Network security situation awareness system and method

Abstract

The invention belongs to the technical field of network information security, and particularly relates to a network security situation awareness system and method. The system comprises a data acquisition unit used for acquiring network security elements such as security logs, system logs, vulnerability data and flow data in a network; a network security situation analysis unit which is used for processing and fusing the network security element data by means of classification, merging, correlation analysis and the like, and comprehensively analyzing fused information; a network security situation evaluation unit which is used for evaluating the security state of the current network according to the analysis result of the network security situation analysis unit; a network security situation prediction unit which is used for predicting the development trend of the network security state according to the security state and the historical information of the current network; a network security situation linkage unit which is used for handling security events according to the current network security state and the development trend of the current network security state; and a network security situation tracing unit which is used for positioning an attack source, discovering an attack path and obtaining evidence of an attack behavior.

Description

technical field [0001] The invention belongs to the technical field of network information security, and more specifically relates to a network security situational awareness system and method. Background technique [0002] Network security is an important part of national security, an important aspect of international competition and confrontation in the new situation and era, and an important guarantee for the sustainable development and long-term stability of the country and society. With the increasing scale and complexity of the network, the continuous innovation of network attack technology, and the emergence of a large number of new attack tools, the traditional network security technology appears to be powerless, network intrusion is inevitable, and network security problems are becoming more and more serious. It is difficult to deal with complex security issues with one or several security technologies alone, and the focus of network security personnel has also evol...

AI Technical Summary

Problems solved by technology

[0003] The existing massive security data lacks analysis, and a large number of detection results only reflect the problems existing in a certain system, and the presentation methods are also varied. It is impossible to uniformly display, correlate, analyze, and Data mining and attack traceability, it is difficult to identify the internal links in many security incidents by manual alone, and it is likely to ignore the deliberate attack behavior of some malicious users, which affects the timely discovery and effective disposal of security incidents

[0004] A variety of security devices are managed separately, and the deployment of security devices lacks unified planning and management. A large number of different types of security devices are managed separately by each business or system responsible department, lacking a fast linkage mechanism, and the impact speed and processing speed are relatively slow

The handling of departmental security incidents requires the cooperation of various disciplines. At present, only relying on manual communication, the positioning and response speed are greatly limited

The low efficiency of security incident handling is due to the lack of unified security incident monitoring and one-click disposal tools; non-security professional maintenance and monitoring personnel have limited ability to identify and analyze security incidents, and the emergency response speed needs to be improved; the reporting process is too long, and Mainly through telephone and email, etc. to report step by step, which takes a long time

Images