CN115051879A - Data analysis system of network security situation perception system based on machine learning - Google Patents

Data analysis system of network security situation perception system based on machine learning Download PDF

Info

Publication number
CN115051879A
CN115051879A CN202210983676.1A CN202210983676A CN115051879A CN 115051879 A CN115051879 A CN 115051879A CN 202210983676 A CN202210983676 A CN 202210983676A CN 115051879 A CN115051879 A CN 115051879A
Authority
CN
China
Prior art keywords
network
security
data
network security
terminal equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210983676.1A
Other languages
Chinese (zh)
Other versions
CN115051879B (en
Inventor
陈良汉
段海宁
洪超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Hongrui Information Technology Co Ltd
Original Assignee
Zhuhai Hongrui Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Hongrui Information Technology Co Ltd filed Critical Zhuhai Hongrui Information Technology Co Ltd
Priority to CN202210983676.1A priority Critical patent/CN115051879B/en
Publication of CN115051879A publication Critical patent/CN115051879A/en
Application granted granted Critical
Publication of CN115051879B publication Critical patent/CN115051879B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Artificial Intelligence (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Alarm Systems (AREA)

Abstract

The invention discloses a data analysis system of a network security situation perception system based on machine learning, which comprises a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation, the loophole of an operating system and the vulnerability of terminal equipment, and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats.

