An application system change monitoring device based on multi-dimensional information association

A technology of application system and multi-dimensional information, applied in the field of application system change monitoring device

Inactive Publication Date: 2019-04-26
COMP APPL RES INST CHINA ACAD OF ENG PHYSICS
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, while the application system continues to be popular, the security threats it faces are also increasing day by day, especially for APT attacks by some military and government units or illegal operations by privileged personnel. It is difficult to effectively find anomalies and trace the source of evidence with current technical means
[0003] The traditional monitoring method only judges the change of the file by collecting a single information, and the focus is on capturing the action of the change operation and outputting relevant operation information

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An application system change monitoring device based on multi-dimensional information association
  • An application system change monitoring device based on multi-dimensional information association
  • An application system change monitoring device based on multi-dimensional information association

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0022] figure 1 It is a structural block diagram of the application system change monitoring device based on multi-dimensional information association of the present invention, from figure 1 can be seen in.

[0023] In the structural block diagram of the present invention, the automatic update unit 101 is used for monitoring agent software upgrades and monitoring strategy updates, and obtains relevant files from the server side through regular query. The self-protection unit 102 protects the installation directory and running process of the monitoring agent to prevent illegal modification by other processes. The real-time monitoring unit 103 is used to monitor the source file of the application system, and record the operation result if the file changes. The correlation analysis unit 104 collects the information of the current account, operation process, and network communication after the real-time monitoring unit finds that the system source file has changed, and outputs a...

Embodiment 2

[0025] figure 2 It is a flow chart of the method for using the application system change monitoring device based on multi-dimensional information association of the present invention, and the flow of the application system change monitoring method based on multi-dimensional information association of the present invention includes the following steps:

[0026] Step 201: Start the update and protection program, and monitor in real time whether the agent is started and needs to be updated.

[0027] Step 202: In step 201, if the monitoring agent is not started, then perform step 205; if the monitoring agent is started, regularly monitor the startup status.

[0028] Step 203: In step 201, if there is a file to be updated, then execute step 204; if there is no file to be updated, then periodically check the update situation.

[0029] Step 204: Close the agent and suspend the monitoring agent to start, download the update file, and execute step 205 after the update is completed. ...

Embodiment 3

[0039] image 3 For adopting the device of the present invention to carry out the flowchart of multi-dimensional information correlation analysis, from image 3 It can be seen from the figure that the flow of the present invention for multi-dimensional information association analysis includes

[0040] Step 301: Execute the monitoring of the status of the file, including adding, opening, reading, renaming, modifying, deleting, etc. of the file;

[0041] Step 302: Determine whether the status of the file has changed, if so, execute step 303, otherwise execute step 301;

[0042] Step 303: If the status of the file changes, obtain the current account information;

[0043] Step 304: Determine whether the current account is an unauthorized account, if it is an unauthorized account, go to step 305, otherwise go to step 306;

[0044] Step 305: Generate warning information and increase the warning level;

[0045] Step 306: Obtain information about the process currently operating o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an application system change monitoring method based on multidimensional information association. The method comprises the following steps realized by: A, an automatic updating unit; B, a self-protection unit; C, a real-time monitoring unit; D, a correlation analyzing unit; E, a data communication unit; F, a data processing unit; G, a result presentation unit and H, a monitoring management unit. Through adoption of the method of the present invention, the safety state of an application system can be effectively monitored, and alarm can be given to illegal behaviors to help administrators to carry out traceability evidence obtaining on safety events.

Description

technical field [0001] The invention belongs to the technical field of network security monitoring, and in particular relates to an application system change monitoring device based on multidimensional information association. Background technique [0002] With the continuous development of information technology, enterprises use application systems to complete information collection, management, and disposal in more and more aspects. However, while the application system continues to be popularized, the security threats it faces are also increasing day by day, especially for APT attacks by some military and government units or illegal operations by privileged personnel. It is difficult to effectively find anomalies and trace the source of evidence with current technical means. [0003] The traditional monitoring method only judges the change of the file by collecting a single piece of information, and the focus is on capturing the action of the change operation and outputti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24H04L12/26
CPCH04L41/069H04L43/08H04L63/20
Inventor 付云生殷明勇苏靖峰刘渊杨润陈志文胡腾
Owner COMP APPL RES INST CHINA ACAD OF ENG PHYSICS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap