Network security situation awareness system and method

Abstract

The invention relates to a network security situation awareness system and a network security situation awareness method. The network security situation awareness method comprises the steps of 1, acquiring data, and widely acquiring network security data; 2, carrying out situation assessment on the collected data, establishing assessment of multiple levels and multiple angles during situation assessment, assessing service security, data security, infrastructure security and overall security conditions of the network, and selecting different assessment methods for different application backgrounds and different network scales; 3, carrying out situation prediction on the preliminarily evaluated data to prevent large-scale security events; and 4, analyzing the problem data and proposing a corresponding analysis report. The method is high in pertinence and wide in data acquisition range, and can perform comprehensive acquisition and subsequent perception on network structure data, networkservice data, vulnerability data, threat data, intrusion data and user abnormal data.

Description

technical field [0001] The invention relates to the technical field of network security, and relates to a network security situation awareness system and method. Background technique [0002] Situational awareness is an environment-based, dynamic, and holistic ability to understand security risks. It is based on security big data and is a way to improve the ability to discover, identify, understand, analyze, and respond to security threats from a global perspective. Ultimately, It is for decision-making and action, and for the implementation of security capabilities. With the importance of network security highlighted, situational awareness has begun to emerge in the field of network security. At this stage, facing the risk of failure of traditional security defense systems, situational awareness can fully perceive network security. Threat situation, insight into the health status of network and application operation, complete network attack traceability and evidence collect...

AI Technical Summary

Problems solved by technology

[0002] Situational awareness is an environment-based, dynamic, and holistic ability to understand security risks. It is based on security big data and is a way to improve the ability to discover, identify, understand, analyze, and respond to security threats from a global perspective. Ultimately, It is for decision-making and action, and for the implementation of security capabilities. With the importance of network security highlighted, situational awareness has begun to emerge in the field of network security. At this stage, facing the risk of failure of traditional security defense systems, situational awareness can fully perceive network security. Threat situation, insight into the health status of network and application operation, complete network attack traceability and evidence collection through full traffic analysis technology, and help security personnel take targeted response measures. The existing network security situation awareness method is too complicated and the analysis efficiency is not high , the pertinence is not strong, therefore, we propose a network security situational awareness method and system

Images