CN115659341B - Software information safety monitoring system - Google Patents
Software information safety monitoring system Download PDFInfo
- Publication number
- CN115659341B CN115659341B CN202211659968.6A CN202211659968A CN115659341B CN 115659341 B CN115659341 B CN 115659341B CN 202211659968 A CN202211659968 A CN 202211659968A CN 115659341 B CN115659341 B CN 115659341B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- application software
- interactive
- comparison
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 19
- 230000002452 interceptive effect Effects 0.000 claims abstract description 68
- 238000007405 data analysis Methods 0.000 claims description 9
- 238000009825 accumulation Methods 0.000 claims description 8
- 230000003993 interaction Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 4
- 230000001960 triggered effect Effects 0.000 claims description 3
- 230000006399 behavior Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a software information security monitoring system, which relates to the technical field of information security, in particular to a software information security monitoring system, wherein a security protection module is used for identifying interactive data of application software and carrying out security protection on a user system; the information tracking module is used for tracking the interactive data of the application software, when the interactive data has risks, the safety protection module is called to protect the interactive data, and when the interactive data is accessed, the user data accessed by the application software is marked as comparison data; the comparison data obtained for the first time is used as template data, the mark clearing module is used for counting the overlapped part of the uploading data of the application software and the template data, and when the amount of the mark data uploaded by the application software reaches a certain value, the application software is considered to steal the user data, and then the user is reminded, so that the user data is prevented from being stolen by batch amount.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a software information security monitoring system.
Background
Information security refers to the technical and administrative security protection established and employed for data processing systems in order to protect computer hardware, software, data from being damaged, altered, and revealed by casual and malicious causes. In the use of the computer, in order to ensure the safety of the computer, the network or host activity is monitored in real time to monitor and analyze the behaviors of users and systems, identify external attack behaviors, count and track abnormal behaviors and identify behaviors violating safety regulations, so that an administrator can effectively monitor, control and evaluate the network or host system.
The existing safety monitoring system mainly monitors a user side to determine whether data of the user side is stolen or tampered, but when the existing user side installs application software, the application software can automatically acquire a part of authorities, some application software can steal private data of a user by using the authorities, when the data is stolen, a small amount of data can be stolen at one time, and when the safety monitoring system judges, the small amount of uploaded data belongs to normal data interaction, and then the data is determined not to be stolen; therefore, a software information security monitoring system capable of counting the total amount of data stolen is needed to avoid data being stolen by batch quantity.
Disclosure of Invention
The invention aims to provide a software information security monitoring system to solve the problem that the existing user end data proposed in the background technology is easy to be stolen in batches.
In order to achieve the purpose, the invention provides the following technical scheme: a software information security monitoring system comprises a security protection module, an information tracking module, a mark clearing module, a superposition ratio accumulation module, a data analysis module and a notification module;
the safety protection module is used for identifying the interactive data of the application software and carrying out safety protection on the user system;
the information tracking module is used for tracking the interactive data of the application software, when the interactive data has risks, the safety protection module is called to protect the interactive data, and when the interactive data is accessed, the user data accessed by the application software is marked as comparison data;
the mark removing module is used for counting the overlapped part of the uploaded data of the application software and the template data, removing the mark of the overlapped part in the template data and taking the residual data as new template data;
the coincidence ratio accumulation module is used for counting the coincidence part of the uploaded data of the application software and the template data, calculating the coincidence ratio between the coincidence part and the initial comparison data, counting the coincidence ratio obtained when the application software uploads the data each time, and accumulating the coincidence ratios to obtain a comparison value;
the data analysis module is used for analyzing the relation between the comparison value and the safety threshold value, and when the comparison value exceeds the comparison threshold value, the uploading channel of the application software is suspended and the notification module is triggered;
and the notification module is used for carrying out risk prompt and selecting whether the information channels of the application software are communicated.
Preferably, the security protection module may be in communication connection with a firewall of the user system, and the firewall of the user system is used to determine whether there is a risk in the interactive data of the application software, and determine whether the interactive data is access data.
Preferably, the safety protection module can analyze the data traffic downloaded to the application software and the traffic of the interactive data of the application software, and when the data traffic downloaded to the application software exceeds a download threshold and the traffic of the interactive data exceeds an interaction threshold, the interactive data is considered to have a risk;
and when the interactive data sends an access application to the safety protection module and the safety protection module agrees with the access application of the interactive data, the interactive data at the moment is considered as the access data.
Preferably, the data analysis module further comprises a threshold setting module, and the threshold setting module is used for adjusting the comparison threshold, the download threshold and the interaction threshold.
Preferably, when the application software accesses the user system to obtain different comparison data, firstly, an intersection between the comparison data and the initial comparison data is obtained after calculation, then, the non-overlapping part of the later obtained comparison data and the initial comparison data is sorted out and merged into the initial comparison data to be used as new initial comparison data, and meanwhile, the non-overlapping part of the later obtained comparison data and the initial comparison data is sorted into the template data to be used as new template data.
Preferably, after the notification module sends the notification, the default is that the communication is not agreed when no agreement operation is performed.
Preferably, when the information tracking module tracks the interactive data, when the interactive data has risks, the information tracking module only tracks the transmission path of the interactive data; when the interactive data is only accessed, the data accessed by the interactive data is tracked.
Compared with the prior art, the invention has the beneficial effects that:
1) According to the method, the data uploaded by the application software is counted through the superposition ratio accumulation module, the mark data contained in the data uploaded by the application software is analyzed, when the amount of the mark data contained reaches a certain value, the application software is considered to steal the user data, and the user is reminded, so that the user data is prevented from being stolen in batches;
2) According to the invention, the interactive data during the access of the application software is tracked and marked through the information tracking module, so that the access range of the application software is confirmed, and the access range of the application software is taken as comparison data, so that whether the data uploaded by the application software contains the privacy data of a user or not can be analyzed.
Drawings
FIG. 1 is a schematic view of a module frame of the present invention;
FIG. 2 is a schematic diagram of the operation of the modules of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.
Example (b):
referring to fig. 1-2, the present invention provides a technical solution: a software information security monitoring system comprises a security protection module, an information tracking module, a mark clearing module, a superposition ratio accumulation module, a data analysis module and a notification module;
the safety protection module is used for identifying interactive data of the application software, analyzing the interactive data and then judging whether the interactive data is normal interactive data, data with risks or access data;
when the interactive data is normal interactive data, the normal interactive data is normally accessed and utilized by the application software to the user terminal equipment, so that monitoring is not needed;
when the interactive data is data with risks, the data with risks is dangerous data, and the data is easy to damage, change and leak on user side equipment, so that the user side equipment needs to be protected, and the user system can be safely protected through the safety protection module;
when the access data access the privacy of the user side, which requires the authorization of the user, the security protection module also triggers the notification module during the access, the user can confirm whether the authorization is performed through the notification module, and then the security protection module also transmits the type of the interactive data to the information tracking module;
the information tracking module is used for tracking the interactive data of the application software, when the interactive data has risks, only the transmission path of the interactive data needs to be tracked, and then the safety protection module is called to block and protect the transmission path, so that data leakage can be avoided;
when interactive data is accessed, only the data accessed by the interactive data needs to be tracked, then the user data accessed by application software is marked as comparison data, and the interaction data is classified, and then the information tracking module runs different functions, so that the tracking data generated by the information tracking module is reduced, and the burden of a user system can be further reduced;
the comparison data obtained for the first time is used as template data, the mark clearing module is used for counting the overlapped part of the uploading data of the application software and the template data, and clearing marks of the overlapped part in the template data, so that the uploading data are prevented from being repeatedly calculated by the overlap ratio accumulation module;
the coincidence ratio accumulation module is used for counting the coincidence part of the uploaded data of the application software and the template data, calculating the coincidence ratio between the coincidence part and the initial comparison data, meanwhile counting the coincidence ratio obtained when the application software uploads the data each time, and accumulating the coincidence ratios to obtain a comparison value;
some software steals the information of the user in batches to reduce the aim of finding, and the superposition ratio of the uploaded data and the initial comparison data is accumulated to carry out overall calculation, so that the data is prevented from being stolen in batches;
the data analysis module is used for analyzing the relation between the comparison value and the safety threshold value, when the comparison value exceeds the comparison threshold value, the application software is indicated to have the risk of embezzlement of user information, the uploading of data of the application software needs to be stopped temporarily, then the user is reminded through the notification module, when the user allows the data to be uploaded continuously, the application software is allowed to upload the data continuously, otherwise, the application software is not allowed to upload the data continuously;
the notification module is used for carrying out risk prompt, so that a user can conveniently know whether the software has risks in time, and the notification module allows the user to operate so as to determine whether the information channels of the application software are communicated, namely after the risk prompt is triggered, the user can select whether the application software can continue to upload data and carry out data interaction, and the application software is isolated. To avoid data theft.
The safety protection module can not have the function of a firewall, the safety protection module and the firewall of the user system need to be in communication connection for a long time, then information of the firewall is called through the safety protection module, namely whether risks exist in interactive data of application software is confirmed through the firewall, whether the interactive data are access data is judged, and meanwhile the safety protection module can also transfer the firewall to conduct safety protection on the user system.
When the safety protection module has the function of a firewall, the data flow downloaded to the application software and the flow of the interactive data of the application software can be analyzed, whether the possibility of being attacked exists in a user system is judged through the data flow, when the data flow downloaded to the application software exceeds a downloading threshold value, the data flow acquired by the software from the outside is too large, the possibility of the risk exists, then the flow of the interactive data is analyzed, when the flow of the interactive data exceeds the interactive threshold value, the data impact on the user system by the application software is indicated, and the interactive data can be considered to have the risk; when the privacy information of the user is accessed, the interactive data needs to send an access application to the security protection module, then the user can agree with the access application of the interactive data through the security protection module, at this time, the interactive data at this time is considered as the access data, and otherwise, the interactive data is considered as the risk data.
The comparison threshold value, the download threshold value and the interaction threshold value are set with default values, and different users have different use requirements, so that unnecessary complex operations are reduced, a threshold value setting module is arranged in the data analysis module and used for adjusting the comparison threshold value, the download threshold value and the interaction threshold value, and different users can conveniently set different threshold values.
When the application software is used, data access to a user system is possible, data accessed each time are possible to be different, comparison data are different when the accessed data are different, template data need to be processed to avoid the tag data from being neglected to be counted, the comparison data and initial comparison data are analyzed, when the initial comparison data are not replaced, the initial comparison data refer to the comparison data acquired by the user software for the first time, when the application software accesses the user system to acquire different comparison data, an intersection between the comparison data and the initial comparison data is acquired after calculation, whether the comparison data are different from the comparison data acquired before is acquired after confirmation through the intersection is obtained, when the difference exists, the parts of the acquired comparison data and the initial comparison data are sorted out and combined to the initial comparison data to serve as new initial comparison data, the quantity of the data is increased, the data needing to be uploaded are increased, the parts of the comparison data are used as new initial comparison data, the situation that the parts of the application software which are normally uploaded can be prevented from being abnormal, meanwhile, the parts of the comparison data which are not overlapped with the initial comparison data are sorted to be used as new template data, and the new comparison data can not be analyzed when the comparison data are missed.
After the notification module sends out the notice, the problem that the user cannot operate in time exists, and in order to avoid accidents, when the user does not agree to the operation, the user can be defaulted to not agree to the communication, so that the problem that the data is possibly stolen is avoided.
While there have been shown and described what are at present considered to be the basic principles and essential features of the invention and advantages thereof, it will be apparent to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, but is capable of other embodiments without departing from the spirit or essential characteristics thereof; the present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein, and any reference signs in the claims are not intended to be construed as limiting the claim concerned.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A software information security monitoring system is characterized in that: the system comprises a safety protection module, an information tracking module, a mark clearing module, a superposition ratio accumulation module, a data analysis module and a notification module;
the safety protection module is used for identifying the interactive data of the application software and carrying out safety protection on the user system;
the information tracking module is used for tracking the interactive data of the application software, when the interactive data has risks, the safety protection module is called to protect the interactive data, when the interactive data is accessed, the user data accessed by the application software is marked as comparison data, and the comparison data obtained for the first time is used as template data;
the mark clearing module is used for counting the overlapped part of the uploaded data of the application software and the template data, clearing the mark of the overlapped part in the template data and taking the residual data as new template data;
the coincidence ratio accumulation module is used for counting the coincidence part of the uploaded data of the application software and the template data, calculating the coincidence ratio between the coincidence part and the initial comparison data, meanwhile counting the coincidence ratio obtained when the application software uploads the data each time, and accumulating the coincidence ratios to obtain a comparison value;
the data analysis module is used for analyzing the relation between the comparison value and the safety threshold value, and when the comparison value exceeds the comparison threshold value, the uploading channel of the application software is suspended and the notification module is triggered;
and the notification module is used for carrying out risk prompt and selecting whether the information channels of the application software are communicated.
2. The software information security monitoring system of claim 1, wherein: the safety protection module can be in communication connection with a firewall of the user system, confirms whether the interactive data of the application software has risks or not through the firewall of the user system, and judges whether the interactive data is access data or not.
3. The software information security monitoring system of claim 1, wherein: the safety protection module can analyze the data flow downloaded to the application software and the flow of the interactive data of the application software, and when the data flow downloaded to the application software exceeds a downloading threshold value and the flow of the interactive data exceeds an interactive threshold value, the interactive data is considered to have risks;
and when the interactive data sends an access application to the safety protection module and the safety protection module agrees with the access application of the interactive data, the interactive data at the moment is considered as the access data.
4. The software information security monitoring system according to claim 1, wherein: the data analysis module further comprises a threshold setting module, and the threshold setting module is used for adjusting the comparison threshold, the download threshold and the interaction threshold.
5. The software information security monitoring system of claim 1, wherein: when the application software accesses a user system to obtain different comparison data, firstly, an intersection between the comparison data and the initial comparison data is obtained after calculation, then, the non-overlapping part of the later obtained comparison data and the initial comparison data is sorted out and merged into the initial comparison data to be used as new initial comparison data, and meanwhile, the non-overlapping part of the later obtained comparison data and the initial comparison data is sorted into template data to be used as new template data.
6. The software information security monitoring system of claim 1, wherein: and after the notification module sends out the notification, when the consent operation is not performed, the default is the non-consent communication.
7. The software information security monitoring system of claim 1, wherein: when the information tracking module tracks the interactive data and the interactive data has risks, only the propagation path of the interactive data is tracked; when the interactive data is only accessed, the data accessed by the interactive data is tracked.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211659968.6A CN115659341B (en) | 2022-12-23 | 2022-12-23 | Software information safety monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211659968.6A CN115659341B (en) | 2022-12-23 | 2022-12-23 | Software information safety monitoring system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115659341A CN115659341A (en) | 2023-01-31 |
| CN115659341B true CN115659341B (en) | 2023-03-10 |
Family
ID=85022540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211659968.6A Active CN115659341B (en) | 2022-12-23 | 2022-12-23 | Software information safety monitoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115659341B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
| CN110502875A (en) * | 2019-07-25 | 2019-11-26 | 安徽易百互联科技有限公司 | A kind of security of computer software guard system |
| CN113407949A (en) * | 2021-06-29 | 2021-09-17 | 恒安嘉新(北京)科技股份公司 | Information security monitoring system, method, equipment and storage medium |
| CN114338372A (en) * | 2020-09-25 | 2022-04-12 | 中国移动通信集团山东有限公司 | Network information security monitoring method and system |
| CN115296882A (en) * | 2022-08-01 | 2022-11-04 | 黑龙江蔚蓝佳源信息科技有限公司 | Network security monitoring system |
| CN115499844A (en) * | 2022-09-22 | 2022-12-20 | 贵州电网有限责任公司 | Mobile terminal information safety protection system and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105574417A (en) * | 2014-10-11 | 2016-05-11 | 中兴通讯股份有限公司 | User information protection method and device |
| PE20171260A1 (en) * | 2015-01-16 | 2017-08-31 | Pricewaterhousecoopers Llp | SYSTEM AND PROCEDURE FOR THE EXCHANGE OF DATA IN HEALTH CARE |
-
2022
- 2022-12-23 CN CN202211659968.6A patent/CN115659341B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
| CN110502875A (en) * | 2019-07-25 | 2019-11-26 | 安徽易百互联科技有限公司 | A kind of security of computer software guard system |
| CN114338372A (en) * | 2020-09-25 | 2022-04-12 | 中国移动通信集团山东有限公司 | Network information security monitoring method and system |
| CN113407949A (en) * | 2021-06-29 | 2021-09-17 | 恒安嘉新(北京)科技股份公司 | Information security monitoring system, method, equipment and storage medium |
| CN115296882A (en) * | 2022-08-01 | 2022-11-04 | 黑龙江蔚蓝佳源信息科技有限公司 | Network security monitoring system |
| CN115499844A (en) * | 2022-09-22 | 2022-12-20 | 贵州电网有限责任公司 | Mobile terminal information safety protection system and method |
Non-Patent Citations (3)
| Title |
|---|
| 王昱镔 ; 高博 ; 程楠 ; 吴薇 ; .软件测试中的信息安全问题.2013,(第05期),第11-14页. * |
| 邹意华 ; 贺冠鹏 ; .移动智能终端应用软件的信息安全及防护方式.2020,(第08期),第103-104页. * |
| 邹意华 ; 贺冠鹏 ; 曾天宇 ; .移动智能终端的信息安全风险及测评方法研究.2020,(第06期),第141-142页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115659341A (en) | 2023-01-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110691064B (en) | Safety access protection and detection system for field operation terminal | |
| CN107241224A (en) | The network risks monitoring method and system of a kind of transformer station | |
| US20080096526A1 (en) | Apparatus and a security node for use in determining security attacks | |
| CN101257678A (en) | Method, terminal and system for realizing mobile terminal software safe detection | |
| CN112787992A (en) | Method, device, equipment and medium for detecting and protecting sensitive data | |
| CN101321084A (en) | Method and apparatus for generating configuration rules for computing entities within a computing environment using association rule mining | |
| CN111327601A (en) | Abnormal data response method, system, device, computer equipment and storage medium | |
| CN104753952A (en) | Intrusion detection and analysis system on basis of service data flow of virtual machines | |
| CN104702603A (en) | Multi-view-angle security auditing system for mobile internet | |
| CN113382076A (en) | Internet of things terminal security threat analysis method and protection method | |
| CN106447581A (en) | System and method thereof for self negotiation and quick treatment on traffic accidents | |
| CN114139178A (en) | Data link-based data security monitoring method and device and computer equipment | |
| KR101666791B1 (en) | System and method of illegal usage prediction and security for private information | |
| CN115659341B (en) | Software information safety monitoring system | |
| CN106951779A (en) | A kind of USB security protection systems for selecting to analyze with equipment behavior based on user | |
| CN117061372A (en) | Real-time processing platform for monitoring and analyzing network flow | |
| CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
| CN110049015B (en) | Network security situation awareness system | |
| US7367055B2 (en) | Communication systems automated security detection based on protocol cause codes | |
| CN113779566A (en) | Computer network security situation sensing system and method | |
| KR20130033161A (en) | Intrusion detection system for cloud computing service | |
| CN108924129A (en) | One kind being based on computer network instrument system of defense and intrusion prevention method | |
| CN115174144A (en) | Zero-trust gateway self-security detection method and device | |
| CN113973193A (en) | Security quality control method, electronic device and readable medium | |
| KR20200054495A (en) | Method for security operation service and apparatus therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231031 Address after: Room 201-32, Building 8, No. 999 Jingxing Road, Cangqian Street, Yuhang District, Hangzhou City, Zhejiang Province, 311121 Patentee after: HANGZHOU LEMANG TECHNOLOGY CO.,LTD. Address before: 322001 No. 8, Daxue Road, Fotang Town, Yiwu City, Jinhua City, Zhejiang Province Patentee before: CHINA JILIANG UNIVERSITY College OF MODERN SCIENCE AND TECHNOLOGY |
|
| TR01 | Transfer of patent right |