Shulou(Shulou.com)06/02 Report--

I. background

Intelligent terminals, mobile applications, social networks and the Internet of things provide rich materials for social goal analysis, thus setting off a new upsurge of social goal analysis.

Each goal in the society does not exist alone, and there is a complex and dynamic network relationship between goals and goals, between events and events, and between goals and events.

For social goal analysis, we need an analysis method that can measure and aggregate statistics after dimensional analysis of the data.

The dimension is the point of view of things, comprehensive consideration of multi-dimensional factors, can more clearly understand the nature of things.

2. Key technologies to be used

Distributed data acquisition technology

Named entity recognition technology

Fusion sorting technology

III. Network situation Awareness

What is situational awareness:

"under certain time and space conditions, the acquisition and understanding of environmental factors and the prediction of the future state."

Network situation Awareness: "in a large-scale network environment, obtain, understand, display and predict recent development trends of security elements that can cause changes in the network situation."

The capability building of network situational awareness includes:

Perceptual ability (perception)

Discovery ability (understanding)

Predictive ability (expected)

IV. Threats and risks

What is risk?

Risk refers to the possibility of a certain loss in a particular environment and in a particular period of time.

It usually refers to the general, emphasizing the mission guarantee, emphasizing the uncertainty or loss of future results, focusing on the possibility.

What is a threat?

Threats usually refer specifically to mission security, focus on sources and means that endanger the current task, and pay more attention to reality.

What is behavior?

"an act that is manifested concretely on the basis of personal will." In cyberspace, human behavior is realized through the behavior of the network and even software (or agents), in the virtual world.

Network behavior is the continuation and expansion of human behavior. We regard the software runtime as the main body, and the application, operation or action to the entity depending on its own function is called behavior.

About risks:

As far as we know, there are "known known", some things we know we know, and we also know that there are "known unknown", that is to say, there are some things that we now know we do not know. However, there are also "unknown unknowns"-there are some things we don't know, we don't know.

From a management point of view, risks are divided into three types:

"known / known"-know what risks may occur and have an accurate understanding of the possibility and impact of the risks. (e. G. death of a person)

"known / unknown"-know what risks may occur, but do not understand the possibility and impact of risks. (e. G. machine failure)

"unknown / unknown"-do not know what risks may occur, and do not know the possibility of the risks and the seriousness of the impact (for example, US President George W. Bush was thrown his shoes during his speech.)

At present, the biggest crisis of network security: do not know what exists in our network, what happened! (blind, blind)

How to deal with it

From the perspective of network security, network security situational awareness should consider:

I known / known: threat-based real-time malicious behavior preprocessing capability (real-time analysis)

II known / unknown: behavior-based quasi-real-time threat detection capability (quasi-real-time analysis)

III unknown / unknown: risk-based multidimensional threat deconstruction capabilities (real-time / quasi-real-time / medium-and long-term analysis)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.