CN107181718A - A kind of internet security information method for real-time monitoring - Google Patents
A kind of internet security information method for real-time monitoring Download PDFInfo
- Publication number
- CN107181718A CN107181718A CN201610136411.2A CN201610136411A CN107181718A CN 107181718 A CN107181718 A CN 107181718A CN 201610136411 A CN201610136411 A CN 201610136411A CN 107181718 A CN107181718 A CN 107181718A
- Authority
- CN
- China
- Prior art keywords
- information
- real
- condition
- network safety
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Abstract
The invention discloses a kind of internet security information method for real-time monitoring, by obtaining network safety information and matching key message, thus positioning obtains meeting the network safety information of monitoring objective, so as to realize the real-time monitoring for internet security information;The update frequency f1 of fresh information is set first, network safety information is constantly obtained according to the acquisition of information interface of network security website, and the network safety information obtained every time is deposited in the local database as an entry;Then condition c is met according to monitoring objective setting network safety information of concern, as monitoring condition, poll frequency f2 is reset, starts a monitor task by poll frequency of f2, matched in the local database, be met the network safety information of condition.The invention provides the automated network security solution of adaptability, method takes into account the accuracy and real-time of network safety information monitoring.
Description
Technical field
The present invention relates to the internet security of network information monitoring, more particularly to a kind of analysis of use forum information and Keywords matching
Information method for real-time monitoring.
Background technology
With Internet technology, the particularly development of web2.0 technologies and development of Mobile Internet technology and maturation, based on internet skill
The service of art and product are widely used;On the other hand, because the popularization of the products & services based on Internet technology exists
Constantly improved on depth and range, network security problem is also increasingly highlighted.Network security is believed comprising network equipment safety, network
Cease safety and network software safety.For the software systems of any access internet, as long as its interface does not do physical isolation,
Network level it is reachable, just have by Malware or attack invasion, or even leaked by control bottom hardware and data
Risk.Currently, a large amount of internet products and service all rely on the hardware being deployed on internet, software and related data,
Thus it is guaranteed that the network security of all kinds of services and product is the basic of cyberspace safety and stability.But, due to network security dimension
Shield is with high costs, and network security correlative investment has no income in a short time, and ISP is particularly middle-size and small-size provider
And think little of the input of secure context, therefore, disparate networks security incident still emerges in an endless stream.
For problem above, existing solution mainly has:The first is to utilize the network security technology Logistics networks such as fire wall peace
Entirely;It is for second that network security relevant information in mass-rent mode is circulated a notice of by online forum.Wherein, the network such as the first fire wall
Safe practice is the universal means that industry ensures network security.This kind of means prevent some common attack meanses, but can not pin
Exhaustive is accomplished to different internet systems.Therefore, occur many networks for being directed to all kinds of internet products on current network
Safe forum reports platform, and user or " white hat " are (to find software systems security breaches and inform related personnel in time
And prevent loss for target independent technique personnel) find security breaches can circulate a notice of on platform.And second scheme is with mass-rent
Mode solve network security problem covering range, but related platform circular amount of content data it is larger, for the dimension of particular station
The problem of shield personnel existence information is exploded and spends inadequate in real time.
The content of the invention
In order to overcome the above-mentioned deficiencies of the prior art, the present invention provides a kind of internet security information method for real-time monitoring, using opinion
Altar information analysis and key word matching method, it is general first to carry out information extraction and storage for network security forum, recycle and close
Keyword matching positioning meets the network safety information of monitoring objective;On the basis of security information accuracy and real-time is taken into account, from
Dynamicization is monitored according to user's request in real time to the network safety information on internet.
The technical scheme that the present invention is provided is:
A kind of internet security information method for real-time monitoring, by obtaining network safety information and matching key message, is thus positioned
Obtain meeting the network safety information of monitoring objective, so as to realize the real-time monitoring for internet security information;Including following step
Suddenly:
A. obtained and memory phase in network safety information, perform following operation:
A1. according to the acquisition of information interface of network security website, the acquisition methods of setting network security information;
A2. the update frequency f1 of fresh information is set;
A3. network safety information is constantly obtained by update frequency of f1, the network safety information obtained every time is as one
Entry is deposited in the local database;
B. in the key information match stage, following operation is performed:
B1. according to monitoring objective, set network safety information of concern meets condition c, is used as monitoring condition;
B2. poll frequency f2 is set;
B3. start a monitor task by poll frequency of f2, matched in the local database, when the match is successful,
The network safety information for the condition c being met in B1;When scanning through failed matching after a local data base, then
Monitor task is exited, waits next Mission Monitor restarting step B to carry out key information match.
For above-mentioned internet security information method for real-time monitoring, further, the network safety information includes:Network security
News, on disparate networks service security hole risk circular and user in forum on disparate networks service safe situation
One or more in discussion.
For above-mentioned internet security information method for real-time monitoring, further, network security website described in step A1 includes carrying
Website for data acquisition interface and the website that content interface is not provided;Website for providing data acquisition interface, the network
The acquisition methods of security information are based on http procotols directly to obtain network safety information using automated procedures;For not carrying
For the website of content interface, the content obtained in website on webpage is parsed by the use of HTML analytical tool and is used as network
Security information.In embodiments of the present invention, the network security website is provides the website of RSS subscribing interfaces, and the network is pacified
The acquisition methods of full information are that RSS resolvers are pointing directly at into the RSS to subscribe to address.
For above-mentioned internet security information method for real-time monitoring, further, the update frequency of fresh information described in step A2
F1 is set according to system resources in computation;Preferably, update frequency f1 is set as 1 hour once.
For above-mentioned internet security information method for real-time monitoring, further, monitoring condition c described in step B1 is one basic
Condition either compound condition;One primary condition is a keyword;The compound condition is by multiple primary conditions by closing
System " and ", "or" or " non-" combine.
For above-mentioned internet security information method for real-time monitoring, further, poll frequency f2 represents system described in step B2
The frequency of background monitoring task, the f2 is set according to requirement of real-time and system performance requirements.
For above-mentioned internet security information method for real-time monitoring, further, matching process described in step B3 is specifically:
If monitoring condition c is a primary condition cb, when finding the entry comprising the keyword in cb in the local data base,
The match is successful;If monitoring condition c is compound condition cx, when found in the local data base meet compound condition cx when,
With success.
Compared with prior art, the beneficial effects of the invention are as follows:
The present invention is general first to carry out information extraction for network security forum using forum information analysis and key word matching method
And storage, recycle Keywords matching positioning to meet the network safety information of monitoring objective, so as to realize for internet security letter
The real-time monitoring of breath.The method that the internet security information provided using the present invention is monitored in real time, it is possible to provide the automation of adaptability
Network security solution, while taking into account the accuracy and real-time of network safety information monitoring.
Brief description of the drawings
Fig. 1 is the FB(flow block) for the internet security information method for real-time monitoring that the present invention is provided.
Fig. 2 is the system architecture diagram that the embodiment of the present invention realizes the inventive method.
Embodiment
Below in conjunction with the accompanying drawings, the present invention, the scope of but do not limit the invention in any way are further described by embodiment.
The present invention provides a kind of method monitored in real time for internet security information, specifically includes with the next stage:
A. network safety information is obtained and memory phase, performs following operation:
A1. according to the acquisition of information interface of the websites such as network security forum, setting network safety information acquisition method;
Disparate networks security information includes:Network security news, on disparate networks service security hole risk circular,
User is in forum on discussion of disparate networks service safe situation etc.;Network peace is obtained to different network security websites
Full information, generally requires different acquisition methods;
A2. the update frequency f1 that set information updates;
A3. network safety information is constantly updated by frequency of f1, and is deposited in the local database;
B. in the key information match stage, following operation is performed:
What B1. user provided network safety information of concern according to demand meets condition c;
B2. user provides poll frequency f2;
B3. backstage starts monitor task by poll frequency of f2, is matched in the local database, is met B1
In network safety information condition c related network safety information;If failed after a database is scanned through
Match somebody with somebody, then exit task, wait lower subtask restarting.
The method that above-mentioned internet security information is monitored in real time, as a kind of preferred scheme, network security associated stations are directed in A1
Network safety information acquisition methods have following several:For providing data acquisition interface, such as RSS (Really Simple
Syndication, Simple Syndication) subscribe to address website, directly obtained based on http procotols using automated procedures
Take its content;Website for not providing content interface, using HTML (HyperText Markup Language, it is super literary
This markup language) analytical tool obtains content in website on webpage to parse.
The more high then renewal frequencies of information updating frequency f1 are higher in A2, and network safety information control real-time is stronger, but system is negative
Load is also bigger.As a kind of preferred scheme, depending on information updating frequency f1 setting should be according to system resources in computation.This hair
In bright embodiment, set information update frequency f1 is to update a what be new in 1 hour.
As a kind of preferred scheme, the security information monitoring condition c in B1, can be primary condition or compound condition.Substantially
Condition is keyword, represents user's network safety information "comprising" some keyword of interest;Compound condition is by multiple
(a series of) primary condition by " and ", "or" or " non-" composition of relations form.For example, for primary condition c1, c2,
" c1 and c2 " represent the information for meeting c1 and c2 conditions simultaneously to compound condition;" c1 or c2 " are represented meets c1 to compound condition
With the information of either condition in c2;" non-c1 " represents the information for being unsatisfactory for c1 conditions to compound condition.
As a kind of preferred scheme, user provides the frequency that poll frequency f2 represents background monitoring task in B2, the same with f1,
F2 setting needs also exist for taking into account real-time and backstage performance.
According to the content of security information in condition c matching databases, when step B3 carries out content matching, for primary condition
cbAs long as certain data base entries includes cbIn keyword, then be considered as and meet condition cb;For compound condition cx, then need full
Syntagmatic between sufficient primary condition and condition.Such as c1 and c2 require both to include the keyword in c1, also comprising in c2
Keyword.Once checked it was found that the security information for meeting condition c is informed about user, to help user to find that A is serviced in time
Possible leaking data risk.
Illustrate the specific implementation for the internet security information method for real-time monitoring that the present invention is provided by the following examples.The present embodiment
In, user need pay close attention on certain Internet service A whether there is leaking data risk, the user using the present invention provide it is mutual
Networking security information method for real-time monitoring whether there is leaking data risk to monitor Internet service A.
First, in system level, it is necessary to which accessing some is used to obtain security information on leading Internet security information circular platform
Analysis program.Assuming that certain internet security leak platform provides RSS subscribing interfaces, RSS resolvers can be now pointing directly at
The RSS subscribes to address.
Secondly, it is necessary to the renewal frequency f1 of set information.Circular real-time of the network security problem on all kinds of platforms and forum compared with
By force, it therefore can typically set 1 hour and update a what be new., can high setting as far as possible if computing resource allows
F1 values ensure to find relevant risk in time.
Complete after arrangement above, system updates security information by frequency of f1, and the information of all acquisitions is stored in into background data base;
Actual above step is system background program, to visible based on the system maintenance personnel for realizing the inventive method, but to system
Domestic consumer it is invisible.
System user is according to security information of concern:" Internet service A whether there is leaking data risk " is, it is necessary to construction
Condition c can by two primary conditions (correspondence keyword " A services ", keyword " data ") and one " and " relation constitutes
Compound condition.The condition represents to need the inquiry from database to include keyword " A services " and comprising keyword " data "
Network safety information.
Afterwards, it is assumed that user set renewal frequency f2 as 3 hours, then system will be scanned every 3 hours to database,
And according to the content of security information in above-mentioned condition c matching databases.If a certain entry includes keyword " A services " in data
And include keyword " data ", then it is assumed that the entry is qualified network safety information.Once it was found that meet condition c's
Security information is informed about user and checked, to help user to find that A services possible leaking data risk in time.
It should be noted that the purpose for publicizing and implementing example is that help further understands the present invention, but those skilled in the art
It is appreciated that:Do not departing from the present invention and spirit and scope of the appended claims, various substitutions and modifications are all possible.
Therefore, the present invention should not be limited to embodiment disclosure of that, and the scope of protection of present invention is defined with claims
Scope is defined.
Claims (8)
1. a kind of internet security information method for real-time monitoring, thus fixed by obtaining network safety information and matching key message
Position obtains meeting the network safety information of monitoring objective, so as to realize the real-time monitoring for internet security information;Including as follows
Step:
A. obtained and memory phase in network safety information, perform following operation:
A1. according to the acquisition of information interface of network security website, the acquisition methods of setting network security information;
A2. the update frequency f1 of fresh information is set;
A3. network safety information is constantly obtained by update frequency of f1, the network safety information obtained every time is as one
Entry is deposited in the local database;
B. in the key information match stage, following operation is performed:
B1. according to monitoring objective, set network safety information of concern meets condition c, is used as monitoring condition;
B2. poll frequency f2 is set;
B3. start a monitor task by poll frequency of f2, matched in the local database, when the match is successful,
The network safety information for the condition c being met in B1;When scanning through failed matching after a local data base, then
Monitor task is exited, waits next Mission Monitor restarting step B to carry out key information match.
2. internet security information method for real-time monitoring as claimed in claim 1, it is characterized in that, the network safety information includes:
Network security news, the risk on disparate networks service security hole are circulated a notice of and user services on disparate networks in forum and pacified
One or more in the discussion of full situation.
3. internet security information method for real-time monitoring as claimed in claim 1, it is characterized in that, network security described in step A1
Website includes the website for providing data acquisition interface and the website for not providing content interface;Website for providing data acquisition interface,
The acquisition methods of the network safety information are based on http procotols directly to obtain network safety information using automated procedures;
Website for not providing content interface, the content obtained in website on webpage is parsed using HTML analytical tool
It is used as network safety information.
4. internet security information method for real-time monitoring as claimed in claim 3, it is characterized in that, the network security website is to carry
For the website of RSS subscribing interfaces, the acquisition methods of the network safety information are that RSS resolvers are pointing directly at into the RSS
Subscribe to address.
5. internet security information method for real-time monitoring as claimed in claim 1, it is characterized in that, fresh information described in step A2
Update frequency f1 set according to system resources in computation;Preferably, update frequency f1 is set as 1 hour once.
6. internet security information method for real-time monitoring as claimed in claim 1, it is characterized in that, monitoring condition described in step B1
C is a primary condition either compound condition;One primary condition is a keyword;The compound condition is by multiple
Primary condition by relation " and ", "or" or " non-" combine.
7. internet security information method for real-time monitoring as claimed in claim 1, it is characterized in that, poll frequency described in step B2
F2 represents the frequency of system background monitoring task, and the f2 is set according to requirement of real-time and system performance requirements.
