CN109344617A - A kind of Internet of Things assets security portrait method and system - Google Patents
A kind of Internet of Things assets security portrait method and system Download PDFInfo
- Publication number
- CN109344617A CN109344617A CN201811077983.3A CN201811077983A CN109344617A CN 109344617 A CN109344617 A CN 109344617A CN 201811077983 A CN201811077983 A CN 201811077983A CN 109344617 A CN109344617 A CN 109344617A
- Authority
- CN
- China
- Prior art keywords
- data
- assets
- asset
- portrait
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to Internet of Things assets security fields, it is desirable to provide a kind of Internet of Things assets security portrait method and system.This kind of Internet of Things assets security portrait method is comprising steps of summarizing asset data and being judged;It instructs and alerts to being judged as that the asset data of malice issues to block, alarm data is synchronized to assets portrait;Remaining asset data continues relationship analysis, and drawing data relational graph simultaneously judges abnormal behaviour, blocks to the data distributing for being judged as abnormal and instructs and alert, and alarm data is synchronized to assets portrait;Assets portrait is formed according to assets fingerprint, status data, asset relationship data and analysis threat data.The present invention is monitored by the safe condition to Internet of Things assets itself, it was found that the abnormal data inside assets, it was found that from external hacker attack and the internal safety problem invaded, and safe portrait is formed using the relationship between data, it can find to quicklook the safety problem of Internet of Things assets.
Description
Technical field
The present invention relates to Internet of Things assets security field, in particular to a kind of Internet of Things assets security portrait method be
System.
Background technique
The current security protection scheme for Internet of Things assets mainly disposes safety equipment on boundary and network, by anti-
The equipment such as wall with flues (FW), access, intrusion prevention system (IPS), dependence is black and white lists and the matched mode of known features, hardly possible
Effectively to find the safety problem of Internet of Things assets itself, can not feel in real time in the case where occurring by hacker attack and utilization
Know.
Traditional safety detection means as shown in Figure 1, using the feature detection mode based on black and white lists, dependent on spy
The degree of perfection in library is levied, the disadvantage is that finding security threat based entirely on known strategy library, novel attack can not be identified effectively.
Summary of the invention
It is a primary object of the present invention to overcome deficiency in the prior art, one kind is provided by Internet of Things assets itself
Safe condition monitoring the method and system of the abnormal data inside assets are found based on relationship analysis and abnormal intellectual analysis.
In order to solve the above technical problems, solution of the invention is:
A kind of Internet of Things assets security portrait method is provided, specifically include the following steps:
Step 1) is carried out asset data and is summarized by the data monitoring inside Internet of Things assets;
Step 2) asset data summarized is identified and classify (i.e. according to the type of asset data and field name into
Row identification, classifies according to the type of asset data and the field parsed), then sentenced according to built-in feature database
It is disconnected:
If asset data is matched with blacklist, judge that the asset data for malice, issues blocking and instructs and alert, accuse
Alert data are synchronized to step 5) and carry out assets portrait, and the analysis of step 3) and step 4) is no longer carried out to the asset data;
If asset data and blacklist mismatch, judge that the asset data for non-malicious, is entered step and 3) closed
System's analysis;
It is stored with blacklist in the built-in feature database, blacklist includes the black name of the IP of malice, domain name and keyword
Single strategy;
Step 3) is according to the relationship between asset data and asset data, drawing data relational graph;
Step 4) judges abnormal behaviour according to entity relationship diagram:
If a certain data exception, judges that there are all data of corresponding relationship are equal with the data in entity relationship diagram
It is abnormal, it issues blocking and instructs and alert, alarm data is synchronized to step 5) and carries out assets portrait;
Step 5) forms assets portrait, money according to assets fingerprint, status data, asset relationship data and analysis threat data
It produces portrait and is judged that (security attribute of all assets can be associated point by assets portrait for the safe coefficient to assets
Analysis, and the safe coefficient of assets is judged accordingly, it is the function that product is assessed about assets security;Assets portrait energy
Intuitively check the behaviors such as abnormal network, process, file, and energy positioning associated data);
Wherein, the status data is obtained by the data monitoring inside Internet of Things assets;The asset relationship data is logical
The entity relationship diagram for crossing step 3) drafting obtains;The analysis threat data refers to step 2) the alarm number synchronous with step 4)
According to.
In the present invention, in the step 1), the asset data includes: assets fingerprint, type, network, process and text
Part;
Wherein, assets fingerprint includes data: model, brand, physical address, the hardware attributes of assets;Type refers to assets
Device type;Network refers to the network communication behavior of assets;Process refers to the process id and title of assets;File refers to assets
Internal file.
In the present invention, in the step 3), according to the relationship between asset data and asset data, drawing data is closed
System's figure, specific as follows:
Assets icon is generated according to the assets fingerprint and type of assets, assets pass through process and file and network communication behavior
Data are associated: the heterogeneous networks connection IP address of network communication behavioral data is corresponding with the process of assets;
It is corresponding with the process of assets by the new files of assets or variation file, if there is there are parent processes for process
Situation, parent process also need to directly generate relationship with subprocess corresponding.
In the present invention, in the step 4), judge a kind of method of data exception, specifically: if same in assets
(dimension includes network, process, file to kind dimension data, for example, the overall network data in assets are then same number of dimensions
According to), it is suspicious state in method a and method b, and do not mark the data of this kind of dimension then in built-in Trusted List range
For exception;
The IP or process list that the Trusted List is generated by asset data in preset white list and self-learning networks;
Method a: in a certain period of time (default 24 hours, period are configurable), each dimension data is calculated in same net
The probability of occurrence of network environmental area, the probability of occurrence=certain dimension data amount/total assets data volume × 100%;Probability of occurrence value
More low then threat index is higher, and probability of occurrence value then enters suspicious state lower than threshold value M, and probability of occurrence value is more than that threshold value N enters
Trusted status;
Wherein, threshold value M, threshold value N value range all meet: 0-100%, and M be less than N (M preferably 10%, N is preferred
80%);
Method b: it calculates history 30 days, history probability of occurrence of each dimension data in consolidated network environmental area, the history
Probability of occurrence=certain dimension data amount/total assets number × 100%;The more low then threat index of history probability of occurrence value is higher, history
Probability of occurrence value then enters suspicious state lower than threshold value I, and history probability of occurrence value is more than that threshold value J enters trusted status;
Wherein, threshold value I, threshold value J value range all meet: 0-100%, and I be less than J (I preferably 10%, J is preferred
80%).
In the present invention, in the step 5), the status data refers to online offline, the network delay data of assets, leads to
The data monitoring crossed inside Internet of Things assets obtains;The asset relationship data refers to the relationship between network, process and file
Situation is obtained by the entity relationship diagram that step 3) is drawn;The analysis threat data refer to according to the network of assets, file, into
Cheng Bianhua behavior judges the data threatened extremely, that is, refers to the step 2) alarm data synchronous with step 4).
A kind of Internet of Things assets security portrait system, including processor are provided, each instruction is adapted for carrying out;And storage is set
It is standby, it is suitable for storing a plurality of instruction, described instruction is suitable for being loaded and being executed by processor:
Step 1) is carried out asset data and is summarized by the data monitoring inside Internet of Things assets;
Step 2) asset data summarized is identified and classify (i.e. according to the type of asset data and field name into
Row identification, classifies according to the type of asset data and the field parsed), then sentenced according to built-in feature database
It is disconnected:
If asset data is matched with blacklist, judge that the asset data for malice, issues blocking and instructs and alert, accuse
Alert data are synchronized to step 5) and carry out assets portrait, and the relation of step 3) and step 4) is no longer carried out to the asset data
Analysis;
If asset data and blacklist mismatch, judge that the asset data for non-malicious, is entered step and 3) closed
System's analysis;
It is stored with blacklist in the built-in feature database, blacklist includes the black name of the IP of malice, domain name and keyword
Single strategy;
Step 3) is according to the relationship between asset data and asset data, drawing data relational graph;
Step 4) judges abnormal behaviour according to entity relationship diagram:
If a certain data exception, judges that there are all data of corresponding relationship are equal with the data in entity relationship diagram
It is abnormal, it issues blocking and instructs and alert, alarm data is synchronized to step 5) and carries out assets portrait;
Step 5) forms assets portrait, money according to assets fingerprint, status data, asset relationship data and analysis threat data
It produces portrait and is judged that (security attribute of all assets can be associated point by assets portrait for the safe coefficient to assets
Analysis, and the safe coefficient of assets is judged accordingly, it is the function that product is assessed about assets security;Assets portrait energy
Intuitively check the behaviors such as abnormal network, process, file, and energy positioning associated data);
Wherein, the status data is obtained by the data monitoring inside Internet of Things assets;The asset relationship data is logical
The entity relationship diagram for crossing step 3) drafting obtains;The analysis threat data refers to step 2) the alarm number synchronous with step 4)
According to.
The working principle of the invention: by Internet of Things assets internal act analyze, comprising assets fingerprint, type, network,
The data such as process and file draw relational graph based on the relationship between data, identify the wherein behavior of malice and carry out early warning, shape
It draws a portrait at Internet of Things assets security.
Compared with prior art, the beneficial effects of the present invention are:
The present invention is monitored by the safe condition to Internet of Things assets itself, based on relationship analysis and abnormal intellectual analysis
Method finds the abnormal data inside assets, finds from external hacker attack and the internal safety problem invaded, and benefit
Safe portrait is formed with the relationship between data, can find to quicklook the safety problem of Internet of Things assets.
Detailed description of the invention
Fig. 1 is traditional safety detection means flow chart.
Fig. 2 is overhaul flow chart of the invention.
Specific embodiment
Present invention is further described in detail with specific embodiment with reference to the accompanying drawing:
A kind of Internet of Things assets security portrait method as shown in Figure 2, by sensor data acquisition to internet of things equipment
It is monitored, obtains the data such as behavior and the state of internet of things equipment, these data are uniformly sent to control platform, by managing
Platform is analyzed and is drawn a portrait to data.Internet of Things refers to the connected internet of object object;Assets refer to: accessing setting for Internet of Things
It is standby;Analysis center's (control platform) refers to: the platform for the threat that notes abnormalities is analyzed for accessing Internet of Things asset data.
This kind of Internet of Things assets security portrait method specifically include the following steps:
Step 1) is monitored by Internet of Things assets internal data, includes assets fingerprint, type, network, process and file etc.
Data summarization is uniformly sent analysis center by data.
Step 2) analysis center carries out parsing identification and classification to data: according to the type of asset data and field name into
Row identification, classifies according to data type and the field parsed, and the type according to data is identified and classified.Then,
Analysis center is judged according to built-in feature database again:
It is judged as malice if matching with blacklist, issues blocking and instruct and alert, alarm data is synchronized to assets picture
Picture, assets portrait are the function that product is assessed about assets security, and the security attribute of all assets is associated analysis,
The safe coefficient of assets is judged accordingly;
It is judged as non-malicious if mismatching with blacklist, enters step relationship analysis 3).
The built-in feature database refers to the blacklist strategy of the IP of malice, domain name, keyword.
Step 3) is according to the relationship between different data type and data, drawing data relational graph.
Assets icon is generated according to the assets fingerprint and type of assets, assets pass through process and file and network communication behavior
Data are associated: the heterogeneous networks of network communication behavioral data connection IP address is corresponding with the process of assets, assets it is new
It builds file or changes the case where file is corresponding with the process of assets, and there are parent processes if there is process, it is also necessary to and subprocess
It is corresponding to directly generate relationship.
Step 4) judges abnormal behaviour according to entity relationship diagram, if a certain data type is abnormal, judges
All data are exception in the corresponding relationship, need to issue blocking instruction.
Specific abnormality judgment method has method a and method b, if same dimension data in assets, in method a and method
It is suspicious state in b, and not in built-in Trusted List range, then marks the data of this kind of dimension to threaten.
The IP or process list that the Trusted List is generated by asset data in preset white list and self-learning networks.
Method a: in a certain period of time (default 24 hours, period are configurable), each dimension data is calculated in same net
The probability of occurrence of network environmental area, the probability of occurrence=certain dimension data amount/total assets data volume × 100%;Probability of occurrence value
More low then threat index is higher, and probability of occurrence value then enters suspicious state lower than threshold value M, and probability of occurrence value is more than that threshold value N enters
Trusted status, if numerical value is not involved in calculating between threshold value M and threshold value N.
Wherein, threshold value M is 10%, and threshold value N is 80%.
Method b: it calculates history 30 days, history probability of occurrence of each dimension data in consolidated network environmental area, the history
Probability of occurrence=certain dimension data amount/total assets number × 100%;The more low then threat index of history probability of occurrence value is higher, history
Probability of occurrence value then enters suspicious state lower than threshold value I, and history probability of occurrence value is more than that threshold value J enters trusted status.
Wherein, threshold value I is 10%, and threshold value J is 80%.
Step 5) forms assets according to assets finger print data, status data, asset relationship data and analysis threat data and draws
Picture can intuitively check the behaviors such as abnormal network, process, file, and quickly positioning associated data.
Wherein, the assets finger print data refers to model, brand, physical address, hardware attributes of assets etc.;The state
Data refer to online offline, network delay of assets etc.;The asset relationship data refers to the relationship between network, process and file
Situation;The analysis threat data refers to that changing behavior according to the network, file, process of assets judges the data threatened extremely.
Finally it should be noted that the above enumerated are only specific embodiments of the present invention.It is clear that the invention is not restricted to
Above embodiments can also have many variations.Those skilled in the art can directly lead from present disclosure
Out or all deformations for associating, it is considered as protection scope of the present invention.
Claims (6)
- A kind of method 1. Internet of Things assets security is drawn a portrait, which is characterized in that specifically include the following steps:Step 1) is carried out asset data and is summarized by the data monitoring inside Internet of Things assets;Step 2) is identified and is classified to the asset data summarized, is then judged according to built-in feature database:If asset data is matched with blacklist, judge that the asset data for malice, issues blocking and instructs and alert, alert number Assets portrait is carried out according to step 5) is synchronized to, and no longer carries out the analysis of step 3) and step 4) to the asset data;If asset data and blacklist mismatch, the asset data is judged for non-malicious, enters step 3) progress relation Analysis;It is stored with blacklist in the built-in feature database, blacklist includes the blacklist plan of the IP of malice, domain name and keyword Slightly;Step 3) is according to the relationship between asset data and asset data, drawing data relational graph;Step 4) judges abnormal behaviour according to entity relationship diagram:If a certain data exception, judges that there are all data of corresponding relationship are different with the data in entity relationship diagram Often, it issues blocking to instruct and alert, alarm data is synchronized to step 5) and carries out assets portrait;Step 5) forms assets portrait according to assets fingerprint, status data, asset relationship data and analysis threat data, and assets are drawn As for judging the safe coefficient of assets;Wherein, the status data is obtained by the data monitoring inside Internet of Things assets;The asset relationship data passes through step The rapid entity relationship diagram 3) drawn obtains;The analysis threat data refers to the step 2) alarm data synchronous with step 4).
- The method 2. a kind of Internet of Things assets security according to claim 1 is drawn a portrait, which is characterized in that in the step 1), The asset data includes: assets fingerprint, type, network, process and file;Wherein, assets fingerprint includes data: model, brand, physical address, the hardware attributes of assets;Type refers to setting for assets Standby type;Network refers to the network communication behavior of assets;Process refers to the process id and title of assets;File refers to inside assets File.
- The method 3. a kind of Internet of Things assets security according to claim 2 is drawn a portrait, which is characterized in that in the step 3), According to the relationship between asset data and asset data, drawing data relational graph is specific as follows:Assets icon is generated according to the assets fingerprint and type of assets, assets pass through process and file and network communication behavioral data It is associated: the heterogeneous networks connection IP address of network communication behavioral data is corresponding with the process of assets;By the new files of assets or variation file, if there is process there are parent process the case where corresponding with the process of assets, Parent process also needs to directly generate relationship with subprocess corresponding.
- The method 4. a kind of Internet of Things assets security according to claim 1 is drawn a portrait, which is characterized in that in the step 4), Judge a kind of method of data exception, specifically: if same dimension data in assets, being in method a and method b can The state of doubting, and not in built-in Trusted List range, then it is abnormal for marking the data of this kind of dimension;The IP or process list that the Trusted List is generated by asset data in preset white list and self-learning networks;Method a: in a certain period of time, each dimension data is calculated in the probability of occurrence of consolidated network environmental area, the appearance Probability=certain dimension data amount/total assets data volume × 100%;The more low then threat index of probability of occurrence value is higher, probability of occurrence Value then enters suspicious state lower than threshold value M, and probability of occurrence value is more than that threshold value N enters trusted status;Wherein, threshold value M, threshold value N value range all meet: 0-100%, and M be less than N;Method b: calculating history 30 days, history probability of occurrence of each dimension data in consolidated network environmental area, history appearance Probability=certain dimension data amount/total assets number × 100%;The more low then threat index of history probability of occurrence value is higher, and history occurs Probability value then enters suspicious state lower than threshold value I, and history probability of occurrence value is more than that threshold value J enters trusted status;Wherein, threshold value I, threshold value J value range all meet: 0-100%, and I be less than J.
- The method 5. a kind of Internet of Things assets security according to claim 2 is drawn a portrait, which is characterized in that in the step 5), The status data refers to online offline, the network delay data of assets, is obtained by the data monitoring inside Internet of Things assets;Institute It states asset relationship data and refers to relationship situation between network, process and file, obtained by the entity relationship diagram that step 3) is drawn; The analysis threat data refers to that changing behavior according to the network, file, process of assets judges the data threatened extremely, that is, refers to step Rapid 2) the alarm data synchronous with step 4).
- The system 6. a kind of Internet of Things assets security is drawn a portrait, including processor, are adapted for carrying out each instruction;And storage equipment, it is suitable for A plurality of instruction is stored, described instruction is suitable for being loaded and being executed by processor:Step 1) is carried out asset data and is summarized by the data monitoring inside Internet of Things assets;Step 2) is identified and is classified to the asset data summarized, is then judged according to built-in feature database:If asset data is matched with blacklist, judge that the asset data for malice, issues blocking and instructs and alert, alert number Assets portrait is carried out according to step 5) is synchronized to, and no longer carries out the relationship analysis of step 3) and step 4) to the asset data;If asset data and blacklist mismatch, the asset data is judged for non-malicious, enters step 3) progress relation Analysis;It is stored with blacklist in the built-in feature database, blacklist includes the blacklist plan of the IP of malice, domain name and keyword Slightly;Step 3) is according to the relationship between asset data and asset data, drawing data relational graph;Step 4) judges abnormal behaviour according to entity relationship diagram:If a certain data exception, judges that there are all data of corresponding relationship are different with the data in entity relationship diagram Often, it issues blocking to instruct and alert, alarm data is synchronized to step 5) and carries out assets portrait;Step 5) forms assets portrait according to assets fingerprint, status data, asset relationship data and analysis threat data, and assets are drawn As for judging the safe coefficient of assets;Wherein, the status data is obtained by the data monitoring inside Internet of Things assets;The asset relationship data passes through step The rapid entity relationship diagram 3) drawn obtains;The analysis threat data refers to the step 2) alarm data synchronous with step 4).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811077983.3A CN109344617A (en) | 2018-09-16 | 2018-09-16 | A kind of Internet of Things assets security portrait method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811077983.3A CN109344617A (en) | 2018-09-16 | 2018-09-16 | A kind of Internet of Things assets security portrait method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109344617A true CN109344617A (en) | 2019-02-15 |
Family
ID=65305369
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811077983.3A Pending CN109344617A (en) | 2018-09-16 | 2018-09-16 | A kind of Internet of Things assets security portrait method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109344617A (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110099074A (en) * | 2019-05-28 | 2019-08-06 | 阿里巴巴集团控股有限公司 | A kind of method for detecting abnormality of internet of things equipment, system and electronic equipment |
CN110138770A (en) * | 2019-05-13 | 2019-08-16 | 四川长虹电器股份有限公司 | One kind threatening information generation and shared system and method based on Internet of Things |
CN110233848A (en) * | 2019-06-18 | 2019-09-13 | 浙江齐治科技股份有限公司 | A kind of assets Situation analysis method and device |
CN110808951A (en) * | 2019-09-25 | 2020-02-18 | 国网思极网安科技(北京)有限公司 | Method and device for discovering abnormal behavior of terminal based on equipment image |
CN111143844A (en) * | 2019-12-25 | 2020-05-12 | 浙江军盾信息科技有限公司 | Safety detection method and system for Internet of things equipment and related device |
CN111147305A (en) * | 2019-12-30 | 2020-05-12 | 成都科来软件有限公司 | Network asset portrait extraction method |
CN111784404A (en) * | 2020-07-08 | 2020-10-16 | 杭州安恒信息技术股份有限公司 | Abnormal asset identification method based on behavior variable prediction |
CN112667896A (en) * | 2020-12-29 | 2021-04-16 | 成都科来网络技术有限公司 | Asset identification method based on network behavior derivation, computer program and storage medium |
CN112822166A (en) * | 2020-12-30 | 2021-05-18 | 绿盟科技集团股份有限公司 | Abnormal process detection method, device, equipment and medium |
CN113743769A (en) * | 2021-08-30 | 2021-12-03 | 广东电网有限责任公司 | Data security detection method and device, electronic equipment and storage medium |
CN113965406A (en) * | 2021-11-04 | 2022-01-21 | 杭州安恒信息技术股份有限公司 | Network blocking method, device, electronic device and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
CN105871883A (en) * | 2016-05-10 | 2016-08-17 | 上海交通大学 | Advanced persistent threat detection method based on aggressive behavior analysis |
CN106470188A (en) * | 2015-08-18 | 2017-03-01 | 中国电信股份有限公司 | The detection method of security threat, device and security gateway |
CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
CN107454076A (en) * | 2017-08-01 | 2017-12-08 | 北京亚鸿世纪科技发展有限公司 | A kind of website portrait method |
CN107566163A (en) * | 2017-08-10 | 2018-01-09 | 北京奇安信科技有限公司 | A kind of alarm method and device of user behavior analysis association |
-
2018
- 2018-09-16 CN CN201811077983.3A patent/CN109344617A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103166794A (en) * | 2013-02-22 | 2013-06-19 | 中国人民解放军91655部队 | Information security management method with integration security control function |
CN106470188A (en) * | 2015-08-18 | 2017-03-01 | 中国电信股份有限公司 | The detection method of security threat, device and security gateway |
CN105871883A (en) * | 2016-05-10 | 2016-08-17 | 上海交通大学 | Advanced persistent threat detection method based on aggressive behavior analysis |
CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
CN107454076A (en) * | 2017-08-01 | 2017-12-08 | 北京亚鸿世纪科技发展有限公司 | A kind of website portrait method |
CN107566163A (en) * | 2017-08-10 | 2018-01-09 | 北京奇安信科技有限公司 | A kind of alarm method and device of user behavior analysis association |
Non-Patent Citations (2)
Title |
---|
王楠: "基于安全态势感知在网络攻击防御中的应用", 《电信技术》 * |
谭智: "基于大数据技术的网络异常行为检测***设计与实现", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110138770B (en) * | 2019-05-13 | 2021-08-06 | 四川长虹电器股份有限公司 | Threat information generation and sharing system and method based on Internet of things |
CN110138770A (en) * | 2019-05-13 | 2019-08-16 | 四川长虹电器股份有限公司 | One kind threatening information generation and shared system and method based on Internet of Things |
CN110099074A (en) * | 2019-05-28 | 2019-08-06 | 阿里巴巴集团控股有限公司 | A kind of method for detecting abnormality of internet of things equipment, system and electronic equipment |
CN110233848A (en) * | 2019-06-18 | 2019-09-13 | 浙江齐治科技股份有限公司 | A kind of assets Situation analysis method and device |
CN110233848B (en) * | 2019-06-18 | 2021-11-09 | 浙江齐治科技股份有限公司 | Asset situation analysis method and device |
CN110808951A (en) * | 2019-09-25 | 2020-02-18 | 国网思极网安科技(北京)有限公司 | Method and device for discovering abnormal behavior of terminal based on equipment image |
CN111143844A (en) * | 2019-12-25 | 2020-05-12 | 浙江军盾信息科技有限公司 | Safety detection method and system for Internet of things equipment and related device |
CN111147305A (en) * | 2019-12-30 | 2020-05-12 | 成都科来软件有限公司 | Network asset portrait extraction method |
CN111784404A (en) * | 2020-07-08 | 2020-10-16 | 杭州安恒信息技术股份有限公司 | Abnormal asset identification method based on behavior variable prediction |
CN111784404B (en) * | 2020-07-08 | 2024-04-16 | 杭州安恒信息技术股份有限公司 | Abnormal asset identification method based on behavior variable prediction |
CN112667896A (en) * | 2020-12-29 | 2021-04-16 | 成都科来网络技术有限公司 | Asset identification method based on network behavior derivation, computer program and storage medium |
CN112822166A (en) * | 2020-12-30 | 2021-05-18 | 绿盟科技集团股份有限公司 | Abnormal process detection method, device, equipment and medium |
CN113743769A (en) * | 2021-08-30 | 2021-12-03 | 广东电网有限责任公司 | Data security detection method and device, electronic equipment and storage medium |
CN113965406A (en) * | 2021-11-04 | 2022-01-21 | 杭州安恒信息技术股份有限公司 | Network blocking method, device, electronic device and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109344617A (en) | A kind of Internet of Things assets security portrait method and system | |
CN112738015B (en) | Multi-step attack detection method based on interpretable convolutional neural network CNN and graph detection | |
CN106790256B (en) | Active machine learning system for dangerous host supervision | |
CN103441982A (en) | Intrusion alarm analyzing method based on relative entropy | |
Peng et al. | Network intrusion detection based on deep learning | |
CN112653678B (en) | Network security situation perception analysis method and device | |
CN115996146B (en) | Numerical control system security situation sensing and analyzing system, method, equipment and terminal | |
KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
Nadiammai et al. | A comprehensive analysis and study in intrusion detection system using data mining techniques | |
CN110598959A (en) | Asset risk assessment method and device, electronic equipment and storage medium | |
RU180789U1 (en) | DEVICE OF INFORMATION SECURITY AUDIT IN AUTOMATED SYSTEMS | |
CN109743339A (en) | The network security monitoring method and device of electric power plant stand, computer equipment | |
CN116633682B (en) | Intelligent identification method and system based on security product risk threat | |
CN112925805A (en) | Big data intelligent analysis application method based on network security | |
CN117319090A (en) | Intelligent network safety protection system | |
CN117376010A (en) | Network security method and system based on intelligent network | |
CN116389148B (en) | Network security situation prediction system based on artificial intelligence | |
CN114584391B (en) | Method, device, equipment and storage medium for generating abnormal flow processing strategy | |
Amro et al. | Application of fuzzy logic in computer security and forensics | |
Cortés et al. | A hybrid alarm management strategy in signature-based intrusion detection systems | |
Prasad et al. | HIDSC2: Host-based intrusion detection system in cloud computing | |
KR20060013120A (en) | Method of visualizing intrusion detection using correlation of intrusion detection alert message | |
Kawakani et al. | Discovering attackers past behavior to generate online hyper-alerts | |
Kathrine | An intrusion detection system using correlation, prioritization and clustering techniques to mitigate false alerts | |
Chaudhari et al. | A study on data mining & machine learning for intrusion detection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190215 |
|
RJ01 | Rejection of invention patent application after publication |