CN109379340A - A kind of highly-safe data interaction system - Google Patents

A kind of highly-safe data interaction system Download PDF

Info

Publication number
CN109379340A
CN109379340A CN201811111217.4A CN201811111217A CN109379340A CN 109379340 A CN109379340 A CN 109379340A CN 201811111217 A CN201811111217 A CN 201811111217A CN 109379340 A CN109379340 A CN 109379340A
Authority
CN
China
Prior art keywords
risk
node
data
data interaction
information network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811111217.4A
Other languages
Chinese (zh)
Inventor
魏巧萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201811111217.4A priority Critical patent/CN109379340A/en
Publication of CN109379340A publication Critical patent/CN109379340A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of highly-safe data interaction systems, including data interaction subsystem and data secure subsystem, the data interaction subsystem is based on information network and carries out data interaction, the data safety subsystem is used to carry out safety management to information network, and the data interaction subsystem includes data interaction equipment, information network terminal, data processing gateway and data processing server.The invention has the benefit that providing a kind of highly-safe data interaction system, data interaction is carried out based on information network, and be managed to information network security, improve the safety of data interaction.

Description

A kind of highly-safe data interaction system
Technical field
The present invention relates to data interaction technology fields, and in particular to a kind of highly-safe data interaction system.
Background technique
Since self-information network (internet) comes out, earth-shaking change is therefore had occurred in the economy of the mankind, culture, life Change.People can exchange with the people of different geographical at any time;Can stay indoors home buying, sit back and wait delivery to door;The people to leave home It can be by remotely monitoring all known clearly in family;The industry that huge transnational enterprise can will be globally distributed by video conference Business bone graft tissue is held a meeting together;Business contact between enterprise and enterprise is often that mouse one is dynamic, and an envelope mail is easily done It is fixed.Data interaction system Internet-based is also increasingly developed.
Summary of the invention
In view of the above-mentioned problems, the present invention is intended to provide a kind of highly-safe data interaction system.
The purpose of the present invention is realized using following technical scheme:
A kind of highly-safe data interaction system, including data interaction subsystem and data secure subsystem are provided, The data interaction subsystem be based on information network carry out data interaction, the data safety subsystem be used for information network into Row safety management, the data interaction subsystem include data interaction equipment, information network terminal, data processing gateway and data Processing server, the data interaction equipment is used to obtain the data of user's input, and is established and number by information network terminal According to the exit passageway of processing gateway, the information network terminal is for establishing the data interaction equipment and the data processing net Network connection between pass, the data processing gateway data that interactive device transmission comes for receiving data, and at data It manages server and sends data processing request, the data processing server carries out data according to the data processing request received Processing, and by processing result returned data interactive device.
The invention has the benefit that providing a kind of highly-safe data interaction system, carried out based on information network Data interaction, and information network security is managed, improve the safety of data interaction.
Detailed description of the invention
The present invention will be further described with reference to the accompanying drawings, but the embodiment in attached drawing is not constituted to any limit of the invention System, for those of ordinary skill in the art, without creative efforts, can also obtain according to the following drawings Other attached drawings.
Fig. 1 is structural schematic diagram of the invention;
Appended drawing reference:
Data interaction subsystem 1, data safety subsystem 2.
Specific embodiment
The invention will be further described with the following Examples.
Referring to Fig. 1, the highly-safe data interaction system of one kind of the present embodiment, including 1 sum number of data interaction subsystem According to secure subsystem 2, the data interaction subsystem 1 is based on information network and carries out data interaction, the data safety subsystem 2 For to information network carry out safety management, the data interaction subsystem 1 include data interaction equipment, information network terminal, Data processing gateway and data processing server, the data interaction equipment are used to obtain the data of user's input, and pass through letter The exit passageway of network terminal foundation and data processing gateway is ceased, the information network terminal is set for establishing the data interaction Network connection between the standby and described data processing gateway, interactive device transmission comes the data processing gateway for receiving data Data, and to data processing server send data processing request, the data processing server is according to the data received Processing request handles data, and by processing result returned data interactive device.
A kind of highly-safe data interaction system is present embodiments provided, data interaction is carried out based on information network, and And information network security is managed, improve the safety of data interaction.
Preferably, the data safety subsystem 2 includes information acquisition module, risk evaluation module and air control module, institute Information acquisition module is stated for acquiring nodal information in information network, the risk evaluation module is according to the nodal information of acquisition To information network carry out security risk assessment, the air control module according to security risk assessment result take corresponding safety measure into Row Safety.
This preferred embodiment carries out security risk assessment and management to information network according to information network interior joint information, mentions The safety of information network is risen.
Preferably, the risk evaluation module 2 includes Risk of Communication modeling module, the first risk analysis module, the second wind Dangerous analysis module and risk profile module, the Risk of Communication modeling module is for establishing Risk Propagation Model, first wind Dangerous analysis module is used to determine the Risk of Communication factor between network node, second risk analysis according to Risk Propagation Model Module is used to generate information network risk Metrics according to the Risk of Communication factor between network node, and the risk profile module is used In being assessed according to risk Metrics information network security risk;
This preferred embodiment realizes letter by establishing Risk Propagation Model, determining the Risk of Communication factor and risk Metrics Cease network security risk accurate evaluation.
The Risk of Communication modeling module is used to establish Risk Propagation Model, specifically:
If attacker has obtained the specified permission of certain node in network, target of attack is another node and node in network Between there are two or more pieces attack path, then attacker chooses the least attack path of hop count between two nodes and attacks;
The first risk analysis module be used for according to Risk Propagation Model determine the Risk of Communication between network node because Son, specifically:
Assuming that attacker utilizes node MiAttack node Mj, then node MiAnd node MjThe Risk of Communication factor use following formula It determines:
In formula, Ci,jIndicate node MiAnd node MjThe Risk of Communication factor, ai,jIt indicates to utilize node MjLoophole to node MjThe difficulty attacked, ai,j∈ (0,1), ai,jIt is bigger, indicate that attack difficulty is higher, bi,jIndicate node MjThe security protection taken is arranged Apply intensity, ai,j∈ (0,1), bi,jIt is bigger, indicate that security protection measure validity is better, ti,jIt indicates to utilize node MiAttack node MjIt needs The hop count to be passed through, ti,j=0 indicates that attack can not pass through point MiJump to node Mj
The Risk of Communication factor is bigger, indicates risk from node MiTravel to node MjProbability it is bigger;
This preferred embodiment realizes the connection attacked between node by calculation risk propagation factor, is subsequent risk The foundation of matrix is laid a good foundation.
