摘要
随着企业的网络和业务系统越来越开放与多样化,企业内网所面临的安全威胁也越来越严峻。而传统的安全设备由于检测维度少,规则更新慢等原因无法应对新的安全威胁。本文提出了一种基于大数据和人工智能的企业内网安全分析的方法,通过对网络数据和安全设备日志等数据的自学习、告警关联,并结合专家知识,可以有效检测新的安全威胁。同时,该方案可以针对具体的设备和用户进行细粒度的分析,给出更加细致的安全告警。
With the opening and diversification of enterprise network and business system,the security threats faced by intranet are becoming more and more serious.However,the traditional security devices can not cope with new security threats because of the fewer detection dimensions and the slow update of rules.This paper presents a method of Intranet Security Analysis Based on large data and artificial intelligence.By self-learning and Alarm Association of network data and security device log data,and combining with expert knowledge,new security threats can be effectively detected.At the same time,the scheme can be specific to the equipment and users for fine-grained analysis,give a more detailed security warning.
出处
《信息技术与信息化》
2018年第8期112-114,共3页
Information Technology and Informatization
关键词
内网安全
机器学习
用户实体行为分析
intranet security
machine learning
user entity behavior analysis
