CN111740974A - Network security emergency linkage system and method - Google Patents
Network security emergency linkage system and method Download PDFInfo
- Publication number
- CN111740974A CN111740974A CN202010549374.4A CN202010549374A CN111740974A CN 111740974 A CN111740974 A CN 111740974A CN 202010549374 A CN202010549374 A CN 202010549374A CN 111740974 A CN111740974 A CN 111740974A
- Authority
- CN
- China
- Prior art keywords
- network
- data
- safety
- emergency plan
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
Abstract
The invention relates to a network security emergency linkage system and a method, which comprises the following steps that 1, network security is monitored, and network security data is widely monitored and comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data; step 2, carrying out situation evaluation on the monitored data; step 3, starting a safety emergency plan; step 4, starting to perform targeted processing on the network security event after the pre-arranged plan is started; and 5, after the network security event is processed, reconstructing the network information system and enriching and supplementing a security emergency plan. The network security situation perception system has strong perception capability, can quickly react the network security events and process according to different emergency plans, and can also aggregate experiences according to the occurred network emergency plans after the emergency plans are processed, so that the same or similar network security events are avoided.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security emergency linkage system and a network security emergency linkage method.
Background
Network security events refer to the improper actions that affect the security of a computer system and network, which typically occur in a short period of time, the loss caused is huge, the key points of the network event are speed and efficiency, the network safety emergency response is to clearly know, predict and prepare the network safety, therefore, once a sudden network security incident occurs, the emergency response system is orderly dealt with and properly processed, the construction of the network security emergency response system in China is also based on the original emergency response system, and is improved and perfected continuously through practice, the existing method for dealing with network security events is more complicated, and the response is not fast enough, and the experience of the received network security event cannot be absorbed after the network security event passes, so that the unified network security event repeatedly occurs.
Disclosure of Invention
The invention aims to provide a network security emergency linkage system and a network security emergency linkage method, which aim to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: a network security emergency linkage system comprising:
the data monitoring module is used for carrying out wide monitoring on the network security data, and comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
the safety situation evaluation module is used for carrying out situation evaluation on the monitored data;
the starting safety emergency plan module is used for starting corresponding different safety emergency plans aiming at different types of network safety threats;
and the network security processing module is used for performing targeted processing on the network security event, reconstructing a network information system after the network security event is processed, and enriching and supplementing a security emergency plan.
Preferably, the security situation assessment module includes an equipment security unit, a data security unit, a content security unit, and a behavior security unit.
Preferably, the safety emergency plan module comprises a computer safety emergency plan unit, an information system safety emergency plan unit, an internet safety emergency plan unit, a private network safety emergency plan unit and an intranet safety emergency plan unit, wherein the computer safety emergency plan unit is an emergency plan preset for the computer and used for protecting hardware, software and data of the computer; the information system safety emergency plan unit is used for ensuring the confidentiality, the integrity and the availability of information data aiming at data safety; the Internet safety emergency plan unit provides an emergency plan aiming at confidentiality, integrity, availability, authenticity and controllability of information on the Internet; the private network safety emergency plan unit is used for providing an emergency plan for a network of the target-specific service; the intranet safety emergency plan unit is an emergency plan which is provided aiming at the sum of a series of safety strategies and measures of an enterprise internal network information system.
A network security emergency linkage method comprises the following steps:
step 1, monitoring network security, and widely monitoring network security data, wherein the network security data comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
step 2, carrying out situation evaluation on the monitored data, establishing a plurality of layers and carrying out evaluation at a plurality of angles when carrying out the situation evaluation, evaluating the service safety, the data safety, the infrastructure safety and the overall safety condition of the network, and evaluating the data with safety threat to the network in the situation evaluation;
step 3, starting a safety emergency plan, and starting corresponding different safety emergency plans aiming at different types of network safety threats;
step 4, starting to perform targeted processing on the network security event after the pre-arranged plan is started;
and 5, after the network security event is processed, reconstructing the network information system and enriching and supplementing a security emergency plan.
Preferably, in the step 1, the data monitoring is to monitor the network security data through various detection tools, and to detect, acquire and acquire various elements affecting the system security.
Preferably, the situation assessment in step 2 is divided into four assessment levels: a device security level, a data security level, a content security level, and a behavior security level.
Preferably, the situation assessment method in step 2 comprises an Endsley model for situation awareness starting from perception, an OODA model for loop confrontation, a JDL model for data fusion and an RPD model for hypothesis and reasoning.
Preferably, the safety emergency plan in step 3 includes: the system comprises a computer safety emergency plan, an information system safety emergency plan, an internet safety emergency plan, a private network safety emergency plan and an intranet safety emergency plan, wherein the computer safety emergency plan is preset aiming at the computer and is used for protecting hardware, software and data of the computer; the information system safety emergency plan is used for ensuring the confidentiality, the integrity and the availability of information data aiming at data safety; the Internet safety emergency plan is an emergency plan which is provided aiming at the confidentiality, the integrity, the availability, the authenticity and the controllability of information on the Internet; the private network safety emergency plan is an emergency plan which is provided aiming at a network of a specified object service; the intranet safety emergency plan is an emergency plan which is provided aiming at the sum of a series of safety strategies and measures of an enterprise internal network information system.
Preferably, in the step 5, the network information system is reestablished and supplemented with an emergency plan for the system security, which is complete and targeted for the network system, so as to prevent the network system from reoccurring network security events of the system.
Compared with the prior art, the invention has the following beneficial effects:
1. the network security emergency linkage method has strong pertinence and wide data acquisition range, and can comprehensively acquire and subsequently sense network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data.
2. According to the network security emergency linkage method, an Endsley model for situation perception starting from perception, an OODA model for cyclic confrontation, a JDL model for data fusion and an RPD model for hypothesis and reasoning are utilized to perceive and analyze network data, and the network data can be comprehensively analyzed and processed.
3. The network security situation perception system has strong perception capability, can quickly react the network security events and process according to different emergency plans, and can also aggregate experiences according to the network emergency plans after the emergency plans are processed, so that the same or similar network security events are avoided, and the loss is greatly avoided.
Description of the drawings:
FIG. 1 is a schematic diagram of a network security emergency linkage system according to the present invention;
FIG. 2 is a flowchart illustrating a method of a network security emergency linkage system according to the present invention;
FIG. 3 is a schematic diagram of the situation assessment of the present invention;
FIG. 4 is a schematic structural diagram of a security posture assessment module according to the present invention;
fig. 5 is a schematic structural diagram of a safety emergency plan according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a technical scheme that: referring to fig. 1 and 4, a network security emergency linkage system includes: the data monitoring module is used for carrying out wide monitoring on the network security data, and comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
the safety situation evaluation module is used for carrying out situation evaluation on the monitored data;
the starting safety emergency plan module is used for starting corresponding different safety emergency plans aiming at different types of network safety threats;
and the network security processing module is used for performing targeted processing on the network security event, reconstructing a network information system after the network security event is processed, and enriching and supplementing a security emergency plan.
Preferably, the security situation assessment module includes an equipment security unit, a data security unit, a content security unit, and a behavior security unit.
Preferably, the safety emergency plan module comprises a computer safety emergency plan unit, an information system safety emergency plan unit, an internet safety emergency plan unit, a private network safety emergency plan unit and an intranet safety emergency plan unit, wherein the computer safety emergency plan unit is an emergency plan preset for the computer and used for protecting hardware, software and data of the computer; the information system safety emergency plan unit is used for ensuring the confidentiality, the integrity and the availability of information data aiming at data safety; the Internet safety emergency plan unit provides an emergency plan aiming at confidentiality, integrity, availability, authenticity and controllability of information on the Internet; the private network safety emergency plan unit is used for providing an emergency plan for a network of the target-specific service; the intranet safety emergency plan unit is an emergency plan which is provided aiming at the sum of a series of safety strategies and measures of an enterprise internal network information system.
Referring to fig. 2, 3 and 5, a network security emergency linkage method includes the following steps:
step 1, monitoring network security, and widely monitoring network security data, wherein the network security data comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
step 2, carrying out situation evaluation on the monitored data, establishing a plurality of layers and carrying out evaluation at a plurality of angles when carrying out the situation evaluation, evaluating the service safety, the data safety, the infrastructure safety and the overall safety condition of the network, and evaluating the data with safety threat to the network in the situation evaluation;
step 3, starting a safety emergency plan, and starting corresponding different safety emergency plans aiming at different types of network safety threats;
step 4, starting to perform targeted processing on the network security event after the pre-arranged plan is started;
and 5, after the network security event is processed, reconstructing the network information system and enriching and supplementing a security emergency plan.
Preferably, in the step 1, the data monitoring is to monitor the network security data through various detection tools, and to detect, acquire and acquire various elements affecting the system security.
Preferably, the situation assessment in step 2 is divided into four assessment levels: a device security level, a data security level, a content security level, and a behavior security level.
Preferably, the situation assessment method in step 2 comprises an Endsley model for situation awareness starting from perception, an OODA model for loop confrontation, a JDL model for data fusion and an RPD model for hypothesis and reasoning.
Preferably, the safety emergency plan in step 3 includes: the system comprises a computer safety emergency plan, an information system safety emergency plan, an internet safety emergency plan, a private network safety emergency plan and an intranet safety emergency plan, wherein the computer safety emergency plan is preset aiming at the computer and is used for protecting hardware, software and data of the computer; the information system safety emergency plan is used for ensuring the confidentiality, the integrity and the availability of information data aiming at data safety; the Internet safety emergency plan is an emergency plan which is provided aiming at the confidentiality, the integrity, the availability, the authenticity and the controllability of information on the Internet; the private network safety emergency plan is an emergency plan which is provided aiming at a network of a specified object service; the intranet safety emergency plan is an emergency plan which is provided aiming at the sum of a series of safety strategies and measures of an enterprise internal network information system.
Preferably, in the step 5, the network information system is reestablished and supplemented with an emergency plan for the system security, which is complete and targeted for the network system, so as to prevent the network system from reoccurring network security events of the system.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that various changes in the embodiments and/or modifications of the invention can be made, and equivalents and modifications of some features of the invention can be made without departing from the spirit and scope of the invention.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that various changes in the embodiments and/or modifications of the invention can be made, and equivalents and modifications of some features of the invention can be made without departing from the spirit and scope of the invention.
Claims (9)
1. A network security emergency linkage system, comprising: the data monitoring module is used for carrying out wide monitoring on the network security data, and comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
the safety situation evaluation module is used for carrying out situation evaluation on the monitored data;
the starting safety emergency plan module is used for starting corresponding different safety emergency plans aiming at different types of network safety threats;
and the network security processing module is used for performing targeted processing on the network security event, reconstructing a network information system after the network security event is processed, and enriching and supplementing a security emergency plan.
2. The network security emergency linkage system according to claim 1, wherein: the security situation evaluation module comprises an equipment security unit, a data security unit, a content security unit and a behavior security unit.
3. The network security emergency linkage system according to claim 1, wherein: the safety emergency plan module comprises a computer safety emergency plan unit, an information system safety emergency plan unit, an internet safety emergency plan unit, a private network safety emergency plan unit and an intranet safety emergency plan unit, wherein the computer safety emergency plan unit is an emergency plan preset for the computer and is used for protecting hardware, software and data of the computer; the information system safety emergency plan unit is used for ensuring the confidentiality, the integrity and the availability of information data aiming at data safety; the Internet safety emergency plan unit provides an emergency plan aiming at confidentiality, integrity, availability, authenticity and controllability of information on the Internet; the private network safety emergency plan unit is used for providing an emergency plan for a network of the target-specific service; the intranet safety emergency plan unit is an emergency plan which is provided aiming at the sum of a series of safety strategies and measures of an enterprise internal network information system.
4. A network security emergency linkage method is characterized in that: the method comprises the following steps:
step 1, monitoring network security, and widely monitoring network security data, wherein the network security data comprises network structure data, network service data, vulnerability data, threat data, intrusion data and user abnormal data;
step 2, carrying out situation evaluation on the monitored data, establishing a plurality of layers and carrying out evaluation at a plurality of angles when carrying out the situation evaluation, evaluating the service safety, the data safety, the infrastructure safety and the overall safety condition of the network, and evaluating the data with safety threat to the network in the situation evaluation;
step 3, starting a safety emergency plan, and starting corresponding different safety emergency plans aiming at different types of network safety threats;
step 4, starting to perform targeted processing on the network security event after the pre-arranged plan is started;
and 5, after the network security event is processed, reconstructing the network information system and enriching and supplementing a security emergency plan.
5. The network security emergency linkage method according to claim 1, characterized in that: in the step 1, the data monitoring is to monitor the network security data through various detection tools, and to detect, acquire and acquire various elements affecting the system security.
6. The network security emergency linkage method according to claim 1, characterized in that: the situation assessment in the step 2 is divided into four assessment levels: a device security level, a data security level, a content security level, and a behavior security level.
7. The network security emergency linkage method according to claim 1, characterized in that: the situation assessment method in the step 2 comprises an Endsley model for situation perception starting from perception, an OODA model for cyclic confrontation, a JDL model for data fusion and an RPD model for assumption and reasoning.
8. The network security emergency linkage method according to claim 1, characterized in that: the safety emergency plan in the step 3 comprises the following steps: the system comprises a computer safety emergency plan, an information system safety emergency plan, an internet safety emergency plan, a private network safety emergency plan and an intranet safety emergency plan, wherein the computer safety emergency plan is preset aiming at the computer and is used for protecting hardware, software and data of the computer; the information system safety emergency plan is used for ensuring the confidentiality, the integrity and the availability of information data aiming at data safety; the Internet safety emergency plan is an emergency plan which is provided aiming at the confidentiality, the integrity, the availability, the authenticity and the controllability of information on the Internet; the private network safety emergency plan is an emergency plan which is provided aiming at a network of a specified object service; the intranet safety emergency plan is an emergency plan which is provided aiming at the sum of a series of safety strategies and measures of an enterprise internal network information system.
9. The network security emergency linkage method according to claim 1, characterized in that: in the step 5, the network information system is rebuilt and utilizes the perfection of the network system and supplements the emergency plan of the system safety in a targeted manner, so that the network system is prevented from generating network safety events of the system again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010549374.4A CN111740974A (en) | 2020-06-16 | 2020-06-16 | Network security emergency linkage system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010549374.4A CN111740974A (en) | 2020-06-16 | 2020-06-16 | Network security emergency linkage system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111740974A true CN111740974A (en) | 2020-10-02 |
Family
ID=72649439
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010549374.4A Pending CN111740974A (en) | 2020-06-16 | 2020-06-16 | Network security emergency linkage system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111740974A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259397A (en) * | 2021-07-07 | 2021-08-13 | 奇安信科技集团股份有限公司 | Method, device and equipment for executing plan and readable storage medium |
| CN113329017A (en) * | 2021-05-28 | 2021-08-31 | 江苏骏安信息测评认证有限公司 | Network security risk detection system and method |
| CN113722772A (en) * | 2021-08-25 | 2021-11-30 | 广东财经大学 | Method for quantitatively evaluating channel security degree of side of password security chip |
| CN113965921A (en) * | 2021-09-22 | 2022-01-21 | 南方电网数字电网研究院有限公司 | Network security emergency response method and response system for power system |
| CN114866339A (en) * | 2022-06-14 | 2022-08-05 | 西安明赋云计算有限公司 | Method and system for detecting network security situation |
| CN115296873A (en) * | 2022-07-26 | 2022-11-04 | 北京科能腾达信息技术股份有限公司 | Computer network safety controller, medium, equipment and terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487810A (en) * | 2016-11-25 | 2017-03-08 | 中国科学院信息工程研究所 | A kind of cloud platform security postures cognitive method |
| CN106941493A (en) * | 2017-03-30 | 2017-07-11 | 北京奇艺世纪科技有限公司 | A kind of network security situation awareness result output intent and device |
| CN109194501A (en) * | 2018-08-09 | 2019-01-11 | 广东电网有限责任公司信息中心 | The method of the Intranet application system emergency response disposition of intelligent automation |
| CN110708340A (en) * | 2019-11-07 | 2020-01-17 | 深圳市高德信通信股份有限公司 | Enterprise private network security supervision system |
-
2020
- 2020-06-16 CN CN202010549374.4A patent/CN111740974A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487810A (en) * | 2016-11-25 | 2017-03-08 | 中国科学院信息工程研究所 | A kind of cloud platform security postures cognitive method |
| CN106941493A (en) * | 2017-03-30 | 2017-07-11 | 北京奇艺世纪科技有限公司 | A kind of network security situation awareness result output intent and device |
| CN109194501A (en) * | 2018-08-09 | 2019-01-11 | 广东电网有限责任公司信息中心 | The method of the Intranet application system emergency response disposition of intelligent automation |
| CN110708340A (en) * | 2019-11-07 | 2020-01-17 | 深圳市高德信通信股份有限公司 | Enterprise private network security supervision system |
Non-Patent Citations (1)
| Title |
|---|
| 王轶: "政务***的信息安全探索——网络安全态势感知", 《中国新通信》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113329017A (en) * | 2021-05-28 | 2021-08-31 | 江苏骏安信息测评认证有限公司 | Network security risk detection system and method |
| CN113259397A (en) * | 2021-07-07 | 2021-08-13 | 奇安信科技集团股份有限公司 | Method, device and equipment for executing plan and readable storage medium |
| CN113722772A (en) * | 2021-08-25 | 2021-11-30 | 广东财经大学 | Method for quantitatively evaluating channel security degree of side of password security chip |
| CN113722772B (en) * | 2021-08-25 | 2023-12-26 | 广东财经大学 | Quantitative evaluation method for security degree of side channel of password security chip |
| CN113965921A (en) * | 2021-09-22 | 2022-01-21 | 南方电网数字电网研究院有限公司 | Network security emergency response method and response system for power system |
| CN114866339A (en) * | 2022-06-14 | 2022-08-05 | 西安明赋云计算有限公司 | Method and system for detecting network security situation |
| CN115296873A (en) * | 2022-07-26 | 2022-11-04 | 北京科能腾达信息技术股份有限公司 | Computer network safety controller, medium, equipment and terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111740974A (en) | Network security emergency linkage system and method | |
| CN112787992B (en) | Method, device, equipment and medium for detecting and protecting sensitive data | |
| CN109194710B (en) | System and method for supervising specific personnel behaviors based on block chain and intelligent contract | |
| CN111404909A (en) | Security detection system and method based on log analysis | |
| CN110839019A (en) | Network security threat tracing method for power monitoring system | |
| US20110078301A1 (en) | Systems and methods for detecting network conditions based on correlation between trend lines | |
| Yang et al. | Stateful intrusion detection for IEC 60870-5-104 SCADA security | |
| CN108337266B (en) | Efficient protocol client vulnerability discovery method and system | |
| CN105721198A (en) | Video monitoring system log safety audit method | |
| CN110543761A (en) | big data analysis method applied to information security field | |
| CN110675150A (en) | Federation chain-based compliance management and supervision method and device | |
| CN112600828B (en) | Attack detection and protection method and device for power control system based on data message | |
| US10110440B2 (en) | Detecting network conditions based on derivatives of event trending | |
| CN116861419B (en) | Active defending log alarming method on SSR | |
| CN109981594A (en) | Network security situational awareness method based on big data | |
| CN110995840B (en) | Remote terminal anti-dismantling control method suitable for excavator | |
| CN117234179A (en) | Anomaly capturing and processing system and method based on trusted computing | |
| CN113965921A (en) | Network security emergency response method and response system for power system | |
| CN113691498B (en) | Electric power internet of things terminal safety state evaluation method and device and storage medium | |
| Deng et al. | A distributed real-time event correlation architecture for SCADA security | |
| CN102164129A (en) | Linkage method for firewall and intrusion-detection system | |
| CN112749053A (en) | Intelligent fault monitoring and intelligent repair management system based on cloud platform | |
| Ye et al. | A practical solution to the information security risk evaluation problems in power systems | |
| CN114553490B (en) | Industrial passive fuzzy test method, system and readable storage medium | |
| CN112087465B (en) | Method and device for determining threat event based on aggregated information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201002 |