8. internet security information method for real-time monitoring as claimed in claim 1, it is characterized in that, matching process described in step B3,
Specifically:If monitoring condition c is a primary condition cb, found when in the local data base comprising cbIn keyword
During entry, the match is successful;If monitoring condition c is compound condition cx, compound condition is met when being found in the local data base
cxWhen, the match is successful.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610136411.2A CN107181718A (en) | 2016-03-10 | 2016-03-10 | A kind of internet security information method for real-time monitoring |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610136411.2A CN107181718A (en) | 2016-03-10 | 2016-03-10 | A kind of internet security information method for real-time monitoring |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107181718A true CN107181718A (en) | 2017-09-19 |
Family
ID=59830591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610136411.2A Pending CN107181718A (en) | 2016-03-10 | 2016-03-10 | A kind of internet security information method for real-time monitoring |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107181718A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208662A (en) * | 2022-07-14 | 2022-10-18 | 侯效兵 | Computer information security monitoring method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101789929A (en) * | 2009-04-30 | 2010-07-28 | 广东国笔科技股份有限公司 | Online business management network and operation method thereof |
| CN101908048A (en) * | 2009-06-04 | 2010-12-08 | 深圳市彪骐数码科技有限公司 | Method and system for searching movie and television contents of Internet |
| US8700543B2 (en) * | 2011-02-12 | 2014-04-15 | Red Contexto Ltd. | Web page analysis system for computerized derivation of webpage audience characteristics |
| CN103838800A (en) * | 2012-11-22 | 2014-06-04 | 傅辉 | Mobile search mode |
| US20150378881A1 (en) * | 2014-06-30 | 2015-12-31 | Bank Of America Corporation | Platform-independent selenium to application lifecycle management ("alm") server connectivity |
-
2016
- 2016-03-10 CN CN201610136411.2A patent/CN107181718A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101789929A (en) * | 2009-04-30 | 2010-07-28 | 广东国笔科技股份有限公司 | Online business management network and operation method thereof |
| CN101908048A (en) * | 2009-06-04 | 2010-12-08 | 深圳市彪骐数码科技有限公司 | Method and system for searching movie and television contents of Internet |
| US8700543B2 (en) * | 2011-02-12 | 2014-04-15 | Red Contexto Ltd. | Web page analysis system for computerized derivation of webpage audience characteristics |
| CN103838800A (en) * | 2012-11-22 | 2014-06-04 | 傅辉 | Mobile search mode |
| US20150378881A1 (en) * | 2014-06-30 | 2015-12-31 | Bank Of America Corporation | Platform-independent selenium to application lifecycle management ("alm") server connectivity |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208662A (en) * | 2022-07-14 | 2022-10-18 | 侯效兵 | Computer information security monitoring method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9444899B2 (en) | Use of internet information services logging to collect user information in an asynchronous manner | |
| CN111695156A (en) | Service platform access method, device, equipment and storage medium | |
| CN109495467B (en) | Method and device for updating interception rule and computer readable storage medium | |
| CN102938766B (en) | Maliciously website prompt method and device | |
| US7428756B2 (en) | Access control over dynamic intellectual capital content | |
| CN110209700B (en) | Data stream association method and device, electronic equipment and storage medium | |
| CN104363253A (en) | Website security detecting method and device | |
| CN103313289A (en) | Wap system automatic test system and method | |
| US20160012074A1 (en) | System and method for providing contextual analytics data | |
| CN104021141A (en) | Method, device and system for data processing and cloud service | |
| CN107026871A (en) | A kind of Web vulnerability scanning methods based on cloud computing | |
| CN104301311A (en) | Method and device for filtering network data content through DNS | |
| CN113221156A (en) | Front-end authority control method and device, electronic equipment and storage medium | |
| CN104660997A (en) | Service oriented multi-source heterogeneous video surveillance adaptation method and system | |
| CN105939320A (en) | Message processing method and device | |
| CN105468981A (en) | Vulnerability identification technology-based plugin safety scanning device and scanning method | |
| US20210012014A1 (en) | Vulnerability checking system, distribution server, vulnerability checking method and program | |
| CN107181785A (en) | Method for executing request instruction and related server | |
| US11805146B2 (en) | System and method for detection promotion | |
| CN107181718A (en) | A kind of internet security information method for real-time monitoring | |
| CN105430010A (en) | Method and device for providing query service of server information | |
| CN115222375B (en) | Government affair data monitoring, analyzing and processing method and system based on big data | |
| CN111026796A (en) | Multi-source heterogeneous data acquisition method, device, system, medium and equipment | |
| US20160036766A1 (en) | Method and system for synchronizing program masks | |
| KR102022984B1 (en) | Web Based SSO Service Method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170919 |
|
| WD01 | Invention patent application deemed withdrawn after publication |