CN108768997A - A kind of application operating safe early warning processing method - Google Patents
A kind of application operating safe early warning processing method Download PDFInfo
- Publication number
- CN108768997A CN108768997A CN201810503573.4A CN201810503573A CN108768997A CN 108768997 A CN108768997 A CN 108768997A CN 201810503573 A CN201810503573 A CN 201810503573A CN 108768997 A CN108768997 A CN 108768997A
- Authority
- CN
- China
- Prior art keywords
- data
- violation
- object run
- violation operation
- early warning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides a kind of application operating safe early warning processing methods, including step 1, establish operational data security model;Step 2, violation operation is identified from operation behavior;Step 3, obtain and record the information of violation operation;Step 4, the intention of violation operation is analyzed, judged according to the object run data of violation operation;Step 5, it alarms and guides processing violation operation.The application operating safe early warning processing method has the advantages that design science, highly practical, method is simple, esy to use, safe and reliable.
Description
Technical field
The present invention relates to a kind of application operating safe early warning processing methods.
Background technology
Enterprise continuously emerges the event that significant data is stolen and is caused to enterprise according to newest statistics in recent years
Serious attack in 70% come from inside in tissue, internal staff including interior employee or third party's IT branch be provided
The maintenance personnel etc. held, they take advantage of one's position, and safety problem caused by violation operation is increasingly frequently and prominent, these operations
It is all closely bound up with the business of client.It, must for this kind of and the closely bound up operation behavior of business, the safety problem of unlawful practice
There need be the means of strength to take precautions against and prevent.
In order to solve the above problems, people are seeking always a kind of ideal technical solution.
Invention content
The purpose of the present invention is in view of the deficiencies of the prior art, to provide, a kind of design science, highly practical, method is simple
Single, application operating safe early warning processing method esy to use, safe and reliable.
To achieve the goals above, the technical solution adopted in the present invention is:A kind of application operating safe early warning processing side
Method, including step 1 establish operational data security model;Step 2, violation operation is identified from operation behavior;Step 3, obtain and
Record the information of violation operation;Step 4, the intention of violation operation is analyzed, judged according to the object run data of violation operation;Step
Rapid 5, it alarms and guides processing violation operation.
Based on above-mentioned, safety status classification is carried out to operation data, according to the safe class of operation data, data type and
Relevance between operation data establishes security model.
Based on above-mentioned, violation operation information includes IP address, operating frequency, operation content and the operation side to operation content
Formula, the mode of operation include modification, write-in, replacement, deletion, duplication and the scanning snooping to operation data.
Based on above-mentioned, according between operation behavior current goal operation data and other operation datas incidence relation and
According to operation behavior to the mode of operation of current goal operation data, the possible next object run of doubtful violation operation is prejudged
Data and mode of operation to the possible object run data, and the operation behavior for meeting the anticipation is judged as grasping in violation of rules and regulations
Make.
Based on above-mentioned, according to the incidence relation between the current goal operation data and other operation datas of violation operation with
And the possible next target operand of violation operation is prejudged to the mode of operation of current goal operation data according to violation operation
According to and to the possible object run data mode of operation, with estimate the violation operation operation be intended to.
Based on above-mentioned, next object run data possible to violation operation, Camouflaged data is set in advance, and induction is in violation of rules and regulations
It operates the operation to object run data really to operate Camouflaged data, violation operation is guided to not operation and is intended to
Path.
The present invention has substantive distinguishing features outstanding and significant progress compared with the prior art, and specifically, the present invention is logical
It crosses identification and obtains violation operation information, and violation operation is prejudged to be confirmed to analyze in violation of rules and regulations to violation operation
The intention of operation guides processing according to the information of violation operation and intention and alarm and to violation operation, avoids in violation of rules and regulations
Operation further brings harm, has the advantages that design science, highly practical, method is simple, esy to use, safe and reliable.
Specific implementation mode
Below by specific implementation mode, technical scheme of the present invention will be described in further detail.
A kind of application operating safe early warning processing method, including step 1, establish operational data security model;Step 2, from
Violation operation is identified in operation behavior;Step 3, obtain and record the information of violation operation;Step 4, according to the mesh of violation operation
Mark operational data analysis, the intention for judging violation operation;Step 5, it alarms and guides processing violation operation.
Security model first is established to operation data, specifically, safety status classification is carried out to operation data, according to operand
According to safe class, the relevance between data type and operation data establish security model.In practice also to operation data root
Classify according to data type, and safety classification is carried out to the operable mode of certain a kind of data, it is super to the operation of such data
Doubtful violation operation can be determined as by going out the mode of operation of its safety classification.
In practice, violation operation information includes IP address, operating frequency, operation content and the operation side to operation content
Formula, the mode of operation include modification, write-in, replacement, deletion, duplication and the scanning snooping to operation data.
It is that current operation behavior is preset as doubtful violation operation to the identification of violation operation in above-mentioned steps 2, according to
Incidence relation between the current goal operation data and other operation datas of current operation behavior and according to current operation row
For the mode of operation to current goal operation data, the possible next object run data of doubtful violation operation are prejudged and to this
The mode of operation of possible object run data, and the current operation behavior for meeting the anticipation is judged as violation operation.Namely
According to current operation behavior to the mode of operation of current goal operation data, it is violation operation to preset current operation behavior, according to
This presets the information feature of violation operation and other data associated by current goal operation data preset the default violation
Operation may be using some data associated by current goal operation data as next object run data, and estimates to described
The mode of operation of next object run data, if next operation behavior of the operation behavior meets above-mentioned default violation operation,
Then judge that the operation behavior is violation operation.
The identification that violation operation is intended in above-mentioned steps 4, according to violation operation current goal operation data and other behaviour
Make the incidence relation between data and the mode of operation according to violation operation to current goal operation data, prejudges violation operation
Possible next object run data and mode of operation to the possible object run data, and estimate the violation operation
Attack intension.Being preset according to the information feature of the violation operation and other data associated by current goal operation data should
Violation operation may be using some data associated by current goal operation data as next object run data, and estimates pair
The mode of operation of next object run data, to judge the intention of the violation operation.Violation operation is also set up in practice
Database records the behavioral characteristic of the violation operation actually occurred, in practice also by doubtful violation operation and violation operation data
Violation operation in library is compared matching, to improve the judgement speed to doubtful violation operation.The behavioral characteristic of violation operation
Judged according to violation operation information, namely analysis extraction is carried out to the behavioural information of different data types according to violation operation.
When judging that current operation behavior is violation operation, that is, warning reminding is carried out, it in practice can also be to operator
It gives a warning.Preferably, after finding violation operation, next object run data possible to violation operation, setting is pseudo- in advance
Data are filled, induction violation operation really operates Camouflaged data the operation of object run data, by violation operation
It guides to not operation and is intended to path.Namely find violation operation after, in advance be arranged Camouflaged data with to violation operation it is possible under
One target data is pretended, and violation operation is made in next step to actually occur the operation of target data for the behaviour to Camouflaged data
Make, to destroy the courses of action of violation operation, the operation for breaking violation operation is intended to, and plays the role of safeguard protection.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof;To the greatest extent
The present invention is described in detail with reference to preferred embodiments for pipe, those of ordinary skills in the art should understand that:Still
It can modify to the specific implementation mode of the present invention or equivalent replacement is carried out to some technical characteristics;Without departing from this hair
The spirit of bright technical solution should all cover within the scope of the technical scheme claimed by the invention.
Claims (6)
1. a kind of application operating safe early warning processing method, it is characterised in that:Including
Step 1, operational data security model is established;
Step 2, violation operation is identified from operation behavior;
Step 3, obtain and record the information of violation operation;
Step 4, the intention of violation operation is analyzed, judged according to the object run data of violation operation;
Step 5, it alarms and guides processing violation operation.
2. application operating safe early warning processing method according to claim 1, it is characterised in that:Operation data is pacified
Full grade classification establishes security model according to the relevance between the safe class, data type and operation data of operation data.
3. application operating safe early warning processing method according to claim 1, it is characterised in that:Violation operation information includes
IP address, operating frequency, operation content and the mode of operation to operation content, the mode of operation include being repaiied to operation data
Change, be written, replace, delete, replicate and scan snooping.
4. application operating safe early warning processing method according to claim 1, it is characterised in that:It is current according to operation behavior
Incidence relation between object run data and other operation datas and according to operation behavior to current goal operation data
Mode of operation prejudges the possible next object run data of doubtful violation operation and the behaviour to the possible object run data
Make mode, and the operation behavior for meeting the anticipation is judged as violation operation.
5. application operating safe early warning processing method according to claim 1, it is characterised in that:According to working as violation operation
Incidence relation between preceding object run data and other operation datas and according to violation operation to current goal operation data
Mode of operation, the possible next object run data of anticipation violation operation and the operation to the possible object run data
Mode, the operation to estimate the violation operation are intended to.
6. application operating safe early warning processing method according to claim 5, it is characterised in that:It is possible to violation operation
Camouflaged data is arranged in next object run data in advance, and induction violation operation is to target.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810503573.4A CN108768997A (en) | 2018-05-23 | 2018-05-23 | A kind of application operating safe early warning processing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810503573.4A CN108768997A (en) | 2018-05-23 | 2018-05-23 | A kind of application operating safe early warning processing method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108768997A true CN108768997A (en) | 2018-11-06 |
Family
ID=64005280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810503573.4A Pending CN108768997A (en) | 2018-05-23 | 2018-05-23 | A kind of application operating safe early warning processing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108768997A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105049228A (en) * | 2015-06-12 | 2015-11-11 | 北京奇虎科技有限公司 | Method and apparatus for auditing operation and maintenance operation |
CN106209826A (en) * | 2016-07-08 | 2016-12-07 | 瑞达信息安全产业股份有限公司 | A kind of safety case investigation method of Network Security Device monitoring |
CN106453346A (en) * | 2016-10-24 | 2017-02-22 | 中国工程物理研究院计算机应用研究所 | An application system change monitoring method based on multidimensional information association |
CN106561026A (en) * | 2016-07-29 | 2017-04-12 | 北京安天电子设备有限公司 | Method and system for diagnosing invasion based on user account operation behavior |
CN106936781A (en) * | 2015-12-29 | 2017-07-07 | 亿阳安全技术有限公司 | A kind of decision method and device of user's operation behavior |
-
2018
- 2018-05-23 CN CN201810503573.4A patent/CN108768997A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105049228A (en) * | 2015-06-12 | 2015-11-11 | 北京奇虎科技有限公司 | Method and apparatus for auditing operation and maintenance operation |
CN106936781A (en) * | 2015-12-29 | 2017-07-07 | 亿阳安全技术有限公司 | A kind of decision method and device of user's operation behavior |
CN106209826A (en) * | 2016-07-08 | 2016-12-07 | 瑞达信息安全产业股份有限公司 | A kind of safety case investigation method of Network Security Device monitoring |
CN106561026A (en) * | 2016-07-29 | 2017-04-12 | 北京安天电子设备有限公司 | Method and system for diagnosing invasion based on user account operation behavior |
CN106453346A (en) * | 2016-10-24 | 2017-02-22 | 中国工程物理研究院计算机应用研究所 | An application system change monitoring method based on multidimensional information association |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104063473B (en) | A kind of database audit monitoring system and its method | |
McGloin et al. | The importance of studying co-offending networks for criminological theory and policy | |
CN109672671A (en) | Security gateway and security protection system based on intelligent behavior analysis | |
CN108809959A (en) | A kind of attack portrait method | |
CN102663567A (en) | Management system and method based on bullet cabinets | |
CN109347808A (en) | A kind of safety analytical method based on user group behavioral activity | |
CN105512995A (en) | Method for reducing social crime rate through big data | |
CN102930492A (en) | Method for preventing counterfeiting and illegally using second-generation ID card | |
Harvey | Asset Recovery: substantive or symbolic? | |
CN107846389A (en) | Inside threat detection method and system based on the subjective and objective data fusion of user | |
CN109787964A (en) | Process behavior is traced to the source device and method | |
CN111311056A (en) | Drug addict risk monitoring method | |
CN108768997A (en) | A kind of application operating safe early warning processing method | |
CN114598551A (en) | Information network security early warning system for dealing with continuous threat attack | |
CN107196942A (en) | A kind of inside threat detection method based on user language feature | |
Wells et al. | The effects of gun possession arrests made by a proactive police patrol unit | |
CN204303063U (en) | Business office and national treasury Activity recognition safety management system | |
CN108768719A (en) | A kind of application operating Log Audit System | |
CN108900505A (en) | A kind of cluster audit management-control method based on block chain technology | |
Mohamed et al. | Alert correlation using a novel clustering approach | |
CN110474888A (en) | A kind of free-standing sql injection defence analysis alarm method and its system based on php | |
CN107609330B (en) | Access log mining-based internal threat abnormal behavior analysis method | |
CN202217334U (en) | Access control system based on vein identification | |
Adderley | The use of data mining techniques in operational crime fighting | |
CN106408690A (en) | Nuclear power plant personnel entrance and exit control apparatus and nuclear power plant personnel entrance and exit control method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181106 |