The second risk analysis module is used to generate information network wind according to the Risk of Communication factor between network node Dangerous matrix, specifically:
Assuming that information network is made of m network node, information network risk Metrics are calculated using following formula:
In formula, F indicates information network risk Metrics, i, j ∈ [1, m];
The risk profile module is used to assess information network security risk according to risk Metrics, specifically:
The Risk of Communication ability metric of network node is calculated according to information network risk Metrics:
In formula, PiIndicate node MiRisk of Communication ability metric;The Risk of Communication ability metric of the node, table Show that the Risk of Communication ability of node is stronger;
The susceptible degree metric of risk of network node is calculated according to information network risk Metrics:
In formula, PiIndicate node MjThe susceptible degree metric of risk;The susceptible degree metric of the risk of the node is got over Greatly, the easier by risk of infection of node is indicated;
When a certain node is attacked, the Risk of Communication ability metric and the susceptible degree measurement of risk of other nodes are calculated The sum of Risk of Communication ability metric and the susceptible degree metric of risk are arranged according to sequence from small to large, are made by the sum of value For the threat forecasting sequence of node, the more forward node of ranking threatens information network security bigger.
This preferred embodiment generates section by calculation risk matrix, the Risk of Communication ability of node and the susceptible degree of risk The threat forecasting sequence of point, realizes the risk assessment of node, lays a good foundation for subsequent risk control.
Preferably, the air control module 3 takes corresponding safety measure to carry out security risk according to security risk assessment result Prevention, specifically: it when information network node is found to meet with invasion, generates and threatens forecasting sequence, find Risk of Communication energy The stronger node of power prompts administrator's other nodes appropriate of reinforcing to the access control of the node, finds the susceptible degree of node Stronger node improves its security strategy, and being limited by access reduces threat.
This preferred embodiment takes the corresponding precautionary measures according to different situations, improves network security to greatest extent.
Through the above description of the embodiments, those skilled in the art can be understood that it should be appreciated that can To realize the embodiments described herein with hardware, software, firmware, middleware, code or its any appropriate combination.For hardware It realizes, processor can be realized in one or more the following units: specific integrated circuit (ASIC), digital signal processor (DSP), digital signal processing appts (DSPD), programmable logic device (PLD), field programmable gate array (FPGA), processing Device, controller, microcontroller, microprocessor, other electronic units designed for realizing functions described herein or combinations thereof. For software implementations, some or all of embodiment process can instruct relevant hardware to complete by computer program. When realization, above procedure can be stored in computer-readable medium or as the one or more on computer-readable medium Instruction or code are transmitted.Computer-readable medium includes computer storage media and communication media, wherein communication media packet It includes convenient for from a place to any medium of another place transmission computer program.Storage medium can be computer can Any usable medium of access.Computer-readable medium can include but is not limited to RAM, ROM, EEPROM, CD-ROM or other Optical disc storage, magnetic disk storage medium or other magnetic storage apparatus or can be used in carry or store have instruction or data The desired program code of structure type simultaneously can be by any other medium of computer access.
Finally it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than the present invention is protected The limitation of range is protected, although explaining in detail referring to preferred embodiment to the present invention, those skilled in the art are answered Work as understanding, it can be with modification or equivalent replacement of the technical solution of the present invention are made, without departing from the reality of technical solution of the present invention Matter and range.

Claims (7)

1. a kind of highly-safe data interaction system, which is characterized in that including data interaction subsystem and data safety subsystem System, the data interaction subsystem are based on information network and carry out data interaction, and the data safety subsystem is used for Information Network Network carry out safety management, the data interaction subsystem include data interaction equipment, information network terminal, data processing gateway and Data processing server, the data interaction equipment are used to obtain the data of user's input, and are established by information network terminal With the exit passageway of data processing gateway, the information network terminal is for establishing at the data interaction equipment and the data Manage the network connection between gateway, the data processing gateway data that interactive device transmission comes for receiving data, and to number Data processing request is sent according to processing server, the data processing server is according to the data processing request received to data It is handled, and by processing result returned data interactive device.
2. highly-safe data interaction system according to claim 1, which is characterized in that the data safety subsystem Including information acquisition module, risk evaluation module and air control module, the information acquisition module is for acquiring in information network Nodal information, the risk evaluation module carry out security risk assessment, the wind to information network according to the nodal information of acquisition Control module takes corresponding safety measure to carry out Safety according to security risk assessment result.
3. highly-safe data interaction system according to claim 2, which is characterized in that the risk evaluation module packet Risk of Communication modeling module, the first risk analysis module, the second risk analysis module and risk profile module are included, the risk passes It broadcasts modeling module and is used to determine net according to Risk Propagation Model for establishing Risk Propagation Model, the first risk analysis module The Risk of Communication factor between network node, the second risk analysis module be used for according to the Risk of Communication between network node because Son generates information network risk Metrics, and the risk profile module is used to carry out information network security risk according to risk Metrics Assessment;
The Risk of Communication modeling module is used to establish Risk Propagation Model, specifically:
If attacker has obtained the specified permission of certain node in network, target of attack is in network between another node and node There are two or more pieces attack paths, then attacker chooses the least attack path of hop count between two nodes and attacks.
4. highly-safe data interaction system according to claim 3, which is characterized in that the first risk analysis mould Block is used to according to Risk Propagation Model determine the Risk of Communication factor between network node, specifically:
Assuming that attacker utilizes node MiAttack node Mj, then node MiAnd node MjThe Risk of Communication factor using following formula determine:
In formula, CI, jIndicate node MiAnd node MjThe Risk of Communication factor, aI, jIt indicates to utilize node MjLoophole to node MjInto The difficulty of row attack, aI, j∈ (0,1), aI, jIt is bigger, indicate that attack difficulty is higher, bI, jIndicate node MjThe security protection measure taken Intensity, aI, j∈ (0,1), bI, jIt is bigger, indicate that security protection measure validity is better, tI, jIt indicates to utilize node MiAttack node MjIt needs The hop count of process, tI, j=0 indicates that attack can not pass through point MiJump to node Mj
The Risk of Communication factor is bigger, indicates risk from node MiTravel to node MjProbability it is bigger.
5. highly-safe data interaction system according to claim 4, which is characterized in that the second risk analysis mould Block is used to generate information network risk Metrics according to the Risk of Communication factor between network node, specifically:
Assuming that information network is made of m network node, information network risk Metrics are calculated using following formula:
In formula, F indicates information network risk Metrics, i, j ∈ [1, m].
6. highly-safe data interaction system according to claim 5, which is characterized in that the risk profile module is used In being assessed according to risk Metrics information network security risk, specifically:
The Risk of Communication ability metric of network node is calculated according to information network risk Metrics:
In formula, PiIndicate node MiRisk of Communication ability metric;The Risk of Communication ability metric of the node indicates section The Risk of Communication ability of point is stronger;
The susceptible degree metric of risk of network node is calculated according to information network risk Metrics:
In formula, PiIndicate node MjThe susceptible degree metric of risk;The susceptible degree metric of the risk of the node is bigger, table Show the easier by risk of infection of node;
When a certain node is attacked, calculate other nodes Risk of Communication ability metric and the susceptible degree metric of risk it With, by the sum of Risk of Communication ability metric and the susceptible degree metric of risk according to from small to large sequence arrange, as section The threat forecasting sequence of point, the more forward node of ranking threaten information network security bigger.
7. highly-safe data interaction system according to claim 6, which is characterized in that the air control module is according to peace Full risk evaluation result takes corresponding safety measure to carry out Safety, specifically: when information network node is found It when meeting with invasion, generates and threatens forecasting sequence, find the stronger node of Risk of Communication ability, prompt administrator is appropriate to reinforce it His node finds the stronger node of the susceptible degree of node, improves its security strategy to the access control of the node, passes through access limit System, which reduces, to threaten.
CN201811111217.4A 2018-09-22 2018-09-22 A kind of highly-safe data interaction system Pending CN109379340A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811111217.4A CN109379340A (en) 2018-09-22 2018-09-22 A kind of highly-safe data interaction system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811111217.4A CN109379340A (en) 2018-09-22 2018-09-22 A kind of highly-safe data interaction system

Publications (1)

Publication Number Publication Date
CN109379340A true CN109379340A (en) 2019-02-22

Family

ID=65402366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811111217.4A Pending CN109379340A (en) 2018-09-22 2018-09-22 A kind of highly-safe data interaction system

Country Status (1)

Country Link
CN (1) CN109379340A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111542063A (en) * 2020-04-28 2020-08-14 张鹏程 Communication device and method
CN116132196A (en) * 2023-04-07 2023-05-16 广东企和科技有限公司 Safety transmission method for social security platform data
CN116305153A (en) * 2023-03-07 2023-06-23 北京交通大学 Safety evaluation method of CTCS-3 system based on DUCG
CN116361130A (en) * 2023-03-23 2023-06-30 中国标准化研究院 Evaluation method based on virtual reality man-machine interaction system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102694781A (en) * 2011-03-24 2012-09-26 中国银联股份有限公司 Internet-based system and method for security information interaction
CN102752265A (en) * 2011-04-19 2012-10-24 中国银联股份有限公司 Security information interaction system and method based on Internet
US20160248808A1 (en) * 2005-09-16 2016-08-25 Angelos Stavrou Systems and methods for inhibiting attacks with a network
CN106101252A (en) * 2016-07-01 2016-11-09 何钟柱 Information Security Risk guard system based on big data and trust computing
CN107767258A (en) * 2017-09-29 2018-03-06 新华三大数据技术有限公司 Risk of Communication determines method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160248808A1 (en) * 2005-09-16 2016-08-25 Angelos Stavrou Systems and methods for inhibiting attacks with a network
CN102694781A (en) * 2011-03-24 2012-09-26 中国银联股份有限公司 Internet-based system and method for security information interaction
CN102752265A (en) * 2011-04-19 2012-10-24 中国银联股份有限公司 Security information interaction system and method based on Internet
CN106101252A (en) * 2016-07-01 2016-11-09 何钟柱 Information Security Risk guard system based on big data and trust computing
CN107767258A (en) * 2017-09-29 2018-03-06 新华三大数据技术有限公司 Risk of Communication determines method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
葛海慧: "《信息安全风险多维动态管理模型及相关评估方法研究》", 《中国博士学位论文全文数据库信息科技辑》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111542063A (en) * 2020-04-28 2020-08-14 张鹏程 Communication device and method
CN116305153A (en) * 2023-03-07 2023-06-23 北京交通大学 Safety evaluation method of CTCS-3 system based on DUCG
CN116305153B (en) * 2023-03-07 2023-11-14 北京交通大学 Safety evaluation method of CTCS-3 system based on DUCG
CN116361130A (en) * 2023-03-23 2023-06-30 中国标准化研究院 Evaluation method based on virtual reality man-machine interaction system
CN116361130B (en) * 2023-03-23 2023-12-22 中国标准化研究院 Evaluation method based on virtual reality man-machine interaction system
CN116132196A (en) * 2023-04-07 2023-05-16 广东企和科技有限公司 Safety transmission method for social security platform data

Similar Documents

Publication Publication Date Title
CN109379340A (en) A kind of highly-safe data interaction system
CN109271784A (en) A kind of information network security risk management system
US8376856B2 (en) Monitoring method and system using collective intelligence and rating propagation in virtual world community
Sun et al. Attacks on trust evaluation in distributed networks
Buchegger et al. Coping with false accusations in misbehavior reputation systems for mobile ad-hoc networks
Lin et al. A reliable recommendation and privacy-preserving based cross-layer reputation mechanism for mobile cloud computing
CN106713495B (en) The method for uploading and access method in IP geographical position, device and access system
Hewett et al. Cyber-security analysis of smart grid SCADA systems with game models
CN107317801A (en) Non-fully trusted users cooperation the location privacy protection method without anonymous region
CN109167786A (en) A kind of Information Security Management System
US7603461B2 (en) Methods, apparatus, and systems for distributed hypothesis testing in autonomic processing machines
Liu et al. Machine to Machine Trust in the IoT Era.
CN110400218A (en) Layering common recognition method, block chain data processing system based on the Jury Trial
Zhang et al. Privacy-preserving reputation management for blockchain-based mobile crowdsensing
Kim et al. Physical identification based trust path routing against sybil attacks on RPL in IoT networks
Papadopoulos et al. pCloud: A distributed system for practical PIR
La Effects of degree correlations in interdependent security: Good or bad?
Bidgoly Robustness verification of soft security systems
CN109218138A (en) network node monitoring method and system
Shala et al. Ensuring trustworthiness for p2p-based m2m applications
CN109151525A (en) A kind of video sharing system based on information network
CN110351719A (en) A kind of wireless network management method, system and electronic equipment and storage medium
Hiebeler et al. An epidemiological model of internet worms with hierarchical dispersal and spatial clustering of hosts
CN109246114A (en) A kind of Intelligent network monitoring system
Lalropuia et al. Game theoretic modeling of economic denial of sustainability (EDoS) attack in cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190222