CN113132359A - Network security data information detection method - Google Patents
Network security data information detection method Download PDFInfo
- Publication number
- CN113132359A CN113132359A CN202110337796.XA CN202110337796A CN113132359A CN 113132359 A CN113132359 A CN 113132359A CN 202110337796 A CN202110337796 A CN 202110337796A CN 113132359 A CN113132359 A CN 113132359A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- malicious
- data information
- detected
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for detecting network security data information, which comprises the following steps: obtaining a network security data sample and a malicious data sample through historical network data; acquiring network data information to be detected, and storing the acquired network data information to be detected into a data queue; processing the network data information to be detected, and extracting characteristics of the network data information; and matching the obtained network data information characteristics with the network security data sample and the malicious data sample, and judging that the network data information is security data if the network data information characteristics are successfully matched with the network security data sample. The method judges the network data to be detected through the machine learning model, has high processing speed, can filter out most invalid data in advance, can improve the judging efficiency, can actively discover malicious network data and limit the source of the malicious data.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a network security data information detection method.
Background
The rapid development of computer technology brings great convenience to information dissemination, but at the same time, people also face huge information security challenges. As information security issues become increasingly prominent, hackers may launch attacks on networks, for example, to steal confidential information on the network.
In the conventional technology, the network attack event is mainly detected by collecting a public blacklist IP, and if the IP of the current network data packet is detected to be the public blacklist IP, the network data packet is determined to be an abnormal network data packet, and the network attack event is determined to occur. However, the number of the IPs on the network is very large, and the published blacklisted IPs only include a part of the IPs used by hackers, which is easy to miss, thereby causing low detection accuracy of abnormal network packets and low detection efficiency of abnormal network packets.
Disclosure of Invention
Based on the technical problems in the background art, the invention provides a network security data information detection method.
The invention provides a method for detecting network security data information, which comprises the following steps:
s1, obtaining a network security data sample and a malicious data sample through historical network data;
s2, acquiring network data information to be detected, and storing the acquired network data information to be detected into a data queue;
s3, processing the network data information to be detected, and extracting characteristics of the network data information;
s4, matching the obtained network data information characteristics with the network security data sample and the malicious data sample, if the network data information characteristics are successfully matched with the network security data sample, judging that the network data information is security data, and if the network data information characteristics are successfully matched with the malicious data sample, judging that the network data is malicious data;
s5 stores the determined security data and malicious data and transmits them to the database.
Preferably, in step S1, the historical network data is obtained, the feature data of the historical network data is extracted, and the feature data of the historical network data is classified to obtain the security data sample and the malicious data sample.
Preferably, in the step S1, the secure data sample and the malicious data sample are selected, and a machine learning model is established according to the feature data of the secure data sample and the malicious data sample.
Preferably, the step S4 transmits the obtained network data information features to a machine learning model, and matches the network security data samples and the malicious data samples.
Preferably, after the step of acquiring the network data to be detected in step S2, the method further includes: acquiring a network address of a terminal corresponding to network data to be detected; counting the frequency of the network data to be detected sent by the terminal corresponding to the acquired network address; and when the frequency is greater than the preset frequency, adding the network data to be detected into the blacklist library.
Preferably, when the network data is determined to be malicious data in step S4, a blocking data packet is obtained, and the blocking data packet is sent to the receiver corresponding to the network data packet to be detected, so that the receiver stops establishing communication connection with the sender corresponding to the network data packet to be detected.
Preferably, the step S4 periodically counts the success rate of matching the network data information features with the network security data samples and the malicious data samples; and filtering the safe data samples and the malicious data samples with the matching success rate smaller than a preset threshold value.
Preferably, the acquiring network data includes: and acquiring network data through the sensitive URL, or acquiring the network data when the flow abnormity is monitored.
According to the network security data information detection method, the network data to be detected is judged through the machine learning model, the processing speed is high, most invalid data can be filtered in advance, the judgment efficiency can be improved, meanwhile, malicious network data can be actively discovered, and the source of the malicious data is limited.
Drawings
Fig. 1 is a flowchart of a method for detecting network security data information according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1, a method for detecting network security data information includes the following steps:
s1, obtaining a network security data sample and a malicious data sample through historical network data;
s2, acquiring network data information to be detected, and storing the acquired network data information to be detected into a data queue;
s3, processing the network data information to be detected, and extracting characteristics of the network data information;
s4, matching the obtained network data information characteristics with the network security data sample and the malicious data sample, if the network data information characteristics are successfully matched with the network security data sample, judging that the network data information is security data, and if the network data information characteristics are successfully matched with the malicious data sample, judging that the network data is malicious data;
s5 stores the determined security data and malicious data and transmits them to the database.
In the present invention, step S1 obtains historical network data, extracts feature data of the historical network data, and classifies the feature data of the historical network data to obtain a security data sample and a malicious data sample.
In the present invention, in step S1, a security data sample and a malicious data sample are selected, and a machine learning model is established according to the feature data of the security data sample and the malicious data sample.
In the present invention, the step S4 transmits the obtained network data information features to the machine learning model, and matches the network data information features with the network security data samples and the malicious data samples.
In the present invention, after the step of acquiring the network data to be detected in step S2, the method further includes: acquiring a network address of a terminal corresponding to network data to be detected; counting the frequency of the network data to be detected sent by the terminal corresponding to the acquired network address; and when the frequency is greater than the preset frequency, adding the network data to be detected into the blacklist library.
In the present invention, when the step S4 determines that the network data is malicious data, the blocking data packet is obtained, and the blocking data packet is sent to the receiver corresponding to the network data packet to be detected, so that the receiver stops establishing communication connection with the sender corresponding to the network data packet to be detected.
In the invention, the step S4 regularly counts the success rate of matching the network data information characteristics with the network security data sample and the malicious data sample; and filtering the safe data samples and the malicious data samples with the matching success rate smaller than a preset threshold value.
In the present invention, the acquiring network data includes: and acquiring network data through the sensitive URL, or acquiring the network data when the flow abnormity is monitored.
The invention comprises the following steps: obtaining a network security data sample and a malicious data sample through historical network data; acquiring network data information to be detected, and storing the acquired network data information to be detected into a data queue; processing the network data information to be detected, and extracting characteristics of the network data information; matching the obtained network data information characteristics with a network security data sample and a malicious data sample, judging that the network data information is security data if the network data information characteristics are successfully matched with the network security data sample, and judging that the network data is malicious data if the network data information characteristics are successfully matched with the malicious data sample; and storing the judged safety data and the malicious data, and transmitting the safety data and the malicious data to a database.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (8)
1. A method for detecting network security data information is characterized by comprising the following steps:
s1, obtaining a network security data sample and a malicious data sample through historical network data;
s2, acquiring network data information to be detected, and storing the acquired network data information to be detected into a data queue;
s3, processing the network data information to be detected, and extracting characteristics of the network data information;
s4, matching the obtained network data information characteristics with the network security data sample and the malicious data sample, if the network data information characteristics are successfully matched with the network security data sample, judging that the network data information is security data, and if the network data information characteristics are successfully matched with the malicious data sample, judging that the network data is malicious data;
s5 stores the determined security data and malicious data and transmits them to the database.
2. The method for detecting network security data information according to claim 1, wherein the step S1 is to obtain historical network data, extract characteristic data of the historical network data, and classify the characteristic data of the historical network data to obtain a security data sample and a malicious data sample.
3. The method for detecting network security data information as claimed in claim 1, wherein the step S1 selects the security data sample and the malicious data sample, and establishes the machine learning model according to the characteristic data of the security data sample and the malicious data sample.
4. The method for detecting network security data information as claimed in claim 1, wherein the step S4 is to transmit the obtained network data information characteristics to a machine learning model and match the network security data samples and the malicious data samples.
5. The method for detecting network security data information according to claim 1, wherein after the step of acquiring the network data to be detected in step S2, the method further comprises: acquiring a network address of a terminal corresponding to network data to be detected; counting the frequency of the network data to be detected sent by the terminal corresponding to the acquired network address; and when the frequency is greater than the preset frequency, adding the network data to be detected into the blacklist library.
6. The method for detecting the network security data information according to claim 1, wherein when it is determined in step S4 that the network data is malicious data, the blocking data packet is obtained, and the blocking data packet is sent to the receiver corresponding to the network data packet to be detected, so that the receiver stops establishing the communication connection with the sender corresponding to the network data packet to be detected.
7. The method for detecting network security data information according to claim 1, wherein the step S4 counts the success rate of matching the network security data samples and the malicious data samples with respect to the network data information characteristics at regular time; and filtering the safe data samples and the malicious data samples with the matching success rate smaller than a preset threshold value.
8. The method for detecting the network security data information according to claim 1, wherein the acquiring the network data includes: and acquiring network data through the sensitive URL, or acquiring the network data when the flow abnormity is monitored.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110337796.XA CN113132359A (en) | 2021-03-30 | 2021-03-30 | Network security data information detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110337796.XA CN113132359A (en) | 2021-03-30 | 2021-03-30 | Network security data information detection method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113132359A true CN113132359A (en) | 2021-07-16 |
Family
ID=76774940
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110337796.XA Pending CN113132359A (en) | 2021-03-30 | 2021-03-30 | Network security data information detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113132359A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102780691A (en) * | 2012-05-24 | 2012-11-14 | 深圳市中兴移动通信有限公司 | Method for detecting and avoiding network attack for mobile terminal |
CN107770123A (en) * | 2016-08-15 | 2018-03-06 | 台山市金讯互联网络科技有限公司 | A kind of flood attack detection method of central monitoring |
CN108306864A (en) * | 2018-01-12 | 2018-07-20 | 深圳壹账通智能科技有限公司 | Network data detection method, device, computer equipment and storage medium |
CN110175247A (en) * | 2019-03-13 | 2019-08-27 | 北京邮电大学 | A method of abnormality detection model of the optimization based on deep learning |
US20190387005A1 (en) * | 2017-03-10 | 2019-12-19 | Visa International Service Association | Identifying malicious network devices |
CN111277587A (en) * | 2020-01-19 | 2020-06-12 | 武汉思普崚技术有限公司 | Malicious encrypted traffic detection method and system based on behavior analysis |
WO2021017261A1 (en) * | 2019-08-01 | 2021-02-04 | 平安科技(深圳)有限公司 | Recognition model training method and apparatus, image recognition method and apparatus, and device and medium |
-
2021
- 2021-03-30 CN CN202110337796.XA patent/CN113132359A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102780691A (en) * | 2012-05-24 | 2012-11-14 | 深圳市中兴移动通信有限公司 | Method for detecting and avoiding network attack for mobile terminal |
CN107770123A (en) * | 2016-08-15 | 2018-03-06 | 台山市金讯互联网络科技有限公司 | A kind of flood attack detection method of central monitoring |
US20190387005A1 (en) * | 2017-03-10 | 2019-12-19 | Visa International Service Association | Identifying malicious network devices |
CN108306864A (en) * | 2018-01-12 | 2018-07-20 | 深圳壹账通智能科技有限公司 | Network data detection method, device, computer equipment and storage medium |
CN110175247A (en) * | 2019-03-13 | 2019-08-27 | 北京邮电大学 | A method of abnormality detection model of the optimization based on deep learning |
WO2021017261A1 (en) * | 2019-08-01 | 2021-02-04 | 平安科技(深圳)有限公司 | Recognition model training method and apparatus, image recognition method and apparatus, and device and medium |
CN111277587A (en) * | 2020-01-19 | 2020-06-12 | 武汉思普崚技术有限公司 | Malicious encrypted traffic detection method and system based on behavior analysis |
Non-Patent Citations (1)
Title |
---|
刘凯等: "一种用于分类的改进Boosting算法", 《计算机工程与应用》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109951500B (en) | Network attack detection method and device | |
CN111277587A (en) | Malicious encrypted traffic detection method and system based on behavior analysis | |
CN109600363B (en) | Internet of things terminal network portrait and abnormal network access behavior detection method | |
CN111935170B (en) | Network abnormal flow detection method, device and equipment | |
CN109587179B (en) | SSH (Single sign indicating) protocol behavior pattern recognition and alarm method based on bypass network full flow | |
US20230089187A1 (en) | Detecting abnormal packet traffic using fingerprints for plural protocol types | |
JP6001689B2 (en) | Log analysis apparatus, information processing method, and program | |
CN106330944B (en) | Malicious system vulnerability scanner identification method and device | |
KR102045468B1 (en) | Apparatus for detection of anomalous connection behavior based on network data analytics and method using the same | |
CN109818970B (en) | Data processing method and device | |
CN111478920A (en) | Method, device and equipment for detecting communication of hidden channel | |
CA2977807C (en) | Technique for detecting suspicious electronic messages | |
CN102271068A (en) | Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack | |
CN103795709A (en) | Network security detection method and system | |
Dabbagh et al. | Slow port scanning detection | |
CN111147489B (en) | Link camouflage-oriented fishfork attack mail discovery method and device | |
CN110611640A (en) | DNS protocol hidden channel detection method based on random forest | |
CN109194608B (en) | DDoS attack and flash congestion event detection method based on flow | |
JP6174520B2 (en) | Malignant communication pattern detection device, malignant communication pattern detection method, and malignant communication pattern detection program | |
CN113315771B (en) | Safety event alarm device and method based on industrial control system | |
CN102130920A (en) | Botnet discovery method and system thereof | |
CN110933111A (en) | DDoS attack identification method and device based on DPI | |
US20220263846A1 (en) | METHODS FOR DETECTING A CYBERATTACK ON AN ELECTRONIC DEVICE, METHOD FOR OBTAINING A SUPERVISED RANDOM FOREST MODEL FOR DETECTING A DDoS ATTACK OR A BRUTE FORCE ATTACK, AND ELECTRONIC DEVICE CONFIGURED TO DETECT A CYBERATTACK ON ITSELF | |
CN113965419B (en) | Method and device for judging attack success through reverse connection | |
CN112272175A (en) | Trojan horse virus detection method based on DNS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210716 |