CN106778253A - Threat context aware information security Initiative Defense model based on big data - Google Patents
Threat context aware information security Initiative Defense model based on big data Download PDFInfo
- Publication number
- CN106778253A CN106778253A CN201611045333.1A CN201611045333A CN106778253A CN 106778253 A CN106778253 A CN 106778253A CN 201611045333 A CN201611045333 A CN 201611045333A CN 106778253 A CN106778253 A CN 106778253A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- threat
- big data
- big
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of threat context aware information security Initiative Defense model based on big data, it is related to technical field of data processing.Basic data acquisition system described in model is used to gather asset data and demographic data and for the defence model provides degree of protection and threat event;Data capture engine system is used to carry out concentration running state monitoring to various equipment;Big data secure configuration management platform is used to receive the data of basic data acquisition system and data capture engine system acquisition;Big data analysis system, is processed and is analyzed for the data to big data secure configuration management platform monitoring, and threat situation is perceived;Data visualization display module, for carrying out visualization processing to the threat for perceiving.Big data computational methods and context aware method are blended as the Analysis of Policy Making of network security manager provides foundation by the model, the risk and loss that unsafe factor is brought are preferably minimized.
Description
Technical field
The present invention relates to technical field of data processing, more particularly to a kind of threat context aware information peace based on big data
Full Initiative Defense model.
Background technology
In face of increasingly serious domestic and international security situation and the information security issue of development of making rapid progress, including power information
Security system is faced with various new threats in interior various security systems.It is conventional with continuing to develop for cyber-attack techniques
Attack constantly development, the new attack such as senior constant threat is continued to bring out, possess attack more rapidly, means are more professional, process more
Hide, the characteristics of technology is more complicated, the crucial control products application business of the industrial control system headed by power industry is in safety system
Thrown away on degree and there is serious loophole, its chilly to the person, assets, environment even national security is well imagined.
The content of the invention
The technical problems to be solved by the invention are to provide a kind of threat context aware information security master based on big data
Dynamic defence model, it is network security manager's to be blended big data computational methods and context aware method by the model
Analysis of Policy Making provides foundation, and the risk and loss that unsafe factor is brought are preferably minimized.
In order to solve the above technical problems, the technical solution used in the present invention is:A kind of threat scene based on big data
The safe Initiative Defense model of perception information, it is characterised in that:Including basic data acquisition system, data capture engine system, big
Data safety configuration management platform, big data analysis system and data visualization display module, the basic data acquisition system
Unite for gathering asset data and demographic data and defending model to provide degree of protection and threat event for described;The data
Acquisition engine system is used to carry out various equipment concentration running state monitoring, and start-stop, acquisition strategies management;The big number
It is used to receiving the data of basic data acquisition system and data capture engine system acquisition according to secure configuration management platform, and according to
The data of collection carry out performance and running state monitoring to all of equipment;Big data analysis system, for big data safety
The data of configuration management platform monitoring are processed and analyzed, and threat situation is perceived;Data visualization display module, uses
Visualization processing is carried out in the threat to perceiving.
Further technical scheme is:The basic data acquisition system includes information system degree of protection module, money
Data acquisition module, demographic data's acquisition module and event library module are produced, described information systematic protection grade module is used to set
Put the degree of protection of the defence model;The asset data acquisition module is used to gather the various data related to assets;Institute
State demographic data's acquisition module for gather various data related to personnel;The event library module, for being the defence
Model provides the concrete form of threat event.
Further technical scheme is:The data capture engine system includes safety means data acquisition module, net
Network device data acquisition module, host server data acquisition module, threat detection equipment safety guard process data acquisition module
Block, IDS and leak security protection routine data acquisition module, the safety means data acquisition module are used for collection and are set with safety
Standby related various data;The network equipment data acquisition module is used to gather the various data related to the network equipment;It is main
Machine server data acquisition module is used to gather the various data related to host server;The threat detection equipment safety is prevented
Shield routine data acquisition module is used to gather the various data related to threat detection equipment safety guard process;The IDS and
Leak security protection routine data acquisition module is used to gather the various data related to IDS and leak security protection program.
Further technical scheme is:Big data secure configuration management platform includes data acquisition module, uniform format
Module, log analysis module, inquiry and searching statistical module, data interface module and third party's interface module, the data
Acquisition module is used to gather the data that the basic data acquisition system and the transmission of data capture engine system come;Uniform format
Module is used to be processed the data of collection, the data of collection is saved as unified specified format;Log analysis module is used
Log analysis are carried out in the data to gathering;Inquiry with searching statistical module be used for gather data carry out narration interspersed with flashbacks, statistics and
Search;Data interface module is used to be provided and connecing that big data secure configuration management platform is interacted for other modules or system
Mouthful;Third party's interface is used to carry out data interaction with the defence model for the system or module outside the defence model are provided
Interface.
Further technical scheme is:The big data analysis system includes big data storage enquiry module, line safely
Rope and association analysis module, algorithm and machine learning module, Situation Awareness module, network safety situation prediction and warning module, fortune
Dimension supporting module, abnormal behaviour and unknown threat analysis module and real-time retrieval module.
Further technical scheme is:The big data safely storage enquiry module using distributed storage architecture and
The full-text search engine of distributed multi-user ability, based on RESTful web interfaces.
Further technical scheme is:Abnormal behaviour is used for by logical based on SPARK with unknown threat analysis module
Association analysis, baseline analysis, Data Modeling Method are utilized with enforcement engine, security exception behavior and unknown threat analysis is carried out.
Further technical scheme is:The network safety situation prediction and warning module is used for according to corresponding event base
Network security situation awareness, analysis and early warning are carried out, described event base includes security threat event base, major safety risks
Storehouse, wooden horse Sample Storehouse, network foundation resources bank, networking important system and emphasis website storehouse and network security circular storehouse.
Further technical scheme is:The O&M supporting module includes data resource library management and maintenance module, number
Mould is dispatched according to resource access authorization module, data inquiry module, data resource dispatch interface module and distributed data resources
Block, platform management and O&M user provide management service service based on the data resource library management and maintenance module are used for,
Imported and exported including various management user data resource managements, batch data, automatically updating data, data backup/restoration interface,
Data automatic conversion;
The data resource access authorization module is used to be accessed with the mandate of data for all users are managed, including platform is used
Family management, the setting of platform management priority assignation, data access patterns, platform data access mandate etc., to ensure that data resource makes
Security;Data resource access entitlement management module allows data resource management user to be based on the identity of data call person,
To data access profile, access time, data traffic, etc. carry out authority setting and management, the scope of authority and can be regarded with data-oriented
Figure, particular data record, one or more databases;The data inquiry module is used to realize common denominator data inquiry application clothes
Business, provides the user the data query functional form services such as data search, the data Advanced Search of interactive mode;Data resource scheduling connects
Mouth mold block is used to provide automatic data-interface for circular early warning upper layer application, completes data resource and calls setting, data call
Authority checking, data call and call audit;The distributed data resources scheduler module is used to provide the user efficiently
Distributed scheduling engine.
Further technical scheme is:The real-time retrieval module is used for by real-time search method to all storages
Massive logs information is indexed, there is provided the similar any keyword of basis of search engine navigates to the energy of all relevant informations
Power;Real-time retrieval module backstage is carried out using the Elasticsearch based on Lucene, is carried out immediately in data loading
Participle and inverted index.
It is using the beneficial effect produced by above-mentioned technical proposal:The model is by big data computational methods and context aware
Computational methods are merged, and are network security manager by the security context situation of all retrievable information real-time assessment networks
Analysis of Policy Making foundation is provided, the risk and loss that unsafe factor is brought be preferably minimized.The model is improving the prison of network
The aspects such as the development trend of control ability, emergency response capability and prediction network security all have great importance, and are electric power, communication
Powerful guarantee is provided etc. the information security of system, with good application effect.
Brief description of the drawings
Fig. 1 is the theory diagram of model described in the embodiment of the present invention;
Fig. 2 is the theory diagram of data capture engine system described in the embodiment of the present invention;
Fig. 3 is the theory diagram of the platform of big data secure configuration management described in the embodiment of the present invention;
Fig. 4 is the theory diagram of abnormal behaviour described in the embodiment of the present invention and unknown threat analysis module.
Specific embodiment
With reference to the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground description, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
Many details are elaborated in the following description in order to fully understand the present invention, but the present invention can be with
Other manner described here is different from using other to implement, those skilled in the art can be without prejudice to intension of the present invention
In the case of do similar popularization, therefore the present invention is not limited by following public specific embodiment.
As shown in figure 1, the embodiment of the invention discloses a kind of threat context aware information security based on big data actively
Defence model, including basic data acquisition system, data capture engine system, big data secure configuration management platform, big data
Analysis system and data visualization display module.The basic data acquisition system is used to gather asset data and demographic data
And for the defence model provides degree of protection and threatens event;The data capture engine system is used to enter various equipment
Row concentrates running state monitoring, and start-stop, acquisition strategies management;The big data secure configuration management platform is used to receive base
The data of plinth data collecting system and data capture engine system acquisition, and according to the data for gathering to all of equipment progressive
Energy and running state monitoring;Big data analysis system, at the data to big data secure configuration management platform monitoring
Reason and analysis, perceive to threat situation;Data visualization display module, for being carried out at visualization to the threat for perceiving
Reason.
As shown in figure 1, the basic data acquisition system includes information system degree of protection module, asset data collection mould
Block, demographic data's acquisition module and event library module, described information systematic protection grade module are used to set the defence mould
The degree of protection of type;The asset data acquisition module is used to gather the various data related to assets;The demographic data adopts
Collection module is used to gather the various data related to personnel;The event library module, for providing threat for the defence model
The concrete form of event.
Asset data includes:
Personal information includes:
Overall, as shown in Fig. 2 Distributed Architecture of the data capture engine system acquisition cluster using Master/Worker,
The responsibility of Master is responsible for assigning instruction to Worker, while Master supports the high availability of Active/Standby;
Worker is actual acquisition working node, is made up of multiple Worker.By deployment information Safety Analysis System, using Syslog
Mode acquisition operations system, the daily record using, network and safety means/software.SNMP, script, data base view are supported simultaneously,
The multiple application log collection mode of FTP, JDBC.Data acquisition unit supports that cluster is concurrently gathered, and user can customize multiple collections
Task is carried out simultaneously, improves collecting efficiency;The increment data capturing ability based on daily record is supported, monitoring system increases daily record newly, right
Newly-increased daily record Real-time Collection.Data acquisition unit can Centralized Monitoring running status, can concentrate carry out start-stop, acquisition strategies etc. manage.
Specifically, as shown in figure 1, the data capture engine system includes that safety means data acquisition module, network set
Standby data acquisition module, host server data acquisition module, threat detection equipment safety guard process data acquisition module,
IDS and leak security protection routine data acquisition module, the safety means data acquisition module are used to gather and safety means
Related various data;The network equipment data acquisition module is used to gather the various data related to the network equipment;Main frame
Server data acquisition module is used to gather the various data related to host server;The threat detection equipment safety protection
Routine data acquisition module is used to gather the various data related to threat detection equipment safety guard process;The IDS and leakage
Hole security protection routine data acquisition module is used to gather the various data related to IDS and leak security protection program.
As shown in figure 3, big data secure configuration management platform can carry out performance and running status to all agent and component
Monitoring, can immediately monitoring platform various states in itself, support such as daily record reception state, daily record amount, systematicness in the unit interval
Energy pressure, memory space usage amount can be monitored to system storage and computing resource.By setting threshold value early warning system performance
Bottleneck, for dilatation provides early warning and foundation.
Big data secure configuration management platform includes data acquisition module, uniform format module, log analysis module, inquiry
With searching statistical module, data interface module and third party's interface module, the data acquisition module is for gathering the base
The data that plinth data collecting system and the transmission of data capture engine system come;Uniform format module is used to enter the data of collection
Row treatment, makes the data of collection save as unified specified format;Log analysis module is used to carry out daily record to the data for gathering
Analysis;Inquiry is used to carry out the data for gathering narration interspersed with flashbacks, statistics and searches for searching statistical module;Data interface module is used for
Other modules or system provide the interface interacted with big data secure configuration management platform;It is described that third party's interface is used for
System or module outside defence model provide the interface that data interaction is carried out with the defence model.
Data storage access is the multi-source data unity component of big data secure configuration management platform, integrates traffic security thing
Part, non-flow platform access data, internet threat data etc., and major function includes:
Data prediction:Data prediction multi-source data is normalized, and forms unification, standard, standardization data form,
By data scrubbing, data integration, hough transformation and data conversion link, being obtained by the treatment of four processes can be with for processing procedure
For the various situation security factors that Study on Trend is used, it is easy to automation, quick, the efficient situation that carries out to excavate pre- with prediction
It is alert.The follow-up data mining of platform provides the data basis of standardization with analysis based on data shaping.
Data integration is on mathematical logic by separate sources and form or physically carries out integrated process.Data filtering
Primarily directed to the situation that the data collected relatively mix, data are cleaned according to the rule of predefined, filtered out not
The data of needs.The stipulations that data regularization technology can be used to the data set that will be obtained are represented, effectively to save data storage
Space, reduces the use of data processing resources.Will be from data cube, data attribute, dimension, numerical value, concept in the project implementation
Level angularly to set out and carry out stipulations treatment to data.Data conversion is mainly become the isomeric data of the magnanimity of collection
Change, so that it becomes a kind of form for being suitable for follow-up data mining analysis.
Data are classified:Data classification is the basis for providing a user with data, services, presence and difference because of mass data
The difference of user data demand is, it is necessary to be also different to the data set that each class user provides.Data are classified first to data
Enter row label, be beneficial to the classification of data;Then data sample training classification is carried out, by being each classification hand picking sample
This, the automatic learning sample feature of machine is classified to new data according to sample characteristics;Finally carry out rule match classification,
As each classification sets keyword expression, is classified according to the accurate expression formula for setting.
Data storage:After the completion of data classification, stored respectively according to different classifications, so as to the inquiry of different user
Use.
As shown in figure 1, the big data analysis system includes big data storage enquiry module, clue and association analysis safely
It is module, algorithm and machine learning module, Situation Awareness module, network safety situation prediction and warning module, O&M supporting module, different
Chang Hangwei and unknown threat analysis module and real-time retrieval module.
Network safety situation prediction and warning module:
Tendency Prediction early warning needs the resources bank to need the support of mass efficient data, therefore circular warning data resource must be according to situation
Analysis needs constantly to be built with early warning.
1)Security threat event base
Security incident storehouse according to《Information security technology information security events classification classification guide》It is fixed in (GB/Z 20986-2007)
The event category of justice is stored by all kinds of public network security incidents of data prediction.
2)Major safety risks storehouse
Disparate networks safety loophole information, major safety risks of networked system that major safety risks library storage is collected into etc. are believed
Breath.
3)Wooden horse Sample Storehouse
Wooden horse Sample Storehouse stores the cryptographic Hash (MD5) of representational wooden horse sample and sample file.
4)Network foundation resources bank
Network foundation resource library storage accumulates the Internet basic resource information to be formed, such as IP address level location information, IDC computer rooms
Information, Access Service Provider's information, website record information, domain-name information etc..
5)Networking important system and emphasis website storehouse
The important system and emphasis site information of the local current networking of storage.
6)Network security circulates a notice of storehouse(Service resources storehouse)
Mainly should be including suspected attacker, key unit's information bank, circular storehouse etc..Suspected attacker storehouse source should include:Case,
Customer analysis result;Key unit's information bank includes the IP and port information of key unit;Circular storehouse include prominent event notification,
Special project circular, comprehensive circular, special object safety message and Notification Office confidence breath etc..
O&M supporting module
O&M supporting module is responsible for collection, management, pretreatment and the classification work that security postures are perceived and circulate a notice of warning data,
And data supporting service is provided towards circular early warning application system in the Data Collection fundamentals of management, major function includes:
1)Data resource library management and maintenance
Platform management and O&M user provide management service service, including various management user data based on data management maintenance
Resource management, batch data are imported and exported, automatically updating data, data backup/restoration interface, data automatic conversion etc..
2)Data resource access mandate
The all users of platform are managed and are accessed with the mandate of data based on data resource access mandate, are mainly used including platform
Family management, the setting of platform management priority assignation, data access patterns, platform data access mandate etc., to ensure that data resource makes
Security.Data resource access empowerment management then allows data resource management user to be based on the identity of data call person, right
Data access scope, access time, data traffic, etc. carry out authority setting and management, the scope of authority can with data-oriented view,
Particular data record, one or more databases.
3)Data query
Data query service refers to that common denominator data inquires about application service, and data search, the data for providing the user interactive mode high are senior
The service of the data query functional forms such as search, is easy to user that the data of suitable itself needs are found in the range of basic platform.
Data extract the derivation service that certain data are provided with platform user based on the service of deriving, and are demand customization sum
It is investigated that the service of asking provides support.
4)Data resource calling interface
Data resource calling interface for circular early warning upper layer application automatic data-interface is provided, by data resource call setting,
Data call authority checking, data call, call audit etc. function constitute.
5)Distributed data resources are dispatched
Distributed data resources management and dispatching then provides efficient distributed scheduling engine for data management with use, so as to resource
Database all types of user can be rapidly and efficiently use related Data Services.To ensure the stability at data, services ends, resource
Service efficiency, while taking into account user security demand, data resource scheduling engine uses the capacity resource dispatching algorithm of Hadoop, root
Resource is allocated and dispatched according to the difference of user role.
Big data stores safely enquiry module
Data storage uses distributed storage architecture, using the full-text search engine of distributed multi-user ability, based on RESTful
Web interface.The storage platform that this project is selected is developed with Java language, can reach search in real time, stabilization, it is reliable, quick,
It is easy to install.
The storage of big data Security Information Analysis system data need to use big data distributed storage architecture, take into full account height
The factors such as Heuristic Design, memory data output size, searching analysis efficiency, cost input.According to the application characteristic of this project, from
From the aspect of searching analysis efficiency and memory data output, system uses ElasticSearch technologies, using distributed file system
Realize the longer-term storage to magnanimity foundation for security information, there is provided structuring, the unified storage of semi-structured and unstructured data
Ability.30-300TB history logs full dose storage analysis ability can be provided.
The advantage of the technology is:With enterprise-level distributed file system, with high scalability;Structuring and non-structural
Change comprehensive support of data storage;The data storage of NoSQL/ non-relationals is supported;Parallel computation can support task scheduling control
Function processed, supports the ability of automatic distribution resource;In the case where a node is damaged, result of calculation is constant;Using without shared
Distributed storage and Distributed Parallel Computing framework.Massive structured data, semi-structured data are stored, is managed, entirely
Text search, complicated analysis;The data structure of support:Numeric type, character type, date type, binary type;Support ultra-large document
Storage, there is provided data cutting;The migration and backup for supporting legacy data safety quick;Data redundancy copy mechanism is provided, can be with
Dynamic sets copy amount, there is provided the high-throughput of inquiry.
Real-time retrieval module:
Big data Security Information Analysis system can carry out rope by real-time retrieval technology to the massive logs information of all storages
Draw, there is provided the similar any keyword of basis of search engine navigates to the ability of all relevant informations;Real-time retrieval backstage uses
Elasticsearch based on Lucene is carried out, and carries out participle and inverted index, therefore search immediately in data loading
Performance is up to second level.
Abnormal behaviour and unknown threat analysis module
As shown in figure 4, by the general enforcement engine based on SPARK using skills such as association analysis, baseline analysis, data modeling
Art, so as to carry out security exception behavior and unknown threat analysis, for example:Generation people or the time temperature figure of assets certain behaviors,
And normal behaviour baseline.By the machine learning algorithm for clustering, abnormal lonely class or group can be found, and set up model.Not
Know that threat can be matched by model.By machine learning, realize that big data analysis platform can set up specific Cyberthreat
Analysis model, attacking the APT in network for timing is tested and analyzed, such as Botnet, low-velocity scanning, malice URL analyses
Deng.Analysis process includes:User Defined needs server and the cycle of analysis;Using Multivariate Time Series clustering algorithm,
Source IP is aggregated into multiclass by the communication behavior of destination interface and purpose IP, class without exception is filtered;Visualized on one figure every
The daily situation of change of class, user can be pin-pointed to specific IP, destination interface, time.
The model is that the big data of a set of specialty threatens context aware defence model, and it has filled up service layer security risk
Identification and the blank of context aware;The information security Initiative Defense model information security management and O&M aspect can realize with
Lower two aspects:
For information security management aspect:It is easy to safety management layer to understand overall actual time safety situation;It is easy to safety management layer to slap
Hold Security incident handling progress;Specify next step security hardening emphasis;Person works' examination reference.
For information safety operation and maintenance aspect:The security incident in network and system and hidden danger are found in real time;Quick positioning hair
Existing event source and early warning treatment event;Timely investigation and evidence collection after security incident generation;Improve information security events O&M
The efficiency of management.
Claims (10)
1. a kind of threat context aware information security Initiative Defense model based on big data, it is characterised in that:Including basic number
According to acquisition system, data capture engine system, big data secure configuration management platform, big data analysis system and data visualization
Change display module, the basic data acquisition system is used to gather asset data and demographic data and for the defence model is provided
Degree of protection and threat event;The data capture engine system is used to carry out concentration running state monitoring to various equipment,
And start-stop, acquisition strategies management;The big data secure configuration management platform is used to receive basic data acquisition system sum
According to the data of acquisition engine system acquisition, and performance and running state monitoring are carried out to all of equipment according to the data of collection;
Big data analysis system, is processed and is analyzed for the data to big data secure configuration management platform monitoring, to threatening feelings
Condition is perceived;Data visualization display module, for carrying out visualization processing to the threat for perceiving.
2. the threat context aware information security Initiative Defense model of big data is based on as claimed in claim 1, and its feature exists
In:The basic data acquisition system includes information system degree of protection module, asset data acquisition module, demographic data's collection
Module and event library module, described information systematic protection grade module are used to set the degree of protection of the defence model;Institute
State asset data acquisition module for gather various data related to assets;Demographic data's acquisition module be used for gather with
The related various data of personnel;The event library module, the concrete form for providing threat event for the defence model.
3. the threat context aware information security Initiative Defense model of big data is based on as claimed in claim 1, and its feature exists
In:
The data capture engine system includes safety means data acquisition module, network equipment data acquisition module, main frame clothes
Business device data acquisition module, threat detection equipment safety guard process data acquisition module, IDS and leak security protection program number
According to acquisition module, the safety means data acquisition module is used to gather the various data related to safety means;The network
Device data acquisition module is used to gather the various data related to the network equipment;Host server data acquisition module is used to adopt
The collection various data related to host server;The threat detection equipment safety guard process data acquisition module is used to gather
The various data related to threat detection equipment safety guard process;The IDS and leak security protection routine data collection mould
Block is used to gather the various data related to IDS and leak security protection program.
4. the threat context aware information security Initiative Defense model of big data is based on as claimed in claim 1, and its feature exists
In:Big data secure configuration management platform includes data acquisition module, uniform format module, log analysis module, inquires about and search
Rope statistical module, data interface module and third party's interface module, the data acquisition module are used to gather the basic number
According to the data that acquisition system and the transmission of data capture engine system come;Uniform format module is used at the data of collection
Reason, makes the data of collection save as unified specified format;Log analysis module is used to carry out log analysis to the data for gathering;
Inquiry is used to carry out the data for gathering narration interspersed with flashbacks, statistics and searches for searching statistical module;Data interface module is used to be other
Module or system provide the interface interacted with big data secure configuration management platform;Third party's interface is used to be the defence
System or module outside model provide the interface that data interaction is carried out with the defence model.
5. the threat context aware information security Initiative Defense model of big data is based on as claimed in claim 1, and its feature exists
In:The big data analysis system includes big data storage enquiry module, clue and association analysis module, algorithm and machine safely
Study module, Situation Awareness module, network safety situation prediction and warning module, O&M supporting module, abnormal behaviour and unknown prestige
The side of body analysis module and real-time retrieval module.
6. the threat context aware information security Initiative Defense model of big data is based on as claimed in claim 5, and its feature exists
In:The big data stores safely full-text search of the enquiry module using distributed storage architecture and distributed multi-user ability
Engine, based on RESTful web interfaces.
7. the threat context aware information security Initiative Defense model of big data is based on as claimed in claim 5, and its feature exists
In:Abnormal behaviour is used to utilize association analysis, baseline by the general enforcement engine based on SPARK with unknown threat analysis module
Analysis, Data Modeling Method, carry out security exception behavior and unknown threat analysis.
8. the threat context aware information security Initiative Defense model of big data is based on as claimed in claim 5, and its feature exists
In:The network safety situation prediction and warning module is used to carry out network security situation awareness, analysis according to corresponding event base
With early warning, described event base includes security threat event base, major safety risks storehouse, wooden horse Sample Storehouse, network foundation resource
Storehouse, networking important system and emphasis website storehouse and network security circular storehouse.
9. the threat context aware information security Initiative Defense model of big data is based on as claimed in claim 5, and its feature exists
In:The O&M supporting module includes data resource library management and maintenance module, data resource access authorization module, data query
Module, data resource dispatch interface module and distributed data resources scheduler module, the data resource library management and maintenance
Platform management and O&M user provide management service service, including various management user data resource pipes based on module is used for
Reason, batch data import and export, automatically updating data, data backup/restoration interface, data automatic conversion;
The data resource access authorization module is used to be accessed with the mandate of data for all users are managed, including platform is used
Family management, the setting of platform management priority assignation, data access patterns, platform data access mandate etc., to ensure that data resource makes
Security;Data resource access entitlement management module allows data resource management user to be based on the identity of data call person,
To data access profile, access time, data traffic, etc. carry out authority setting and management, the scope of authority and can be regarded with data-oriented
Figure, particular data record, one or more databases;The data inquiry module is used to realize common denominator data inquiry application clothes
Business, provides the user the data query functional form services such as data search, the data Advanced Search of interactive mode;Data resource scheduling connects
Mouth mold block is used to provide automatic data-interface for circular early warning upper layer application, completes data resource and calls setting, data call
Authority checking, data call and call audit;The distributed data resources scheduler module is used to provide the user efficiently
Distributed scheduling engine.
10. the threat context aware information security Initiative Defense model of big data is based on as claimed in claim 5, and its feature exists
In:The real-time retrieval module is used to be indexed the massive logs information of all storages by real-time search method, there is provided
The similar any keyword of basis of search engine navigates to the ability of all relevant informations;Real-time retrieval module backstage is using being based on
The Elasticsearch of Lucene is carried out, and carries out participle and inverted index immediately in data loading.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611045333.1A CN106778253A (en) | 2016-11-24 | 2016-11-24 | Threat context aware information security Initiative Defense model based on big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611045333.1A CN106778253A (en) | 2016-11-24 | 2016-11-24 | Threat context aware information security Initiative Defense model based on big data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106778253A true CN106778253A (en) | 2017-05-31 |
Family
ID=58975290
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611045333.1A Pending CN106778253A (en) | 2016-11-24 | 2016-11-24 | Threat context aware information security Initiative Defense model based on big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106778253A (en) |
Cited By (40)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107040551A (en) * | 2017-06-12 | 2017-08-11 | 北京匡恩网络科技有限责任公司 | A kind of industry control network safe early warning method and system |
| CN107239707A (en) * | 2017-06-06 | 2017-10-10 | 国家电投集团河南电力有限公司技术信息中心 | A kind of threat data processing method for information system |
| CN107342982A (en) * | 2017-06-09 | 2017-11-10 | 国网湖北省电力公司 | Big data analysis system |
| CN107872454A (en) * | 2017-11-04 | 2018-04-03 | 公安部第三研究所 | A kind of monitoring of ultra-large type internet platform protection based on security rank threat information and analysis system and method based on big data technology |
| CN107911500A (en) * | 2017-11-29 | 2018-04-13 | 深信服科技股份有限公司 | Method, unit and storage medium based on Situation Awareness positioning user |
| CN108039959A (en) * | 2017-11-29 | 2018-05-15 | 深信服科技股份有限公司 | Situation Awareness method, system and the relevant apparatus of a kind of data |
| CN108306870A (en) * | 2018-01-22 | 2018-07-20 | 广东奥飞数据科技股份有限公司 | A kind of data safety monitoring system |
| CN108572905A (en) * | 2018-04-23 | 2018-09-25 | 中国农业银行股份有限公司 | A kind of monitoring method and system based on Distributed Calculation |
| CN108600275A (en) * | 2018-05-29 | 2018-09-28 | 广西电网有限责任公司 | Threat context aware information security Active Defending System Against based on artificial intelligence |
| CN108696531A (en) * | 2018-06-08 | 2018-10-23 | 武汉思普崚技术有限公司 | A kind of security strategy adaptive analysis and big data Visualization Platform system |
| CN108712427A (en) * | 2018-05-23 | 2018-10-26 | 北京国信安服信息安全科技有限公司 | A kind of network security method and system of dynamic Initiative Defense |
| CN108769048A (en) * | 2018-06-08 | 2018-11-06 | 武汉思普崚技术有限公司 | A kind of secure visualization and Situation Awareness plateform system |
| CN108848069A (en) * | 2018-05-29 | 2018-11-20 | 深圳智达机械技术有限公司 | A kind of electric power networks information security Active Defending System Against based on big data |
| CN108989097A (en) * | 2018-06-29 | 2018-12-11 | 中国人民解放军战略支援部队信息工程大学 | A kind of mimicry system of defense threat warning method for visualizing and device |
| CN109039749A (en) * | 2018-08-10 | 2018-12-18 | 广州天予智能科技有限公司 | A kind of acquisition of remote journal and encryption transmission system and method |
| CN109379374A (en) * | 2018-11-23 | 2019-02-22 | 四川长虹电器股份有限公司 | Threat identification method for early warning and system based on event analysis |
| CN109471655A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | A kind of service application update method and system based on closed Barrier Model |
| CN109508543A (en) * | 2018-10-31 | 2019-03-22 | 武汉光谷联众大数据技术有限责任公司 | A kind of monitoring of data safety and processing unit |
| CN109951419A (en) * | 2017-12-20 | 2019-06-28 | 广东电网有限责任公司电力调度控制中心 | A kind of APT intrusion detection method based on attack chain attack rule digging |
| CN109981594A (en) * | 2019-03-01 | 2019-07-05 | 南京安夏电子科技有限公司 | Network security situational awareness method based on big data |
| CN110020265A (en) * | 2019-02-25 | 2019-07-16 | 贵州格物数据有限公司 | A kind of the short message URL analysis system and method for big data based on memory |
| CN110188088A (en) * | 2019-05-23 | 2019-08-30 | 广东海洋大学 | A kind of marine ships adopt sand behavior big data model |
| CN110222918A (en) * | 2019-04-18 | 2019-09-10 | 重庆恢恢信息技术有限公司 | Wisdom building site management system, server and storage medium based on cloud platform |
| CN110401649A (en) * | 2019-07-17 | 2019-11-01 | 湖北央中巨石信息技术有限公司 | Information Security Risk Assessment Methods and system based on Situation Awareness study |
| CN110519231A (en) * | 2019-07-25 | 2019-11-29 | 浙江公共安全技术研究院有限公司 | A kind of cross-domain data exchange supervisory systems and method |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
| CN111814142A (en) * | 2020-06-29 | 2020-10-23 | 上海三零卫士信息安全有限公司 | Big data rapid threat detection system based on OpenIOC |
| CN112100257A (en) * | 2020-08-21 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Data processing method, data processing device, computer equipment and storage medium |
| CN112104659A (en) * | 2020-09-18 | 2020-12-18 | 宋清云 | Real-time monitoring platform based on government affair application safety |
| CN112149170A (en) * | 2020-10-12 | 2020-12-29 | 上海中尖实业(集团)有限公司 | Digital big data security processing system |
| CN112291232A (en) * | 2020-10-27 | 2021-01-29 | 中国联合网络通信有限公司深圳市分公司 | Safety capability and safety service chain management platform based on tenants |
| CN112398823A (en) * | 2020-11-03 | 2021-02-23 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Network information safety early warning platform based on big data analysis |
| WO2021056854A1 (en) * | 2019-09-27 | 2021-04-01 | 同济大学 | Internet novel virtual data center system and construction method therefor |
| CN113254138A (en) * | 2021-06-08 | 2021-08-13 | 中国传媒大学 | Method and system for visualizing drilling process of defense party of vulnerability shooting range |
| CN113468526A (en) * | 2021-06-03 | 2021-10-01 | 深圳市博锐信息科技有限公司 | Network security system based on big data |
| CN113572781A (en) * | 2021-07-28 | 2021-10-29 | 中国南方电网有限责任公司 | Method for collecting network security threat information |
| CN114760117A (en) * | 2022-03-30 | 2022-07-15 | 深信服科技股份有限公司 | Data acquisition method and device and electronic equipment |
| CN115017148A (en) * | 2021-03-08 | 2022-09-06 | 杭州云掣科技有限公司 | Unified and efficient operation and maintenance data storage, retrieval and analysis method and system |
| CN115941326A (en) * | 2022-12-07 | 2023-04-07 | 贵州电网有限责任公司 | Background monitor reinforcement method |
| CN116644218A (en) * | 2023-07-26 | 2023-08-25 | 成都华栖云科技有限公司 | On-line and off-line fusion teaching space data acquisition and storage method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103561018A (en) * | 2013-10-30 | 2014-02-05 | 蓝盾信息安全技术股份有限公司 | Intrusion detection real-time analysis system for big data application platform |
| CN104268254A (en) * | 2014-10-09 | 2015-01-07 | 浪潮电子信息产业股份有限公司 | Security situation analysis and statistics method |
| EP2863612A1 (en) * | 2013-08-20 | 2015-04-22 | Huawei Technologies Co., Ltd. | Content sharing method, device and system |
| CN105553957A (en) * | 2015-12-09 | 2016-05-04 | 国家电网公司 | Network safety situation awareness early-warning method and system based big data |
| CN105704119A (en) * | 2015-12-31 | 2016-06-22 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for determining network security posture distribution |
-
2016
- 2016-11-24 CN CN201611045333.1A patent/CN106778253A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2863612A1 (en) * | 2013-08-20 | 2015-04-22 | Huawei Technologies Co., Ltd. | Content sharing method, device and system |
| CN103561018A (en) * | 2013-10-30 | 2014-02-05 | 蓝盾信息安全技术股份有限公司 | Intrusion detection real-time analysis system for big data application platform |
| CN104268254A (en) * | 2014-10-09 | 2015-01-07 | 浪潮电子信息产业股份有限公司 | Security situation analysis and statistics method |
| CN105553957A (en) * | 2015-12-09 | 2016-05-04 | 国家电网公司 | Network safety situation awareness early-warning method and system based big data |
| CN105704119A (en) * | 2015-12-31 | 2016-06-22 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for determining network security posture distribution |
Non-Patent Citations (4)
| Title |
|---|
| 曹蓉蓉: "《大数据环境下网络安全态势感知研究》", 《数字图书馆论坛》 * |
| 潘峰等: "《大数据环境下网络安全态势感知研究进展》", 《保密科学技术》 * |
| 管磊等: "《基于大数据的网络安全态势感知技术研究》", 《信息网络安全》 * |
| 赵梦: "《基于大数据环境的网络安全态势感知》", 《信息网络安全》 * |
Cited By (49)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107239707A (en) * | 2017-06-06 | 2017-10-10 | 国家电投集团河南电力有限公司技术信息中心 | A kind of threat data processing method for information system |
| CN107239707B (en) * | 2017-06-06 | 2020-09-29 | 国家电投集团河南电力有限公司 | Threat data processing method for information system |
| CN107342982A (en) * | 2017-06-09 | 2017-11-10 | 国网湖北省电力公司 | Big data analysis system |
| CN107040551A (en) * | 2017-06-12 | 2017-08-11 | 北京匡恩网络科技有限责任公司 | A kind of industry control network safe early warning method and system |
| CN107872454A (en) * | 2017-11-04 | 2018-04-03 | 公安部第三研究所 | A kind of monitoring of ultra-large type internet platform protection based on security rank threat information and analysis system and method based on big data technology |
| CN107872454B (en) * | 2017-11-04 | 2022-02-08 | 公安部第三研究所 | Threat information monitoring and analyzing system and method for ultra-large Internet platform |
| CN107911500A (en) * | 2017-11-29 | 2018-04-13 | 深信服科技股份有限公司 | Method, unit and storage medium based on Situation Awareness positioning user |
| CN108039959A (en) * | 2017-11-29 | 2018-05-15 | 深信服科技股份有限公司 | Situation Awareness method, system and the relevant apparatus of a kind of data |
| CN107911500B (en) * | 2017-11-29 | 2021-11-19 | 深信服科技股份有限公司 | Method, equipment and device for positioning user based on situation awareness and storage medium |
| CN109951419A (en) * | 2017-12-20 | 2019-06-28 | 广东电网有限责任公司电力调度控制中心 | A kind of APT intrusion detection method based on attack chain attack rule digging |
| CN109471655B (en) * | 2017-12-25 | 2021-08-13 | 北京安天网络安全技术有限公司 | Business application updating method and system based on closed barrier model |
| CN109471655A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | A kind of service application update method and system based on closed Barrier Model |
| CN108306870A (en) * | 2018-01-22 | 2018-07-20 | 广东奥飞数据科技股份有限公司 | A kind of data safety monitoring system |
| CN108572905B (en) * | 2018-04-23 | 2021-07-23 | 中国农业银行股份有限公司 | Monitoring method and system based on distributed computation |
| CN108572905A (en) * | 2018-04-23 | 2018-09-25 | 中国农业银行股份有限公司 | A kind of monitoring method and system based on Distributed Calculation |
| CN108712427A (en) * | 2018-05-23 | 2018-10-26 | 北京国信安服信息安全科技有限公司 | A kind of network security method and system of dynamic Initiative Defense |
| CN108848069A (en) * | 2018-05-29 | 2018-11-20 | 深圳智达机械技术有限公司 | A kind of electric power networks information security Active Defending System Against based on big data |
| CN108600275A (en) * | 2018-05-29 | 2018-09-28 | 广西电网有限责任公司 | Threat context aware information security Active Defending System Against based on artificial intelligence |
| CN108769048A (en) * | 2018-06-08 | 2018-11-06 | 武汉思普崚技术有限公司 | A kind of secure visualization and Situation Awareness plateform system |
| CN108696531A (en) * | 2018-06-08 | 2018-10-23 | 武汉思普崚技术有限公司 | A kind of security strategy adaptive analysis and big data Visualization Platform system |
| CN108989097A (en) * | 2018-06-29 | 2018-12-11 | 中国人民解放军战略支援部队信息工程大学 | A kind of mimicry system of defense threat warning method for visualizing and device |
| CN109039749A (en) * | 2018-08-10 | 2018-12-18 | 广州天予智能科技有限公司 | A kind of acquisition of remote journal and encryption transmission system and method |
| CN109039749B (en) * | 2018-08-10 | 2022-02-15 | 广州天予智能科技有限公司 | Remote log acquisition and encryption transmission system and method |
| CN109508543A (en) * | 2018-10-31 | 2019-03-22 | 武汉光谷联众大数据技术有限责任公司 | A kind of monitoring of data safety and processing unit |
| CN109379374A (en) * | 2018-11-23 | 2019-02-22 | 四川长虹电器股份有限公司 | Threat identification method for early warning and system based on event analysis |
| CN110020265A (en) * | 2019-02-25 | 2019-07-16 | 贵州格物数据有限公司 | A kind of the short message URL analysis system and method for big data based on memory |
| CN109981594A (en) * | 2019-03-01 | 2019-07-05 | 南京安夏电子科技有限公司 | Network security situational awareness method based on big data |
| CN110222918A (en) * | 2019-04-18 | 2019-09-10 | 重庆恢恢信息技术有限公司 | Wisdom building site management system, server and storage medium based on cloud platform |
| CN110188088A (en) * | 2019-05-23 | 2019-08-30 | 广东海洋大学 | A kind of marine ships adopt sand behavior big data model |
| CN110401649A (en) * | 2019-07-17 | 2019-11-01 | 湖北央中巨石信息技术有限公司 | Information Security Risk Assessment Methods and system based on Situation Awareness study |
| CN110519231A (en) * | 2019-07-25 | 2019-11-29 | 浙江公共安全技术研究院有限公司 | A kind of cross-domain data exchange supervisory systems and method |
| WO2021056854A1 (en) * | 2019-09-27 | 2021-04-01 | 同济大学 | Internet novel virtual data center system and construction method therefor |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
| CN111814142A (en) * | 2020-06-29 | 2020-10-23 | 上海三零卫士信息安全有限公司 | Big data rapid threat detection system based on OpenIOC |
| CN112100257A (en) * | 2020-08-21 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Data processing method, data processing device, computer equipment and storage medium |
| CN112104659A (en) * | 2020-09-18 | 2020-12-18 | 宋清云 | Real-time monitoring platform based on government affair application safety |
| CN112149170A (en) * | 2020-10-12 | 2020-12-29 | 上海中尖实业(集团)有限公司 | Digital big data security processing system |
| CN112291232A (en) * | 2020-10-27 | 2021-01-29 | 中国联合网络通信有限公司深圳市分公司 | Safety capability and safety service chain management platform based on tenants |
| CN112291232B (en) * | 2020-10-27 | 2021-06-04 | 中国联合网络通信有限公司深圳市分公司 | Safety capability and safety service chain management platform based on tenants |
| CN112398823A (en) * | 2020-11-03 | 2021-02-23 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Network information safety early warning platform based on big data analysis |
| CN115017148A (en) * | 2021-03-08 | 2022-09-06 | 杭州云掣科技有限公司 | Unified and efficient operation and maintenance data storage, retrieval and analysis method and system |
| CN113468526A (en) * | 2021-06-03 | 2021-10-01 | 深圳市博锐信息科技有限公司 | Network security system based on big data |
| CN113254138A (en) * | 2021-06-08 | 2021-08-13 | 中国传媒大学 | Method and system for visualizing drilling process of defense party of vulnerability shooting range |
| CN113254138B (en) * | 2021-06-08 | 2024-06-18 | 中国传媒大学 | Method and system for visualizing drilling process of defensive party of vulnerability shooting range |
| CN113572781A (en) * | 2021-07-28 | 2021-10-29 | 中国南方电网有限责任公司 | Method for collecting network security threat information |
| CN114760117A (en) * | 2022-03-30 | 2022-07-15 | 深信服科技股份有限公司 | Data acquisition method and device and electronic equipment |
| CN115941326A (en) * | 2022-12-07 | 2023-04-07 | 贵州电网有限责任公司 | Background monitor reinforcement method |
| CN116644218A (en) * | 2023-07-26 | 2023-08-25 | 成都华栖云科技有限公司 | On-line and off-line fusion teaching space data acquisition and storage method and device |
| CN116644218B (en) * | 2023-07-26 | 2023-11-21 | 成都华栖云科技有限公司 | On-line and off-line fusion teaching space data acquisition and storage method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106778253A (en) | Threat context aware information security Initiative Defense model based on big data | |
| CN111209269A (en) | Big data management system of wisdom city | |
| CN113486351A (en) | Civil aviation air traffic control network safety detection early warning platform | |
| CN111885040A (en) | Distributed network situation perception method, system, server and node equipment | |
| CN108039959A (en) | Situation Awareness method, system and the relevant apparatus of a kind of data | |
| US9123006B2 (en) | Techniques for parallel business intelligence evaluation and management | |
| CN109684052B (en) | Transaction analysis method, device, equipment and storage medium | |
| CN112165462A (en) | Attack prediction method and device based on portrait, electronic equipment and storage medium | |
| CN112632135A (en) | Big data platform | |
| Jeong et al. | Anomaly teletraffic intrusion detection systems on hadoop-based platforms: A survey of some problems and solutions | |
| CN113347170B (en) | Intelligent analysis platform design method based on big data framework | |
| CN113556254B (en) | Abnormal alarm method and device, electronic equipment and readable storage medium | |
| CN116662989B (en) | Security data analysis method and system | |
| CN112738040A (en) | Network security threat detection method, system and device based on DNS log | |
| CN111046022A (en) | Database auditing method based on big data technology | |
| Wang et al. | A centralized HIDS framework for private cloud | |
| CN115237857A (en) | Log processing method and device, computer equipment and storage medium | |
| Pramanik et al. | A framework for criminal network analysis using big data | |
| CN115221337A (en) | Data weaving processing method and device, electronic equipment and readable storage medium | |
| Purohit et al. | With whom to coordinate, why and how in ad-hoc social media communications during crisis response | |
| CN115664785A (en) | Big data platform data desensitization system | |
| [Retracted] Design of a Network Security Audit System Based on Log Data Mining | ||
| CN112347314B (en) | Data resource management system based on graph database | |
| CN110113301B (en) | Intrusion detection system based on cloud computing | |
| CN112769755A (en) | DNS log statistical feature extraction method for threat detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |