CN111614639A - Network security analysis method based on boundary theory - Google Patents
Network security analysis method based on boundary theory Download PDFInfo
- Publication number
- CN111614639A CN111614639A CN202010385155.7A CN202010385155A CN111614639A CN 111614639 A CN111614639 A CN 111614639A CN 202010385155 A CN202010385155 A CN 202010385155A CN 111614639 A CN111614639 A CN 111614639A
- Authority
- CN
- China
- Prior art keywords
- security
- boundary
- network
- access
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Abstract
The embodiment of the invention discloses a network security analysis method based on a boundary theory, which comprises the following steps: dividing a logic security domain; protecting the safety inside each safety domain; and protecting the boundary between the safety domains. The embodiment of the invention abandons the traditional idea of dividing the security boundary based on the physical environment, logically divides the security boundary according to the service function, the information sensitivity and the security level, provides a security partition design model, provides the certifiability on the network security protection, realizes the manageability, ensures the link smoothness and generally improves the attack prevention capability.
Description
Technical Field
The invention relates to the technical field of Internet of things, in particular to a network security analysis method based on a boundary theory.
Background
The gradual maturity of cloud computing, big data and internet of things technology and the concept of object-object connection have promoted a large amount of novel applications, which makes the network architecture as infrastructure more complicated and the network boundary more and more fuzzy in physics. Due to the networking sharing of social resources and the requirement of cross-department coordinated linkage, more and more applications are pushed to the cloud, the interaction of internal and external network data cannot be avoided, and the network boundary is slowly changed from static state to dynamic state.
Based on the above changes, network security monitoring defense situation is becoming more severe. Therefore, a more scientific and effective method for defining the network security boundary is needed, and on the basis of the network security boundary, more targeted zoning and domain division security protection is performed.
Disclosure of Invention
In view of the above technical problems, embodiments of the present invention provide a network security analysis method based on a boundary theory, which generally improves attack prevention capability.
The embodiment of the invention provides a network security analysis method based on a boundary theory, which comprises the following steps: automatically identifying a network boundary, dividing a logic security domain according to a service function, information sensitivity and a security level, designing a security partition model, and determining a security protection boundary; determining a protection strategy in the security domain according to the security level and the protection requirement, and protecting the security in each security domain; and aiming at the network boundary between the security domains, setting an access and connection strategy according to the requirements of functions and non-functions, and protecting the boundary security between the security domains.
Optionally, the automatically identifying the network boundary, partitioning a logic security domain according to a service function, information sensitivity, and a security level, designing a security partition model, and determining the security protection boundary includes: automatically identifying network boundaries; determining a secure asset; defining a security policy and a security level from the security asset; and dividing different security domains according to the security policy and the security level.
Optionally, the determining a protection policy inside the security domain according to the security level and the protection requirement, and the step of protecting the security inside each security domain includes: establishing a behavior model and a security baseline for each security domain; different groups are identified and divided according to behaviors and attributes, and small probability event discovery and risk trend prediction are achieved through group analysis.
Optionally, the setting, for a network boundary between security domains, an access and connection policy according to requirements of a function and a non-function, and the step of protecting the boundary between the security domains includes: implementing control on the boundary access strategy; and discovering and early warning at least one abnormal behavior of unauthorized access, illegal access and illegal external connection.
Optionally, the step of automatically identifying the network boundary includes: identifying the type of the network equipment, analyzing the access path and the service protocol, and automatically completing the discovery and identification of the network boundary.
Optionally, the step of enforcing regulation on the boundary access policy includes: collecting flow data between boundaries between security domains, and analyzing behaviors crossing the security domains or the networks in the network; generating a boundary access strategy according to the acquired flow data; the border access policy is optimized periodically.
Optionally, the step of periodically optimizing the boundary access policy includes: strategy verification is carried out regularly, network connection exceeding the boundary strategy is verified, and whether the condition of setting network boundary access control authority in violation exists is determined; checking the long-term missed boundary strategy, and determining whether the condition that the service application is offline but the boundary strategy is not cancelled synchronously exists; after the boundary policy is generated, the synchronous bypass is operated for a period of time, the validity of the policy is detected by using the actually operated data, and whether legal network connection is not included in the policy is verified.
Optionally, the step of discovering and warning at least one abnormal behavior of unauthorized access, illegal access, and illegal external connection includes: monitoring is carried out through a behavior analysis model automatically generated by the system and a manually set violation strategy, and abnormal behaviors are found; and informing an administrator or automatically finishing early warning treatment by at least one of monitoring alarm, short message notification and automatic blocking.
The network security analysis method based on the boundary theory provided by the embodiment of the invention divides the logic security domain; protecting the safety inside each safety domain; the boundary safety between the safety domains is protected, so compared with the prior art, the embodiment of the invention abandons the traditional thought of dividing the safety boundary based on a physical environment, logically divides the safety boundary according to the service function, the information sensitivity and the safety level, provides a safety partition design model, provides the certifiability on the network safety protection, realizes the certifications, ensures the link smoothness and generally improves the attack prevention capability.
Drawings
FIG. 1 is a schematic flow chart illustrating an embodiment of a network security analysis method based on boundary theory according to the present invention;
FIG. 2 is a schematic flow chart illustrating a network security analysis method based on boundary theory according to another embodiment of the present invention;
FIG. 3 is a schematic flow chart illustrating a network security analysis method based on boundary theory according to another embodiment of the present invention;
FIG. 4 is a schematic flow chart illustrating a network security analysis method based on boundary theory according to another embodiment of the present invention;
fig. 5 is a schematic flowchart of another embodiment of a network security analysis method based on the boundary theory according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
With the continuous development of computer network technology, computer networks become more and more complex, networks are divided into different areas, each area is subjected to hierarchical important protection, the hierarchical important protection is an effective means for establishing a network security system, the definition and division principle of network security domains refer to subnets or networks which have the same security protection requirements in the same system, are mutually trusted and have the same security access control and boundary control strategies, and the same network security domains share the same security strategy. A security domain in the broadest sense is a collection of system elements having the same business and security requirements, including network areas, hosts and systems, people and organizations, physical painters, policies and processes, businesses and missions, etc.
The invention provides a network security analysis method based on a boundary theory. According to the method, safety regions are classified and divided logically according to business functions, information sensitivity and safety levels, a safety partition model is designed, and a safety protection boundary is determined; in each safety area, according to the safety level and the protection requirement, distinguishing and pertinently determining a protection strategy; aiming at the network boundary between each safety area, according to the requirements of function and non-function, the access and connection strategies are set, and the manageability and authenticable of network behaviors are realized. Specifically, referring to fig. 1, a schematic flow chart of an embodiment of the method of the present invention is shown, where the method includes the following steps:
and step S10, automatically identifying the network boundary, dividing the logic security domain according to the service function, the information sensitivity and the security level, designing a security partition model, and determining the security protection boundary. A secure enclave is a logical enclave consisting of a set of systems that have the same security protection requirements and trust each other. The system of the same security domain shares the same security strategy, the security domain division aims at resolving the security problem of a large-scale complex system into the security protection problem of a smaller area, and the method is an effective method for realizing the security level protection of the large-scale complex information system. According to the service function, the information sensitivity and the security level, the security regions are classified and divided logically, a security partition model is designed, and a security protection boundary is determined. For a private network, the following security partition model is generally adopted: the system comprises an Internet of things terminal area, a user terminal area, an application data area, an external connection data area, an Internet area and a network management area. Meanwhile, security domains can be flexibly divided according to management requirements, the security domains are used as basic units for network security management, each security domain is composed of a plurality of IP or network segments, each security domain supports a plurality of data streams, a user can define the security domains by himself, one department can be divided into one security domain, one class of user terminals can be divided into one security domain, and a user in one service mode can be divided into one security domain, so that management is very convenient.
Further, the internet of things terminal area and the application data area are of particular concern. The equipment in the terminal area of the Internet of things has many kinds and quantities, is widely distributed in different places with different environments, and has weak capability of individual resisting illegal attack of hackers, so that risks of counterfeit terminal access, Trojan horse injection, virus injection and the like exist, and thus a large amount of front ends are easily used as sources of DDOS attack. Therefore, security reinforcement and information security supervision must be performed on the internet of things terminal, and the running process must be supervised in real time, and if an abnormal process is found, offline processing is performed. The data is the core asset, the core data is protected, and the three main problems are that the data is not leaked, the data is not tampered, and the data can be normally used. The core data protection is a comprehensive complex work, and the boundary prevention and control and all the access to the data need to be monitored and early warned.
In one embodiment of the present invention, referring to fig. 2, the step S10 specifically includes the following steps:
in step S11, the network boundaries are automatically identified.
Step S12, determine the secure asset.
Step S13, defining a security policy and a security level according to the security asset.
And step S14, dividing different security domains according to the security policy and the security level.
The principle of defining the security partition in the invention is that firstly, security assets are defined according to service and information sensitivity, secondly, security policies and security levels are defined for the security assets, and for the security assets with the same security policies and levels, the security assets can be considered to belong to the same security area.
Step S20, determining a protection strategy in the security domain according to the security level and the protection requirement, and protecting the security in each security domain.
In one embodiment of the present invention, referring to fig. 3, the step S20 specifically includes the following steps:
step S21, establishing a behavior model and a security baseline for each security domain.
And step S22, identifying and dividing different groups according to behaviors and attributes, and realizing small probability event discovery and risk trend prediction through group analysis.
Specifically, the security domain is a logical partition, and devices and objects in each security domain have similar service attributes and have the same security protection requirements. Similar business attributes enable the business to have the foundation for machine learning and establishing an access behavior model. On the basis, by utilizing algorithm models of dimension reduction, clustering, decision trees and the like, through data mining of the mutual access relation ecological graph and analysis of rules, analysis of an internal network behavior pattern, mining of behavior habits of applications or users, analysis of internal assets, continuous learning and behavior portrait construction of objects, establishment of an access behavior model and generation of a behavior white model and a safety baseline can be realized. Furthermore, groups with similar behaviors and attributes are identified and divided through clustering and other modes, and small-probability event discovery and trend prediction of future risks are achieved through group analysis.
The behavior white model is an access relation table which is established from the real application access relation and accords with application logic and safety rules through automatic generation and manual adjustment. It is defined by service logic, generated by actual network connection, and conforms to application logic and user access rules meeting safety regulations. Compared with a general safety protection mode, the white model protection mode can eliminate the interference of legal application access, and places the safety emphasis on suspicious data, thereby being beneficial to discovering safety problems of unknown application, illegal access, safety intrusion and the like.
And step S30, setting access and connection strategies according to the requirements of functions and non-functions for the network boundaries between the security domains, and protecting the boundary security between the security domains.
In one embodiment of the present invention, referring to fig. 4, step S30 includes the following steps:
and step S31, implementing management and control on the boundary access strategy.
And step S32, at least one abnormal behavior of unauthorized access, illegal access and illegal external connection is discovered and early warned.
In the above steps, access control is performed on the network boundary between the security domains, and the core of the control is access behavior, so that the impermissible access is stopped or early-warned. The business diversification of enterprises inevitably causes the diversification of access behaviors, so that how to effectively identify normal access and illegal access is very necessary. Firstly, implementing control on a boundary access strategy; and secondly, discovering and early warning abnormal behaviors such as unauthorized access, illegal external connection and the like. The abnormal behavior discovery is realized by implementing and monitoring a behavior analysis model automatically generated by the system and a manually set violation strategy. After the early warning event is generated, the administrator is informed or the disposal is automatically finished through modes of monitoring alarm, short message notification, automatic blocking and the like.
In one embodiment of the present invention, referring to fig. 5, the step S31 specifically includes the following steps:
step S311, collecting traffic data between boundaries between security domains, and analyzing behaviors across security domains or networks in the network.
The invention collects the flow data between the network boundaries, carries out formatting treatment, combines the operation characteristics and habits of network construction, management, operation and maintenance and the like in daily work, carries out cluster analysis on the network connection behaviors of the cross-security domain or the cross-network in the network, classifies the network connection, finds out the regularity of the connection, determines the purpose of the connection and determines the validity of the connection.
Step S312, a boundary access strategy is generated according to the collected flow data. Network policy requirements are derived from security requirements of multiple dimensions such as business applications, operation and maintenance operations, and management specifications.
The invention can flexibly set various carding strategies according to actual requirements, such as business application, security domain, destination IP address and the like, configure the priority among all strategies, and generate the boundary access strategy on the basis of actual network data. The access strategies are classified and managed in a centralized manner, so that the boundary strategies are business and visual, and the crossing, redundancy and errors of the network strategies are effectively avoided.
In step S313, the boundary access policy is periodically optimized.
The network serves upper-level business applications, often with new projects online or updates to old systems, and therefore, the security policies between boundaries need to be changed frequently. Therefore, policy verification is required to be performed regularly, network connections exceeding the boundary policy are verified, and whether the condition that the network boundary access control authority is illegally set is determined; and checking the boundary strategy of the long-term miss to see whether the condition that the service application is offline but the boundary strategy is not cancelled synchronously exists. In addition, after the boundary strategy is generated, the bypass can be synchronously operated for a period of time, the effectiveness of the strategy is detected by using the actually operated data, whether legal network connection is not included in the strategy is verified, and the boundary strategy can not influence service application absolutely.
The boundary access strategy optimization of the invention takes business application and data exchange application as a core, combines the operation characteristics and habits of network construction, management, operation and maintenance and the like in daily work, carries out cluster analysis on the network connection behaviors across security domains or networks in the network, realizes the work of generating the boundary strategies in the system operation process, and can accurately track and check certain boundary strategies to determine whether there are zombie strategies, uncovered connections and the like instead of experience and memory of the boundary strategies. And realizing the strategy optimization of the original boundary access and the continuous tracking detection of the boundary access strategy.
According to the technical scheme, the network security boundary is scientifically and reasonably divided by the thought of 'simplifying the complex and changing the large into small', the network strategy and the network behavior are subjected to subarea and subarea management, the security baseline of each security domain is established, the security barrel effect is eliminated, and the comprehensive defense capacity and the security level of the whole network are improved.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (8)
1. A network security analysis method based on boundary theory is characterized by comprising the following steps:
automatically identifying a network boundary, dividing a logic security domain according to a service function, information sensitivity and a security level, designing a security partition model, and determining a security protection boundary;
determining a protection strategy in the security domain according to the security level and the protection requirement, and protecting the security in each security domain;
and aiming at the network boundary between the security domains, setting an access and connection strategy according to the requirements of functions and non-functions, and protecting the boundary security between the security domains.
2. The method for network security analysis based on boundary theory as claimed in claim 1, wherein the step of automatically identifying the network boundary, partitioning the logic security domain according to the service function, the information sensitivity and the security level, designing the security partition model, and determining the security protection boundary comprises:
automatically identifying network boundaries;
determining a secure asset;
defining a security policy and a security level from the security asset;
and dividing different security domains according to the security policy and the security level.
3. The method for analyzing network security based on boundary theory according to claim 1, wherein the step of determining a protection policy within a security domain according to the security level and the protection requirement, and the step of protecting the security within each security domain comprises:
establishing a behavior model and a security baseline for each security domain;
different groups are identified and divided according to behaviors and attributes, and discovery of small probability events and trend prediction of risks are achieved through group analysis.
4. The method for analyzing network security based on boundary theory according to claim 1, wherein for the network boundary between the security domains, an access and connection policy is set according to functional and non-functional requirements, and the step of protecting the boundary security between the security domains comprises:
implementing control on the boundary access strategy;
and discovering and early warning at least one abnormal behavior of unauthorized access, illegal access and illegal external connection.
5. The method for network security analysis based on boundary theory according to claim 1, wherein the step of automatically identifying the network boundary comprises:
identifying the type of the network equipment, analyzing the access path and the service protocol, and automatically completing the discovery and identification of the network boundary.
6. The method for analyzing network security based on boundary theory according to claim 4, wherein the step of enforcing control on the boundary access policy comprises:
collecting flow data between boundaries between security domains, and analyzing behaviors crossing the security domains or the networks in the network;
generating a boundary access strategy according to the acquired flow data;
the border access policy is optimized periodically.
7. The method for network security analysis based on boundary theory as claimed in claim 6, wherein the step of periodically optimizing the boundary access policy comprises:
strategy verification is carried out regularly, network connection exceeding the boundary strategy is verified, and whether the condition of setting network boundary access control authority in violation exists is determined;
checking the long-term missed boundary strategy, and determining whether the condition that the service application is offline but the boundary strategy is not cancelled synchronously exists;
after the boundary policy is generated, the synchronous bypass is operated for a period of time, the validity of the policy is detected by using the actually operated data, and whether legal network connection is not included in the policy is verified.
8. The network security analysis method based on the boundary theory as claimed in claim 4, wherein the step of discovering and early warning at least one of abnormal behaviors of unauthorized access, illegal access and illegal external connection comprises:
monitoring is carried out through a behavior analysis model automatically generated by the system and a manually set violation strategy, and abnormal behaviors are found;
and informing an administrator or automatically finishing early warning treatment by at least one of monitoring alarm, short message notification and automatic blocking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010385155.7A CN111614639A (en) | 2020-05-09 | 2020-05-09 | Network security analysis method based on boundary theory |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010385155.7A CN111614639A (en) | 2020-05-09 | 2020-05-09 | Network security analysis method based on boundary theory |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111614639A true CN111614639A (en) | 2020-09-01 |
Family
ID=72204759
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010385155.7A Pending CN111614639A (en) | 2020-05-09 | 2020-05-09 | Network security analysis method based on boundary theory |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111614639A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500063A (en) * | 2022-01-31 | 2022-05-13 | 上海纽盾科技股份有限公司 | Method, device, system and storage medium for partition-aware threat of network assets |
| CN114826760A (en) * | 2022-05-12 | 2022-07-29 | 深圳铸泰科技有限公司 | Network security analysis method based on boundary theory |
| CN114880713A (en) * | 2022-06-30 | 2022-08-09 | 深圳红途科技有限公司 | User behavior analysis method, device, equipment and medium based on data link |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102006033830A1 (en) * | 2006-07-14 | 2008-01-17 | Cuculus Gmbh | Method and arrangement for the realization of access networks to a public network |
| CN101951384A (en) * | 2010-09-29 | 2011-01-19 | 南京信息工程大学 | Distributed security domain logic boundary protection method |
| CN105162763A (en) * | 2015-07-29 | 2015-12-16 | 网神信息技术(北京)股份有限公司 | Method and device for processing communication data |
| CN105306471A (en) * | 2015-11-03 | 2016-02-03 | 国家电网公司 | System and method for management and control of access control policy of security domain boundary equipment of smart grid |
| CN107483414A (en) * | 2017-07-20 | 2017-12-15 | 安徽继远软件有限公司 | A kind of security protection system and its means of defence based on cloud computing virtualized environment |
| CN108965209A (en) * | 2017-05-19 | 2018-12-07 | 南京骏腾信息技术有限公司 | Threat cognitive method based on safe big data analysis |
| CN109067783A (en) * | 2018-09-17 | 2018-12-21 | 武汉思普崚技术有限公司 | A kind of centralized management security system |
| CN109861972A (en) * | 2018-12-21 | 2019-06-07 | 陕西商洛发电有限公司 | A kind of security architecture system of industrial information control unified platform |
-
2020
- 2020-05-09 CN CN202010385155.7A patent/CN111614639A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102006033830A1 (en) * | 2006-07-14 | 2008-01-17 | Cuculus Gmbh | Method and arrangement for the realization of access networks to a public network |
| CN101951384A (en) * | 2010-09-29 | 2011-01-19 | 南京信息工程大学 | Distributed security domain logic boundary protection method |
| CN105162763A (en) * | 2015-07-29 | 2015-12-16 | 网神信息技术(北京)股份有限公司 | Method and device for processing communication data |
| CN105306471A (en) * | 2015-11-03 | 2016-02-03 | 国家电网公司 | System and method for management and control of access control policy of security domain boundary equipment of smart grid |
| CN108965209A (en) * | 2017-05-19 | 2018-12-07 | 南京骏腾信息技术有限公司 | Threat cognitive method based on safe big data analysis |
| CN107483414A (en) * | 2017-07-20 | 2017-12-15 | 安徽继远软件有限公司 | A kind of security protection system and its means of defence based on cloud computing virtualized environment |
| CN109067783A (en) * | 2018-09-17 | 2018-12-21 | 武汉思普崚技术有限公司 | A kind of centralized management security system |
| CN109861972A (en) * | 2018-12-21 | 2019-06-07 | 陕西商洛发电有限公司 | A kind of security architecture system of industrial information control unified platform |
Non-Patent Citations (1)
| Title |
|---|
| 宁建创: ""安全域可视化核查技术及应用"", 《广西通信技术》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500063A (en) * | 2022-01-31 | 2022-05-13 | 上海纽盾科技股份有限公司 | Method, device, system and storage medium for partition-aware threat of network assets |
| CN114500063B (en) * | 2022-01-31 | 2023-10-13 | 上海纽盾科技股份有限公司 | Method, device, system and storage medium for partition perception threat of network asset |
| CN114826760A (en) * | 2022-05-12 | 2022-07-29 | 深圳铸泰科技有限公司 | Network security analysis method based on boundary theory |
| CN114826760B (en) * | 2022-05-12 | 2023-08-15 | 深圳铸泰科技有限公司 | Network security analysis method based on boundary theory |
| CN114880713A (en) * | 2022-06-30 | 2022-08-09 | 深圳红途科技有限公司 | User behavior analysis method, device, equipment and medium based on data link |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10339309B1 (en) | System for identifying anomalies in an information system | |
| US7779465B2 (en) | Distributed peer attack alerting | |
| CN112637220B (en) | Industrial control system safety protection method and device | |
| CN114978584A (en) | Network security protection safety method and system based on unit cell | |
| US20070266433A1 (en) | System and Method for Securing Information in a Virtual Computing Environment | |
| US10635817B2 (en) | Targeted security alerts | |
| US20160378978A1 (en) | Scoring for threat observables | |
| CN103413083B (en) | Unit security protection system | |
| CN106537406A (en) | A cyber-security system and methods thereof | |
| CN111614639A (en) | Network security analysis method based on boundary theory | |
| CN113168470A (en) | System and method for behavioral threat detection | |
| CN103563302A (en) | Network asset information management | |
| CN114372286A (en) | Data security management method and device, computer equipment and storage medium | |
| Arunkumar et al. | Malicious attack detection approach in cloud computing using machine learning techniques | |
| CN117081868B (en) | Network security operation method based on security policy | |
| CN113168469A (en) | System and method for behavioral threat detection | |
| CN115314286A (en) | Safety guarantee system | |
| US20120137362A1 (en) | Collaborative security system for residential users | |
| Sibai et al. | Countering network-centric insider threats through self-protective autonomic rule generation | |
| CN115550068A (en) | Host log information security audit method | |
| Moharamkhani et al. | Intrusion detection system based firefly algorithm‐random forest for cloud computing | |
| Sabri et al. | Hybrid of rough set theory and artificial immune recognition system as a solution to decrease false alarm rate in intrusion detection system | |
| KR20190083458A (en) | Network intrusion detection system and method thereof | |
| Awodele et al. | A Multi-Layered Approach to the Design of Intelligent Intrusion Detection and Prevention System (IIDPS). | |
| Skopik et al. | Intrusion detection in distributed systems using fingerprinting and massive event correlation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200901 |