CN-113934593-B - Data monitoring method, device, electronic equipment and computer readable storage medium

Abstract

The invention discloses a data monitoring method, a data monitoring device, electronic equipment and a computer readable storage medium. The method comprises the steps of obtaining a data original message, extracting key data in the data original message, storing the key data in a data set according to a preset hierarchy, receiving abnormal data query operation, determining abnormal data in the data set, and carrying out timing monitoring on the abnormal data. The invention solves the technical problem that the abnormal data is difficult to comprehensively monitor when the abnormal data is monitored in the related technology.

Inventors

• GUO GUANGXIN
• DONG JIAHAN
• REN TIANYU
• WANG XIAOHU
• WANG CHAO
• LI BOWEN
• SHI ENJIE

Assignees

• 国网北京市电力公司
• 国家电网有限公司

Dates

Publication Date

20260508

Application Date

20211012

Claims (7)

1. 1. A method of data monitoring, comprising: acquiring a data original message, wherein the data original message comprises a destination IP, a destination port, a source address, a source port, a data length, a protocol used and encryption information; extracting key data in the data original message, and storing the key data into a data set according to a preset level, wherein the preset level is divided into layers according to a host IP, an operating system, an open port, a protocol, a service and a component; Abnormal data query operation is received, and abnormal data is determined in the data set, wherein the abnormal data query operation comprises query rule instructions, and key data of different layers correspond to different query rule instructions; performing timing monitoring on the abnormal data; The method comprises the steps of extracting key data in an original message of data, and storing the key data in a data set according to a preset hierarchy, wherein the step of comparing the key data with fingerprint database data to determine the preset hierarchy to which the key data belongs; The method comprises the steps of obtaining query data aiming at a target object, determining a preset range of the data original message according to the query data, and obtaining the data original message in the preset range according to a preset period.
2. 2. The method of claim 1, wherein the receiving an abnormal data query operation determines abnormal data in the dataset, comprising: analyzing a query rule instruction in abnormal data query operation; and executing the abnormal data query operation according to the query rule instruction, and determining abnormal data in the data set.
3. 3. The method of claim 1, wherein after the timing monitoring of the anomaly data, further comprising: and screening the abnormal data through a violation test to determine the violation data.
4. 4. A data monitoring device, comprising: the acquisition module is used for acquiring a data original message, wherein the data original message comprises a destination IP, a destination port, a source address, a source port, a data length, a protocol used and encryption information; The extraction module is used for extracting key data in the data original message, and storing the key data into a data set according to a preset level, wherein the preset level is divided into layers according to a host IP, an operating system, an open port, a protocol, a service and a component; The determining module is used for receiving abnormal data query operation and determining abnormal data in the data set, wherein the abnormal data query operation comprises query rule instructions, and key data of different layers correspond to different query rule instructions; the monitoring module is used for monitoring the abnormal data at regular time; The extraction module is further used for comparing the key data with fingerprint database data to determine a preset level to which the key data belong; storing the key data into a data set according to the preset hierarchy, wherein the preset hierarchy is divided according to different types of the key data; The acquisition module is also used for acquiring query data aiming at a target object, determining a preset range of the data original message according to the query data, and acquiring the data original message in the preset range according to a preset period.
5. 5. An electronic device, comprising: A processor; a memory for storing the processor-executable instructions; Wherein the processor is configured to execute the instructions to implement the data monitoring method of any one of claims 1 to 3.
6. 6. A computer readable storage medium, characterized in that instructions in the computer readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the data monitoring method of any one of claims 1 to 3.
7. 7. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the data monitoring method of any one of claims 1 to 3.

Description

Data monitoring method, device, electronic equipment and computer readable storage medium Technical Field The present invention relates to the field of computers, and in particular, to a data monitoring method, apparatus, electronic device, and computer readable storage medium. Background Along with the rapid development of information technology, the informatization degree of domestic enterprises is higher and higher, the dependency degree of enterprises on the information technology is higher and higher, the basic roles of a network and an information system are enhanced and the information security becomes an important means for promoting informatization to go deep and guaranteeing informatization achievement and becomes an important component of enterprise security production. Along with the mutual integration of the Internet, the mobile Internet, the Internet of things and the like, the informatization development of each business link system of domestic enterprises is rapid. The access of mass service systems, mobile terminals and terminals of the internet of things is increasing. The various interconnected and intercommunicated business systems with huge quantity on the Internet form the powerful Internet ecology, the private pull and disordered construction conditions of business systems of various departments and branches of key enterprises are serious, the construction conditions of all business systems are difficult to clearly grasp, the business systems cannot be comprehensively protected, and the attack surface which is illegally exposed on the Internet without regular online processes of the enterprises is formed. Under the new situation that the current novel network security attack means and the 0Day (refers to the vulnerability exploiting program without patches) vulnerability are continuously derived, the enterprise is faced with a great amount of information assets in the internet space, and the working pressure of potential safety hazard investigation and security protection supervision inspection of the enterprise from the system is huge. In view of the above problems, no effective solution has been proposed at present. Disclosure of Invention The embodiment of the invention provides a data monitoring method, a device, electronic equipment and a computer readable storage medium, which are used for at least solving the technical problem that abnormal data are difficult to comprehensively monitor when abnormal data are monitored in the related technology. According to one aspect of the embodiment of the invention, a data monitoring method is provided, which comprises the steps of obtaining a data original message, extracting key data in the data original message, storing the key data in a data set according to a preset hierarchy, receiving an abnormal data query operation, determining abnormal data in the data set, and carrying out timing monitoring on the abnormal data. Optionally, the acquiring the data original message comprises determining a preset range of the data original message and acquiring the data original message in the preset range according to a preset period. Optionally, the determining the predetermined range of the data original message comprises obtaining query data aiming at a target object, and determining the predetermined range of the data original message according to the query data. Optionally, the extracting the key data in the data original message and storing the key data in a data set according to a predetermined hierarchy includes comparing the key data with fingerprint database data to determine the predetermined hierarchy to which the key data belongs, and storing the key data in the data set according to the predetermined hierarchy. Optionally, the step of receiving the abnormal data query operation and determining the abnormal data in the data set comprises the steps of analyzing a query rule instruction in the abnormal data query operation, executing the abnormal data query operation according to the query rule instruction, and determining the abnormal data in the data set. Optionally, after the timing monitoring of the abnormal data, screening the abnormal data through a violation test to determine the violation data. According to one aspect of the embodiment of the invention, a data monitoring device is provided, which comprises an acquisition module, an extraction module, a determination module and a monitoring module, wherein the acquisition module is used for acquiring a data original message, the extraction module is used for extracting key data in the data original message, storing the key data into a data set according to a preset hierarchy, the determination module is used for receiving abnormal data query operation, determining abnormal data in the data set, and the monitoring module is used for carrying out timing monitoring on the abnormal data. According to one aspect of an embodiment of the present invention, there is provided an electronic