CN108768997A - A kind of application operating safe early warning processing method - Google Patents

A kind of application operating safe early warning processing method Download PDF

Info

Publication number
CN108768997A
CN108768997A CN201810503573.4A CN201810503573A CN108768997A CN 108768997 A CN108768997 A CN 108768997A CN 201810503573 A CN201810503573 A CN 201810503573A CN 108768997 A CN108768997 A CN 108768997A
Authority
CN
China
Prior art keywords
data
violation
object run
violation operation
early warning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810503573.4A
Other languages
Chinese (zh)
Inventor
雷亚
李洪峰
熊少杰
于波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xin Da Tian Rui Information Technology Co Ltd
Original Assignee
Zhengzhou Xin Da Tian Rui Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xin Da Tian Rui Information Technology Co Ltd filed Critical Zhengzhou Xin Da Tian Rui Information Technology Co Ltd
Priority to CN201810503573.4A priority Critical patent/CN108768997A/en
Publication of CN108768997A publication Critical patent/CN108768997A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides a kind of application operating safe early warning processing methods, including step 1, establish operational data security model;Step 2, violation operation is identified from operation behavior;Step 3, obtain and record the information of violation operation;Step 4, the intention of violation operation is analyzed, judged according to the object run data of violation operation;Step 5, it alarms and guides processing violation operation.The application operating safe early warning processing method has the advantages that design science, highly practical, method is simple, esy to use, safe and reliable.

Description

A kind of application operating safe early warning processing method
Technical field
The present invention relates to a kind of application operating safe early warning processing methods.
Background technology
Enterprise continuously emerges the event that significant data is stolen and is caused to enterprise according to newest statistics in recent years Serious attack in 70% come from inside in tissue, internal staff including interior employee or third party's IT branch be provided The maintenance personnel etc. held, they take advantage of one's position, and safety problem caused by violation operation is increasingly frequently and prominent, these operations It is all closely bound up with the business of client.It, must for this kind of and the closely bound up operation behavior of business, the safety problem of unlawful practice There need be the means of strength to take precautions against and prevent.
In order to solve the above problems, people are seeking always a kind of ideal technical solution.
Invention content
The purpose of the present invention is in view of the deficiencies of the prior art, to provide, a kind of design science, highly practical, method is simple Single, application operating safe early warning processing method esy to use, safe and reliable.
To achieve the goals above, the technical solution adopted in the present invention is:A kind of application operating safe early warning processing side Method, including step 1 establish operational data security model;Step 2, violation operation is identified from operation behavior;Step 3, obtain and Record the information of violation operation;Step 4, the intention of violation operation is analyzed, judged according to the object run data of violation operation;Step Rapid 5, it alarms and guides processing violation operation.
Based on above-mentioned, safety status classification is carried out to operation data, according to the safe class of operation data, data type and Relevance between operation data establishes security model.
Based on above-mentioned, violation operation information includes IP address, operating frequency, operation content and the operation side to operation content Formula, the mode of operation include modification, write-in, replacement, deletion, duplication and the scanning snooping to operation data.
Based on above-mentioned, according between operation behavior current goal operation data and other operation datas incidence relation and According to operation behavior to the mode of operation of current goal operation data, the possible next object run of doubtful violation operation is prejudged Data and mode of operation to the possible object run data, and the operation behavior for meeting the anticipation is judged as grasping in violation of rules and regulations Make.
Based on above-mentioned, according to the incidence relation between the current goal operation data and other operation datas of violation operation with And the possible next target operand of violation operation is prejudged to the mode of operation of current goal operation data according to violation operation According to and to the possible object run data mode of operation, with estimate the violation operation operation be intended to.
Based on above-mentioned, next object run data possible to violation operation, Camouflaged data is set in advance, and induction is in violation of rules and regulations It operates the operation to object run data really to operate Camouflaged data, violation operation is guided to not operation and is intended to Path.
The present invention has substantive distinguishing features outstanding and significant progress compared with the prior art, and specifically, the present invention is logical It crosses identification and obtains violation operation information, and violation operation is prejudged to be confirmed to analyze in violation of rules and regulations to violation operation The intention of operation guides processing according to the information of violation operation and intention and alarm and to violation operation, avoids in violation of rules and regulations Operation further brings harm, has the advantages that design science, highly practical, method is simple, esy to use, safe and reliable.
Specific implementation mode
Below by specific implementation mode, technical scheme of the present invention will be described in further detail.
A kind of application operating safe early warning processing method, including step 1, establish operational data security model;Step 2, from Violation operation is identified in operation behavior;Step 3, obtain and record the information of violation operation;Step 4, according to the mesh of violation operation Mark operational data analysis, the intention for judging violation operation;Step 5, it alarms and guides processing violation operation.
Security model first is established to operation data, specifically, safety status classification is carried out to operation data, according to operand According to safe class, the relevance between data type and operation data establish security model.In practice also to operation data root Classify according to data type, and safety classification is carried out to the operable mode of certain a kind of data, it is super to the operation of such data Doubtful violation operation can be determined as by going out the mode of operation of its safety classification.
In practice, violation operation information includes IP address, operating frequency, operation content and the operation side to operation content Formula, the mode of operation include modification, write-in, replacement, deletion, duplication and the scanning snooping to operation data.
It is that current operation behavior is preset as doubtful violation operation to the identification of violation operation in above-mentioned steps 2, according to Incidence relation between the current goal operation data and other operation datas of current operation behavior and according to current operation row For the mode of operation to current goal operation data, the possible next object run data of doubtful violation operation are prejudged and to this The mode of operation of possible object run data, and the current operation behavior for meeting the anticipation is judged as violation operation.Namely According to current operation behavior to the mode of operation of current goal operation data, it is violation operation to preset current operation behavior, according to This presets the information feature of violation operation and other data associated by current goal operation data preset the default violation Operation may be using some data associated by current goal operation data as next object run data, and estimates to described The mode of operation of next object run data, if next operation behavior of the operation behavior meets above-mentioned default violation operation, Then judge that the operation behavior is violation operation.
The identification that violation operation is intended in above-mentioned steps 4, according to violation operation current goal operation data and other behaviour Make the incidence relation between data and the mode of operation according to violation operation to current goal operation data, prejudges violation operation Possible next object run data and mode of operation to the possible object run data, and estimate the violation operation Attack intension.Being preset according to the information feature of the violation operation and other data associated by current goal operation data should Violation operation may be using some data associated by current goal operation data as next object run data, and estimates pair The mode of operation of next object run data, to judge the intention of the violation operation.Violation operation is also set up in practice Database records the behavioral characteristic of the violation operation actually occurred, in practice also by doubtful violation operation and violation operation data Violation operation in library is compared matching, to improve the judgement speed to doubtful violation operation.The behavioral characteristic of violation operation Judged according to violation operation information, namely analysis extraction is carried out to the behavioural information of different data types according to violation operation.
When judging that current operation behavior is violation operation, that is, warning reminding is carried out, it in practice can also be to operator It gives a warning.Preferably, after finding violation operation, next object run data possible to violation operation, setting is pseudo- in advance Data are filled, induction violation operation really operates Camouflaged data the operation of object run data, by violation operation It guides to not operation and is intended to path.Namely find violation operation after, in advance be arranged Camouflaged data with to violation operation it is possible under One target data is pretended, and violation operation is made in next step to actually occur the operation of target data for the behaviour to Camouflaged data Make, to destroy the courses of action of violation operation, the operation for breaking violation operation is intended to, and plays the role of safeguard protection.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof;To the greatest extent The present invention is described in detail with reference to preferred embodiments for pipe, those of ordinary skills in the art should understand that:Still It can modify to the specific implementation mode of the present invention or equivalent replacement is carried out to some technical characteristics;Without departing from this hair The spirit of bright technical solution should all cover within the scope of the technical scheme claimed by the invention.

Claims (6)

1. a kind of application operating safe early warning processing method, it is characterised in that:Including
Step 1, operational data security model is established;
Step 2, violation operation is identified from operation behavior;
Step 3, obtain and record the information of violation operation;
Step 4, the intention of violation operation is analyzed, judged according to the object run data of violation operation;
Step 5, it alarms and guides processing violation operation.
2. application operating safe early warning processing method according to claim 1, it is characterised in that:Operation data is pacified Full grade classification establishes security model according to the relevance between the safe class, data type and operation data of operation data.
3. application operating safe early warning processing method according to claim 1, it is characterised in that:Violation operation information includes IP address, operating frequency, operation content and the mode of operation to operation content, the mode of operation include being repaiied to operation data Change, be written, replace, delete, replicate and scan snooping.
4. application operating safe early warning processing method according to claim 1, it is characterised in that:It is current according to operation behavior Incidence relation between object run data and other operation datas and according to operation behavior to current goal operation data Mode of operation prejudges the possible next object run data of doubtful violation operation and the behaviour to the possible object run data Make mode, and the operation behavior for meeting the anticipation is judged as violation operation.
5. application operating safe early warning processing method according to claim 1, it is characterised in that:According to working as violation operation Incidence relation between preceding object run data and other operation datas and according to violation operation to current goal operation data Mode of operation, the possible next object run data of anticipation violation operation and the operation to the possible object run data Mode, the operation to estimate the violation operation are intended to.
6. application operating safe early warning processing method according to claim 5, it is characterised in that:It is possible to violation operation Camouflaged data is arranged in next object run data in advance, and induction violation operation is to target.
CN201810503573.4A 2018-05-23 2018-05-23 A kind of application operating safe early warning processing method Pending CN108768997A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810503573.4A CN108768997A (en) 2018-05-23 2018-05-23 A kind of application operating safe early warning processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810503573.4A CN108768997A (en) 2018-05-23 2018-05-23 A kind of application operating safe early warning processing method

Publications (1)

Publication Number Publication Date
CN108768997A true CN108768997A (en) 2018-11-06

Family

ID=64005280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810503573.4A Pending CN108768997A (en) 2018-05-23 2018-05-23 A kind of application operating safe early warning processing method

Country Status (1)

Country Link
CN (1) CN108768997A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049228A (en) * 2015-06-12 2015-11-11 北京奇虎科技有限公司 Method and apparatus for auditing operation and maintenance operation
CN106209826A (en) * 2016-07-08 2016-12-07 瑞达信息安全产业股份有限公司 A kind of safety case investigation method of Network Security Device monitoring
CN106453346A (en) * 2016-10-24 2017-02-22 中国工程物理研究院计算机应用研究所 An application system change monitoring method based on multidimensional information association
CN106561026A (en) * 2016-07-29 2017-04-12 北京安天电子设备有限公司 Method and system for diagnosing invasion based on user account operation behavior
CN106936781A (en) * 2015-12-29 2017-07-07 亿阳安全技术有限公司 A kind of decision method and device of user's operation behavior

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049228A (en) * 2015-06-12 2015-11-11 北京奇虎科技有限公司 Method and apparatus for auditing operation and maintenance operation
CN106936781A (en) * 2015-12-29 2017-07-07 亿阳安全技术有限公司 A kind of decision method and device of user's operation behavior
CN106209826A (en) * 2016-07-08 2016-12-07 瑞达信息安全产业股份有限公司 A kind of safety case investigation method of Network Security Device monitoring
CN106561026A (en) * 2016-07-29 2017-04-12 北京安天电子设备有限公司 Method and system for diagnosing invasion based on user account operation behavior
CN106453346A (en) * 2016-10-24 2017-02-22 中国工程物理研究院计算机应用研究所 An application system change monitoring method based on multidimensional information association

Similar Documents

Publication Publication Date Title
CN104063473B (en) A kind of database audit monitoring system and its method
McGloin et al. The importance of studying co-offending networks for criminological theory and policy
CN109672671A (en) Security gateway and security protection system based on intelligent behavior analysis
CN108809959A (en) A kind of attack portrait method
CN102663567A (en) Management system and method based on bullet cabinets
CN109347808A (en) A kind of safety analytical method based on user group behavioral activity
CN105512995A (en) Method for reducing social crime rate through big data
CN102930492A (en) Method for preventing counterfeiting and illegally using second-generation ID card
Harvey Asset Recovery: substantive or symbolic?
CN107846389A (en) Inside threat detection method and system based on the subjective and objective data fusion of user
CN109787964A (en) Process behavior is traced to the source device and method
CN111311056A (en) Drug addict risk monitoring method
CN108768997A (en) A kind of application operating safe early warning processing method
CN114598551A (en) Information network security early warning system for dealing with continuous threat attack
CN107196942A (en) A kind of inside threat detection method based on user language feature
Wells et al. The effects of gun possession arrests made by a proactive police patrol unit
CN204303063U (en) Business office and national treasury Activity recognition safety management system
CN108768719A (en) A kind of application operating Log Audit System
CN108900505A (en) A kind of cluster audit management-control method based on block chain technology
Mohamed et al. Alert correlation using a novel clustering approach
CN110474888A (en) A kind of free-standing sql injection defence analysis alarm method and its system based on php
CN107609330B (en) Access log mining-based internal threat abnormal behavior analysis method
CN202217334U (en) Access control system based on vein identification
Adderley The use of data mining techniques in operational crime fighting
CN106408690A (en) Nuclear power plant personnel entrance and exit control apparatus and nuclear power plant personnel entrance and exit control method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181106