Security analysis method based on original message

A technology of security analysis and original message, applied in the field of security analysis based on original message, can solve the problems of information security work lagging behind the development of information technology, imperfect regulations and standards, etc., and achieve the goal of improving perception ability and reducing construction cost Effect

Pending Publication Date: 2021-10-19
STATE GRID ZHEJIANG ELECTRIC POWER CO LTD JINHUA POWER SUPPLY CO
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the continuous development of information technology, information security poses new challenges to the safety supervision department, and my country's current information system security industry and information security laws, regulations and standards are not perfect, resulting in domestic information security work lagging behind the development of information technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security analysis method based on original message

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Example 1: Abnormal traffic audit scenario: perform the following steps in sequence:

[0042] A. The probe performs full traffic collection, and after obtaining the message, enable the intrusion detection system and the WEB application firewall at the same time;

[0043] B. Perform intrusion behavior detection, WEB application detection, threat intelligence detection, malicious file detection, webshell detection, DDOS detection, and abnormal behavior detection on the data stream through threat intelligence comparison in sequence.

[0044] C. Carry out judgment and analysis on the test results; if the analysis result is safe, it will be directly recorded in the log. Otherwise retrospective analysis of metadata, pcap, and:

[0045]D: The application side responds: enable the bypass blocking function, and automatically block and start threats after the attack behavior is found; the specific process is: when the user accesses the server, the traffic is mirrored to the prob...

Embodiment 2

[0047] Example 2: Situation awareness / security operation / data governance scenario. Follow the steps in sequence:

[0048] A. The probe performs full traffic collection, and after obtaining the message, enable the intrusion detection system and the WEB application firewall at the same time;

[0049] B. Perform intrusion behavior detection, WEB application detection, threat intelligence detection, malicious file detection, webshell detection, DDOS detection, and abnormal behavior detection on the data stream through threat intelligence comparison in sequence.

[0050] C. Carry out judgment and analysis on the test results; if the analysis result is safe, it will be directly recorded in the log. Otherwise retrospective analysis of metadata, pcap, and:

[0051] D: The application side responds: enable the bypass blocking function to block the attack IP and malicious domain name traffic.

[0052] E. Record the event flow in step D into the log, which can be called up for evidenc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention aims to overcome the defects in the background technology, provides a security analysis method based on an original message, can simultaneously solve the self-security problem of the equipment terminal in the network, and is quick and effective in response. Meanwhile, the whole process can be recorded in time, so that later analysis and solution popularization are facilitated. In order to achieve the technical effect, the invention adopts the following technical scheme: the security analysis method based on the original message is matched with a probe arranged at an application end to use IDS and WAF double engines, and supports traditional threat detection and advanced threat detection in combination with threat intelligence, malicious file analysis, WEBshell detection and abnormal behavior detection, so that the security of the original message is improved, and the threat perception capability of the user is comprehensively improved.

Description

technical field [0001] The invention relates to the technical field of Internet of Things security, in particular to a security analysis method based on original messages. Background technique [0002] With the continuous development of information technology, information security poses new challenges to the safety supervision department. Moreover, my country's current information system security industry and information security laws, regulations and standards are not perfect, resulting in domestic information security work lagging behind the development of information technology. [0003] In order to improve national information security capabilities, in January 2015, the Ministry of Public Security promulgated the "Notice on Accelerating the Construction of a Network and Information Security Notification Mechanism" (Gongxinan [2015] No. 21). The "Notice on Accelerating the Construction of a Network and Information Security Notification Mechanism" requires the establishmen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1425H04L63/1416H04L63/20
Inventor 张波王斌吕齐汪志奕倪旭明邵航军盛辉张文杰杨怀仁金旭吴哲翔余侃吴颖王晓晨
Owner STATE GRID ZHEJIANG ELECTRIC POWER CO LTD JINHUA POWER SUPPLY CO
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap