CN111934976A - Network security monitoring method, client and system based on instant messaging - Google Patents

Network security monitoring method, client and system based on instant messaging Download PDF

Info

Publication number
CN111934976A
CN111934976A CN202010481306.9A CN202010481306A CN111934976A CN 111934976 A CN111934976 A CN 111934976A CN 202010481306 A CN202010481306 A CN 202010481306A CN 111934976 A CN111934976 A CN 111934976A
Authority
CN
China
Prior art keywords
network
network equipment
information
user
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010481306.9A
Other languages
Chinese (zh)
Inventor
杨腾霄
马宇尘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Niudun Technology Co ltd
Original Assignee
Shanghai Niudun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Niudun Technology Co ltd filed Critical Shanghai Niudun Technology Co ltd
Priority to CN202010481306.9A priority Critical patent/CN111934976A/en
Publication of CN111934976A publication Critical patent/CN111934976A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • H04L51/046Interoperability with other network applications or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/185Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/044Network management architectures or arrangements comprising hierarchical management structures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/18Delegation of network management function, e.g. customer network management [CNM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a network security monitoring method, a client and a system based on instant messaging, and relates to the technical field of network information security. The network security monitoring method comprises the following steps: establishing a contact corresponding to a target object in an instant messaging tool based on the target object, wherein the target object is associated with one or more network devices; acquiring triggering operation of a user aiming at the contact person, and outputting a communication interaction interface corresponding to the contact person, wherein network equipment information related to the contact person is displayed in the communication interaction interface; and acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface, and outputting the monitoring data information of the corresponding network equipment. The invention provides the acquisition interface of the monitoring data information through the communication interaction interface of the contact by utilizing the contact function in the communication tool, has simple operation and high communication efficiency, and improves the user experience.

Description

Network security monitoring method, client and system based on instant messaging
Technical Field
The invention relates to the technical field of network information security, in particular to a network security monitoring method, a client and a system based on instant messaging.
Background
Along with the generation and development of the internet, the security problem of the internet is increasingly highlighted, and hackers can easily utilize security holes of some internet intelligent devices to make the internet intelligent devices become new tools of traditional network attacks. The network security monitoring has the functions of monitoring the activities of a network or a host in real time, monitoring and analyzing the behaviors of a user and the system, auditing the configuration and the vulnerability of the system, evaluating the integrity of a sensitive system and data, identifying attack behaviors, counting and tracking abnormal behaviors, identifying behaviors violating security regulations, recording hacker behaviors by using a cheating server and the like, so that an administrator (network manager) can effectively monitor, control and evaluate the network or the host system.
Network devices (including components in network devices) are physical entities connected to a network, and a wide variety of common network devices typically include: computers (whether personal computers or servers), hubs, switches, bridges, routers, gateways, Network Interface Cards (NICs), Wireless Access Points (WAPs), printers and modems, fiber optic transceivers, and the like. The security monitoring of the current network device is generally based on a special monitoring platform (monitoring center), and the monitoring of the network device is performed by establishing a data system and sharing information through a centralized monitoring management system. However, since the models and brands of the network devices purchased by the enterprise have diversity, the international standards established by equipment manufacturers are not unified, and the compatibility of the source devices in the network is hindered due to various aspects such as the personalized requirements of the enterprise, the configuration and maintenance of the monitoring platform cannot be followed up in time, and the most common misconfiguration and unsynchronized upgrade of bug patches can become great potential safety hazards.
Based on the above problems, some computer data security monitoring systems are provided in the prior art to perform real-time monitoring and management on device data, specifically: on one hand, different acquisition modes are designed by the collectors such as the active detector, the crawler engine and the client probe according to different equipment types to realize data acquisition, and then data information acquired by the collectors is transmitted to the data analysis module to be analyzed; on the other hand, the security login module is arranged to verify the identity of the administrator, for example, an iris recognition login system is adopted for login of the administrator, so that illegal personnel are prevented from logging in the management system, and the security of data management is improved. However, in the above security monitoring system, because the amount of monitoring data is large and the network environment is complex, the operation of acquiring the monitoring data information of the concerned device by professionals at other posts without administrator identities is complicated, and it may take a long time to find the monitoring data of the concerned device due to the lack of professional knowledge and the incompletion of the monitoring system; on the other hand, when there are many network devices and the network environment is complex, a plurality of administrators may need to be set to manage the network devices in different sub-areas, and considering the importance and confidentiality requirements of data in different sub-areas, each administrator can only see the monitoring data information of the network device in charge of the administrator, and it is difficult to know the information of the upstream network device or the downstream network device related to the network device in charge of the administrator, which may cause that the maintenance of the security monitoring system cannot follow up in time.
Disclosure of Invention
The invention aims to provide a network security monitoring method, a client and a system based on instant messaging, and the invention has the advantages that: the communication interaction interface of the contact person in the communication tool is used for providing the acquisition interface of the monitoring data information, so that a user can conveniently and quickly acquire the network equipment information and the corresponding monitoring data information through the instant communication tool, interaction of the monitoring information between the display information of the user based on the communication interaction interface and related personnel is facilitated, the operation is simple, the communication efficiency is high, and the user experience is improved.
In order to achieve the above object, the present invention provides the following technical solutions:
a network security monitoring method based on instant messaging comprises the following steps:
establishing a contact corresponding to a target object in an instant messaging tool based on the target object, wherein the target object is associated with one or more network devices;
acquiring triggering operation of a user aiming at the contact person, and outputting a communication interaction interface corresponding to the contact person, wherein network equipment information related to the contact person is displayed in the communication interaction interface;
and acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface, and outputting the monitoring data information of the corresponding network equipment.
Further, acquiring communication interactive content of the user and the contact, identifying network equipment information related in the communication interactive content, identifying related network equipment on the communication interactive interface, and/or acquiring real-time monitoring data output display of the related network equipment.
And further, judging whether the network equipment displayed in the communication interaction interface belongs to the cooperative management equipment, acquiring information of other objects participating in cooperative management when judging that the network equipment belongs to the cooperative management equipment, and establishing a contact group together with the contact person based on the instant communication identification number of the other objects.
Further, according to the network equipment selected by the user, outputting an equipment interaction interface corresponding to the network equipment, wherein the equipment interaction interface is independent of the communication interaction interface, and the user can perform communication interaction with the contact through the equipment interaction interface;
a plurality of device interactive interfaces which are in one-to-one correspondence are arranged corresponding to the plurality of network devices, and the monitoring data information of each network device is output in the corresponding device interactive interface.
Preferably, the geographical location information of the network device is acquired, a network device map based on the contact is established, trigger items of each network device associated with the contact are displayed in the network device map based on the actual geographical location of the network device, and the device interaction interface of the network device can be output when the trigger items are triggered.
Further, the target object is a network manager of the network device, a digital code corresponding to the network manager is displayed on the network device or in an area near the network device, and the digital code is associated with communication account information of the network manager;
acquiring operation information of the digital code identified by a user through an instant messaging tool, and sending a contact person adding request carrying the communication account information to a server;
and after receiving the response of successful addition fed back by the server, establishing a contact corresponding to the network management personnel in the instant messaging tool.
Further, a plurality of device management levels are preset corresponding to the network device, the level number of the device management level of the network device selected by the user is obtained, the network device information output of the upper device management level to which the network device belongs is obtained, whether a person in charge of the network device of the upper device management level is the target object is judged, and if the person in charge of the network device of the upper device management level is judged to be the target object, the monitoring data information of the network device of the upper device management level is obtained and output together corresponding to the monitoring data information of the network device selected by the user.
The invention also provides a network security monitoring client based on instant messaging, which comprises an instant messaging module and:
the device comprises an initialization module, a contact list generation module and a communication module, wherein the initialization module is used for establishing a contact corresponding to a target object in the contact list, and the target object is associated with one or more network devices;
the information acquisition module is used for acquiring the triggering operation of a user aiming at the contact person and outputting a communication interaction interface corresponding to the contact person, wherein the communication interaction interface displays the information of the network equipment related to the contact person;
and the interface management module is used for acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface and outputting the monitoring data information of the corresponding network equipment.
The invention also provides a network security monitoring system based on instant messaging, which comprises the following structure:
the monitoring center is used for monitoring one or more network devices and generating monitoring data information, the network devices are associated with managers, and the associated network device information and the monitoring data information can be acquired through the accounts of the managers;
the user terminal is used for establishing a contact person corresponding to the target object through an instant messaging tool on the user terminal based on the target object, acquiring the trigger operation of a user aiming at the contact person, and outputting a communication interaction interface corresponding to the contact person;
a system server connecting the user terminal and the monitoring center, the system server being configured to,
judging whether a contact person triggered by a user is associated with network equipment or not, and acquiring associated network equipment information according to a manager account of the contact person and displaying the associated network equipment information in the communication interaction interface when the contact person triggered by the user is associated with the network equipment; and acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface, and outputting the monitoring data information of the corresponding network equipment.
The monitoring center further comprises a monitoring robot which is arranged corresponding to the network equipment, and the monitoring robot can actively stimulate the corresponding network equipment to acquire monitoring data information according to a triggering operation instruction of the network equipment in the communication interaction interface and transmit the acquired monitoring data information to the system server.
Due to the adoption of the technical scheme, compared with the prior art, the invention has the following advantages and positive effects as examples: the method has the advantages that the function of the contact person commonly arranged in the communication tool is utilized, the acquisition interface of the monitoring data information is provided through the communication interaction interface of the contact person, the user can conveniently and quickly acquire the network equipment information and the corresponding monitoring data information through the instant communication tool, the interaction of the monitoring information between the display information of the user based on the communication interaction interface and related personnel is facilitated, the operation is simple, the communication efficiency is high, and the user experience is improved. Furthermore, an equipment interaction interface can be generated based on the associated network equipment, so that a user can conveniently communicate with an administrator aiming at the concerned network equipment, and the communication efficiency is improved; furthermore, a chat group convenient for communication and communication can be established for the network equipment under cooperative management, so that an administrator of the network equipment can know the association relationship of the upstream network equipment or the downstream network equipment of the network equipment in charge of the administrator, and the follow-up efficiency and the cooperativity of system maintenance can be improved conveniently.
Drawings
Fig. 1 is a flowchart of a network security monitoring method based on instant messaging according to an embodiment of the present invention.
Fig. 2 to fig. 4 are diagrams illustrating an operation example of acquiring monitoring data information through a contact according to an embodiment of the present invention.
Fig. 5 is an exemplary diagram of an interface of an interactive interface of a device provided in an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of a network security monitoring client according to an embodiment of the present invention.
Fig. 7 is a schematic structural diagram of a network security monitoring system according to an embodiment of the present invention.
Description of reference numerals:
a user terminal 100, a user avatar 110, a contact list 120, contacts 130;
a communication interactive interface 200, a conversation contact person display area 210, an interactive information input column 220, an interactive information display column 230, an interactive tool column 240, a network equipment information display column 250 and a monitoring data display interface 290;
a device interaction interface 300, a conversation contact display area 310, a device display area 320, a device monitoring data display area 330, an interaction information input field 340, and an interaction information display field 350;
the client 400, the initialization module 410, the information acquisition module 420 and the interface management module 430;
system 500, monitoring center 510, user terminal 520, system server 530.
Detailed Description
The network security monitoring method, client and system based on instant messaging disclosed by the invention are further described in detail with reference to the accompanying drawings and specific embodiments. It should be noted that technical features or combinations of technical features described in the following embodiments should not be considered as being isolated, and they may be combined with each other to achieve better technical effects. In the drawings of the embodiments described below, the same reference numerals appearing in the respective drawings denote the same features or components, and may be applied to different embodiments. Thus, once an item is defined in one drawing, it need not be further discussed in subsequent drawings.
It should be noted that the structures, proportions, sizes, and other dimensions shown in the drawings and described in the specification are only for the purpose of understanding and reading the present disclosure, and are not intended to limit the scope of the invention, which is defined by the claims, and any modifications of the structures, changes in the proportions and adjustments of the sizes and other dimensions, should be construed as falling within the scope of the invention unless the function and objectives of the invention are affected. The scope of the preferred embodiments of the present invention includes additional implementations in which functions may be executed out of order from that described or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present invention.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate. In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
Examples
Referring to fig. 1, a network security monitoring method based on instant messaging according to an embodiment of the present invention is shown. The method comprises the following steps:
s100, establishing a contact corresponding to a target object in the instant messaging tool based on the target object, wherein the target object is associated with one or more network devices.
The Instant Messaging tool (IM) is also called Instant Messaging tool, and generally refers to a client with Instant Messaging function in the art. By way of example and not limitation, the instant messenger may be a web application, a PC application, or a handheld APP application.
The method for establishing the contact corresponding to the object in the instant messaging tool can be that a user actively edits through the address book function of the instant messaging tool and stores the contact and the basic information of the target object. The address book usually includes a contact list, the contact list is generally maintained by the user, the contact information in the contact list at least includes two parts, one part is the contact identification recorded by the user, the contact identification can be name, nickname, code number, etc.; the other part is the contact way of the contact person, and the contact way is an instant communication signal, such as a QQ number, a micro signal, a mobile phone number and the like; the basic information may include, but is not limited to, a user name, a nickname, an attribute, address information, and the like.
The method for establishing the contact corresponding to the object in the instant messaging tool can also be a method for receiving an invitation or actively searching, for example, a user receives a friend adding message sent by a target object, or the user actively searches an instant messaging signal of the target object and then adds the target object as a friend; after the friend is added successfully, the contact corresponding to the object is established in the communication tool of the user.
In this embodiment, preferably, the target object is a network administrator of the network device, and a digital code corresponding to the network administrator is displayed on the network device or in an area near the network device, where the digital code is associated with communication account information of the network administrator;
acquiring operation information of the digital code identified by a user through an instant messaging tool, and sending a contact person adding request carrying the communication account information to a server;
and after receiving the response of successful addition fed back by the server, establishing a contact corresponding to the network management personnel in the instant messaging tool.
The digital code is preferably a two-dimensional code or a bar code.
The network device associated with the network management personnel is a plurality of network devices which are responsible for management.
The association relationship (or called corresponding relationship) between the contact and the network device can be set by a user, for example, the user makes a mapping information table of the network management and the network device and stores the mapping information table in the system server; or by reading a mapping information table of preset network managers and network devices in the associated monitoring system; the contact person can also set a mapping information table of the network management and the network equipment and upload the mapping information table to a system server so as to be convenient for the user in the system to obtain and use.
S200, collecting the trigger operation of the user aiming at the contact person, and outputting a communication interaction interface corresponding to the contact person, wherein the information of the network equipment related to the contact person is displayed in the communication interaction interface.
The user establishes the connection between the instant communication client and the instant communication server by logging in the instant communication tool. The instant communication tool outputs a user main interface to the user through a display screen of the user terminal. Referring to fig. 2, the user main interface may display the contact list and the group list information pushed by the instant messaging server. By way of example and not limitation, the contact list records friend information such as head portraits, nicknames, signatures, online states, session messages, sequencing and the like of friends; the group list records group member information such as head images, nicknames, signatures, online states, session messages, and rankings of the groups. If the user triggers an interactive operation, which is commonly used, for a certain contact in the contact list and/or a certain group in the group list, for example, clicks and triggers a corresponding contact avatar and group avatar, a communication interactive interface is correspondingly generated.
The communication interactive interface is used for displaying historical interactive information, current interactive information and the like. Taking the instant messaging tool QQ as an example, when the user triggers the avatar of the contact Mary associated with the network device in the contact list, the display screen pops up the communication interaction interface 200 corresponding to the contact, as shown in fig. 3, a conversation contact display area 210, an interaction information input field 220, an interaction information display field 230 and an interaction toolbar 240 are displayed in the interface.
In this embodiment, the communication interface 200 further includes a network device information display bar 250. The network device information display column 250 displays a plurality of pieces of network device information which the contact Mary is responsible for managing. Specifically, the network device for managing by the contact Mary comprises a three-layer switch, and 3 two-layer switches, personal computers, notebooks, printers, cameras and other network devices corresponding to an office area, a financial area and a server area.
Preferably, in the network device information display section 250, in order to allow the user to visually recognize the location layout of the network devices and the management device of the contact, the connection relationships of the plurality of network devices are displayed in a tree structure, and the name, model, connection relationship, and the like of each network device are briefly described.
S300, acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface, and outputting the monitoring data information of the corresponding network equipment.
The user may select a network device to be viewed in the network device information display bar 250 to obtain the monitoring data information of the network device. By way of example and not limitation, for example, if the user clicks a second-layer switch in the office area in the network device information display bar 250 with a mouse or a finger, the monitoring data information output of the network device is obtained.
The mode of outputting the monitoring data information of the network device may be based on window area output of the communication interface 200, for example, a sub-area is divided in the communication interface 200 to output the monitoring data information of the selected device, or a new independent interface is popped up to output the monitoring data information, which is shown in the monitoring data display interface 290 shown in fig. 4.
The monitoring data information, in this embodiment, may include traffic monitoring information of the network device, such as monitoring, recording, and performing time-sharing statistics on traffic of the network device, such as a router and a switch. Meanwhile, the method also comprises the step of monitoring the packet loss of the network equipment, so that a user can master the packet loss condition of each port at any time, and further, a threshold value can be set for alarming to remind the user when packet loss occurs. The monitoring software may provide other monitoring service functions such as temperature monitoring of the CPU, disk, graphics card, etc. supporting the sensor.
By way of example and not limitation, taking a server as an example, typical monitoring data information may include CPU utilization monitoring, memory monitoring, load monitoring, network card traffic monitoring, process monitoring, and PING monitoring, and any SHELL custom project monitoring may also be set as needed. Specifically, the CPU utilization monitoring data may include a total CPU utilization of the server, and a utilization of each CPU in the multiple CPUs; the memory monitoring may include physical memory usage monitoring, physical memory available size monitoring; the load monitoring may include 1 minute average load, 5 minute average load, 15 minute average load; the network card flow monitoring may include network card flow monitoring, packet loss monitoring, and error monitoring. The process monitoring can be used for monitoring information such as memory usage, CPU usage, whether the process is started or not and the like of the process; the PING monitoring can be used to monitor whether the server is PING ready at any time.
Preferably, a threshold alarm and a multi-level alarm can be set on the communication interactive interface for the monitored object. The alarm information can be sent to the associated user in the forms of instant messaging messages, mails, short messages and the like.
In another implementation of this embodiment, the communication interactive content may also be identified, and the network device related to the chat information between the user and the contact may be identified on the communication interactive interface, so that the user and the contact may view the information and the operation information of the network device in question intuitively.
Specifically, the communication interactive content between the user and the contact is obtained, the information of the network equipment involved in the communication interactive content is identified through semantic analysis, and the involved network equipment is identified on the communication interactive interface. Furthermore, real-time monitoring data output display of related network equipment can be obtained.
The semantic analysis is to identify and process chat content (communication interactive content) to obtain semantics so as to obtain related network device information, such as name, model, number, network address, and the like of the network device. By way of example and not limitation, existing semantic analysis methods may generally include the following steps: segmenting the sentences to obtain M words; respectively carrying out semantic role labeling on the M words, and searching and positioning predicates in the sentences; and marking the assignor and the receiver of the predicate to obtain the semantics of the sentence. In the present embodiment, it is considered that when a sentence includes a plurality of pieces of information, since only the assignor and the recipient of the predicate are labeled to determine the semantics of the sentence, other important information in the sentence cannot be labeled, and information is easily lost. Moreover, when the sentence is a spoken sentence, the predicate in the sentence may not be found in the semantic analysis process. The semantic analysis can be performed as follows:
first, the text information of the chat is segmented. The method comprises the following steps of performing voice recognition on user input voice by adopting an HTK/ATK tool; the speech recognition method may also be used to perform speech recognition on the user input speech in a non-human-specific speech recognition manner, which is not limited herein.
Then, obtaining L words through word segmentation, wherein L is more than or equal to 1; respectively acquiring the characteristics of the L words; and respectively determining the information content contained in the L words according to the characteristics, and selecting at least one word containing more information content from the L words as a central word. By way of example and not limitation, when the user input information is a chinese language, a chinese word segmentation system, such as ICTCLAS, may be used to segment a text corresponding to the user input speech; when the user inputs the speech in other languages, the word segmentation system corresponding to the language can be used for word segmentation, which is not described herein again. The characteristics of the words can reflect the specific part of speech, representative meaning and other named entity characteristics of the words. Such as, by way of example and not limitation, device name, model number, network address.
Then, respectively taking the central words as centers to make windows, and determining context words of the central words; matching the context words with a semantic model obtained by pre-training to obtain a matching result; and analyzing semantics according to the matching result.
In this embodiment, it may also be determined whether the network device displayed in the communication interaction interface belongs to the cooperative management device, and when it is determined that the network device belongs to the cooperative management device, information of other objects participating in the cooperative management is obtained, and a contact group is established together with the contact based on the instant communication identification number of the other objects.
For example, but not by way of limitation, the three-layer switch is further connected with a two-layer switch of a laboratory area and an research area, and a person responsible for network device management of the laboratory area and the research area is lie four, and the three-layer switch belongs to a cooperative management device of Mary and lie four (the Mary and the lie four participate in the management of the three-layer switch at the same time). If the user needs to view the complete monitoring data information of the switch three times, Mary and Liqun are needed to provide help at the same time. Therefore, when the network equipment selected by the user is judged to belong to the cooperative management equipment, the information of other objects participating in cooperative management is obtained, and the contact group is established together with the contact person on the basis of the instant communication identification number of the other objects. Specifically, for example, an instant messaging login number (for example, QQ, may be a QQ number of Mary and lie four) of Mary and lie four is obtained to establish a contact group (that is, a chat group), where the contact group includes a group member user authus, a network management Mary, and a network management lie four. The contact group is used as an equipment interaction group and is an interaction group at least having an instant messaging interaction function, network equipment information related to network management Mary and network management Li can be displayed in a corresponding group interaction interface, a display column of the network equipment information can be the same as the network equipment information display column 250 in the figure 3, and only the network equipment information of the network management Mary and the network management Li is displayed at the same time. When the network equipment information is displayed, the corresponding network equipment information can be displayed in a subarea mode aiming at different contact persons, and the network management information can also be displayed in the same area but marked by a dotted line frame or other marks.
Preferably, a dormant state is set for the contact group, and when a group member does not publish a message or chat in the group within a preset time range, such as 1 day, the contact group can be converted from an active state to the dormant state. Further, if the time that the contact group is in the dormant state exceeds a preset time threshold (for example, 1 month), the contact group is dismissed, and the group members of the contact group exit the group, and the group no longer exists.
In another implementation manner of this embodiment, a device interaction interface corresponding to the network device may be further output according to the network device selected by the user, the device interaction interface is independent of the setting of the communication interaction interface, and the user may perform communication interaction with the contact through the device interaction interface.
A plurality of device interactive interfaces which are in one-to-one correspondence are arranged corresponding to the plurality of network devices, and the monitoring data information of each network device is output in the corresponding device interactive interface. By way of example and not limitation, if a user triggers 3 network devices in the network devices managed by the network management Mary, 3 device interaction interfaces are generated. The 3 equipment interaction interfaces are set independently from the communication interaction interface 200, and a user can perform communication interaction with the network management Mary through the equipment interaction interfaces and can also visually acquire monitoring data information of corresponding network equipment.
Preferably, in order to facilitate the user to manage and view the device interactive interface, a combined device interactive interface is generated for the network manager and the multiple device interactive interfaces. Referring to fig. 5, the device interactive interface 300 is a combined device interactive interface corresponding to 3 network devices, and includes: a conversation contact display area 310-such as the head portrait of webmaster Mary, a device display area 320, a device monitoring data display area 330, an interactive information input field 340, and an interactive information display field 350.
The device display area 320 is used for displaying basic information of the network devices, including but not limited to names, models, numbers, network addresses, and the like, the number of the device display area 320 is adapted to the number of the network devices, 3 network devices correspond to 3 device display areas 320, and a user can close a device interactive interface that does not need to be discussed again through a window closing option on the device display area 320 side.
The device monitoring data display area 330 is used for displaying monitoring data information of corresponding network devices.
By adopting the combined equipment interactive interface, a user can efficiently communicate with a network manager aiming at the network equipment.
Further, the geographical position information of each network device can be acquired, a network device map based on the contact can be established, trigger items of each network device related to the contact are displayed in the network device map based on the actual geographical position of the network device, and the device interaction interface of the network device can be output when the trigger items are triggered. Thus, the user can conveniently look up and browse.
Preferably, the device interaction interface includes a function key for the network device, and the function key corresponds to a control instruction for the network device; and when any function key is triggered, triggering the network equipment to execute a corresponding control instruction.
In another embodiment of this embodiment, multiple device management levels may be preset in correspondence to the network device, the number of levels of the device management level of the network device selected by the user is obtained, the network device information output of the upper device management level to which the network device belongs is obtained, whether a person in charge of the network device of the upper device management level is the target object is determined, and if the person in charge of the network device of the upper device management level is determined to be the target object, the monitoring data information of the network device of the upper device management level is obtained and output together with the monitoring data information of the network device selected by the user. If the person in charge of the network device at the upper device management level is not the target object and the target object does not have the data monitoring authority of the upper network device, the user can contact the administrator of the upper network device to obtain the relevant data information.
For example, without limitation, a 4-level device management hierarchy is preset corresponding to the network device, and the hierarchy is 1 level, 2 level, 3 level, and 4 level in sequence, where the 4 th level is the highest level, which represents the most important and highest data security requirement, one or more 3-level network devices may be included below the 4-level network device, one or more 2-level network devices may be included below the 3-level network device, and so on. Taking the Mary managed network device in fig. 3 as an example, for example, the three-layer switch belongs to a 3-level network device, the 3 lower two-layer switches belong to a 2-level network device, and the network device at the upper device management level to which the two-layer switches belong is the three-layer switch. Because the three-layer switch also belongs to the network equipment which is responsible for management by Mary, when the monitoring data information of the two-layer switch in the office area is output, the monitoring data information of the three-layer switch can be output together. Therefore, the operation information of the network equipment can be conveniently analyzed by the user according to the connection relation of the network equipment.
Referring to fig. 6, a network security monitoring client based on instant messaging is provided as another embodiment of the present invention.
The network security monitoring client 400 includes an instant messaging module capable of performing instant messaging, an initialization module 410, an information collection module 420, and an interface management module 430.
The initialization module is used for establishing a contact person corresponding to a target object in a contact person list, and the target object is associated with one or more network devices.
The information acquisition module is used for acquiring the trigger operation of the user aiming at the contact person and outputting a communication interaction interface corresponding to the contact person, and the information of the network equipment related to the contact person is displayed in the communication interaction interface.
The interface management module is used for acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface and outputting the monitoring data information of the corresponding network equipment.
In this embodiment, the interface management module is configured to: and outputting an equipment interaction interface corresponding to the network equipment according to the network equipment selected by the user, wherein the equipment interaction interface is independent of the communication interaction interface, and the user can perform communication interaction with the contact through the equipment interaction interface.
A plurality of device interactive interfaces which are in one-to-one correspondence are arranged corresponding to the plurality of network devices, and the monitoring data information of each network device is output in the corresponding device interactive interface. By way of example and not limitation, if a user triggers 3 network devices in the network devices managed by the network management Mary, 3 device interaction interfaces are generated. The 3 equipment interaction interfaces are independent of the communication interaction interface, a user can perform communication interaction with the network management Mary through the equipment interaction interfaces, and monitoring data information of corresponding network equipment can be visually acquired.
Preferably, to facilitate user management and viewing of the device interaction interface, the interface management module is configured to: and generating a combined equipment interactive interface aiming at the network management and the multiple equipment interactive interfaces. Specifically, the combined device interactive interface may include: and a conversation contact person display area, such as a head portrait of a webmaster Mary, an equipment display area, an equipment monitoring data display area, an interactive information input field and an interactive information display field. The device display area is used for displaying basic information of the network devices, including but not limited to names, models, numbers, network addresses and the like, the number of the device display area is adapted to the number of the network devices, 3 network devices correspond to 3 device display areas, and a user can close a device interactive interface which does not need to be discussed again through a window closing option at the side of the device display area. The equipment monitoring data display area is used for displaying monitoring data information of corresponding network equipment. By adopting the combined equipment interactive interface, a user can efficiently communicate with a network manager aiming at the network equipment.
Further, the information acquisition module can also acquire the geographic position information of each network device and send the geographic position information to the interface management module, and the interface management module can establish a network device map based on the contact according to the received information. And displaying trigger items of each network device related to the contact person in the network device map based on the actual geographic position of the network device, wherein when the trigger items are triggered, a device interaction interface of the network device can be output. Thus, the user can conveniently look up and browse.
Preferably, the device interaction interface may further include a function key for the network device, where the function key corresponds to a control instruction for the network device; and when any function key is triggered, triggering the network equipment to execute a corresponding control instruction.
In this embodiment, the interface management module is further configured to: and acquiring the grade of the equipment management grade of the network equipment selected by a user corresponding to the preset multistage equipment management grade of the network equipment, acquiring the information output of the network equipment of the upper-stage equipment management grade to which the network equipment belongs, judging whether a person in charge of the network equipment of the upper-stage equipment management grade is the target object or not, and acquiring the monitoring data information of the network equipment of the upper-stage equipment management grade and outputting the monitoring data information of the network equipment corresponding to the network equipment selected by the user when the person in charge of the network equipment of the upper-stage equipment management grade is judged to be the target object. If the person in charge of the network device at the upper device management level is not the target object and the target object does not have the data monitoring authority of the upper network device, the user can contact the administrator of the upper network device to obtain the relevant data information.
For example, without limitation, a 4-level device management hierarchy is preset corresponding to the network device, and the hierarchy is 1 level, 2 level, 3 level, and 4 level in sequence, where the 4 th level is the highest level, which represents the most important and highest data security requirement, one or more 3-level network devices may be included below the 4-level network device, one or more 2-level network devices may be included below the 3-level network device, and so on. Taking the Mary managed network device in fig. 3 as an example, for example, the three-layer switch belongs to a 3-level network device, the 3 lower two-layer switches belong to a 2-level network device, and the network device at the upper device management level to which the two-layer switches belong is the three-layer switch. Because the three-layer switch also belongs to the network equipment which is responsible for management by Mary, when the monitoring data information of the two-layer switch in the office area is output, the monitoring data information of the three-layer switch can be output together. Therefore, the operation information of the network equipment can be conveniently analyzed by the user according to the connection relation of the network equipment.
Other technical features are referred to in the previous embodiments and will not be described herein
Referring to fig. 7, a network security monitoring system based on instant messaging is provided as another embodiment of the present invention.
The system 500 includes a monitoring center 510, a user terminal 520, and a system server 530 connecting the user terminal and the monitoring center.
The monitoring center 510 is configured to monitor one or more network devices and generate monitoring data information, where the network devices are associated with managers, and the associated network device information and monitoring data information can be obtained through a manager account;
the user terminal 520 is configured to establish a contact corresponding to a target object through an instant messaging tool on the user terminal based on the target object, collect a trigger operation of a user for the contact, and output a communication interaction interface corresponding to the contact;
the illustrated system server 530 is configured to: judging whether a contact person triggered by a user is associated with network equipment or not, and acquiring associated network equipment information according to a manager account of the contact person and displaying the associated network equipment information in the communication interaction interface when the contact person triggered by the user is associated with the network equipment; and acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface, and outputting the monitoring data information of the corresponding network equipment.
In this embodiment, the monitoring center further includes a monitoring robot configured to correspond to the network device, and the monitoring robot can actively excite the corresponding network device to acquire monitoring data information according to a trigger operation instruction of the network device in the communication interaction interface, and transmit the acquired monitoring data information to the system server.
Other technical features are referred to in the previous embodiments and are not described herein.
In the foregoing description, the disclosure of the present invention is not intended to limit itself to these aspects. Rather, the various components may be selectively and operatively combined in any number within the intended scope of the present disclosure. In addition, terms like "comprising," "including," and "having" should be interpreted as inclusive or open-ended, rather than exclusive or closed-ended, by default, unless explicitly defined to the contrary. All technical, scientific, or other terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs unless defined otherwise. Common terms found in dictionaries should not be interpreted too ideally or too realistically in the context of related art documents unless the present disclosure expressly limits them to that. Any changes and modifications of the present invention based on the above disclosure will be within the scope of the appended claims.

Claims (10)

1. A network security monitoring method based on instant messaging is characterized by comprising the following steps:
establishing a contact corresponding to a target object in an instant messaging tool based on the target object, wherein the target object is associated with one or more network devices;
acquiring triggering operation of a user aiming at the contact person, and outputting a communication interaction interface corresponding to the contact person, wherein network equipment information related to the contact person is displayed in the communication interaction interface;
and acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface, and outputting the monitoring data information of the corresponding network equipment.
2. The network security monitoring method of claim 1, wherein: the method comprises the steps of obtaining communication interactive contents of a user and the contact, identifying information of network equipment related to the communication interactive contents, identifying the related network equipment on the communication interactive interface, and/or obtaining real-time monitoring data output display of the related network equipment.
3. The network security monitoring method of claim 1, wherein: judging whether the network equipment displayed in the communication interaction interface belongs to the cooperative management equipment, acquiring information of other objects participating in cooperative management when judging that the network equipment belongs to the cooperative management equipment, and establishing contact groups together with the contact persons based on the instant communication identification numbers of the other objects.
4. The network security monitoring method of claim 1, wherein: outputting an equipment interaction interface corresponding to the network equipment according to the network equipment selected by the user, wherein the equipment interaction interface is independent of the communication interaction interface, and the user can perform communication interaction with the contact through the equipment interaction interface;
a plurality of device interactive interfaces which are in one-to-one correspondence are arranged corresponding to the plurality of network devices, and the monitoring data information of each network device is output in the corresponding device interactive interface.
5. The network security monitoring method of claim 4, wherein: acquiring the geographic position information of the network equipment, establishing a network equipment map based on the contact person, displaying trigger items of each network equipment related to the contact person in the network equipment map based on the actual geographic position of the network equipment, and outputting an equipment interaction interface of the network equipment when the trigger items are triggered.
6. The network security monitoring method of claim 1, wherein: the target object is a network manager of the network equipment, a digital code corresponding to the network manager is displayed on the network equipment or in an area near the network equipment, and the digital code is associated with communication account information of the network manager;
acquiring operation information of the digital code identified by a user through an instant messaging tool, and sending a contact person adding request carrying the communication account information to a server;
and after receiving the response of successful addition fed back by the server, establishing a contact corresponding to the network management personnel in the instant messaging tool.
7. The network security monitoring method of claim 1, wherein: and if the result is yes, acquiring the monitoring data information of the network equipment of the previous equipment management level and outputting the monitoring data information corresponding to the monitoring data information of the network equipment selected by the user.
8. A network security monitoring client based on instant messaging comprises an instant messaging module, and is characterized by further comprising:
the device comprises an initialization module, a contact list generation module and a communication module, wherein the initialization module is used for establishing a contact corresponding to a target object in the contact list, and the target object is associated with one or more network devices;
the information acquisition module is used for acquiring the triggering operation of a user aiming at the contact person and outputting a communication interaction interface corresponding to the contact person, wherein the communication interaction interface displays the information of the network equipment related to the contact person;
and the interface management module is used for acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface and outputting the monitoring data information of the corresponding network equipment.
9. A network security monitoring system based on instant messaging is characterized by comprising:
the monitoring center is used for monitoring one or more network devices and generating monitoring data information, the network devices are associated with managers, and the associated network device information and the monitoring data information can be acquired through the accounts of the managers;
the user terminal is used for establishing a contact person corresponding to the target object through an instant messaging tool on the user terminal based on the target object, acquiring the trigger operation of a user aiming at the contact person, and outputting a communication interaction interface corresponding to the contact person;
a system server connecting the user terminal and the monitoring center, the system server being configured to,
judging whether a contact person triggered by a user is associated with network equipment or not, and acquiring associated network equipment information according to a manager account of the contact person and displaying the associated network equipment information in the communication interaction interface when the contact person triggered by the user is associated with the network equipment; and acquiring the selection operation of the user on the network equipment displayed in the communication interactive interface, and outputting the monitoring data information of the corresponding network equipment.
10. The network security monitoring system of claim 9, wherein: the monitoring center also comprises a monitoring robot which is arranged corresponding to the network equipment, and the monitoring robot can actively stimulate the corresponding network equipment to acquire monitoring data information according to a triggering operation instruction of the network equipment in the communication interaction interface and transmit the acquired monitoring data information to the system server.
CN202010481306.9A 2020-05-31 2020-05-31 Network security monitoring method, client and system based on instant messaging Withdrawn CN111934976A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010481306.9A CN111934976A (en) 2020-05-31 2020-05-31 Network security monitoring method, client and system based on instant messaging

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010481306.9A CN111934976A (en) 2020-05-31 2020-05-31 Network security monitoring method, client and system based on instant messaging

Publications (1)

Publication Number Publication Date
CN111934976A true CN111934976A (en) 2020-11-13

Family

ID=73317872

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010481306.9A Withdrawn CN111934976A (en) 2020-05-31 2020-05-31 Network security monitoring method, client and system based on instant messaging

Country Status (1)

Country Link
CN (1) CN111934976A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532491A (en) * 2020-12-02 2021-03-19 中国农业银行股份有限公司 Network equipment detection method and related device
CN112968827A (en) * 2021-03-23 2021-06-15 上海纽盾科技股份有限公司 Intelligent communication method and client in network security level protection
CN112995019A (en) * 2021-03-23 2021-06-18 上海纽盾科技股份有限公司 Method for displaying network security situation awareness information and client
CN112995196A (en) * 2021-03-23 2021-06-18 上海纽盾科技股份有限公司 Method and system for processing situation awareness information in network security level protection
CN113055390A (en) * 2021-03-23 2021-06-29 上海纽盾科技股份有限公司 Intelligent processing method and device for information in network security level protection
CN113411247A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 AR-combined visual security test method and visual test system
CN113630400A (en) * 2021-07-28 2021-11-09 上海纽盾科技股份有限公司 Communication method, device and system for joint attack prevention in network security
CN113645122A (en) * 2021-08-02 2021-11-12 深圳派富知识产权投资咨询有限公司 Innovative data monitoring method, client and system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532491A (en) * 2020-12-02 2021-03-19 中国农业银行股份有限公司 Network equipment detection method and related device
CN112968827A (en) * 2021-03-23 2021-06-15 上海纽盾科技股份有限公司 Intelligent communication method and client in network security level protection
CN112995019A (en) * 2021-03-23 2021-06-18 上海纽盾科技股份有限公司 Method for displaying network security situation awareness information and client
CN112995196A (en) * 2021-03-23 2021-06-18 上海纽盾科技股份有限公司 Method and system for processing situation awareness information in network security level protection
CN113055390A (en) * 2021-03-23 2021-06-29 上海纽盾科技股份有限公司 Intelligent processing method and device for information in network security level protection
CN112968827B (en) * 2021-03-23 2022-12-23 上海纽盾科技股份有限公司 Intelligent communication method and client in network security level protection
CN113411247A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 AR-combined visual security test method and visual test system
CN113411247B (en) * 2021-05-07 2024-03-08 上海纽盾科技股份有限公司 AR-combined visual security test method and visual test system
CN113630400A (en) * 2021-07-28 2021-11-09 上海纽盾科技股份有限公司 Communication method, device and system for joint attack prevention in network security
CN113645122A (en) * 2021-08-02 2021-11-12 深圳派富知识产权投资咨询有限公司 Innovative data monitoring method, client and system

Similar Documents

Publication Publication Date Title
CN111917708B (en) Multi-target cooperative network security monitoring method, client and system
CN111934976A (en) Network security monitoring method, client and system based on instant messaging
US10797976B2 (en) System and methods for facilitating object assignments
CN111935066B (en) Method, client and system for security level protection management
CN112995196B (en) Method and system for processing situation awareness information in network security level protection
US7631046B2 (en) Method and apparatus for lawful interception of web based messaging communication
CN112152871B (en) Artificial intelligence test method, device and system for network security equipment
US9330378B2 (en) Management and synchronization of related electronic communications
EP3336776B1 (en) Method and system for classifying user processes and providing security clearance
CN112350923B (en) Session message display method and device, computer equipment and storage medium
US20130013706A1 (en) Method for determining interpersonal relationship influence information using textual content from interpersonal interactions
CN112134787A (en) Communication method, client and system in network security level protection
US20110137884A1 (en) Techniques for automatically integrating search features within an application
CN113656123B (en) Information evaluation method, device and system for equal-protection evaluation
CN114124861A (en) Message group sending method and device, computer equipment and storage medium
US20190095421A1 (en) Cognitive entity reference recognition
CN109962974B (en) Blessing information processing method, device, medium and equipment in enterprise application
CN114866434B (en) Network asset security assessment method and application
US8353008B2 (en) Authentication detection
US11102151B1 (en) Automated chat agent for abbreviation definitions
CN113411199A (en) Safety test method and system for intelligent equal-protection evaluation
CN112995019B (en) Method for displaying network security situation awareness information and client
CN110019270A (en) Information updating method and its device, terminal, server, readable storage medium storing program for executing
CN113657849B (en) Iso-insurance assessment information processing method, device and system
CN114124873B (en) Account abnormity processing method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20201113

WW01 Invention patent application withdrawn after publication