CN110505206A - A kind of internet threat monitoring defence method based on dynamic joint defence - Google Patents
A kind of internet threat monitoring defence method based on dynamic joint defence Download PDFInfo
- Publication number
- CN110505206A CN110505206A CN201910652779.8A CN201910652779A CN110505206A CN 110505206 A CN110505206 A CN 110505206A CN 201910652779 A CN201910652779 A CN 201910652779A CN 110505206 A CN110505206 A CN 110505206A
- Authority
- CN
- China
- Prior art keywords
- data
- event
- internet
- monitoring
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Alarm Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of, and the internet based on dynamic joint defence threatens monitoring defence method, including following content: the automatic plugging module, which is connected by Applied layer interface with the Internet boundaries plugging device, realizes data transmission;Wherein, the automatic plugging module is configured as carrying out the various functions event of functional layer processing real-time monitoring, and the event for reaching setting threat level in monitoring result is sent to the Internet boundaries plugging device.The Internet boundaries plugging device uses ADS blacklist prevention policies to be filtered the IP address in threat event, MAC Address, terminal name, as long as some address in the source IP address and blacklist list of data packet matches, ADS equipment will be blocked, no longer carry out other detections, ADS equipment receives black IP information, completes closure and acts and return to sealed condition.Internet based on dynamic joint defence of the invention threatens monitoring defence method, can replace manual operation by increasing automatic defense mechanism, avoid manually-operated careless omission, protect to electric power networks equipment and software, effectively prevent threatening and attack.
Description
Technical field
The present invention relates to network securitys, and in particular to a kind of internet threat monitoring defence method based on dynamic joint defence.
Background technique
In recent years, China's key message infrastructure network security situation is increasingly severe, wherein Utilities Electric Co. is as country
Important key message infrastructure unit is responsible for management and multiple important external applications of operating, usually attacking as hacker
Hit target.Currently, the assault for power industry is also increasing, to ensure power network environment safety, block
Various attacks from internet, the way of network security department for a long time substantially pass through a large amount of manpower objects of investment
Power carries out daily monitoring and inspection work.For the safety of report barrier Internet exportation, information centre deploys more in Internet exportation
A safety protection equipment, has monitored various attacks daily.To block the attack from internet on source, information centre is adopted
Take a day inspection, make an inspection tour, detect daily, analyzing attack logs on each safety equipment, looked in the log of magnanimity threat compared with
High event is attacked source to it and is manually blocked.
However, effect is undesirable, still there is a large amount of network attack to fail to lead to network in effectively truncation at the first time
Built-in system is attacked, and then influences social every profession and trade Electrical Safety.Currently, information centre will put into largely manually daily
Carry out and monitor remaining disposing task, cost is larger, and according to current mechanism, related personnel defends machine every development in 2 hours inspection 1 time
Budget 2 hours event response time, the non-working time such as night and weekend when system can generate normal workday on weekdays
Up to 48 hours, security protection timeliness was difficult to improve response time longest.And extensive work is by manually realizing, inevitable meeting
Fault is generated, influences to protect quality.
Therefore, there are Internets to threaten automatic defense system unsound for power network security;Threaten preventive means with
Technical tool is excessively traditional;The problems such as heavy workload, artificial consuming are more, and the event response time is longer, there are maloperation risks.It needs
Perfect automation defence is established, with security defensive system, is threatened from the short slab of website Security mechanism
Disposition mobilism, attack, which block, is automated as target.Need to realize that fusion machine detection, safety analysis, Initiative Defense etc. are multi-party
Face effect, the deficiency of the traditional artificial operation of completion " simplify human resources investment, promote event handling efficiency, prevent to realize
Artificial incorrect operation risk " is expected benefit.Realize that the shut-off capacity of Internet very dangerous behavior is mentioned by " 5*8 is manually disposed " level
" the round-the-clock dynamic security of 7*24 " level is risen to, the timeliness of internet security protection can be just greatly improved in this way, make electric power
Network safety prevention work plays a significant role in power industry and important key message infrastructure unit.
