CN110505206A - A kind of internet threat monitoring defence method based on dynamic joint defence - Google Patents

A kind of internet threat monitoring defence method based on dynamic joint defence Download PDF

Info

Publication number
CN110505206A
CN110505206A CN201910652779.8A CN201910652779A CN110505206A CN 110505206 A CN110505206 A CN 110505206A CN 201910652779 A CN201910652779 A CN 201910652779A CN 110505206 A CN110505206 A CN 110505206A
Authority
CN
China
Prior art keywords
data
event
internet
monitoring
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910652779.8A
Other languages
Chinese (zh)
Other versions
CN110505206B (en
Inventor
黄巨涛
陈守明
梁运德
高尚
温柏坚
王甜
黄敬志
陈敏
王飞鸣
刘冯政
卢妍倩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Center of Guangdong Power Grid Co Ltd
Original Assignee
Information Center of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Center of Guangdong Power Grid Co Ltd filed Critical Information Center of Guangdong Power Grid Co Ltd
Priority to CN201910652779.8A priority Critical patent/CN110505206B/en
Publication of CN110505206A publication Critical patent/CN110505206A/en
Application granted granted Critical
Publication of CN110505206B publication Critical patent/CN110505206B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Alarm Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a kind of, and the internet based on dynamic joint defence threatens monitoring defence method, including following content: the automatic plugging module, which is connected by Applied layer interface with the Internet boundaries plugging device, realizes data transmission;Wherein, the automatic plugging module is configured as carrying out the various functions event of functional layer processing real-time monitoring, and the event for reaching setting threat level in monitoring result is sent to the Internet boundaries plugging device.The Internet boundaries plugging device uses ADS blacklist prevention policies to be filtered the IP address in threat event, MAC Address, terminal name, as long as some address in the source IP address and blacklist list of data packet matches, ADS equipment will be blocked, no longer carry out other detections, ADS equipment receives black IP information, completes closure and acts and return to sealed condition.Internet based on dynamic joint defence of the invention threatens monitoring defence method, can replace manual operation by increasing automatic defense mechanism, avoid manually-operated careless omission, protect to electric power networks equipment and software, effectively prevent threatening and attack.

