阅读说明：本技术 一种基于管廊系统海量数据分析实现入侵检测漏洞实时扫描的方法 (Method for realizing intrusion detection vulnerability real-time scanning based on analysis of mass data of pipe gallery system ) 是由 杜永强 于 2019-11-01 设计创作，主要内容包括：本发明属于入侵检测技术领域,尤其为一种基于管廊系统海量数据分析实现入侵检测漏洞实时扫描的方法,包括以下步骤：S100、获取管廊系统当前的运行参数,根据所述运行参数建立异常入侵行为模型以及与该异常入侵行为模型相对应的危险系数报警级数及应急措施模型；S200、实时监测管廊内各防入侵传感器的状态信息,并将该防入侵传感器采集到的实时数据发送给入侵分析服务器；S300、入侵分析服务器提取所述异常入侵行为模型中的多种异常行为特征。本发明能够对管廊环境及设备进行实时入侵扫描检测,并在数据异常时及时发出报警,能够根据报警环境进行针对性应急措施布防,达到减轻事故危害的目的,极大程度上提高了管廊入侵检测的安全性能。(The invention belongs to the technical field of intrusion detection, and particularly relates to a method for realizing real-time scanning of intrusion detection vulnerabilities based on analysis of mass data of a pipe gallery system, which comprises the following steps: s100, obtaining current operation parameters of the pipe gallery system, and establishing an abnormal intrusion behavior model and a danger coefficient alarm progression and emergency measure model corresponding to the abnormal intrusion behavior model according to the operation parameters; s200, monitoring the state information of each anti-intrusion sensor in the pipe gallery in real time, and sending real-time data acquired by the anti-intrusion sensors to an intrusion analysis server; s300, the intrusion analysis server extracts various abnormal behavior characteristics in the abnormal intrusion behavior model. The invention can carry out real-time intrusion scanning detection on the pipe gallery environment and equipment, timely sends out an alarm when data is abnormal, can carry out targeted emergency measure deployment according to the alarm environment, achieves the purpose of reducing accident hazard, and greatly improves the safety performance of the pipe gallery intrusion detection.)

1. A method for realizing intrusion detection vulnerability real-time scanning based on analysis of mass data of a pipe gallery system is characterized by comprising the following steps: the method comprises the following steps:

s100, obtaining current operation parameters of the pipe gallery system, and establishing an abnormal intrusion behavior model and a danger coefficient alarm progression and emergency measure model corresponding to the abnormal intrusion behavior model according to the operation parameters;

s200, monitoring the state information of each anti-intrusion sensor in the pipe gallery in real time, and sending real-time data acquired by the anti-intrusion sensors to an intrusion analysis server;

s300, the intrusion analysis server extracts various abnormal behavior characteristics in the abnormal intrusion behavior model, performs comparison analysis on the various abnormal behavior characteristics and the received real-time data, and classifies typical intrusion behaviors when intrusion alarm occurs;

s400, the intrusion analysis server extracts alarm series data and corresponding emergency measure data in the danger coefficient alarm series and emergency measure model, compares the data with typical intrusion behaviors classified by the intrusion analysis server for analysis, judges the danger coefficient alarm series corresponding to the typical intrusion behaviors and corresponding emergency measures required to be taken according to the comparison analysis result, and pushes the corresponding alarm information and the corresponding emergency measures required to be taken to the APP.

2. The method for realizing real-time scanning of intrusion detection vulnerabilities based on analysis of mass data of a pipe gallery system according to claim 1, characterized in that: in S100, the abnormal intrusion behavior model includes a plurality of typical abnormal intrusion behavior characteristics, the danger coefficient alarm progression is divided into 4 grades, each grade is calculated by adopting a threshold value, the 4 grades include one or more of the typical abnormal intrusion behavior characteristics, the danger coefficient alarm progression and the emergency measure model include 4 different grades of alarm information corresponding to the 4 grades and 4 corresponding emergency measures corresponding to the 4 different grades of alarm information.

3. The method for realizing real-time scanning of intrusion detection vulnerabilities based on analysis of mass data of a pipe gallery system according to claim 2, characterized in that: the typical abnormal intrusion behavior simulation characteristics comprise typical abnormal intrusion behavior characteristics which occur and are recorded in the case and abnormal intrusion behavior simulation characteristics which are simulated according to the operation parameters of the pipe gallery, and the abnormal intrusion behavior simulation characteristics comprise abnormal behavior characteristics similar to the typical abnormal intrusion behavior characteristics.

4. The method for realizing real-time scanning of intrusion detection vulnerabilities based on analysis of mass data of a pipe gallery system according to claim 1, characterized in that: in S200, the state information of the anti-intrusion sensor comprises three types of equipment normal state, equipment fault state and equipment alarm state, and the intrusion analysis server receives the state information of the anti-intrusion sensor and real-time data acquired by the anti-intrusion sensor in real time.

5. The method for realizing real-time scanning of intrusion detection vulnerabilities based on analysis of mass data of a pipe gallery system according to claim 1, characterized in that: in S300, the intrusion analysis server receives the real-time data collected by the intrusion prevention sensor, completes data storage, extracts multiple abnormal behavior features in the normal intrusion behavior model, performs comparison analysis on the received real-time data according to the multiple abnormal behavior features, matches and searches typical abnormal behavior features or similar abnormal behavior features in the real-time data, and if the abnormal behavior features are matched, performs classification processing on the abnormal behavior features in the real-time data.

6. The method for realizing real-time scanning of intrusion detection vulnerabilities based on analysis of mass data of a pipe gallery system according to claim 1, characterized in that: in S400, the APP is mainly used for sending out fire alarm, entrance guard alarm and intrusion alarm.

Technical Field

The invention relates to the technical field of intrusion detection, in particular to a method for realizing real-time scanning of intrusion detection vulnerabilities based on analysis of mass data of a pipe gallery system.

Background

Pipe gallery, i.e. the corridor of the pipeline. Many of the pipes in chemical and related plants are grouped together and arranged along the outside of the plant or building, typically in the air, supported by supports, in a manner similar to a corridor. There are also a few pipe galleries located underground. The safety precautions of the pipe gallery are particularly important.

Traditional piping lane prevents the invasion mode and supervises piping lane and piping lane equipment through video monitoring, and the invasion monitoring effect is relatively poor, can not in time discover problem and solution problem, can not carry out the emergence of pertinence emergency measure cloth and defense according to the environment of locating, easily leads to the accident.

Disclosure of Invention

Technical problem to be solved

Aiming at the defects of the prior art, the invention provides a method for realizing real-time scanning of intrusion detection leaks based on analysis of mass data of a pipe gallery system, and solves the problems that the traditional pipe gallery intrusion prevention mode is to supervise a pipe gallery and pipe gallery equipment through video monitoring, the intrusion monitoring effect is poor, the problems cannot be found and solved in time, the targeted emergency measures cannot be taken according to the environment, and accidents are easily caused.

(II) technical scheme

In order to achieve the purpose, the invention provides the following technical scheme: a method for realizing intrusion detection vulnerability real-time scanning based on analysis of mass data of a pipe gallery system comprises the following steps:

s100, obtaining current operation parameters of the pipe gallery system, and establishing an abnormal intrusion behavior model and a danger coefficient alarm progression and emergency measure model corresponding to the abnormal intrusion behavior model according to the operation parameters;

s200, monitoring the state information of each anti-intrusion sensor in the pipe gallery in real time, and sending real-time data acquired by the anti-intrusion sensors to an intrusion analysis server;

s300, the intrusion analysis server extracts various abnormal behavior characteristics in the abnormal intrusion behavior model, performs comparison analysis on the various abnormal behavior characteristics and the received real-time data, and classifies typical intrusion behaviors when intrusion alarm occurs;

s400, the intrusion analysis server extracts alarm series data and corresponding emergency measure data in the danger coefficient alarm series and emergency measure model, compares the data with typical intrusion behaviors classified by the intrusion analysis server for analysis, judges the danger coefficient alarm series corresponding to the typical intrusion behaviors and corresponding emergency measures required to be taken according to the comparison analysis result, and pushes the corresponding alarm information and the corresponding emergency measures required to be taken to the APP.

As a preferred technical solution of the present invention, in S100, the abnormal intrusion behavior model includes a plurality of simulated typical abnormal intrusion behavior features, the risk coefficient alarm progression is divided into 4 grades, each grade is calculated by using a threshold, the 4 grades include one or more of the simulated typical abnormal intrusion behavior features, and the risk coefficient alarm progression and emergency measure model includes 4 different-grade alarm messages corresponding to the 4 grades and 4 emergency measures corresponding to the 4 different-grade alarm messages.

As a preferred technical solution of the present invention, the simulated typical abnormal intrusion behavior features include typical abnormal intrusion behavior features that have occurred and are recorded in a case and simulated abnormal intrusion behavior features that are simulated according to the pipe gallery operating parameters, and the simulated abnormal intrusion behavior features include abnormal behavior features similar to the typical abnormal intrusion behavior features.

As a preferred technical solution of the present invention, in S200, the state information of the intrusion sensor includes three types, i.e., a device normal state, a device fault state, and a device alarm state, and the intrusion analysis server receives the state information of the intrusion sensor and real-time data acquired by the intrusion sensor in real time.

As a preferred technical solution of the present invention, in S300, after the intrusion analysis server receives the real-time data collected by the intrusion prevention sensor and completes data storage, the intrusion analysis server extracts a plurality of abnormal behavior features in the normal intrusion behavior model, performs comparison analysis on the received real-time data according to the plurality of abnormal behavior features, matches and searches typical abnormal behavior features or similar abnormal behavior features in the real-time data, and if the received real-time data is matched, classifies the abnormal behavior features in the real-time data.

As a preferred technical solution of the present invention, in S400, the APP is mainly used to send out a fire alarm, an entrance guard alarm, and an intrusion alarm.

(III) advantageous effects

Compared with the prior art, the invention provides a method for realizing real-time scanning of intrusion detection vulnerabilities based on analysis of mass data of a pipe gallery system, which has the following beneficial effects:

the method for realizing real-time scanning of intrusion detection leaks based on analysis of mass data of the pipe gallery system comprises the steps of establishing an abnormal intrusion behavior model and a danger coefficient alarm grade and emergency measure model corresponding to the abnormal intrusion behavior model according to the obtained current operating parameters of the pipe gallery system, detecting real-time data by using an intrusion analysis server, and comparing and analyzing the real-time data with each abnormal behavior feature in the extracted abnormal intrusion behavior model, meanwhile, the alarm series data of the danger coefficient and the alarm series data and the corresponding emergency measure data in the emergency measure model are extracted, the data are compared and analyzed with the typical intrusion behavior classified by the intrusion analysis server, judging the danger coefficient alarm grade corresponding to the typical intrusion behavior and corresponding emergency measures to be taken according to the comparison and analysis result, and pushing the corresponding alarm information and the emergency measures to be taken to the APP; the invention can carry out real-time intrusion scanning detection on the pipe gallery environment and equipment, timely sends out an alarm when data is abnormal, can carry out targeted emergency measure deployment according to the alarm environment, achieves the purpose of reducing accident hazard, and greatly improves the safety performance of the pipe gallery intrusion detection.

Drawings

Fig. 1 is a flowchart of a method for real-time scanning of intrusion detection vulnerabilities of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.