Description

Data analysis system of network security situation perception system based on machine learning
Technical Field
The invention relates to the technical field of network security situation analysis, in particular to a data analysis system of a network security situation perception system based on machine learning.
Background
The network security situation awareness means that in a large-scale network environment, security elements which can cause network situation changes are acquired, understood and displayed, and the future network security development trend is predicted according to the security elements; with the integration and development of technologies such as internet, cloud computing, 5G and the like, the technology of internet of things is more and more mature, the network is not only information intercommunication between people, but also information intercommunication between people and terminals and between terminals, and the production and life efficiency of people is continuously improved; but when the industrial internet and the consumption internet are fused, the risk of network security threats is higher and higher, and the network security situation sensing system judges and warns the current network and threats which may occur in the future by collecting and sorting data, and gives an analysis report to help make network security precautionary measures; however, malicious attacks and stealing behaviors based on the network are also increasingly developed, and threats such as viruses, trojans, hackers, hostility and the like are more and more, so people need a data analysis system of a network security situation awareness system based on machine learning to solve the problems.
Disclosure of Invention
The invention aims to provide a data analysis system of a network security situation awareness system based on machine learning, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: the system comprises a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation behaviors, the vulnerability of terminal equipment and the vulnerability of an operating system and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats.
Furthermore, the security element acquisition module comprises a user behavior acquisition unit, a terminal device acquisition unit and an operating system acquisition unit, wherein the user behavior acquisition unit is used for acquiring behavior habit data generated in the process of operating the terminal device and the operating system by a user in a network; the terminal equipment acquisition unit is used for acquiring parameter information of terminal equipment in a network, connection conditions among the terminal equipment and information used by the mobile storage medium among the terminal equipment; the operating system acquisition unit is used for acquiring system log information, application log information and network log information of operating system operation in a network.
Furthermore, the security situation analysis module comprises a first analysis unit, a second analysis unit and a third analysis unit, wherein the first analysis unit is used for acquiring data acquired by the user behavior acquisition unit and analyzing whether behavior habits of a user for operating the terminal device and operating the operating system in the network are abnormal or not; the second analysis unit is used for acquiring the data acquired by the terminal equipment acquisition unit and analyzing the vulnerability of the terminal equipment in the process of operating the terminal equipment by a user in the network; the third analysis unit is used for acquiring the data acquired by the operating system acquisition unit and analyzing the compatibility of the operating system, the security loopholes of the operating system and the security of data storage in the operating system in the running process of the operating system in the network.
Further, the network security planning module comprises a security evaluation unit and a security management unit, wherein the security evaluation unit is used for receiving the network security situation analysis report obtained by the security situation analysis module and sending security early warning to the network security early warning module according to the current and future network security threats analyzed in the network security situation analysis report; and the safety management unit is used for establishing a network safety management system and formulating a network safety emergency response scheme.
Further, the network security early warning module comprises an early warning visualization unit and an emergency response unit, wherein the early warning visualization unit is used for converting the network security threat analyzed in the network security situation analysis report from professional network security wordings into specific execution instructions to be provided for the manager; the emergency response unit is used for monitoring the behaviors of users in the network, the operation of an operating system and the operation of terminal equipment in real time and carrying out emergency treatment on sudden network security threats.
The data analysis method of the network security situation awareness system based on machine learning comprises the following steps:
s1: the safety element acquisition module acquires data of an operating system, data of terminal equipment and behavior habit data of a user in a network;
s2: the security situation analysis module acquires and analyzes the data acquired by the security element acquisition module to obtain a network security situation analysis report;
s3: the network security planning module performs network security planning according to the network security situation analysis report, establishes a network security management system and formulates a network security emergency response scheme;
s4: and the network security early warning module performs visual analysis according to the early warning sent by the network security situation analysis report to obtain a specific execution instruction.
Further, in step S1: the safety acquisition module acquires data of an operating system in a network, including version, network protocol, safety configuration and firewall information of the operating system, to obtain a group of operating system data set A =
Figure 100002_DEST_PATH_IMAGE002
Figure 100002_DEST_PATH_IMAGE004
、...、
Figure 100002_DEST_PATH_IMAGE006
M represents the data type of the operating system; collecting data of terminal equipment in network, including equipment manufacturer, equipment service life, interface connection condition and mobile storage mediumObtaining a group of terminal data set B = tone under the using condition
Figure 100002_DEST_PATH_IMAGE008
Figure 100002_DEST_PATH_IMAGE010
Figure 100002_DEST_PATH_IMAGE012
、...、
Figure 100002_DEST_PATH_IMAGE014
N represents the type of terminal equipment data; collecting behavior habit data of a user, including a user login account, an IP address, a browsing page and a reading file, to obtain a group of user behavior habit data sets C = &
Figure 100002_DEST_PATH_IMAGE016
Figure 100002_DEST_PATH_IMAGE018
Figure 100002_DEST_PATH_IMAGE020
、...、
Figure 100002_DEST_PATH_IMAGE022
And k represents the data types of the behavior habits of the users.
Further, in step S2: the security situation analysis module obtains a data set A, B, C, and first calculates the mean value of the set A, B, C by using a covariance analysis algorithm, wherein the mean value calculation formula is as follows:
Figure 100002_DEST_PATH_IMAGE024
wherein the content of the first and second substances,
Figure 100002_DEST_PATH_IMAGE026
is the value of the ith entry in the collection, d is the total number of the collection,
Figure 100002_DEST_PATH_IMAGE028
is the mean value; next, the variance of the set A, B, C is calculated, the variance calculation formula is:
Figure 100002_DEST_PATH_IMAGE030
wherein
Figure 100002_DEST_PATH_IMAGE032
Is the variance of the set; then, the degree of correlation between any two data in the set is calculated according to a covariance formula, wherein the covariance formula is as follows:
Figure 100002_DEST_PATH_IMAGE034
finally, a covariance matrix formed by the covariance of the ith element and the jth element in the set is obtained as follows:
D=
Figure 100002_DEST_PATH_IMAGE036
if the value of the covariance matrix D is greater than 0, it indicates that the A, B, C data in the set are positively correlated with the cyber-security threat, if the value of the covariance matrix D is less than 0, it indicates that the A, B, C data in the set are negatively correlated with the cyber-security threat, and if the value of the covariance matrix D is equal to 0, it indicates that the A, B, C data in the set are not correlated with the cyber-security threat; and (4) obtaining a network situation analysis report according to the covariance matrix D of the three sets of sets A, B, C.
Further, in step S3: the network security planning module receives the network situation analysis report and carries out network security planning according to the network situation analysis report, and the network security planning comprises the following steps:
s301, comprehensively checking the operating system in the network, updating security patches, and comprehensively repairing operating system bugs; reinforcing security configuration, checking network password intensity, deleting redundant expired accounts, closing default opening sharing and high-risk port investigation;
s302, increasing user operation permission, and carrying out permission classification according to different user accounts to limit the operation of part of users; monitoring the behavior of a user entering a network in real time, and early warning abnormal behavior; upgrading data protection in the network, and verifying the data again when a user accesses and acquires the data;
s303, upgrading the terminal equipment, checking the manufacturing information of the terminal equipment, updating the firmware of the equipment incompatible with the update of the latest operating system, replacing the terminal equipment with data leakage, and managing and controlling the use of the mobile storage medium among the terminal equipment;
according to the network safety planning, a safety management system is established and a network safety emergency response scheme is formulated, wherein the safety management system comprises:
s311, training network safety awareness of operating terminal equipment personnel;
s312, performing safety evaluation on the operating system and the terminal equipment regularly;
s313, a security technology defense system is established in the aspects of architecture optimization, security operation and maintenance, monitoring and early warning.
Further, in step S4: and the network security early warning module receives the network security threat risk early warning, and performs visual analysis on professional network security expressions in the early warning to convert the professional network security expressions into executable simple instructions.
Compared with the prior art, the invention has the following beneficial effects: the method comprises the steps that behavior habit data of user operation in a network, parameter information of terminal equipment and operation data of an operation system are collected through a security element collection module, then a security situation analysis module analyzes the data collected by the security element collection module through a covariance analysis algorithm to obtain the user behavior habits, the degree of correlation between the terminal equipment and the operation system and network security threats to obtain a network situation security analysis report, a network security planning module carries out network security planning according to the network situation security analysis report, a network security management system is established and a network security emergency response scheme is formulated, aiming at network security threat early warning mentioned in the report, the network security early warning module carries out visual analysis, professional network security terms are converted into simple executable instructions to be provided for security management personnel, and meanwhile, the network security early warning module can monitor behaviors of users in the network in real time, And the operation of the operating system and the operation of the terminal equipment carry out emergency treatment on the sudden network security threat.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic structural diagram of a data analysis system of a machine learning-based network security situation awareness system according to the present invention;
FIG. 2 is a schematic flow chart of the data analysis method of the machine learning-based network security situation awareness system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the present invention provides a technical solution: the system comprises a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation behaviors, the vulnerability of terminal equipment and the vulnerability of an operating system and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and making a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats.
The safety element acquisition module comprises a user behavior acquisition unit, a terminal equipment acquisition unit and an operating system acquisition unit, wherein the user behavior acquisition unit is used for acquiring behavior habit data generated in the process of operating the terminal equipment and the operating system by a user in a network; the terminal equipment acquisition unit is used for acquiring parameter information of terminal equipment in a network, connection conditions among the terminal equipment and information used by the mobile storage medium among the terminal equipment; the operating system acquisition unit is used for acquiring system log information, application log information and network log information of operating system operation in the network.
The security situation analysis module comprises a first analysis unit, a second analysis unit and a third analysis unit, wherein the first analysis unit is used for acquiring data acquired by the user behavior acquisition unit and analyzing whether behavior habits of a user for operating the terminal equipment and an operating system in a network are abnormal or not; the second analysis unit is used for acquiring the data acquired by the terminal equipment acquisition unit and analyzing the vulnerability of the terminal equipment in the process of operating the terminal equipment by a user in the network; the third analysis unit is used for acquiring the data acquired by the operating system acquisition unit and analyzing the compatibility of the operating system, the security loopholes of the operating system and the security of data storage in the operating system in the running process of the operating system in the network.
The network security planning module comprises a security evaluation unit and a security management unit, wherein the security evaluation unit is used for receiving a network security situation analysis report obtained by the security situation analysis module and sending security early warning to the network security early warning module according to the current and future network security threats analyzed in the network security situation analysis report; and the safety management unit is used for establishing a network safety management system and formulating a network safety emergency response scheme.
The network security early warning module comprises an early warning visualization unit and an emergency response unit, wherein the early warning visualization unit is used for converting network security threats analyzed in a network security situation analysis report from professional network security expressions into specific execution instructions to be provided for management personnel; the emergency response unit is used for monitoring the behaviors of users in the network, the operation of an operating system and the operation of terminal equipment in real time and carrying out emergency treatment on sudden network security threats.
The data analysis method of the network security situation awareness system based on machine learning comprises the following steps:
s1: the safety element acquisition module acquires data of an operating system, data of terminal equipment and behavior habit data of a user in a network;
s2: the security situation analysis module acquires and analyzes the data acquired by the security element acquisition module to obtain a network security situation analysis report;
s3: the network security planning module performs network security planning according to the network security situation analysis report, establishes a network security management system and formulates a network security emergency response scheme;
s4: and the network security early warning module performs visual analysis according to the early warning sent by the network security situation analysis report to obtain a specific execution instruction.
In step S1: the security acquisition module acquires data of an operating system in a network, including version, network protocol, security configuration and firewall information of the operating system, to obtain a group of operating system data set A = &
Figure 589810DEST_PATH_IMAGE002
Figure 569267DEST_PATH_IMAGE004
、...、
Figure 909856DEST_PATH_IMAGE006
M represents the data type of the operating system; collecting data of terminal equipment in a network, wherein the data comprises equipment manufacturers, equipment service life, interface connection condition and mobile storage medium service condition to obtain a group of terminal data sets B = &