Description

A kind of internet threat monitoring defence method based on dynamic joint defence
Technical field
The present invention relates to network securitys, and in particular to a kind of internet threat monitoring defence method based on dynamic joint defence.
Background technique
In recent years, China's key message infrastructure network security situation is increasingly severe, wherein Utilities Electric Co. is as country Important key message infrastructure unit is responsible for management and multiple important external applications of operating, usually attacking as hacker Hit target.Currently, the assault for power industry is also increasing, to ensure power network environment safety, block Various attacks from internet, the way of network security department for a long time substantially pass through a large amount of manpower objects of investment Power carries out daily monitoring and inspection work.For the safety of report barrier Internet exportation, information centre deploys more in Internet exportation A safety protection equipment, has monitored various attacks daily.To block the attack from internet on source, information centre is adopted Take a day inspection, make an inspection tour, detect daily, analyzing attack logs on each safety equipment, looked in the log of magnanimity threat compared with High event is attacked source to it and is manually blocked.
However, effect is undesirable, still there is a large amount of network attack to fail to lead to network in effectively truncation at the first time Built-in system is attacked, and then influences social every profession and trade Electrical Safety.Currently, information centre will put into largely manually daily Carry out and monitor remaining disposing task, cost is larger, and according to current mechanism, related personnel defends machine every development in 2 hours inspection 1 time Budget 2 hours event response time, the non-working time such as night and weekend when system can generate normal workday on weekdays Up to 48 hours, security protection timeliness was difficult to improve response time longest.And extensive work is by manually realizing, inevitable meeting Fault is generated, influences to protect quality.
Therefore, there are Internets to threaten automatic defense system unsound for power network security;Threaten preventive means with Technical tool is excessively traditional;The problems such as heavy workload, artificial consuming are more, and the event response time is longer, there are maloperation risks.It needs Perfect automation defence is established, with security defensive system, is threatened from the short slab of website Security mechanism Disposition mobilism, attack, which block, is automated as target.Need to realize that fusion machine detection, safety analysis, Initiative Defense etc. are multi-party Face effect, the deficiency of the traditional artificial operation of completion " simplify human resources investment, promote event handling efficiency, prevent to realize Artificial incorrect operation risk " is expected benefit.Realize that the shut-off capacity of Internet very dangerous behavior is mentioned by " 5*8 is manually disposed " level " the round-the-clock dynamic security of 7*24 " level is risen to, the timeliness of internet security protection can be just greatly improved in this way, make electric power Network safety prevention work plays a significant role in power industry and important key message infrastructure unit.
Summary of the invention
For current power network environment Prevention-Security defect, the present invention provides a kind of internets based on dynamic joint defence Threaten monitoring defence method, including following content:
Dynamic security module is added in existing safety monitoring platform, the dynamic security module includes automatic plugging module With artificial plugging module;
The automatic plugging module, which is connected by Applied layer interface with the Internet boundaries plugging device, realizes data transmission;
Wherein, the automatic plugging module is configured as carrying out real-time monitoring to the various functions event of functional layer processing, And the event for reaching setting threat level in monitoring result is sent to the Internet boundaries plugging device;
The specific steps of the real-time monitoring are as follows:
A. the functional layer by the various functions event of required processing be sent to data acquisition module carry out data acquisition and Cleaning arranges;
B. the automatic plugging module acquires and cleans the IPS daily record data and WAF daily record data after arranging to data Impend judgement;The step of Threat verdict are as follows:
B1 the protocol massages in the daily record data that) will acquire carry out protocal analysis;
B2 safety-related event and time series) are extracted based on protocal analysis result;
B3 the IP address in safety-related event data stream, MAC Address, terminal name will) be extracted;
B4) automatic traversal, which searches the IP address registered in safe list, MAC Address, terminal name, has threat level Label, and will be more than IPS and WAF days involved in the corresponding time series of event data stream of threshold value with threat level label Will data are marked as threat event;
B5 threat event) is sent to the Internet boundaries plugging device;
C. the Internet boundaries plugging device receive the threat event and by IP address relevant in threat event, MAC Address, terminal name, which are recorded, to be threatened in list, and the IP address to the threat event, MAC Address, terminal name are complete Portion is blocked.
The artificial plugging module carries out manual intervention closure prestige by manually increasing configuration and updating safe list manually Side of body event.
