CN117834305A - Network operation environment assessment system based on mimicry security technology - Google Patents
Network operation environment assessment system based on mimicry security technology Download PDFInfo
- Publication number
- CN117834305A CN117834305A CN202410248259.1A CN202410248259A CN117834305A CN 117834305 A CN117834305 A CN 117834305A CN 202410248259 A CN202410248259 A CN 202410248259A CN 117834305 A CN117834305 A CN 117834305A
- Authority
- CN
- China
- Prior art keywords
- value
- evaluation
- detection
- module
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000005516 engineering process Methods 0.000 title claims abstract description 30
- 238000004458 analytical method Methods 0.000 claims abstract description 88
- 238000012423 maintenance Methods 0.000 claims abstract description 41
- 230000004044 response Effects 0.000 claims abstract description 35
- 238000012544 monitoring process Methods 0.000 claims abstract description 8
- 238000001514 detection method Methods 0.000 claims description 153
- 238000011156 evaluation Methods 0.000 claims description 146
- 230000002159 abnormal effect Effects 0.000 claims description 55
- 230000000694 effects Effects 0.000 claims description 51
- 230000017525 heat dissipation Effects 0.000 claims description 51
- 238000005259 measurement Methods 0.000 claims description 41
- 238000004364 calculation method Methods 0.000 claims description 39
- 230000005540 biological transmission Effects 0.000 claims description 35
- 238000000034 method Methods 0.000 claims description 21
- 238000009530 blood pressure measurement Methods 0.000 claims description 18
- 230000010485 coping Effects 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 10
- 238000004891 communication Methods 0.000 claims description 9
- 230000007613 environmental effect Effects 0.000 claims description 6
- 230000001960 triggered effect Effects 0.000 claims description 4
- 230000009471 action Effects 0.000 claims description 3
- 238000002955 isolation Methods 0.000 claims description 2
- 238000005206 flow analysis Methods 0.000 claims 1
- 238000011161 development Methods 0.000 description 5
- 238000001816 cooling Methods 0.000 description 4
- 238000012854 evaluation process Methods 0.000 description 4
- 238000004088 simulation Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000003909 pattern recognition Methods 0.000 description 2
- 238000011158 quantitative evaluation Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000003339 best practice Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/2433—Single-class perspective, e.g. one-against-all classification; Novelty detection; Outlier detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/149—Network analysis or design for prediction of maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Life Sciences & Earth Sciences (AREA)
- Algebra (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
The invention belongs to the technical field of network operation and maintenance supervision, in particular to a network operation and maintenance environment assessment system based on a mimicry security technology, which comprises a data acquisition module, a mimicry analysis module, a security assessment module, an early warning response module and an intelligent management and control end; according to the invention, each security index in the network operation and maintenance environment is monitored in real time through the data acquisition module, the mimicry analysis module simulates a plurality of security environments by using mimicry security technologies and carries out deep analysis on the received security index packages, the security assessment module carries out quantitative assessment on the identified security threats, the early warning response module generates corresponding early warning information according to the output result of the security assessment module, the mimicry security technologies can be effectively applied to the network operation and maintenance environment assessment, and the full-flow monitoring and accurate judgment of the assessment operation conditions can be carried out when the network operation and maintenance environment assessment is carried out, so that the network security is facilitated to be improved.
Description
Technical Field
The invention relates to the technical field of network operation and maintenance supervision, in particular to a network operation and maintenance environment assessment system based on a mimicry security technology.
Background
With the rapid development of information technology, the network operation and maintenance environment is increasingly complex, security threats are also layered endlessly, the traditional network security protection means are often difficult to cope with various novel security threats, the mimicry security technology is used as a novel active defense technology, and an attacker is difficult to effectively attack under the condition that the real environment cannot be determined by simulating various possible security environments;
at present, the mimicry security technology is difficult to be effectively applied to network operation and maintenance environment assessment, network security is not facilitated to be improved, the whole flow monitoring and accurate judgment of the assessment operation condition cannot be carried out when the network operation and maintenance environment assessment is carried out, the early warning condition analysis and the operation condition analysis cannot be combined to reasonably judge the service performance of the early warning equipment, the safety and stability of the early warning equipment are not facilitated to be guaranteed, the display early warning is carried out, and the intelligent degree is low;
in view of the above technical drawbacks, a solution is now proposed.
Disclosure of Invention
The invention aims to provide a network operation and maintenance environment assessment system based on a mimicry security technology, which solves the problems that the mimicry security technology is difficult to effectively apply to network operation and maintenance environment assessment in the prior art, the full-flow monitoring and accurate judgment of the assessment operation condition cannot be carried out when the network operation and maintenance environment assessment is carried out, and the early warning condition analysis and the operation condition analysis cannot be combined to reasonably judge the service performance of early warning equipment, so that the intelligent degree is low, and the improvement of the network security is not facilitated.
In order to achieve the above purpose, the present invention provides the following technical solutions:
a network operation and maintenance environment evaluation system based on a mimicry security technology comprises a data acquisition module, a mimicry analysis module, a security evaluation module, an early warning coping module and an intelligent management and control end; the data acquisition module monitors all safety indexes in the network operation and maintenance environment in real time, acquires real-time data of all the safety indexes, constructs a safety index packet from the acquired real-time data of all the safety indexes, and sends the safety index packet to the mimicry analysis module; the mimicry analysis module simulates various safety environments by utilizing mimicry safety technology, performs deep analysis on the received safety index packet, recognizes potential safety threat and sends the potential safety threat to the safety evaluation module;
the safety evaluation module quantitatively evaluates the identified safety threat according to the output information of the mimicry analysis module and combining the historical data with the expert knowledge base, determines the severity and the influence range of the identified safety threat, generates a corresponding output result, and sends the output result to the early warning response module; the early warning coping module generates corresponding early warning information according to the output result of the safety evaluation module, and sends the generated early warning information to the intelligent control end to enable the intelligent control end to display and send out corresponding safety early warning, and the matched coping measures are automatically triggered based on the output result of the safety evaluation module, wherein the coping measures comprise threat source isolation and security vulnerability restoration.
Further, the intelligent control end is in communication connection with the evaluation effect condition detection module, the evaluation effect condition detection module carries out full-flow monitoring on network operation and maintenance environment evaluation, abnormal conditions of the network operation and maintenance environment evaluation process are judged through analysis, evaluation effect condition qualified signals or evaluation effect condition unqualified signals are generated, the evaluation effect condition unqualified signals are sent to the intelligent control end, and corresponding early warning is sent out when the intelligent control end receives the evaluation effect condition unqualified signals.
