CN110543761A - big data analysis method applied to information security field - Google Patents

big data analysis method applied to information security field Download PDF

Info

Publication number
CN110543761A
CN110543761A CN201910667897.6A CN201910667897A CN110543761A CN 110543761 A CN110543761 A CN 110543761A CN 201910667897 A CN201910667897 A CN 201910667897A CN 110543761 A CN110543761 A CN 110543761A
Authority
CN
China
Prior art keywords
data
network
analysis
security
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910667897.6A
Other languages
Chinese (zh)
Inventor
尹桂芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Blue Wheat Communications Ltd By Share Ltd
Original Assignee
Anhui Blue Wheat Communications Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Blue Wheat Communications Ltd By Share Ltd filed Critical Anhui Blue Wheat Communications Ltd By Share Ltd
Priority to CN201910667897.6A priority Critical patent/CN110543761A/en
Publication of CN110543761A publication Critical patent/CN110543761A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a big data analysis method applied to the field of information security, which belongs to the technical field of information security and comprises the steps of S1, establishing a network security database; s2, analyzing network data; s3, safety management of data; s4, constructing safety early warning; and S5, alarm processing. Whether security threats appear in network data analysis is detected by establishing a big data analysis model, the big data analysis model adopts the steps of preprocessing acquired data, reorganizing original data and forming a basic data relation graph in a characteristic extraction and data fusion mode, constructing an attack tree model through the data relation graph, conjecturing next attack behaviors, designing a data analysis process, a method and rules by combining data statistical characteristics in the attack, deeply mining the preprocessed data by using a real-time analysis and offline analysis mode, and more quickly detecting hidden danger information in the data, thereby improving the efficiency of security detection.

Description

big data analysis method applied to information security field
Technical Field
the invention relates to the technical field of information security, in particular to a big data analysis method applied to the field of information security.
Background
The universality, sharing, value-added, processability and multiple utility of the information as a resource make the information of particular importance to human beings. The essence of information security is to protect information resources in an information system or information network from various types of threats, interferences and disruptions, i.e. to ensure the security of information. The meaning of information security, according to the definition of the international organization for standardization, mainly refers to the integrity, availability, confidentiality and reliability of information. Information security is a problem that any country, government, department and industry must pay attention to, and is a national security strategy which cannot be ignored.
the network information security defense system has a very prominent significance in information security guarantee, at present, the network security defense technology has a single function and low defense capability, different security technologies can only solve one problem correspondingly, and the requirement of security defense is difficult to meet.
Disclosure of Invention
The invention aims to solve the problems that the information security defense function is single and the security problem is not flexible enough, and provides a big data analysis method applied to the field of information security.
the invention achieves the aim through the following technical scheme, and a big data analysis method applied to the field of information security comprises the following steps:
S1, establishing a network security database: establishing a perception data source, determining a data source to be acquired, acquiring various safety data such as terminals, boundaries, services and applications under a defense chain, collecting data threatening network safety, storing the data to a big data platform, forming an original safety data warehouse, integrating a distributed file system, a relational database and the like, and constructing a database in a mixed form;
S2, analyzing network data: acquiring data generated after the network is attacked, and analyzing the data by combining the attack data collected in the network security database established in the step S1 to generate a network security abstract database, so as to analyze whether the data has security problems and potential safety hazards and establish a big data analysis model;
The big data analysis model comprises:
A: preprocessing the acquired data, reorganizing the original data and forming a basic data relation graph in a feature extraction and data fusion mode;
B: constructing an attack tree model through a data relation graph, conjecturing next attack behavior, and designing a data analysis flow, a method and rules by combining data statistical characteristics in the attack so as to form a big data analysis specific model;
s3, safety management of data: constructing a safety management system which comprises a network management system, a data backup system, a data encryption system and a control access object system;
S4, constructing safety early warning: analyzing the behavior route and the individual characteristics of the attacker by utilizing the analysis result of the big data, summarizing and analyzing the attack behavior data of the attacker, describing the behavior characteristics of the attacker, classifying the behavior route of the attacker as a defense basis, and monitoring and submitting alarm information according to the behavior data of the attacker;
S5, alarm processing: and S4, reading the alarm information required by the control system, selecting the alarm information field required by the control system, encoding data in a uniform format, encrypting and sending the encrypted data to the console, decrypting the encrypted alarm data received by the console, converting the encrypted alarm data into a device configuration command by using a corresponding protocol according to an interface provided by the response device, generating a response rule and sending the response rule to the response agent, generating a corresponding control command according to the received device grammar, and automatically blocking attacks, thereby realizing network security defense based on big data analysis.
Preferably, the sensing data source of step S1 records, records and collects relevant data for the attack information by covering each element under the whole network attack.
Preferably, the big data analysis model of step S2 is to deeply mine the preprocessed data by real-time analysis and offline analysis to find potential threats in the data.
Preferably, the network management system in step S3 isolates the illegal request through a firewall and establishes an intrusion detection mechanism, the data backup system restores the damaged data through data backup to minimize the data damage, the data encryption system encrypts the data transmission by converting the data into ciphertext data in the transmission process, and the control access object system protects the data by limiting the access right through the user identity authentication of the access data.
Compared with the prior art, the invention has the beneficial effects that: whether security threats appear in network data analysis is detected by establishing a big data analysis model, the big data analysis model adopts the steps of preprocessing acquired data, reorganizing original data and forming a basic data relation graph in a characteristic extraction and data fusion mode, constructing an attack tree model through the data relation graph, conjecturing next attack behavior, designing a data analysis process, a method and a rule by combining the statistical characteristics of data in the attack, deeply mining the preprocessed data by using a real-time analysis and offline analysis mode, and more quickly detecting hidden danger information in the data, thereby improving the efficiency of security detection and increasing the security defense range; by constructing the safety early warning and alarm processing, the attack information can be sent to the background in time when the data is attacked, and the background control equipment can block the attack in time.
Detailed Description
the technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
a big data analysis method applied to the field of information security comprises the following steps:
s1, establishing a network security database: establishing a perception data source, determining a data source to be acquired, acquiring various safety data such as terminals, boundaries, services and applications under a defense chain, collecting data threatening network safety, storing the data to a big data platform, forming an original safety data warehouse, integrating a distributed file system, a relational database and the like, and constructing a database in a mixed form;
s2, analyzing network data: acquiring data generated after the network is attacked, and analyzing the data by combining the attack data collected in the network security database established in the step S1 to generate a network security abstract database, so as to analyze whether the data has security problems and potential safety hazards and establish a big data analysis model;
the big data analysis model comprises:
A: preprocessing the acquired data, reorganizing the original data and forming a basic data relation graph in a feature extraction and data fusion mode;
B: constructing an attack tree model through a data relation graph, conjecturing next attack behavior, and designing a data analysis flow, a method and rules by combining data statistical characteristics in the attack so as to form a big data analysis specific model;
s3, safety management of data: constructing a safety management system which comprises a network management system, a data backup system, a data encryption system and a control access object system;
S4, constructing safety early warning: analyzing the behavior route and the individual characteristics of the attacker by utilizing the analysis result of the big data, summarizing and analyzing the attack behavior data of the attacker, describing the behavior characteristics of the attacker, classifying the behavior route of the attacker as a defense basis, and monitoring and submitting alarm information according to the behavior data of the attacker;
and forming abstract data information by behavior data of the visitor, and performing security evaluation on the basis, wherein the behavior data of the attacker generally appears in the form of qualitative data which is not beneficial to computer analysis, so that qualitative data needs to be quantitatively processed, and an early warning system is constructed after the processing is finished. The early warning evaluation content comprises whether dangerous personnel exist or not and which behaviors have threats, and can further judge the specific deviation of the access behaviors of the user, and early warning reminds the behaviors with potential safety hazards;
s5, alarm processing: and S4, reading the alarm information required by the control system, selecting the alarm information field required by the control system, encoding data in a uniform format, encrypting and sending the encrypted data to the console, decrypting the encrypted alarm data received by the console, converting the encrypted alarm data into a device configuration command by using a corresponding protocol according to an interface provided by the response device, generating a response rule and sending the response rule to the response agent, generating a corresponding control command according to the received device grammar, and automatically blocking attacks, thereby realizing network security defense based on big data analysis.
The perception data source of the step S1 records, records and collects relevant data on the whole attack information by covering each element under the whole network attack, so as to realize storage and centralized management of a large amount of perception data elements, the big data analysis model of the step S2 deeply mines preprocessed data and finds potential threats in the data by means of real-time analysis and off-line analysis, the network management system of the step S3 isolates illegal requests by a firewall and establishes an intrusion detection mechanism, the data backup system restores damaged data by data backup to minimize data damage, the data encryption system converts the data into ciphertext data in the transmission process, encrypts the data transmission, controls an access object system to limit access authority to protect the data by user identity authentication of the access data, and can also increase the data security management normalization under a strong data environment, the method includes the steps of training managers, strengthening safety awareness of the managers, providing system guarantee for network data safety, encrypting data by adopting an encryption technology, converting the data into ciphertext data in a transmission process, preventing the data from being stolen, and improving the safety of data transmission because information cannot be obtained due to the fact that a secret key does not exist even if the data is stolen, so that the aim of maintaining the network safety is fulfilled, a data access object is controlled, identity authentication must be carried out on users who want to access the data, the access authority of non-authenticated clients is strictly limited, the users who access the data are guaranteed to be authenticated data, and the network safety is guaranteed to the maximum extent.
it will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.