The safe list is by being manually pre-configured with and constantly carrying out big data technology system during threatening monitoring defence Meter increases the IP address of new threat event, MAC Address, terminal name.
The automatic plugging module is equipped with the channel manually opened and closed, and realization is cut in artificial and automatic monitoring It changes.
Function event handled by the safety monitoring platform includes asset management, service management, vulnerability management, event point Analysis, Study on Trend, threatens information, circular management, alarm management, workform management, information management, report management at risk assessment.
The Internet boundaries plugging device belongs to base application layer equipment, can be by manually being configured.
The data acquisition module is configured to analysis various functions event and carries out data acquisition and cleaning arrangement, including to money The acquisition and cleaning for producing data, performance data, event data, flow data, loophole data and configuration data arrange, and extract wherein Metadata, metadata is sent to data Layer, automatic plugging module and the Internet boundaries plugging device later, by it is described mutually Boundary plugging device network to impend judgement and the closure in metadata.
The metadata includes network equipment data, safety equipment data, host data, storing data, database configuration Data, IPS daily record data, WAF daily record data.
The data Layer, which carries out storage to all data that data acquisition module sends over, to be put on record.
The Internet boundaries plugging device is black using ADS to the IP address in threat event, MAC Address, terminal name List prevention policies are filtered, as long as some address in the source IP address and blacklist list of data packet matches, ADS is set It is standby to be blocked, other detections are no longer carried out, ADS equipment receives black IP information, completes closure and acts and return to closure shape State.
Internet based on dynamic joint defence of the invention threatens monitoring defence method, can by increasing automatic defense mechanism Instead of manual operation, manually-operated careless omission is avoided, electric power networks equipment and software are protected, effectively prevent threatening and attack It hits.
Detailed description of the invention
Fig. 1 is that the present invention is based on the functional block diagrams that the internet of dynamic joint defence threatens monitoring defence method;
Fig. 2 is automatic plugging module human-computer interaction interface display diagram;
Fig. 3 is the effect statistical chart that after the method for the present invention is applied electric power networks are threatened with event handling.
Specific embodiment
Method of the invention is applied in existing safety monitoring platform, the function of existing safety monitoring platform such as Fig. 1 Module diagram, including presentation layer, functional layer, using street expand layer, data Layer, data acquisition module.Wherein, it is equipped in functional layer The automatic plugging module that the present invention increases newly, and by the real-time function situation of presentation layer displaying automatic plugging module, such as Fig. 2 institute Show, the showing interface of the automatic plugging module provides man machine operation interface operation input interface for operator, and provides IPS Source statistic is shown, WAF source statistic is shown and SOC source statistic is shown, statistics source and IPS, WAF and SOC system Black name quantity.
Dynamic security module is added in existing safety monitoring platform, dynamic security module includes automatic plugging module and people Work plugging module;
Automatic plugging module, which is connected by Applied layer interface with the Internet boundaries plugging device, realizes data transmission;
Wherein, automatic plugging module is configured as carrying out real-time monitoring to the various functions event of functional layer processing, realizes The monitoring of automatic plugging service state, and the event for reaching setting threat level in monitoring result is sent to the Internet boundaries and is blocked Equipment;
The specific steps of real-time monitoring are as follows:
D. the various functions event of required processing is sent to data acquisition module and carries out data acquisition and cleaning by functional layer It arranges;
E. the IPS daily record data and WAF daily record data that automatic plugging module acquires and clean after arranging data carry out Threat verdict;The step of Threat verdict are as follows:
B1 the protocol massages in the daily record data that) will acquire carry out protocal analysis;
B2 safety-related event and time series) are extracted based on protocal analysis result;
B3 the IP address in safety-related event data stream, MAC Address, terminal name will) be extracted;
B4) automatic traversal, which searches the IP address registered in safe list, MAC Address, terminal name, has threat level Label, and will be more than IPS and WAF days involved in the corresponding time series of event data stream of threshold value with threat level label Will data are marked as threat event;
B5 threat event) is sent to the Internet boundaries plugging device;
F. the Internet boundaries plugging device receive the threat event and by IP address relevant in threat event, MAC Address, terminal name, which are recorded, to be threatened in list, and the IP address to the threat event, MAC Address, terminal name are complete Portion is blocked.
Wherein, artificial plugging module carries out manual intervention closure prestige by manually increasing configuration and updating safe list manually Side of body event can be manually entered black IP information in SOC system, can also be generated according to the correlation rule of SOC system itself IP alarm is threatened, the relevant information for threatening IP is saved.
Safe list is by being manually pre-configured with and constantly carrying out big data stroke analysis increasing during threatening monitoring defence Add IP address, the MAC Address, terminal name of new threat event.It is defeated especially by man machine operation interface operation as shown in Figure 2 Incoming interface carries out human-computer interaction input by list, input frame and button, including it is newly-increased and modify safe list input frame, Inquiry log input frame and configuration input frame, can be according to different condition query statistic automatic plugging the case where.
Function event handled by safety monitoring platform include asset management, service management, vulnerability management, event analysis, Risk assessment, threatens information, circular management, alarm management, workform management, information management, report management at Study on Trend.
The Internet boundaries plugging device belongs to base application layer equipment, can be by manually being configured.
Data acquisition module is configured to analysis various functions event and carries out data acquisition and cleaning arrangement, including to assets number It is arranged according to, the acquisition of performance data, event data, flow data, loophole data and configuration data and cleaning, extracts member therein Metadata is sent to data Layer, automatic plugging module and the Internet boundaries plugging device later, by the internet by data Boundary plugging device is to impend judgement and the closure in metadata.The structure of internet security dynamic security system of the present invention It builds, is upgraded to multi-party united front from safety equipment island state, is formed from the acquisition of security threat data, event analysis, linkage Safe executing unit, linkage network execution unit, security isolation strategy execution dynamic security ability, reduce electric power networks face Threat.
Metadata include network equipment data, safety equipment data, host data, storing data, database configuration data, IPS daily record data, WAF daily record data.
Data Layer, which carries out storage to all data that data acquisition module sends over, to be put on record.
The Internet boundaries plugging device is black using ADS to the IP address in threat event, MAC Address, terminal name List prevention policies are filtered, as long as some address in the source IP address and blacklist list of data packet matches, ADS is set It is standby to be blocked, other detections are no longer carried out, ADS equipment receives black IP information, completes closure and acts and return to closure shape State improves the detection efficiency of equipment.
And the step b5) by threat event be sent to the Internet boundaries plugging device process be equipped with push the period, press Data-pushing is carried out according to the period of setting.
Internet based on dynamic joint defence of the invention threatens monitoring defence method, can by increasing automatic defense mechanism Instead of manual operation, manually-operated careless omission is avoided, electric power networks equipment and software are protected, effectively prevent threatening and attack It hits.
Main innovation point of the invention is as follows:
1, it proposes and is blended using based on big data technology and border threat detection, the high-risk IP's in precise positioning internet Technology path, by finding the internet malice IP of suspicious actions, supplementing manual analysis to network security data clustering Limitation;
2, the dynamic security system of Internet threat is formd, breaking device isolated island constructs united front.Utilize sea Amount data high-speed analysis identifies high-risk internet ip, forms dynamic protection strategy with defensive equipment, high-risk IP is linked and is blocked, Break the static defense system of reason, the innovative dynamic security for realizing internet threat;
3, it proposes and implements to dispose automatically to threaten blocking ability construction method with the internet artificially controllably combined, threaten In the achievements practical applications such as identification, high-risk IP linkage, equipment closure, it is visual with process data to devise artificial exclusive intervention.Really It is controllable to protect automatic blocking process risk.
As shown in figure 3, being that the method for the present invention is applied to electric power networks to unite to the effect for threatening attack to be on the defensive Meter:
1) from assessment as can be seen that the present invention average daily labor hour expend reduced effect be it is significant, it is average daily artificial It was kept to for 0.125 man day from the 0.875 original man day, reduces by more than 86%.
2) response time (most pessimistic scenario estimation) of security incident was reduced to 20 minutes by original 2 hours, was reduced 84%.
3) it is 7*24 hours that active safety guard time was increased by 5*8 hours.Realize the active that annual nothing is stopped in 24 hours Security protection work.
The popularization of achievement of the present invention brings profound change to network safety prevention O&M mode and defence capability, Change it is original manually defend mode, form the protection of automation, architecture, make company's Internet very dangerous behavior Shut-off capacity is promoted to " the round-the-clock dynamic security of 7*24 " level by " 5*8 is manually disposed " level.
Above-mentioned technical proposal only embodies the optimal technical scheme of technical solution of the present invention, those skilled in the art The principle of the present invention is embodied to some variations that some of them part may be made, belongs to the scope of protection of the present invention it It is interior.

Claims (10)

1. a kind of internet based on dynamic joint defence threatens monitoring defence method, including following content:
Dynamic security module is added in existing safety monitoring platform, the dynamic security module includes automatic plugging module and people Work plugging module;
The automatic plugging module, which is connected by Applied layer interface with the Internet boundaries plugging device, realizes data transmission;
Wherein, the automatic plugging module is configured as carrying out the various functions event of functional layer processing real-time monitoring, and will The event for reaching setting threat level in monitoring result is sent to the Internet boundaries plugging device;
The specific steps of the real-time monitoring are as follows:
A. the various functions event of required processing is sent to data acquisition module and carries out data acquisition and cleaning by the functional layer It arranges;
B. the IPS daily record data and WAF daily record data that the automatic plugging module acquires and clean after arranging data carry out Threat verdict;The step of Threat verdict are as follows:
B1 the protocol massages in the daily record data that) will acquire carry out protocal analysis;
B2 safety-related event and time series) are extracted based on protocal analysis result;
B3 the IP address in safety-related event data stream, MAC Address, terminal name will) be extracted;
B4) automatic traversal is searched the IP address registered in safe list, MAC Address, terminal name and is marked with threat level, It and will be more than IPS and WAF log number involved in the corresponding time series of event data stream of threshold value with threat level label According to being marked as threat event;
B5 threat event) is sent to the Internet boundaries plugging device;
The Internet boundaries plugging device receive the threat event and by IP address relevant in threat event, MAC Address, Terminal name, which is recorded, to be threatened in list, and the IP address to the threat event, MAC Address, terminal name all seal It is stifled.
2. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that: The artificial plugging module carries out manual intervention closure threat event by manually increasing configuration and updating safe list manually.
3. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that: The safe list is increased newly by being manually pre-configured with and constantly carrying out big data stroke analysis during threatening monitoring defence The IP address of threat event, MAC Address, terminal name.
4. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that: The automatic plugging module is equipped with the channel manually opened and closed, and realization switches in artificial and automatic monitoring.
5. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that: Function event handled by the safety monitoring platform includes asset management, service management, vulnerability management, event analysis, risk Assessment, threatens information, circular management, alarm management, workform management, information management, report management at Study on Trend.
6. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that: The Internet boundaries plugging device belongs to base application layer equipment, can be by manually being configured.
7. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that: The data acquisition module be configured to analysis various functions event carry out data acquisition and cleaning arrange, including to asset data, The acquisition and cleaning arrangement of performance data, event data, flow data, loophole data and configuration data, extract first number therein According to metadata being sent to data Layer, automatic plugging module and the Internet boundaries plugging device later, by the interconnection selvage Boundary's plugging device is to impend judgement and the closure in metadata.
8. a kind of internet based on dynamic joint defence according to claim 7 threatens monitoring defence method, it is characterised in that: The metadata includes network equipment data, safety equipment data, host data, storing data, database configuration data, IPS Daily record data, WAF daily record data.
9. a kind of internet based on dynamic joint defence according to claim 7 or 8 threatens monitoring defence method, feature exists In: the data Layer, which carries out storage to all data that data acquisition module sends over, to be put on record.
10. a kind of internet threat monitoring defence method based on dynamic joint defence according to claim 7-9 any one, It is characterized by: the Internet boundaries plugging device uses ADS to the IP address in threat event, MAC Address, terminal name Blacklist prevention policies are filtered, as long as some address in the source IP address and blacklist list of data packet matches, ADS Equipment will be blocked, other detections are no longer carried out, and ADS equipment receives black IP information, completed closure and acted and return to closure State.
CN201910652779.8A 2019-07-19 2019-07-19 Internet threat monitoring and defense method based on dynamic joint defense Active CN110505206B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910652779.8A CN110505206B (en) 2019-07-19 2019-07-19 Internet threat monitoring and defense method based on dynamic joint defense

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910652779.8A CN110505206B (en) 2019-07-19 2019-07-19 Internet threat monitoring and defense method based on dynamic joint defense

Publications (2)

Publication Number Publication Date
CN110505206A true CN110505206A (en) 2019-11-26
CN110505206B CN110505206B (en) 2022-06-07

Family

ID=68586655

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910652779.8A Active CN110505206B (en) 2019-07-19 2019-07-19 Internet threat monitoring and defense method based on dynamic joint defense

Country Status (1)

Country Link
CN (1) CN110505206B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464528A (en) * 2020-03-30 2020-07-28 绿盟科技集团股份有限公司 Network security protection method, system, computing device and storage medium
CN111539644A (en) * 2020-04-30 2020-08-14 绿盟科技集团股份有限公司 Network asset risk control method and device
CN111901348A (en) * 2020-07-29 2020-11-06 北京宏达隆和科技有限公司 Method and system for active network threat awareness and mimicry defense
CN112350993A (en) * 2020-09-28 2021-02-09 广东电力信息科技有限公司 IP automatic plugging method, device, monitoring terminal and computer storage medium
CN113301012A (en) * 2021-04-13 2021-08-24 新浪网技术(中国)有限公司 Network threat detection method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103209192A (en) * 2013-05-10 2013-07-17 张昱 Domain status cleaning system for DDoS (distributed denial of service) attack and detection method
CN103338183A (en) * 2013-05-22 2013-10-02 蓝盾信息安全技术股份有限公司 Linkage method of intrusion detection system and firewall
CN104158803A (en) * 2014-08-01 2014-11-19 国家电网公司 Modularized protection detecting method and system aiming at DDoS (Distributed Denial of Service) attack
CN106385413A (en) * 2016-09-12 2017-02-08 杭州迪普科技有限公司 Intruding message flow processing method and device
CN108234462A (en) * 2017-12-22 2018-06-29 杭州安恒信息技术有限公司 A kind of method that intelligent intercept based on cloud protection threatens IP

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103209192A (en) * 2013-05-10 2013-07-17 张昱 Domain status cleaning system for DDoS (distributed denial of service) attack and detection method
CN103338183A (en) * 2013-05-22 2013-10-02 蓝盾信息安全技术股份有限公司 Linkage method of intrusion detection system and firewall
CN104158803A (en) * 2014-08-01 2014-11-19 国家电网公司 Modularized protection detecting method and system aiming at DDoS (Distributed Denial of Service) attack
CN106385413A (en) * 2016-09-12 2017-02-08 杭州迪普科技有限公司 Intruding message flow processing method and device
CN108234462A (en) * 2017-12-22 2018-06-29 杭州安恒信息技术有限公司 A kind of method that intelligent intercept based on cloud protection threatens IP

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李莉: "防火墙与入侵检测联动的研究与设计", 《现代计算机(专业版)》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464528A (en) * 2020-03-30 2020-07-28 绿盟科技集团股份有限公司 Network security protection method, system, computing device and storage medium
CN111539644A (en) * 2020-04-30 2020-08-14 绿盟科技集团股份有限公司 Network asset risk control method and device
CN111539644B (en) * 2020-04-30 2023-11-24 绿盟科技集团股份有限公司 Network asset risk control method and device
CN111901348A (en) * 2020-07-29 2020-11-06 北京宏达隆和科技有限公司 Method and system for active network threat awareness and mimicry defense
CN112350993A (en) * 2020-09-28 2021-02-09 广东电力信息科技有限公司 IP automatic plugging method, device, monitoring terminal and computer storage medium
CN113301012A (en) * 2021-04-13 2021-08-24 新浪网技术(中国)有限公司 Network threat detection method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN110505206B (en) 2022-06-07

Similar Documents

Publication Publication Date Title
CN110505206A (en) A kind of internet threat monitoring defence method based on dynamic joint defence
CN107888607A (en) A kind of Cyberthreat detection method, device and network management device
CN114679338A (en) Network risk assessment method based on network security situation awareness
CN108259462A (en) Big data Safety Analysis System based on mass network monitoring data
CN109587124B (en) Method, device and system for processing power network
US20140172495A1 (en) System and method for automated brand protection
CN108270716A (en) A kind of audit of information security method based on cloud computing
ChengYan Cybercrime forensic system in cloud computing
CN104378387A (en) Method for protecting information security under virtualization platform
CN108965210A (en) Safety test platform based on scene-type attacking and defending simulation
Li et al. The research and design of honeypot system applied in the LAN security
CN104954864B (en) Bi-directional set-top box intruding detection system and its detection method
CN114826880A (en) Method and system for online monitoring of data safe operation
Lee et al. A study on efficient log visualization using d3 component against apt: How to visualize security logs efficiently?
Mutalib et al. Mitigating Malware Threats at Small Medium Enterprise (SME) Organisation: A Review and Framework
KR100607110B1 (en) Security information management and vulnerability analysis system
CN116781380A (en) Campus network security risk terminal interception traceability system
CN111049853A (en) Security authentication system based on computer network
CN106453235A (en) Network security method
CN106993005A (en) The method for early warning and system of a kind of webserver
CN112417434A (en) Program white list protection method combined with UEBA mechanism
Sharma Security and Privacy Aspects of Cyber Physical Systems
Gordon Economic and national security effects of cyber attacks against small business communities
Osako et al. Proactive Defense model based on Cyber threat analysis
Cao et al. Design of network security situation awareness analysis module for electric power dispatching and control system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant