即時通訊代理人!接收到此資安事件χ檢查盆 人清單發現只有即時通訊代理人c,故不再 發送給其他聯絡人,即時通訊代理人Α收到此資安事件X 後可以發送給(B,D,E)三個即時通訊代理人 將與該資安事件x相關的訊息傳遞给全部個成ΐ即Γ 分析結”發送‘ 防成貝進订防示决戚,首先即時通訊代理人 發送給(以綱,即時通訊代理人Β發送_, 代理人C杳送給(Η,Ι),剩下類推 傳遞給全部成員。因為每個成昌卢成將威脅为析結果Υ ,^ 母個成貝處理攻擊的能力不同,辦 以透過聯防訊息的傳遞,只要 所 仕成貝擁有處理能力,即 Π1314 14 201122895.,. . 能將分析結果快速散佈給所有成員,因而透過聯防機制提 昇整體防護能力。 如第3B圖所示,係說明本發明整合多個安全監控即 時通訊系統之聯防系統結合無線感測網路實施上之概要 圖。於本實施例中,安全監控中心A’〜D’可分別與無線感 測網路結合,如安全監控中心A’係連接一無線感測網路, 該無線感測網路内包含多個無線感測器30、3.1、32、33, 每一個無線感測器可感測所在位置的環境狀態,如溫度、 • 光線、水質或震動等環境感測數據,該些無線感測器30-33 間透過無線傳輸技術將所擷取感測數據進行傳遞,最後傳 遞至具協調者(coordinator )身份之無線感測器40以對感 測數據進行紀錄與處理,或者是送至所屬安全監控中心A’ 進行感測數據紀錄及對應處理,同樣地,於聯防系統中的 另一端,例如安全監控中心D’,亦接收由無線感測器34-36 及具協調者身·份之無線感測器41所傳送來的感測數據,最 I 後所有安全監控中心A’〜D’形成一聯防系統,且對該些感 測數據進行資訊分析及資料傳遞,藉此形成即時資料傳遞 與分析處理之聯防系統。 如第4圖所示,係用以說明本發明安全監控與即時通 訊之聯防方法之處理流程圖。如圖所示,本實施例係將聯 防方式應用於資訊安全監控、即時通知及處理的資訊安全 監控中心,於流程S401中,係為即時通訊代理人收到資 安事件。當資訊安全監控中心察覺資安攻擊時,即由即時 通訊代理人對該資安事件進行判斷,接著進至步驟S402。 15 111314 201122895 於該步驟S402中,係判斷該資安事件是否啟動聯防; 由於資安攻擊種類甚多,因而依據該資安事件等級、狀態 來決定是否啟動聯防機制,若無需啟動聯防,則進至步驟 S403 ;反之,若資安事件重大而需啟動聯防機制,則進至 步驟S407。 於該步驟S403中,係判斷事件處理對策,即判斷該 資安事件係由資安監控即時通訊系統本端(例如資訊安全 監控中心)自行處理或是通知監控人員進行處理。通常係 透過前述事件資料庫之資安紀錄進行比對判斷,若該資安 紀錄已儲存解決方式,即屬本端的資安監控即時通訊系統 可自行處理,則進至步驟S404 ;反之,若該資安事件無法 由本端的資安監控即時通訊系統自行處理,即屬於需通報 的資安事件,則進至步驟S406。 於該步驟S404中,啟動預設處理對策以排除或處理 該資安事件,該預設處理對策係儲存於事件資料庫中,其 中,多為為常見資安攻擊以及其處理方式之紀錄,接著進 至步驟S405。 於該步驟S405中,透過即時通訊網路將該資安事件 的處理結果通知監控人員,即可結束本實施例之資安監控 與即時通訊之聯防方法的處理。 於該步驟S406中,由於本端的資安監控即時通訊系 統無法直接處理,故可透過即時通訊網路通知監控人員, 以等待監控人員提供指令以進行後續處理,即可結束本實 施例之資安監控與即時通訊之聯防方法的處理。 16 111314 201122895 於該步驟S407中,由於資安事件重大而需啟動聯防 機制,故將該資安事件封裝為聯防訊息,以便即時通知資 安監控即時通訊之聯防系統其它成員,接著進至步驟 S408。另提出說明的是,亦可透過即時通訊網路通知監控 人員,也就是說,先行通知負責監控本端的資安監控即時 通訊系統之監控人員,以等待該監控人員提供指令以進行 後續處理。 於該步驟S408中,係為通知聯防聯絡人清單内之聯 • 防成員,此處所述之聯防成員係為聯防聯絡人清單上之其 它即時通訊代理人,以等待其它即時通訊代理人就該資安 事件提供處理方式,即可結束本實施例之資安監控與即時 通訊之聯防方法的處理。 如第5圖所示,係用以說明本發明安全監控與即時通 訊之聯防方法中即時通訊代理人接收外部訊息之處理流程 圖。本實施例同樣以聯防方式應用於資訊安全監控、即時 | 通知及處理的資訊安全監控中心,如圖所示,於步驟S501 中,即時通訊代理人收到外部訊息,意即可能是監控人員 所傳回或是其它即時通訊代理人所傳送之訊息,接著進至 步驟S502。 於該步驟S502中,係判斷訊息種類,即判斷所接收 外部訊息為監控人員所傳之指令,或其它即時通訊代理人 所傳送之聯防訊息,若談外部訊息被判斷為聯防訊息,則 進至步驟S503 ;反之,若該外部訊息被判斷為監控人員所 傳之指令,則進至步驟S510。 17 111314 201122895 於該步驟S503中,係判斷該聯防訊息為資安事件或 是資安事件之分析與紀錄,若該外部訊息屬於資安事件, 則進至步驟S504 ;反之,若該外部訊息屬於資安事件之分 析與紀錄,則進至步驟S508。 於該步驟S504中,接收到該聯防訊息之本端資安監 控即時通訊系統之即時通訊代理人會將該聯防訊息進行資 料庫更新,使得該些聯防訊息被儲存以作為下次資安事件 判斷準則,接著進至步驟S505。 於該步驟S505中,將該資安相關資料與資安紀錄作 比對,以比對出是否有相應的資安紀錄,以作為對策參考 用,若比對的結果並未比對出該資安紀錄,即表示不曾遭 遇該資安事件,則進至步驟S506 ;反之,若比對的結果可 比對出該資安紀錄,即表示先前已遭遇過該資安事件,則 進至步驟S507。 於該步驟S506中,將資安事件繼續傳送給其它即時 通訊代理人,即可結束本實施例之資安監控與即時通訊之 聯防方法的處理。 於該步驟S507中,將分析結果等紀錄傳送至其它即 時通訊代理人,即可結束本實施例之資安監控與即時通訊 之聯防方法的處理。 . 於該步驟S508中,由於判斷出該聯防訊息為資安事 件之分析與紀錄,更新事件資料庫以作為下次資安事件判 斷準則,接著進至步驟S508。 於該步驟S509中,將所收到之分析結果與資安紀錄 18 111314 201122895 .、 * 傳送至其它即時通訊代理人,即可結束本實施例之資安監 控與即時通訊之聯防方法的處理。 於該步驟S510中,由於判斷出所收到的訊息種類為 監控人員所傳送之指令,故執行監控人員所傳送指令對應 程序,也就是說,即時通訊代理人依據監控人員所送回指 令進行資安事件處理,接著進至步驟S511。 於該步驟S511中,將處理结果回報至監控人員端, 即可結束本實施例之資安監控與即時通訊之聯防方法的處 #理。 此外,該安全監控與即時通訊之聯防方法係可與無線 感測網路結合應用,主要將複數個無線感測器所感測的感 測數據進行無線傳遞,最後送至所述安全監控中心内,藉 由多個安全監控中心間聯繫關係進行資料傳遞及處理,藉 此結合無線感測網路與本發明之安全監控即時通訊系統形 成為一聯防系統。In addition, a plurality of security monitoring instant messaging systems of the present invention are integrated to form a joint defense system according to another embodiment of the present invention. Since a plurality of security monitoring instant messaging systems 1 are combined, the system architecture of the joint defense system of the present embodiment is The first and second figures are similar, except that the joint defense system of the plurality of security monitoring instant messaging systems of the embodiment has a plurality of linked contact lists, and each of the linked contact lists is located in each of the security monitoring instant messages. In the system, each of the linked contact lists stores the monitoring personnel information and the instant messaging agent information of the full-monitoring instant messaging system of the company, and encapsulates the monitoring events obtained by the local instant messaging agent through the notification module. Chenglian anti-message and immediately transmitted to the list of the joint contact person's 111314 12 201122895 . Therefore, the maximum difference between the security monitoring and instant messaging system of the present embodiment and the foregoing is that the contact person list is in addition to the monitoring personnel of the security monitoring instant messaging system of the local end, and includes other instant messaging agents. The relationship between the instant messaging agents forms a tree structure, which in turn produces the effect of joint defense. In a preferred embodiment, the aforementioned security monitoring instant messaging joint defense system can be a joint security monitoring system for monitoring instant messaging, and the monitoring events and event records are respectively a security incident and a security record, and thus the notification module The group's joint defense information is transmitted by the security incident report or the security record. The information on the incidents of the security incidents is the content, status and analysis results of the Zi'an incidents. The records of the security records are the records generated by any of the security monitoring instant messaging systems. They can be provided to other security monitoring instants. The communication system acts as a record to guard against the future. In another embodiment, the instant messaging agent in the security monitoring system of the security monitoring instant messaging system uses the joint defense message to perform the event information update, that is, when the instant messaging agent receives the joint defense message, The event database will be updated with these joint defense messages. Since the joint defense messages include information related to the security incidents, analysis results, and processing methods, the event database can be updated after receiving the joint defense message for subsequent security analysis. more complete. As shown in Fig. 3A, it is a schematic diagram for explaining the joint prevention implementation of the joint defense system of the present invention integrating a plurality of security monitoring instant messaging systems. First of all, the function of the instant messaging agent in each information security monitoring center in the joint defense mechanism is the same as the above. The main difference is the contact person. 13 111314 201122895 List In addition to the original monitoring personnel, there are other instants. The communication agent, in simple terms, when any member joins the contact list, can be equal to joining the entire defense system and indirectly connected to other members. As shown in the figure, the instant messaging agent is the contact person of the instant messaging agent C, so (H, c) forms a joint defense system, and the instant messaging agent is the contact person of the instant messaging agent c, so (I, C ) Forming a joint defense system, and thus (H, c^〇(ic) is combined to form a larger joint defense system (H'CJ), which is analogized by the above method. In Figure 3, it represents a joint defense system with 13 members. (A, B, C, D, E, F, G, H, I, J, K, L, M). Assume that the instant messenger C is subject to a security attack, generating a security incident X, instant messaging agent C There are three joint defense members in the list of contacts', so the instant messaging agent C sends the security incident to the postal instant messaging agent through the Internet, and immediately passes the agent to the instant messaging agent! This security incident χ check the list of people on the basin and found that only the instant messenger c is no longer sent to other contacts. The instant messaging agent can send it to (B, D, E) after receiving this security incident X. An instant messenger will pass the message related to the security incident x to all members. The knot "sends" to prevent the order into the order, first the instant messaging agent sends it to (with the outline, the instant messenger Β sends _, the agent C 杳 gives (Η, Ι), and the analogy is passed to All members. Because each Cheng Chang Lu Cheng will threaten to analyze the results, ^ mother has a different ability to deal with the attack, through the transmission of the joint defense message, as long as the company has the processing capacity, that is, 1314 14 201122895. The analysis results can be quickly distributed to all members, thus improving the overall protection capability through the joint defense mechanism. As shown in Fig. 3B, the invention discloses a joint defense system integrating multiple security monitoring instant messaging systems with a wireless sensing network. In the embodiment, the security monitoring centers A' to D' can be respectively combined with the wireless sensing network, such as the security monitoring center A' is connected to a wireless sensing network, the wireless sensing network The road includes a plurality of wireless sensors 30, 3.1, 32, 33, each of which senses the environmental state of the location, such as temperature, light, water quality or vibration, etc. The line sensors 30-33 transmit the captured sensing data through wireless transmission technology, and finally to the wireless sensor 40 with the coordinator identity to record and process the sensing data, or Send to the security monitoring center A' to perform sensing data record and corresponding processing. Similarly, the other end of the joint defense system, such as the security monitoring center D', is also received by the wireless sensor 34-36 and the coordinator. · The sensing data transmitted by the wireless sensor 41, and finally all the security monitoring centers A'~D' form a joint prevention system, and the information analysis and data transmission are performed on the sensing data, thereby forming A joint defense system for real-time data transfer and analysis processing. As shown in Fig. 4, it is a flowchart for explaining the joint prevention method of the security monitoring and the instant communication of the present invention. As shown in the figure, in this embodiment, the joint defense mode is applied to the information security monitoring center for information security monitoring, instant notification, and processing. In the process S401, the instant messaging agent receives the security event. When the information security monitoring center detects the security attack, the instant messaging agent judges the security event, and then proceeds to step S402. 15 111314 201122895 In this step S402, it is determined whether the security event starts the joint defense; because there are many types of security attacks, it is determined according to the level and status of the security event whether to start the joint defense mechanism, if it is not necessary to start the joint defense, then Go to step S403; otherwise, if the security event is important and the joint defense mechanism needs to be activated, proceed to step S407. In the step S403, the event processing countermeasure is determined, that is, the security event is determined by the local end of the security monitoring instant messaging system (for example, the information security monitoring center) to process or notify the monitoring personnel for processing. Usually, the comparison records are made through the security records of the event database. If the security record has been stored, the local security monitoring instant messaging system can handle the processing itself, and then proceed to step S404; The security incident cannot be handled by the local security monitoring instant messaging system itself, that is, the security incident to be notified, and the process proceeds to step S406. In the step S404, the preset processing countermeasure is started to exclude or process the security event, and the preset processing countermeasure is stored in the event database, wherein most of the records are common security attacks and their processing methods, and then Proceed to step S405. In the step S405, the monitoring result of the security event is notified to the monitoring personnel through the instant messaging network, and the processing of the joint security prevention and instant messaging prevention method of the present embodiment can be ended. In this step S406, since the local security monitoring instant messaging system cannot directly process, the monitoring personnel can be notified through the instant messaging network, and wait for the monitoring personnel to provide instructions for subsequent processing, thereby ending the security monitoring of the embodiment. The handling of the joint defense method with instant messaging. 16 111314 201122895 In this step S407, since the security event is required to start the joint defense mechanism, the security event is encapsulated into a joint defense message, so as to immediately notify the other members of the security monitoring instant messaging system, and then proceed to step S408. . It is also stated that the monitoring personnel can also be notified through the instant messaging network, that is, the monitoring personnel responsible for monitoring the local security monitoring instant messaging system are first notified to wait for the monitoring personnel to provide instructions for subsequent processing. In the step S408, it is notified to the joint defense members in the contact list, and the joint defense members described herein are other instant messaging agents on the contact list, waiting for other instant messaging agents to The security incident provides a processing method, which can end the processing of the joint defense method of the security monitoring and instant messaging of the embodiment. As shown in Fig. 5, it is a flowchart for explaining the processing of an external communication agent receiving an external message in the joint prevention method of the security monitoring and the instant communication of the present invention. In this embodiment, the information security monitoring center is also applied to the information security monitoring, instant | notification and processing. As shown in the figure, in step S501, the instant messaging agent receives an external message, which means that the monitoring personnel may be The message transmitted by the other instant messaging agent is returned, and then proceeds to step S502. In the step S502, determining the type of the message, that is, determining that the received external message is an instruction transmitted by the monitoring personnel, or a joint defense message transmitted by another instant messaging agent, if the external message is determined to be a joint defense message, then proceed to Step S503; conversely, if the external message is judged to be an instruction transmitted by the monitoring personnel, the process proceeds to step S510. 