Figure 367382DEST_PATH_IMAGE008
Figure 447334DEST_PATH_IMAGE010
Figure 597692DEST_PATH_IMAGE012
、...、
Figure 428507DEST_PATH_IMAGE014
N represents the type of terminal equipment data; collecting behavior habit data of a user, including a user login account, an IP address, a browsing page and a reading file, to obtain a group of user behavior habit data sets C = &
Figure 892987DEST_PATH_IMAGE016
Figure 624182DEST_PATH_IMAGE018
Figure 679863DEST_PATH_IMAGE020
、...、
Figure 496509DEST_PATH_IMAGE022
And k represents the data types of the behavior habits of the users.
In step S2: the security situation analysis module obtains a data set A, B, C, and first calculates the mean value of the set A, B, C by using a covariance analysis algorithm, wherein the mean value calculation formula is as follows:
Figure 794373DEST_PATH_IMAGE024
wherein the content of the first and second substances,
Figure 645655DEST_PATH_IMAGE026
is the value of the ith entry in the collection, d is the total number of the collection,
Figure 137816DEST_PATH_IMAGE028
is an average value;next, the variance of the set A, B, C is calculated, the variance calculation formula is:
Figure 441758DEST_PATH_IMAGE030
wherein
Figure 483926DEST_PATH_IMAGE032
Is the variance of the set; then, the degree of correlation between any two data in the set is calculated according to a covariance formula, wherein the covariance formula is as follows:
Figure 189714DEST_PATH_IMAGE034
finally, a covariance matrix formed by the covariance of the ith element and the jth element in the set is obtained as follows:
D=
Figure 915093DEST_PATH_IMAGE036
if the value of the covariance matrix D is greater than 0, it indicates that the A, B, C data in the set are positively correlated with the cyber-security threat, if the value of the covariance matrix D is less than 0, it indicates that the A, B, C data in the set are negatively correlated with the cyber-security threat, and if the value of the covariance matrix D is equal to 0, it indicates that the A, B, C data in the set are not correlated with the cyber-security threat; and (5) according to the values of the covariance matrix D of the three sets of A, B, C, obtaining a network situation analysis report.
In step S3: the network security planning module receives the network situation analysis report and carries out network security planning according to the network situation analysis report, and the network security planning comprises the following steps:
s301, comprehensively checking the operating system in the network, updating security patches, and comprehensively repairing operating system bugs; reinforcing security configuration, checking network password intensity, deleting redundant expired accounts, closing default opening sharing and high-risk port investigation;
s302, increasing user operation permission, and grading the permission according to different user accounts to limit the operation of part of users; monitoring the behavior of a user entering a network in real time, and early warning abnormal behavior; upgrading data protection in the network, and verifying the data again when a user accesses and acquires the data;
s303, upgrading the terminal equipment, checking the manufacturing information of the terminal equipment, updating the firmware of the equipment incompatible with the update of the latest operating system, replacing the terminal equipment with data leakage, and managing and controlling the use of the mobile storage medium among the terminal equipment;
according to the network safety planning, a safety management system is established and a network safety emergency response scheme is formulated, wherein the safety management system comprises:
s311, training network safety awareness of operating terminal equipment personnel;
s312, performing safety evaluation on the operating system and the terminal equipment regularly;
s313, a security technology defense system is established in the aspects of architecture optimization, security operation and maintenance, monitoring and early warning.
In step S4: and the network security early warning module receives the network security threat risk early warning, and performs visual analysis on professional network security expressions in the early warning to convert the professional network security expressions into executable simple instructions.
The first embodiment is as follows: the security element acquisition module acquires behavior habit data of user operation in a network, parameter information of terminal equipment and operation data of an operating system to respectively obtain an operating system data set A = &
Figure 204867DEST_PATH_IMAGE002
Figure 549260DEST_PATH_IMAGE004
、...、
Figure 109555DEST_PATH_IMAGE006
Represents the data type of the operating system, and a terminal device data set B = &
Figure 943519DEST_PATH_IMAGE008
Figure 222053DEST_PATH_IMAGE010
Figure 402761DEST_PATH_IMAGE012
、...、
Figure 614299DEST_PATH_IMAGE014
N represents the type of terminal equipment data, and a user behavior habit data set C = &
Figure 619165DEST_PATH_IMAGE016
Figure 322678DEST_PATH_IMAGE018
Figure 124323DEST_PATH_IMAGE020
、...、
Figure 862472DEST_PATH_IMAGE022
K represents the data type of the behavior habit of the user; the security analysis module then utilizes the mean formula
Figure 303817DEST_PATH_IMAGE024
Calculating the mean of the set A, B, C
Figure DEST_PATH_IMAGE038
Figure DEST_PATH_IMAGE040
Figure DEST_PATH_IMAGE042
Reuse of the variance formula
Figure 183043DEST_PATH_IMAGE030
Computing the variance of the set A, B, C
Figure DEST_PATH_IMAGE044
Figure DEST_PATH_IMAGE046
Figure DEST_PATH_IMAGE048
And finally using the covariance formula
Figure 358416DEST_PATH_IMAGE034
Calculating the degree of correlation between any two data in the set A, B, C to obtain the covariance matrix of the set A, B, C
Figure DEST_PATH_IMAGE050
Figure DEST_PATH_IMAGE052
Figure DEST_PATH_IMAGE054
If the value of the covariance matrix is greater than 0, the set data is positively correlated with the network security threat; if the value of the covariance matrix is less than 0, the set data is in negative correlation with the network security threat; if the value of the covariance matrix is equal to 0, the set data is irrelevant to the network security threat, and finally a network security situation analysis report is obtained; and establishing a safety management system and making a network safety emergency response scheme according to the analysis report.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. The data analysis system of the network security situation awareness system based on machine learning is characterized by comprising a security element acquisition module, a security situation analysis module, a network security planning module and a network security early warning module; the safety element acquisition module is used for acquiring behavior habit data of user operation in a network, data of terminal equipment and data of an operating system; the security situation analysis module is used for acquiring data acquired by the security element acquisition module, analyzing the abnormity of user operation behaviors, the vulnerability of terminal equipment and the vulnerability of an operating system and finally obtaining a network security situation analysis report; the network security planning module is used for acquiring a network security situation analysis report, planning network security, establishing a network security management system and formulating a network security emergency response scheme; the network security early warning module is used for monitoring the operation of an operating system and terminal equipment in a network in real time, and judging and early warning the current and future network security threats.
2. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the security element acquisition module comprises a user behavior acquisition unit, a terminal equipment acquisition unit and an operating system acquisition unit, wherein the user behavior acquisition unit is used for acquiring behavior habit data generated in the process of operating the terminal equipment and the operating system by a user in a network; the terminal equipment acquisition unit is used for acquiring parameter information of terminal equipment in a network, connection conditions among the terminal equipment and information used by the mobile storage medium among the terminal equipment; the operating system acquisition unit is used for acquiring system log information, application log information and network log information of operating system operation in a network.
3. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the security situation analysis module comprises a first analysis unit, a second analysis unit and a third analysis unit, wherein the first analysis unit is used for acquiring data acquired by the user behavior acquisition unit and analyzing whether behavior habits of a user in operating the terminal equipment and operating the operating system in a network are abnormal or not; the second analysis unit is used for acquiring the data acquired by the terminal equipment acquisition unit and analyzing the vulnerability of the terminal equipment in the process of operating the terminal equipment by a user in the network; the third analysis unit is used for acquiring the data acquired by the operating system acquisition unit and analyzing the compatibility of the operating system in the network, security holes existing in the operating system and the security of data storage in the operating system.
4. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the network security planning module comprises a security evaluation unit and a security management unit, wherein the security evaluation unit is used for receiving a network security situation analysis report obtained by the security situation analysis module and sending security early warning to the network security early warning module according to the current and future network security threats analyzed in the network security situation analysis report; and the safety management unit is used for establishing a network safety management system and formulating a network safety emergency response scheme.
5. The data analysis system of the machine learning based network security situation awareness system according to claim 1, wherein: the network security early warning module comprises an early warning visualization unit and an emergency response unit, wherein the early warning visualization unit is used for converting network security threats analyzed in a network security situation analysis report from professional network security expressions into specific execution instructions to be provided for management personnel; the emergency response unit is used for monitoring the behaviors of users in the network, the operation of an operating system and the operation of terminal equipment in real time and carrying out emergency treatment on sudden network security threats.
6. The data analysis method of the network security situation awareness system based on machine learning is characterized by comprising the following steps:
s1: the safety element acquisition module acquires data of an operating system, data of terminal equipment and behavior habit data of a user in a network;
s2: the security situation analysis module acquires and analyzes the data acquired by the security element acquisition module to obtain a network security situation analysis report;
s3: the network security planning module performs network security planning according to the network security situation analysis report, establishes a network security management system and formulates a network security emergency response scheme;
s4: and the network security early warning module performs visual analysis according to the early warning sent by the network security situation analysis report to obtain a specific execution instruction.
7. The data analysis method of the machine learning based network security situation awareness system according to claim 6, wherein: in step S1: the security acquisition module acquires data of an operating system in a network, including version, network protocol, security configuration and firewall information of the operating system, to obtain a group of operating system data set A = &
Figure DEST_PATH_IMAGE002
Figure DEST_PATH_IMAGE004
、...、
Figure DEST_PATH_IMAGE006
M represents the data type of the operating system; collecting data of terminal equipment in network, including equipment manufacturer, equipment service life, interface connection condition and mobile storage medium service condition to obtain a group of terminal data setB={
Figure DEST_PATH_IMAGE008
Figure DEST_PATH_IMAGE010
Figure DEST_PATH_IMAGE012
、...、
Figure DEST_PATH_IMAGE014
N represents the type of terminal equipment data; collecting behavior habit data of a user, including a user login account, an IP address, a browsing page and a reading file, to obtain a group of user behavior habit data sets C = &
Figure DEST_PATH_IMAGE016
Figure DEST_PATH_IMAGE018
Figure DEST_PATH_IMAGE020
、...、
Figure DEST_PATH_IMAGE022
And k represents the data types of the behavior habits of the users.
8. The data analysis method of the machine learning based network security situation awareness system according to claim 6, wherein: in step S2: the security situation analysis module obtains a data set A, B, C, and first calculates the mean value of the set A, B, C by using a covariance analysis algorithm, wherein the mean value calculation formula is as follows:
Figure DEST_PATH_IMAGE024
wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE026
is the value of the ith entry in the collection, d is the total number of the collection,
Figure DEST_PATH_IMAGE028
is an average value; next, the variance of the set A, B, C is calculated, the variance calculation formula is:
Figure DEST_PATH_IMAGE030
wherein
Figure DEST_PATH_IMAGE032
Is the variance of the set; then, the degree of correlation between any two data in the set is calculated according to a covariance formula, wherein the covariance formula is as follows:
Figure DEST_PATH_IMAGE034
finally, a covariance matrix formed by the covariance of the ith element and the jth element in the set is obtained as follows:
D=
Figure DEST_PATH_IMAGE036
if the value of the covariance matrix D is greater than 0, it indicates that the A, B, C data in the set are positively correlated with the cyber-security threat, if the value of the covariance matrix D is less than 0, it indicates that the A, B, C data in the set are negatively correlated with the cyber-security threat, and if the value of the covariance matrix D is equal to 0, it indicates that the A, B, C data in the set are not correlated with the cyber-security threat; and (4) obtaining a network situation analysis report according to the covariance matrix D of the three sets of sets A, B, C.
9. The data analysis method of the machine learning based network security situation awareness system according to claim 6, wherein: in step S3: the network security planning module receives the network situation analysis report and carries out network security planning according to the network situation analysis report, and the network security planning comprises the following steps:
s301, comprehensively checking the operating system in the network, updating security patches, and comprehensively repairing operating system bugs; reinforcing security configuration, checking network password intensity, deleting redundant expired accounts, closing default opening sharing and high-risk port investigation;
s302, increasing user operation permission, and carrying out permission classification according to different user accounts to limit the operation of part of users; monitoring the behavior of a user entering a network in real time, and early warning abnormal behavior; upgrading data protection in the network, and verifying the data again when a user accesses and acquires the data;
s303, upgrading the terminal equipment, checking the manufacturing information of the terminal equipment, updating the firmware of the equipment incompatible with the update of the latest operating system, replacing the terminal equipment with data leakage, and managing and controlling the use of the mobile storage medium among the terminal equipment;
according to the network safety planning, a safety management system is established and a network safety emergency response scheme is formulated, wherein the safety management system comprises:
s311, training network safety awareness of operating terminal equipment personnel;
s312, performing safety evaluation on the operating system and the terminal equipment regularly;
s313, a security technology defense system is established in the aspects of architecture optimization, security operation and maintenance, monitoring and early warning.
10. The data analysis method of the machine learning based network security situation awareness system according to claim 6, wherein: in step S4: and the network security early warning module receives the network security threat risk early warning, and performs visual analysis on professional network security expressions in the early warning to convert the professional network security expressions into executable simple instructions.
CN202210983676.1A 2022-08-17 2022-08-17 Data analysis system of network security situation perception system based on machine learning Active CN115051879B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210983676.1A CN115051879B (en) 2022-08-17 2022-08-17 Data analysis system of network security situation perception system based on machine learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210983676.1A CN115051879B (en) 2022-08-17 2022-08-17 Data analysis system of network security situation perception system based on machine learning

Publications (2)

Publication Number Publication Date
CN115051879A true CN115051879A (en) 2022-09-13
CN115051879B CN115051879B (en) 2022-11-22

Family

ID=83166942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210983676.1A Active CN115051879B (en) 2022-08-17 2022-08-17 Data analysis system of network security situation perception system based on machine learning

Country Status (1)

Country Link
CN (1) CN115051879B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115361227A (en) * 2022-09-22 2022-11-18 珠海市鸿瑞信息技术股份有限公司 Network security detection system and method based on data visualization
CN115567258A (en) * 2022-09-16 2023-01-03 中国联合网络通信集团有限公司 Network security situation awareness method, system, electronic device and storage medium
CN115766138A (en) * 2022-11-03 2023-03-07 国家工业信息安全发展研究中心 Industrial internet enterprise network security grading evaluation method and system
CN116595512A (en) * 2023-04-10 2023-08-15 广东堡塔安全技术有限公司 Third party server safety management system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160197953A1 (en) * 2011-12-22 2016-07-07 Quantar Solutions Limited Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network
US20160330219A1 (en) * 2015-05-04 2016-11-10 Syed Kamran Hasan Method and device for managing security in a computer network
CN109814179A (en) * 2019-01-04 2019-05-28 南京信息工程大学 A kind of emergency communication processing system based on cloud perception
CN110740141A (en) * 2019-11-15 2020-01-31 国网山东省电力公司信息通信公司 integration network security situation perception method, device and computer equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160197953A1 (en) * 2011-12-22 2016-07-07 Quantar Solutions Limited Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network
US20160330219A1 (en) * 2015-05-04 2016-11-10 Syed Kamran Hasan Method and device for managing security in a computer network
CN109814179A (en) * 2019-01-04 2019-05-28 南京信息工程大学 A kind of emergency communication processing system based on cloud perception
CN110740141A (en) * 2019-11-15 2020-01-31 国网山东省电力公司信息通信公司 integration network security situation perception method, device and computer equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陶源等: "网络安全态势感知关键技术研究及发展趋势分析", 《信息网络安全》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115567258A (en) * 2022-09-16 2023-01-03 中国联合网络通信集团有限公司 Network security situation awareness method, system, electronic device and storage medium
CN115567258B (en) * 2022-09-16 2024-03-01 中国联合网络通信集团有限公司 Network security situation awareness method, system, electronic equipment and storage medium
CN115361227A (en) * 2022-09-22 2022-11-18 珠海市鸿瑞信息技术股份有限公司 Network security detection system and method based on data visualization
CN115766138A (en) * 2022-11-03 2023-03-07 国家工业信息安全发展研究中心 Industrial internet enterprise network security grading evaluation method and system
CN116595512A (en) * 2023-04-10 2023-08-15 广东堡塔安全技术有限公司 Third party server safety management system
CN116595512B (en) * 2023-04-10 2023-11-07 广东堡塔安全技术有限公司 Third party server safety management system

Also Published As

Publication number Publication date
CN115051879B (en) 2022-11-22

Similar Documents

Publication Publication Date Title
CN115051879B (en) Data analysis system of network security situation perception system based on machine learning
US11997113B2 (en) Treating data flows differently based on level of interest
CN113965404B (en) Network security situation self-adaptive active defense system and method
CN108646722B (en) Information security simulation model and terminal of industrial control system
CN114584405B (en) Electric power terminal safety protection method and system
US8418247B2 (en) Intrusion detection method and system
WO2021171090A1 (en) An artificial intelligence adversary red team
CN104509034A (en) Pattern consolidation to identify malicious activity
CN104008332A (en) Intrusion detection system based on Android platform
CN110830467A (en) Network suspicious asset identification method based on fuzzy prediction
US20230336581A1 (en) Intelligent prioritization of assessment and remediation of common vulnerabilities and exposures for network nodes
WO2023283357A1 (en) Intelligent prioritization of assessment and remediation of common vulnerabilities and exposures for network nodes
CN113242267A (en) Situation perception method based on brain-like calculation
CN113794276A (en) Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence
CN112039858A (en) Block chain service security reinforcement system and method
Snehi et al. Global intrusion detection environments and platform for anomaly-based intrusion detection systems
CN114386034A (en) Dynamic iterative multi-engine fusion malicious code detection method, device and medium
Elfeshawy et al. Divided two-part adaptive intrusion detection system
CN115766235A (en) Network security early warning system and early warning method
Ehis Optimization of Security Information and Event Management (SIEM) Infrastructures, and Events Correlation/Regression Analysis for Optimal Cyber Security Posture
JP2022155520A (en) System and method for anomaly detection in computer network
CN114584358A (en) Intelligent network security system, device and storage medium based on Bayesian regularization
AlSadhan et al. Leveraging information security continuous monitoring for cyber defense
CN113923036A (en) Block chain information management method and device of continuous immune safety system
CN114679291A (en) System for monitoring industrial network intrusion

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant