CN105791264A - Network security pre-warning method - Google Patents
Network security pre-warning method Download PDFInfo
- Publication number
- CN105791264A CN105791264A CN201610010515.9A CN201610010515A CN105791264A CN 105791264 A CN105791264 A CN 105791264A CN 201610010515 A CN201610010515 A CN 201610010515A CN 105791264 A CN105791264 A CN 105791264A
- Authority
- CN
- China
- Prior art keywords
- security incident
- security
- warning method
- correlation rule
- network safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a network security pre-warning method, and belongs to the technical field of power system information security. According to the method, correspondence is carried out on security events and pre-defined association rules according to features of the security events; and the security events are processed by using the corresponding association rules. According to the method provided by the invention, the security events and the association rules are defined; rapid and accurate response can be carried out to the security events; the security events can be automatically and timely processed; the security of the network system can be greatly improved; the information and property security of the user are ensured; and the method has positive social and economic effects.
Description
Technical field
The present invention relates to power system information security technology area, particularly relate to a kind of network safety pre-warning method.
Background technology
Along with developing rapidly of the Internet and reaching its maturity of power industry networking, Internet user's quantity is becoming geometric growth.The colony possessing certain network technology level in user is quickly being formed and is emerging, and therewith, the phenomenon of abuse the Internet also gets more and more, and the destruction and the loss that cause to the Internet strike the eye and rouse the mind.Therefore, internet security problem has seemed more and more prominent.
At present, there is a large amount of security protection program on the market, such as checking and killing virus program, wooden horse killing program, Mail Scanner etc., but, these programs or belong to business secure routine and its principle is not well known, or it is suitable only for PC, say, that currently existing technology there is not yet a kind of network safety pre-warning method suitable in electrical power system network safety.
Summary of the invention
The technical problem to be solved in the present invention is: for above-mentioned the deficiencies in the prior art, a kind of network safety pre-warning method is provided, security incident and correlation rule are defined by the method, quickly and accurately security incident can be made a response, it is easy to automatically and in time processing of security incident, drastically increase the safety of network system, ensure information and the property safety of user.
For solving above-mentioned technical problem, the technical solution used in the present invention is:
A kind of network safety pre-warning method, correlation rule good to security incident and predefined is carried out corresponding according to the feature of security incident by it, and with corresponding correlation rule, security incident is processed.
Specifically, security incident is obtained by protection capacity of safety protection software.
Specifically, the feature of security incident includes security incident time of origin, security incident type, security incident source and security incident credibility.
Specifically, security incident with the corresponding relation of described correlation rule by corresponding table definition.
Specifically, concrete mode security incident processed includes virus killing, installs patch, change password and adjustment authority.
Specifically, correlation rule includes asset association, statistical correlation associates with behavior.
Distinct device type or the different types of unit type of identical device, its system journal rank and configuration mode can be very different, accordingly, it would be desirable to according to the different unit type of different device types or identical device type, adopt different acquisition modes to carry out collection and the arrangement of daily record.
The security incident collected is corresponded to concrete association analysis method, and corresponding relation is as shown in table 1 below:
Table 1.
In table 1, which kind of association analysis method security incident corresponds specifically to draws according to table 2 below, and wherein event feature is summed up out from security incident feature with paying close attention to:
| Event origin | Event feature | Pay close attention to | Recommend correlating method |
| IDS, IPS event | Event number is big, with a low credibility | The attack of source Intranet resource | Asset association |
| Anti-virus, Firewall Events | Event number is big, with a high credibility, it is controlled to threaten | The sudden change of distributed number | Statistical correlation |
| Audit log | Event number is big, with a high credibility | Other event with questionable conduct same periods, biconditional operation | Behavior associates |
Table 2.
Every correlation rule is respectively provided with some attributes, and these attributes include but not limited to following entry:
1) correlation rule title: being briefly described correlation rule;
2) correlation rule content: the correlation rule write according to correlation rule grammer;
3) title of correlating event: the title of the correlating event generated after meeting correlation rule;
4) correlating event rank: the rank of the correlating event generated after meeting correlation rule;
5) correlating event set-up mode: the correlating event generated after meeting correlation rule can set a property according to Article 1 correlating event, it is also possible to sets a property according to the last item correlating event.
So, suspicious security activity scene (a series of security incident sequences of such as certain potential security attack behavior) just can be pre-defined by the inventive method, so that security system utilizes the correlation rule that defines that the security incident collected is checked, it is determined that this event whether with specific rule match.
Adopt and have the beneficial effects that produced by technique scheme: security incident and correlation rule are defined by the inventive method, quickly and accurately security incident can be made a response, it is easy to automatically and in time processing of security incident, drastically increase the safety of network system, ensure information and the property safety of user, there is positive society, economic effect.
Detailed description of the invention
Below in conjunction with detailed description of the invention, the present invention is further detailed explanation.
Embodiment one:
A kind of network safety pre-warning method, correlation rule good to security incident and predefined is carried out corresponding by its corresponding relation according to table 1, and with corresponding correlation rule, security incident is processed;Wherein, security incident is obtained by protection capacity of safety protection software, and the feature of security incident includes security incident time of origin, security incident type, security incident source and security incident credibility, and correlation rule includes property association, statistical correlation associates with behavior.
Passing through correlation rule, it can be deduced that the processing scheme to security incident, such as virus killing, installation patch, change password or adjustment authority, these operations can be automatically performed, it is also possible to manually completes, thus providing safety guarantee to information system.
It is pointed out that above detailed description of the invention is the specific case of this patent implementation, it does not have be also impossible to cover all implementations of this patent, therefore can not regard as the restriction to this patent protection domain;Every and above case belongs to the implementation of same idea, all within the protection domain of this patent.
Claims (6)
1. a network safety pre-warning method, it is characterised in that: according to the feature of security incident, correlation rule good to security incident and predefined is carried out corresponding, and with corresponding correlation rule, security incident is processed.
2. network safety pre-warning method according to claim 1, it is characterised in that: described security incident is obtained by protection capacity of safety protection software.
3. network safety pre-warning method according to claim 1, it is characterised in that: the feature of described security incident includes security incident time of origin, security incident type, security incident source and security incident credibility.
4. network safety pre-warning method according to claim 1, it is characterised in that: described security incident with the corresponding relation of described correlation rule by corresponding table definition.
5. network safety pre-warning method according to claim 1, it is characterised in that: the described concrete mode that security incident is processed includes virus killing, installs patch, change password and adjustment authority.
6. network safety pre-warning method according to claim 1, it is characterised in that: described correlation rule includes asset association, statistical correlation associates with behavior.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610010515.9A CN105791264A (en) | 2016-01-08 | 2016-01-08 | Network security pre-warning method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610010515.9A CN105791264A (en) | 2016-01-08 | 2016-01-08 | Network security pre-warning method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105791264A true CN105791264A (en) | 2016-07-20 |
Family
ID=56402206
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610010515.9A Pending CN105791264A (en) | 2016-01-08 | 2016-01-08 | Network security pre-warning method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105791264A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109005168A (en) * | 2018-07-25 | 2018-12-14 | 安徽三实信息技术服务有限公司 | A kind of network security warning system and method for early warning |
| CN113037774A (en) * | 2021-03-31 | 2021-06-25 | 新华三信息安全技术有限公司 | Security management method, device, equipment and machine readable storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1705262A (en) * | 2004-05-27 | 2005-12-07 | 华为技术有限公司 | Network security protecting system and method |
| US20090106843A1 (en) * | 2007-10-18 | 2009-04-23 | Pil-Yong Kang | Security risk evaluation method for effective threat management |
| CN102571469A (en) * | 2010-12-23 | 2012-07-11 | 北京启明星辰信息技术股份有限公司 | Attack detecting method and device |
| CN103312679A (en) * | 2012-03-15 | 2013-09-18 | 北京启明星辰信息技术股份有限公司 | APT (advanced persistent threat) detection method and system |
| CN104426840A (en) * | 2013-08-21 | 2015-03-18 | 国家计算机网络与信息安全管理中心江苏分中心 | Active threat detection system |
| CN104852816A (en) * | 2015-04-22 | 2015-08-19 | 国网四川省电力公司电力科学研究院 | Intrusion detection system (IDS) intelligent warning method |
| CN105045100A (en) * | 2015-06-08 | 2015-11-11 | 浪潮电子信息产业股份有限公司 | Intelligent operation and maintenance monitoring platform for managing by utilizing mass data |
| US20150381637A1 (en) * | 2010-07-21 | 2015-12-31 | Seculert Ltd. | System and methods for malware detection using log based crowdsourcing analysis |
-
2016
- 2016-01-08 CN CN201610010515.9A patent/CN105791264A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1705262A (en) * | 2004-05-27 | 2005-12-07 | 华为技术有限公司 | Network security protecting system and method |
| US20090106843A1 (en) * | 2007-10-18 | 2009-04-23 | Pil-Yong Kang | Security risk evaluation method for effective threat management |
| US20150381637A1 (en) * | 2010-07-21 | 2015-12-31 | Seculert Ltd. | System and methods for malware detection using log based crowdsourcing analysis |
| CN102571469A (en) * | 2010-12-23 | 2012-07-11 | 北京启明星辰信息技术股份有限公司 | Attack detecting method and device |
| CN103312679A (en) * | 2012-03-15 | 2013-09-18 | 北京启明星辰信息技术股份有限公司 | APT (advanced persistent threat) detection method and system |
| CN104426840A (en) * | 2013-08-21 | 2015-03-18 | 国家计算机网络与信息安全管理中心江苏分中心 | Active threat detection system |
| CN104852816A (en) * | 2015-04-22 | 2015-08-19 | 国网四川省电力公司电力科学研究院 | Intrusion detection system (IDS) intelligent warning method |
| CN105045100A (en) * | 2015-06-08 | 2015-11-11 | 浪潮电子信息产业股份有限公司 | Intelligent operation and maintenance monitoring platform for managing by utilizing mass data |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109005168A (en) * | 2018-07-25 | 2018-12-14 | 安徽三实信息技术服务有限公司 | A kind of network security warning system and method for early warning |
| CN113037774A (en) * | 2021-03-31 | 2021-06-25 | 新华三信息安全技术有限公司 | Security management method, device, equipment and machine readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107579956B (en) | User behavior detection method and device | |
| Chae et al. | Feature selection for intrusion detection using NSL-KDD | |
| Price et al. | Can limiting similarity increase invasion resistance? A meta‐analysis of experimental studies | |
| Stringhini et al. | Follow the green: growth and dynamics in twitter follower markets | |
| CN106953832B (en) | Method and system for processing online game suspicious account | |
| CN107046543A (en) | A kind of threat intelligence analysis system traced to the source towards attack | |
| CN110691080B (en) | Automatic tracing method, device, equipment and medium | |
| CN110519150B (en) | Mail detection method, device, equipment, system and computer readable storage medium | |
| CN107612924A (en) | Attacker's localization method and device based on wireless network invasion | |
| Madahali et al. | Application of the Benford’s law to Social bots and Information Operations activities | |
| CN108629201A (en) | A method of database illegal operation is blocked | |
| Câmara et al. | Anthropogenic disturbance and rainfall variation threaten the stability of plant–ant interactions in the Brazilian Caatinga | |
| CN102799834A (en) | System-asset-based software security requirement analysis method | |
| CN103312887A (en) | Mobile phone application tampering recognition system, method and device | |
| CN107566401A (en) | The means of defence and device of virtualized environment | |
| Jaeger et al. | Gathering and analyzing identity leaks for security awareness | |
| CN105791264A (en) | Network security pre-warning method | |
| CN111159702B (en) | Process list generation method and device | |
| CN110378115B (en) | Data layer system of information security attack and defense platform | |
| Tománková et al. | Assessing the extent to which temporal changes in waterbird community composition are driven by either local, regional or global factors | |
| CN107451469A (en) | A kind of process management system and method | |
| CN107294971A (en) | The Threat sort method in server attack source | |
| Zawoad et al. | Phish-net: investigating phish clusters using drop email addresses | |
| Gillani et al. | Economic metric to improve spam detectors | |
| Sun et al. | Automated 3D reconstruction of tree-like structures from two orthogonal views |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160720 |
|
| RJ01 | Rejection of invention patent application after publication |