Further, the specific operation process of the evaluation effect detection module comprises the following steps:
collecting the time when the mimicry analysis module receives the safety index packet and marking the time as the packet arrival time, collecting the time when the safety evaluation module generates a corresponding output result and marking the time as the tail evaluation time, and performing time difference calculation on the tail evaluation time and the packet arrival time to obtain an evaluation value; the collected early warning response module receives the corresponding output result sent by the safety evaluation module and marks the output result as a transmission time, and the time difference between the transmission time and the tail evaluation time is calculated to obtain a transmission value;
collecting all the evaluation values and all the transmission values in unit time, carrying out average value calculation on all the evaluation values to obtain evaluation values, carrying out average value calculation on all the transmission values to obtain transmission values, respectively carrying out numerical comparison on the evaluation values and the transmission values and a preset evaluation time threshold value and a preset transmission time threshold value, and if the evaluation values or the transmission values exceed the corresponding preset threshold values, giving the evaluation conditions to accord with PX-1; if the evaluation value and the transmission value do not exceed the corresponding preset threshold values, the evaluation condition is endowed with the coincidence of PX-2;
the number of times of being endowed with the evaluation condition meeting PX-1 and the number of times of being endowed with the evaluation condition meeting PX-2 in unit time are collected and respectively marked as an evaluation negative detection value and an evaluation positive detection value, and the ratio of the evaluation negative detection value to the evaluation positive detection value is marked as an evaluation detection value; and carrying out numerical calculation on the evaluation value, the transmission value and the evaluation condition analysis value to obtain an effective condition measurement table value, carrying out numerical comparison on the effective condition measurement table value and a preset effective condition measurement table threshold value, and generating an evaluation effective condition unqualified signal if the effective condition measurement table value exceeds the preset effective condition measurement table threshold value.
Further, if the effect condition meter value does not exceed the preset effect condition meter threshold value, collecting the occurrence times of the corresponding counter measures which are not carried out by the early warning counter measure module in unit time, and marking the counter measure as a counter operation value, and collecting the interval duration between the actual action taking time and the corresponding output result time of the safety evaluation module, and marking the interval duration as the response time;
performing average value calculation on all the effective duration in unit time to obtain an effective detection value, and marking the number of the effective duration exceeding the corresponding preset effective duration threshold in unit time as an effective low detection value; performing numerical calculation on the response operation value, the response detection value and the response low detection value to obtain a response analysis value, performing numerical comparison on the response analysis value and a preset response analysis threshold, and generating an evaluation response ineligible signal if the response analysis value exceeds the preset response analysis threshold; and if the effect condition analysis value does not exceed the preset effect condition analysis threshold value, generating an evaluation effect condition qualified signal.
The intelligent control end is in communication connection with the alarm condition detection module, the alarm condition detection module analyzes the early warning condition of the intelligent control end, generates an alarm condition normal signal or an alarm condition abnormal signal through analysis, and sends the alarm condition abnormal signal to the intelligent control end, and the intelligent control end sends out corresponding early warning when receiving the alarm condition abnormal signal.
Further, the specific operation process of the alarm condition detection module comprises the following steps:
the method comprises the steps that the intelligent control end is collected to obtain actual display brightness when early warning information is displayed, the actual display brightness is calculated to be different from the set standard display brightness, an absolute value is taken to obtain an alarm brightness detection value, the intelligent control end is collected to send out corresponding early warning to obtain actual early warning volume decibel values, and the actual early warning volume decibel values are calculated to be different from the set standard early warning volume decibel values, and the absolute value is taken to obtain an alarm sound detection value;
the method comprises the steps of carrying out average value calculation on all alarm detection values in unit time to obtain alarm evaluation values, marking the number occupation ratio of the alarm detection values exceeding a preset alarm detection threshold as alarm abnormal occupation values, and marking the number occupation ratio of the alarm detection values exceeding the preset alarm detection threshold as alarm abnormal occupation values;
the alarm condition analysis value is obtained by carrying out numerical calculation on the alarm condition analysis value, the alarm sound analysis value, the alarm light abnormal occupation value and the alarm sound abnormal occupation value, the alarm condition analysis value is compared with a preset alarm condition analysis threshold value, and if the alarm condition analysis value exceeds the preset alarm condition analysis threshold value, an alarm condition abnormal signal is generated; if the alarm condition detection value does not exceed the preset alarm condition detection threshold value, generating an alarm condition normal signal.
Further, the intelligent control end is in communication connection with the operating condition detection module, the alarm condition detection module sends an alarm condition normal signal to the operating condition detection module through the intelligent control end, the operating condition detection module collects internal temperature values of the intelligent control end at a plurality of detection time points in unit time, average value calculation is carried out on all the internal temperature values to obtain an internal temperature risk condition value, difference value calculation is carried out on the internal temperature values of two adjacent detection time points to obtain an internal temperature increase detection value, and average value calculation is carried out on all the internal temperature increase detection values to obtain an internal Wen Zengkuang value;
an inner Wen Jiankuang value is obtained by carrying out numerical calculation on the inner temperature risk condition value and the inner Wen Zengkuang value, the inner Wen Jiankuang value is compared with a preset inner Wen Jiankuang threshold value, and if the inner Wen Jiankuang value exceeds the preset inner Wen Jiankuang threshold value, a running condition abnormal detection signal is generated; if the internal Wen Jiankuang value does not exceed the preset internal Wen Jiankuang threshold value, collecting a voltage curve graph and a current curve graph of an intelligent control terminal in unit time, collecting all peak points and all trough points in the voltage curve graph, marking the voltage difference value between the adjacent peak points and trough points as a terminal voltage value, marking the interval duration between the adjacent peak points and trough points as a terminal time value, and calculating the ratio of the terminal voltage value to the terminal time value to obtain a pressure measurement value; obtaining a flow measurement value in a similar way;
respectively comparing the pressure measurement value and the flow measurement value with a preset pressure measurement threshold value and a preset flow measurement threshold value, marking the corresponding pressure measurement value as a pressure difference value if the pressure measurement value exceeds the preset pressure measurement threshold value, and marking the corresponding flow measurement value as a flow difference value if the flow measurement value exceeds the preset flow measurement threshold value; the method comprises the steps of collecting the number of the pressure abnormal values and the number of the flow abnormal values in unit time, marking the number of the pressure abnormal values and the number of the flow abnormal values as a pressure condition detection value and a flow condition detection value, carrying out numerical calculation on the flow condition detection value and the pressure condition detection value to obtain a pressure flow detection evaluation value, carrying out numerical comparison on the pressure flow detection evaluation value and a preset pressure flow detection threshold value, and generating a flow condition abnormal detection signal if the pressure flow detection evaluation value exceeds the preset pressure flow detection threshold value.
Further, if the pressure flow evaluation value does not exceed the preset pressure flow detection threshold value, determining a heat dissipation strategy matched with the intelligent control end through heat dissipation strategy control analysis, acquiring an operation deviation value of a heat dissipation fan belonging to the intelligent control end based on the heat dissipation strategy, performing numerical comparison on the operation deviation value and the preset operation deviation threshold value, and if the operation deviation value exceeds the preset operation deviation threshold value, generating a running condition abnormal detection signal; if the operation deviation value does not exceed the preset operation deviation threshold value, generating an operation condition detection signal.
Further, the specific analysis process of the heat dissipation strategy management and control analysis is as follows:
collecting an inner Wen Jiankuang value of the intelligent control end, collecting the environmental temperature of the environment of the intelligent control end, marking the environmental temperature as a temperature covering detection value, and carrying out numerical calculation on the inner Wen Jiankuang value and the temperature covering detection value to obtain a heat dissipation strategy value; a plurality of groups of preset heat dissipation strategy value ranges are preset, each group of preset heat dissipation strategy value range corresponds to a group of heat dissipation strategies, the heat dissipation strategy values are compared with all the preset heat dissipation strategy value ranges in numerical value, the preset heat dissipation strategy value range containing the corresponding heat dissipation strategy value is marked as a middle-confirmed range, the heat dissipation strategy corresponding to the middle-confirmed range is marked as the heat dissipation strategy currently adapted by the intelligent management and control end, and the heat dissipation strategies comprise standard running speed values of the heat dissipation fans.
Compared with the prior art, the invention has the beneficial effects that:
1. according to the invention, each security index in the network operation and maintenance environment is monitored in real time through the data acquisition module, a security index packet is constructed, a mimicry analysis module simulates a plurality of security environments by using mimicry security technologies, and carries out deep analysis on the received security index packet, a security assessment module carries out quantitative assessment on the identified security threat, an early warning response module generates corresponding early warning information according to the output result of the security assessment module, the generated early warning information is sent to an intelligent management and control end to enable the intelligent management and control end to display and send out corresponding security early warning, and matched response measures are automatically triggered, so that mimicry security technologies can be effectively applied to network operation and maintenance environment assessment, network security is facilitated to be improved, and the whole flow monitoring and accurate judgment and assessment operation conditions can be carried out when the network operation and maintenance environment assessment are carried out, so that network security is further ensured;
2. according to the intelligent control terminal early warning system, the early warning condition of the intelligent control terminal is analyzed through the alarm condition detection module, the alarm condition normal signal or the alarm condition abnormal signal is generated through analysis, the operation risk of the intelligent control terminal is analyzed in a progressive and reasonable mode and is evaluated accurately through the operation condition detection module when the alarm condition normal signal is generated, the intelligent control terminal sends out corresponding early warning when the alarm condition abnormal signal or the operation condition abnormal detection signal is generated, so that the intelligent control terminal is checked and maintained in time, safe and stable operation of the intelligent control terminal is guaranteed, the condition that network early warning information cannot be effectively displayed and early warned in time due to failure of the intelligent control terminal is avoided, the network safety is promoted, and the intelligent degree is high.
Drawings
For the convenience of those skilled in the art, the present invention will be further described with reference to the accompanying drawings;
FIG. 1 is a system block diagram of a first embodiment of the present invention;
fig. 2 is a system block diagram of the second and third embodiments of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Embodiment one: as shown in FIG. 1, the network operation and maintenance environment evaluation system based on the mimicry security technology provided by the invention comprises a data acquisition module, a mimicry analysis module, a security evaluation module, an early warning response module and an intelligent management and control end; the data acquisition module monitors all safety indexes in the network operation and maintenance environment in real time, acquires real-time data of all the safety indexes, constructs a safety index packet from the acquired real-time data of all the safety indexes, and sends the safety index packet to the mimicry analysis module; wherein the monitored safety indexes in the network operation environment comprise, but are not limited to, network traffic, system logs, user behaviors and the like;
the mimicry analysis module simulates various safety environments by utilizing mimicry safety technology, performs deep analysis on the received safety index packet, recognizes potential safety threats and sends the potential safety threats to the safety evaluation module, and performs deep analysis and threat recognition on the acquired safety indexes by simulating various possible safety environments, so that key data support is provided for the whole network operation and maintenance environment evaluation system, the recognition accuracy of the system on the safety threats is improved, and the safety of the network operation and maintenance environment is greatly improved; the method comprises the following steps: firstly, constructing a virtual network operation and maintenance environment which simulates various security conditions possibly encountered in the real network operation and maintenance, including but not limited to abnormal increase of network traffic, abnormal change of a system log, abnormal mode of user behavior and the like, wherein the more the simulated environment is close to the real environment, the higher the accuracy of identification is;
then in the simulated mimicry environment, the mimicry analysis module carries out deep analysis on the collected safety indexes, wherein the deep analysis comprises a plurality of steps of data statistics, pattern recognition, anomaly detection and the like, and the module can recognize abnormal behaviors or activities which are inconsistent with the conventional operation pattern by comparing historical data with current data;
based on the result of the depth analysis, the mimicry analysis module further identifies potential security threats which can come from aspects of external attack, internal leakage, system loopholes and the like, and classifies, qualitatively and quantitatively analyzes each threat to determine the severity, the influence range and the possible development trend of the threat; finally, after the security threat is identified, the mimicry analysis module outputs relevant information to the security assessment module, and data support is provided for the assessment process of the security assessment module, wherein the information comprises, but is not limited to, the type, the source, the influence range, the development trend and the like of the threat.
The safety evaluation module carries out quantitative evaluation on the identified safety threat according to the output information of the mimicry analysis module and combines the historical data and the expert knowledge base, determines the severity and the influence range of the identified safety threat and generates a corresponding output result, and sends the output result to the early warning coping module; the method comprises the following steps: receiving output information from a mimicry analysis module, wherein the information generally comprises key information such as threat types, sources, influence ranges, development trends and the like;
in order to more comprehensively and accurately evaluate the threat, the security evaluation module analyzes the threat in combination with historical data, wherein the historical data comprises past security event records, threat development trends, system vulnerability information and the like; the security assessment module can better understand the severity and possible impact of the current threat through comparison and analysis with historical data; besides historical data, the security assessment module also utilizes an expert knowledge base to enhance the accuracy and the specialty of assessment, wherein the expert knowledge base contains professional knowledge such as industry best practices, security vulnerability information, attack pattern recognition and the like, and by calling the knowledge, the security assessment module can obtain deeper understanding of threat so as to make more accurate assessment;
after combining the mimicry analysis result, the historical data and the information of the expert knowledge base, the security assessment module performs quantitative assessment, wherein the quantitative assessment generally involves scoring or grading a plurality of dimensions of the threat, such as severity, urgency, influence range and the like, and the quantitative indexes can help to know the severity and influence range of the threat more clearly so as to make more effective coping decisions; upon completion of the quantitative evaluation, the security evaluation module generates a detailed evaluation report (i.e., generates corresponding output results) including a summary of the threat, the evaluation result, suggested countermeasures, etc.
The early warning coping module generates corresponding early warning information according to the output result of the safety evaluation module, and sends the generated early warning information to the intelligent control end to enable the intelligent control end to display and send out corresponding safety early warning, and matched coping measures such as isolating threat sources and repairing safety holes are automatically triggered based on the output result of the safety evaluation module.
Furthermore, the intelligent control end is in communication connection with the evaluation effect detection module, the evaluation effect detection module carries out full-flow monitoring on network operation and maintenance environment evaluation, abnormal conditions of the network operation and maintenance environment evaluation process are judged through analysis, evaluation effect qualified signals or evaluation effect unqualified signals are generated, the evaluation effect unqualified signals are sent to the intelligent control end, and corresponding early warning is sent out when the intelligent control end receives the evaluation effect unqualified signals, so that corresponding improvement measures are timely made, the subsequent operation performance is guaranteed, and network safety is further guaranteed; the specific operation process of the evaluation effect detection module is as follows:
collecting the time when the mimicry analysis module receives the safety index packet and marking the time as the packet arrival time, collecting the time when the safety evaluation module generates a corresponding output result and marking the time as the tail evaluation time, and performing time difference calculation on the tail evaluation time and the packet arrival time to obtain an evaluation value; the collected early warning response module receives the corresponding output result sent by the safety evaluation module and marks the output result as a transmission time, and the time difference between the transmission time and the tail evaluation time is calculated to obtain a transmission value; it should be noted that, the larger the values of the evaluation value and the transmission value are, the slower the corresponding analysis efficiency and the result transmission efficiency are, and the network security is not guaranteed;
collecting all the evaluation values and all the transmission values in unit time, carrying out average value calculation on all the evaluation values to obtain evaluation values, carrying out average value calculation on all the transmission values to obtain transmission values, respectively carrying out numerical comparison on the evaluation values and the transmission values and a preset evaluation time threshold value and a preset transmission time threshold value, and if the evaluation values or the transmission values exceed the corresponding preset threshold values, giving the evaluation conditions to accord with PX-1; if the evaluation value and the transmission value do not exceed the corresponding preset threshold values, the evaluation condition is endowed with the coincidence of PX-2;
the number of times of being endowed with the evaluation condition meeting PX-1 and the number of times of being endowed with the evaluation condition meeting PX-2 in unit time are collected and respectively marked as an evaluation negative detection value and an evaluation positive detection value, and the ratio of the evaluation negative detection value to the evaluation positive detection value is marked as an evaluation detection value;
performing numerical calculation on the evaluation value XF, the transmission value XS and the evaluation condition analysis value XP through a formula XK= (a1+a2 xXS)/2+a3 xXP to obtain an effective condition measurement table value XK, wherein a1, a2 and a3 are preset proportionality coefficients, and a3 is larger than a1 and larger than a2 and larger than 0; and, the larger the value of the effect measurement table value XK is, the worse the operation condition of the evaluation process is; comparing the value XK of the effect measurement table with a preset effect measurement table threshold value, and generating an evaluation effect disqualification signal if the value XK of the effect measurement table exceeds the preset effect measurement table threshold value, which indicates that the operation condition of the evaluation process is poor;
if the effect measurement table value XK does not exceed the preset effect measurement table threshold value, acquiring the occurrence times of the corresponding countermeasure which is needed by the early warning countermeasure module in unit time and is not performed by the early warning countermeasure module and marking the countermeasure as a countermeasure operation value, wherein the larger the value of the countermeasure operation value is, the worse the countermeasure performance condition of the early warning countermeasure module is; the interval duration between the actual action taking time and the corresponding output result time of the safety evaluation module is collected and marked as the effective duration when the early warning response module needs to make corresponding response measures; wherein, the larger the value of the effective operation value is, the slower the triggering of the corresponding countermeasures is indicated;
performing average value calculation on all the effective duration in unit time to obtain an effective detection value, performing numerical comparison on the effective duration and a preset effective duration threshold value, and marking the number of the effective durations exceeding the corresponding preset effective duration threshold value in unit time as an effective low detection value;
performing numerical calculation on the response operation value FY, the response detection value FL and the response low detection value FK through a formula FX=eq1 x FY+eq2 x FL+eq3 x FK to obtain a response situation analysis value FX, wherein eq1, eq2 and eq3 are preset proportion coefficients, and the values of eq1, eq2 and eq3 are positive numbers; and, the larger the numerical value of the effect measurement value FX, the worse the handling performance is indicated; comparing the value of the effect measured value FX with a preset effect measured threshold value, and if the value of the effect measured value FX exceeds the preset effect measured threshold value, indicating that the handling performance is poor, generating an evaluation effect disqualification signal; if the effect measurement value FX does not exceed the preset effect measurement threshold, indicating that the handling performance is better, generating an evaluation effect qualification signal.
Embodiment two: as shown in fig. 2, the difference between the present embodiment and embodiment 1 is that the intelligent control terminal is in communication connection with the alarm condition detection module, the alarm condition detection module analyzes the early warning condition of the intelligent control terminal, generates an alarm condition normal signal or an alarm condition abnormal signal through analysis, and sends the alarm condition abnormal signal to the intelligent control terminal, and the intelligent control terminal sends out a corresponding early warning when receiving the alarm condition abnormal signal, so as to check and maintain the intelligent control terminal in time, thereby facilitating early warning and information display, and ensuring the use effect of the intelligent control terminal; the specific operation process of the alarm condition detection module is as follows:
the method comprises the steps that the intelligent control end is collected to obtain actual display brightness when early warning information is displayed, the actual display brightness is calculated to be different from the set standard display brightness, an absolute value is taken to obtain an alarm brightness detection value, the intelligent control end is collected to send out corresponding early warning to obtain actual early warning volume decibel values, and the actual early warning volume decibel values are calculated to be different from the set standard early warning volume decibel values, and the absolute value is taken to obtain an alarm sound detection value; it should be noted that, the larger the values of the alarm brightness detection value and the alarm sound detection value are, the worse the display and early warning function performance of the intelligent control terminal is indicated;
the method comprises the steps of carrying out average value calculation on all alarm detection values in unit time to obtain alarm evaluation values, respectively carrying out numerical comparison on the alarm detection values and the alarm detection values with a preset alarm detection threshold value and a preset alarm detection threshold value, marking the number occupation ratio of the alarm detection values exceeding the preset alarm detection threshold value as alarm abnormal occupation values, and marking the number occupation ratio of the alarm detection values exceeding the preset alarm detection threshold value as alarm abnormal occupation values;
carrying out numerical calculation on the alarm evaluation value YS, the alarm evaluation value YD, the alarm abnormal occupation value YF and the alarm abnormal occupation value YP through a formula YK= (kp1X YS+kp2X YD+kp3X YF+kp4X YP)/2, wherein kp1, kp2, kp3 and kp4 are preset proportionality coefficients, and the values of kp1, kp2, kp3 and kp4 are positive numbers; moreover, the larger the value of the alarm condition analysis value YK is, the worse the display and early warning function performance of the intelligent control terminal is indicated; comparing the alarm condition analysis value YK with a preset alarm condition analysis threshold value, and generating an alarm condition abnormal signal if the alarm condition analysis value YK exceeds the preset alarm condition analysis threshold value, which indicates that the display and early warning function of the intelligent control terminal is poor; if the alarm condition detection and analysis value YK does not exceed the preset alarm condition detection and analysis threshold value, the display and early warning function of the intelligent control terminal is better, and an alarm condition normal signal is generated.
Embodiment III: as shown in fig. 2, the difference between this embodiment and embodiments 1 and 2 is that the intelligent control end is in communication connection with the operation condition detection module, the alarm condition detection module sends an alarm condition normal signal to the operation condition detection module through the intelligent control end, the operation condition detection module collects internal temperature values of the intelligent control end at a plurality of detection time points in unit time, calculates average values of all internal temperature values to obtain internal temperature risk condition values, calculates difference values of internal temperature values of two adjacent detection time points to obtain internal temperature increase detection values, wherein the larger the value of the internal temperature increase detection value is, the faster the internal temperature of the intelligent control end rises in the interval duration of the two corresponding detection time points, and calculates average values of all internal temperature increase detection values to obtain an internal Wen Zengkuang value;
carrying out numerical calculation on the internal temperature risk value NW and the internal Wen Zengkuang value NY through a formula NX=fg1+fg2+fg2+NY to obtain an internal Wen Jiankuang value NX, wherein fg1 and fg2 are preset proportionality coefficients, and fg2 is larger than fg1 and larger than 0; moreover, the larger the value of the internal Wen Jiankuang value NX is, the worse the temperature performance in the intelligent control terminal is, and the greater the safety risk is brought; comparing the internal Wen Jiankuang value NX with a preset internal Wen Jiankuang threshold value, and if the internal Wen Jiankuang value NX exceeds the preset internal Wen Jiankuang threshold value, indicating that the temperature in the intelligent control end is poor in performance and is unfavorable for ensuring the safe operation of the intelligent control end, generating a running condition abnormal detection signal;
if the internal Wen Jiankuang value NX does not exceed a preset internal Wen Jiankuang threshold value, collecting a voltage curve graph and a current curve graph of an intelligent control terminal in unit time, collecting all peak points and all trough points in the voltage curve graph, marking the voltage difference value between the adjacent peak points and trough points as an end voltage value, marking the interval duration between the adjacent peak points and trough points as an end time value, and calculating the ratio of the end voltage value to the end time value to obtain a pressure measurement value; marking the current difference value between the adjacent peak point and the trough point as an end current value, marking the interval duration between the adjacent peak point and the trough point as an end current value, and calculating the ratio of the end current value to obtain a flow measurement value;
respectively comparing the pressure measurement value and the flow measurement value with a preset pressure measurement threshold value and a preset flow measurement threshold value, marking the corresponding pressure measurement value as a pressure difference value if the pressure measurement value exceeds the preset pressure measurement threshold value, and marking the corresponding flow measurement value as a flow difference value if the flow measurement value exceeds the preset flow measurement threshold value; the method comprises the steps of collecting the number of pressure abnormal values and the number of flow abnormal values in unit time, marking the number of the pressure abnormal values and the number of the flow abnormal values as a pressure condition detection value and a flow condition detection value respectively, and carrying out numerical calculation on the flow condition detection value LX and the pressure condition detection value HX through a formula LH= (b 1 x+b2) HX)/2 to obtain a pressure flow measurement evaluation value LH, wherein b1 and b2 are preset proportionality coefficients, and the values of b1 and b2 are positive numbers; moreover, the larger the value of the pressure flow evaluation value LH is, the more unstable the electric power performance of the intelligent control terminal is;
comparing the pressure flow evaluation value LH with a preset pressure flow detection threshold value, and generating a running condition abnormal detection signal if the pressure flow evaluation value LH exceeds the preset pressure flow detection threshold value, which indicates that the electric power of the intelligent control end is unstable; if the pressure flow evaluation value LH does not exceed the preset pressure flow detection threshold, determining a heat dissipation strategy adapted to the intelligent control end through heat dissipation strategy control analysis, specifically: collecting an inner Wen Jiankuang value of the intelligent control end, collecting the environmental temperature of the environment of the intelligent control end, marking the environmental temperature as a temperature covering detection value, and carrying out numerical calculation on the inner Wen Jiankuang value TW and the temperature covering detection value TF through a formula TX=ew1+ew2×TF to obtain a heat dissipation strategy value TX; wherein, the value of the ew1 and the value of the ew2 are positive numbers, and the value of the ew1 and the value of the ew2 are preset proportional coefficients; and, the larger the value of the heat dissipation policy value TX, the more the heat dissipation efficiency is required to be increased;
a plurality of groups of preset heat dissipation strategy value ranges are preset, each group of preset heat dissipation strategy value range corresponds to a group of heat dissipation strategies, the heat dissipation strategy values are respectively compared with all the preset heat dissipation strategy value ranges in numerical value, the preset heat dissipation strategy value range containing the corresponding heat dissipation strategy value is marked as a middle-confirmed range, the heat dissipation strategy corresponding to the middle-confirmed range is marked as the heat dissipation strategy currently adapted by the intelligent management and control end, and the heat dissipation strategies comprise the standard running speed value of the heat dissipation fan (namely the standard rotating speed value of the heat dissipation fan);
collecting the operation deviation value of the cooling fan belonging to the intelligent control end based on a cooling strategy, wherein the operation deviation value is a data value representing the deviation value of the actual rotating speed of the cooling fan compared with the standard operating speed value; and the larger the value of the operation deviation value is, the more the intelligent control inner cooling fan is not operated; comparing the operation deviation value with a preset operation deviation threshold value, and generating a different-condition detection signal if the operation deviation value exceeds the preset operation deviation threshold value; if the operation deviation value does not exceed the preset operation deviation threshold value, generating an operation condition closing detection signal;
furthermore, the operation condition detection module sends an operation condition abnormal detection signal to the intelligent control end, and the intelligent control end sends out corresponding early warning when receiving the operation condition abnormal detection signal, so that the intelligent control end is checked and maintained in time, the safe and stable operation of the intelligent control end is ensured, the situation that network early warning information cannot be effectively displayed and early warned in time due to the failure of the intelligent control end is avoided, and the promotion effect on ensuring the network safety is achieved.
The working principle of the invention is as follows: when the intelligent network operation and maintenance system is used, each safety index in a network operation and maintenance environment is monitored in real time through the data acquisition module, a simulation analysis module simulates various safety environments by using a simulation safety technology, deep analysis is carried out on the received safety index packages, potential safety threats are identified and sent to the safety evaluation module, the safety evaluation module quantitatively evaluates the identified safety threats according to output information of the simulation analysis module, combines historical data and expert knowledge base, determines the severity and the influence range of the safety threats and generates corresponding output results, an early warning response module generates corresponding early warning information according to the output results of the safety evaluation module, sends the generated early warning information to an intelligent management and control end to enable the intelligent management and control end to display corresponding safety early warning, and automatically triggers matched countermeasures based on the output results of the safety evaluation module, so that the simulation safety technology can be effectively applied to network operation and maintenance environment evaluation, network safety is improved, full-flow monitoring and accurate evaluation operation conditions can be carried out when the network operation and maintenance environment evaluation is carried out, accordingly, the subsequent operation performance is further guaranteed.
The above formulas are all formulas with dimensions removed and numerical values calculated, the formulas are formulas with a large amount of data collected for software simulation to obtain the latest real situation, and preset parameters in the formulas are set by those skilled in the art according to the actual situation. The preferred embodiments of the invention disclosed above are intended only to assist in the explanation of the invention. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. The invention is limited only by the claims and the full scope and equivalents thereof.
Claims (9)
1. The network operation and maintenance environment assessment system based on the mimicry safety technology is characterized by comprising a data acquisition module, a mimicry analysis module, a safety assessment module, an early warning response module and an intelligent management and control end; the data acquisition module monitors all safety indexes in the network operation and maintenance environment in real time, acquires real-time data of all the safety indexes, constructs a safety index packet from the acquired real-time data of all the safety indexes, and sends the safety index packet to the mimicry analysis module; the mimicry analysis module simulates various safety environments by utilizing mimicry safety technology, performs deep analysis on the received safety index packet, recognizes potential safety threat and sends the potential safety threat to the safety evaluation module;
the safety evaluation module quantitatively evaluates the identified safety threat according to the output information of the mimicry analysis module and combining the historical data with the expert knowledge base, determines the severity and the influence range of the identified safety threat, generates a corresponding output result, and sends the output result to the early warning response module; the early warning coping module generates corresponding early warning information according to the output result of the safety evaluation module, and sends the generated early warning information to the intelligent control end to enable the intelligent control end to display and send out corresponding safety early warning, and the matched coping measures are automatically triggered based on the output result of the safety evaluation module, wherein the coping measures comprise threat source isolation and security vulnerability restoration.
2. The network operation environment assessment system based on the mimicry security technology according to claim 1, wherein the intelligent control terminal is in communication connection with the assessment effect detection module, the assessment effect detection module performs full-flow monitoring on the network operation environment assessment, and determines abnormal conditions of the network operation environment assessment process through analysis, generates an assessment effect qualified signal or an assessment effect unqualified signal, and sends the assessment effect unqualified signal to the intelligent control terminal, and the intelligent control terminal sends corresponding early warning when receiving the assessment effect unqualified signal.
3. The network operation and maintenance environment assessment system based on the mimicry security technology according to claim 2, wherein the specific operation process of the assessment effect detection module comprises:
collecting the time when the mimicry analysis module receives the safety index packet and marking the time as the packet arrival time, collecting the time when the safety evaluation module generates a corresponding output result and marking the time as the tail evaluation time, and performing time difference calculation on the tail evaluation time and the packet arrival time to obtain an evaluation value; the collected early warning response module receives the corresponding output result sent by the safety evaluation module and marks the output result as a transmission time, and the time difference between the transmission time and the tail evaluation time is calculated to obtain a transmission value;
collecting all the evaluation values and all the transmission values in unit time, carrying out average value calculation on all the evaluation values to obtain evaluation values, carrying out average value calculation on all the transmission values to obtain transmission values, respectively carrying out numerical comparison on the evaluation values and the transmission values and a preset evaluation time threshold value and a preset transmission time threshold value, and if the evaluation values or the transmission values exceed the corresponding preset threshold values, giving the evaluation conditions to accord with PX-1; if the evaluation value and the transmission value do not exceed the corresponding preset threshold values, the evaluation condition is endowed with the coincidence of PX-2;
the number of times of being endowed with the evaluation condition meeting PX-1 and the number of times of being endowed with the evaluation condition meeting PX-2 in unit time are collected and respectively marked as an evaluation negative detection value and an evaluation positive detection value, and the ratio of the evaluation negative detection value to the evaluation positive detection value is marked as an evaluation detection value; and carrying out numerical calculation on the evaluation value, the transmission value and the evaluation condition analysis value to obtain a valid condition measurement table value, and generating an evaluation condition disqualification signal if the valid condition measurement table value exceeds a preset valid condition measurement table threshold value.
4. The network operation and maintenance environment assessment system based on mimicry security technology according to claim 3, wherein if the effect measurement table value does not exceed the preset effect measurement table threshold value, the number of times of occurrence of the corresponding countermeasure which is needed by the early warning countermeasure module in unit time and is not performed by the countermeasure is collected and marked as a countermeasure operation value, and the interval duration between the actual taking action time and the corresponding output time of the security assessment module is collected and marked as a countermeasure time;
performing average value calculation on all the effective duration in unit time to obtain an effective detection value, and marking the number of the effective duration exceeding the corresponding preset effective duration threshold in unit time as an effective low detection value; performing numerical calculation on the response operation value, the response detection value and the response low detection value to obtain a response analysis value, and generating an evaluation response disqualification signal if the response analysis value exceeds a preset response analysis threshold; and if the effect condition analysis value does not exceed the preset effect condition analysis threshold value, generating an evaluation effect condition qualified signal.
5. The network operation and maintenance environment assessment system based on the mimicry security technology according to claim 2, wherein the intelligent control terminal is in communication connection with the alarm condition detection module, the alarm condition detection module analyzes the early warning condition of the intelligent control terminal, generates an alarm condition normal signal or an alarm condition abnormal signal through analysis, and sends the alarm condition abnormal signal to the intelligent control terminal, and the intelligent control terminal sends a corresponding early warning when receiving the alarm condition abnormal signal.
6. The network operation and maintenance environment assessment system based on the mimicry security technology as claimed in claim 5, wherein the specific operation process of the alarm condition detection module includes:
the method comprises the steps that the intelligent control end is collected to obtain actual display brightness when early warning information is displayed, the actual display brightness is calculated to be different from the set standard display brightness, an absolute value is taken to obtain an alarm brightness detection value, the intelligent control end is collected to send out corresponding early warning to obtain actual early warning volume decibel values, and the actual early warning volume decibel values are calculated to be different from the set standard early warning volume decibel values, and the absolute value is taken to obtain an alarm sound detection value;
the method comprises the steps of carrying out average value calculation on all alarm detection values in unit time to obtain alarm evaluation values, marking the number occupation ratio of the alarm detection values exceeding a preset alarm detection threshold as alarm abnormal occupation values, and marking the number occupation ratio of the alarm detection values exceeding the preset alarm detection threshold as alarm abnormal occupation values;
the alarm condition analysis value is obtained by carrying out numerical calculation on the alarm brightness evaluation value, the alarm sound evaluation value, the alarm brightness abnormal occupation value and the alarm sound abnormal occupation value, and if the alarm condition analysis value exceeds a preset alarm condition analysis threshold value, an alarm condition abnormal signal is generated; if the alarm condition detection value does not exceed the preset alarm condition detection threshold value, generating an alarm condition normal signal.
7. The network operation and maintenance environment assessment system based on the mimicry security technology according to claim 5, wherein the intelligent control end is in communication connection with the operation condition detection module, the alarm condition detection module sends an alarm condition normal signal to the operation condition detection module through the intelligent control end, the operation condition detection module collects internal temperature values of the intelligent control end at a plurality of detection time points in unit time, average calculation is carried out on all the internal temperature values to obtain an internal temperature risk condition value, difference calculation is carried out on internal temperature values of two adjacent detection time points to obtain an internal temperature increase detection value, and average calculation is carried out on all the internal temperature increase detection values to obtain an internal Wen Zengkuang value;
an inner Wen Jiankuang value is obtained by carrying out numerical calculation on the inner temperature risk condition value and the inner Wen Zengkuang value, the inner Wen Jiankuang value is compared with a preset inner Wen Jiankuang threshold value, and if the inner Wen Jiankuang value exceeds the preset inner Wen Jiankuang threshold value, a running condition abnormal detection signal is generated; if the internal Wen Jiankuang value does not exceed the preset internal Wen Jiankuang threshold value, collecting a voltage curve graph and a current curve graph of an intelligent control terminal in unit time, collecting all peak points and all trough points in the voltage curve graph, marking the voltage difference value between the adjacent peak points and trough points as a terminal voltage value, marking the interval duration between the adjacent peak points and trough points as a terminal time value, and calculating the ratio of the terminal voltage value to the terminal time value to obtain a pressure measurement value; obtaining a flow measurement value in a similar way;
respectively comparing the pressure measurement value and the flow measurement value with a preset pressure measurement threshold value and a preset flow measurement threshold value, marking the corresponding pressure measurement value as a pressure difference value if the pressure measurement value exceeds the preset pressure measurement threshold value, and marking the corresponding flow measurement value as a flow difference value if the flow measurement value exceeds the preset flow measurement threshold value; the method comprises the steps of collecting the number of the pressure abnormal values and the number of the flow abnormal values in unit time, marking the number of the pressure abnormal values and the number of the flow abnormal values as a pressure condition detection value and a flow condition detection value, carrying out numerical calculation on the flow condition detection value and the pressure condition detection value to obtain a pressure flow detection evaluation value, and generating a flow condition abnormal detection signal if the pressure flow detection evaluation value exceeds a preset pressure flow detection threshold value.
8. The network operation and maintenance environment assessment system based on the mimicry security technology according to claim 7, wherein if the pressure flow measurement value does not exceed the preset pressure flow analysis threshold, determining a heat dissipation strategy adapted to the intelligent control terminal through heat dissipation strategy control analysis, acquiring an operation deviation value of a heat dissipation fan belonging to the intelligent control terminal based on the heat dissipation strategy, and if the operation deviation value exceeds the preset operation deviation threshold, generating an operation abnormal detection signal; if the operation deviation value does not exceed the preset operation deviation threshold value, generating an operation condition detection signal.
9. The network operation and maintenance environment assessment system based on the mimicry security technology as claimed in claim 8, wherein the specific analysis process of the heat dissipation strategy management and control analysis is as follows:
collecting an inner Wen Jiankuang value of the intelligent control end, collecting the environmental temperature of the environment of the intelligent control end, marking the environmental temperature as a temperature covering detection value, and carrying out numerical calculation on the inner Wen Jiankuang value and the temperature covering detection value to obtain a heat dissipation strategy value; a plurality of groups of preset heat dissipation strategy value ranges are preset, each group of preset heat dissipation strategy value range corresponds to a group of heat dissipation strategies, the heat dissipation strategy values are compared with all the preset heat dissipation strategy value ranges in numerical value, the preset heat dissipation strategy value range containing the corresponding heat dissipation strategy value is marked as a middle-confirmed range, the heat dissipation strategy corresponding to the middle-confirmed range is marked as the heat dissipation strategy currently adapted by the intelligent management and control end, and the heat dissipation strategies comprise standard running speed values of the heat dissipation fans.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410248259.1A CN117834305B (en) | 2024-03-05 | 2024-03-05 | Network operation environment assessment system based on mimicry security technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410248259.1A CN117834305B (en) | 2024-03-05 | 2024-03-05 | Network operation environment assessment system based on mimicry security technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117834305A true CN117834305A (en) | 2024-04-05 |
| CN117834305B CN117834305B (en) | 2024-05-10 |
Family
ID=90509951
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410248259.1A Active CN117834305B (en) | 2024-03-05 | 2024-03-05 | Network operation environment assessment system based on mimicry security technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117834305B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9596266B1 (en) * | 2014-07-23 | 2017-03-14 | Lookingglass Cyber Solutions, Inc. | Apparatuses, methods and systems for a real-time cyber threat indicator verification mechanism |
| CN107277039A (en) * | 2017-07-18 | 2017-10-20 | 河北省科学院应用数学研究所 | A kind of network attack data analysis and intelligent processing method |
| US20190132343A1 (en) * | 2016-09-07 | 2019-05-02 | Patternex, Inc. | Method and system for generating synthetic feature vectors from real, labelled feature vectors in artificial intelligence training of a big data machine to defend |
| CN111865950A (en) * | 2020-07-09 | 2020-10-30 | 河南信大网御科技有限公司 | Mimicry network tester and testing method |
| CN113762405A (en) * | 2021-09-15 | 2021-12-07 | 国网河北省电力有限公司电力科学研究院 | Power network attack recognition system and recognition method thereof |
| CN116346408A (en) * | 2023-02-02 | 2023-06-27 | 武汉科器工业技术有限公司 | Access type detection device based on network security and use method |
| CN117057670A (en) * | 2023-09-21 | 2023-11-14 | 江西嘉和物业有限公司 | Property intelligent energy management system based on Internet of things |
| CN117539727A (en) * | 2024-01-10 | 2024-02-09 | 深圳市网时云计算有限公司 | Computer running state monitoring method and system |
-
2024
- 2024-03-05 CN CN202410248259.1A patent/CN117834305B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9596266B1 (en) * | 2014-07-23 | 2017-03-14 | Lookingglass Cyber Solutions, Inc. | Apparatuses, methods and systems for a real-time cyber threat indicator verification mechanism |
| US10027705B1 (en) * | 2014-07-23 | 2018-07-17 | Lookingglass Cyber Solutions, Inc. | Apparatuses, methods and systems for a real-time cyber threat indicator verification mechanism |
| US20190132343A1 (en) * | 2016-09-07 | 2019-05-02 | Patternex, Inc. | Method and system for generating synthetic feature vectors from real, labelled feature vectors in artificial intelligence training of a big data machine to defend |
| CN107277039A (en) * | 2017-07-18 | 2017-10-20 | 河北省科学院应用数学研究所 | A kind of network attack data analysis and intelligent processing method |
| CN111865950A (en) * | 2020-07-09 | 2020-10-30 | 河南信大网御科技有限公司 | Mimicry network tester and testing method |
| CN113762405A (en) * | 2021-09-15 | 2021-12-07 | 国网河北省电力有限公司电力科学研究院 | Power network attack recognition system and recognition method thereof |
| CN116346408A (en) * | 2023-02-02 | 2023-06-27 | 武汉科器工业技术有限公司 | Access type detection device based on network security and use method |
| CN117057670A (en) * | 2023-09-21 | 2023-11-14 | 江西嘉和物业有限公司 | Property intelligent energy management system based on Internet of things |
| CN117539727A (en) * | 2024-01-10 | 2024-02-09 | 深圳市网时云计算有限公司 | Computer running state monitoring method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117834305B (en) | 2024-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110868425A (en) | Industrial control information safety monitoring system adopting black and white list for analysis | |
| CN108933791B (en) | Intelligent optimization method and device based on power information network safety protection strategy | |
| CN117040138B (en) | Power distribution cabinet operation dynamic safety evaluation system | |
| CN113055375B (en) | Power station industrial control system physical network oriented attack process visualization method | |
| CN106888205A (en) | A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis | |
| CN106020154A (en) | Safe dynamic health assessment method and assessment system for ethylene production | |
| CN105868629B (en) | Security threat situation assessment method suitable for electric power information physical system | |
| CN110084490B (en) | Quality risk early warning method for rolling workshop | |
| CN108848069A (en) | A kind of electric power networks information security Active Defending System Against based on big data | |
| CN116739384A (en) | Mining equipment operation management system based on 5G wireless communication | |
| CN116360367A (en) | Industrial equipment Internet of things data acquisition method and system | |
| CN113542690B (en) | Building construction safety monitoring system and method | |
| CN117155703B (en) | Network security test evaluation system and method | |
| CN117275206A (en) | Electrical fire monitoring and early warning system based on Internet of things | |
| CN115333849A (en) | Computer network safety intrusion detection system | |
| CN115951606A (en) | Intelligent factory production environment early warning processing method | |
| CN115860477A (en) | Pollutant real-time emission monitoring method and system based on electric power data | |
| CN117854228A (en) | Security protection equipment job site safety precaution system based on artificial intelligence | |
| CN118041617B (en) | Internet-based website security intelligent management system | |
| CN116966468A (en) | Intelligent fire-fighting equipment supervision system | |
| CN117834305B (en) | Network operation environment assessment system based on mimicry security technology | |
| CN118094531A (en) | Safe operation and maintenance real-time early warning integrated system | |
| CN114844953A (en) | Petrochemical device instrument automatic control equipment safety monitoring system based on industrial internet | |
| CN117176466B (en) | Information communication technology safety monitoring system and monitoring method thereof | |
| CN117879961A (en) | Threat early warning analysis model of situation awareness system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |