Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network situation awareness implementation method and device

A technology for network situational awareness and implementation method, applied in the field of network situational awareness implementation methods and devices, and can solve problems such as insufficient accuracy and real-time performance.

Active Publication Date: 2017-11-28
SOUTHWEST CHINA RES INST OF ELECTRONICS EQUIP
View PDF6 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

By analyzing and researching the existing system model of network security situational awareness, aiming at the problem that its accuracy and real-time performance are not good enough, an improved network situational awareness realization method and device are proposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] Embodiment 1: collecting network data related to network status in step 1 includes collecting network raw data flow and host log data; where collecting network raw data flow collection refers to bypassing or blocking the collection network flow from the network data link layer through winpcap through the data;

[0037] Collecting host log data refers to the process of extracting the basic elements that affect the network situation from the network security status data source. The network security status data source is a kind of network raw data, which is mostly stored in the application server or target terminal. The extraction of data (the corresponding data refers to the original data of the network), so as to further extract the basic data elements that affect the network situation.

Embodiment 2

[0038] Embodiment 2: the processing of network state-related network data described in step 1 includes collecting network raw data streams and host log data;

[0039] Among them, processing network raw data flow refers to:

[0040] Step 11: Obtain the complete network raw data stream for storage;

[0041] Step 12: The TCP / IP protocol cluster performs protocol analysis on the collected original data flow, and extracts quintuple information (source IP address, destination IP address, protocol type (such as SNMP protocol), source port number, destination port number); Specifically: the TCP / IP protocol cluster obtains the corresponding quintuple information layer by layer according to the corresponding protocol format from the physical layer, data link layer, network layer, transport layer, and application layer for the original data stream collected.

[0042] Step 13: storing the extracted quintuple information according to the TCP / IP protocol architecture; the storage format is...

Embodiment 3

[0044] Embodiment 3, in step 1, processing host log data refers to: obtaining host log data, extracting characteristic data therefrom, further obtaining system information and service information, and manually analyzing and identifying abnormal data from the host log data.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of network situation awareness, and provides a network situation awareness implementation method and device in view of the problems existing in the prior art. By analyzing and searching an existing system model of the network situation awareness, and aiming at the problem that the accuracy and real-time performance are not good enough, the invention proposes an improved network situation awareness implementation method and device. The device and the method are divided into two levels bottom-up: namely situation elements extraction, and situation understanding and assessment, wherein situation understanding and assessment are synchronized, and a predicted data source uses perceived network topology data and an extraction result of the situation elements. The network situation awareness implementation method and the device provided by the invention collect and process network state related network data; and analyze a logical relationship between various data of the network data after being processed by a situation extraction step, and fuse related network data to form a network situation awareness map, so as to realize the network situation awareness.

Description

technical field [0001] The invention relates to the field of network situational awareness, in particular to a method and device for realizing network situational awareness. Background technique [0002] At present, domestic network situational awareness research is still in the early stages of development, mainly universities and specialized research institutions are engaged in related research work. The Information Security and Countermeasure Technology Research Center of Beijing Institute of Technology has developed a set of comprehensive assessment software for network security status and change trends, which mainly includes two parts: network risk status assessment and network security change trend prediction. The software can evaluate the network environment and its components security, vulnerability, etc., but the scope of application of this software is limited, limited to local area networks, and cannot be well applied to large-scale intercommunication networks; for...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24
CPCH04L41/14H04L41/145
Inventor 张静王吉
Owner SOUTHWEST CHINA RES INST OF ELECTRONICS EQUIP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com