17 111314 201122895 In the step S503, it is determined that the joint defense message is an analysis and record of a security event or a security event. If the external message belongs to the security event, the process proceeds to step S504; otherwise, if the external message belongs to The analysis and record of the security incident proceeds to step S508. In the step S504, the instant messaging agent of the local security monitoring instant messaging system that receives the joint defense message updates the database to the database, so that the joint defense messages are stored for use as the next security incident. The criterion then proceeds to step S505. In the step S505, the relevant information of the security information is compared with the security record to compare whether there is a corresponding security record for use as a countermeasure reference, and if the result of the comparison is not compared with the capital If the security record is not encountered, the process proceeds to step S506. If the result of the comparison is comparable to the security record, that is, the security event has been previously encountered, then the process proceeds to step S507. In the step S506, the security event is continuously transmitted to other instant messaging agents, and the processing of the joint security monitoring and instant messaging prevention method of the embodiment can be ended. In the step S507, the record of the analysis result and the like are transmitted to the other instant communication agent, and the processing of the joint prevention method of the security monitoring and the instant communication of the embodiment can be ended. In the step S508, since it is determined that the joint defense message is an analysis and record of the security event, the event database is updated as the next security event determination criterion, and then proceeds to step S508. In the step S509, the received analysis result and the security record 18 111314 201122895 ., * are transmitted to other instant messaging agents, and the processing of the joint security prevention and control method of the present embodiment can be terminated. In the step S510, since it is determined that the received message type is an instruction transmitted by the monitoring personnel, the instruction corresponding program transmitted by the monitoring personnel is executed, that is, the instant messaging agent performs the security according to the instruction sent by the monitoring personnel. Event processing, and then proceeds to step S511. In the step S511, the processing result is reported to the monitoring personnel end, and the method of the joint defense method of the security monitoring and the instant communication of the embodiment can be ended. In addition, the security monitoring and instant messaging prevention method can be combined with the wireless sensing network, and the sensing data sensed by the plurality of wireless sensors is wirelessly transmitted, and finally sent to the security monitoring center. The data transmission and processing is performed by the relationship between the plurality of security monitoring centers, thereby forming a joint defense system by combining the wireless sensing network with the security monitoring instant messaging system of the present invention.

綜上所述,本發明之安全監控即時通訊系統與其聯防 W 系統以及聯防方法,係藉由即時通訊代理人透過即時通訊 軟體以達到即時通訊之效果,以解決傳統mail或人員監控 等不便之情況,再者,事件資料庫内存有事件紀錄作為判 斷依據,且包含對應解決的處理對策,藉此使安全監控即 時通訊系統於能力範圍内自行排除各類資安攻擊事件或進 行環境感測之訊息傳遞等目的;另外,藉由多個即時通訊 代理人之聯絡人關係,構成聯合防禦概念,僅需於聯絡人 清單内加入其它即時通訊代理人,即構成似樹狀結構之防 19 111314 201122895 索系統,可將監控事件、分析結果及事件紀錄等資訊即時 傳送,藉此在最短時間内達到警示或協助解決問題,因此, 透過上述聯防做法已解決目前多數資訊安全監控中心間無 法互相協助的缺點,同時達到提前知悉資安事件資料以執 行監控、防禦以及協助處理等效益。此外,除了將該聯防 糸統應用於資訊安全監控外,更可結合無線感測網路加以 應用,進仃%境感測以達成感測數據即時傳遞與分析處理 之效果,藉此讓該聯防方式應用層面更加廣泛。、 上述貫施例僅例示性說明本發明之原理及其功效,而 非用於限制本發明。任何熟習此項技藝之人士均可在 背本發明之精神及範訂,對上述實施例進行修錦 變。因此,本發B月之避+丨仅嗜_岡 '、 範圍所列。*利保護乾圍,應如後述之申請專利 【圖式簡單說明】 第1圖係本發明之安全監控即時通訊 架構及其應用架構方塊圖; 基本糸統 體,2圖係進一步說明第1圖安全監控即時通訊系統且 只施例之㈣独代理人之基核構方塊®; 、 第3A圖係本發明整合多個安全監 聯防系統之聯防實施上的概要圖; 、為統之 第3B圖么本發明整合多個安全 “ ^ 聯防系統結合無線感測網路實施上之概J圖。〜^系統之 理流:圖4圖=發明安全監控與即時通訊之聯防方法之處 111314 20 201122895 第5圖係本發明安全監控與即時通訊之聯防方法中即 時通訊代理人接收外部訊息之處理流程圖。 【主要元件符號說明】In summary, the security monitoring instant messaging system and the integrated anti-W system and the joint prevention method of the present invention achieve the effect of instant messaging through instant messaging agents through instant messaging software, thereby solving the inconvenience of traditional mail or personnel monitoring. Furthermore, there is an event record in the event database as the basis for judgment, and the corresponding countermeasures are included, thereby enabling the security monitoring instant messaging system to self-exclude various types of security attacks or environmental sensing messages within the capability range. In addition, through the contact relationship of multiple instant messaging agents, the concept of joint defense is formed, and only other instant messaging agents need to be added to the list of contacts, which constitutes a tree-like structure. 19 111314 201122895 The system can transmit information such as monitoring events, analysis results and event records in real time to alert or assist in solving problems in the shortest time. Therefore, through the above-mentioned joint prevention practices, the shortcomings of most information security monitoring centers cannot be mutually assisted. At the same time, to reach the information on the advance incident Execution monitoring, prevention and treatment assistance benefits. In addition, in addition to the application of the anti-theft system to information security monitoring, it can also be applied in combination with the wireless sensing network to achieve the effect of instant transmission and analysis of the sensing data, thereby enabling the joint defense. The application level is more extensive. The above-described embodiments are merely illustrative of the principles of the invention and its effects, and are not intended to limit the invention. Any person skilled in the art can make modifications to the above embodiments in light of the spirit and scope of the present invention. Therefore, the avoidance of B 丨 丨 本 丨 丨 、 、 、 、 、 、 、 、 、 *Protection protection of the trunk, should be patented as described later [Simple description of the diagram] Figure 1 is a block diagram of the security monitoring instant messaging architecture and its application architecture of the present invention; Basic architecture, 2 diagram further illustrates Figure 1 Safely monitor the instant messaging system and only apply the (4) sole agent's core structure block; and Fig. 3A is a schematic diagram of the joint prevention implementation of the integrated safety supervision system of the present invention; The invention integrates multiple security "^ joint defense system combined with wireless sensing network implementation on the J diagram. ~ ^ system flow: Figure 4 Figure = invention security monitoring and instant messaging joint prevention method 111314 20 201122895 5 is a flow chart of the process of receiving an external message by the instant messaging agent in the joint prevention method of the security monitoring and the instant communication of the present invention.

1 安全監控即時通訊系統 1, 資安監控即時通訊系統 10 、 10, 即時通訊代理人 101 分析模組 102 接收模組 103 處理板組 104 通報模組 11 事件資料庫 12 聯絡人清單 20 監控人員端 21 即時通訊軟體 30 〜36 無線感測器 40 ' 41 具協調者身份之無線感測器 A〜Μ 即時通訊代理人 Α,〜D, 安全監控中心 S401〜S408 步驟 S501-S511 步驟 X 資安事件 Y 威脅分析結果 1113141 Security monitoring instant messaging system 1, security monitoring instant messaging system 10, 10, instant messaging agent 101 analysis module 102 receiving module 103 processing board group 104 notification module 11 event database 12 contact list 20 monitoring personnel 21 instant messaging software 30 ~ 36 wireless sensor 40 ' 41 wireless sensor A with coordinator identity 即时 instant messaging agent 〜, ~ D, security monitoring center S401 ~ S408 Step S501-S511 Step X 资安事件Y threat analysis result 111314

Claims (1)

201122895 七、申請專利範圍: 1. 一種安全監控即時通訊系統,用於安全監控中心進行事 =監控以及即時通報,該安全監控即時通訊系統 括: 事件資料庫,係用於儲存複數筆事件紀錄; 事件:=Γ代理人’用以依據該事件資料庫所儲料 事件、,己錄處㈣安全監控中㈣_之監控事件;以及 聯絡人清單,係儲存作為聯絡人之監 訊代理人將所―卩時傳送 2,Γ二,圍…之安全監控即時⑽ 理人所處料監㈣訊息係 透過即%通訊軟體傳送至該監控人員。 丨㈣全Μ&㈣軌 (如=#安事件,且料件㈣為資安紀錄: 申-月專利乾圍弟3項之安全監控即時 策。’該資安紀錄係為該資安事件之分析結果及處理對 5.:申請專利範圍第3項之安 中,該即時通訊代理人復包^ 字通“統,其 以分析ίΓ= 用以分析該資安事件之狀態與等級, 刀析出疋否以該事件資料庫 理該資安辜六祕〜 廿旧貝文紀錄來處 資料將該資安i =人清單所::; W314 201122895 . 通報模組 監控人員; 係供該分析模組將該資安事件傳送至該 接收模組’係用於接收該監控人員傳送之指令;以 處理模,.且,係依據該分析模組所分析出的結果,而 決定以該接收模组所接收之監控人貴傳送之指令或該 事件資料庫所财的資安紀錄崎該資安事件的處理。 6·如申請專·圍第5項之安全監控即時通訊系統,其 中:該分析模組係以該資安事件與該資安紀錄的關聯性 進行分析,以在分析出”安事件與該資安紀錄具有關 聯性,則供該處理模組以該事件資料庫所儲存的資安紀 錄來處理該資安事件。 Ό m專利1&圍第丨項之安全監控即時通訊系統,其 中,該監控事件為感測事件。 8. 如申請,利範_ 7項之安全監控即時通訊系統,其 中Λ女王控即日可通訊系統係與無線感測網路連結, 該無線感測網路係由複數個感測器所形成,透過無線技 術將該感測H所擷取之感測數據傳回該安全監控中 心’以作為供該即時通訊代理人處理該安全監控中心所 偵測之感測事件。 9. -種整合多個如申請專利範圍第丨項所述之安全監控 即時通訊系統之聯防系統,該聯防系統係包括: 士杧數個聯防聯絡人清單,係分別位於各該安全監控 Ρ τ通。Κ系統巾,各該聯防聯絡人清單係儲存監控人員 111314 23 201122895 資料以及其它該安全監控即 '‘ ' 理人資料,以供各該安全監控5 =之即時通訊代 聯防聯絡人清單所儲存的監控人==本端的 通訊代理人資料將本端之 ^4或该其它即時 控事件即時傳送至該監控人二=所處理的監 通訊系統。 —一匕的女全監控即時 10.如申請專利範圍第9項之整合多 系統之聯防系統’其中,該本端之即時 關的訊息係透過即時通訊軟體傳送; 該皿U貝或其它的安全監控即 泛至 H.如申請專利範圍第9項之 二 系統之聯防系統,其中,卿;::王&控即時通訊 事件紀錄為f安紀錄。以件騎安事件,且該 12.如申請專利範圍第…員之整合多個安 系統之聯m其中,該與本端 通訊 處理的資安事件有關的訊息係包安二 安處理紀錄。 、文I仟逋報或貧 .如:請專利範圍第n項之整合多個 即時 =防系統’其中,各該安全監控即時通訊之:: 本端事件資料庫之更新。.事件有關的訊息進行 如申請專利範圍第u項之整合 系統之聯防系統,其中,各該安全監控;; 即時通訊代理人復包括: R尔、、先之 111314 24 201122895、、 分析模組,係用以分析該資安事件之狀態與等級, 时析仏否以該事件資料庫所儲存的資安^錄來處 f該資安事件或㈣聯防聯絡人清單所儲存的監控人 員資料或該其它的即時通訊代理人資料將該 進行傳送; 千 通報模組’係供該分析模組將該f安事件 監控人員或該其它即時通訊代理人; 接收模組,係用於接收由該監控人員所傳送之指人 或該其它即時通訊代理人所傳送之與所處 2 件有關的訊息;以及 7貝女事 處理梹組,與依據該分析模組所分析出的結 決定以該接收模組所接收之監控人㈣送之指ς、減 它即時通訊代理人所傳送之與所處理的資安事件有/關 的訊息或本端事件資料庫所儲存的資安紀錄 文事件的處理。 x貪 申請專利範圍第14項之整合多個安全監控即時㈣ 防系統,其中’該分析模組係以該資安事件盘 錄的„性進行分析,以在分析出該資安事件 :亥貝*紀錄具錢聯性,舰該處 料庫所儲存的料域來處㈣料料。事件貪. 16.如申請專利範圍第9項之整合多個安全監 17=m統’其中’該監控事件為感測事件I 第二項:整合多個安全監控即時通訊 '、、·八中,該文全監控即時通訊系統係與 Π1314 25 201122895 無線感測網路連結,該無線感測網路係由複數個感測器 所形成,透過無線技術將該感測器所擷取之感測數據傳 回該安全監控中心,以作為供該即時通訊代理人處理該 安全監控中心所偵測之感測事件。 18. —種安全監控與即時通訊之聯防方法,係用於複數個安 全監控中心間資訊安全及事件追蹤之共同防禦,該安全 監控與即時通訊之聯防方法包括以下步驟: 於各該安全監控中心建立聯防聯絡人清單,各該聯 防聯絡人清單係儲存監控人員資料以及其它該安全監 控中心資料; 令各該安全監控中心對所接收到的監控事件進行 分析,係將該監控事件與所儲存之事件紀錄進行關聯性 分析,以分析出該監控事件是否與該事件紀錄具有關聯 性;以及 於該安全監控中心分析出不具關聯性時,將所分析 的該監控事件封裝成聯防訊息並依據該聯防聯絡人清 單通知該監控人員及該其它安全監控中心。 19. 如申請專利範圍第18項之安全監控與即時通訊之聯防 方法,其中,該監控事件為資安事件,且該事件紀錄為 資安紀錄。 20. 如申請專利範圍第19項之安全監控與即時通訊之聯防 方法,其中,該分析出不具關聯性之安全監控中心以該 聯防訊息更新所儲存的資安紀錄。 ‘ 21. 如申請專利範圍第19項之安全監控與即時通訊之聯防 26 111314 201122895 ,., '· I 、 方法,其中,該聯防訊息係包含資安事件通報或資安處 理紀錄。 22. 如申請專利範圍第19項之安全監控與即時通訊之聯防 方法,其中,該資安事件與所儲存之資安紀錄之關聯性 分析係指該資安紀錄中是否有處理該資安事件之處理 策略。 23. 如申請專利範圍第18項之安全監控與即時通訊之聯防 方法,其中,該安全監控中心係與無線感測網路連結, • 該無線感測網路係由複數個感測器所形成,透過無線技 術將該感測器所擷取之感測數據傳回該安全監控中 心,而該監控事件係為感測事件,以供該安全監控中心 對所接收到的感測事件進行分析。 24. 如申請專利範圍第23項之安全監控與即時通訊之聯防 方法,其中,各該安全監控中心係接收該感測器所傳回 之感測數據,以即時通知該聯防聯絡人清單内之監控人 _ 員及其它安全監控中心。 27 111314201122895 VII. Patent application scope: 1. A security monitoring instant messaging system for security monitoring center to conduct things = monitoring and instant notification. The security monitoring instant messaging system includes: an event database for storing a plurality of event records; Event: = Γ 人 ' 用以 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据― 卩 传送 传送 Γ Γ Γ , , , , , , , , 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10丨 (4) Full Μ & (4) Track (such as = #安安事件, and the material (4) is the security record: The security monitoring and immediate policy of the Shen-month patent cadre 3. 'The security record is for the security incident. The results of the analysis and processing of the 5.. patent application scope of the third paragraph of the security, the instant messaging agent re-packaged ^ word pass "system, which analyzes the value of the status and level of the analysis of the security incident, knife precipitation疋No to use the event database to clarify the information on the six secretaries of the 辜 〜 廿 廿 廿 廿 廿 廿 = = = = = : : : : : : : : : : : : : : : : : : : : : : : : : : : : : Transmitting the security event to the receiving module is for receiving an instruction transmitted by the monitoring personnel; to process the module, and determining, according to the analysis result of the analyzing module, the receiving module The receiving monitor monitors the order of the transmission or the processing of the asset security database. The handling of the security incident is as follows: 6. If you apply for the security monitoring instant messaging system of the fifth item, the analysis module Associated with the security record and the security record An analysis is performed to analyze the "An incident" and the security record, and the processing module processes the security incident with the security record stored in the event database. Ό m Patent 1 & The security monitoring instant messaging system of the project, wherein the monitoring event is a sensing event. 8. If the application is for the security monitoring instant messaging system of the VII, the Queen’s control system and the wireless sensing network The wireless sensing network is formed by a plurality of sensors, and the sensing data captured by the sensing H is transmitted back to the security monitoring center via wireless technology as the instant messaging agent processes the Sensing events detected by the Security Monitoring Center. 9. A joint defense system that integrates multiple security monitoring instant messaging systems as described in the scope of the patent application. The joint defense system includes: The list is located in each of the safety monitoring systems. The system towel, each of the linked contact lists is the storage monitoring personnel 111314 23 201122895 information and other such safety supervision That is, '' 'personal information, for each security monitoring 5 = the monitoring person stored in the instant messaging anti-contact list == the local communication agent information will be the local end ^4 or the other instant control event Transmitted to the supervisor 2 = the supervisory communication system handled. - The full-monitoring of the female monitor. 10. The integrated multi-system joint defense system of claim 9 of the patent scope, wherein the local instant messaging system Transmitting via instant messaging software; the U-bike or other security monitoring is flooded to H. For example, the joint defense system of the ninth system of the patent application scope, wherein: Qing;:: Wang & control instant messaging event record is f An record. In order to ride the security incident, and 12. If the patent application scope is integrated with multiple security systems, the information related to the security incident handled by the local communication is the Baoan Er'an processing record. For example, please refer to the nth item of the patent scope to integrate multiple instants = anti-systems. Among them, each of the security monitoring instant messaging:: The update of the local event database. The information related to the event is carried out as the joint defense system of the integrated system of the scope of patent application No. u, wherein each of the security monitoring;; the instant messaging agent includes: R, first, 111314 24 201122895, analysis module, It is used to analyze the status and level of the security incident, and analyze whether the information stored in the incident database is used to record the information of the monitoring personnel stored in the security incident or (4) the list of joint contact persons or The other instant messaging agent data will be transmitted; the thousand notification module is for the analysis module to monitor the event, or the other instant messaging agent; the receiving module is used to receive the monitoring personnel The transmitted message transmitted by the referring person or the other instant messaging agent is related to the 2 pieces; and the 7-beautiful child handling group, and the receiving module determined according to the analysis module is determined by the receiving module The receiving supervisor (4) sends the fingerprint, reduces the information sent by the instant messaging agent and the information about the security incident handled or the information stored in the local event database. Text processing events. x greedy application for the scope of patents, the integration of multiple security monitoring (4) prevention system, in which the analysis module is analyzed by the sex of the security incident to analyze the security incident: Haibe *The record has money linkage, the ship's storage area is stored in the material bank (4) material. Event greedy. 16. If the scope of application for patent scope 9 is integrated, multiple safety supervisors 17=m system The event is the sensing event I. The second item: Integrating multiple security monitoring instant messaging ', · · Eight, the full monitoring instant messaging system is connected with Π1314 25 201122895 wireless sensing network, the wireless sensing network Formed by a plurality of sensors, the sensory data captured by the sensor is transmitted back to the security monitoring center through wireless technology, as the instant messaging agent processes the sensing detected by the security monitoring center. 18. A joint prevention method for security monitoring and instant messaging is used for the joint defense of information security and event tracking among a plurality of security monitoring centers. The method for preventing security monitoring and instant messaging includes the following steps: Each of the security monitoring centers establishes a list of contact prevention contacts, each of which lists the monitoring personnel data and other information of the security monitoring center; and causes the security monitoring center to analyze the received monitoring events, which is to monitor the monitoring events. The event is correlated with the stored event record to analyze whether the monitoring event is related to the event record; and when the security monitoring center analyzes the non-relevance, the monitored monitoring event is encapsulated into a joint defense The message is notified to the monitoring personnel and the other security monitoring center according to the list of the joint contact person. 19. The method for preventing and controlling security monitoring and instant messaging according to claim 18 of the patent scope, wherein the monitoring event is a security incident, and the The event is recorded as a security record. 20. In the case of the joint application of the security monitoring and instant messaging of claim 19, the analysis of the unrelated security monitoring center updates the stored security records with the joint defense message. ' 21. Security monitoring and instant messaging as claimed in item 19 of the patent application Joint defense 26 111314 201122895 ,., '· I , method, wherein the joint defense information system includes the security incident notification or the security security record. 22. For the joint defense and security communication method of claim 19, The analysis of the correlation between the security incident and the stored security record indicates whether there is a treatment strategy for handling the security incident in the security record. 23. For security monitoring and instant messaging of claim 18 The joint defense method, wherein the security monitoring center is connected to the wireless sensing network, and the wireless sensing network is formed by a plurality of sensors, and the sensing data captured by the sensor is wirelessly The security monitoring center is returned, and the monitoring event is a sensing event for the security monitoring center to analyze the received sensing event. 24. The method for joint prevention of security monitoring and instant messaging in claim 23, wherein each of the security monitoring centers receives the sensing data returned by the sensor to immediately notify the contact list of the contact person Monitor personnel and other security monitoring centers. 27 111314
TW98145736A 2009-12-30 2009-12-30 Security operation and instant messaging system, its union defense system and union defense method. TW201122895A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98145736A TW201122895A (en) 2009-12-30 2009-12-30 Security operation and instant messaging system, its union defense system and union defense method.