Claims (4)

1. A big data analysis method applied to the field of information security is characterized by comprising the following steps:
S1, establishing a network security database: establishing a perception data source, determining a data source to be acquired, acquiring various safety data such as terminals, boundaries, services and applications under a defense chain, collecting data threatening network safety, storing the data to a big data platform, forming an original safety data warehouse, integrating a distributed file system, a relational database and the like, and constructing a database in a mixed form;
s2, analyzing network data: acquiring data generated after the network is attacked, and analyzing the data by combining the attack data collected in the network security database established in the step S1 to generate a network security abstract database, so as to analyze whether the data has security problems and potential safety hazards and establish a big data analysis model;
the big data analysis model comprises:
a: preprocessing the acquired data, reorganizing the original data and forming a basic data relation graph in a feature extraction and data fusion mode;
b: constructing an attack tree model through a data relation graph, conjecturing next attack behavior, and designing a data analysis flow, a method and rules by combining data statistical characteristics in the attack so as to form a big data analysis specific model;
S3, safety management of data: constructing a safety management system which comprises a network management system, a data backup system, a data encryption system and a control access object system;
s4, constructing safety early warning: analyzing the behavior route and the individual characteristics of the attacker by utilizing the analysis result of the big data, summarizing and analyzing the attack behavior data of the attacker, describing the behavior characteristics of the attacker, classifying the behavior route of the attacker as a defense basis, and monitoring and submitting alarm information according to the behavior data of the attacker;
s5, alarm processing: and S4, reading the alarm information required by the control system, selecting the alarm information field required by the control system, encoding data in a uniform format, encrypting and sending the encrypted data to the console, decrypting the encrypted alarm data received by the console, converting the encrypted alarm data into a device configuration command by using a corresponding protocol according to an interface provided by the response device, generating a response rule and sending the response rule to the response agent, generating a corresponding control command according to the received device grammar, and automatically blocking attacks, thereby realizing network security defense based on big data analysis.
2. the big data analysis method applied to the field of information security according to claim 1, wherein: the sensing data source of the step S1 records, records and collects relevant data for the attack information by covering each element under the entire network attack.
3. The big data analysis method applied to the field of information security according to claim 1, wherein: the big data analysis model of step S2 is to deeply mine the preprocessed data in a real-time analysis and offline analysis manner, and find potential threats in the data.
4. The big data analysis method applied to the field of information security according to claim 1, wherein: the network management system in step S3 isolates the illegal request through a firewall and establishes an intrusion detection mechanism, the data backup system restores the damaged data through data backup to minimize the data damage, the data encryption system encrypts data transmission by converting data into ciphertext data in the transmission process, and the control access object system protects the data by limiting the access right through the user identity authentication of the access data.
CN201910667897.6A 2019-07-23 2019-07-23 big data analysis method applied to information security field Pending CN110543761A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910667897.6A CN110543761A (en) 2019-07-23 2019-07-23 big data analysis method applied to information security field

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910667897.6A CN110543761A (en) 2019-07-23 2019-07-23 big data analysis method applied to information security field

Publications (1)

Publication Number Publication Date
CN110543761A true CN110543761A (en) 2019-12-06

Family

ID=68709794

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910667897.6A Pending CN110543761A (en) 2019-07-23 2019-07-23 big data analysis method applied to information security field

Country Status (1)

Country Link
CN (1) CN110543761A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111191230A (en) * 2019-12-27 2020-05-22 国网天津市电力公司 Fast network attack backtracking mining method based on convolutional neural network and application
CN111581636A (en) * 2020-03-26 2020-08-25 大连交通大学 Network security monitoring equipment
CN111885019A (en) * 2020-07-08 2020-11-03 福建奇点时空数字科技有限公司 Network security situation element extraction method based on attack and defense information comparison
CN112565212A (en) * 2020-11-24 2021-03-26 傲普(上海)新能源有限公司 Data safety transmission system suitable for comprehensive energy system
WO2021152423A1 (en) * 2020-01-28 2021-08-05 International Business Machines Corporation Combinatorial test design for optimizing parameter list testing
CN114070638A (en) * 2021-11-22 2022-02-18 安天科技集团股份有限公司 Computer system security defense method, device, electronic equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140196105A1 (en) * 2013-01-09 2014-07-10 Delta Electronics, Inc. Cloud system with attack protection mechanism and protection method using for the same
CN105553957A (en) * 2015-12-09 2016-05-04 国家电网公司 Network safety situation awareness early-warning method and system based big data
CN107196910A (en) * 2017-04-18 2017-09-22 国网山东省电力公司电力科学研究院 Threat early warning monitoring system, method and the deployment framework analyzed based on big data
CN109660526A (en) * 2018-12-05 2019-04-19 国网江西省电力有限公司信息通信分公司 A kind of big data analysis method applied to information security field

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140196105A1 (en) * 2013-01-09 2014-07-10 Delta Electronics, Inc. Cloud system with attack protection mechanism and protection method using for the same
CN105553957A (en) * 2015-12-09 2016-05-04 国家电网公司 Network safety situation awareness early-warning method and system based big data
CN107196910A (en) * 2017-04-18 2017-09-22 国网山东省电力公司电力科学研究院 Threat early warning monitoring system, method and the deployment framework analyzed based on big data
CN109660526A (en) * 2018-12-05 2019-04-19 国网江西省电力有限公司信息通信分公司 A kind of big data analysis method applied to information security field

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
周军等: "基于大数据分析的网络安全防御技术研究", 《信息与电脑》 *
管磊等: "基于大数据的网络安全态势感知技术研究", 《信息网络安全》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111191230A (en) * 2019-12-27 2020-05-22 国网天津市电力公司 Fast network attack backtracking mining method based on convolutional neural network and application
WO2021152423A1 (en) * 2020-01-28 2021-08-05 International Business Machines Corporation Combinatorial test design for optimizing parameter list testing
US11336679B2 (en) 2020-01-28 2022-05-17 International Business Machines Corporation Combinatorial test design for optimizing parameter list testing
CN111581636A (en) * 2020-03-26 2020-08-25 大连交通大学 Network security monitoring equipment
CN111885019A (en) * 2020-07-08 2020-11-03 福建奇点时空数字科技有限公司 Network security situation element extraction method based on attack and defense information comparison
CN112565212A (en) * 2020-11-24 2021-03-26 傲普(上海)新能源有限公司 Data safety transmission system suitable for comprehensive energy system
CN112565212B (en) * 2020-11-24 2022-12-16 傲普(上海)新能源有限公司 Data safety transmission system suitable for comprehensive energy system
CN114070638A (en) * 2021-11-22 2022-02-18 安天科技集团股份有限公司 Computer system security defense method, device, electronic equipment and medium
CN114070638B (en) * 2021-11-22 2023-07-18 安天科技集团股份有限公司 Computer system security defense method and device, electronic equipment and medium

Similar Documents

Publication Publication Date Title
CN110543761A (en) big data analysis method applied to information security field
CN107819771B (en) Information security risk assessment method and system based on asset dependency relationship
CN106330919A (en) Operation and maintenance safety auditing method and system
CN114372286A (en) Data security management method and device, computer equipment and storage medium
CN108270716A (en) A kind of audit of information security method based on cloud computing
CN103780584A (en) Cloud computing-based identity authentication fusion method
CN116132989B (en) Industrial Internet security situation awareness system and method
CN109936555A (en) A kind of date storage method based on cloud platform, apparatus and system
CN116962076A (en) Zero trust system of internet of things based on block chain
CN106982204A (en) Credible and secure platform
CN111885019A (en) Network security situation element extraction method based on attack and defense information comparison
CN117113199A (en) File security management system and method based on artificial intelligence
CN110826094A (en) Information leakage monitoring method and device
Feng et al. Autonomous vehicles' forensics in smart cities
KR101201629B1 (en) Cloud computing system and Method for Security Management for each Tenant in Multi-tenancy Environment
CN115600189A (en) Commercial password application security evaluation system
CN117292054A (en) Three-dimensional digital-based intelligent operation and maintenance method and system for power grid
CN112199700A (en) Safety management method and system for MES data system
CN110750795B (en) Information security risk processing method and device
CN112995220A (en) Security data security system for computer network
CN112380544A (en) Data security protection method of software system
Matusek et al. Nivss: a nearly indestructible video surveillance system
Kang et al. Multi-dimensional security risk assessment model based on three elements in the IoT system
CN202918335U (en) Fusion type identity authentication device based on cloud computing
CN117319521B (en) Data transmission method and system based on privacy computing network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191206

RJ01 Rejection of invention patent application after publication