CN115051879A - Data analysis system of network security situation perception system based on machine learning - Google Patents
Data analysis system of network security situation perception system based on machine learning Download PDFInfo
- Publication number
- CN115051879A CN115051879A CN202210983676.1A CN202210983676A CN115051879A CN 115051879 A CN115051879 A CN 115051879A CN 202210983676 A CN202210983676 A CN 202210983676A CN 115051879 A CN115051879 A CN 115051879A
- Authority
- CN
- China
- Prior art keywords
- network
- security
- data
- network security
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a data analysis system of a network security situation perception system based on machine learning, which comprises a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation, the loophole of an operating system and the vulnerability of terminal equipment, and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats.
Description
Technical Field
The invention relates to the technical field of network security situation analysis, in particular to a data analysis system of a network security situation perception system based on machine learning.
Background
The network security situation awareness means that in a large-scale network environment, security elements which can cause network situation changes are acquired, understood and displayed, and the future network security development trend is predicted according to the security elements; with the integration and development of technologies such as internet, cloud computing, 5G and the like, the technology of internet of things is more and more mature, the network is not only information intercommunication between people, but also information intercommunication between people and terminals and between terminals, and the production and life efficiency of people is continuously improved; but when the industrial internet and the consumption internet are fused, the risk of network security threats is higher and higher, and the network security situation sensing system judges and warns the current network and threats which may occur in the future by collecting and sorting data, and gives an analysis report to help make network security precautionary measures; however, malicious attacks and stealing behaviors based on the network are also increasingly developed, and threats such as viruses, trojans, hackers, hostility and the like are more and more, so people need a data analysis system of a network security situation awareness system based on machine learning to solve the problems.
Disclosure of Invention
The invention aims to provide a data analysis system of a network security situation awareness system based on machine learning, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: the system comprises a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation behaviors, the vulnerability of terminal equipment and the vulnerability of an operating system and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats.
Furthermore, the security element acquisition module comprises a user behavior acquisition unit, a terminal device acquisition unit and an operating system acquisition unit, wherein the user behavior acquisition unit is used for acquiring behavior habit data generated in the process of operating the terminal device and the operating system by a user in a network; the terminal equipment acquisition unit is used for acquiring parameter information of terminal equipment in a network, connection conditions among the terminal equipment and information used by the mobile storage medium among the terminal equipment; the operating system acquisition unit is used for acquiring system log information, application log information and network log information of operating system operation in a network.
Furthermore, the security situation analysis module comprises a first analysis unit, a second analysis unit and a third analysis unit, wherein the first analysis unit is used for acquiring data acquired by the user behavior acquisition unit and analyzing whether behavior habits of a user for operating the terminal device and operating the operating system in the network are abnormal or not; the second analysis unit is used for acquiring the data acquired by the terminal equipment acquisition unit and analyzing the vulnerability of the terminal equipment in the process of operating the terminal equipment by a user in the network; the third analysis unit is used for acquiring the data acquired by the operating system acquisition unit and analyzing the compatibility of the operating system, the security loopholes of the operating system and the security of data storage in the operating system in the running process of the operating system in the network.
Further, the network security planning module comprises a security evaluation unit and a security management unit, wherein the security evaluation unit is used for receiving the network security situation analysis report obtained by the security situation analysis module and sending security early warning to the network security early warning module according to the current and future network security threats analyzed in the network security situation analysis report; and the safety management unit is used for establishing a network safety management system and formulating a network safety emergency response scheme.
Further, the network security early warning module comprises an early warning visualization unit and an emergency response unit, wherein the early warning visualization unit is used for converting the network security threat analyzed in the network security situation analysis report from professional network security wordings into specific execution instructions to be provided for the manager; the emergency response unit is used for monitoring the behaviors of users in the network, the operation of an operating system and the operation of terminal equipment in real time and carrying out emergency treatment on sudden network security threats.
The data analysis method of the network security situation awareness system based on machine learning comprises the following steps:
s1: the safety element acquisition module acquires data of an operating system, data of terminal equipment and behavior habit data of a user in a network;
s2: the security situation analysis module acquires and analyzes the data acquired by the security element acquisition module to obtain a network security situation analysis report;
s3: the network security planning module performs network security planning according to the network security situation analysis report, establishes a network security management system and formulates a network security emergency response scheme;
s4: and the network security early warning module performs visual analysis according to the early warning sent by the network security situation analysis report to obtain a specific execution instruction.
Further, in step S1: the safety acquisition module acquires data of an operating system in a network, including version, network protocol, safety configuration and firewall information of the operating system, to obtain a group of operating system data set A =、、...、M represents the data type of the operating system; collecting data of terminal equipment in network, including equipment manufacturer, equipment service life, interface connection condition and mobile storage mediumObtaining a group of terminal data set B = tone under the using condition、、、...、N represents the type of terminal equipment data; collecting behavior habit data of a user, including a user login account, an IP address, a browsing page and a reading file, to obtain a group of user behavior habit data sets C = &、、、...、And k represents the data types of the behavior habits of the users.
Further, in step S2: the security situation analysis module obtains a data set A, B, C, and first calculates the mean value of the set A, B, C by using a covariance analysis algorithm, wherein the mean value calculation formula is as follows:
wherein the content of the first and second substances,is the value of the ith entry in the collection, d is the total number of the collection,is the mean value; next, the variance of the set A, B, C is calculated, the variance calculation formula is:
whereinIs the variance of the set; then, the degree of correlation between any two data in the set is calculated according to a covariance formula, wherein the covariance formula is as follows:
finally, a covariance matrix formed by the covariance of the ith element and the jth element in the set is obtained as follows:
if the value of the covariance matrix D is greater than 0, it indicates that the A, B, C data in the set are positively correlated with the cyber-security threat, if the value of the covariance matrix D is less than 0, it indicates that the A, B, C data in the set are negatively correlated with the cyber-security threat, and if the value of the covariance matrix D is equal to 0, it indicates that the A, B, C data in the set are not correlated with the cyber-security threat; and (4) obtaining a network situation analysis report according to the covariance matrix D of the three sets of sets A, B, C.
Further, in step S3: the network security planning module receives the network situation analysis report and carries out network security planning according to the network situation analysis report, and the network security planning comprises the following steps:
s301, comprehensively checking the operating system in the network, updating security patches, and comprehensively repairing operating system bugs; reinforcing security configuration, checking network password intensity, deleting redundant expired accounts, closing default opening sharing and high-risk port investigation;
s302, increasing user operation permission, and carrying out permission classification according to different user accounts to limit the operation of part of users; monitoring the behavior of a user entering a network in real time, and early warning abnormal behavior; upgrading data protection in the network, and verifying the data again when a user accesses and acquires the data;
s303, upgrading the terminal equipment, checking the manufacturing information of the terminal equipment, updating the firmware of the equipment incompatible with the update of the latest operating system, replacing the terminal equipment with data leakage, and managing and controlling the use of the mobile storage medium among the terminal equipment;
according to the network safety planning, a safety management system is established and a network safety emergency response scheme is formulated, wherein the safety management system comprises:
s311, training network safety awareness of operating terminal equipment personnel;
s312, performing safety evaluation on the operating system and the terminal equipment regularly;
s313, a security technology defense system is established in the aspects of architecture optimization, security operation and maintenance, monitoring and early warning.
Further, in step S4: and the network security early warning module receives the network security threat risk early warning, and performs visual analysis on professional network security expressions in the early warning to convert the professional network security expressions into executable simple instructions.
Compared with the prior art, the invention has the following beneficial effects: the method comprises the steps that behavior habit data of user operation in a network, parameter information of terminal equipment and operation data of an operation system are collected through a security element collection module, then a security situation analysis module analyzes the data collected by the security element collection module through a covariance analysis algorithm to obtain the user behavior habits, the degree of correlation between the terminal equipment and the operation system and network security threats to obtain a network situation security analysis report, a network security planning module carries out network security planning according to the network situation security analysis report, a network security management system is established and a network security emergency response scheme is formulated, aiming at network security threat early warning mentioned in the report, the network security early warning module carries out visual analysis, professional network security terms are converted into simple executable instructions to be provided for security management personnel, and meanwhile, the network security early warning module can monitor behaviors of users in the network in real time, And the operation of the operating system and the operation of the terminal equipment carry out emergency treatment on the sudden network security threat.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic structural diagram of a data analysis system of a machine learning-based network security situation awareness system according to the present invention;
FIG. 2 is a schematic flow chart of the data analysis method of the machine learning-based network security situation awareness system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the present invention provides a technical solution: the system comprises a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation behaviors, the vulnerability of terminal equipment and the vulnerability of an operating system and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats.
The safety element acquisition module comprises a user behavior acquisition unit, a terminal equipment acquisition unit and an operating system acquisition unit, wherein the user behavior acquisition unit is used for acquiring behavior habit data generated in the process of operating the terminal equipment and the operating system by a user in a network; the terminal equipment acquisition unit is used for acquiring parameter information of terminal equipment in a network, connection conditions among the terminal equipment and information used by the mobile storage medium among the terminal equipment; the operating system acquisition unit is used for acquiring system log information, application log information and network log information of operating system operation in the network.
The security situation analysis module comprises a first analysis unit, a second analysis unit and a third analysis unit, wherein the first analysis unit is used for acquiring data acquired by the user behavior acquisition unit and analyzing whether behavior habits of a user for operating the terminal equipment and an operating system in a network are abnormal or not; the second analysis unit is used for acquiring the data acquired by the terminal equipment acquisition unit and analyzing the vulnerability of the terminal equipment in the process of operating the terminal equipment by a user in the network; the third analysis unit is used for acquiring the data acquired by the operating system acquisition unit and analyzing the compatibility of the operating system, the security loopholes of the operating system and the security of data storage in the operating system in the running process of the operating system in the network.
The network security planning module comprises a security evaluation unit and a security management unit, wherein the security evaluation unit is used for receiving a network security situation analysis report obtained by the security situation analysis module and sending security early warning to the network security early warning module according to the current and future network security threats analyzed in the network security situation analysis report; and the safety management unit is used for establishing a network safety management system and formulating a network safety emergency response scheme.
The network security early warning module comprises an early warning visualization unit and an emergency response unit, wherein the early warning visualization unit is used for converting network security threats analyzed in a network security situation analysis report from professional network security expressions into specific execution instructions to be provided for management personnel; the emergency response unit is used for monitoring the behaviors of users in the network, the operation of an operating system and the operation of terminal equipment in real time and carrying out emergency treatment on sudden network security threats.
The data analysis method of the network security situation awareness system based on machine learning comprises the following steps:
s1: the safety element acquisition module acquires data of an operating system, data of terminal equipment and behavior habit data of a user in a network;
s2: the security situation analysis module acquires and analyzes the data acquired by the security element acquisition module to obtain a network security situation analysis report;
s3: the network security planning module performs network security planning according to the network security situation analysis report, establishes a network security management system and formulates a network security emergency response scheme;
s4: and the network security early warning module performs visual analysis according to the early warning sent by the network security situation analysis report to obtain a specific execution instruction.
In step S1: the security acquisition module acquires data of an operating system in a network, including version, network protocol, security configuration and firewall information of the operating system, to obtain a group of operating system data set A = &、、...、M represents the data type of the operating system; collecting data of terminal equipment in a network, wherein the data comprises equipment manufacturers, equipment service life, interface connection condition and mobile storage medium service condition to obtain a group of terminal data sets B = &、、、...、N represents the type of terminal equipment data; collecting behavior habit data of a user, including a user login account, an IP address, a browsing page and a reading file, to obtain a group of user behavior habit data sets C = &、、、...、And k represents the data types of the behavior habits of the users.
In step S2: the security situation analysis module obtains a data set A, B, C, and first calculates the mean value of the set A, B, C by using a covariance analysis algorithm, wherein the mean value calculation formula is as follows:
wherein the content of the first and second substances,is the value of the ith entry in the collection, d is the total number of the collection,is an average value;next, the variance of the set A, B, C is calculated, the variance calculation formula is:
whereinIs the variance of the set; then, the degree of correlation between any two data in the set is calculated according to a covariance formula, wherein the covariance formula is as follows:
finally, a covariance matrix formed by the covariance of the ith element and the jth element in the set is obtained as follows:
if the value of the covariance matrix D is greater than 0, it indicates that the A, B, C data in the set are positively correlated with the cyber-security threat, if the value of the covariance matrix D is less than 0, it indicates that the A, B, C data in the set are negatively correlated with the cyber-security threat, and if the value of the covariance matrix D is equal to 0, it indicates that the A, B, C data in the set are not correlated with the cyber-security threat; and (5) according to the values of the covariance matrix D of the three sets of A, B, C, obtaining a network situation analysis report.
In step S3: the network security planning module receives the network situation analysis report and carries out network security planning according to the network situation analysis report, and the network security planning comprises the following steps:
s301, comprehensively checking the operating system in the network, updating security patches, and comprehensively repairing operating system bugs; reinforcing security configuration, checking network password intensity, deleting redundant expired accounts, closing default opening sharing and high-risk port investigation;
s302, increasing user operation permission, and grading the permission according to different user accounts to limit the operation of part of users; monitoring the behavior of a user entering a network in real time, and early warning abnormal behavior; upgrading data protection in the network, and verifying the data again when a user accesses and acquires the data;
s303, upgrading the terminal equipment, checking the manufacturing information of the terminal equipment, updating the firmware of the equipment incompatible with the update of the latest operating system, replacing the terminal equipment with data leakage, and managing and controlling the use of the mobile storage medium among the terminal equipment;
according to the network safety planning, a safety management system is established and a network safety emergency response scheme is formulated, wherein the safety management system comprises:
s311, training network safety awareness of operating terminal equipment personnel;
s312, performing safety evaluation on the operating system and the terminal equipment regularly;
s313, a security technology defense system is established in the aspects of architecture optimization, security operation and maintenance, monitoring and early warning.
In step S4: and the network security early warning module receives the network security threat risk early warning, and performs visual analysis on professional network security expressions in the early warning to convert the professional network security expressions into executable simple instructions.
The first embodiment is as follows: the security element acquisition module acquires behavior habit data of user operation in a network, parameter information of terminal equipment and operation data of an operating system to respectively obtain an operating system data set A = &、、...、Represents the data type of the operating system, and a terminal device data set B = &、、、...、N represents the type of terminal equipment data, and a user behavior habit data set C = &、、、...、K represents the data type of the behavior habit of the user; the security analysis module then utilizes the mean formulaCalculating the mean of the set A, B, C,,Reuse of the variance formulaComputing the variance of the set A, B, C,,And finally using the covariance formulaCalculating the degree of correlation between any two data in the set A, B, C to obtain the covariance matrix of the set A, B, C,,If the value of the covariance matrix is greater than 0, the set data is positively correlated with the network security threat; if the value of the covariance matrix is less than 0, the set data is in negative correlation with the network security threat; if the value of the covariance matrix is equal to 0, the set data is irrelevant to the network security threat, and finally a network security situation analysis report is obtained; and establishing a safety management system and making a network safety emergency response scheme according to the analysis report.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. The data analysis system of the network security situation awareness system based on machine learning is characterized by comprising a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation behaviors, the vulnerability of terminal equipment and the vulnerability of an operating system and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and formulating a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats.
2. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the security element acquisition module comprises a user behavior acquisition unit, a terminal equipment acquisition unit and an operating system acquisition unit, wherein the user behavior acquisition unit is used for acquiring behavior habit data generated in the process of operating the terminal equipment and the operating system by a user in a network; the terminal equipment acquisition unit is used for acquiring parameter information of terminal equipment in a network, connection conditions among the terminal equipment and information used by the mobile storage medium among the terminal equipment; the operating system acquisition unit is used for acquiring system log information, application log information and network log information of operating system operation in a network.
3. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the security situation analysis module comprises a first analysis unit, a second analysis unit and a third analysis unit, wherein the first analysis unit is used for acquiring data acquired by the user behavior acquisition unit and analyzing whether behavior habits of a user in operating the terminal equipment and operating the operating system in a network are abnormal or not; the second analysis unit is used for acquiring the data acquired by the terminal equipment acquisition unit and analyzing the vulnerability of the terminal equipment in the process of operating the terminal equipment by a user in the network; the third analysis unit is used for acquiring the data acquired by the operating system acquisition unit and analyzing the compatibility of the operating system in the network, security holes existing in the operating system and the security of data storage in the operating system.
4. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the network security planning module comprises a security evaluation unit and a security management unit, wherein the security evaluation unit is used for receiving a network security situation analysis report obtained by the security situation analysis module and sending security early warning to the network security early warning module according to the current and future network security threats analyzed in the network security situation analysis report; and the safety management unit is used for establishing a network safety management system and formulating a network safety emergency response scheme.
5. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the network security early warning module comprises an early warning visualization unit and an emergency response unit, wherein the early warning visualization unit is used for converting network security threats analyzed in a network security situation analysis report from professional network security expressions into specific execution instructions to be provided for management personnel; the emergency response unit is used for monitoring the behaviors of users in the network, the operation of an operating system and the operation of terminal equipment in real time and carrying out emergency treatment on sudden network security threats.
6. The data analysis method of the network security situation awareness system based on machine learning is characterized by comprising the following steps:
s1: the safety element acquisition module acquires data of an operating system, data of terminal equipment and behavior habit data of a user in a network;
s2: the security situation analysis module acquires and analyzes the data acquired by the security element acquisition module to obtain a network security situation analysis report;
s3: the network security planning module performs network security planning according to the network security situation analysis report, establishes a network security management system and formulates a network security emergency response scheme;
s4: and the network security early warning module performs visual analysis according to the early warning sent by the network security situation analysis report to obtain a specific execution instruction.
7. The data analysis method of the machine learning based network security situation awareness system according to claim 6, wherein: in step S1: the security acquisition module acquires data of an operating system in a network, including version, network protocol, security configuration and firewall information of the operating system, to obtain a group of operating system data set A = &、、...、M represents the data type of the operating system; collecting data of terminal equipment in network, including equipment manufacturer, equipment service life, interface connection condition and mobile storage medium service condition to obtain a group of terminal data setB={、、、...、N represents the type of terminal equipment data; collecting behavior habit data of a user, including a user login account, an IP address, a browsing page and a reading file, to obtain a group of user behavior habit data sets C = &、、、...、And k represents the data types of the behavior habits of the users.
8. The data analysis method of the machine learning based network security situation awareness system according to claim 6, wherein: in step S2: the security situation analysis module obtains a data set A, B, C, and first calculates the mean value of the set A, B, C by using a covariance analysis algorithm, wherein the mean value calculation formula is as follows:
wherein the content of the first and second substances,is the value of the ith entry in the collection, d is the total number of the collection,is an average value; next, the variance of the set A, B, C is calculated, the variance calculation formula is:
whereinIs the variance of the set; then, the degree of correlation between any two data in the set is calculated according to a covariance formula, wherein the covariance formula is as follows:
finally, a covariance matrix formed by the covariance of the ith element and the jth element in the set is obtained as follows:
if the value of the covariance matrix D is greater than 0, it indicates that the A, B, C data in the set are positively correlated with the cyber-security threat, if the value of the covariance matrix D is less than 0, it indicates that the A, B, C data in the set are negatively correlated with the cyber-security threat, and if the value of the covariance matrix D is equal to 0, it indicates that the A, B, C data in the set are not correlated with the cyber-security threat; and (4) obtaining a network situation analysis report according to the covariance matrix D of the three sets of sets A, B, C.
9. The data analysis method of the machine learning based network security situation awareness system according to claim 6, wherein: in step S3: the network security planning module receives the network situation analysis report and carries out network security planning according to the network situation analysis report, and the network security planning comprises the following steps:
s301, comprehensively checking the operating system in the network, updating security patches, and comprehensively repairing operating system bugs; reinforcing security configuration, checking network password intensity, deleting redundant expired accounts, closing default opening sharing and high-risk port investigation;
s302, increasing user operation permission, and carrying out permission classification according to different user accounts to limit the operation of part of users; monitoring the behavior of a user entering a network in real time, and early warning abnormal behavior; upgrading data protection in the network, and verifying the data again when a user accesses and acquires the data;
s303, upgrading the terminal equipment, checking the manufacturing information of the terminal equipment, updating the firmware of the equipment incompatible with the update of the latest operating system, replacing the terminal equipment with data leakage, and managing and controlling the use of the mobile storage medium among the terminal equipment;
according to the network safety planning, a safety management system is established and a network safety emergency response scheme is formulated, wherein the safety management system comprises:
s311, training network safety awareness of operating terminal equipment personnel;
s312, performing safety evaluation on the operating system and the terminal equipment regularly;
s313, a security technology defense system is established in the aspects of architecture optimization, security operation and maintenance, monitoring and early warning.
10. The data analysis method of the machine learning based network security situation awareness system according to claim 6, wherein: in step S4: and the network security early warning module receives the network security threat risk early warning, and performs visual analysis on professional network security expressions in the early warning to convert the professional network security expressions into executable simple instructions.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210983676.1A CN115051879B (en) | 2022-08-17 | 2022-08-17 | Data analysis system of network security situation perception system based on machine learning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210983676.1A CN115051879B (en) | 2022-08-17 | 2022-08-17 | Data analysis system of network security situation perception system based on machine learning |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115051879A true CN115051879A (en) | 2022-09-13 |
CN115051879B CN115051879B (en) | 2022-11-22 |
Family
ID=83166942
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210983676.1A Active CN115051879B (en) | 2022-08-17 | 2022-08-17 | Data analysis system of network security situation perception system based on machine learning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115051879B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115361227A (en) * | 2022-09-22 | 2022-11-18 | 珠海市鸿瑞信息技术股份有限公司 | Network security detection system and method based on data visualization |
CN115567258A (en) * | 2022-09-16 | 2023-01-03 | 中国联合网络通信集团有限公司 | Network security situation awareness method, system, electronic device and storage medium |
CN115766138A (en) * | 2022-11-03 | 2023-03-07 | 国家工业信息安全发展研究中心 | Industrial internet enterprise network security grading evaluation method and system |
CN116595512A (en) * | 2023-04-10 | 2023-08-15 | 广东堡塔安全技术有限公司 | Third party server safety management system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160197953A1 (en) * | 2011-12-22 | 2016-07-07 | Quantar Solutions Limited | Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network |
US20160330219A1 (en) * | 2015-05-04 | 2016-11-10 | Syed Kamran Hasan | Method and device for managing security in a computer network |
CN109814179A (en) * | 2019-01-04 | 2019-05-28 | 南京信息工程大学 | A kind of emergency communication processing system based on cloud perception |
CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
-
2022
- 2022-08-17 CN CN202210983676.1A patent/CN115051879B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160197953A1 (en) * | 2011-12-22 | 2016-07-07 | Quantar Solutions Limited | Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network |
US20160330219A1 (en) * | 2015-05-04 | 2016-11-10 | Syed Kamran Hasan | Method and device for managing security in a computer network |
CN109814179A (en) * | 2019-01-04 | 2019-05-28 | 南京信息工程大学 | A kind of emergency communication processing system based on cloud perception |
CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
Non-Patent Citations (1)
Title |
---|
陶源等: "网络安全态势感知关键技术研究及发展趋势分析", 《信息网络安全》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115567258A (en) * | 2022-09-16 | 2023-01-03 | 中国联合网络通信集团有限公司 | Network security situation awareness method, system, electronic device and storage medium |
CN115567258B (en) * | 2022-09-16 | 2024-03-01 | 中国联合网络通信集团有限公司 | Network security situation awareness method, system, electronic equipment and storage medium |
CN115361227A (en) * | 2022-09-22 | 2022-11-18 | 珠海市鸿瑞信息技术股份有限公司 | Network security detection system and method based on data visualization |
CN115766138A (en) * | 2022-11-03 | 2023-03-07 | 国家工业信息安全发展研究中心 | Industrial internet enterprise network security grading evaluation method and system |
CN116595512A (en) * | 2023-04-10 | 2023-08-15 | 广东堡塔安全技术有限公司 | Third party server safety management system |
CN116595512B (en) * | 2023-04-10 | 2023-11-07 | 广东堡塔安全技术有限公司 | Third party server safety management system |
Also Published As
Publication number | Publication date |
---|---|
CN115051879B (en) | 2022-11-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN115051879B (en) | Data analysis system of network security situation perception system based on machine learning | |
US11997113B2 (en) | Treating data flows differently based on level of interest | |
CN113965404B (en) | Network security situation self-adaptive active defense system and method | |
CN108646722B (en) | Information security simulation model and terminal of industrial control system | |
CN114584405B (en) | Electric power terminal safety protection method and system | |
US8418247B2 (en) | Intrusion detection method and system | |
WO2021171090A1 (en) | An artificial intelligence adversary red team | |
CN104509034A (en) | Pattern consolidation to identify malicious activity | |
CN104008332A (en) | Intrusion detection system based on Android platform | |
CN110830467A (en) | Network suspicious asset identification method based on fuzzy prediction | |
US20230336581A1 (en) | Intelligent prioritization of assessment and remediation of common vulnerabilities and exposures for network nodes | |
WO2023283357A1 (en) | Intelligent prioritization of assessment and remediation of common vulnerabilities and exposures for network nodes | |
CN113242267A (en) | Situation perception method based on brain-like calculation | |
CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
CN112039858A (en) | Block chain service security reinforcement system and method | |
Snehi et al. | Global intrusion detection environments and platform for anomaly-based intrusion detection systems | |
CN114386034A (en) | Dynamic iterative multi-engine fusion malicious code detection method, device and medium | |
Elfeshawy et al. | Divided two-part adaptive intrusion detection system | |
CN115766235A (en) | Network security early warning system and early warning method | |
Ehis | Optimization of Security Information and Event Management (SIEM) Infrastructures, and Events Correlation/Regression Analysis for Optimal Cyber Security Posture | |
JP2022155520A (en) | System and method for anomaly detection in computer network | |
CN114584358A (en) | Intelligent network security system, device and storage medium based on Bayesian regularization | |
AlSadhan et al. | Leveraging information security continuous monitoring for cyber defense | |
CN113923036A (en) | Block chain information management method and device of continuous immune safety system | |
CN114679291A (en) | System for monitoring industrial network intrusion |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |