CN111913944A - High-safety big data analysis method with alarm function - Google Patents
High-safety big data analysis method with alarm function Download PDFInfo
- Publication number
- CN111913944A CN111913944A CN202010778666.5A CN202010778666A CN111913944A CN 111913944 A CN111913944 A CN 111913944A CN 202010778666 A CN202010778666 A CN 202010778666A CN 111913944 A CN111913944 A CN 111913944A
- Authority
- CN
- China
- Prior art keywords
- data
- alarm
- module
- analysis method
- real
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000007405 data analysis Methods 0.000 title claims abstract description 39
- 238000004458 analytical method Methods 0.000 claims abstract description 24
- 238000012545 processing Methods 0.000 claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 8
- 230000006870 function Effects 0.000 claims description 23
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 238000013500 data storage Methods 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 7
- 238000007726 management method Methods 0.000 claims description 6
- 238000007781 pre-processing Methods 0.000 claims description 6
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 5
- 238000007619 statistical method Methods 0.000 claims description 5
- 230000005856 abnormality Effects 0.000 claims description 4
- 238000012549 training Methods 0.000 claims description 4
- 238000013528 artificial neural network Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 claims description 3
- 238000004140 cleaning Methods 0.000 claims description 3
- 238000003066 decision tree Methods 0.000 claims description 3
- MCSXGCZMEPXKIW-UHFFFAOYSA-N 3-hydroxy-4-[(4-methyl-2-nitrophenyl)diazenyl]-N-(3-nitrophenyl)naphthalene-2-carboxamide Chemical group Cc1ccc(N=Nc2c(O)c(cc3ccccc23)C(=O)Nc2cccc(c2)[N+]([O-])=O)c(c1)[N+]([O-])=O MCSXGCZMEPXKIW-UHFFFAOYSA-N 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 12
- 230000000694 effects Effects 0.000 description 4
- 230000002708 enhancing effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 239000003086 colorant Substances 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000002407 reforming Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/215—Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/258—Data format conversion from or to a database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
- G06F16/285—Clustering or classification
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Alarm Systems (AREA)
Abstract
The invention provides a high-safety big data analysis method with an alarm function, which comprises the following steps: step one, a real-name authentication unit: the user uploads data after the real-name authentication is carried out in advance through the real-name authentication unit, the real-name authentication unit is divided into three modes for different users to select, and a tourist user can input a personal identity card number to enter a certificate verification channel for identity verification. The invention can strictly authenticate the user identity of the uploaded data through the cooperation of the real-name authentication unit, prevent lawless persons and competitors from mixing to cause leakage of enterprise secrets, improve the safety in the data uploading process, pre-process the uploaded data through the data processing unit, and accurately analyze the data through the cooperation of the data analysis unit by respectively utilizing three analysis modes, namely a basic statistic analysis module, an unsupervised analysis module and a supervised analysis module.
Description
Technical Field
The invention relates to the field of big data analysis, in particular to a high-safety big data analysis method with an alarm function.
Background
Big data analysis refers to the analysis of data with huge scale, and big data can be summarized into 5V, and the data Volume is big (Volume), the speed is fast (Velocity), the type is many (Variety), the Value (Value), the reality (Veracity).
For some enterprises with large volume, a big data analysis method is needed to analyze and process mass data, however, in the analysis process of the existing big data analysis method, the data cannot be accurately analyzed, and situations of missing report, wrong report and false report easily occur, so that the level alarm cannot be performed on the analyzed data state, the operation of the whole mechanism of the enterprise is influenced, and the whole company framework of the enterprise is easily influenced in the long term.
Therefore, it is necessary to provide a high-security big data analysis method with an alarm function to solve the above technical problems.
Disclosure of Invention
The invention provides a high-safety big data analysis method with an alarm function, and solves the problems that in the analysis process of the existing big data analysis method, data cannot be accurately analyzed, situations of missing report, wrong report and false report are easy to occur, and therefore the grade alarm cannot be performed on the analyzed data state.
In order to solve the technical problems, the high-safety big data analysis method with the alarm function provided by the invention comprises the following steps:
step one, a real-name authentication unit: the user uploads data after real-name authentication is carried out in advance through the real-name authentication unit, the real-name authentication unit is divided into three modes for different users to select, a tourist user can input a personal identity card number to enter a certificate authentication channel for identity authentication, an internal employee can input a job number and swipe an IC card to respectively enter the job number authentication channel and the IC card authentication channel for identity authentication, and the user uploads the data after the identity authentication is finished;
step two, the data processing unit: firstly, receiving user uploaded data, analyzing the uploaded data, converting the analyzed data into structured data after undergoing deduplication, cleaning and automatic completion processing, then entering a preprocessing stage, rapidly detecting the data in the preprocessing stage, mainly detecting obvious abnormity by adopting a rule detection method, and storing the preprocessed data in a storage module;
step three, a data analysis unit: by carrying out basic statistics on the processed data, including maximum value, minimum value, mean value, standard deviation and the like, the variation range and the law of data characteristics, namely the baseline of a variable can be found out, and then the obtained baseline is subjected to preliminary anomaly detection, for example, the behavior of uploading a data file from an internal server is detected for a specific user, if the data volume of the frequency of uploading the data file in a certain period is obviously increased compared with the historical period, the user may have the anomaly that data is maliciously stolen or an account number is stolen;
because most of the uploaded original data and the preprocessed data are label-free data, the unsupervised analysis module can analyze the label-free data and cluster the data characteristics obtained by statistical analysis by adopting a clustering method, a multi-dimensional baseline of the data can be found out, and as a lot of data are not abnormal when viewed from a single dimension and a plurality of dimensions are put together for analysis, the data are possibly abnormal, the clustering analysis method can find out outliers in the data based on the multi-dimensional baseline and find out potential and unknown data abnormality;
the labeled data are adopted to train an abnormal behavior recognition classifier, such as neural networks, decision trees and the like, the trained classifier is utilized to detect unknown data, abnormal data can be found, abnormal scores are given, after the abnormal data output by the classifier is confirmed by a safety manager, real alarms and false alarms are obtained, the real alarms are input into a platform as new rules, the false alarms are input into a training set of the classifier as a white list, then the classifier is trained iteratively, and the accuracy of the classifier is gradually improved;
step four, a data alarm unit: the analyzed and processed data are transmitted to a data alarm unit, then the data sorting and classifying unit uniformly and orderly classifies the generated alarm information, and the alarm information is respectively transmitted to a three-level internal network alarm module, a two-level external network alarm module and a one-level platform alarm module to be subjected to alarm processing of different levels;
step five, a data presentation unit: and then, carrying out data situation modeling processing according to the alarm information of different levels, carrying out modeling display in a 3D virtual form through a data result display module, and finally storing the transmitted alarm information into a data storage module.
Preferably, the ID card number input by the ID card verification channel in the step one is only the last six digits, the last digit X of the ID card number is replaced by # and the personal mobile phone number is added.
Preferably, the number range of the employee number input by the employee number verification channel in the step one is between 6 and 12, and the employee number information includes a company pinyin abbreviation, an employee enrollment date and an employee location number.
Preferably, the data types uploaded in the second step include logs of the security device, logs of the host and the server, original messages (pcap packets) and netflow data transmitted in the network, and HR internal system data, where the HR internal system data includes departments, authorities, administrative and management scope to which the personnel belong.
Preferably, the judgment basis of the three-level intranet alarm module in the fourth step is that the economic loss is lower than two thousand yuan RMB, the judgment basis of the two-level extranet alarm module is that the economic loss range is from two thousand yuan RMB to two ten thousand yuan RMB, and the judgment basis of the one-level platform alarm module is that the economic loss exceeds two ten thousand yuan RMB and more.
Preferably, the alarm color of the three-level intranet alarm module in the fourth step is yellow, the alarm color of the two-level extranet alarm module is orange, and the alarm color of the one-level platform alarm module is dark red.
Preferably, the data result display module in the fifth step includes a display screen, a mobile smart phone and a PC device, and the data storage module includes an alarm information log, a security information log, a memory management log and a false alarm information log.
Compared with the related technology, the high-safety big data analysis method with the alarm function provided by the invention has the following beneficial effects:
the invention provides a high-safety big data analysis method with an alarm function,
1. the invention can strictly authenticate the user identity of the uploaded data through the matching of the real-name authentication unit, prevent illegal persons and competitors from being mixed to cause secret leakage of enterprises, improve the safety in the data uploading process, pre-process the uploaded data through the data processing unit, accurately analyze the data through the matching of the data analysis unit by respectively utilizing three analysis modes of the basic statistic analysis module, the unsupervised analysis module and the supervised analysis module through the matching of the data analysis unit, thereby avoiding the situations of missing report, wrong report and wrong report of the data information, and carry out grade alarm processing on the data information of missing report, wrong report and wrong report through the matching of the data alarm unit, thereby enhancing the overall alarm effect of the data analysis method, preventing a user from not finding the wrong data information in time to cause more serious consequences, through the data presentation unit, a user can conveniently and visually observe the alarm data information, and the user can summarize experience to lay a foundation for later-stage rectification;
the invention avoids the leakage of the ID card number of the user to cause unnecessary trouble of dispute by adding the mobile phone number of the user when an emergency occurs, and conveniently contacts the user in time by the number range of the employee number between 6-12, thereby preventing the inconvenience input of the employee due to the excessive number of the employee, meanwhile, the employee can not fast remember the number of the employee, and the HR internal system data comprises the department, authority, supervisor role range and branch management role range of the employee by uploading the data types comprising the log of the safety device, the log of the host and the server, the original message (pcap packet) and the netflow data transmitted in the network and the HR internal system data, thereby expanding the range of the uploading data, improving the integral compatibility of the uploading data and enhancing the richness and the multi-directionality of the data, the judgment basis of the three-level internal network alarm module is that the economic loss is lower than two thousand yuan RMB, the judgment basis of the two-level external network alarm module is that the economic loss ranges from two thousand yuan RMB to two ten thousand yuan RMB, the judgment basis of the one-level platform alarm module is that the economic loss exceeds two ten thousand yuan RMB and more, a user can conveniently make corresponding punishment measures according to the alarm level according to the mistake party, the alarm effect of data is further enhanced, the user can conveniently and quickly distinguish the severity of alarm information by using three different colors to represent the three different levels through the fact that the alarm color of the three-level internal network alarm module is yellow, the alarm color of the two-level external network alarm module is orange red and the alarm color of the one-level platform alarm module is dark red, the data result display module comprises a display screen, a mobile intelligent mobile phone and a PC device, and the watching selectivity of the alarm information is improved, the data storage module comprises an alarm information log, a safety information log, a memory management log and a false alarm information log, so that the alarm information of different types can be stored and recorded, and the user can quickly and accurately find the alarm information of different types at the later stage.
Drawings
FIG. 1 is a flow chart of a method for analyzing big data with alarm function according to a preferred embodiment of the present invention;
FIG. 2 is a system flow diagram of the high security big data analysis method with alarm function shown in FIG. 1;
FIG. 3 is a system block diagram of the real-name authentication unit shown in FIG. 2;
FIG. 4 is a system block diagram of the data processing unit shown in FIG. 2;
FIG. 5 is a system block diagram of the data analysis unit shown in FIG. 2;
FIG. 6 is a system block diagram of the data alarm unit of FIG. 2;
fig. 7 is a system block diagram of the data presentation unit shown in fig. 2.
Detailed Description
The invention is further described with reference to the following figures and embodiments.
Please refer to fig. 1, fig. 2, fig. 3, fig. 4, fig. 5, fig. 6 and fig. 7 in combination, wherein fig. 1 is a flowchart illustrating a method of a high-security big data analysis method with an alarm function according to a preferred embodiment of the present invention; FIG. 2 is a system flow diagram of the high security big data analysis method with alarm function shown in FIG. 1; FIG. 3 is a system block diagram of the real-name authentication unit shown in FIG. 2; FIG. 4 is a system block diagram of the data processing unit shown in FIG. 2; FIG. 5 is a system block diagram of the data analysis unit shown in FIG. 2; FIG. 6 is a system block diagram of the data alarm unit of FIG. 2; fig. 7 is a system block diagram of the data presentation unit shown in fig. 2. The high-safety big data analysis method with the alarm function comprises the following steps of:
step one, a real-name authentication unit: the user uploads data after real-name authentication is carried out in advance through the real-name authentication unit, the real-name authentication unit is divided into three modes for different users to select, a tourist user can input a personal identity card number to enter a certificate authentication channel for identity authentication, an internal employee can input a job number and swipe an IC card to respectively enter the job number authentication channel and the IC card authentication channel for identity authentication, and the user uploads the data after the identity authentication is finished;
step two, the data processing unit: firstly, receiving user uploaded data, analyzing the uploaded data, converting the analyzed data into structured data after undergoing deduplication, cleaning and automatic completion processing, then entering a preprocessing stage, rapidly detecting the data in the preprocessing stage, mainly detecting obvious abnormity by adopting a rule detection method, and storing the preprocessed data in a storage module;
step three, a data analysis unit: by carrying out basic statistics on the processed data, including maximum value, minimum value, mean value, standard deviation and the like, the variation range and the law of data characteristics, namely the baseline of a variable can be found out, and then the obtained baseline is subjected to preliminary anomaly detection, for example, the behavior of uploading a data file from an internal server is detected for a specific user, if the data volume of the frequency of uploading the data file in a certain period is obviously increased compared with the historical period, the user may have the anomaly that data is maliciously stolen or an account number is stolen;
because most of the uploaded original data and the preprocessed data are label-free data, the unsupervised analysis module can analyze the label-free data and cluster the data characteristics obtained by statistical analysis by adopting a clustering method, a multi-dimensional baseline of the data can be found out, and as a lot of data are not abnormal when viewed from a single dimension and a plurality of dimensions are put together for analysis, the data are possibly abnormal, the clustering analysis method can find out outliers in the data based on the multi-dimensional baseline and find out potential and unknown data abnormality;
the labeled data are adopted to train an abnormal behavior recognition classifier, such as neural networks, decision trees and the like, the trained classifier is utilized to detect unknown data, abnormal data can be found, abnormal scores are given, after the abnormal data output by the classifier is confirmed by a safety manager, real alarms and false alarms are obtained, the real alarms are input into a platform as new rules, the false alarms are input into a training set of the classifier as a white list, then the classifier is trained iteratively, and the accuracy of the classifier is gradually improved;
step four, a data alarm unit: the analyzed and processed data are transmitted to a data alarm unit, then the data sorting and classifying unit uniformly and orderly classifies the generated alarm information, and the alarm information is respectively transmitted to a three-level internal network alarm module, a two-level external network alarm module and a one-level platform alarm module to be subjected to alarm processing of different levels;
step five, a data presentation unit: and then, carrying out data situation modeling processing according to the alarm information of different levels, carrying out modeling display in a 3D virtual form through a data result display module, and finally storing the transmitted alarm information into a data storage module.
In the step one, the ID card number input by the certificate verification channel is only the last six digits, and the last X of the ID card number is replaced by the number #, so that the leakage of the ID card number of the user is avoided, unnecessary trouble in dispute is avoided, and the mobile phone number of the user is added, so that the user can be conveniently and timely contacted in case of emergency.
The number range of the employee number input by the employee number verification channel in the step one is 6-12, and the employee number information comprises company pinyin for short, employee enrollment date and employee serial number, so that the condition that the employee is inconvenient to input due to too many employee numbers is prevented, and meanwhile, the employee cannot remember the employee number quickly.
The data types uploaded in the second step comprise logs of the safety equipment, logs of the host and the server, original messages (pcap packets) and netflow data transmitted in the network and HR internal system data, wherein the HR internal system data comprise departments, authorities, administrative and sub-administrative task ranges to which personnel belong, the range of the uploaded data is expanded, the overall compatibility of the uploaded data is improved, and the richness and the multi-directionality of the data are enhanced.
The judgment basis of the three-level intranet alarm module in the fourth step is that the economic loss is lower than two thousand yuan RMB, the judgment basis of the two-level extranet alarm module is that the economic loss range is between two thousand yuan RMB and two ten thousand yuan RMB, and the judgment basis of the one-level platform alarm module is that the economic loss exceeds two ten thousand yuan RMB and more, so that a user can conveniently make corresponding punishment measures according to the alarm level on the basis of the loser, and the alarm effect of data is further enhanced.
The alarm color of the three-level intranet alarm module in the fourth step is yellow, the alarm color of the two-level extranet alarm module is orange red, the alarm color of the one-level platform alarm module is dark red, three different colors represent three different levels, and a user can conveniently and quickly distinguish the severity of the alarm information.
In the fifth step, the data result display module comprises a display screen, a mobile smart phone and a PC (personal computer) device, so that the alarm information watching selectivity is improved, and the data storage module comprises an alarm information log, a safety information log, a memory management log and a misinformation information log, so that the alarm information of different types can be stored and recorded, and the user can quickly and accurately find the alarm information of different types in the later stage.
Compared with the related technology, the high-safety big data analysis method with the alarm function provided by the invention has the following beneficial effects:
the invention can strictly authenticate the user identity of the uploaded data through the matching of the real-name authentication unit, prevent illegal persons and competitors from being mixed to cause secret leakage of enterprises, improve the safety in the data uploading process, can pre-process the uploaded data through the data processing unit, can accurately analyze the data through the matching of the data analysis unit by respectively utilizing three analysis modes of the basic statistic analysis module, the unsupervised analysis module and the supervised analysis module through the matching of the data analysis unit, thereby avoiding the situations of missing report, wrong report and wrong report of the data information, can carry out grade alarm processing on the data information of missing report, wrong report and wrong report through the matching of the data alarm unit, thereby enhancing the overall alarm effect of the data analysis method, preventing a user from not finding the wrong data information in time to cause more serious consequences, and can realize the grade alarm processing through the data presentation unit, the user can conveniently and visually observe the alarm data information, and the user can summarize the experience to lay a foundation for later reforming.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A high-safety big data analysis method with an alarm function is characterized by comprising the following steps:
firstly, a user uploads data after real-name authentication is carried out in advance through a real-name authentication unit, the real-name authentication unit is divided into three modes for different users to select, a tourist user can input a personal identification card number to enter a certificate authentication channel for identity authentication, an internal employee can input a work number and swipe an IC card to respectively enter the work number authentication channel and the IC card authentication channel for identity authentication, and after the identity authentication is finished, the user uploads the data;
secondly, firstly receiving user uploaded data, analyzing the uploaded data, converting the analyzed data into structured data after undergoing repetition, cleaning and automatic completion processing, then entering a preprocessing stage, rapidly detecting the data in the preprocessing stage, mainly detecting obvious abnormity by adopting a rule detection method, and storing the preprocessed data in a storage module;
step three, including:
performing primary anomaly detection by performing basic statistics on the processed data;
clustering the data characteristics obtained by the statistical analysis by adopting a clustering method to find potential and unknown data anomalies; and/or
Training an abnormal behavior recognition classifier by adopting the labeled data, finding abnormal data and confirming the accuracy;
step four, the analyzed and processed data are transmitted to a data alarm unit, then the data sorting and classifying unit carries out unified and regular classification on the generated alarm information, and the alarm information is respectively transmitted to a three-level internal network alarm module, a two-level external network alarm module and a one-level platform alarm module to carry out alarm processing of different levels;
and fifthly, modeling data situation according to the alarm information of different levels, modeling and displaying in a 3D virtual form through a data result display module, and finally storing the transmitted alarm information into a data storage module.
2. The high-security big data analysis method with the alarm function as claimed in claim 1, wherein the ID card number inputted by the ID card verification channel in the step one is only the last six digits, and the last X digit of the ID card number is replaced by # and is added with the personal mobile phone number.
3. The high-security big data analysis method with the alarm function as claimed in claim 1, wherein the number of the employee's job number inputted through the job number verification channel in the step one is in the range of 6-12, and the job number information includes a company pinyin abbreviation, an employee job entry date, and a number where the employee is located.
4. The high-security big data analysis method with alarm function according to claim 1, wherein the data types uploaded in step two include logs of security devices, logs of hosts and servers, raw messages (pcap packets) and netflow data transmitted in a network, and HR internal system data, and the HR internal system data includes departments, authorities, administrative and sub-administrative scope to which the personnel belong.
5. The high-security big data analysis method with alarm function according to claim 1, comprising:
the change range and the law of the data characteristics, namely the baseline of the variable, can be found out by carrying out basic statistics, the maximum value, the minimum value, the mean value, the standard deviation and the like on the processed data, and then carrying out preliminary abnormal detection on the obtained baseline, for example, for a specific user, the behavior of the user for uploading data files from an internal server is detected, if the data volume of the frequency of uploading data files in a certain period is obviously increased compared with the historical period, the user may have the abnormality of maliciously stealing the data or stealing accounts.
6. The high-security big data analysis method with alarm function according to claim 1, wherein a clustering method is adopted to cluster the data features obtained by statistical analysis, and finding potential and unknown data anomalies comprises:
the uploaded original data and the preprocessed data are mostly label-free data, the unsupervised analysis module can analyze the label-free data and cluster the data characteristics obtained by statistical analysis by adopting a clustering method, a multi-dimensional baseline of the data can be found out, and since many data are not abnormal when viewed from a single dimension and are abnormal when multiple dimensions are put together for analysis, the clustering analysis method can find out outliers in the data based on the multi-dimensional baseline and find out potential and unknown data abnormality.
7. The method for analyzing big data with high security and alarm function as claimed in claim 1, wherein the using of these labeled data to train abnormal behavior recognition classifier, finding abnormal data and confirming accuracy comprises:
the labeled data are adopted to train an abnormal behavior recognition classifier, such as neural networks, decision trees and the like, the trained classifier is used for detecting unknown data, abnormal data can be found, abnormal scores are given, after the abnormal data output by the classifier is confirmed by a safety manager, real alarms and false alarms are obtained, the real alarms are input into a platform as new rules, the false alarms are input into a training set of the classifier as a white list, and then the classifier is trained iteratively, so that the accuracy of the classifier is gradually improved.
8. The high-security big data analysis method with alarm function as claimed in claim 1, wherein the judgment basis of the three-level intranet alarm module in the fourth step is that the economic loss is lower than two thousand yuan RMB, the judgment basis of the two-level extranet alarm module is that the economic loss ranges from two thousand yuan RMB to two ten thousand yuan RMB, and the judgment basis of the one-level platform alarm module is that the economic loss exceeds two ten thousand yuan RMB and more.
9. The high-security big data analysis method with alarm function according to claim 1, wherein the alarm color of the three-level intranet alarm module in the fourth step is yellow, the alarm color of the two-level extranet alarm module is orange, and the alarm color of the one-level platform alarm module is deep red.
10. The high-security big data analysis method with the alarm function according to claim 1, wherein the data result display module in the fifth step comprises a display screen, a mobile smart phone and a PC device, and the data storage module comprises an alarm information log, a security information log, a memory management log and a false alarm information log.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010778666.5A CN111913944A (en) | 2020-08-05 | 2020-08-05 | High-safety big data analysis method with alarm function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010778666.5A CN111913944A (en) | 2020-08-05 | 2020-08-05 | High-safety big data analysis method with alarm function |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111913944A true CN111913944A (en) | 2020-11-10 |
Family
ID=73287190
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010778666.5A Pending CN111913944A (en) | 2020-08-05 | 2020-08-05 | High-safety big data analysis method with alarm function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111913944A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112905408A (en) * | 2021-01-12 | 2021-06-04 | 南方电网数字电网研究院有限公司 | Server for electric power operation and maintenance network safety monitoring and early warning system |
| CN113378132A (en) * | 2021-06-30 | 2021-09-10 | 武汉学无止教育科技有限公司 | Education software data processing method based on big data |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580233A (en) * | 2015-01-16 | 2015-04-29 | 重庆邮电大学 | Internet of Things smart home security gateway system |
| CN108062480A (en) * | 2017-12-14 | 2018-05-22 | 徐州汇尔康食品有限公司 | A kind of electric business platform website data protects system |
| CN109450882A (en) * | 2018-10-26 | 2019-03-08 | 安徽继远软件有限公司 | A kind of security management and control system and method for the internet behavior merging artificial intelligence and big data |
| US20190222503A1 (en) * | 2015-09-08 | 2019-07-18 | Uber Technologies, Inc. | System Event Analyzer and Outlier Visualization |
| CN111274227A (en) * | 2020-01-20 | 2020-06-12 | 上海市大数据中心 | Database auditing system and method based on cluster analysis and association rule |
-
2020
- 2020-08-05 CN CN202010778666.5A patent/CN111913944A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580233A (en) * | 2015-01-16 | 2015-04-29 | 重庆邮电大学 | Internet of Things smart home security gateway system |
| US20190222503A1 (en) * | 2015-09-08 | 2019-07-18 | Uber Technologies, Inc. | System Event Analyzer and Outlier Visualization |
| CN108062480A (en) * | 2017-12-14 | 2018-05-22 | 徐州汇尔康食品有限公司 | A kind of electric business platform website data protects system |
| CN109450882A (en) * | 2018-10-26 | 2019-03-08 | 安徽继远软件有限公司 | A kind of security management and control system and method for the internet behavior merging artificial intelligence and big data |
| CN111274227A (en) * | 2020-01-20 | 2020-06-12 | 上海市大数据中心 | Database auditing system and method based on cluster analysis and association rule |
Non-Patent Citations (1)
| Title |
|---|
| 柳兆峰;杨奇;霍永华;谢志敏;: "基于CURE聚类算法的科技情报异常数据检测", 无线电通信技术, vol. 44, no. 06, pages 605 - 609 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112905408A (en) * | 2021-01-12 | 2021-06-04 | 南方电网数字电网研究院有限公司 | Server for electric power operation and maintenance network safety monitoring and early warning system |
| CN113378132A (en) * | 2021-06-30 | 2021-09-10 | 武汉学无止教育科技有限公司 | Education software data processing method based on big data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107528832B (en) | Baseline construction and unknown abnormal behavior detection method for system logs | |
| CN113098892B (en) | Data leakage prevention system and method based on industrial Internet | |
| CN106330919A (en) | Operation and maintenance safety auditing method and system | |
| CN106339679B (en) | A kind of face identification system | |
| CN108833185B (en) | Network attack route restoration method and system | |
| CN110263566B (en) | Method for detecting and classifying authority-raising behaviors of massive logs | |
| CN113726784B (en) | Network data security monitoring method, device, equipment and storage medium | |
| CN111913944A (en) | High-safety big data analysis method with alarm function | |
| CN112953971A (en) | Network security traffic intrusion detection method and system | |
| CN116366374A (en) | Security assessment method, system and medium for power grid network management based on big data | |
| CN112291261A (en) | Network security log audit analysis method driven by knowledge graph | |
| CN117614743B (en) | Phishing early warning method and system thereof | |
| CN107491891A (en) | A kind of safety monitor information cloud plateform system based on Quick Response Code | |
| CN117610045A (en) | Application password monitoring management cloud platform based on commercial password protection | |
| CN111163104B (en) | Network security protection system for enterprise | |
| CN117034305A (en) | Sensitive information identification method, device, computer equipment and readable storage medium | |
| CN116258501A (en) | Electronic transaction data online supervision system and method based on big data | |
| CN110851414A (en) | Method and system for analyzing boundary data by clustering method | |
| CN111126373A (en) | Internet short video violation judgment device and method based on cross-modal identification technology | |
| CN114285596B (en) | Transformer substation terminal account abnormity detection method based on machine learning | |
| CN115567331A (en) | Information safety monitoring system and method based on industrial control protocol | |
| CN116049797A (en) | Intelligent storage system based on data classification system | |
| CN113221107B (en) | Industrial control system-oriented intrusion detection rule matching optimization method | |
| CN115600189A (en) | Commercial password application security evaluation system | |
| CN113568887A (en) | Operation and maintenance operation monitoring method and device based on big data platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20201110 |