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98145736A TW201122895A (en) 2009-12-30 2009-12-30 Security operation and instant messaging system, its union defense system and union defense method.

Publications (1)

Publication Number Publication Date
TW201122895A true TW201122895A (en) 2011-07-01

Family

ID=45046416

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98145736A TW201122895A (en) 2009-12-30 2009-12-30 Security operation and instant messaging system, its union defense system and union defense method.

Country Status (1)

Country Link
TW (1) TW201122895A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI502339B (en) * 2013-01-30 2015-10-01
TWI552006B (en) * 2011-12-16 2016-10-01 國立交通大學 System and method of instant dynamic stratagem
TWI667589B (en) * 2017-09-05 2019-08-01 關貿網路股份有限公司 Guardian security methods, systems, computer program products and computer readable recording media
TWI672604B (en) * 2015-10-19 2019-09-21 日商日本電氣股份有限公司 Information processing apparatus, security measure presentation method, and non-transitory computer readable medium
TWI784327B (en) * 2020-10-16 2022-11-21 臺灣銀行股份有限公司 Mail sending and analysis method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI552006B (en) * 2011-12-16 2016-10-01 國立交通大學 System and method of instant dynamic stratagem
TWI502339B (en) * 2013-01-30 2015-10-01
TWI672604B (en) * 2015-10-19 2019-09-21 日商日本電氣股份有限公司 Information processing apparatus, security measure presentation method, and non-transitory computer readable medium
US10699019B2 (en) 2015-10-19 2020-06-30 Nec Corporation Information processing apparatus, security management system, security measure providing method, security information distribution method, and program
TWI667589B (en) * 2017-09-05 2019-08-01 關貿網路股份有限公司 Guardian security methods, systems, computer program products and computer readable recording media
TWI784327B (en) * 2020-10-16 2022-11-21 臺灣銀行股份有限公司 Mail sending and analysis method

Similar Documents

Publication Publication Date Title
Idrees et al. Blockchain-based digital contact tracing apps for COVID-19 pandemic management: Issues, challenges, solutions, and future directions
Mahbub Progressive researches on IoT security: An exhaustive analysis from the perspective of protocols, vulnerabilities, and preemptive architectonics
CN103370717B (en) Always-available embedded theft reaction subsystem
CN105745869B (en) For regional network/home network security gateway
TW201122895A (en) Security operation and instant messaging system, its union defense system and union defense method.
CN101789948B (en) Hierarchical type mobile internet security monitoring and protecting system
TW201220116A (en) Information security protection host
CN202904839U (en) Intelligent security system based on internet of things
CN102106167A (en) Security message processing
CN102663879A (en) Intelligent security system and intelligent security platform based on internet of things
CN109388963A (en) A kind of mobile terminal user's private data means of defence and device
JP6534585B2 (en) Loss prevention system
CN103988196A (en) Throttling of rogue entities to push notification servers
TWI711319B (en) Block chain-based smart alarm method and device, and electronic equipment
Vegesna Methodology for Mitigating the Security Issues and Challenges in the Internet of Things (IoT) Framework for Enhanced Security
CN110233884A (en) A kind of medical institutions' intelligent access system with two-way calling function
EP2436160A1 (en) Collaborative security system for residential users
Alshareef et al. Using social media and the mobile cloud to enhance emergency and risk management
KR100343045B1 (en) A burglar alarm and method thereof by internet
CN110490007A (en) A kind of Computer Data Security shared platform Internet-based
CN207612279U (en) A kind of food processing factory's network security management system
KR102188982B1 (en) System for providing location based status alarming service
CN106714116A (en) Message processing method and apparatus
Bertone et al. Integrated cyber-physical security approach for healthcare sector
JP2005318037A (en) Unauthorized use monitoring system, unauthorized use monitoring/alarming apparatus, and unauthorized use monitoring method