Summary of the invention
For current power network environment Prevention-Security defect, the present invention provides a kind of internets based on dynamic joint defence
Threaten monitoring defence method, including following content:
Dynamic security module is added in existing safety monitoring platform, the dynamic security module includes automatic plugging module
With artificial plugging module;
The automatic plugging module, which is connected by Applied layer interface with the Internet boundaries plugging device, realizes data transmission;
Wherein, the automatic plugging module is configured as carrying out real-time monitoring to the various functions event of functional layer processing,
And the event for reaching setting threat level in monitoring result is sent to the Internet boundaries plugging device;
The specific steps of the real-time monitoring are as follows:
A. the functional layer by the various functions event of required processing be sent to data acquisition module carry out data acquisition and
Cleaning arranges;
B. the automatic plugging module acquires and cleans the IPS daily record data and WAF daily record data after arranging to data
Impend judgement;The step of Threat verdict are as follows:
B1 the protocol massages in the daily record data that) will acquire carry out protocal analysis;
B2 safety-related event and time series) are extracted based on protocal analysis result;
B3 the IP address in safety-related event data stream, MAC Address, terminal name will) be extracted;
B4) automatic traversal, which searches the IP address registered in safe list, MAC Address, terminal name, has threat level
Label, and will be more than IPS and WAF days involved in the corresponding time series of event data stream of threshold value with threat level label
Will data are marked as threat event;
B5 threat event) is sent to the Internet boundaries plugging device;
C. the Internet boundaries plugging device receive the threat event and by IP address relevant in threat event,
MAC Address, terminal name, which are recorded, to be threatened in list, and the IP address to the threat event, MAC Address, terminal name are complete
Portion is blocked.
The artificial plugging module carries out manual intervention closure prestige by manually increasing configuration and updating safe list manually
Side of body event.
The safe list is by being manually pre-configured with and constantly carrying out big data technology system during threatening monitoring defence
Meter increases the IP address of new threat event, MAC Address, terminal name.
The automatic plugging module is equipped with the channel manually opened and closed, and realization is cut in artificial and automatic monitoring
It changes.
Function event handled by the safety monitoring platform includes asset management, service management, vulnerability management, event point
Analysis, Study on Trend, threatens information, circular management, alarm management, workform management, information management, report management at risk assessment.
The Internet boundaries plugging device belongs to base application layer equipment, can be by manually being configured.
The data acquisition module is configured to analysis various functions event and carries out data acquisition and cleaning arrangement, including to money
The acquisition and cleaning for producing data, performance data, event data, flow data, loophole data and configuration data arrange, and extract wherein
Metadata, metadata is sent to data Layer, automatic plugging module and the Internet boundaries plugging device later, by it is described mutually
Boundary plugging device network to impend judgement and the closure in metadata.
The metadata includes network equipment data, safety equipment data, host data, storing data, database configuration
Data, IPS daily record data, WAF daily record data.
The data Layer, which carries out storage to all data that data acquisition module sends over, to be put on record.
The Internet boundaries plugging device is black using ADS to the IP address in threat event, MAC Address, terminal name
List prevention policies are filtered, as long as some address in the source IP address and blacklist list of data packet matches, ADS is set
It is standby to be blocked, other detections are no longer carried out, ADS equipment receives black IP information, completes closure and acts and return to closure shape
State.
Internet based on dynamic joint defence of the invention threatens monitoring defence method, can by increasing automatic defense mechanism
Instead of manual operation, manually-operated careless omission is avoided, electric power networks equipment and software are protected, effectively prevent threatening and attack
It hits.
Detailed description of the invention
Fig. 1 is that the present invention is based on the functional block diagrams that the internet of dynamic joint defence threatens monitoring defence method;
Fig. 2 is automatic plugging module human-computer interaction interface display diagram;
Fig. 3 is the effect statistical chart that after the method for the present invention is applied electric power networks are threatened with event handling.
Specific embodiment
Method of the invention is applied in existing safety monitoring platform, the function of existing safety monitoring platform such as Fig. 1
Module diagram, including presentation layer, functional layer, using street expand layer, data Layer, data acquisition module.Wherein, it is equipped in functional layer
The automatic plugging module that the present invention increases newly, and by the real-time function situation of presentation layer displaying automatic plugging module, such as Fig. 2 institute
Show, the showing interface of the automatic plugging module provides man machine operation interface operation input interface for operator, and provides IPS
Source statistic is shown, WAF source statistic is shown and SOC source statistic is shown, statistics source and IPS, WAF and SOC system
Black name quantity.
