CN108377242A - A kind of computer network security detection method - Google Patents

A kind of computer network security detection method Download PDF

Info

Publication number
CN108377242A
CN108377242A CN201810156167.5A CN201810156167A CN108377242A CN 108377242 A CN108377242 A CN 108377242A CN 201810156167 A CN201810156167 A CN 201810156167A CN 108377242 A CN108377242 A CN 108377242A
Authority
CN
China
Prior art keywords
computer
url
file
user
network security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810156167.5A
Other languages
Chinese (zh)
Inventor
李艳玮
郑伟勇
翟红生
王旭辉
周岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan Institute of Engineering
Original Assignee
Henan Institute of Engineering
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan Institute of Engineering filed Critical Henan Institute of Engineering
Priority to CN201810156167.5A priority Critical patent/CN108377242A/en
Publication of CN108377242A publication Critical patent/CN108377242A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of computer network security detection methods, it is related to technical field of the computer network, whether detection computer installs antivirus software and whether opens fire wall, and corresponding dangerous tip information is generated according to different testing results, to remind user actively to promote the internet security of computer, data traffic and the file of reception can be also measured in real time during the use of computer, malice URL or file is avoided to cause further to destroy to computer, the present invention combines computer state itself and network state, complete detection is carried out to computer network security, improve the safety of computer.

Description

A kind of computer network security detection method
Technical field
The present invention relates to technical field of the computer network, more particularly to a kind of computer network security detection method.
Background technology
Computer network security refers to utilizing network management control and technical measures, is ensured in a network environment, number According to confidentiality, integrality and workability be protected.Computer network security includes two aspects, i.e., physical security and patrols Chian is complete;Physical security refers to system equipment and related facility by physical protection, from destroying or losing;Logical security includes Integrality, confidentiality and the availability of information.
Many computer network security technologies are to wear hand from network basis to go to be detected, however actually using at present The state of journey Computer itself can also influence the safety during network connection, but most network security technologies are simultaneously This point is not considered.
Invention content
An embodiment of the present invention provides a kind of computer network security detection methods, can solve existing in the prior art Problem.
The present invention provides a kind of computer network security detection methods, the described method comprises the following steps:
One safe space is set in hard disc of computer;
Whether antivirus software is installed in detection computer, shows that level-one carries on computer display if being fitted without Show dialog box, to warn user's current computer to be in level-one precarious position;
Whether the fire wall of detection computer is opened, if computer is mounted with antivirus software but is not turned on fire prevention Wall then shows two level prompted dialog frame on computer display, to warn user's current computer to be in secondary threat shape State;If being both fitted without antivirus software in computer or being not turned on fire wall, three-level is shown on computer display Prompted dialog frame, to warn user's current computer to be in three-level precarious position;
The data traffic for each uniform resource position mark URL that real-time monitoring computer is connected in use, when It is more than preset value to have the data traffic whithin a period of time of any URL, then judging in the black and white lists of storage should The safety of URL then shows that URL dangerous tips are talked with if a determination be made that the URL is danger on computer display Frame, it is danger to remind the URL that user is connected to;
After computer receives the file of download, the file of reception is run in the safe space, parsing operation File afterwards is deleted the file of reception, and shown on computer display if file includes any malicious code The deleted dialog box of one file.
Preferably, the safe space is the concealed space being directly arranged on hard disk, which can not be by user It changes and invisible to user;Or
The safe space is the virtual machine on hard disk.
Preferably, if computer has whether two or more independent hard disks, inquiry user are made one of It is used for safe space, person to be used confirms and selects after one of hard disk using the hard disk selected as safe space.
Preferably, after reminding the URL that user is connected to be dangerous, also inquire whether user disconnects the company of the URL Connect, if user select disconnect if a period of time of computer afterwards all cannot connect to the URL.
Preferably, the mode for obtaining data traffic is realized by way of virtual port is arranged on service processing board.
Preferably, the URL column is entered into black name if file is downloaded by URL after deleting the file of reception It is single, forbid computer to download file from the URL.
Whether a kind of computer network security detection method in the embodiment of the present invention, detection computer install antivirus software And fire wall whether is opened, and corresponding dangerous tip information is generated according to different testing results, to remind user master The dynamic internet security for promoting computer can also carry out the file of data traffic and reception real during the use of computer When detect, avoid malice URL or file from causing further to destroy to computer, the present invention is by computer state itself and net Network combinations of states is got up, and is carried out complete detection to computer network security, is improved the safety of computer.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of flow chart of computer network security detection method in the embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Referring to Fig.1, an embodiment of the present invention provides a kind of computer network security detection method, this method includes following step Suddenly:
Step 100, a safe space is set in hard disc of computer, which can directly be set on hard disk The concealed space set, the concealed space can not be modifiable by the user and invisible to user, and the safe space can also be installation Virtual machine on hard disk can also be direct by one of hard disk if computer has two or more independent hard disks It is used as safe space, needs to inquire that user, person to be used are true when using entire hard disk as safe space certainly Recognize and select could be using the hard disk selected as safe space after one of hard disk;
Step 101, detect in computer whether antivirus software is installed, shown on computer display if being fitted without Show level-one prompted dialog frame, to warn user's current computer to be in level-one precarious position, common computer antivirus software Title is stored in the form of a list, it is only necessary to which inquiry can determine in computer whether be mounted in list in registration table A or more money software;
Step 102, whether the fire wall for detecting computer is opened, if computer is mounted with antivirus software but without beating Fire wall is opened, then shows two level prompted dialog frame on computer display, to warn user's current computer to be in two level The degree of danger of precarious position, the secondary threat state is higher than level-one precarious position, belongs to abnormally dangerous;If in computer both It is fitted without antivirus software and is also not turned on fire wall, then show three-level prompted dialog frame on computer display, with warning User's current computer is in three-level precarious position, and the degree of danger of the three-level precarious position is higher than three-level precarious position, belongs to In the state of being in extreme danger;
Step 103, the data for each uniform resource position mark URL that real-time monitoring computer is connected in use Flow, when the data traffic whithin a period of time for having any URL be more than preset value, then existed according to its corresponding URL The safety of URL is judged in the black and white lists of storage, if a determination be made that the URL is danger, then on computer display Show URL dangerous tip dialog boxes, it is danger to remind the URL that user is connected to, and inquires whether user disconnects the URL's Connection, if user select disconnect if a period of time of computer afterwards all cannot connect to the URL;
In the present embodiment, the mode for obtaining data traffic is by way of virtual port is arranged on service processing board It realizes;
Step 104, after computer receives the file of download, the file of reception is run in the safe space, Postrun file is parsed, if file includes any malicious code, the file of reception is deleted, and in Computer display The URL column is entered blacklist by the deleted dialog box of one file of screen display if file is downloaded by URL, is prohibited Only computer downloads file from the URL.
It should be understood that above-mentioned steps 100 only need to execute primary or computer in refitting system on every computer After be also required to execute primary, and step 101-102 is required to execute after computer be switched on every time once, and step 103-104 is then It needs to execute always during being switched on use, to protect the safety of computer constantly.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, the present invention can be used in one or more wherein include computer usable program code computer The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (6)

1. a kind of computer network security detection method, which is characterized in that the described method comprises the following steps:
One safe space is set in hard disc of computer;
Whether antivirus software is installed in detection computer, shows level-one prompt pair on computer display if being fitted without Frame is talked about, to warn user's current computer to be in level-one precarious position;
Whether the fire wall of detection computer is opened, if computer is mounted with antivirus software but is not turned on fire wall, Two level prompted dialog frame is shown on computer display, to warn user's current computer to be in secondary threat state;Such as Both it had been fitted without antivirus software in fruit computer or has been not turned on fire wall, then has shown three-level prompt pair on computer display Frame is talked about, to warn user's current computer to be in three-level precarious position;
The data traffic for each uniform resource position mark URL that real-time monitoring computer is connected in use, appoints when having The data traffic whithin a period of time of what URL is more than preset value, then judges the URL's in the black and white lists of storage Safety then shows URL dangerous tip dialog boxes if a determination be made that the URL is danger on computer display, reminds The URL that user is connected to is danger;
After computer receives the file of download, the file of reception is run in the safe space, parsing is postrun File deletes the file of reception if file includes any malicious code, and one is shown on computer display The deleted dialog box of file.
2. computer network security detection method as described in claim 1, which is characterized in that the safe space is directly to exist The concealed space being arranged on hard disk, the concealed space can not be modifiable by the user and invisible to user;Or
The safe space is the virtual machine on hard disk.
3. computer network security detection method as described in claim 1, which is characterized in that if computer tool there are two or The above independent hard disk, whether inquiry user uses one of conduct safe space, and person to be used confirms and selects it In after a hard disk using the hard disk selected as safe space.
4. computer network security detection method as described in claim 1, which is characterized in that be connected to reminding user After URL is dangerous, also inquire whether user disconnects the connection of the URL, computer is afterwards if user selects to disconnect A period of time all cannot connect to the URL.
5. computer network security detection method as described in claim 1, which is characterized in that the mode for obtaining data traffic is logical The mode for crossing the setting virtual port on service processing board is realized.
6. computer network security detection method as described in claim 1, which is characterized in that after the file that will be received is deleted If file is downloaded by URL, which is entered into blacklist, computer is forbidden to download file from the URL.
CN201810156167.5A 2018-02-24 2018-02-24 A kind of computer network security detection method Pending CN108377242A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810156167.5A CN108377242A (en) 2018-02-24 2018-02-24 A kind of computer network security detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810156167.5A CN108377242A (en) 2018-02-24 2018-02-24 A kind of computer network security detection method

Publications (1)

Publication Number Publication Date
CN108377242A true CN108377242A (en) 2018-08-07

Family

ID=63017912

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810156167.5A Pending CN108377242A (en) 2018-02-24 2018-02-24 A kind of computer network security detection method

Country Status (1)

Country Link
CN (1) CN108377242A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109101818A (en) * 2018-08-14 2018-12-28 齐鲁工业大学 A kind of computer network security detection method
CN109933983A (en) * 2019-01-23 2019-06-25 秦皇岛职业技术学院 A kind of information security of computer network management system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573494A (en) * 2014-12-30 2015-04-29 北京工业大学 Safety mobile office method based on WMI software whitelist mechanism
US20150154610A1 (en) * 2011-05-13 2015-06-04 Google Inc. Detecting potentially false business listings based on an anomaly detection threshold
CN106302350A (en) * 2015-06-01 2017-01-04 阿里巴巴集团控股有限公司 URL monitoring method, device and equipment
CN106899549A (en) * 2015-12-18 2017-06-27 北京奇虎科技有限公司 A kind of network security detection method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150154610A1 (en) * 2011-05-13 2015-06-04 Google Inc. Detecting potentially false business listings based on an anomaly detection threshold
CN104573494A (en) * 2014-12-30 2015-04-29 北京工业大学 Safety mobile office method based on WMI software whitelist mechanism
CN106302350A (en) * 2015-06-01 2017-01-04 阿里巴巴集团控股有限公司 URL monitoring method, device and equipment
CN106899549A (en) * 2015-12-18 2017-06-27 北京奇虎科技有限公司 A kind of network security detection method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
匿名用户: ""计算机安全中心自动更新有必要启动吗"", 《HTTPS://WENWEN.SOGOU.COM/Z/Q548782427.HTM》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109101818A (en) * 2018-08-14 2018-12-28 齐鲁工业大学 A kind of computer network security detection method
CN109933983A (en) * 2019-01-23 2019-06-25 秦皇岛职业技术学院 A kind of information security of computer network management system

Similar Documents

Publication Publication Date Title
US11526610B2 (en) Peer-to-peer network for blockchain security
US10318730B2 (en) Detection and prevention of malicious code execution using risk scoring
US7624450B1 (en) System, method, and computer program product for conveying a status of a plurality of security applications
US9948667B2 (en) Signature rule processing method, server, and intrusion prevention system
EP3476101B1 (en) Method, device and system for network security
US10142343B2 (en) Unauthorized access detecting system and unauthorized access detecting method
CA2968327A1 (en) Systems and methods for malicious code detection accuracy assurance
CN106341386B (en) It is determining and remedy for the threat assessment grade of multi-level safety framework based on cloud
CN107070889B (en) Unified security defense system based on cloud platform
CN112685682A (en) Method, device, equipment and medium for identifying forbidden object of attack event
US20190109824A1 (en) Rule enforcement in a network
CN107733725A (en) A kind of safe early warning method, device, equipment and storage medium
JP6267089B2 (en) Virus detection system and method
CN108183884B (en) Network attack determination method and device
CN108377242A (en) A kind of computer network security detection method
JP2023550974A (en) Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same
EP2208303A2 (en) Method and system for protecting a computer against malicious software
JP2007122408A (en) Client security management system
US20230254334A1 (en) Intelligent workflow for protecting servers from outside threats
US8239941B1 (en) Push alert system, method, and computer program product
US20230164170A1 (en) Automatic Vulnerability Mitigation in Cloud Environments
US20230018096A1 (en) Analysis apparatus, analysis method, and non-transitory computer readable medium storing analysis program
CN107911500B (en) Method, equipment and device for positioning user based on situation awareness and storage medium
CN110378120A (en) Application programming interfaces attack detection method, device and readable storage medium storing program for executing
CN109492405A (en) A kind of computer network security test method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180807

RJ01 Rejection of invention patent application after publication