CN111885019A - Network security situation element extraction method based on attack and defense information comparison - Google Patents
Network security situation element extraction method based on attack and defense information comparison Download PDFInfo
- Publication number
- CN111885019A CN111885019A CN202010653512.3A CN202010653512A CN111885019A CN 111885019 A CN111885019 A CN 111885019A CN 202010653512 A CN202010653512 A CN 202010653512A CN 111885019 A CN111885019 A CN 111885019A
- Authority
- CN
- China
- Prior art keywords
- network
- attack
- data
- defense
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A network security situation element extraction method based on attack and defense information comparison comprises the following steps: s1, acquiring network attack and defense information; s2, analyzing and processing the acquired network attack and defense data; s3, storing the acquired network attack and defense information and the analysis data; s4, forming a mixed network security database based on the original network security database; s5, based on the network security database in the mixed form, the security situation element extraction layer compares the abnormal detection results of different levels and different granularities; s6, obtaining theoretical security threats and actual security threats through different levels of comparison; and S7, after comparison, extracting elements of the network security situation in the aspects of security threat and security defense from the aspects of attack and defense. The method and the device can accurately and effectively extract the network security situation elements based on the attack and defense information comparison, are beneficial to objectively establishing a security situation evaluation model, ensure the network security and have excellent use effect.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security situation element extraction method based on attack and defense information comparison.
Background
The computer network is a product combining communication technology and computer technology after the development to a certain degree, the network security means that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, the network service is not interrupted, and the computer network has the characteristics of confidentiality, integrity, availability, controllability and censorability; at present, networks are deeply buried in various aspects of modern life, highly developed network technologies bring fast and convenient information interaction for people, and meanwhile, malicious attacks and stealing behaviors based on the networks are more and more severe, and the concerned network security still has huge hidden dangers;
an attacker utilizes the rapid spreading property and the wide interconnectivity of the network to destroy the basic performance of the network and infringe the legal rights and interests of users greatly, the safety and benefits of the society and the country are threatened, a severe test is provided for network safety measures in the traditional sense, the network intrusion behavior develops towards the trends of diversification, scale, complication, persistence and the like, and a safety manager more and more hopes to better know the safety and health states of the network supervised by the safety manager at the current moment and the future moment so as to find problems and take early warning measures in time, so that the network safety situation perception technology research is brought to the discretion; the existing network security situation element extraction method has poor extraction effect, is difficult to accurately and effectively extract the network security situation elements, and needs to be improved.
Disclosure of Invention
Objects of the invention
In order to solve the technical problems in the background art, the invention provides the network security situation element extraction method based on attack and defense information comparison, which can accurately and effectively extract the network security situation elements based on the attack and defense information comparison, is beneficial to objectively establishing a security situation evaluation model, ensures the network security and has an excellent use effect.
(II) technical scheme
The invention provides a network security situation element extraction method based on attack and defense information comparison, which comprises the following steps:
s1, acquiring network attack and defense information to know how the network security state changes and evolves continuously;
the attack information is mainly obtained through flow anomaly detection of different granularities, and the defense information comprises defense data of all safety protection equipment deployed in a network to a safety event and defense data of safety protection measures adopted by each host in the network to the safety event;
s2, analyzing and processing the acquired network attack and defense data, firstly, performing feature extraction and dimensionality reduction on the data samples by manifold learning to obtain output values of the data samples, then, clustering the output values of the data samples by a kernel matching integrated clustering algorithm, and fusing the clustered results by DS evidence reasoning;
s3, the big data platform stores the acquired network attack and defense information and the analysis data to form an original network security database;
s4, integrating the distributed file system and the relational database based on the original network security database to finally form a mixed network security database;
s5, based on the network security database in the mixed form, the security situation element extraction layer compares the abnormal detection results of different levels and different granularities;
s6, obtaining theoretical security threats and actual security threats through comparison of different layers, and obtaining defense capability information of the network to each type of security events;
s7, after comparison, extracting elements of the network security situation in the aspects of security threat and security defense from the aspects of attack and defense;
the security threat elements mainly come from the contrast between attack information and attack information, and the security defense elements are reflected by the contrast between the attack information;
s8, establishing a network security situation evaluation model based on the network security situation elements generated by objective result comparison, and evaluating the network security situation according to the network security situation evaluation model.
Preferably, in S1, the security protection means includes a firewall and anti-virus software, and the presence of the security protection means causes the detection results obtained at different detection points to contain different information, and the different information embodies the role of the security protection means.
Preferably, in S2, the specific operation of fusing the clustered results by DS evidence reasoning is as follows:
taking each clustered result as an evidence, and calculating a basic probability assignment function, a likelihood function and a trust function of each evidence; calculating a basic probability assignment function, a likelihood function and a confidence function of all evidences under the joint action based on a DS evidence combination rule; and acquiring situation elements according to a preset decision rule.
Preferably, in S2, the method further includes the steps of:
and analyzing the behavior route and the individual characteristics of the attacker by utilizing the analysis result of the big data, summarizing and analyzing the behavior route and the individual characteristics of the attacker according to the attack behavior data of the attacker, classifying the behavior route of the attacker as a defense basis, and monitoring and submitting alarm information according to the behavior data of the attacker.
Preferably, in S4, security management of the data information is also included, that is, an information security management system needs to be constructed, including a network management system, a data backup system, a data encryption system, and a control access object system.
Preferably, the network management system isolates the illegal request through a firewall and establishes an intrusion detection mechanism; the data backup system restores damaged data through data backup, and the data damage is reduced to the minimum; the data encryption system adopts the mode that data is converted into ciphertext data in the transmission process, and data transmission is encrypted; and controlling an access object system to protect the data by limiting the access authority through the user identity authentication of the access data.
Preferably, in S5, the comparison work includes the following two aspects:
one is to compare the data flow facing the network with the detection result of the service request flow facing the host computer of each branch network; the second is to compare the service request facing the host with the detection result of the service response flow.
Preferably, in S8, the method further includes the steps of:
evaluating the network security situation and threat through a hierarchical model, and predicting the network security situation within a set time length in the future by using historical data and the current network security situation;
judging whether the network security is threatened or not according to a set threshold value; and if the evaluation situation value is smaller than the threshold value, the network security is judged not to be threatened.
The technical scheme of the invention has the following beneficial technical effects:
firstly, network attack and defense information is obtained to know how the network security state changes and evolves continuously; then, analyzing and processing the acquired network attack and defense data; then the big data platform stores the acquired network attack and defense information and the analysis data to form an original network security database, and integrates a distributed file system and a relational database to form a mixed network security database; then based on a mixed network security database, a security situation element extraction layer compares abnormal detection results of different levels and different granularities, theoretical security threats and actual security threats are obtained through comparison of different levels, defense capability information of the network to each type of security events is obtained, elements of the network security situation in the aspects of security threats and security defense are extracted from the aspects of attack and defense after comparison, the security threat elements are from attack information and comparison between the attack information, and the security defense elements are reflected by comparison between the attack information; finally, based on the network security situation elements generated by objective result comparison, establishing a network security situation evaluation model;
the method and the device can accurately and effectively extract the network security situation elements based on the attack and defense information comparison, are beneficial to objectively establishing a security situation evaluation model, ensure the network security and have excellent use effect.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
The invention provides a network security situation element extraction method based on attack and defense information comparison, which comprises the following steps:
s1, acquiring network attack and defense information to know how the network security state changes and evolves continuously;
the attack information is mainly obtained through flow anomaly detection of different granularities, and the defense information comprises defense data of all safety protection equipment deployed in a network to a safety event and defense data of safety protection measures adopted by each host in the network to the safety event;
s2, analyzing and processing the acquired network attack and defense data, firstly, performing feature extraction and dimensionality reduction on the data samples by manifold learning to obtain output values of the data samples, then, clustering the output values of the data samples by a kernel matching integrated clustering algorithm, and fusing the clustered results by DS evidence reasoning;
s3, the big data platform stores the acquired network attack and defense information and the analysis data to form an original network security database;
s4, integrating the distributed file system and the relational database based on the original network security database to finally form a mixed network security database;
s5, based on the network security database in the mixed form, the security situation element extraction layer compares the abnormal detection results of different levels and different granularities; the comparative work includes the following two aspects:
the method comprises the steps that firstly, comparison is carried out between a data stream facing a network and a service request stream detection result facing a host machine of each branch network, and secondly, comparison is carried out between a service request facing the host machine and a service response stream detection result, and the two comparisons are used for finding out elements of network security situation in the aspects of security threat and security defense from the aspects of attack and defense;
s6, obtaining theoretical security threats and actual security threats through comparison of different layers, and obtaining defense capability information of the network to each type of security events;
s7, after comparison, extracting elements of the network security situation in the aspects of security threat and security defense from the aspects of attack and defense;
the security threat elements mainly come from the contrast between attack information and attack information, and the security defense elements are reflected by the contrast between the attack information;
s8, establishing a network security situation evaluation model based on the network security situation elements generated by objective result comparison, and evaluating the network security situation according to the network security situation evaluation model.
In an alternative embodiment, in S1, the security protection means includes firewall and anti-virus software, and the presence of the security protection means makes the detection results obtained from different detection points contain different information, and these different information embody the role of the security protection means.
In an alternative embodiment, in S2, the specific operation of fusing the clustered results by using DS evidence reasoning is as follows: taking each clustered result as an evidence, and calculating a basic probability assignment function, a likelihood function and a trust function of each evidence; calculating a basic probability assignment function, a likelihood function and a confidence function of all evidences under the joint action based on a DS evidence combination rule; and acquiring situation elements according to a preset decision rule.
In an optional embodiment, in S2, the method further includes the following steps: and analyzing the behavior route and the individual characteristics of the attacker by utilizing the analysis result of the big data, summarizing and analyzing the behavior route and the individual characteristics of the attacker according to the attack behavior data of the attacker, classifying the behavior route of the attacker as a defense basis, and monitoring and submitting alarm information according to the behavior data of the attacker.
In an alternative embodiment, in S4, security management of the data information is further included, that is, an information security management system needs to be constructed, including a network management system, a data backup system, a data encryption system, and a control access object system; the network management system isolates illegal requests through a firewall and establishes an intrusion detection mechanism; the data backup system restores damaged data through data backup, and the data damage is reduced to the minimum; the data encryption system adopts the mode that data is converted into ciphertext data in the transmission process, and data transmission is encrypted; and controlling an access object system to protect the data by limiting the access authority through the user identity authentication of the access data.
In an optional embodiment, in S8, the method further includes the following steps: evaluating the network security situation and threat through a hierarchical model, and predicting the network security situation within a set time length in the future by using historical data and the current network security situation; judging whether the network security is threatened or not according to a set threshold value; and if the evaluation situation value is smaller than the threshold value, the network security is judged not to be threatened.
In the invention, network attack and defense information is firstly obtained to know how the network security state changes and evolves continuously, the attack information is mainly obtained by flow anomaly detection with different granularities, and the defense information comprises defense data of all security protection equipment deployed in the network to security events and defense data of security protection means adopted by each host in the network to the security events; then analyzing and processing the acquired network attack and defense data, utilizing manifold learning to perform feature extraction and dimension reduction on the data samples to obtain output values of the data samples, utilizing a kernel matching integrated clustering algorithm to cluster the output values of the data samples, and adopting DS evidence reasoning to fuse the clustered results; then the big data platform stores the acquired network attack and defense information and the analysis data to form an original network security database, and integrates a distributed file system and a relational database to form a mixed network security database; then based on a mixed network security database, a security situation element extraction layer carries out comparison work on abnormal detection results of different levels and different granularities, wherein the comparison work comprises two aspects, one is that the data flow facing a network is compared with the service request flow detection result facing a host of each branch network, the other is that the service request facing the host is compared with the service response flow detection result, elements of the network security situation in the aspects of security threat and security defense are found through comparison, and the security state of the network is continuously changed and evolved in the process of attacking and preventing the trade-off, so that the research on the security state can start from information of the two aspects of network attack and prevention;
then, comparing different levels to obtain theoretical security threat and actual security threat, obtaining defense capability information of the network to each type of security event, and extracting elements of network security situation in the aspects of security threat and security defense from the aspects of attack and defense after comparison, wherein the security threat elements mainly come from the comparison between attack information and attack information, and the security defense elements are reflected by the comparison between the attack information; finally, based on the network security situation elements generated by objective result comparison, establishing a network security situation evaluation model, and evaluating the network security situation according to the network security situation evaluation model;
the method and the device can accurately and effectively extract the network security situation elements based on the attack and defense information comparison, are beneficial to objectively establishing a security situation evaluation model, ensure the network security and have excellent use effect.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (8)
1. A network security situation element extraction method based on attack and defense information comparison is characterized by comprising the following steps:
s1, acquiring network attack and defense information to know how the network security state changes and evolves continuously;
the attack information is mainly obtained through flow anomaly detection of different granularities, and the defense information comprises defense data of all safety protection equipment deployed in a network to a safety event and defense data of safety protection measures adopted by each host in the network to the safety event;
s2, analyzing and processing the acquired network attack and defense data, firstly, performing feature extraction and dimensionality reduction on the data samples by manifold learning to obtain output values of the data samples, then, clustering the output values of the data samples by a kernel matching integrated clustering algorithm, and fusing the clustered results by DS evidence reasoning;
s3, the big data platform stores the acquired network attack and defense information and the analysis data to form an original network security database;
s4, integrating the distributed file system and the relational database based on the original network security database to finally form a mixed network security database;
s5, based on the network security database in the mixed form, the security situation element extraction layer compares the abnormal detection results of different levels and different granularities;
s6, obtaining theoretical security threats and actual security threats through comparison of different layers, and obtaining defense capability information of the network to each type of security events;
s7, after comparison, extracting elements of the network security situation in the aspects of security threat and security defense from the aspects of attack and defense;
the security threat elements mainly come from the contrast between attack information and attack information, and the security defense elements are reflected by the contrast between the attack information;
s8, establishing a network security situation evaluation model based on the network security situation elements generated by objective result comparison, and evaluating the network security situation according to the network security situation evaluation model.
2. The method for extracting network security situation elements based on attack and defense information comparison as claimed in claim 1, wherein in S1, the security protection means includes firewall and anti-virus software, and the existence of the protection means causes the detection results obtained from different detection points to contain different information, and the different information embodies the role of the security protection means.
3. The method for extracting network security situation elements based on attack and defense information comparison according to claim 1, wherein in S2, the specific operations of fusing the clustered results by adopting DS evidence reasoning are as follows:
taking each clustered result as an evidence, and calculating a basic probability assignment function, a likelihood function and a trust function of each evidence; calculating a basic probability assignment function, a likelihood function and a confidence function of all evidences under the joint action based on a DS evidence combination rule; and acquiring situation elements according to a preset decision rule.
4. The method for extracting network security situation elements based on attack and defense information comparison according to claim 1, wherein in S2, the method further comprises the following steps:
and analyzing the behavior route and the individual characteristics of the attacker by utilizing the analysis result of the big data, summarizing and analyzing the behavior route and the individual characteristics of the attacker according to the attack behavior data of the attacker, classifying the behavior route of the attacker as a defense basis, and monitoring and submitting alarm information according to the behavior data of the attacker.
5. The method for extracting network security situation elements based on attack and defense information comparison as claimed in claim 1, wherein in S4, security management of data information is further included, that is, an information security management system including a network management system, a data backup system, a data encryption system and a system for controlling access objects needs to be constructed.
6. The method for extracting network security situation elements based on attack and defense information comparison according to claim 5, wherein the network management system isolates illegal requests through a firewall and establishes an intrusion detection mechanism; the data backup system restores damaged data through data backup, and the data damage is reduced to the minimum; the data encryption system adopts the mode that data is converted into ciphertext data in the transmission process, and data transmission is encrypted; and controlling an access object system to protect the data by limiting the access authority through the user identity authentication of the access data.
7. The method for extracting network security situation elements based on attack and defense information comparison according to claim 1, wherein in S5, the comparison includes the following two steps:
one is to compare the data flow facing the network with the detection result of the service request flow facing the host computer of each branch network; the second is to compare the service request facing the host with the detection result of the service response flow.
8. The method for extracting network security situation elements based on attack and defense information comparison according to claim 1, wherein in S8, the method further comprises the following steps:
evaluating the network security situation and threat through a hierarchical model, and predicting the network security situation within a set time length in the future by using historical data and the current network security situation;
judging whether the network security is threatened or not according to a set threshold value; and if the evaluation situation value is smaller than the threshold value, the network security is judged not to be threatened.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010653512.3A CN111885019A (en) | 2020-07-08 | 2020-07-08 | Network security situation element extraction method based on attack and defense information comparison |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010653512.3A CN111885019A (en) | 2020-07-08 | 2020-07-08 | Network security situation element extraction method based on attack and defense information comparison |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111885019A true CN111885019A (en) | 2020-11-03 |
Family
ID=73150480
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010653512.3A Pending CN111885019A (en) | 2020-07-08 | 2020-07-08 | Network security situation element extraction method based on attack and defense information comparison |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111885019A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112367338A (en) * | 2020-11-27 | 2021-02-12 | 腾讯科技(深圳)有限公司 | Malicious request detection method and device |
| CN114006722A (en) * | 2021-09-14 | 2022-02-01 | 上海纽盾科技股份有限公司 | Situation awareness verification method, device and system for discovering threats |
| CN114679333A (en) * | 2022-04-19 | 2022-06-28 | 深圳市永达电子信息股份有限公司 | Dual security decision method based on function and network and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098180A (en) * | 2011-02-17 | 2011-06-15 | 华北电力大学 | Network security situational awareness method |
| CN107623697A (en) * | 2017-10-11 | 2018-01-23 | 北京邮电大学 | A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model |
| CN108512837A (en) * | 2018-03-16 | 2018-09-07 | 西安电子科技大学 | A kind of method and system of the networks security situation assessment based on attacking and defending evolutionary Game |
| CN110380896A (en) * | 2019-07-04 | 2019-10-25 | 湖北央中巨石信息技术有限公司 | Network security situation awareness model and method based on attack graph |
| CN110543761A (en) * | 2019-07-23 | 2019-12-06 | 安徽蓝麦通信股份有限公司 | big data analysis method applied to information security field |
-
2020
- 2020-07-08 CN CN202010653512.3A patent/CN111885019A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098180A (en) * | 2011-02-17 | 2011-06-15 | 华北电力大学 | Network security situational awareness method |
| CN107623697A (en) * | 2017-10-11 | 2018-01-23 | 北京邮电大学 | A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model |
| CN108512837A (en) * | 2018-03-16 | 2018-09-07 | 西安电子科技大学 | A kind of method and system of the networks security situation assessment based on attacking and defending evolutionary Game |
| CN110380896A (en) * | 2019-07-04 | 2019-10-25 | 湖北央中巨石信息技术有限公司 | Network security situation awareness model and method based on attack graph |
| CN110543761A (en) * | 2019-07-23 | 2019-12-06 | 安徽蓝麦通信股份有限公司 | big data analysis method applied to information security field |
Non-Patent Citations (1)
| Title |
|---|
| 姚东: "基于流的大规模网络安全态势感知关键技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112367338A (en) * | 2020-11-27 | 2021-02-12 | 腾讯科技(深圳)有限公司 | Malicious request detection method and device |
| CN114006722A (en) * | 2021-09-14 | 2022-02-01 | 上海纽盾科技股份有限公司 | Situation awareness verification method, device and system for discovering threats |
| CN114006722B (en) * | 2021-09-14 | 2023-10-03 | 上海纽盾科技股份有限公司 | Situation awareness verification method, device and system for detecting threat |
| CN114679333A (en) * | 2022-04-19 | 2022-06-28 | 深圳市永达电子信息股份有限公司 | Dual security decision method based on function and network and computer readable storage medium |
| CN114679333B (en) * | 2022-04-19 | 2024-06-04 | 深圳市永达电子信息股份有限公司 | Dual security decision method based on function and network and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106790023B (en) | Network security Alliance Defense method and apparatus | |
| KR100351306B1 (en) | Intrusion Detection System using the Multi-Intrusion Detection Model and Method thereof | |
| CN111885019A (en) | Network security situation element extraction method based on attack and defense information comparison | |
| Sandhu et al. | A survey of intrusion detection & prevention techniques | |
| CN112560027A (en) | Data safety monitoring system | |
| CN114372286A (en) | Data security management method and device, computer equipment and storage medium | |
| KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
| CN115758355A (en) | Lesojous software defense method and system based on fine-grained access control | |
| CN110543761A (en) | big data analysis method applied to information security field | |
| Mangrulkar et al. | Network attacks and their detection mechanisms: A review | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| Kiran et al. | Intrusion Detection System Using Machine Learning | |
| CN115694928A (en) | Cloud honeypot of whole-ship computing environment, attack event perception and behavior analysis method | |
| CN116915515B (en) | Access security control method and system for industrial control network | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| Farook et al. | Implementation of Intrusion Detection Systems for High Performance Computing Environment Applications | |
| CN117319090A (en) | Intelligent network safety protection system | |
| Agrawal et al. | A SURVEY ON ATTACKS AND APPROACHES OF INTRUSION DETECTION SYSTEMS. | |
| CN115766235A (en) | Network security early warning system and early warning method | |
| CN113079182B (en) | Network security control system | |
| Hakkoymaz | Classifying database users for intrusion prediction and detection in data security | |
| CN106993005A (en) | The method for early warning and system of a kind of webserver | |
| CN114124453A (en) | Network security information processing method and device, electronic equipment and storage medium | |
| CN113542186A (en) | Monitoring system based on network security and early warning method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201103 |
|
| RJ01 | Rejection of invention patent application after publication |