Security risk intellectuality management-control method based on SaaS cloud service patternsTechnical field
The present invention relates to a kind of safety defense system.More particularly, to a kind of safety based on SaaS cloud service patternsRisk intellectuality management-control method.
Background technology
China Internet scale has been the first in the world, and the thing followed is that the concentration attack of network hacker is extorted with huge,Chinese P2P nets borrow the severely afflicated area for turning into network security attacks.According to statistics, by by the end of April, Chinese P2P platforms quantity reachesFamily more than 9000, invest number more than 1,200 ten thousand, loaning bill number more than 9,000,000, mono- month about 250,000,000,000 yuan of exchange hand of P2P.However, mutualWhile explosive growth is presented in networking+market scale, network security situation is but not so good as people's will.Leaked according to the authoritative third party of ChinaHole monitoring platform black clouds net shows that high-risk leak accounts for 56.2%, and middle danger leak accounts for 23.4% to P2P industry leak quantity statisticses,Low danger leak accounts for 12.3%, wherein 8.1% is ignored by manufacturer.Except System Security Vulnerability, the upgrading of assault technology is stillIt is the maximum hidden danger of network security.In order to improve network security, the online defensive product of tradition or system are often selected in visitorFamily end sets a large amount of servers to provide the defence of comprehensive security, but its performance is difficult to ensure that.Meanwhile collect various security functionsWith the traditional human system of defence policies, certainly will can't bear the heavy load under internet+scene of big flow.
The content of the invention
For above-mentioned technical problem, the invention provides a kind of intelligent pipe of security risk based on SaaS cloud service patternsProsecutor method, using the pattern of transparent deployment, without adjusting original business network framework, deployment is simple and convenient.
Security risk intellectuality management-control method of the present invention based on SaaS cloud service patterns sets high in the clouds in service endIntelligent and safe center, and intelligent and safe center arrangement safety detecting system, safety pre-warning system, dynamic security instruction life beyond the cloudsProduction system, threaten information data warehouse and the emergent Expert Resources of safety;
Intelligence defence engine is set in user terminal, the intelligence defence engine performs safe white ring border, traffic characteristic extractionAnd Initiative Defense instruction.
Preferably, the intelligence defence engine includes flow monitoring system, and the flow monitoring system is to web-based historyFlow is learnt automatically, generates network traffic security baseline, hereafter, by the real-time monitoring of network traffics and statistics, knotThe network traffic security baseline that systematic learning obtains is closed, draws traffic security mathematical modeling:
S (t)=Ψ [Δ (t)]=Ψ { Ф [P1 (t), P2 (t) ... Pn (t)]-Ф [P10 (t), P20 (t) ... Pn0(t)]}。
Preferably, the intelligence defence engine also includes safety pre-warning system, and the safety pre-warning system is according toThe default traffic security model resolution threshold value of flow monitoring system, judges whether to safe early warning.
Preferably, the high in the clouds intelligent and safe from time-domain, spatial domain and is patrolled centrally through the three-dimensional defence model of structureCollect domain arrangement safety detecting system, safety pre-warning system, dynamic security instruction production system, threat information data warehouse and peaceEmergent Expert Resources entirely.
Preferably, time-domain refers specifically to security incident according to the timing node of generation being divided into advance, in thing and thingThree phases afterwards, according to the special carry out alignment processing of different phase;Wherein, refer specifically in advance:Quantify the fragility of operation systemProperty and threaten the probability occurred, establish the quantitative management model of operation system risk;Referred specifically in the thing:Start safety detectionThe flow of system of users carries out 7x24 and monitored in real time, starts safety pre-warning system and sends early warning to abnormal behaviour in time, describedDynamic security instruction production system sends instruction activation defence policies in time;It is described to refer specifically to afterwards:Start the emergent expert of safetyResource, destructive result caused by degree network attack are recovered.
Preferably, the spatial domain refers specifically to:Business network is divided into user domain, network domains, computational fields and O&MSupporting domain, integrate the secure data and high in the clouds secure data of the network equipment in each region, safety means, server and storage deviceWarehouse, carry out tactful design and safety detection.
Preferably, the domain logic refers specifically to:Set respectively in Internet, system layer, application layer, data Layer and management levelPut corresponding control operation.
Preferably, the security risk intellectuality management-control method of the present invention based on SaaS cloud service patterns, including, pressThe three-dimensional defence model of framework is disposed beyond the clouds according to time-domain, spatial domain and domain logic;The time-domain is specially by security incidentBy the timing node of generation its life cycle can be divided into advance, in thing, three phases afterwards;The spatial domain refers toBusiness network is divided into user domain, network domains, computational fields and O&M supporting domain;The domain logic refers to defending content to spread all overNetwork, system, application, data and management various aspects.
Preferably, the defence of the spatial domain is included the network equipment in each region, safety means, server and storageThe secure data of equipment is effectively integrated with high in the clouds secure data warehouse, is entered across the physical location of IT assets and network areaThe design of row strategy and safety detection, realize large span, fine-grained Prevention-Security.
Preferably, referred in advance described in the time-domain by systematicness, periodicity and increment risk assessment, entirelyThe threat that face, dynamic are grasped the fragility of operation system and faced, and the probability occurred according to the significance level of fragility, threatQuantified, the quantitative management model of foundation+operation system risk;Monitoring, early warning and defence in real time are focused in thing, for+industryThe risk point of business system makes the overall arrangement for safe practice and control measures, including 7x24 security monitorings, alarm, and activation defence in real timeStrategy;Refer to afterwards when Prevention-Security strategy be not enough to completely prevent hacker attack when, the timely intervention of security expert andEmergency response, recover for destructive result caused by network attack.
Security risk intellectuality management-control method of the present invention based on SaaS cloud service patterns, in order to overcome isolated productOr the limitation of traditional human system security capabilities for security defensive system, it is necessary to configure an intelligence " brain ".This is intelligenceSecurity defensive system is different from the key point of conventional security defense system.By building the intelligent and safe center in high in the clouds, with deploymentIn the security protection engine real-time linkage of new generation of client, merge the white Environmental Technology of safety, flow holographic characteristic extractive technique,The technology such as high in the clouds security threat information and adaptive learning, establish security baseline-abnormality detection-Initiative Defense-adaptive learningIntelligent security defense closed loop, multidimensional, real-time statistical analysis and detection, and generation safety in real time are carried out to user network flowInstruction, the complex attack based on network behavior extremely to detect be hidden in defending against network.This Intelligent Measurement and joint defence technologyIt can detect and defend such as distributed denial of service attack (ddos attack), advanced sustainability attack (APT attacks), zero day to leakThe advanced network attacks such as hole attack (Zero-Day attacks).
In addition, the online defensive product of tradition or a fatal weakness of system are exactly performance issue, collect various security functions andDefence policies, certainly will can't bear the heavy load under internet+scene of big flow.By the intelligent and safe center in high in the clouds this" brain ", high in the clouds is transplanted in the local flow analysis in many traditional human systems or product and the work of safety detection,The processing pressure of near-field devices is liberated.
It is this to be detected by the monitoring in real time of high in the clouds 7x24 safe conditions and attack, with intimidation defense platform real-time linkageIntelligent security defense system, can be can be described as with automatic detection, dynamic security, adaptive learning without enterprise's manual interventionOne of intelligent and safe technical field attempts well.This deployment framework supports SaaS i.e. service (Security as a safelyService cloud business model), the safety means expensive without enterprise's purchase, has very high ratio between safety input and output, enterpriseDisposable input can be controlled with pay-for-use.
Brief description of the drawings
Fig. 1 is that the three-dimensional security of the present invention defends the structural representation of model;
Fig. 2 is that the layout of the security risk intellectuality management-control method of the present invention based on SaaS cloud service patterns is illustratedFigure.
Embodiment
The present invention is described in further detail below, to make those skilled in the art being capable of evidence with reference to specification wordTo implement.
It should be appreciated that such as " having ", "comprising" and " comprising " term used herein do not allot one or moreThe presence or addition of individual other elements or its combination.
As shown in Fig. 2 the security risk intellectuality management-control method of the present invention based on SaaS cloud service patterns is servicingEnd sets high in the clouds intelligent and safe center, and intelligent and safe center arrangement safety detecting system, safety pre-warning system, dynamic beyond the cloudsDefence instruction production system, threaten information data warehouse and the emergent Expert Resources of safety;
Intelligence defence engine is set in user terminal, the intelligence defence engine performs safe white ring border, traffic characteristic extractionAnd Initiative Defense instruction.
In one of the embodiments, the intelligence defence engine includes flow monitoring system, the flow monitoring systemWeb-based history flow is learnt automatically, network traffic security baseline is generated, hereafter, passes through the real-time monitoring to network trafficsAnd statistics, the network traffic security baseline obtained with reference to systematic learning, draw traffic security mathematical modeling:
S (t)=Ψ [Δ (t)]=Ψ { Ф [P1 (t), P2 (t) ... Pn (t)]-Ф [P10 (t), P20 (t) ... Pn0(t)]}。
The flow monitoring system is by the study to history safe traffic data, a large amount of streams based on key risk objectDozens of behavior safety indices P of the data calculating including " connection number ", " packet rate ", " the newly-built speed of session " etc. is measured,And customer service white ring border (need to combine user information safety strategy and business characteristic is built) is combined, establish a traffic securityBaseline T0, and continuous intelligence learning and dynamic adjustment are carried out according to time t and data on flows, form adaptive traffic securityBaseline:
T0 (t)=Ф [P10 (t), P20 (t) ... Pn0 (t)]
In real network, any attack all along with certain exception of network traffic, such as seldom byThe serve port used is opened access, the abnormal reverse flow of server data, the abnormal big ups and downs of user's connection suddenlyEtc., these can inherently be showed by our behavior safety indices P extremely, be pacified by behavior safety index with itReal-time comparison between full baseline, can generate network security behavior abnormal index Δ (t):
Δ (t)=T (t)-T0 (t)
It is weighted between network security behavior abnormal index according to logical interdependency, just builds a systematicnessTraffic security model S:
S (t)=Ψ [Δ (t)]=Ψ { Ф [P1 (t), P2 (t) ... Pn (t)]-Ф [P10 (t), P20 (t) ... Pn0(t)]}
In one of the embodiments, the intelligence defence engine also includes safety pre-warning system, the safe early warning systemSystem makes a decision threshold value according to the default traffic security model of the flow monitoring system, judges whether to safe early warning.
In one of the embodiments, the high in the clouds intelligent and safe is centrally through the three-dimensional defence model of structure, from time-domain,Spatial domain and domain logic arrangement safety detecting system, safety pre-warning system, dynamic security instruction production system, threat information dataWarehouse and the emergent Expert Resources of safety.
In one of the embodiments, time-domain refer specifically to by security incident according to the timing node of generation be divided into advance,In thing and afterwards three phases, according to the special carry out alignment processing of different phase;Wherein, refer specifically in advance:Quantization businessThe fragility of system and the probability for threatening generation, establish the quantitative management model of operation system risk;Referred specifically in the thing:OpenDynamic safety detecting system carries out 7x24 to the flow of user and monitored in real time, starts safety pre-warning system and abnormal behaviour is sent in timeEarly warning, the dynamic security instruction production system send instruction activation defence policies in time;It is described to refer specifically to afterwards:Start safetyEmergent Expert Resources, destructive result caused by degree network attack are recovered.
In one of the embodiments, the spatial domain refers specifically to:Business network is divided into user domain, network domains, meterDomain and O&M supporting domain are calculated, integrates the secure data and cloud of the network equipment in each region, safety means, server and storage deviceSecure data warehouse is held, carries out tactful design and safety detection.
In one of the embodiments, the domain logic refers specifically to:In Internet, system layer, application layer, data Layer and pipeReason layer sets corresponding control operation respectively.
As shown in figure 1, a kind of security risk intellectuality management-control method based on SaaS cloud service patterns of the present invention, itsIt is characterised by, including, the three-dimensional defence model of framework is disposed beyond the clouds according to time-domain, spatial domain and domain logic;The time-domainSpecially by security incident by the timing node of generation its life cycle can be divided into advance, in thing, three phases afterwards;InstituteState spatial domain and refer to and business network is divided into user domain, network domains, computational fields and O&M supporting domain;The domain logic refers toBe defence content spread all over network, system, application, data and management various aspects.
Security incident by the timing node of generation its life cycle can be divided into advance, in thing, three phases afterwards.ThingBefore focus on prevention, by systematicness, periodicity and increment risk assessment, come comprehensively, dynamic grasp operation system fragility andThe threat faced, and according to the significance level of fragility (can by by attack after to the influence degree of operation system comeMetering), threaten the probability etc. occurred to be quantified, the quantitative management model of foundation+operation system risk, and combine safety plusGu, optimization, the measure such as backup, and thing neutralizes the convergence for realizing risk of safety measure and controllable afterwards;Focused in thingMonitoring, early warning and defence in real time, safe practice and control measures, including 7x24 are made the overall arrangement for for the risk point of+operation systemSecurity monitoring, alarm, and defence policies are activated in real time;" mending the fold after the sheep is lost, be still not evening " is equally applicable to security defensive system and setMeter, existing Prevention-Security strategy is not enough to prevent completely during the attack of hacker, it is necessary to the timely intervention of security expert and sound of meeting an urgent needShould, for destructive result caused by network attack, such as system is delayed, and machine, file are distorted, leaking data is recovered.
In spatial domain, business network is divided into user domain (can be subdivided into external user domain, internal user domain), net by usNetwork domain (access network domains, core network domain can be subdivided into), computational fields and O&M supporting domain, the network equipment in each region, safetyThe secure data of equipment, server and storage device and the high in the clouds secure data warehouse (peace of collection, storage and analysis strange land equipmentTotal evidence) effectively integrated, tactful design and safety detection are carried out across the physical location of IT assets and network area, is realizedLarge span, fine-grained Prevention-Security.
In domain logic, as it was noted above, the defence content of security defensive system spreads all over network, system, application, data and pipeThe various aspects such as reason, Redundancy Design, access control and connection control etc. in violation of rules and regulations of Internet, the leak reparation of system layer, safetyReinforcing and authentication mandate etc., leak reparation, the management of Web safety lifecycles and the ddos attack defence of application layer etc., numberAccording to the encryption of layer, access control, anti-leak etc., and the strategy of management level, audit and operation management etc..
Although embodiment of the present invention is disclosed as above, it is not restricted in specification and embodiment listedWith it can be applied to various suitable the field of the invention completely, can be easily for those skilled in the artOther modification is realized, therefore under the universal limited without departing substantially from claim and equivalency range, it is of the invention and unlimitedIn specific details and shown here as the legend with description.