[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114928467A - Network security operation and maintenance association analysis method and system - Google Patents

Network security operation and maintenance association analysis method and system Download PDF

Info

Publication number
CN114928467A
CN114928467A CN202210336998.7A CN202210336998A CN114928467A CN 114928467 A CN114928467 A CN 114928467A CN 202210336998 A CN202210336998 A CN 202210336998A CN 114928467 A CN114928467 A CN 114928467A
Authority
CN
China
Prior art keywords
network
devices
monitoring
network security
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210336998.7A
Other languages
Chinese (zh)
Inventor
李靖
张小明
钟小艳
李军
黄杰
王丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202210336998.7A priority Critical patent/CN114928467A/en
Publication of CN114928467A publication Critical patent/CN114928467A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Alarm Systems (AREA)

Abstract

The invention provides a network security operation and maintenance correlation analysis method and system, and relates to the technical field of network security. In the invention, the running state of the equipment is analyzed to obtain the abnormal degree of the running state of the equipment of the corresponding network safety monitoring equipment; determining each network safety monitoring device of which the corresponding device operation state abnormity degree meets the preset device operation state condition as a first network safety monitoring device, and acquiring first device operation state information obtained by monitoring the device operation state of the corresponding network device by each first network safety monitoring device; and analyzing the network security degree of the network equipment corresponding to each first network security monitoring equipment based on the equipment relevance information and the first equipment running state information to obtain the network security degree of the corresponding network equipment. Based on the method, the problem of poor reliability of network security determination in the prior art can be solved.

Description

Network security operation and maintenance association analysis method and system
Technical Field
The invention relates to the technical field of network security, in particular to a network security operation and maintenance correlation analysis method and system.
Background
In order to ensure the safe operation of the network device, a network security monitoring device responding to the network device is generally configured to monitor the device operation state of the network device, so as to obtain corresponding device operation state information. In this way, the device operating state information may be analyzed to determine the security level of the network device, but in the prior art, the network device is generally analyzed separately, which may cause a problem that the reliability of the network security determination is not good.
Disclosure of Invention
In view of the above, the present invention provides a method and a system for analyzing a network security operation and maintenance association, so as to solve the problem of poor reliability of network security determination in the prior art.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
a network security operation and maintenance association analysis method is applied to a network security monitoring server, the network security monitoring server is in communication connection with a plurality of network security monitoring devices, the network security monitoring devices are respectively used for monitoring the device operation state of each network device in a plurality of corresponding network devices, and the network security operation and maintenance association analysis method comprises the following steps:
respectively acquiring equipment running state information of each network safety monitoring equipment in the plurality of network safety monitoring equipment, and analyzing the equipment running state of the corresponding network safety monitoring equipment based on each piece of equipment running state information to obtain the equipment running state abnormality degree of the corresponding network safety monitoring equipment, wherein the equipment running state information is used for representing the running state of the corresponding network safety monitoring equipment in the process of monitoring the corresponding network equipment;
determining each network security monitoring device of which the corresponding device operation state abnormality degree meets a pre-configured device operation state condition as a first network security monitoring device, and acquiring first device operation state information obtained by monitoring the device operation state of the corresponding network device by each first network security monitoring device, wherein the first device operation state information is access record information formed by device access of other devices to the network device;
determining device association information among the plurality of network devices, and analyzing the network security degree of the network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the network device corresponding to each first network security monitoring device.
In some preferred embodiments, in the network security operation and maintenance association analysis method, the step of determining each network security monitoring device whose corresponding device operation state abnormality degree satisfies a pre-configured device operation state condition as a first network security monitoring device, and acquiring first device operation state information obtained by each first network security monitoring device monitoring the device operation state of the corresponding network device includes:
for each network safety monitoring device in the plurality of network safety monitoring devices, determining a relative size relationship between the device operation state abnormality degree corresponding to the network safety monitoring device and a pre-configured device operation state abnormality degree threshold;
for each network safety monitoring device in the plurality of network safety monitoring devices, if the device running state abnormity degree corresponding to the network safety monitoring device is smaller than or equal to the device running state abnormity degree threshold value, determining the network safety monitoring device as a first network safety monitoring device;
and for each first network safety monitoring device, acquiring first device running state information obtained by monitoring the device running state of the network device corresponding to the first network safety monitoring device by the first network safety monitoring device.
In some preferred embodiments, in the network security operation and maintenance association analysis method, the step of obtaining, for each first network security monitoring device, first device operating state information obtained by the first network security monitoring device monitoring an apparatus operating state of a network device corresponding to the first network security monitoring device includes:
counting the number of the first network security monitoring devices to obtain the counting number of the monitoring devices corresponding to the first network security monitoring devices, and determining the relative size relationship between the counting number of the monitoring devices and a preset threshold value of the counting number of the monitoring devices;
if the statistical number of the monitoring devices is greater than or equal to the statistical number threshold of the monitoring devices, acquiring, for each first network security monitoring device, first device running state information obtained by monitoring the device running state of the network device corresponding to the first network security monitoring device by the first network security monitoring device, and if the statistical number of the monitoring devices is less than the statistical number threshold of the monitoring devices, not acquiring first device running state information obtained by monitoring the device running state of the corresponding network device by the first network security monitoring device.
In some preferred embodiments, in the network security operation and maintenance association analysis method, the determining device association information among the plurality of network devices, and analyzing the network security degree of the network device corresponding to each of the first network security monitoring devices based on the device association information and the first device operating state information to obtain the network security degree of the network device corresponding to each of the first network security monitoring devices includes:
for each first network security monitoring device, determining a network device corresponding to the first network security monitoring device as a corresponding first network device;
determining device association information among the plurality of first network devices, and analyzing the network security degree of the first network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the first network device corresponding to each first network security monitoring device.
In some preferred embodiments, in the network security operation and maintenance association analysis method, the determining device association information among a plurality of first network devices, and analyzing the network security degree of the first network device corresponding to each first network security monitoring device based on the device association information and the first device operating state information to obtain the network security degree of the first network device corresponding to each first network security monitoring device includes:
for every two first network devices in the plurality of first network devices, respectively obtaining device application scenario information of the two first network devices, calculating similarity between the device application scenario information of the two first network devices to obtain application scenario similarity between the two first network devices, and determining device association information between the two first network devices based on the application scenario similarity between the two first network devices, wherein the device association information and the application scenario similarity have a positive correlation;
for every two first network devices in the plurality of first network devices, calculating the similarity between the running state information of the first devices corresponding to the two first network devices to obtain the running state similarity between the two first network devices;
for each two first network devices in the plurality of first network devices, calculating a matching degree between the application scene similarity between the two first network devices and the operation state similarity between the two first network devices, respectively determining a relative size relationship between the matching degree between the first network device and each other first network device and a matching degree threshold value configured whether or not, and regarding each other first network device with the matching degree greater than the matching degree threshold value as a matching first network device corresponding to the first network device;
and counting the number of the matched first network devices corresponding to each first network device to obtain the statistical number of the matched devices corresponding to the first network device, and determining the network security degree of the first network device based on the statistical number of the matched devices, wherein the network security degree and the statistical number of the matched devices have positive correlation.
In some preferred embodiments, in the above network security operation and maintenance association analysis method, the step of calculating, for each two first network devices in the plurality of first network devices, a similarity between the first device operation state information corresponding to the two first network devices to obtain an operation state similarity between the two first network devices includes:
for each first network device in the plurality of first network devices, sequencing the other devices based on the access sequence of each other device in the first device running state information corresponding to the first network device to obtain a device sequencing sequence corresponding to the first network device;
and for each two first network devices in the plurality of first network devices, obtaining the operation state similarity between the two first network devices based on the similarity between the device sequencing sequences corresponding to the two first network devices.
In some preferred embodiments, in the network security operation and maintenance association analysis method, the step of respectively obtaining device operation state information of each of the plurality of network security monitoring devices, and analyzing the device operation state of the corresponding network security monitoring device based on each piece of the device operation state information to obtain a device operation state abnormality degree of the corresponding network security monitoring device includes:
respectively obtaining equipment running state information of each network safety monitoring equipment in the plurality of network safety monitoring equipment to obtain a plurality of pieces of equipment running state information corresponding to the plurality of network safety monitoring equipment, wherein the equipment running state information is used for representing the running state of the corresponding network safety monitoring equipment in the process of monitoring the corresponding network equipment;
classifying the running state information of the plurality of pieces of equipment to obtain at least one state information classification set corresponding to the running state information of the plurality of pieces of equipment;
and analyzing the equipment running state of the corresponding network safety monitoring equipment based on the running state information of each piece of equipment included in the state information classification set aiming at each state information classification set in the at least one state information classification set to obtain the equipment running state abnormal degree of the network safety monitoring equipment corresponding to the running state information of each piece of equipment included in the state information classification set.
The embodiment of the present invention further provides a network security operation and maintenance association analysis system, which is applied to a network security monitoring server, wherein the network security monitoring server is communicatively connected with a plurality of network security monitoring devices, the plurality of network security monitoring devices are respectively used for monitoring the device operating state of each of a plurality of corresponding network devices, and the network security operation and maintenance association analysis system includes:
the network safety monitoring device comprises a running state analysis module, a monitoring module and a monitoring module, wherein the running state analysis module is used for respectively acquiring the device running state information of each network safety monitoring device in the plurality of network safety monitoring devices, analyzing the device running state of the corresponding network safety monitoring device based on each piece of device running state information and obtaining the abnormal degree of the device running state of the corresponding network safety monitoring device, and the device running state information is used for representing the running state of the corresponding network safety monitoring device in the monitoring process of the corresponding network safety monitoring device;
the network security monitoring system comprises an operation state acquisition module, a first network security monitoring device and a second network security monitoring device, wherein the operation state acquisition module is used for determining each network security monitoring device of which the corresponding device operation state abnormity degree meets the preset device operation state condition as the first network security monitoring device and acquiring first device operation state information obtained by monitoring the device operation state of the corresponding network device by each first network security monitoring device, and the first device operation state information is access record information formed by device access of other devices to the network device;
and the network security analysis module is used for determining the device association information among the plurality of network devices, and analyzing the network security degree of the network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the network device corresponding to each first network security monitoring device.
In some preferred embodiments, in the network security operation and maintenance association analysis system, the operation state obtaining module is specifically configured to:
for each network safety monitoring device in the plurality of network safety monitoring devices, determining a relative size relationship between the device operation state abnormality degree corresponding to the network safety monitoring device and a pre-configured device operation state abnormality degree threshold value;
for each network safety monitoring device in the plurality of network safety monitoring devices, if the device operation state abnormality degree corresponding to the network safety monitoring device is less than or equal to the device operation state abnormality degree threshold, determining the network safety monitoring device as a first network safety monitoring device;
and for each first network safety monitoring device, acquiring first device running state information obtained by monitoring the device running state of the network device corresponding to the first network safety monitoring device by the first network safety monitoring device.
In some preferred embodiments, in the network security operation and maintenance association analysis system, the network security analysis module is specifically configured to:
for each first network safety monitoring device, determining a network device corresponding to the first network safety monitoring device as a corresponding first network device;
determining device association information among the plurality of first network devices, and analyzing the network security degree of the first network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the first network device corresponding to each first network security monitoring device.
After analyzing the device operating status to obtain the device operating status abnormality degree of the corresponding network security monitoring device, each network security monitoring device whose corresponding device operating status abnormality degree satisfies the pre-configured device operating status condition may be determined as the first network security monitoring device, and the first device operating status information obtained by monitoring the device operating status of the corresponding network device by each first network security monitoring device may be obtained, so that the network security level of the network device corresponding to each first network security monitoring device may be analyzed based on the device association information and the first device operating status information to obtain the network security level of the corresponding network device, that is, when performing the analysis process, the equipment relevance information is added to serve as a basis for analysis, so that the reliability of analysis processing can be guaranteed, and the problem that the reliability of network security determination in the prior art is poor is solved.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
Fig. 1 is a block diagram of a network security monitoring server according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a network security operation and maintenance association analysis method provided in an embodiment of the present invention.
Fig. 3 is a schematic diagram of a network security operation and maintenance association analysis system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a network security monitoring server. Wherein the network security monitoring server may include a memory and a processor.
In detail, the memory and the processor are electrically connected directly or indirectly to realize data transmission or interaction. For example, they may be electrically connected to each other via one or more communication buses or signal lines. The memory can have at least one software functional module (computer program) stored therein, which can be in the form of software or firmware. The processor may be configured to execute the executable computer program stored in the memory, so as to implement the network security operation and maintenance association analysis method provided in the embodiment of the present invention (described below).
It is understood that in some possible implementations, the Memory may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Read Only Memory (EPROM), an electrically Erasable Read Only Memory (EEPROM), and the like.
It is to be understood that, in some possible implementations, the Processor may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), a System on Chip (SoC), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
Also, the structure shown in fig. 1 is only an illustration, and the network security monitoring server may further include more or fewer components than those shown in fig. 1, or have a different configuration from that shown in fig. 1, for example, may include a communication unit for information interaction with other devices.
With reference to fig. 2, an embodiment of the present invention further provides a network security operation and maintenance association analysis method, which is applicable to the network security monitoring server. The method steps defined by the flow related to the network security operation and maintenance association analysis method may be implemented by the network security monitoring server. The network security monitoring server is in communication connection with a plurality of network security monitoring devices, and the plurality of network security monitoring devices are respectively used for monitoring the device running state of each of the plurality of corresponding network devices. The specific process shown in FIG. 2 will be described in detail below.
Step S100, respectively obtaining device running state information of each of the multiple network security monitoring devices, and analyzing the device running state of the corresponding network security monitoring device based on each piece of the device running state information, to obtain a device running state abnormal degree of the corresponding network security monitoring device.
In the embodiment of the present invention, the network security monitoring server may respectively obtain the device operating state information of each of the plurality of network security monitoring devices, and analyze the device operating state of the corresponding network security monitoring device based on each piece of the device operating state information, so as to obtain the device operating state abnormality degree of the corresponding network security monitoring device. The device running state information is used for representing the running state of the corresponding network safety monitoring device in the process of monitoring the corresponding network device.
Step S200, determining each network security monitoring device whose corresponding device operating state abnormality degree satisfies the pre-configured device operating state condition, as a first network security monitoring device, and acquiring first device operating state information obtained by each first network security monitoring device monitoring the device operating state of the corresponding network device.
In the embodiment of the present invention, the network security monitoring server may determine each network security monitoring device whose corresponding device operation state abnormality degree satisfies a pre-configured device operation state condition, as a first network security monitoring device, and obtain first device operation state information obtained by each first network security monitoring device monitoring the device operation state of the corresponding network device. The first device operating state information is access record information (for example, a certain device accesses at a certain time) formed by device access of other devices to the network device.
Step S300, determining device association information among the multiple network devices, and analyzing the network security level of the network device corresponding to each first network security monitoring device based on the device association information and the first device operating state information to obtain the network security level of the network device corresponding to each first network security monitoring device.
In this embodiment of the present invention, the network security monitoring server may determine device association information among the multiple network devices, and perform analysis processing on the network security degree of the network device corresponding to each first network security monitoring device based on the device association information and the first device operating state information, to obtain the network security degree of the network device corresponding to each first network security monitoring device.
Based on the steps included in the foregoing network security operation and maintenance association analysis method, after analyzing the device operating status to obtain the device operating status abnormality degree of the corresponding network security monitoring device, each network security monitoring device whose corresponding device operating status abnormality degree satisfies the pre-configured device operating status condition may be determined as the first network security monitoring device, and the first device operating status information obtained by monitoring the device operating status of the corresponding network device by each first network security monitoring device may be obtained, so that the network security degree of the network device corresponding to each first network security monitoring device may be analyzed based on the device association information and the first device operating status information to obtain the network security degree of the corresponding network device, that is, when performing the analysis process, the equipment relevance information is added as the basis for analysis, so that the reliability of analysis processing can be guaranteed, and the problem of poor reliability of network security determination in the prior art is solved.
It will be appreciated that in some possible implementations, step S100 may include the following, as included in step S110, step S120 and step S130.
Step S110, obtaining device operating state information of each network security monitoring device in the plurality of network security monitoring devices, respectively, to obtain a plurality of device operating state information corresponding to the plurality of network security monitoring devices.
In the embodiment of the present invention, the network security monitoring server may respectively obtain the device operating state information of each of the plurality of network security monitoring devices, so as to obtain a plurality of device operating state information corresponding to the plurality of network security monitoring devices. The device running state information is used for representing the running state of the corresponding network safety monitoring device in the process of monitoring the corresponding network device.
Step S120, performing classification processing on the multiple pieces of device operation state information to obtain at least one state information classification set corresponding to the multiple pieces of device operation state information.
In the embodiment of the present invention, the network security monitoring server may perform classification processing on the multiple pieces of device operation state information to obtain at least one state information classification set corresponding to the multiple pieces of device operation state information.
Step S130, for each status information classification set in the at least one status information classification set, analyzing the device operating status of the corresponding network security monitoring device based on each device operating status information included in the status information classification set, and obtaining a device operating status abnormality degree of the network security monitoring device corresponding to each device operating status information.
In this embodiment of the present invention, the network security monitoring server may analyze, for each status information classification set in the at least one status information classification set, the device operating state of the corresponding network security monitoring device based on each piece of device operating state information included in the status information classification set, and obtain a device operating state abnormality degree of the network security monitoring device corresponding to each piece of device operating state information included in the status information classification set.
Based on the steps S110, S120, and S130 included in the above method, after the device operating state information of each of the multiple network security monitoring devices is respectively obtained, and the corresponding multiple pieces of device operating state information are obtained, the multiple pieces of device operating state information may be classified to obtain at least one corresponding state information classification set, so that for each state information classification set in the at least one state information classification set, the device operating state of the corresponding network security monitoring device is analyzed based on each piece of device operating state information included in the state information classification set to obtain the device operating state abnormality degree of the network security monitoring device corresponding to each piece of device operating state information included in the state information classification set, so that the basis for analyzing the device operating state is more sufficient, the reliability of the result of analyzing the running state of the equipment is guaranteed, and therefore the problem that the sensing reliability of the abnormal degree of the equipment in the prior art is poor is solved.
It is understood that in some possible implementations, step S110 may include the following:
firstly, judging whether state monitoring needs to be carried out on the plurality of network safety monitoring devices or not;
secondly, if the plurality of network safety monitoring devices need to be subjected to state monitoring, generating corresponding state monitoring notification information, and sending the state monitoring notification information to each of the plurality of network safety monitoring devices, wherein each of the plurality of network safety monitoring devices is used for sending the running state information of the device to the network safety monitoring server based on the state monitoring notification information;
then, respectively obtaining the device running state information sent by each of the network safety monitoring devices based on the state monitoring notification information, and obtaining multiple pieces of device running state information corresponding to the network safety monitoring devices.
It is to be understood that, in some possible implementations, the step of determining whether the status monitoring of the plurality of network security monitoring devices is required may include the following steps:
firstly, determining the time for monitoring the states of the plurality of network security monitoring devices in the history last time to obtain corresponding first historical time information, and calculating the relative size between the time difference between the first historical time information and the current time information and a preconfigured time difference threshold (for example, whether the time difference between the first historical time information and the current time information is greater than or equal to the time difference threshold);
secondly, if the time difference between the first historical time information and the current time information is greater than or equal to the time difference threshold, determining that the state monitoring needs to be carried out on the plurality of network safety monitoring devices; then, if the time difference between the first historical time information and the current time information is smaller than the time difference threshold, it is determined that the state monitoring of the plurality of network security monitoring devices is not required.
It will be appreciated that in some possible implementations, step S120 may include the following:
firstly, aiming at each network safety monitoring device in the plurality of network safety monitoring devices, obtaining the running state information of each historical device corresponding to the network safety monitoring device, and obtaining the running state information of a plurality of historical devices corresponding to the network safety monitoring device;
secondly, based on the plurality of pieces of historical equipment running state information corresponding to each of the plurality of network safety monitoring equipment, classifying the plurality of pieces of equipment running state information corresponding to the plurality of network safety monitoring equipment to obtain at least one state information classification set corresponding to the plurality of pieces of equipment running state information, wherein each state information classification set in the at least one state information classification set comprises at least one piece of equipment running state information.
It may be understood that, in some possible implementation manners, the step of classifying, based on the pieces of historical apparatus operating state information corresponding to each of the plurality of network security monitoring apparatuses, the pieces of apparatus operating state information corresponding to the plurality of network security monitoring apparatuses to obtain at least one state information classification set corresponding to the pieces of apparatus operating state information may include the following steps:
firstly, for each network security monitoring device in the plurality of network security monitoring devices, sequencing the plurality of pieces of historical device running state information corresponding to the network security monitoring device according to the sequence of acquisition time (for example, the acquisition time is earlier before and later), and obtaining a historical state information sequence corresponding to the network security monitoring device;
secondly, aiming at every two network safety monitoring devices in the plurality of network safety monitoring devices, performing sequence similarity calculation operation on two historical state information sequences corresponding to the two network safety monitoring devices to obtain the historical state sequence similarity corresponding to the two network safety monitoring devices;
then, based on the historical state sequence similarity corresponding to every two network safety monitoring devices in the plurality of network safety monitoring devices, classifying the plurality of network safety monitoring devices to obtain at least one monitoring device set corresponding to the plurality of network safety monitoring devices;
and finally, aiming at each monitoring equipment set in the at least one monitoring equipment set, putting equipment running state information corresponding to each network safety monitoring equipment included in the monitoring equipment set into the same set to obtain a state information classification set corresponding to the monitoring equipment set, wherein the monitoring equipment set and the state information classification set have one-to-one correspondence relationship.
It will be appreciated that in some possible implementations, the sequence similarity calculation operation may include the following:
firstly, in a first step, a first history abnormal degree sequence corresponding to a first history state information sequence is constructed and formed based on the abnormal degree of the history device running state corresponding to each piece of history device running state information in the first history state information sequence in the two history state information sequences, and a second history abnormal degree sequence corresponding to a second history state information sequence is constructed and formed based on the abnormal degree of the history device running state corresponding to each piece of history device running state information in the second history state information sequence in the two history state information sequences;
performing difference-similarity comparison processing on the abnormal degrees of the operating states of the historical devices at the corresponding sequence positions between the first historical abnormal degree sequence and the second historical abnormal degree sequence to obtain a corresponding historical abnormal degree comparison sequence, wherein the historical abnormal degree comparison sequence is used for indicating whether the difference value between the abnormal degrees of the operating states of the historical devices at the corresponding sequence positions between the first historical abnormal degree sequence and the second historical abnormal degree sequence is smaller than a threshold value or not;
a third step of determining a position number ratio of sequence positions in the historical abnormality degree comparison sequence, in which a difference between abnormality degrees characterizing corresponding historical apparatus operating states is smaller than the threshold, and determining a maximum position number of consecutive sequence positions in the historical abnormality degree comparison sequence, in which a difference between abnormality degrees characterizing corresponding historical apparatus operating states is smaller than the threshold, and determining an abnormality degree sequence similarity coefficient between the first historical abnormality degree sequence and the second historical abnormality degree sequence based on the position number ratio and the maximum position number, wherein the abnormality degree sequence similarity coefficient has a positive correlation with the position number ratio, and the abnormality degree sequence similarity coefficient has a positive correlation with the maximum position number;
fourthly, calculating the similarity between the running state information of the two pieces of historical equipment corresponding to the sequence position aiming at each corresponding sequence position in the two historical state information sequences to obtain the historical state information similarity corresponding to the sequence position, and constructing and forming two state information similarity sequences corresponding to the historical state information sequences based on the historical state information similarity corresponding to each corresponding sequence position in the two historical state information sequences;
fifthly, determining the number ratio of sequence positions corresponding to the historical state information similarity which is greater than or equal to a preset state information similarity threshold in the state information similarity sequence to obtain the historical number ratio corresponding to the state information similarity sequence, and determining the maximum number of continuous positions of the continuous sequence positions corresponding to the historical state information similarity which is greater than or equal to the state information similarity threshold value in the state information similarity sequence, and determining a history state sequence similarity coefficient between two of the history state information sequences based on the history number ratio and the maximum number of consecutive positions, wherein the historical state sequence similarity coefficient and the historical quantity proportion have positive correlation relationship, the historical state sequence similarity coefficient has a positive correlation with the maximum number of continuous positions;
and sixthly, fusing the similarity coefficient of the abnormal degree sequence and the similarity coefficient of the historical state sequence (such as calculating a weighted sum value and the like) to obtain the similarity of the historical state sequences corresponding to the two pieces of network safety monitoring equipment corresponding to the historical state information sequences.
It may be understood that, in some possible implementations, the step of classifying the multiple network security monitoring devices based on the historical state sequence similarity corresponding to every two network security monitoring devices in the multiple network security monitoring devices to obtain at least one monitoring device set corresponding to the multiple network security monitoring devices may include the following steps:
a, determining any one network security monitoring device from the plurality of network security monitoring devices, and putting the network security monitoring device into a first device set which is constructed in advance as a first network security monitoring device;
b, respectively determining the relative size relationship between the historical state sequence similarity between the network security monitoring device and each first network security monitoring device in the first device set and a preset historical state sequence similarity threshold value aiming at each network security monitoring device outside the first device set, and placing the network security monitoring device into the first device set when the historical state sequence similarity between the network security monitoring device and at least one first network security monitoring device is greater than or equal to the historical state sequence similarity threshold value;
c, executing the step b at least once until the historical state sequence similarity between each network safety monitoring device outside the first device set and each first network safety monitoring device in the first device set is smaller than the historical state sequence similarity, and then determining any one network safety monitoring device from each network safety monitoring device outside the first device set as a new first network safety monitoring device to be placed into the currently constructed new first device set;
d, respectively determining, for each network security monitoring device outside the first device set and the new first device set, a relative magnitude relationship between a historical state sequence similarity between the network security monitoring device and each new network security monitoring device in the new first device set and the historical state sequence similarity threshold, and when the historical state sequence similarity between the network security monitoring device and at least one new network security monitoring device is greater than or equal to the historical state sequence similarity threshold, placing the network security monitoring device in the new first device set;
e, executing step d at least once until the historical state sequence similarity between each network security monitoring device outside the first device set and the new first device set and each new first network security monitoring device in the new first device set is smaller than the historical state sequence similarity, and then determining any one network security monitoring device from each network security monitoring device outside the first device set and the new first device set to be used as a new first network security monitoring device to be placed in the currently constructed new first device set;
and f, circularly executing the step d and the step e at least once until no network security monitoring equipment exists outside the first equipment set and the new first equipment set, and taking the first equipment set and each new first equipment set as a monitoring equipment set respectively.
It will be appreciated that in some possible implementations, step S130 may include the following:
firstly, aiming at each state information classification set in at least one state information classification set, calculating the state information similarity between every two pieces of equipment operation state information included in the state information classification set to obtain at least one state information similarity corresponding to the state information classification set, wherein each state information classification set comprises at least two pieces of equipment operation state information, the equipment operation state information is the operation log information of corresponding network safety monitoring equipment, and the state information similarity is the text similarity between the operation log information;
secondly, respectively determining the relative size relationship between the state information similarity between the equipment operation state information and each piece of other equipment operation state information in the state information classification set and a preset state information similarity threshold value aiming at each piece of equipment operation state information in each state information classification set in the at least one state information classification set, and determining the number ratio of the other equipment operation state information of which the state information similarity with the equipment operation state information is smaller than the state information similarity threshold value (the ratio of the number of the other equipment operation state information of which the corresponding state information similarity is smaller than the state information similarity threshold value to the number of the other equipment operation state information), so as to obtain the number ratio corresponding to the equipment operation state information;
then, for each piece of equipment operation state information included in each state information classification set of the at least one state information classification set, based on a quantity ratio corresponding to the equipment operation state information, obtaining an equipment operation state abnormality degree of the network security monitoring equipment corresponding to the equipment operation state information, where the equipment operation state abnormality degree and the quantity ratio have a positive correlation (for example, the quantity ratio may be determined as the equipment operation state abnormality degree).
It will be appreciated that in some possible implementations, step S200 may include the following:
firstly, for each network safety monitoring device in the plurality of network safety monitoring devices, determining a relative size relationship between the device operation state abnormality degree corresponding to the network safety monitoring device and a pre-configured device operation state abnormality degree threshold value;
secondly, for each network safety monitoring device in the plurality of network safety monitoring devices, if the device operation state abnormality degree corresponding to the network safety monitoring device is less than or equal to the device operation state abnormality degree threshold (that is, it can be considered that there is no abnormal state), determining the network safety monitoring device as a first network safety monitoring device;
then, for each first network security monitoring device, obtaining first device operating state information obtained by the first network security monitoring device monitoring the device operating state of the network device corresponding to the first network security monitoring device.
It can be understood that, in some possible implementation manners, the step of acquiring, for each first network security monitoring device, first device operation state information obtained by monitoring, by the first network security monitoring device, the device operation state of the network device corresponding to the first network security monitoring device may include the following steps:
firstly, counting the number of the first network security monitoring devices to obtain the statistical number of the monitoring devices corresponding to the first network security monitoring devices, and determining the relative size relationship between the statistical number of the monitoring devices and a preset statistical number threshold of the monitoring devices;
secondly, if the statistical quantity of the monitoring devices is greater than or equal to the statistical quantity threshold of the monitoring devices, acquiring, for each first network security monitoring device, first device running state information obtained by monitoring the device running state of the network device corresponding to the first network security monitoring device by the first network security monitoring device, and if the statistical quantity of the monitoring devices is less than the statistical quantity threshold of the monitoring devices, not acquiring the first device running state information obtained by monitoring the device running state of the corresponding network device by the first network security monitoring device.
It is understood that in some possible implementations, step S300 may include the following:
firstly, aiming at each first network safety monitoring device, determining a network device corresponding to the first network safety monitoring device as a corresponding first network device;
and secondly, determining device association information among the plurality of first network devices, and analyzing the network security degree of the first network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the first network device corresponding to each first network security monitoring device.
It may be understood that, in some possible implementation manners, the determining device association information among a plurality of first network devices, and analyzing, based on the device association information and the first device operating state information, the network security degree of the first network device corresponding to each first network security monitoring device to obtain the network security degree of the first network device corresponding to each first network security monitoring device may include the following steps:
firstly, for every two first network devices in the plurality of first network devices, respectively obtaining device application scene information of the two first network devices, calculating similarity between the device application scene information of the two first network devices (for example, calculating text similarity between text data describing corresponding device application scene information), obtaining application scene similarity between the two first network devices, and determining device association information between the two first network devices based on the application scene similarity between the two first network devices, wherein the device association information and the application scene similarity have positive correlation;
secondly, calculating the similarity between the running state information of the first equipment corresponding to each two first network equipment in the plurality of first network equipment to obtain the running state similarity between the two first network equipment;
then, for every two first network devices in the plurality of first network devices, calculating a matching degree between the application scene similarity between the two first network devices and the operation state similarity between the two first network devices (for example, firstly, respectively performing normalization processing on the application scene similarity and the operation state similarity, then, calculating a difference between corresponding normalized values, and determining the matching degree based on the difference, wherein the difference and the matching degree have a negative correlation), and respectively determining the relative size relation between the matching degree between the first network equipment and each other first network equipment and a matching degree threshold value configured or not for each first network equipment, each other first network device with the matching degree larger than the threshold value of the matching degree is used as a matching first network device corresponding to the first network device;
finally, for each first network device, counting the number of the matched first network devices corresponding to the first network device to obtain the counted number of the matched devices corresponding to the first network device, and determining the network security degree of the first network device based on the counted number of the matched devices, wherein the network security degree and the counted number of the matched devices have positive correlation.
It may be understood that, in some possible implementation manners, the step of calculating, for each two first network devices in the plurality of first network devices, a similarity between the operation state information of the first devices corresponding to the two first network devices, and obtaining an operation state similarity between the two first network devices may include the following steps:
firstly, aiming at each first network device in a plurality of first network devices, sequencing the other devices based on the access sequence of each other device in the first device running state information corresponding to the first network device to obtain a device sequencing sequence corresponding to the first network device;
then, for every two first network devices in the plurality of first network devices, the operation state similarity between the two first network devices is obtained based on the similarity between the device ordering sequences corresponding to the two first network devices (for example, counting the number ratio of other devices having the same or similar corresponding sequence positions, as the similarity, etc.).
With reference to fig. 3, an embodiment of the present invention further provides a network security operation and maintenance association analysis system, which is applicable to the network security monitoring server. The network security operation and maintenance association analysis system may include the following modules:
the network safety monitoring device comprises a running state analysis module, a monitoring module and a monitoring module, wherein the running state analysis module is used for respectively acquiring device running state information of each network safety monitoring device in the network safety monitoring devices, analyzing the device running state of the corresponding network safety monitoring device based on each piece of device running state information and obtaining the abnormal degree of the device running state of the corresponding network safety monitoring device, and the device running state information is used for representing the running state of the corresponding network safety monitoring device in the monitoring process of the corresponding network safety monitoring device;
the network security monitoring system comprises an operation state acquisition module, a first network security monitoring device and a second network security monitoring device, wherein the operation state acquisition module is used for determining each network security monitoring device of which the corresponding device operation state abnormity degree meets the preset device operation state condition as the first network security monitoring device and acquiring first device operation state information obtained by monitoring the device operation state of the corresponding network device by each first network security monitoring device, and the first device operation state information is access record information formed by device access of other devices to the network device;
and the network security analysis module is used for determining the device association information among the plurality of network devices, and analyzing the network security degree of the network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the network device corresponding to each first network security monitoring device.
It can be understood that, in some possible implementations, the operation state acquisition module is specifically configured to: for each network safety monitoring device in the plurality of network safety monitoring devices, determining a relative size relationship between the device operation state abnormality degree corresponding to the network safety monitoring device and a pre-configured device operation state abnormality degree threshold; for each network safety monitoring device in the plurality of network safety monitoring devices, if the device operation state abnormality degree corresponding to the network safety monitoring device is less than or equal to the device operation state abnormality degree threshold, determining the network safety monitoring device as a first network safety monitoring device; and for each first network safety monitoring device, acquiring first device running state information obtained by monitoring the device running state of the network device corresponding to the first network safety monitoring device by the first network safety monitoring device.
It is to be understood that, in some possible implementations, the network security resolution module is specifically configured to: for each first network safety monitoring device, determining a network device corresponding to the first network safety monitoring device as a corresponding first network device; determining device association information among a plurality of first network devices, and analyzing the network security degree of the first network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the first network device corresponding to each first network security monitoring device.
In summary, after analyzing the device operating status to obtain the device operating status abnormality degree of the corresponding network security monitoring device, each network security monitoring device whose corresponding device operating status abnormality degree satisfies the pre-configured device operating status condition may be determined as the first network security monitoring device, and the first device operating status information obtained by each first network security monitoring device monitoring the device operating status of the corresponding network device is obtained, so that the network security level of the network device corresponding to each first network security monitoring device may be analyzed based on the device association information and the first device operating status information to obtain the network security level of the corresponding network device, that is, when performing the analysis process, the equipment relevance information is added as the basis for analysis, so that the reliability of analysis processing can be guaranteed, and the problem of poor reliability of network security determination in the prior art is solved.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A network security operation and maintenance correlation analysis method is applied to a network security monitoring server, the network security monitoring server is in communication connection with a plurality of network security monitoring devices, the network security monitoring devices are respectively used for monitoring the device running state of each corresponding network device in a plurality of network devices, and the network security operation and maintenance correlation analysis method comprises the following steps:
respectively acquiring equipment running state information of each network safety monitoring equipment in the plurality of network safety monitoring equipment, and analyzing the equipment running state of the corresponding network safety monitoring equipment based on each piece of equipment running state information to obtain the equipment running state abnormality degree of the corresponding network safety monitoring equipment, wherein the equipment running state information is used for representing the running state of the corresponding network safety monitoring equipment in the process of monitoring the corresponding network equipment;
determining each network security monitoring device of which the corresponding device operation state abnormality degree meets a pre-configured device operation state condition as a first network security monitoring device, and acquiring first device operation state information obtained by monitoring the device operation state of the corresponding network device by each first network security monitoring device, wherein the first device operation state information is access record information formed by device access of other devices to the network device;
determining device association information among the plurality of network devices, and analyzing the network security degree of the network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the network device corresponding to each first network security monitoring device.
2. The network security operation and maintenance association analysis method according to claim 1, wherein the step of determining each network security monitoring device whose corresponding device operation state abnormality degree satisfies a pre-configured device operation state condition as a first network security monitoring device, and obtaining first device operation state information obtained by each first network security monitoring device monitoring the device operation state of the corresponding network device includes:
for each network safety monitoring device in the plurality of network safety monitoring devices, determining a relative size relationship between the device operation state abnormality degree corresponding to the network safety monitoring device and a pre-configured device operation state abnormality degree threshold;
for each network safety monitoring device in the plurality of network safety monitoring devices, if the device operation state abnormality degree corresponding to the network safety monitoring device is less than or equal to the device operation state abnormality degree threshold, determining the network safety monitoring device as a first network safety monitoring device;
and for each first network safety monitoring device, acquiring first device running state information obtained by monitoring the device running state of the network device corresponding to the first network safety monitoring device by the first network safety monitoring device.
3. The network security operation and maintenance association analysis method of claim 2, wherein the step of obtaining, for each first network security monitoring device, first device operation state information obtained by the first network security monitoring device monitoring the device operation state of the network device corresponding to the first network security monitoring device includes:
counting the number of the first network security monitoring devices to obtain the counting number of the monitoring devices corresponding to the first network security monitoring devices, and determining the relative size relationship between the counting number of the monitoring devices and a preset threshold value of the counting number of the monitoring devices;
if the statistical quantity of the monitoring equipment is greater than or equal to the statistical quantity threshold of the monitoring equipment, acquiring first equipment running state information obtained by monitoring the equipment running state of the network equipment corresponding to the first network safety monitoring equipment by the first network safety monitoring equipment aiming at each first network safety monitoring equipment, and if the statistical quantity of the monitoring equipment is less than the statistical quantity threshold of the monitoring equipment, not acquiring the first equipment running state information obtained by monitoring the equipment running state of the corresponding network equipment by the first network safety monitoring equipment.
4. The network security operation and maintenance association analysis method according to claim 1, wherein the step of determining device association information among the plurality of network devices, and analyzing the network security degree of the network device corresponding to each of the first network security monitoring devices based on the device association information and the first device operating state information to obtain the network security degree of the network device corresponding to each of the first network security monitoring devices comprises:
for each first network safety monitoring device, determining a network device corresponding to the first network safety monitoring device as a corresponding first network device;
determining device association information among the plurality of first network devices, and analyzing the network security degree of the first network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the first network device corresponding to each first network security monitoring device.
5. The network security operation and maintenance association analysis method according to claim 4, wherein the step of determining device association information among the plurality of first network devices, and analyzing the network security degree of the first network device corresponding to each of the first network security monitoring devices based on the device association information and the first device operating state information to obtain the network security degree of the first network device corresponding to each of the first network security monitoring devices comprises:
for every two first network devices in the plurality of first network devices, respectively acquiring device application scene information of the two first network devices, calculating similarity between the device application scene information of the two first network devices to obtain application scene similarity between the two first network devices, and determining device association information between the two first network devices based on the application scene similarity between the two first network devices, wherein the device association information and the application scene similarity have a positive correlation;
for each two first network devices in the plurality of first network devices, calculating similarity between the running state information of the first devices corresponding to the two first network devices to obtain the running state similarity between the two first network devices;
for each two first network devices in the plurality of first network devices, calculating a matching degree between the application scene similarity between the two first network devices and the operation state similarity between the two first network devices, respectively determining a relative size relationship between the matching degree between the first network device and each other first network device and a matching degree threshold value configured whether or not, and regarding each other first network device with the matching degree greater than the matching degree threshold value as a matching first network device corresponding to the first network device;
and counting the number of the matched first network devices corresponding to each first network device to obtain the counted number of the matched devices corresponding to the first network device, and determining the network security degree of the first network device based on the counted number of the matched devices, wherein the network security degree and the counted number of the matched devices have positive correlation.
6. The network security operation and maintenance association analysis method according to claim 5, wherein the step of calculating, for each two first network devices of the plurality of first network devices, a similarity between the first device operation state information corresponding to the two first network devices to obtain an operation state similarity between the two first network devices includes:
for each first network device in the plurality of first network devices, sequencing the other devices based on the access sequence of each other device in the first device running state information corresponding to the first network device to obtain a device sequencing sequence corresponding to the first network device;
and for each two first network devices in the plurality of first network devices, obtaining the operation state similarity between the two first network devices based on the similarity between the device sequencing sequences corresponding to the two first network devices.
7. The network security operation and maintenance association analysis method according to any one of claims 1 to 6, wherein the step of respectively obtaining the device operation state information of each of the plurality of network security monitoring devices, and analyzing the device operation state of the corresponding network security monitoring device based on each piece of the device operation state information to obtain the device operation state abnormality degree of the corresponding network security monitoring device comprises:
respectively obtaining equipment running state information of each network safety monitoring equipment in the plurality of network safety monitoring equipment to obtain a plurality of pieces of equipment running state information corresponding to the plurality of network safety monitoring equipment, wherein the equipment running state information is used for representing the running state of the corresponding network safety monitoring equipment in the process of monitoring the corresponding network equipment;
classifying the running state information of the plurality of pieces of equipment to obtain at least one state information classification set corresponding to the running state information of the plurality of pieces of equipment;
and analyzing the equipment running state of the corresponding network safety monitoring equipment based on the running state information of each piece of equipment included in the state information classification set aiming at each state information classification set in the at least one state information classification set to obtain the equipment running state abnormal degree of the network safety monitoring equipment corresponding to the running state information of each piece of equipment included in the state information classification set.
8. The utility model provides a network security operation and maintenance correlation analytic system which characterized in that is applied to network security monitoring server, network security monitoring server communication connection has a plurality of network security monitoring equipment, a plurality of network security monitoring equipment are used for monitoring the equipment running state of each network equipment in a plurality of network equipment that correspond respectively, network security operation and maintenance correlation analytic system includes:
the network safety monitoring device comprises a running state analysis module, a monitoring module and a monitoring module, wherein the running state analysis module is used for respectively acquiring device running state information of each network safety monitoring device in the network safety monitoring devices, analyzing the device running state of the corresponding network safety monitoring device based on each piece of device running state information and obtaining the abnormal degree of the device running state of the corresponding network safety monitoring device, and the device running state information is used for representing the running state of the corresponding network safety monitoring device in the monitoring process of the corresponding network safety monitoring device;
the network safety monitoring system comprises a running state acquisition module, a monitoring module and a monitoring module, wherein the running state acquisition module is used for determining each network safety monitoring device of which the corresponding device running state abnormity degree meets the preset device running state condition as a first network safety monitoring device, and acquiring first device running state information obtained by monitoring the device running state of the corresponding network device by each first network safety monitoring device, wherein the first device running state information is access record information formed by device access of other devices to the network device;
and the network security analysis module is used for determining the device association information among the plurality of network devices, and analyzing the network security degree of the network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the network device corresponding to each first network security monitoring device.
9. The network security operation and maintenance association analysis system of claim 8, wherein the operation state acquisition module is specifically configured to:
for each network safety monitoring device in the plurality of network safety monitoring devices, determining a relative size relationship between the device operation state abnormality degree corresponding to the network safety monitoring device and a pre-configured device operation state abnormality degree threshold;
for each network safety monitoring device in the plurality of network safety monitoring devices, if the device running state abnormity degree corresponding to the network safety monitoring device is smaller than or equal to the device running state abnormity degree threshold value, determining the network safety monitoring device as a first network safety monitoring device;
and for each first network safety monitoring device, acquiring first device running state information obtained by monitoring the device running state of the network device corresponding to the first network safety monitoring device by the first network safety monitoring device.
10. The network security operation and maintenance association analysis system of claim 8, wherein the network security analysis module is specifically configured to:
for each first network security monitoring device, determining a network device corresponding to the first network security monitoring device as a corresponding first network device;
determining device association information among the plurality of first network devices, and analyzing the network security degree of the first network device corresponding to each first network security monitoring device based on the device association information and the first device running state information to obtain the network security degree of the first network device corresponding to each first network security monitoring device.
CN202210336998.7A 2022-03-31 2022-03-31 Network security operation and maintenance association analysis method and system Withdrawn CN114928467A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210336998.7A CN114928467A (en) 2022-03-31 2022-03-31 Network security operation and maintenance association analysis method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210336998.7A CN114928467A (en) 2022-03-31 2022-03-31 Network security operation and maintenance association analysis method and system

Publications (1)

Publication Number Publication Date
CN114928467A true CN114928467A (en) 2022-08-19

Family

ID=82804919

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210336998.7A Withdrawn CN114928467A (en) 2022-03-31 2022-03-31 Network security operation and maintenance association analysis method and system

Country Status (1)

Country Link
CN (1) CN114928467A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116614319A (en) * 2023-07-20 2023-08-18 河北神玥软件科技股份有限公司 Network security control method based on big data and artificial intelligence

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116614319A (en) * 2023-07-20 2023-08-18 河北神玥软件科技股份有限公司 Network security control method based on big data and artificial intelligence
CN116614319B (en) * 2023-07-20 2023-10-03 河北神玥软件科技股份有限公司 Network security control method based on big data and artificial intelligence

Similar Documents

Publication Publication Date Title
CN113176978A (en) Monitoring method, system and device based on log file and readable storage medium
CN109918279B (en) Electronic device, method for identifying abnormal operation of user based on log data and storage medium
CN114511026A (en) Fault diagnosis method and device, terminal equipment and storage medium
CN111507483A (en) Rework board detection apparatus, method, and computer-readable storage medium
CN113656255A (en) Operation abnormity judgment method based on chip operation data
CN114140712A (en) Automatic image recognition and distribution system and method
CN113569965A (en) User behavior analysis method and system based on Internet of things
CN114928467A (en) Network security operation and maintenance association analysis method and system
CN114726571A (en) Network security early warning management platform and method
CN114285612B (en) Method, system, device, equipment and medium for detecting abnormal data
CN111555899A (en) Alarm rule configuration method, equipment state monitoring method, device and storage medium
CN118074625A (en) Equipment fault detection method, device, equipment and storage medium
CN118210677A (en) Server performance evaluation method and device, electronic equipment and storage medium
CN115098548B (en) Data decision method, system and cloud platform
CN115439261A (en) Risk rule extraction method and risk rule extraction system
CN114928468A (en) Network security sensing method and system
CN115333770A (en) Network security risk monitoring system and method for electric power system
CN115330140A (en) Building risk prediction method based on data mining and prediction system thereof
CN111651503B (en) Power distribution network data anomaly identification method and system and terminal equipment
CN115457467A (en) Building quality hidden danger positioning method and system based on data mining
CN113533891A (en) Fault diagnosis system and device
CN113625092A (en) Electronic component performance data detection method
CN113804235A (en) Environment detection method and system
CN113609111A (en) Big data testing method and system
CN113672469A (en) Associated chip operation control method and system based on abnormal operation of chip

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20220819

WW01 Invention patent application withdrawn after publication