134 results about "Network security situation awareness" patented technology

The invention discloses a network safety situation awareness early-warning method and system based big data, and the method comprises the steps: collecting intelligence information from the Internet, non-governmental organizations, governmental agencies and interiors of companies; obtaining log and network flow generated by safety equipment, network equipment, a host and other safety protection systems, carrying out the real-time preprocessing of the collected original data, carrying out the standardization of the data after preprocessing, and converting the data into safety data with the unified standard; carrying out scene modeling according to different attack behaviors, carrying out correlation analysis through combining with the intelligence information and the safety data, and generating early-warning information; carrying out the check processing of the early-warning information, and carrying out the visualized display of the early-warning information after check. The method can achieve the complete sensing of a safety situation, the early warning of safety threats and the capability of timely handling and responding of a safety event, and improves the overall safety protection capability of a power system.

The invention belongs to the technical field of network security and particularly relates to an attack-oriented network security situation prediction method, device and system. The method comprises the following steps: detecting and collecting alarm data and network environment operation and maintenance information in a network countermeasure environment, obtaining an element set required by network security situation prediction, wherein the element set comprises three types of information of an attacker, a defense party and a network environment; evaluating the attacker capability and the level of the defense party, establishing a dynamic Bayesian attack graph, and calculating an attack phase number and an attack state occurrence probability vector; and combining a vulnerability scoring standard and network asset information, and performing time-space dimension quantification on the network security situation value. According to the method, dynamic association of the situation elements of the defense party, the attacker, the environment information and the like is achieved, the actual environment of the network is better conformed to, the future situation and the attack occurrencetime can be accurately predicted, higher prediction efficiency is achieved, and storage scale and timeliness of network security situation awareness are optimized, so as to provide more effective guidance for network protection.

The invention relates to a network security situation awareness system and method based on information correlation. The system comprises a data acquisition module, a network security situation evaluation module, a network security situation prediction module and a network situation visualization module, wherein the data acquisition module is used for acquiring network essential information; the network security situation evaluation module is used for quantitatively analyzing threat, frangibility and stability of the network by utilizing the network essential information, thereby analyzing the current network security situation; the network security situation prediction module is used for predicting the network security situation according to historical information and current state of the network security situation; and the network situation visualization module is used for visually displaying network security indexes according to the analysis and prediction result of the network security situation. The invention solves the problem that the existing network situation awareness system lacks data validity verification, data correlation and quantitative analysis, so that the network security situation awareness is more accurate.

The invention discloses a security analysis framework based on network traffic meta data. The framework comprises a data layer, an analysis layer, a supporting layer and a displaying layer; the meta data of users, application, location, operation and time relevant to network traffic are acquired, compressed and stored, by means of the key technology, core algorithm, assistant resource and model database of the supporting layer, the secure analysis and displaying of the network meta data are implemented. According to the framework, the network traffic is acquired, the traffic meta data are extracted, the suspected malicious attacks existing in the network traffic are detected by the big data technology, the accuracy of malicious attack detection can be improved, the emergency responding time can be prolonged, and the security of the IT environment is guaranteed effectively; the theoretical basis and guidance are provided for deep security analysis of the network big data, and the significant value can be brought to malicious unknown attack detection, attack tracing and forensic analysis, network security situation awareness and other aspects.

The invention discloses a network security situational awareness method in the technical field of information security, which comprises the steps of: acquiring data from security defect software and / or hardware, preprocessing data, and using the preprocessed data as data samples; carrying out characteristic extraction and dimension reduction on the data samples by using manifold learning to obtain output values of the data samples; clustering the output value of the data samples by using a core matching integration clustering algorithm; fusing the clustered results by adopting DS (Data Set) evidential reasoning; estimating network security situation and threat by adopting a hierarchical model; predicting network security situation in a set future time length by using historical data and the current network security situation; and judging that the network security is threatened according to a set threshold. According to the invention, the real time and the accuracy of the network security situational awareness are enhanced.

The invention relates to a network security situation awareness method and system. The network security situation awareness method comprises the steps that key elements capable of being used for describing the network security situation are extracted, including network flow stability, threatening, vulnerability and user behaviors, second-level index score calculation and first-level index score calculation are carried out on the extracted key elements, first-level index scores include a network flow stability index score SS, a threatening index score TS, a vulnerability index score VS and a user behavior index score US, and finally the value of the entire network security situation is calculated by utilizing the weighted sum. The network security situation awareness method and system aim to establish comprehensive network security situation awareness indexes and improve the effectiveness and the real-time performance of the network security situation awareness.

The invention discloses a network security situation awareness system based on self-discipline computing and a processing method thereof. The network security situation awareness system comprises a managed resource, an Agent cooperation layer module, a sensor, an effector module and a self-discipline manager module, wherein the Agent cooperation layer module is connected with the managed resource and the self-discipline manager module; and the sensor and the effector module are respectively connected with the Agent cooperation layer module and the self-discipline manager module. The network security situation awareness system has the advantages that the system structure and the situation extraction for situation awareness are improved, the system environment is adjusted autonomously to adapt to the environment change dynamically, so that dynamic allocation of resources, dynamic synthesis of services and dynamic correction of system parameters are realized.

The invention discloses a network security situation awareness model and method based on an attack graph. The model comprises a data preprocessing module, an attack feature library construction module, an attack state identification module, a security situation evaluation module and a security situation prediction module. The method comprises: firstly, collecting data sets of different sources, and obtaining asset vulnerability threat data and asset attack threat data after preprocessing; further analyzing and training by utilizing the asset attack threat data and the principal component dataof the attack information, and establishing an attack feature library; matching the attack portrait, and determining the attack state of the current equipment; then, calculating a security situation value of the whole network by utilizing the asset attack threat data; and finally, predicting the next attack state through the attack and defense game matrix of the attack state diagram so as to predict the network security situation. A good situation awareness effect and a network security situation evaluation and prediction function are realized, and the model and the method have relatively goodpracticability, high efficiency and expansibility.

The invention relates to the field of network situation awareness, and provides a network situation awareness implementation method and device in view of the problems existing in the prior art. By analyzing and searching an existing system model of the network situation awareness, and aiming at the problem that the accuracy and real-time performance are not good enough, the invention proposes an improved network situation awareness implementation method and device. The device and the method are divided into two levels bottom-up: namely situation elements extraction, and situation understanding and assessment, wherein situation understanding and assessment are synchronized, and a predicted data source uses perceived network topology data and an extraction result of the situation elements. The network situation awareness implementation method and the device provided by the invention collect and process network state related network data; and analyze a logical relationship between various data of the network data after being processed by a situation extraction step, and fuse related network data to form a network situation awareness map, so as to realize the network situation awareness.

The invention provides a network security situation sensing system and method. The system comprises a collecting module, a sensing module and a visualization module, wherein the collecting module is used for collecting network security data used for carrying out security situation sensing in a network, the sensing module is used for using the collected network security data used for security situation sensing as the input of a pre-built intelligent fusion model for calculating the network security situation; the visualization module is used for visualizing the result of the network security situation obtained through calculation. According to the network security situation sensing system and method, the problems of data processing heterogeneous information source difficulty, single output results and low sensing process intelligence degree of the network safety situation sensing system can be solved.

The invention belongs to the technical field of network information security, and particularly relates to a network security situation awareness system and method. The system comprises a data acquisition unit used for acquiring network security elements such as security logs, system logs, vulnerability data and flow data in a network; a network security situation analysis unit which is used for processing and fusing the network security element data by means of classification, merging, correlation analysis and the like, and comprehensively analyzing fused information; a network security situation evaluation unit which is used for evaluating the security state of the current network according to the analysis result of the network security situation analysis unit; a network security situation prediction unit which is used for predicting the development trend of the network security state according to the security state and the historical information of the current network; a network security situation linkage unit which is used for handling security events according to the current network security state and the development trend of the current network security state; and a network security situation tracing unit which is used for positioning an attack source, discovering an attack path and obtaining evidence of an attack behavior.

The invention discloses a network safety event hazard index evaluation method based on multi-dimensional association, and also discloses a network safety situation awareness system adopting the network safety event hazard index evaluation method. The method is established on the basis of an asset database and a vulnerability database. The harm of the attack event to the safety network is calculated by using threat modeling; threats brought to a safety system by specific threat attacks are quantified, factors influencing network safety, including safety events, host vulnerabilities, provided services and the like, are considered, the hazard degree of the activities is analyzed according to the corresponding relationship between the safety activities and assets, vulnerabilities and the like,and the evaluation result is more accurate and credible.

The invention discloses a multi-domain network security situation perception model and a multi-domain network security situation perception method based on SDN. The model comprises a streaming data extraction module, a streaming data abnormity detection module, a security situation factor extracting module, a security situation evaluation module and a network security situation evaluation knowledge base. According to the multi-domain network security situation perception model and method based on SDN, the flow table mechanism in OpenFlow is used, and thereby a controller can obtain the network flow information more timely and efficiently, and extra network loads are not added. Compared with obtaining the flow information based on data packets or data packet integrated flow in the traditional network, the method does not need the software support of the router to NetFlow, does not need to additionally configure a hardware chip in the exchanger to support sFlow either, thus the system is cost-saving and convenient to deploy.

The invention discloses a power communication network security situation awareness and prediction method based on IRT hierarchical analysis and LSTM (Long Short Term Memory). The method is used for solving awareness and prediction on the security situation in the existing power communication network. The method comprises the implementation processes of: firstly, extracting characteristics influencing network security situation evaluation from network connection condition data acquired in the power communication network, furthermore, calculating a network security situation value based on a hierarchical IRT model, and then, establishing a network security situation prediction model based on LSTM, so that prediction on the security situation of the power communication network is realized. Byadoption of the method disclosed by the invention, the accuracy of the importance weight in a security situation evaluation process can be effectively improved; for the time sequence properties of anetwork security situation, the security situation of the power communication network can be predicted better; and furthermore, the network security condition can be reflected and predicted more accurately and effectively through the established model evaluation and prediction method.

The invention discloses a method and device for perceiving a network security situation based on Tensorflow and Docker and a perceptual model training method and device. The perceptual model training method comprises the following steps: acquiring historical network situation element data; adopting the historical network situation element data to train a preset network security situation perceptual model, wherein the network security situation perceptual model comprises a Tensorflow width and depth learning submodel running in a Docker container; judging whether a training result of the network security situation perceptual model achieves the expectation; and when the training result of the network security situation perceptual model does not achieve the expectation, executing the step of acquiring the historical network situation element data to the step of adopting the historical network situation element data to train the preset network security situation perceptual model repeatedly until the training result of the network security situation perceptual model achieves the expectation. Therefore, massive network data can be processed efficiently, so that the network security situation can be perceived effectively.

The invention discloses a substation network security situation sensing method and system, wherein the system comprises a network scanning module used for analyzing network messages to realize network topology discovery and network abnormal alarm. The host computer checking module is used for comparing each host computer with the baseline library to obtain the security state of the host computer.The vulnerability scanning module is used for scanning the vulnerability of each host to obtain the vulnerability information of the host. The message parsing module is used to parse the substation message in depth to detect whether there is malformation or attack message. The network equipment detection module is used to monitor the network equipment and security equipment to collect the log. Situation awareness module is used to carry out threat analysis, vulnerability analysis and association analysis according to the information collected by each module. Aiming at the characteristics of the substation network, the invention provides the data objects which are collected for the network security situation perception. And the processing flow and control method are given, which is helpfulto improve the overall network security of the substation.

The invention belongs to the field of network security situation awareness, and particularly relates to a network security situation awareness analysis method based on log and SNMP information fusion. The method includes the steps of performing data collection based on log and SNMP data fusion, performing preprocessing based on log and SNMP data fusion, performing log data analysis and SNMP data analysis, performing log and SNMP data fusion and performing visualization on log and SNMP data fusion. Compared with a method for analyzing log data or SNMP data sources singly, through combination of the two kinds of data, the overall operation trend of the network situation can be well analyzed, and analysis is more comprehensive and more accurate. According to a system, data with a high important degree is selected to be processed according to user requirements, and the burden of processing a large number of data is relieved. An automatic threshold value correction method is used, therefore, threshold value parameters defined by a user are more accurate, and the accuracy of data fusion is improved.

The invention discloses a network security situation awareness model and method based on CE-RBF. The model comprises a data preprocessing module, a situation calculation module, a parameter optimization module and a situation prediction module. The method comprises the following steps: collecting data sets from different sources, and extracting principal component information for situation awareness to obtain asset attack threat data and system state data; calculating a risk value according to the asset attack threat data of the network equipment, and evaluating the security situation of the whole network; determining initial parameters of the RBF neural network, establishing an optimization objective function, optimizing the parameters in the optimization objective function by using a CEalgorithm, substituting the optimal parameter set into the RBF neural network after finding the optimal parameter set, and training by using historical network situation values as sample data; and performing situation prediction by using the trained RBF neural network. According to the method, the problem of parameter optimization in the high-dimensional model is solved by utilizing the efficientoptimization capability of CE, and the prediction capability of the neural network is improved.

The invention discloses an operation risk assessment method and device based on a network security situation awareness system. The method comprises the steps: collecting historical data of the networksecurity situation awareness system in advance and analyzed; performing feature selection and data preprocessing on historical data of the network security situation awareness system to generate a training set and a test set for training a learning model; completing training of a learning model by adopting a machine learning algorithm, and exporting an intelligent analysis model after the learning model meets the average accuracy requirement; calculating expected recovery power supply time and loss load of the intelligent analysis model by adopting a general recovery target algorithm of the power system; and performing risk assessment calculation according to the expected power restoration time, the loss load and the threat intrusion probability of the intelligent analysis model to obtaina corresponding network security operation loss risk value. The method and device can combine the power system intrusion probability model and the network security situation awareness system to evaluate and calculate the operation risk, thus improving the risk evaluation accuracy.

The invention relates to the field of network security and discloses a virtuality and reality combined network security situation awareness simulation method. The method comprises the following steps of: constructing a real system comprising a plurality of real object devices, connecting the real system with a computer-simulated virtual simulation network system to form a virtuality and reality combined security situation awareness simulation network, generating a real network attack data stream by a network attack device, converting the real network attack data stream into a virtual network attack simulation data stream via a data conversion channel, and entering a virtual network security situation awareness simulation system from a simulation mapping node corresponding to the real network attack device. The method is used for solving the problems of low modeling efficiency, low accuracy and difficult verification of simulation result credibility in the traditional network security situation awareness simulation.

The invention discloses a network security situation awareness early warning system and method based on big data. The system comprises a data collection unit used for collecting data information, an analyzing and processing unit used for processing the data information, a service function unit used for achieving various related functions and an interface display unit for displaying. By adoption of the network security situation awareness early warning system and method, all kinds of viruses, Trojan horses, unexpected attacks and malicious violations caused by network devices and terminal hosts and other abnormal behaviors are monitored so as to help users to find the intrusion behaviors and access anomalies in the intranet in time.

The invention provides a network security situation awareness method based on a fusion decision. The method comprises the steps of collecting the sFlow data, NetFlow data, SNMP data and log data froma monitored network; preprocessing the collected sFlow data, NetFlow data, SNMP data and log data; and carrying out flow analysis and equipment performance analysis on the preprocessed data, and carrying out fusion through a fusion algorithm to obtain the security situation of the monitored network. According to the invention, the multi-source heterogeneous data information can be obtained for data fusion, and the safe operation condition of the whole network and whether the host in the network is attacked or not and even which attack category is attacked or not can be obtained, so that more accurate assessment is made for network security situation awareness.

The invention provides a parameter self-adaption network security posture quantitative evaluation method. The method comprises the following steps that a network security posture sensing system is established; posture elements are acquired; the posture elements are subjected to standardization processing and weighted processing; the weights of the posture elements are dynamically adjusted. According to the method, the acquired posture elements are comprehensive and comprise the six aspects of anomaly traffic flow, network attack, Trojan viruses, host loopholes, resource consumption and network operation from the angles of flow and a host. Relevant parameters are dynamic and can be dynamically adjusted along with variation of network environments and security demands, the variation condition of the network security postures can be reflected accurately, and a dynamic adjusting algorithm has high efficiency.

The invention belongs to the technical field of network security, and particularly relates to a distributed network situation awareness method and system, a server and node equipment, and the method comprises the steps: carrying out the data fusion for a network node security data source through calling an HADOOP interface and employing a MapReduce model, and obtaining a security event in a current time period; performing network security situation assessment by quantizing security event threat risks; and predicting the security situation according to the attack stage identified in the quantization process in combination with the network attack graph to obtain an attack intention. .Calculation and storage needing huge computing power in the system are expanded to each node in the HADOOP cluster, operation and processing are performed by utilizing the parallel computing and storage capacity of the cluster, parallel computing is realized by utilizing MapReduce, distributed network security situation awareness oriented to large-scale data can be realized The network security situation awareness storage scale and timeliness are optimized, and the awareness protection capability for hidden, cooperative, large-scale and multi-stage attacks such as APT attacks is improved.

The invention discloses a network security situation awareness model and method based on an improved BP neural network. The model comprises a data preprocessing module, a situation calculation module,a parameter optimization module and a situation prediction module, and the method comprises the following steps: collecting data sets from different sources, and extracting principal component information for situation awareness to obtain asset attack threat data and system state data; calculating a risk value according to the asset attack threat data of the network equipment, and evaluating thesecurity situation of the whole network; and improving a BP neural network by using the L-M optimization algorithm, optimizing weight parameters of BP neural network, obtaining optimal weight parameters after multiple iterations, and substituting the optimal weight parameters into BP neural network to perform network security situation prediction.. The problem that the BP neural network is caughtin a local optimal solution is effectively avoided, the convergence rate and generalization ability of the BP neural network are improved to a great extent, and the BP neural network can obtain a goodeffect in situation prediction.

The invention provides a network security situation awareness system based on big data. The system comprises a data collection and transmission module used for acquiring network basic information froma network through a wireless sensor network; and a network security situation big data analysis module, including a data preprocessing unit used for preprocessing the received network basic information to obtain the network basic information in a normalized format; a network security situation assessment unit used for performing quantitative analysis on the threat, vulnerability and stability ofthe network by using the normalized network basic information to realize the analysis of the current network security situation; a network security situation prediction used for predicting the networksecurity situation according to historical information and the current state of the network security situation; and a network situation display unit used for visually displaying network security indexes according to the analysis and prediction results of the network security situation.

The invention discloses a network security situation awareness model and method based on a time sequence. The model comprises a data preprocessing module, a situation analysis module and a situation prediction module. The method comprises the following steps: firstly, data sets of different sources are collected; principal component information is extracted in the data; fusion analysis is carriedout on the principal component data by utilizing a D-S evidence theory; secondly, asset importance is added on the basis of vulnerability threats, a security situation value of the network is obtained, finally, a perception algorithm based on Fourier curve fitting is selected to predict the situation value in the future time period according to different situations, and a network security situation prediction curve is drawn; or a perception algorithm based on curve contour similarity is selected to predict the situation value of the future time period. According to the invention, the prediction of the network security situation is more accurate, convenient, effective and reasonable, and the network security situation in a future period of time can be reflected more clearly and visually through the network security situation prediction map.

The embodiment of the invention provides a network safety situation perception result output method and device applied to a server; the method comprises the following steps: obtaining a network safety situation perception result; storing the network safety situation perception result according to preset rules; receiving a search request, and starting a container containing microservice executing the search request; outputting a search result obtained by the microservice from the network safety situation perception result, and closing the container. The network safety situation perception result output method and device can improve the server resource utilization rate.

The invention discloses a security event early-warning method for a multi-dimensional stereoscopic network. The method comprises the steps: analysis of a security event is carreid out in a network system according to the characteristics of network security through combining with the current state and future development trend of national network security; by employing an early-warning system related technology based on network security situation awareness, a multi-dimensional stereoscopic security event combined early warning mechanism is established, so that the early warning notification service requirements of conventional, emergency and special security events and network security situations are met. The early warning system based on network security situation awareness utilizes relatedtechnologies to analyze and understand situations, can discover and early warn in the shortest time, and is convenient for preparing emergency and disposal schemes.