Dynamic security module is added in existing safety monitoring platform, dynamic security module includes automatic plugging module and people
Work plugging module;
Automatic plugging module, which is connected by Applied layer interface with the Internet boundaries plugging device, realizes data transmission;
Wherein, automatic plugging module is configured as carrying out real-time monitoring to the various functions event of functional layer processing, realizes
The monitoring of automatic plugging service state, and the event for reaching setting threat level in monitoring result is sent to the Internet boundaries and is blocked
Equipment;
The specific steps of real-time monitoring are as follows:
D. the various functions event of required processing is sent to data acquisition module and carries out data acquisition and cleaning by functional layer
It arranges;
E. the IPS daily record data and WAF daily record data that automatic plugging module acquires and clean after arranging data carry out
Threat verdict;The step of Threat verdict are as follows:
B1 the protocol massages in the daily record data that) will acquire carry out protocal analysis;
B2 safety-related event and time series) are extracted based on protocal analysis result;
B3 the IP address in safety-related event data stream, MAC Address, terminal name will) be extracted;
B4) automatic traversal, which searches the IP address registered in safe list, MAC Address, terminal name, has threat level
Label, and will be more than IPS and WAF days involved in the corresponding time series of event data stream of threshold value with threat level label
Will data are marked as threat event;
B5 threat event) is sent to the Internet boundaries plugging device;
F. the Internet boundaries plugging device receive the threat event and by IP address relevant in threat event,
MAC Address, terminal name, which are recorded, to be threatened in list, and the IP address to the threat event, MAC Address, terminal name are complete
Portion is blocked.
Wherein, artificial plugging module carries out manual intervention closure prestige by manually increasing configuration and updating safe list manually
Side of body event can be manually entered black IP information in SOC system, can also be generated according to the correlation rule of SOC system itself
IP alarm is threatened, the relevant information for threatening IP is saved.
Safe list is by being manually pre-configured with and constantly carrying out big data stroke analysis increasing during threatening monitoring defence
Add IP address, the MAC Address, terminal name of new threat event.It is defeated especially by man machine operation interface operation as shown in Figure 2
Incoming interface carries out human-computer interaction input by list, input frame and button, including it is newly-increased and modify safe list input frame,
Inquiry log input frame and configuration input frame, can be according to different condition query statistic automatic plugging the case where.
Function event handled by safety monitoring platform include asset management, service management, vulnerability management, event analysis,
Risk assessment, threatens information, circular management, alarm management, workform management, information management, report management at Study on Trend.
The Internet boundaries plugging device belongs to base application layer equipment, can be by manually being configured.
Data acquisition module is configured to analysis various functions event and carries out data acquisition and cleaning arrangement, including to assets number
It is arranged according to, the acquisition of performance data, event data, flow data, loophole data and configuration data and cleaning, extracts member therein
Metadata is sent to data Layer, automatic plugging module and the Internet boundaries plugging device later, by the internet by data
Boundary plugging device is to impend judgement and the closure in metadata.The structure of internet security dynamic security system of the present invention
It builds, is upgraded to multi-party united front from safety equipment island state, is formed from the acquisition of security threat data, event analysis, linkage
Safe executing unit, linkage network execution unit, security isolation strategy execution dynamic security ability, reduce electric power networks face
Threat.
Metadata include network equipment data, safety equipment data, host data, storing data, database configuration data,
IPS daily record data, WAF daily record data.
Data Layer, which carries out storage to all data that data acquisition module sends over, to be put on record.
The Internet boundaries plugging device is black using ADS to the IP address in threat event, MAC Address, terminal name
List prevention policies are filtered, as long as some address in the source IP address and blacklist list of data packet matches, ADS is set
It is standby to be blocked, other detections are no longer carried out, ADS equipment receives black IP information, completes closure and acts and return to closure shape
State improves the detection efficiency of equipment.
And the step b5) by threat event be sent to the Internet boundaries plugging device process be equipped with push the period, press
Data-pushing is carried out according to the period of setting.
Internet based on dynamic joint defence of the invention threatens monitoring defence method, can by increasing automatic defense mechanism
Instead of manual operation, manually-operated careless omission is avoided, electric power networks equipment and software are protected, effectively prevent threatening and attack
It hits.
Main innovation point of the invention is as follows:
1, it proposes and is blended using based on big data technology and border threat detection, the high-risk IP's in precise positioning internet
Technology path, by finding the internet malice IP of suspicious actions, supplementing manual analysis to network security data clustering
Limitation;
2, the dynamic security system of Internet threat is formd, breaking device isolated island constructs united front.Utilize sea
Amount data high-speed analysis identifies high-risk internet ip, forms dynamic protection strategy with defensive equipment, high-risk IP is linked and is blocked,
Break the static defense system of reason, the innovative dynamic security for realizing internet threat;
3, it proposes and implements to dispose automatically to threaten blocking ability construction method with the internet artificially controllably combined, threaten
In the achievements practical applications such as identification, high-risk IP linkage, equipment closure, it is visual with process data to devise artificial exclusive intervention.Really
It is controllable to protect automatic blocking process risk.
As shown in figure 3, being that the method for the present invention is applied to electric power networks to unite to the effect for threatening attack to be on the defensive
Meter:
1) from assessment as can be seen that the present invention average daily labor hour expend reduced effect be it is significant, it is average daily artificial
It was kept to for 0.125 man day from the 0.875 original man day, reduces by more than 86%.
2) response time (most pessimistic scenario estimation) of security incident was reduced to 20 minutes by original 2 hours, was reduced
84%.
3) it is 7*24 hours that active safety guard time was increased by 5*8 hours.Realize the active that annual nothing is stopped in 24 hours
Security protection work.
The popularization of achievement of the present invention brings profound change to network safety prevention O&M mode and defence capability,
Change it is original manually defend mode, form the protection of automation, architecture, make company's Internet very dangerous behavior
Shut-off capacity is promoted to " the round-the-clock dynamic security of 7*24 " level by " 5*8 is manually disposed " level.
Above-mentioned technical proposal only embodies the optimal technical scheme of technical solution of the present invention, those skilled in the art
The principle of the present invention is embodied to some variations that some of them part may be made, belongs to the scope of protection of the present invention it
It is interior.
Claims (10)
1. a kind of internet based on dynamic joint defence threatens monitoring defence method, including following content:
Dynamic security module is added in existing safety monitoring platform, the dynamic security module includes automatic plugging module and people
Work plugging module;
The automatic plugging module, which is connected by Applied layer interface with the Internet boundaries plugging device, realizes data transmission;
Wherein, the automatic plugging module is configured as carrying out the various functions event of functional layer processing real-time monitoring, and will
The event for reaching setting threat level in monitoring result is sent to the Internet boundaries plugging device;
The specific steps of the real-time monitoring are as follows:
A. the various functions event of required processing is sent to data acquisition module and carries out data acquisition and cleaning by the functional layer
It arranges;
B. the IPS daily record data and WAF daily record data that the automatic plugging module acquires and clean after arranging data carry out
Threat verdict;The step of Threat verdict are as follows:
B1 the protocol massages in the daily record data that) will acquire carry out protocal analysis;
B2 safety-related event and time series) are extracted based on protocal analysis result;
B3 the IP address in safety-related event data stream, MAC Address, terminal name will) be extracted;
B4) automatic traversal is searched the IP address registered in safe list, MAC Address, terminal name and is marked with threat level,
It and will be more than IPS and WAF log number involved in the corresponding time series of event data stream of threshold value with threat level label
According to being marked as threat event;
B5 threat event) is sent to the Internet boundaries plugging device;
The Internet boundaries plugging device receive the threat event and by IP address relevant in threat event, MAC Address,
Terminal name, which is recorded, to be threatened in list, and the IP address to the threat event, MAC Address, terminal name all seal
It is stifled.
2. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that:
The artificial plugging module carries out manual intervention closure threat event by manually increasing configuration and updating safe list manually.
3. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that:
The safe list is increased newly by being manually pre-configured with and constantly carrying out big data stroke analysis during threatening monitoring defence
The IP address of threat event, MAC Address, terminal name.
4. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that:
The automatic plugging module is equipped with the channel manually opened and closed, and realization switches in artificial and automatic monitoring.
5. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that:
Function event handled by the safety monitoring platform includes asset management, service management, vulnerability management, event analysis, risk
Assessment, threatens information, circular management, alarm management, workform management, information management, report management at Study on Trend.
6. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that:
The Internet boundaries plugging device belongs to base application layer equipment, can be by manually being configured.
7. a kind of internet based on dynamic joint defence according to claim 1 threatens monitoring defence method, it is characterised in that:
The data acquisition module be configured to analysis various functions event carry out data acquisition and cleaning arrange, including to asset data,
The acquisition and cleaning arrangement of performance data, event data, flow data, loophole data and configuration data, extract first number therein
According to metadata being sent to data Layer, automatic plugging module and the Internet boundaries plugging device later, by the interconnection selvage
Boundary's plugging device is to impend judgement and the closure in metadata.
8. a kind of internet based on dynamic joint defence according to claim 7 threatens monitoring defence method, it is characterised in that:
The metadata includes network equipment data, safety equipment data, host data, storing data, database configuration data, IPS
Daily record data, WAF daily record data.
9. a kind of internet based on dynamic joint defence according to claim 7 or 8 threatens monitoring defence method, feature exists
In: the data Layer, which carries out storage to all data that data acquisition module sends over, to be put on record.
10. a kind of internet threat monitoring defence method based on dynamic joint defence according to claim 7-9 any one,
It is characterized by: the Internet boundaries plugging device uses ADS to the IP address in threat event, MAC Address, terminal name
Blacklist prevention policies are filtered, as long as some address in the source IP address and blacklist list of data packet matches, ADS
Equipment will be blocked, other detections are no longer carried out, and ADS equipment receives black IP information, completed closure and acted and return to closure
State.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910652779.8A CN110505206B (en) | 2019-07-19 | 2019-07-19 | Internet threat monitoring and defense method based on dynamic joint defense |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910652779.8A CN110505206B (en) | 2019-07-19 | 2019-07-19 | Internet threat monitoring and defense method based on dynamic joint defense |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110505206A true CN110505206A (en) | 2019-11-26 |
CN110505206B CN110505206B (en) | 2022-06-07 |
Family
ID=68586655
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910652779.8A Active CN110505206B (en) | 2019-07-19 | 2019-07-19 | Internet threat monitoring and defense method based on dynamic joint defense |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110505206B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111464528A (en) * | 2020-03-30 | 2020-07-28 | 绿盟科技集团股份有限公司 | Network security protection method, system, computing device and storage medium |
CN111539644A (en) * | 2020-04-30 | 2020-08-14 | 绿盟科技集团股份有限公司 | Network asset risk control method and device |
CN111901348A (en) * | 2020-07-29 | 2020-11-06 | 北京宏达隆和科技有限公司 | Method and system for active network threat awareness and mimicry defense |
CN112350993A (en) * | 2020-09-28 | 2021-02-09 | 广东电力信息科技有限公司 | IP automatic plugging method, device, monitoring terminal and computer storage medium |
CN113301012A (en) * | 2021-04-13 | 2021-08-24 | 新浪网技术(中国)有限公司 | Network threat detection method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103209192A (en) * | 2013-05-10 | 2013-07-17 | 张昱 | Domain status cleaning system for DDoS (distributed denial of service) attack and detection method |
CN103338183A (en) * | 2013-05-22 | 2013-10-02 | 蓝盾信息安全技术股份有限公司 | Linkage method of intrusion detection system and firewall |
CN104158803A (en) * | 2014-08-01 | 2014-11-19 | 国家电网公司 | Modularized protection detecting method and system aiming at DDoS (Distributed Denial of Service) attack |
CN106385413A (en) * | 2016-09-12 | 2017-02-08 | 杭州迪普科技有限公司 | Intruding message flow processing method and device |
CN108234462A (en) * | 2017-12-22 | 2018-06-29 | 杭州安恒信息技术有限公司 | A kind of method that intelligent intercept based on cloud protection threatens IP |
-
2019
- 2019-07-19 CN CN201910652779.8A patent/CN110505206B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103209192A (en) * | 2013-05-10 | 2013-07-17 | 张昱 | Domain status cleaning system for DDoS (distributed denial of service) attack and detection method |
CN103338183A (en) * | 2013-05-22 | 2013-10-02 | 蓝盾信息安全技术股份有限公司 | Linkage method of intrusion detection system and firewall |
CN104158803A (en) * | 2014-08-01 | 2014-11-19 | 国家电网公司 | Modularized protection detecting method and system aiming at DDoS (Distributed Denial of Service) attack |
CN106385413A (en) * | 2016-09-12 | 2017-02-08 | 杭州迪普科技有限公司 | Intruding message flow processing method and device |
CN108234462A (en) * | 2017-12-22 | 2018-06-29 | 杭州安恒信息技术有限公司 | A kind of method that intelligent intercept based on cloud protection threatens IP |
Non-Patent Citations (1)
Title |
---|
李莉: "防火墙与入侵检测联动的研究与设计", 《现代计算机(专业版)》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111464528A (en) * | 2020-03-30 | 2020-07-28 | 绿盟科技集团股份有限公司 | Network security protection method, system, computing device and storage medium |
CN111539644A (en) * | 2020-04-30 | 2020-08-14 | 绿盟科技集团股份有限公司 | Network asset risk control method and device |
CN111539644B (en) * | 2020-04-30 | 2023-11-24 | 绿盟科技集团股份有限公司 | Network asset risk control method and device |
CN111901348A (en) * | 2020-07-29 | 2020-11-06 | 北京宏达隆和科技有限公司 | Method and system for active network threat awareness and mimicry defense |
CN112350993A (en) * | 2020-09-28 | 2021-02-09 | 广东电力信息科技有限公司 | IP automatic plugging method, device, monitoring terminal and computer storage medium |
CN113301012A (en) * | 2021-04-13 | 2021-08-24 | 新浪网技术(中国)有限公司 | Network threat detection method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110505206B (en) | 2022-06-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110505206A (en) | A kind of internet threat monitoring defence method based on dynamic joint defence | |
CN107888607A (en) | A kind of Cyberthreat detection method, device and network management device | |
CN114679338A (en) | Network risk assessment method based on network security situation awareness | |
CN108259462A (en) | Big data Safety Analysis System based on mass network monitoring data | |
CN109587124B (en) | Method, device and system for processing power network | |
US20140172495A1 (en) | System and method for automated brand protection | |
CN108270716A (en) | A kind of audit of information security method based on cloud computing | |
ChengYan | Cybercrime forensic system in cloud computing | |
CN104378387A (en) | Method for protecting information security under virtualization platform | |
CN108965210A (en) | Safety test platform based on scene-type attacking and defending simulation | |
Li et al. | The research and design of honeypot system applied in the LAN security | |
CN104954864B (en) | Bi-directional set-top box intruding detection system and its detection method | |
CN114826880A (en) | Method and system for online monitoring of data safe operation | |
Lee et al. | A study on efficient log visualization using d3 component against apt: How to visualize security logs efficiently? | |
Mutalib et al. | Mitigating Malware Threats at Small Medium Enterprise (SME) Organisation: A Review and Framework | |
KR100607110B1 (en) | Security information management and vulnerability analysis system | |
CN116781380A (en) | Campus network security risk terminal interception traceability system | |
CN111049853A (en) | Security authentication system based on computer network | |
CN106453235A (en) | Network security method | |
CN106993005A (en) | The method for early warning and system of a kind of webserver | |
CN112417434A (en) | Program white list protection method combined with UEBA mechanism | |
Sharma | Security and Privacy Aspects of Cyber Physical Systems | |
Gordon | Economic and national security effects of cyber attacks against small business communities | |
Osako et al. | Proactive Defense model based on Cyber threat analysis | |
Cao et al. | Design of network security situation awareness analysis module for electric power dispatching and control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |