CN109344617A - A kind of Internet of Things assets security portrait method and system - Google Patents

A kind of Internet of Things assets security portrait method and system Download PDF

Info

Publication number
CN109344617A
CN109344617A CN201811077983.3A CN201811077983A CN109344617A CN 109344617 A CN109344617 A CN 109344617A CN 201811077983 A CN201811077983 A CN 201811077983A CN 109344617 A CN109344617 A CN 109344617A
Authority
CN
China
Prior art keywords
data
assets
asset
portrait
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811077983.3A
Other languages
Chinese (zh)
Inventor
王辉
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201811077983.3A priority Critical patent/CN109344617A/en
Publication of CN109344617A publication Critical patent/CN109344617A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to Internet of Things assets security fields, it is desirable to provide a kind of Internet of Things assets security portrait method and system.This kind of Internet of Things assets security portrait method is comprising steps of summarizing asset data and being judged;It instructs and alerts to being judged as that the asset data of malice issues to block, alarm data is synchronized to assets portrait;Remaining asset data continues relationship analysis, and drawing data relational graph simultaneously judges abnormal behaviour, blocks to the data distributing for being judged as abnormal and instructs and alert, and alarm data is synchronized to assets portrait;Assets portrait is formed according to assets fingerprint, status data, asset relationship data and analysis threat data.The present invention is monitored by the safe condition to Internet of Things assets itself, it was found that the abnormal data inside assets, it was found that from external hacker attack and the internal safety problem invaded, and safe portrait is formed using the relationship between data, it can find to quicklook the safety problem of Internet of Things assets.

Description

A kind of Internet of Things assets security portrait method and system
Technical field
The present invention relates to Internet of Things assets security field, in particular to a kind of Internet of Things assets security portrait method be System.
Background technique
The current security protection scheme for Internet of Things assets mainly disposes safety equipment on boundary and network, by anti- The equipment such as wall with flues (FW), access, intrusion prevention system (IPS), dependence is black and white lists and the matched mode of known features, hardly possible Effectively to find the safety problem of Internet of Things assets itself, can not feel in real time in the case where occurring by hacker attack and utilization Know.
Traditional safety detection means as shown in Figure 1, using the feature detection mode based on black and white lists, dependent on spy The degree of perfection in library is levied, the disadvantage is that finding security threat based entirely on known strategy library, novel attack can not be identified effectively.
Summary of the invention
It is a primary object of the present invention to overcome deficiency in the prior art, one kind is provided by Internet of Things assets itself Safe condition monitoring the method and system of the abnormal data inside assets are found based on relationship analysis and abnormal intellectual analysis. In order to solve the above technical problems, solution of the invention is:
A kind of Internet of Things assets security portrait method is provided, specifically include the following steps:
Step 1) is carried out asset data and is summarized by the data monitoring inside Internet of Things assets;
Step 2) asset data summarized is identified and classify (i.e. according to the type of asset data and field name into Row identification, classifies according to the type of asset data and the field parsed), then sentenced according to built-in feature database It is disconnected:
If asset data is matched with blacklist, judge that the asset data for malice, issues blocking and instructs and alert, accuse Alert data are synchronized to step 5) and carry out assets portrait, and the analysis of step 3) and step 4) is no longer carried out to the asset data;
If asset data and blacklist mismatch, judge that the asset data for non-malicious, is entered step and 3) closed System's analysis;
It is stored with blacklist in the built-in feature database, blacklist includes the black name of the IP of malice, domain name and keyword Single strategy;
Step 3) is according to the relationship between asset data and asset data, drawing data relational graph;
Step 4) judges abnormal behaviour according to entity relationship diagram:
If a certain data exception, judges that there are all data of corresponding relationship are equal with the data in entity relationship diagram It is abnormal, it issues blocking and instructs and alert, alarm data is synchronized to step 5) and carries out assets portrait;
Step 5) forms assets portrait, money according to assets fingerprint, status data, asset relationship data and analysis threat data It produces portrait and is judged that (security attribute of all assets can be associated point by assets portrait for the safe coefficient to assets Analysis, and the safe coefficient of assets is judged accordingly, it is the function that product is assessed about assets security;Assets portrait energy Intuitively check the behaviors such as abnormal network, process, file, and energy positioning associated data);
Wherein, the status data is obtained by the data monitoring inside Internet of Things assets;The asset relationship data is logical The entity relationship diagram for crossing step 3) drafting obtains;The analysis threat data refers to step 2) the alarm number synchronous with step 4) According to.
In the present invention, in the step 1), the asset data includes: assets fingerprint, type, network, process and text Part;
Wherein, assets fingerprint includes data: model, brand, physical address, the hardware attributes of assets;Type refers to assets Device type;Network refers to the network communication behavior of assets;Process refers to the process id and title of assets;File refers to assets Internal file.
In the present invention, in the step 3), according to the relationship between asset data and asset data, drawing data is closed System's figure, specific as follows:
Assets icon is generated according to the assets fingerprint and type of assets, assets pass through process and file and network communication behavior Data are associated: the heterogeneous networks connection IP address of network communication behavioral data is corresponding with the process of assets;
It is corresponding with the process of assets by the new files of assets or variation file, if there is there are parent processes for process Situation, parent process also need to directly generate relationship with subprocess corresponding.
In the present invention, in the step 4), judge a kind of method of data exception, specifically: if same in assets (dimension includes network, process, file to kind dimension data, for example, the overall network data in assets are then same number of dimensions According to), it is suspicious state in method a and method b, and do not mark the data of this kind of dimension then in built-in Trusted List range For exception;
The IP or process list that the Trusted List is generated by asset data in preset white list and self-learning networks;
Method a: in a certain period of time (default 24 hours, period are configurable), each dimension data is calculated in same net The probability of occurrence of network environmental area, the probability of occurrence=certain dimension data amount/total assets data volume × 100%;Probability of occurrence value More low then threat index is higher, and probability of occurrence value then enters suspicious state lower than threshold value M, and probability of occurrence value is more than that threshold value N enters Trusted status;
Wherein, threshold value M, threshold value N value range all meet: 0-100%, and M be less than N (M preferably 10%, N is preferred 80%);
Method b: it calculates history 30 days, history probability of occurrence of each dimension data in consolidated network environmental area, the history Probability of occurrence=certain dimension data amount/total assets number × 100%;The more low then threat index of history probability of occurrence value is higher, history Probability of occurrence value then enters suspicious state lower than threshold value I, and history probability of occurrence value is more than that threshold value J enters trusted status;
Wherein, threshold value I, threshold value J value range all meet: 0-100%, and I be less than J (I preferably 10%, J is preferred 80%).
In the present invention, in the step 5), the status data refers to online offline, the network delay data of assets, leads to The data monitoring crossed inside Internet of Things assets obtains;The asset relationship data refers to the relationship between network, process and file Situation is obtained by the entity relationship diagram that step 3) is drawn;The analysis threat data refer to according to the network of assets, file, into Cheng Bianhua behavior judges the data threatened extremely, that is, refers to the step 2) alarm data synchronous with step 4).
A kind of Internet of Things assets security portrait system, including processor are provided, each instruction is adapted for carrying out;And storage is set It is standby, it is suitable for storing a plurality of instruction, described instruction is suitable for being loaded and being executed by processor:
Step 1) is carried out asset data and is summarized by the data monitoring inside Internet of Things assets;
Step 2) asset data summarized is identified and classify (i.e. according to the type of asset data and field name into Row identification, classifies according to the type of asset data and the field parsed), then sentenced according to built-in feature database It is disconnected:
If asset data is matched with blacklist, judge that the asset data for malice, issues blocking and instructs and alert, accuse Alert data are synchronized to step 5) and carry out assets portrait, and the relation of step 3) and step 4) is no longer carried out to the asset data Analysis;
If asset data and blacklist mismatch, judge that the asset data for non-malicious, is entered step and 3) closed System's analysis;
It is stored with blacklist in the built-in feature database, blacklist includes the black name of the IP of malice, domain name and keyword Single strategy;
Step 3) is according to the relationship between asset data and asset data, drawing data relational graph;
Step 4) judges abnormal behaviour according to entity relationship diagram:
If a certain data exception, judges that there are all data of corresponding relationship are equal with the data in entity relationship diagram It is abnormal, it issues blocking and instructs and alert, alarm data is synchronized to step 5) and carries out assets portrait;
Step 5) forms assets portrait, money according to assets fingerprint, status data, asset relationship data and analysis threat data It produces portrait and is judged that (security attribute of all assets can be associated point by assets portrait for the safe coefficient to assets Analysis, and the safe coefficient of assets is judged accordingly, it is the function that product is assessed about assets security;Assets portrait energy Intuitively check the behaviors such as abnormal network, process, file, and energy positioning associated data);
Wherein, the status data is obtained by the data monitoring inside Internet of Things assets;The asset relationship data is logical The entity relationship diagram for crossing step 3) drafting obtains;The analysis threat data refers to step 2) the alarm number synchronous with step 4) According to.
The working principle of the invention: by Internet of Things assets internal act analyze, comprising assets fingerprint, type, network, The data such as process and file draw relational graph based on the relationship between data, identify the wherein behavior of malice and carry out early warning, shape It draws a portrait at Internet of Things assets security.
Compared with prior art, the beneficial effects of the present invention are:
The present invention is monitored by the safe condition to Internet of Things assets itself, based on relationship analysis and abnormal intellectual analysis Method finds the abnormal data inside assets, finds from external hacker attack and the internal safety problem invaded, and benefit Safe portrait is formed with the relationship between data, can find to quicklook the safety problem of Internet of Things assets.
Detailed description of the invention
Fig. 1 is traditional safety detection means flow chart.
Fig. 2 is overhaul flow chart of the invention.
Specific embodiment
Present invention is further described in detail with specific embodiment with reference to the accompanying drawing:
A kind of Internet of Things assets security portrait method as shown in Figure 2, by sensor data acquisition to internet of things equipment It is monitored, obtains the data such as behavior and the state of internet of things equipment, these data are uniformly sent to control platform, by managing Platform is analyzed and is drawn a portrait to data.Internet of Things refers to the connected internet of object object;Assets refer to: accessing setting for Internet of Things It is standby;Analysis center's (control platform) refers to: the platform for the threat that notes abnormalities is analyzed for accessing Internet of Things asset data.
This kind of Internet of Things assets security portrait method specifically include the following steps:
Step 1) is monitored by Internet of Things assets internal data, includes assets fingerprint, type, network, process and file etc. Data summarization is uniformly sent analysis center by data.
Step 2) analysis center carries out parsing identification and classification to data: according to the type of asset data and field name into Row identification, classifies according to data type and the field parsed, and the type according to data is identified and classified.Then, Analysis center is judged according to built-in feature database again:
It is judged as malice if matching with blacklist, issues blocking and instruct and alert, alarm data is synchronized to assets picture Picture, assets portrait are the function that product is assessed about assets security, and the security attribute of all assets is associated analysis, The safe coefficient of assets is judged accordingly;
It is judged as non-malicious if mismatching with blacklist, enters step relationship analysis 3).
The built-in feature database refers to the blacklist strategy of the IP of malice, domain name, keyword.
Step 3) is according to the relationship between different data type and data, drawing data relational graph.
Assets icon is generated according to the assets fingerprint and type of assets, assets pass through process and file and network communication behavior Data are associated: the heterogeneous networks of network communication behavioral data connection IP address is corresponding with the process of assets, assets it is new It builds file or changes the case where file is corresponding with the process of assets, and there are parent processes if there is process, it is also necessary to and subprocess It is corresponding to directly generate relationship.
Step 4) judges abnormal behaviour according to entity relationship diagram, if a certain data type is abnormal, judges All data are exception in the corresponding relationship, need to issue blocking instruction.
Specific abnormality judgment method has method a and method b, if same dimension data in assets, in method a and method It is suspicious state in b, and not in built-in Trusted List range, then marks the data of this kind of dimension to threaten.
The IP or process list that the Trusted List is generated by asset data in preset white list and self-learning networks.
Method a: in a certain period of time (default 24 hours, period are configurable), each dimension data is calculated in same net The probability of occurrence of network environmental area, the probability of occurrence=certain dimension data amount/total assets data volume × 100%;Probability of occurrence value More low then threat index is higher, and probability of occurrence value then enters suspicious state lower than threshold value M, and probability of occurrence value is more than that threshold value N enters Trusted status, if numerical value is not involved in calculating between threshold value M and threshold value N.
Wherein, threshold value M is 10%, and threshold value N is 80%.
Method b: it calculates history 30 days, history probability of occurrence of each dimension data in consolidated network environmental area, the history Probability of occurrence=certain dimension data amount/total assets number × 100%;The more low then threat index of history probability of occurrence value is higher, history Probability of occurrence value then enters suspicious state lower than threshold value I, and history probability of occurrence value is more than that threshold value J enters trusted status.
Wherein, threshold value I is 10%, and threshold value J is 80%.
Step 5) forms assets according to assets finger print data, status data, asset relationship data and analysis threat data and draws Picture can intuitively check the behaviors such as abnormal network, process, file, and quickly positioning associated data.
Wherein, the assets finger print data refers to model, brand, physical address, hardware attributes of assets etc.;The state Data refer to online offline, network delay of assets etc.;The asset relationship data refers to the relationship between network, process and file Situation;The analysis threat data refers to that changing behavior according to the network, file, process of assets judges the data threatened extremely.
Finally it should be noted that the above enumerated are only specific embodiments of the present invention.It is clear that the invention is not restricted to Above embodiments can also have many variations.Those skilled in the art can directly lead from present disclosure Out or all deformations for associating, it is considered as protection scope of the present invention.

Claims (6)

  1. A kind of method 1. Internet of Things assets security is drawn a portrait, which is characterized in that specifically include the following steps:
    Step 1) is carried out asset data and is summarized by the data monitoring inside Internet of Things assets;
    Step 2) is identified and is classified to the asset data summarized, is then judged according to built-in feature database:
    If asset data is matched with blacklist, judge that the asset data for malice, issues blocking and instructs and alert, alert number Assets portrait is carried out according to step 5) is synchronized to, and no longer carries out the analysis of step 3) and step 4) to the asset data;
    If asset data and blacklist mismatch, the asset data is judged for non-malicious, enters step 3) progress relation Analysis;
    It is stored with blacklist in the built-in feature database, blacklist includes the blacklist plan of the IP of malice, domain name and keyword Slightly;
    Step 3) is according to the relationship between asset data and asset data, drawing data relational graph;
    Step 4) judges abnormal behaviour according to entity relationship diagram:
    If a certain data exception, judges that there are all data of corresponding relationship are different with the data in entity relationship diagram Often, it issues blocking to instruct and alert, alarm data is synchronized to step 5) and carries out assets portrait;
    Step 5) forms assets portrait according to assets fingerprint, status data, asset relationship data and analysis threat data, and assets are drawn As for judging the safe coefficient of assets;
    Wherein, the status data is obtained by the data monitoring inside Internet of Things assets;The asset relationship data passes through step The rapid entity relationship diagram 3) drawn obtains;The analysis threat data refers to the step 2) alarm data synchronous with step 4).
  2. The method 2. a kind of Internet of Things assets security according to claim 1 is drawn a portrait, which is characterized in that in the step 1), The asset data includes: assets fingerprint, type, network, process and file;
    Wherein, assets fingerprint includes data: model, brand, physical address, the hardware attributes of assets;Type refers to setting for assets Standby type;Network refers to the network communication behavior of assets;Process refers to the process id and title of assets;File refers to inside assets File.
  3. The method 3. a kind of Internet of Things assets security according to claim 2 is drawn a portrait, which is characterized in that in the step 3), According to the relationship between asset data and asset data, drawing data relational graph is specific as follows:
    Assets icon is generated according to the assets fingerprint and type of assets, assets pass through process and file and network communication behavioral data It is associated: the heterogeneous networks connection IP address of network communication behavioral data is corresponding with the process of assets;
    By the new files of assets or variation file, if there is process there are parent process the case where corresponding with the process of assets, Parent process also needs to directly generate relationship with subprocess corresponding.
  4. The method 4. a kind of Internet of Things assets security according to claim 1 is drawn a portrait, which is characterized in that in the step 4), Judge a kind of method of data exception, specifically: if same dimension data in assets, being in method a and method b can The state of doubting, and not in built-in Trusted List range, then it is abnormal for marking the data of this kind of dimension;
    The IP or process list that the Trusted List is generated by asset data in preset white list and self-learning networks;
    Method a: in a certain period of time, each dimension data is calculated in the probability of occurrence of consolidated network environmental area, the appearance Probability=certain dimension data amount/total assets data volume × 100%;The more low then threat index of probability of occurrence value is higher, probability of occurrence Value then enters suspicious state lower than threshold value M, and probability of occurrence value is more than that threshold value N enters trusted status;
    Wherein, threshold value M, threshold value N value range all meet: 0-100%, and M be less than N;
    Method b: calculating history 30 days, history probability of occurrence of each dimension data in consolidated network environmental area, history appearance Probability=certain dimension data amount/total assets number × 100%;The more low then threat index of history probability of occurrence value is higher, and history occurs Probability value then enters suspicious state lower than threshold value I, and history probability of occurrence value is more than that threshold value J enters trusted status;
    Wherein, threshold value I, threshold value J value range all meet: 0-100%, and I be less than J.
  5. The method 5. a kind of Internet of Things assets security according to claim 2 is drawn a portrait, which is characterized in that in the step 5), The status data refers to online offline, the network delay data of assets, is obtained by the data monitoring inside Internet of Things assets;Institute It states asset relationship data and refers to relationship situation between network, process and file, obtained by the entity relationship diagram that step 3) is drawn; The analysis threat data refers to that changing behavior according to the network, file, process of assets judges the data threatened extremely, that is, refers to step Rapid 2) the alarm data synchronous with step 4).
  6. The system 6. a kind of Internet of Things assets security is drawn a portrait, including processor, are adapted for carrying out each instruction;And storage equipment, it is suitable for A plurality of instruction is stored, described instruction is suitable for being loaded and being executed by processor:
    Step 1) is carried out asset data and is summarized by the data monitoring inside Internet of Things assets;
    Step 2) is identified and is classified to the asset data summarized, is then judged according to built-in feature database:
    If asset data is matched with blacklist, judge that the asset data for malice, issues blocking and instructs and alert, alert number Assets portrait is carried out according to step 5) is synchronized to, and no longer carries out the relationship analysis of step 3) and step 4) to the asset data;
    If asset data and blacklist mismatch, the asset data is judged for non-malicious, enters step 3) progress relation Analysis;
    It is stored with blacklist in the built-in feature database, blacklist includes the blacklist plan of the IP of malice, domain name and keyword Slightly;
    Step 3) is according to the relationship between asset data and asset data, drawing data relational graph;
    Step 4) judges abnormal behaviour according to entity relationship diagram:
    If a certain data exception, judges that there are all data of corresponding relationship are different with the data in entity relationship diagram Often, it issues blocking to instruct and alert, alarm data is synchronized to step 5) and carries out assets portrait;
    Step 5) forms assets portrait according to assets fingerprint, status data, asset relationship data and analysis threat data, and assets are drawn As for judging the safe coefficient of assets;
    Wherein, the status data is obtained by the data monitoring inside Internet of Things assets;The asset relationship data passes through step The rapid entity relationship diagram 3) drawn obtains;The analysis threat data refers to the step 2) alarm data synchronous with step 4).
CN201811077983.3A 2018-09-16 2018-09-16 A kind of Internet of Things assets security portrait method and system Pending CN109344617A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811077983.3A CN109344617A (en) 2018-09-16 2018-09-16 A kind of Internet of Things assets security portrait method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811077983.3A CN109344617A (en) 2018-09-16 2018-09-16 A kind of Internet of Things assets security portrait method and system

Publications (1)

Publication Number Publication Date
CN109344617A true CN109344617A (en) 2019-02-15

Family

ID=65305369

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811077983.3A Pending CN109344617A (en) 2018-09-16 2018-09-16 A kind of Internet of Things assets security portrait method and system

Country Status (1)

Country Link
CN (1) CN109344617A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110099074A (en) * 2019-05-28 2019-08-06 阿里巴巴集团控股有限公司 A kind of method for detecting abnormality of internet of things equipment, system and electronic equipment
CN110138770A (en) * 2019-05-13 2019-08-16 四川长虹电器股份有限公司 One kind threatening information generation and shared system and method based on Internet of Things
CN110233848A (en) * 2019-06-18 2019-09-13 浙江齐治科技股份有限公司 A kind of assets Situation analysis method and device
CN110808951A (en) * 2019-09-25 2020-02-18 国网思极网安科技(北京)有限公司 Method and device for discovering abnormal behavior of terminal based on equipment image
CN111143844A (en) * 2019-12-25 2020-05-12 浙江军盾信息科技有限公司 Safety detection method and system for Internet of things equipment and related device
CN111147305A (en) * 2019-12-30 2020-05-12 成都科来软件有限公司 Network asset portrait extraction method
CN111784404A (en) * 2020-07-08 2020-10-16 杭州安恒信息技术股份有限公司 Abnormal asset identification method based on behavior variable prediction
CN112667896A (en) * 2020-12-29 2021-04-16 成都科来网络技术有限公司 Asset identification method based on network behavior derivation, computer program and storage medium
CN112822166A (en) * 2020-12-30 2021-05-18 绿盟科技集团股份有限公司 Abnormal process detection method, device, equipment and medium
CN113743769A (en) * 2021-08-30 2021-12-03 广东电网有限责任公司 Data security detection method and device, electronic equipment and storage medium
CN113965406A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Network blocking method, device, electronic device and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166794A (en) * 2013-02-22 2013-06-19 中国人民解放军91655部队 Information security management method with integration security control function
CN105871883A (en) * 2016-05-10 2016-08-17 上海交通大学 Advanced persistent threat detection method based on aggressive behavior analysis
CN106470188A (en) * 2015-08-18 2017-03-01 中国电信股份有限公司 The detection method of security threat, device and security gateway
CN107196910A (en) * 2017-04-18 2017-09-22 国网山东省电力公司电力科学研究院 Threat early warning monitoring system, method and the deployment framework analyzed based on big data
CN107454076A (en) * 2017-08-01 2017-12-08 北京亚鸿世纪科技发展有限公司 A kind of website portrait method
CN107566163A (en) * 2017-08-10 2018-01-09 北京奇安信科技有限公司 A kind of alarm method and device of user behavior analysis association

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166794A (en) * 2013-02-22 2013-06-19 中国人民解放军91655部队 Information security management method with integration security control function
CN106470188A (en) * 2015-08-18 2017-03-01 中国电信股份有限公司 The detection method of security threat, device and security gateway
CN105871883A (en) * 2016-05-10 2016-08-17 上海交通大学 Advanced persistent threat detection method based on aggressive behavior analysis
CN107196910A (en) * 2017-04-18 2017-09-22 国网山东省电力公司电力科学研究院 Threat early warning monitoring system, method and the deployment framework analyzed based on big data
CN107454076A (en) * 2017-08-01 2017-12-08 北京亚鸿世纪科技发展有限公司 A kind of website portrait method
CN107566163A (en) * 2017-08-10 2018-01-09 北京奇安信科技有限公司 A kind of alarm method and device of user behavior analysis association

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王楠: "基于安全态势感知在网络攻击防御中的应用", 《电信技术》 *
谭智: "基于大数据技术的网络异常行为检测***设计与实现", 《中国优秀硕士学位论文全文数据库》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138770B (en) * 2019-05-13 2021-08-06 四川长虹电器股份有限公司 Threat information generation and sharing system and method based on Internet of things
CN110138770A (en) * 2019-05-13 2019-08-16 四川长虹电器股份有限公司 One kind threatening information generation and shared system and method based on Internet of Things
CN110099074A (en) * 2019-05-28 2019-08-06 阿里巴巴集团控股有限公司 A kind of method for detecting abnormality of internet of things equipment, system and electronic equipment
CN110233848A (en) * 2019-06-18 2019-09-13 浙江齐治科技股份有限公司 A kind of assets Situation analysis method and device
CN110233848B (en) * 2019-06-18 2021-11-09 浙江齐治科技股份有限公司 Asset situation analysis method and device
CN110808951A (en) * 2019-09-25 2020-02-18 国网思极网安科技(北京)有限公司 Method and device for discovering abnormal behavior of terminal based on equipment image
CN111143844A (en) * 2019-12-25 2020-05-12 浙江军盾信息科技有限公司 Safety detection method and system for Internet of things equipment and related device
CN111147305A (en) * 2019-12-30 2020-05-12 成都科来软件有限公司 Network asset portrait extraction method
CN111784404A (en) * 2020-07-08 2020-10-16 杭州安恒信息技术股份有限公司 Abnormal asset identification method based on behavior variable prediction
CN111784404B (en) * 2020-07-08 2024-04-16 杭州安恒信息技术股份有限公司 Abnormal asset identification method based on behavior variable prediction
CN112667896A (en) * 2020-12-29 2021-04-16 成都科来网络技术有限公司 Asset identification method based on network behavior derivation, computer program and storage medium
CN112822166A (en) * 2020-12-30 2021-05-18 绿盟科技集团股份有限公司 Abnormal process detection method, device, equipment and medium
CN113743769A (en) * 2021-08-30 2021-12-03 广东电网有限责任公司 Data security detection method and device, electronic equipment and storage medium
CN113965406A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Network blocking method, device, electronic device and storage medium

Similar Documents

Publication Publication Date Title
CN109344617A (en) A kind of Internet of Things assets security portrait method and system
CN112738015B (en) Multi-step attack detection method based on interpretable convolutional neural network CNN and graph detection
CN106790256B (en) Active machine learning system for dangerous host supervision
CN103441982A (en) Intrusion alarm analyzing method based on relative entropy
Peng et al. Network intrusion detection based on deep learning
CN112653678B (en) Network security situation perception analysis method and device
CN115996146B (en) Numerical control system security situation sensing and analyzing system, method, equipment and terminal
KR101692982B1 (en) Automatic access control system of detecting threat using log analysis and automatic feature learning
Nadiammai et al. A comprehensive analysis and study in intrusion detection system using data mining techniques
CN110598959A (en) Asset risk assessment method and device, electronic equipment and storage medium
RU180789U1 (en) DEVICE OF INFORMATION SECURITY AUDIT IN AUTOMATED SYSTEMS
CN109743339A (en) The network security monitoring method and device of electric power plant stand, computer equipment
CN116633682B (en) Intelligent identification method and system based on security product risk threat
CN112925805A (en) Big data intelligent analysis application method based on network security
CN117319090A (en) Intelligent network safety protection system
CN117376010A (en) Network security method and system based on intelligent network
CN116389148B (en) Network security situation prediction system based on artificial intelligence
CN114584391B (en) Method, device, equipment and storage medium for generating abnormal flow processing strategy
Amro et al. Application of fuzzy logic in computer security and forensics
Cortés et al. A hybrid alarm management strategy in signature-based intrusion detection systems
Prasad et al. HIDSC2: Host-based intrusion detection system in cloud computing
KR20060013120A (en) Method of visualizing intrusion detection using correlation of intrusion detection alert message
Kawakani et al. Discovering attackers past behavior to generate online hyper-alerts
Kathrine An intrusion detection system using correlation, prioritization and clustering techniques to mitigate false alerts
Chaudhari et al. A study on data mining & machine learning for intrusion detection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190215

RJ01 Rejection of invention patent application after publication