Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Threat early warning and monitoring system and method based on big data analysis and deployment architecture

A technology of early warning monitoring and data acquisition system, applied in the direction of digital transmission system, transmission system, data exchange network, etc., can solve problems such as restricting users in operating status

Active Publication Date: 2017-09-22
ELECTRIC POWER RESEARCH INSTITUTE OF STATE GRID SHANDONG ELECTRIC POWER COMPANY +2
View PDF4 Cites 198 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Especially in the case of the rapid expansion of the quantity, speed, and types of relevant security intelligence data, the fusion, storage, management and utilization of massive heterogeneous data pose a major challenge to traditional security analysis methods
[0005] Since network attacks are usually scattered in various places, the attack process is carried out in multiple steps and has certain complexity. The log information of a single network security device cannot completely restore the original appearance of the attack, which seriously restricts network security analysts from evaluating the entire network environment. and user activity

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat early warning and monitoring system and method based on big data analysis and deployment architecture
  • Threat early warning and monitoring system and method based on big data analysis and deployment architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0054] Such as figure 1 As shown, the threat early warning and monitoring system based on big data analysis technology includes a data acquisition system module, a data storage system module, a real-time threat intelligence analysis system module, a situational awareness display system module, and a background management system module.

[0055] The data collection system module is a server for data collection of front-end security devices such as the network full-traffic security analysis system (TSA), intrusion detection system (IDS), intrusion prevention system (IPS), and advanced persistent threat system (APT). The data acquisition system collects and stores the original network traffic in real time, provides the most authentic communication information, and realizes the upload of data collected by front-end security devices such as TSA, IDS, IPS, an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a threat early warning and monitoring system and method based on big data analysis and a deployment architecture. The system comprises a data acquisition system module, which is used for carrying out real-time data acquisition on original network traffic; a data storage system module, which is used for carrying out data merging and data cleaning on the data collected by the data acquisition system module, and then, carrying out storage management; a real-time threat intelligent analysis system module, which is used for carrying out deep analysis and mining on security data through data mining, text analysis, traffic analysis, full-text search engine and real-time processing, and identifying unknown security threats in real time by combining an intrusion detection module, a network abnormal behavior module and a device abnormal behavior module; and a situation awareness display system module, which is used for carrying out comprehensive display on security threat situations stereoscopically in real time through a data visualization tool library. The threat early warning and monitoring system and method based on big data analysis and the deployment architecture are used for network security threat situation awareness and deep analysis under a plurality of service scenarios, and realize comprehensive abilities from attack early warning, attack identification to analysis and evidence obtaining.

Description

technical field [0001] The present invention relates to the technical field of network security threat early warning, in particular to a threat early warning monitoring system, method and deployment framework based on big data analysis. Background technique [0002] At present, various government departments, enterprises and institutions in our country have increased investment in network security construction, and deployed various types of security equipment or systems, such as intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, and antivirus software. Wait. However, these traditional security devices based on signature rules can only detect known attacks, with high false negatives and false positives. [0003] The security operation center (SOC) integrates a large number of logs of the security system, not only has a single data source, but also lacks the ability and means to provide accurate analysis. Security analysts analyze effective clue...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24H04L12/26
Inventor 刘冬兰刘新马雷常英贤于灏谭虎赵晓红王文婷井俊双
Owner ELECTRIC POWER RESEARCH INSTITUTE OF STATE GRID SHANDONG ELECTRIC POWER COMPANY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products